*/
package org.sonar.core.permission;
-import com.google.common.base.Joiner;
-import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
-import java.util.List;
import java.util.Set;
import org.sonar.api.web.UserRole;
* Permissions which are implicitly available for any user, any group and to group "AnyOne" on public components.
*/
public static final Set<String> PUBLIC_PERMISSIONS = ImmutableSet.of(UserRole.USER, UserRole.CODEVIEWER);
-
- /**
- * All the component permissions values
- */
- public static final List<String> ALL = ImmutableList.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN,
- GlobalPermissions.SCAN_EXECUTION, UserRole.USER);
-
- public static final String ALL_ON_ONE_LINE = Joiner.on(", ").join(ProjectPermissions.ALL);
-
- private ProjectPermissions() {
- // static constants only
- }
+ public static final Set<String> ALL_PERMISSIONS = ImmutableSet.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN,
+ GlobalPermissions.SCAN_EXECUTION, UserRole.USER, UserRole.APPLICATION_CREATOR, UserRole.PORTFOLIO_CREATOR);
}
+++ /dev/null
-/*
- * SonarQube
- * Copyright (C) 2009-2018 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonar.core.permission;
-
-import org.junit.Test;
-import org.sonar.api.web.UserRole;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-public class ProjectPermissionsTest {
-
- @Test
- public void all_permissions() {
- assertThat(ProjectPermissions.ALL).containsExactly(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION, UserRole.USER);
- }
-
- @Test
- public void all_permissions_as_string() {
- assertThat(ProjectPermissions.ALL_ON_ONE_LINE).isEqualTo("admin, codeviewer, issueadmin, securityhotspotadmin, scan, user");
- }
-}
@Test
public void keepAuthorizedProjectIds_returns_empty_for_user_and_any_permission_on_private_project_without_any_permission_in_DB() {
- ProjectPermissions.ALL
+ ProjectPermissions.ALL_PERMISSIONS
.forEach(perm -> {
assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, user.getId(), perm))
.isEmpty();
@Test
public void keepAuthorizedProjectIds_returns_empty_for_group_AnyOne_and_any_permission_on_private_project_without_any_permission_in_DB() {
- ProjectPermissions.ALL
+ ProjectPermissions.ALL_PERMISSIONS
.forEach(perm -> {
assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, null, perm))
.isEmpty();
public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_users_and_any_permission_on_private_project_without_any_permission_in_DB() {
ComponentDto project = db.components().insertPrivateProject(organization);
- ProjectPermissions.ALL
+ ProjectPermissions.ALL_PERMISSIONS
.forEach(perm -> {
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserIds, perm, project.getId()))
.isEmpty();
public static PermissionTemplateUserDto newPermissionTemplateUserDto() {
return new PermissionTemplateUserDto()
- .setPermission(ProjectPermissions.ALL.get(RandomUtils.nextInt(ProjectPermissions.ALL.size())))
+ .setPermission(ProjectPermissions.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(ProjectPermissions.ALL_PERMISSIONS.size())])
.setCreatedAt(new Date())
.setUpdatedAt(new Date());
}
public static PermissionTemplateGroupDto newPermissionTemplateGroupDto() {
return new PermissionTemplateGroupDto()
- .setPermission(ProjectPermissions.ALL.get(RandomUtils.nextInt(ProjectPermissions.ALL.size())))
+ .setPermission(ProjectPermissions.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(ProjectPermissions.ALL_PERMISSIONS.size())])
.setCreatedAt(new Date())
.setUpdatedAt(new Date());
}
public static PermissionTemplateCharacteristicDto newPermissionTemplateCharacteristicDto() {
return new PermissionTemplateCharacteristicDto()
- .setPermission(ProjectPermissions.ALL.get(RandomUtils.nextInt(ProjectPermissions.ALL.size())))
+ .setPermission(ProjectPermissions.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(ProjectPermissions.ALL_PERMISSIONS.size())])
.setWithProjectCreator(RandomUtils.nextBoolean())
.setCreatedAt(System.currentTimeMillis())
.setUpdatedAt(System.currentTimeMillis());
"False Positive / Won't Fix or changing an Issue's severity. (Users will also need \"Browse\" permission)");
put("projects_role.securityhotspotadmin", "Administer Security Hotspots");
put("projects_role.securityhotspotadmin.desc", "Detect a Vulnerability from a \"Security Hotspot\". Reject, clear, accept, reopen a \"Security Hotspot\" (users also need \"Browse\" permissions).");
+ put("projects_role.applicationcreator", "Create Applications");
+ put("projects_role.applicationcreator.desc", "Allow to create applications for non system administrator.");
+ put("projects_role.portfoliocreator", "Create Portfolios");
+ put("projects_role.portfoliocreator.desc", "Allow to create portfolios for non system administrator.");
put("projects_role.user", "Browse");
put("projects_role.user.desc", "Ability to access a project, browse its measures, and create/edit issues for it.");
put("projects_role.codeviewer", "See Source Code");
private final GroupIdOrAnyone groupId;
- public GroupPermissionChange(Operation operation, String permission, @Nullable ProjectId projectId,
+ public GroupPermissionChange(PermissionsHelper permissionsHelper, Operation operation, String permission, @Nullable ProjectId projectId,
GroupIdOrAnyone groupId) {
- super(operation, groupId.getOrganizationUuid(), permission, projectId);
+ super(permissionsHelper, operation, groupId.getOrganizationUuid(), permission, projectId);
this.groupId = groupId;
}
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.permission.GroupPermissionDto;
+import org.sonar.server.permission.ws.PermissionWsSupport;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.server.permission.PermissionChange.Operation.ADD;
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateNotAnyoneAndAdminPermission;
+import static org.sonar.server.permission.ws.RequestValidator.validateNotAnyoneAndAdminPermission;
import static org.sonar.server.ws.WsUtils.checkRequest;
public class GroupPermissionChanger {
private final DbClient dbClient;
+ private final PermissionWsSupport wsSupport;
- public GroupPermissionChanger(DbClient dbClient) {
+ public GroupPermissionChanger(DbClient dbClient, PermissionWsSupport wsSupport) {
this.dbClient = dbClient;
+ this.wsSupport = wsSupport;
}
public boolean apply(DbSession dbSession, GroupPermissionChange change) {
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.core.permission.ProjectPermissions;
import static java.util.Objects.requireNonNull;
import static org.sonar.server.ws.WsUtils.checkRequest;
private final String permission;
private final ProjectId projectId;
- public PermissionChange(Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId) {
+ public PermissionChange(PermissionsHelper permissionsHelper, Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId) {
this.operation = requireNonNull(operation);
this.organizationUuid = requireNonNull(organizationUuid);
this.permission = requireNonNull(permission);
if (projectId == null) {
checkRequest(GlobalPermissions.ALL.contains(permission), "Invalid global permission '%s'. Valid values are %s", permission, GlobalPermissions.ALL);
} else {
- checkRequest(ProjectPermissions.ALL.contains(permission), "Invalid project permission '%s'. Valid values are %s", permission, ProjectPermissions.ALL);
+ checkRequest(permissionsHelper.allPermissions().contains(permission), "Invalid project permission '%s'. Valid values are %s", permission, permissionsHelper.allPermissions());
}
}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.server.permission;
+
+import com.google.common.base.Joiner;
+import com.google.common.collect.ImmutableSet;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Set;
+import org.sonar.api.resources.Qualifiers;
+import org.sonar.api.resources.ResourceTypes;
+import org.sonar.api.web.UserRole;
+import org.sonar.core.permission.GlobalPermissions;
+
+public class PermissionsHelper {
+
+ private final Set<String> allPermissions;
+ private final String allOnOneLine;
+
+ public PermissionsHelper(ResourceTypes resourceTypes) {
+ ArrayList<String> permissions = new ArrayList<>(Arrays.asList(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN,
+ GlobalPermissions.SCAN_EXECUTION, UserRole.USER));
+ if (resourceTypes.isQualifierPresent(Qualifiers.VIEW)) {
+ permissions.add(UserRole.PORTFOLIO_CREATOR);
+ }
+ if (resourceTypes.isQualifierPresent(Qualifiers.APP)) {
+ permissions.add(UserRole.APPLICATION_CREATOR);
+ }
+ allPermissions = ImmutableSet.copyOf(permissions);
+ allOnOneLine = Joiner.on(", ").join(this.allPermissions);
+ }
+
+ public Set<String> allPermissions() {
+ return allPermissions;
+ }
+
+ public String allOnOneLine() {
+ return allOnOneLine;
+ }
+}
private final UserId userId;
- public UserPermissionChange(Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId,
+ public UserPermissionChange(PermissionsHelper permissionsHelper, Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId,
UserId userId) {
- super(operation, organizationUuid, permission, projectId);
+ super(permissionsHelper, operation, organizationUuid, permission, projectId);
this.userId = requireNonNull(userId);
}
import org.sonar.server.permission.GroupPermissionChange;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.permission.PermissionUpdater;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ProjectId;
import org.sonar.server.user.UserSession;
import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
import static java.util.Arrays.asList;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
public class AddGroupAction implements PermissionsWsAction {
private final DbClient dbClient;
private final UserSession userSession;
private final PermissionUpdater permissionUpdater;
- private final PermissionWsSupport support;
+ private final PermissionWsSupport wsSupport;
+ private final WsParameters wsParameters;
+ private final PermissionsHelper permissionsHelper;
- public AddGroupAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport support) {
+ public AddGroupAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport,
+ WsParameters wsParameters, PermissionsHelper permissionsHelper) {
this.dbClient = dbClient;
this.userSession = userSession;
this.permissionUpdater = permissionUpdater;
- this.support = support;
+ this.wsSupport = wsSupport;
+ this.wsParameters = wsParameters;
+ this.permissionsHelper = permissionsHelper;
}
@Override
.setPost(true)
.setHandler(this);
- createPermissionParameter(action);
- createOrganizationParameter(action).setSince("6.2");
- createGroupNameParameter(action);
- createGroupIdParameter(action);
- createProjectParameters(action);
+ wsParameters.createPermissionParameter(action);
+ WsParameters.createOrganizationParameter(action).setSince("6.2");
+ WsParameters.createGroupNameParameter(action);
+ WsParameters.createGroupIdParameter(action);
+ wsParameters.createProjectParameters(action);
}
@Override
public void handle(Request request, Response response) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
- GroupIdOrAnyone group = support.findGroup(dbSession, request);
- Optional<ProjectId> projectId = support.findProjectId(dbSession, request);
+ GroupIdOrAnyone group = wsSupport.findGroup(dbSession, request);
+ Optional<ProjectId> projectId = wsSupport.findProjectId(dbSession, request);
checkProjectAdmin(userSession, group.getOrganizationUuid(), projectId);
PermissionChange change = new GroupPermissionChange(
+ permissionsHelper,
PermissionChange.Operation.ADD,
request.mandatoryParam(PARAM_PERMISSION),
projectId.orElse(null),
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.permission.PermissionUpdater;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ProjectId;
import org.sonar.server.permission.UserId;
import org.sonar.server.permission.UserPermissionChange;
import static com.google.common.base.Preconditions.checkArgument;
import static java.util.Collections.singletonList;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createUserLoginParameter;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
private final DbClient dbClient;
private final UserSession userSession;
private final PermissionUpdater permissionUpdater;
- private final PermissionWsSupport support;
+ private final PermissionWsSupport wsSupport;
+ private final WsParameters wsParameters;
+ private final PermissionsHelper permissionsHelper;
- public AddUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport support) {
+ public AddUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport, WsParameters wsParameters,
+ PermissionsHelper permissionsHelper) {
this.dbClient = dbClient;
this.userSession = userSession;
this.permissionUpdater = permissionUpdater;
- this.support = support;
+ this.wsSupport = wsSupport;
+ this.wsParameters = wsParameters;
+ this.permissionsHelper = permissionsHelper;
}
@Override
.setPost(true)
.setHandler(this);
- createPermissionParameter(action);
- createUserLoginParameter(action);
- createProjectParameters(action);
- createOrganizationParameter(action)
+ wsParameters.createPermissionParameter(action);
+ WsParameters.createUserLoginParameter(action);
+ wsParameters.createProjectParameters(action);
+ WsParameters.createOrganizationParameter(action)
.setSince("6.2")
.setDescription("Key of organization, cannot be used at the same time with %s and %s", PARAM_PROJECT_ID, PARAM_PROJECT_KEY);
}
@Override
public void handle(Request request, Response response) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
- UserId user = support.findUser(dbSession, request.mandatoryParam(PARAM_USER_LOGIN));
- Optional<ComponentDto> project = support.findProject(dbSession, request);
+ UserId user = wsSupport.findUser(dbSession, request.mandatoryParam(PARAM_USER_LOGIN));
+ Optional<ComponentDto> project = wsSupport.findProject(dbSession, request);
String organizationKey = request.param(PARAM_ORGANIZATION);
checkArgument(!project.isPresent() || organizationKey == null, "Organization must not be set when project is set.");
OrganizationDto org = project
.map(dto -> dbClient.organizationDao().selectByUuid(dbSession, dto.getOrganizationUuid()))
- .orElseGet(() -> Optional.ofNullable(support.findOrganization(dbSession, organizationKey)))
+ .orElseGet(() -> Optional.ofNullable(wsSupport.findOrganization(dbSession, organizationKey)))
.orElseThrow(() -> new NotFoundException(String.format("Organization with key '%s' not found", organizationKey)));
- support.checkMembership(dbSession, org, user);
+ wsSupport.checkMembership(dbSession, org, user);
Optional<ProjectId> projectId = project.map(ProjectId::new);
checkProjectAdmin(userSession, org.getUuid(), projectId);
PermissionChange change = new UserPermissionChange(
+ permissionsHelper,
PermissionChange.Operation.ADD,
org.getUuid(),
request.mandatoryParam(PARAM_PERMISSION),
import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE;
import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
public class GroupsAction implements PermissionsWsAction {
private final DbClient dbClient;
private final UserSession userSession;
- private final PermissionWsSupport support;
+ private final PermissionWsSupport wsSupport;
+ private final WsParameters wsParameters;
- public GroupsAction(DbClient dbClient, UserSession userSession, PermissionWsSupport support) {
+ public GroupsAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, WsParameters wsParameters) {
this.dbClient = dbClient;
this.userSession = userSession;
- this.support = support;
+ this.wsSupport = wsSupport;
+ this.wsParameters = wsParameters;
}
@Override
.setDescription("Limit search to group names that contain the supplied string.")
.setMinimumLength(SEARCH_QUERY_MIN_LENGTH);
- createOrganizationParameter(action).setSince("6.2");
- createPermissionParameter(action).setRequired(false);
- createProjectParameters(action);
+ WsParameters.createOrganizationParameter(action).setSince("6.2");
+ wsParameters.createPermissionParameter(action).setRequired(false);
+ wsParameters.createProjectParameters(action);
}
@Override
public void handle(Request request, Response response) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
- OrganizationDto org = support.findOrganization(dbSession, request.param(PARAM_ORGANIZATION));
- Optional<ProjectId> projectId = support.findProjectId(dbSession, request);
+ OrganizationDto org = wsSupport.findOrganization(dbSession, request.param(PARAM_ORGANIZATION));
+ Optional<ProjectId> projectId = wsSupport.findProjectId(dbSession, request);
checkProjectAdmin(userSession, org.getUuid(), projectId);
PermissionQuery query = buildPermissionQuery(request, org, projectId);
+++ /dev/null
-/*
- * SonarQube
- * Copyright (C) 2009-2018 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonar.server.permission.ws;
-
-import com.google.common.collect.FluentIterable;
-import java.util.Set;
-import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
-import javax.annotation.Nullable;
-import org.sonar.api.resources.ResourceType;
-import org.sonar.api.resources.ResourceTypes;
-import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.core.permission.ProjectPermissions;
-import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
-
-import static com.google.common.base.Strings.isNullOrEmpty;
-import static java.lang.String.format;
-import static org.apache.commons.lang.StringUtils.isBlank;
-import static org.sonar.server.ws.WsUtils.checkRequest;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY_PATTERN;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_QUALIFIER;
-
-public class PermissionRequestValidator {
- public static final String MSG_TEMPLATE_WITH_SAME_NAME = "A template with the name '%s' already exists (case insensitive).";
- public static final String MSG_TEMPLATE_NAME_NOT_BLANK = "The template name must not be blank";
-
- private PermissionRequestValidator() {
- // static methods only
- }
-
- public static String validateProjectPermission(String permission) {
- checkRequest(ProjectPermissions.ALL.contains(permission),
- format("The '%s' parameter for project permissions must be one of %s. '%s' was passed.", PARAM_PERMISSION, ProjectPermissions.ALL_ON_ONE_LINE, permission));
- return permission;
- }
-
- public static void validateGlobalPermission(String permission) {
- checkRequest(GlobalPermissions.ALL.contains(permission),
- format("The '%s' parameter for global permissions must be one of %s. '%s' was passed.", PARAM_PERMISSION, GlobalPermissions.ALL_ON_ONE_LINE, permission));
- }
-
- public static void validateNotAnyoneAndAdminPermission(String permission, GroupIdOrAnyone group) {
- checkRequest(!GlobalPermissions.SYSTEM_ADMIN.equals(permission) || !group.isAnyone(),
- format("It is not possible to add the '%s' permission to group 'Anyone'.", permission));
- }
-
- public static void validateTemplateNameFormat(String name) {
- checkRequest(!isBlank(name), MSG_TEMPLATE_NAME_NOT_BLANK);
- }
-
- public static void validateQualifier(String qualifier, Set<String> rootQualifiers) {
- checkRequest(rootQualifiers.contains(qualifier),
- format("The '%s' parameter must be one of %s. '%s' was passed.", PARAM_QUALIFIER, rootQualifiers, qualifier));
- }
-
- public static void validateQualifier(@Nullable String qualifier, ResourceTypes resourceTypes) {
- if (qualifier == null) {
- return;
- }
- Set<String> rootQualifiers = FluentIterable.from(resourceTypes.getRoots())
- .transform(ResourceType::getQualifier)
- .toSet();
- checkRequest(rootQualifiers.contains(qualifier),
- format("The '%s' parameter must be one of %s. '%s' was passed.", PARAM_QUALIFIER, rootQualifiers, qualifier));
- }
-
- public static void validateProjectPattern(@Nullable String projectPattern) {
- if (isNullOrEmpty(projectPattern)) {
- return;
- }
-
- try {
- Pattern.compile(projectPattern);
- } catch (PatternSyntaxException e) {
- throw BadRequestException.create(format("The '%s' parameter must be a valid Java regular expression. '%s' was passed", PARAM_PROJECT_KEY_PATTERN, projectPattern));
- }
- }
-}
package org.sonar.server.permission.ws;
import org.sonar.core.platform.Module;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.template.AddGroupToTemplateAction;
import org.sonar.server.permission.ws.template.AddProjectCreatorToTemplateAction;
import org.sonar.server.permission.ws.template.AddUserToTemplateAction;
TemplateGroupsAction.class,
BulkApplyTemplateAction.class,
// utility classes
- PermissionWsSupport.class);
+ PermissionWsSupport.class,
+ PermissionsHelper.class,
+ WsParameters.class,
+ RequestValidator.class);
}
}
+++ /dev/null
-/*
- * SonarQube
- * Copyright (C) 2009-2018 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonar.server.permission.ws;
-
-import org.sonar.api.server.ws.WebService.NewAction;
-import org.sonar.api.server.ws.WebService.NewParam;
-import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.core.permission.ProjectPermissions;
-import org.sonar.core.util.Uuids;
-
-import static java.lang.String.format;
-import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_DESCRIPTION;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ID;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY_PATTERN;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_USER_LOGIN;
-
-public class PermissionsWsParametersBuilder {
-
- private static final String PERMISSION_PARAM_DESCRIPTION = format("Permission" +
- "<ul>" +
- "<li>Possible values for global permissions: %s</li>" +
- "<li>Possible values for project permissions %s</li>" +
- "</ul>",
- GlobalPermissions.ALL_ON_ONE_LINE,
- ProjectPermissions.ALL_ON_ONE_LINE);
- public static final String PROJECT_PERMISSION_PARAM_DESCRIPTION = format("Permission" +
- "<ul>" +
- "<li>Possible values for project permissions %s</li>" +
- "</ul>",
- ProjectPermissions.ALL_ON_ONE_LINE);
-
- private PermissionsWsParametersBuilder() {
- // static methods only
- }
-
- public static NewParam createPermissionParameter(NewAction action) {
- return action.createParam(PARAM_PERMISSION)
- .setDescription(PERMISSION_PARAM_DESCRIPTION)
- .setRequired(true);
- }
-
- public static NewParam createProjectPermissionParameter(NewAction action, boolean required) {
- return action.createParam(PARAM_PERMISSION)
- .setDescription(PROJECT_PERMISSION_PARAM_DESCRIPTION)
- .setPossibleValues(ProjectPermissions.ALL)
- .setRequired(required);
- }
-
- public static NewParam createProjectPermissionParameter(NewAction action) {
- return createProjectPermissionParameter(action, true);
- }
-
- public static void createGroupNameParameter(NewAction action) {
- action.createParam(PARAM_GROUP_NAME)
- .setDescription("Group name or 'anyone' (case insensitive)")
- .setExampleValue("sonar-administrators");
- }
-
- public static NewParam createOrganizationParameter(NewAction action) {
- return action.createParam(PARAM_ORGANIZATION)
- .setDescription("Key of organization, used when group name is set")
- .setExampleValue("my-org")
- .setInternal(true);
- }
-
- public static void createGroupIdParameter(NewAction action) {
- action.createParam(PARAM_GROUP_ID)
- .setDescription("Group id")
- .setExampleValue("42");
- }
-
- public static void createProjectParameters(NewAction action) {
- createProjectIdParameter(action);
- createProjectKeyParameter(action);
- }
-
- private static void createProjectIdParameter(NewAction action) {
- action.createParam(PARAM_PROJECT_ID)
- .setDescription("Project id")
- .setExampleValue("ce4c03d6-430f-40a9-b777-ad877c00aa4d");
- }
-
- private static void createProjectKeyParameter(NewAction action) {
- action.createParam(PARAM_PROJECT_KEY)
- .setDescription("Project key")
- .setExampleValue(KEY_PROJECT_EXAMPLE_001);
- }
-
- public static void createUserLoginParameter(NewAction action) {
- action.createParam(PARAM_USER_LOGIN)
- .setRequired(true)
- .setDescription("User login")
- .setExampleValue("g.hopper");
- }
-
- public static void createTemplateParameters(NewAction action) {
- createTemplateIdParameter(action);
- createOrganizationParameter(action);
- createTemplateNameParameter(action);
- }
-
- private static void createTemplateIdParameter(NewAction action) {
- action.createParam(PARAM_TEMPLATE_ID)
- .setDescription("Template id")
- .setExampleValue(Uuids.UUID_EXAMPLE_01);
- }
-
- private static void createTemplateNameParameter(NewAction action) {
- action.createParam(PARAM_TEMPLATE_NAME)
- .setDescription("Template name")
- .setExampleValue("Default Permission Template for Projects");
- }
-
- public static void createTemplateProjectKeyPatternParameter(NewAction action) {
- action.createParam(PARAM_PROJECT_KEY_PATTERN)
- .setDescription("Project key pattern. Must be a valid Java regular expression")
- .setExampleValue(".*\\.finance\\..*");
- }
-
- public static void createTemplateDescriptionParameter(NewAction action) {
- action.createParam(PARAM_DESCRIPTION)
- .setDescription("Description")
- .setExampleValue("Permissions for all projects related to the financial service");
- }
-
- public static void createIdParameter(NewAction action) {
- action.createParam(PARAM_ID)
- .setRequired(true)
- .setDescription("Id")
- .setExampleValue("af8cb8cc-1e78-4c4e-8c00-ee8e814009a5");
- }
-}
import org.sonar.server.permission.GroupPermissionChange;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.permission.PermissionUpdater;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ProjectId;
import org.sonar.server.user.UserSession;
import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
import static java.util.Arrays.asList;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
public class RemoveGroupAction implements PermissionsWsAction {
private final DbClient dbClient;
private final UserSession userSession;
private final PermissionUpdater permissionUpdater;
- private final PermissionWsSupport support;
+ private final PermissionWsSupport wsSupport;
+ private final WsParameters wsParameters;
+ private final PermissionsHelper permissionsHelper;
- public RemoveGroupAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport support) {
+ public RemoveGroupAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport,
+ WsParameters wsParameters, PermissionsHelper permissionsHelper) {
this.dbClient = dbClient;
this.userSession = userSession;
this.permissionUpdater = permissionUpdater;
- this.support = support;
+ this.wsSupport = wsSupport;
+ this.wsParameters = wsParameters;
+ this.permissionsHelper = permissionsHelper;
}
@Override
.setPost(true)
.setHandler(this);
- createPermissionParameter(action);
- createOrganizationParameter(action).setSince("6.2");
- createGroupNameParameter(action);
- createGroupIdParameter(action);
- createProjectParameters(action);
+ wsParameters.createPermissionParameter(action);
+ WsParameters.createOrganizationParameter(action).setSince("6.2");
+ WsParameters.createGroupNameParameter(action);
+ WsParameters.createGroupIdParameter(action);
+ wsParameters.createProjectParameters(action);
}
@Override
public void handle(Request request, Response response) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
- GroupIdOrAnyone group = support.findGroup(dbSession, request);
- Optional<ProjectId> projectId = support.findProjectId(dbSession, request);
+ GroupIdOrAnyone group = wsSupport.findGroup(dbSession, request);
+ Optional<ProjectId> projectId = wsSupport.findProjectId(dbSession, request);
checkProjectAdmin(userSession, group.getOrganizationUuid(), projectId);
PermissionChange change = new GroupPermissionChange(
+ permissionsHelper,
PermissionChange.Operation.REMOVE,
request.mandatoryParam(PARAM_PERMISSION),
projectId.orElse(null),
import org.sonar.db.organization.OrganizationDto;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.permission.PermissionUpdater;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ProjectId;
import org.sonar.server.permission.UserId;
import org.sonar.server.permission.UserPermissionChange;
import static java.util.Collections.singletonList;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createUserLoginParameter;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_USER_LOGIN;
private final DbClient dbClient;
private final UserSession userSession;
private final PermissionUpdater permissionUpdater;
- private final PermissionWsSupport support;
+ private final PermissionWsSupport wsSupport;
+ private final WsParameters wsParameters;
+ private final PermissionsHelper permissionsHelper;
- public RemoveUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport support) {
+ public RemoveUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport,
+ WsParameters wsParameters, PermissionsHelper permissionsHelper) {
this.dbClient = dbClient;
this.userSession = userSession;
this.permissionUpdater = permissionUpdater;
- this.support = support;
+ this.wsSupport = wsSupport;
+ this.wsParameters = wsParameters;
+ this.permissionsHelper = permissionsHelper;
}
@Override
.setPost(true)
.setHandler(this);
- createPermissionParameter(action);
- createUserLoginParameter(action);
- createProjectParameters(action);
- createOrganizationParameter(action).setSince("6.2");
+ wsParameters.createPermissionParameter(action);
+ WsParameters.createUserLoginParameter(action);
+ wsParameters.createProjectParameters(action);
+ WsParameters.createOrganizationParameter(action).setSince("6.2");
}
@Override
public void handle(Request request, Response response) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
- UserId user = support.findUser(dbSession, request.mandatoryParam(PARAM_USER_LOGIN));
- Optional<ProjectId> projectId = support.findProjectId(dbSession, request);
- OrganizationDto org = support.findOrganization(dbSession, request.param(PARAM_ORGANIZATION));
+ UserId user = wsSupport.findUser(dbSession, request.mandatoryParam(PARAM_USER_LOGIN));
+ Optional<ProjectId> projectId = wsSupport.findProjectId(dbSession, request);
+ OrganizationDto org = wsSupport.findOrganization(dbSession, request.param(PARAM_ORGANIZATION));
checkProjectAdmin(userSession, org.getUuid(), projectId);
PermissionChange change = new UserPermissionChange(
+ permissionsHelper,
PermissionChange.Operation.REMOVE,
org.getUuid(),
request.mandatoryParam(PARAM_PERMISSION),
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.server.permission.ws;
+
+import java.util.Set;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+import java.util.stream.Collectors;
+import javax.annotation.Nullable;
+import org.sonar.api.resources.ResourceType;
+import org.sonar.api.resources.ResourceTypes;
+import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.server.exceptions.BadRequestException;
+import org.sonar.server.permission.PermissionsHelper;
+import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
+import org.sonar.server.ws.WsUtils;
+
+import static com.google.common.base.Strings.isNullOrEmpty;
+import static java.lang.String.format;
+import static org.apache.commons.lang.StringUtils.isBlank;
+import static org.sonar.server.ws.WsUtils.checkRequest;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY_PATTERN;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_QUALIFIER;
+
+public class RequestValidator {
+ public static final String MSG_TEMPLATE_WITH_SAME_NAME = "A template with the name '%s' already exists (case insensitive).";
+ private static final String MSG_TEMPLATE_NAME_NOT_BLANK = "The template name must not be blank";
+
+ private PermissionsHelper permissionsHelper;
+
+ public RequestValidator(PermissionsHelper permissionsHelper) {
+ this.permissionsHelper = permissionsHelper;
+ }
+
+ public String validateProjectPermission(String permission) {
+ WsUtils.checkRequest(permissionsHelper.allPermissions().contains(permission),
+ String.format("The '%s' parameter for project permissions must be one of %s. '%s' was passed.", PARAM_PERMISSION,
+ permissionsHelper.allOnOneLine(), permission));
+ return permission;
+ }
+
+ public static void validateGlobalPermission(String permission) {
+ checkRequest(GlobalPermissions.ALL.contains(permission),
+ format("The '%s' parameter for global permissions must be one of %s. '%s' was passed.", PARAM_PERMISSION, GlobalPermissions.ALL_ON_ONE_LINE, permission));
+ }
+
+ public static void validateNotAnyoneAndAdminPermission(String permission, GroupIdOrAnyone group) {
+ checkRequest(!GlobalPermissions.SYSTEM_ADMIN.equals(permission) || !group.isAnyone(),
+ format("It is not possible to add the '%s' permission to group 'Anyone'.", permission));
+ }
+
+ public static void validateTemplateNameFormat(String name) {
+ checkRequest(!isBlank(name), MSG_TEMPLATE_NAME_NOT_BLANK);
+ }
+
+ public static void validateQualifier(@Nullable String qualifier, ResourceTypes resourceTypes) {
+ if (qualifier == null) {
+ return;
+ }
+ Set<String> rootQualifiers = resourceTypes.getRoots().stream()
+ .map(ResourceType::getQualifier)
+ .collect(Collectors.toSet());
+ checkRequest(rootQualifiers.contains(qualifier),
+ format("The '%s' parameter must be one of %s. '%s' was passed.", PARAM_QUALIFIER, rootQualifiers, qualifier));
+ }
+
+ public static void validateProjectPattern(@Nullable String projectPattern) {
+ if (isNullOrEmpty(projectPattern)) {
+ return;
+ }
+
+ try {
+ Pattern.compile(projectPattern);
+ } catch (PatternSyntaxException e) {
+ throw BadRequestException.create(format("The '%s' parameter must be a valid Java regular expression. '%s' was passed", PARAM_PROJECT_KEY_PATTERN, projectPattern));
+ }
+ }
+}
import org.sonarqube.ws.Permissions.WsSearchGlobalPermissionsResponse;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
import static org.sonarqube.ws.Permissions.Permission.newBuilder;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
private final DbClient dbClient;
private final UserSession userSession;
private final I18n i18n;
- private final PermissionWsSupport support;
+ private final PermissionWsSupport wsSupport;
- public SearchGlobalPermissionsAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport support) {
+ public SearchGlobalPermissionsAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport wsSupport) {
this.dbClient = dbClient;
this.userSession = userSession;
this.i18n = i18n;
- this.support = support;
+ this.wsSupport = wsSupport;
}
@Override
.setDeprecatedSince("6.5")
.setHandler(this);
- createOrganizationParameter(action).setSince("6.2");
+ WsParameters.createOrganizationParameter(action).setSince("6.2");
}
@Override
public void handle(Request wsRequest, Response wsResponse) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
- OrganizationDto org = support.findOrganization(dbSession, wsRequest.param(PARAM_ORGANIZATION));
+ OrganizationDto org = wsSupport.findOrganization(dbSession, wsRequest.param(PARAM_ORGANIZATION));
checkGlobalAdmin(userSession, org.getUuid());
WsSearchGlobalPermissionsResponse response = buildResponse(dbSession, org);
*/
package org.sonar.server.permission.ws;
-import java.util.List;
-import java.util.Locale;
-import java.util.Optional;
-
import com.google.common.collect.Collections2;
import com.google.common.collect.Lists;
import com.google.common.collect.Table;
import com.google.common.collect.TreeBasedTable;
+import java.util.List;
+import java.util.Locale;
+import java.util.Optional;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import org.sonar.api.i18n.I18n;
import org.sonar.api.resources.ResourceType;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.server.ws.WebService.Param;
import org.sonar.api.utils.Paging;
-import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentQuery;
import org.sonar.db.permission.CountPerProjectPermission;
import org.sonar.server.permission.PermissionPrivilegeChecker;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ProjectId;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Common;
import org.sonarqube.ws.Permissions.SearchProjectPermissionsWsResponse;
import org.sonarqube.ws.Permissions.SearchProjectPermissionsWsResponse.Project;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
import static java.util.Collections.singletonList;
import static org.sonar.api.utils.Paging.forPageIndex;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateQualifier;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters;
import static org.sonar.server.permission.ws.ProjectWsRef.newOptionalWsProjectRef;
import static org.sonar.server.permission.ws.SearchProjectPermissionsData.newBuilder;
-import static org.sonar.server.ws.WsParameterBuilder.createRootQualifierParameter;
import static org.sonar.server.ws.WsParameterBuilder.QualifierParameterContext.newQualifierParameterContext;
+import static org.sonar.server.ws.WsParameterBuilder.createRootQualifierParameter;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
private final ResourceTypes resourceTypes;
private final PermissionWsSupport wsSupport;
private final String[] rootQualifiers;
+ private final WsParameters wsParameters;
+ private final PermissionsHelper permissionsHelper;
public SearchProjectPermissionsAction(DbClient dbClient, UserSession userSession, I18n i18n, ResourceTypes resourceTypes,
- PermissionWsSupport wsSupport) {
+ PermissionWsSupport wsSupport, WsParameters wsParameters, PermissionsHelper permissionsHelper) {
this.dbClient = dbClient;
this.userSession = userSession;
this.i18n = i18n;
this.resourceTypes = resourceTypes;
this.wsSupport = wsSupport;
this.rootQualifiers = Collections2.transform(resourceTypes.getRoots(), ResourceType::getQualifier).toArray(new String[resourceTypes.getRoots().size()]);
+ this.wsParameters = wsParameters;
+ this.permissionsHelper = permissionsHelper;
}
@Override
"<li>project keys that are exactly the same as the supplied string</li>" +
"</ul>")
.setExampleValue("apac");
- createProjectParameters(action);
+ wsParameters.createProjectParameters(action);
createRootQualifierParameter(action, newQualifierParameterContext(i18n, resourceTypes))
.setSince("5.3");
}
private SearchProjectPermissionsWsResponse doHandle(SearchProjectPermissionsRequest request) {
try (DbSession dbSession = dbClient.openSession(false)) {
checkAuthorized(dbSession, request);
- validateQualifier(request.getQualifier(), resourceTypes);
+ RequestValidator.validateQualifier(request.getQualifier(), resourceTypes);
SearchProjectPermissionsData data = load(dbSession, request);
return buildResponse(data);
}
response.addProjects(rootComponentBuilder);
}
- for (String permissionKey : ProjectPermissions.ALL) {
+ for (String permissionKey : permissionsHelper.allPermissions()) {
response.addPermissions(
permissionResponse
.clear()
import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE;
import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateGlobalPermission;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
private final DbClient dbClient;
private final UserSession userSession;
- private final PermissionWsSupport support;
+ private final PermissionWsSupport wsSupport;
private final AvatarResolver avatarResolver;
+ private final RequestValidator requestValidator;
+ private final WsParameters wsParameters;
- public UsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport support, AvatarResolver avatarResolver) {
+ public UsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, AvatarResolver avatarResolver, RequestValidator requestValidator, WsParameters wsParameters) {
this.dbClient = dbClient;
this.userSession = userSession;
- this.support = support;
+ this.wsSupport = wsSupport;
this.avatarResolver = avatarResolver;
+ this.requestValidator = requestValidator;
+ this.wsParameters = wsParameters;
}
@Override
.setDescription("Limit search to user names that contain the supplied string. <br/>")
.setExampleValue("eri");
- createOrganizationParameter(action).setSince("6.2");
- createPermissionParameter(action).setRequired(false);
- createProjectParameters(action);
+ WsParameters.createOrganizationParameter(action).setSince("6.2");
+ wsParameters.createPermissionParameter(action).setRequired(false);
+ wsParameters.createProjectParameters(action);
}
@Override
public void handle(Request request, Response response) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
- OrganizationDto org = support.findOrganization(dbSession, request.param(PARAM_ORGANIZATION));
- Optional<ProjectId> projectId = support.findProjectId(dbSession, request);
+ OrganizationDto org = wsSupport.findOrganization(dbSession, request.param(PARAM_ORGANIZATION));
+ Optional<ProjectId> projectId = wsSupport.findProjectId(dbSession, request);
checkProjectAdmin(userSession, org.getUuid(), projectId);
PermissionQuery query = buildPermissionQuery(request, org, projectId);
}
}
- private
static PermissionQuery buildPermissionQuery(Request request, OrganizationDto organization, Optional<ProjectId> project) {
+ private PermissionQuery buildPermissionQuery(Request request, OrganizationDto organization, Optional<ProjectId> project) {
String textQuery = request.param(Param.TEXT_QUERY);
String permission = request.param(PARAM_PERMISSION);
PermissionQuery.Builder permissionQuery = PermissionQuery.builder()
project.ifPresent(projectId -> permissionQuery.setComponentUuid(projectId.getUuid()));
if (permission != null) {
if (project.isPresent()) {
- validateProjectPermission(permission);
+ requestValidator.validateProjectPermission(permission);
} else {
- validateGlobalPermission(permission);
+ RequestValidator.validateGlobalPermission(permission);
}
}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.server.permission.ws;
+
+import org.sonar.api.server.ws.WebService;
+import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.core.util.Uuids;
+import org.sonar.server.permission.PermissionsHelper;
+
+import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_DESCRIPTION;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ID;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY_PATTERN;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_USER_LOGIN;
+
+public class WsParameters {
+ private PermissionsHelper permissionsHelper;
+ private final String permissionParamDescription;
+ private final String projectPermissionParamDescription;
+
+ public WsParameters(PermissionsHelper permissionsHelper) {
+ this.permissionsHelper = permissionsHelper;
+ permissionParamDescription = String.format("Permission" +
+ "<ul>" +
+ "<li>Possible values for global permissions: %s</li>" +
+ "<li>Possible values for project permissions %s</li>" +
+ "</ul>",
+ GlobalPermissions.ALL_ON_ONE_LINE,
+ permissionsHelper.allOnOneLine());
+ projectPermissionParamDescription = String.format("Permission" +
+ "<ul>" +
+ "<li>Possible values for project permissions %s</li>" +
+ "</ul>",
+ permissionsHelper.allOnOneLine());
+ }
+
+ public WebService.NewParam createPermissionParameter(WebService.NewAction action) {
+ return action.createParam(PARAM_PERMISSION)
+ .setDescription(permissionParamDescription)
+ .setRequired(true);
+ }
+
+ public WebService.NewParam createProjectPermissionParameter(WebService.NewAction action, boolean required) {
+ return action.createParam(PARAM_PERMISSION)
+ .setDescription(projectPermissionParamDescription)
+ .setPossibleValues(permissionsHelper.allPermissions())
+ .setRequired(required);
+ }
+
+ public WebService.NewParam createProjectPermissionParameter(WebService.NewAction action) {
+ return createProjectPermissionParameter(action, true);
+ }
+
+ public static void createGroupNameParameter(WebService.NewAction action) {
+ action.createParam(PARAM_GROUP_NAME)
+ .setDescription("Group name or 'anyone' (case insensitive)")
+ .setExampleValue("sonar-administrators");
+ }
+
+ public static WebService.NewParam createOrganizationParameter(WebService.NewAction action) {
+ return action.createParam(PARAM_ORGANIZATION)
+ .setDescription("Key of organization, used when group name is set")
+ .setExampleValue("my-org")
+ .setInternal(true);
+ }
+
+ public static void createGroupIdParameter(WebService.NewAction action) {
+ action.createParam(PARAM_GROUP_ID)
+ .setDescription("Group id")
+ .setExampleValue("42");
+ }
+
+ public void createProjectParameters(WebService.NewAction action) {
+ action.createParam(PARAM_PROJECT_ID)
+ .setDescription("Project id")
+ .setExampleValue("ce4c03d6-430f-40a9-b777-ad877c00aa4d");
+ createProjectKeyParameter(action);
+ }
+
+ private static void createProjectKeyParameter(WebService.NewAction action) {
+ action.createParam(PARAM_PROJECT_KEY)
+ .setDescription("Project key")
+ .setExampleValue(KEY_PROJECT_EXAMPLE_001);
+ }
+
+ public static void createUserLoginParameter(WebService.NewAction action) {
+ action.createParam(PARAM_USER_LOGIN)
+ .setRequired(true)
+ .setDescription("User login")
+ .setExampleValue("g.hopper");
+ }
+
+ public static void createTemplateParameters(WebService.NewAction action) {
+ action.createParam(PARAM_TEMPLATE_ID)
+ .setDescription("Template id")
+ .setExampleValue(Uuids.UUID_EXAMPLE_01);
+ createOrganizationParameter(action);
+ action.createParam(PARAM_TEMPLATE_NAME)
+ .setDescription("Template name")
+ .setExampleValue("Default Permission Template for Projects");
+ }
+
+ public static void createTemplateProjectKeyPatternParameter(WebService.NewAction action) {
+ action.createParam(PARAM_PROJECT_KEY_PATTERN)
+ .setDescription("Project key pattern. Must be a valid Java regular expression")
+ .setExampleValue(".*\\.finance\\..*");
+ }
+
+ public static void createTemplateDescriptionParameter(WebService.NewAction action) {
+ action.createParam(PARAM_DESCRIPTION)
+ .setDescription("Description")
+ .setExampleValue("Permissions for all projects related to the financial service");
+ }
+
+ public static void createIdParameter(WebService.NewAction action) {
+ action.createParam(PARAM_ID)
+ .setRequired(true)
+ .setDescription("Id")
+ .setExampleValue("af8cb8cc-1e78-4c4e-8c00-ee8e814009a5");
+ }
+}
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
import static java.lang.String.format;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
import static org.sonar.server.permission.ws.template.WsTemplateRef.fromRequest;
import static org.sonar.server.ws.WsUtils.checkRequest;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
private final DbClient dbClient;
private final PermissionWsSupport support;
private final UserSession userSession;
+ private final WsParameters wsParameters;
- public AddGroupToTemplateAction(DbClient dbClient, PermissionWsSupport support, UserSession userSession) {
+ public AddGroupToTemplateAction(DbClient dbClient, PermissionWsSupport support, UserSession userSession, WsParameters wsParameters) {
this.dbClient = dbClient;
this.support = support;
this.userSession = userSession;
+ this.wsParameters = wsParameters;
}
@Override
"Requires the following permission: 'Administer System'.")
.setHandler(this);
- createTemplateParameters(action);
- createProjectPermissionParameter(action);
- createGroupIdParameter(action);
- createGroupNameParameter(action);
+ WsParameters.createTemplateParameters(action);
+ wsParameters.createProjectPermissionParameter(action);
+ WsParameters.createGroupIdParameter(action);
+ WsParameters.createGroupNameParameter(action);
}
@Override
package org.sonar.server.permission.ws.template;
import java.util.Optional;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
import static java.util.Objects.requireNonNull;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
private final PermissionWsSupport wsSupport;
private final UserSession userSession;
private final System2 system;
+ private final RequestValidator requestValidator;
+ private final WsParameters wsParameters;
- public AddProjectCreatorToTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system) {
+ public AddProjectCreatorToTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system, RequestValidator requestValidator,
+ WsParameters wsParameters) {
this.dbClient = dbClient;
this.wsSupport = wsSupport;
this.userSession = userSession;
this.system = system;
+ this.requestValidator = requestValidator;
+ this.wsParameters = wsParameters;
}
- private static AddProjectCreatorToTemplateRequest toWsRequest(Request request) {
+ private AddProjectCreatorToTemplateRequest toWsRequest(Request request) {
AddProjectCreatorToTemplateRequest wsRequest = AddProjectCreatorToTemplateRequest.builder()
.setPermission(request.mandatoryParam(PARAM_PERMISSION))
.setTemplateId(request.param(PARAM_TEMPLATE_ID))
.setOrganization(request.param(PARAM_ORGANIZATION))
.setTemplateName(request.param(PARAM_TEMPLATE_NAME))
.build();
- validateProjectPermission(wsRequest.getPermission());
+ requestValidator.validateProjectPermission(wsRequest.getPermission());
return wsRequest;
}
.setPost(true)
.setHandler(this);
- createTemplateParameters(action);
- createProjectPermissionParameter(action);
+ WsParameters.createTemplateParameters(action);
+ wsParameters.createProjectPermissionParameter(action);
}
@Override
package org.sonar.server.permission.ws.template;
import java.util.List;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.server.permission.UserId;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
import static java.util.Objects.requireNonNull;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createUserLoginParameter;
import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
private final DbClient dbClient;
private final PermissionWsSupport wsSupport;
private final UserSession userSession;
+ private final WsParameters wsParameters;
- public AddUserToTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession) {
+ public AddUserToTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, WsParameters wsParameters) {
this.dbClient = dbClient;
this.wsSupport = wsSupport;
this.userSession = userSession;
+ this.wsParameters = wsParameters;
}
private static AddUserToTemplateRequest toAddUserToTemplateWsRequest(Request request) {
"Requires the following permission: 'Administer System'.")
.setHandler(this);
- createTemplateParameters(action);
- createProjectPermissionParameter(action);
- createUserLoginParameter(action);
+ WsParameters.createTemplateParameters(action);
+ wsParameters.createProjectPermissionParameter(action);
+ WsParameters.createUserLoginParameter(action);
}
@Override
package org.sonar.server.permission.ws.template;
import java.util.Collections;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.server.permission.PermissionTemplateService;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
import static org.sonar.server.permission.ws.ProjectWsRef.newWsProjectRef;
import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
private final UserSession userSession;
private final PermissionTemplateService permissionTemplateService;
private final PermissionWsSupport wsSupport;
+ private final WsParameters wsParameters;
public ApplyTemplateAction(DbClient dbClient, UserSession userSession, PermissionTemplateService permissionTemplateService,
- PermissionWsSupport wsSupport) {
+ PermissionWsSupport wsSupport, WsParameters wsParameters) {
this.dbClient = dbClient;
this.userSession = userSession;
this.permissionTemplateService = permissionTemplateService;
this.wsSupport = wsSupport;
+ this.wsParameters = wsParameters;
}
private static ApplyTemplateRequest toApplyTemplateWsRequest(Request request) {
.setSince("5.2")
.setHandler(this);
- createTemplateParameters(action);
- createProjectParameters(action);
+ WsParameters.createTemplateParameters(action);
+ wsParameters.createProjectParameters(action);
}
@Override
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import org.sonar.api.i18n.I18n;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.server.permission.PermissionTemplateService;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.project.Visibility;
import org.sonar.server.user.UserSession;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
+import static java.lang.String.format;
import static java.util.Collections.singleton;
import static java.util.Objects.requireNonNull;
-import static java.lang.String.format;
import static org.sonar.api.utils.DateUtils.parseDateOrDateTime;
import static org.sonar.core.util.Protobuf.setNullable;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef;
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_002;
.setDefaultValue(Qualifiers.PROJECT)
.setDeprecatedKey(PARAM_QUALIFIER, "6.6");
- createTemplateParameters(action);
+ WsParameters.createTemplateParameters(action);
action
.createParam(PARAM_PROJECTS)
package org.sonar.server.permission.ws.template;
import java.util.Date;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Permissions.CreateTemplateWsResponse;
import org.sonarqube.ws.Permissions.PermissionTemplate;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
import static java.lang.String.format;
import static java.util.Objects.requireNonNull;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.MSG_TEMPLATE_WITH_SAME_NAME;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPattern;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateTemplateNameFormat;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateDescriptionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateProjectKeyPatternParameter;
+import static org.sonar.server.permission.ws.RequestValidator.MSG_TEMPLATE_WITH_SAME_NAME;
import static org.sonar.server.permission.ws.template.PermissionTemplateDtoToPermissionTemplateResponse.toPermissionTemplateResponse;
import static org.sonar.server.ws.WsUtils.checkRequest;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
.setDescription("Name")
.setExampleValue("Financial Service Permissions");
- createTemplateProjectKeyPatternParameter(action);
- createTemplateDescriptionParameter(action);
- createOrganizationParameter(action).setSince("6.2");
+ WsParameters.createTemplateProjectKeyPatternParameter(action);
+ WsParameters.createTemplateDescriptionParameter(action);
+ WsParameters.createOrganizationParameter(action).setSince("6.2");
}
@Override
checkGlobalAdmin(userSession, org.getUuid());
validateTemplateNameForCreation(dbSession, org, request.getName());
- validateProjectPattern(request.getProjectKeyPattern());
+ RequestValidator.validateProjectPattern(request.getProjectKeyPattern());
PermissionTemplateDto permissionTemplate = insertTemplate(dbSession, org, request);
}
private void validateTemplateNameForCreation(DbSession dbSession, OrganizationDto org, String name) {
- validateTemplateNameFormat(name);
+ RequestValidator.validateTemplateNameFormat(name);
PermissionTemplateDto permissionTemplateWithSameName = dbClient.permissionTemplateDao()
.selectByName(dbSession, org.getUuid(), name);
*/
package org.sonar.server.permission.ws.template;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef;
import static org.sonar.server.ws.WsUtils.checkFoundWithOptional;
import static org.sonar.server.ws.WsUtils.checkRequest;
public class DeleteTemplateAction implements PermissionsWsAction {
private final DbClient dbClient;
private final UserSession userSession;
- private final PermissionWsSupport finder;
+ private final PermissionWsSupport wsSupport;
private final DefaultTemplatesResolver defaultTemplatesResolver;
public DeleteTemplateAction(DbClient dbClient, UserSession userSession, PermissionWsSupport support, DefaultTemplatesResolver defaultTemplatesResolver) {
this.dbClient = dbClient;
this.userSession = userSession;
- this.finder = support;
+ this.wsSupport = support;
this.defaultTemplatesResolver = defaultTemplatesResolver;
}
.setPost(true)
.setHandler(this);
- createTemplateParameters(action);
+ WsParameters.createTemplateParameters(action);
}
@Override
private void doHandle(DeleteTemplateRequest request) {
try (DbSession dbSession = dbClient.openSession(false)) {
- PermissionTemplateDto template = finder.findTemplate(dbSession, newTemplateRef(
+ PermissionTemplateDto template = wsSupport.findTemplate(dbSession, newTemplateRef(
request.getTemplateId(), request.getOrganization(), request.getTemplateName()));
checkGlobalAdmin(userSession, template.getOrganizationUuid());
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
import static com.google.common.base.Preconditions.checkArgument;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
public class RemoveGroupFromTemplateAction implements PermissionsWsAction {
private final DbClient dbClient;
private final PermissionWsSupport wsSupport;
private final UserSession userSession;
+ private final WsParameters wsParameters;
- public RemoveGroupFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession) {
+ public RemoveGroupFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, WsParameters wsParameters) {
this.dbClient = dbClient;
this.wsSupport = wsSupport;
this.userSession = userSession;
+ this.wsParameters = wsParameters;
}
@Override
"Requires the following permission: 'Administer System'.")
.setHandler(this);
- createTemplateParameters(action);
- createProjectPermissionParameter(action);
- createGroupIdParameter(action);
- createGroupNameParameter(action);
+ WsParameters.createTemplateParameters(action);
+ wsParameters.createProjectPermissionParameter(action);
+ WsParameters.createGroupIdParameter(action);
+ WsParameters.createGroupNameParameter(action);
}
@Override
*/
package org.sonar.server.permission.ws.template;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
import static java.util.Objects.requireNonNull;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
private final PermissionWsSupport wsSupport;
private final UserSession userSession;
private final System2 system;
+ private final RequestValidator requestValidator;
+ private final WsParameters wsParameters;
- public RemoveProjectCreatorFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system) {
+ public RemoveProjectCreatorFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system,
+ RequestValidator requestValidator, WsParameters wsParameters) {
this.dbClient = dbClient;
this.wsSupport = wsSupport;
this.userSession = userSession;
this.system = system;
+ this.requestValidator = requestValidator;
+ this.wsParameters = wsParameters;
}
- private static RemoveProjectCreatorFromTemplateRequest toWsRequest(Request request) {
+ private RemoveProjectCreatorFromTemplateRequest toWsRequest(Request request) {
RemoveProjectCreatorFromTemplateRequest wsRequest = RemoveProjectCreatorFromTemplateRequest.builder()
.setPermission(request.mandatoryParam(PARAM_PERMISSION))
.setTemplateId(request.param(PARAM_TEMPLATE_ID))
.setOrganization(request.param(PARAM_ORGANIZATION))
.setTemplateName(request.param(PARAM_TEMPLATE_NAME))
.build();
- validateProjectPermission(wsRequest.getPermission());
+ requestValidator.validateProjectPermission(wsRequest.getPermission());
return wsRequest;
}
.setPost(true)
.setHandler(this);
- createTemplateParameters(action);
- createProjectPermissionParameter(action);
+ WsParameters.createTemplateParameters(action);
+ wsParameters.createProjectPermissionParameter(action);
}
@Override
*/
package org.sonar.server.permission.ws.template;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.server.permission.UserId;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
import static java.util.Objects.requireNonNull;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createUserLoginParameter;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
private final DbClient dbClient;
private final PermissionWsSupport wsSupport;
private final UserSession userSession;
+ private final RequestValidator requestValidator;
+ private final WsParameters wsParameters;
- public RemoveUserFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession) {
+ public RemoveUserFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, RequestValidator requestValidator, WsParameters wsParameters) {
this.dbClient = dbClient;
this.wsSupport = wsSupport;
this.userSession = userSession;
+ this.requestValidator = requestValidator;
+ this.wsParameters = wsParameters;
}
private static RemoveUserFromTemplateRequest toRemoveUserFromTemplateWsRequest(Request request) {
"Requires the following permission: 'Administer System'.")
.setHandler(this);
- createTemplateParameters(action);
- createProjectPermissionParameter(action);
- createUserLoginParameter(action);
+ WsParameters.createTemplateParameters(action);
+ wsParameters.createProjectPermissionParameter(action);
+ WsParameters.createUserLoginParameter(action);
}
@Override
String userLogin = request.getLogin();
try (DbSession dbSession = dbClient.openSession(false)) {
- validateProjectPermission(permission);
+ requestValidator.validateProjectPermission(permission);
PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef(
request.getTemplateId(), request.getOrganization(), request.getTemplateName()));
checkGlobalAdmin(userSession, template.getOrganizationUuid());
*/
package org.sonar.server.permission.ws.template;
-import java.util.List;
-import java.util.Locale;
-
import com.google.common.collect.Lists;
import com.google.common.collect.Table;
import com.google.common.collect.TreeBasedTable;
+import java.util.List;
+import java.util.Locale;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import org.sonar.api.i18n.I18n;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.server.ws.WebService.Param;
-import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.organization.DefaultTemplates;
import org.sonar.db.permission.template.CountByTemplateAndPermissionDto;
import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto;
import org.sonar.db.permission.template.PermissionTemplateDto;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Permissions;
import org.sonarqube.ws.Permissions.Permission;
import org.sonarqube.ws.Permissions.SearchTemplatesWsResponse;
import org.sonarqube.ws.Permissions.SearchTemplatesWsResponse.TemplateIdQualifier;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
import static org.sonar.api.utils.DateUtils.formatDateTime;
import static org.sonar.core.util.Protobuf.setNullable;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter;
import static org.sonar.server.permission.ws.template.SearchTemplatesData.builder;
import static org.sonar.server.ws.WsUtils.checkFoundWithOptional;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
private final DbClient dbClient;
private final UserSession userSession;
private final I18n i18n;
- private final PermissionWsSupport support;
+ private final PermissionWsSupport wsSupport;
private final DefaultTemplatesResolver defaultTemplatesResolver;
+ private final PermissionsHelper permissionsHelper;
- public SearchTemplatesAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport support, DefaultTemplatesResolver defaultTemplatesResolver) {
+ public SearchTemplatesAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport wsSupport, DefaultTemplatesResolver defaultTemplatesResolver, PermissionsHelper permissionsHelper) {
this.dbClient = dbClient;
this.userSession = userSession;
this.i18n = i18n;
- this.support = support;
+ this.wsSupport = wsSupport;
this.defaultTemplatesResolver = defaultTemplatesResolver;
+ this.permissionsHelper = permissionsHelper;
}
@Override
.addSearchQuery("defau", "permission template names")
.setHandler(this);
- createOrganizationParameter(action).setSince("6.2");
+ WsParameters.createOrganizationParameter(action).setSince("6.2");
}
@Override
public void handle(Request wsRequest, Response wsResponse) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
- OrganizationDto org = support.findOrganization(dbSession, wsRequest.param(PARAM_ORGANIZATION));
+ OrganizationDto org = wsSupport.findOrganization(dbSession, wsRequest.param(PARAM_ORGANIZATION));
SearchTemplatesRequest request = new SearchTemplatesRequest()
.setOrganizationUuid(org.getUuid())
.setQuery(wsRequest.param(Param.TEXT_QUERY));
.setTemplateId(viewDefaultTemplate)));
}
- private static void buildTemplatesResponse(Permissions.SearchTemplatesWsResponse.Builder response, SearchTemplatesData data) {
+ private void buildTemplatesResponse(Permissions.SearchTemplatesWsResponse.Builder response, SearchTemplatesData data) {
Permission.Builder permissionResponse = Permission.newBuilder();
PermissionTemplate.Builder templateBuilder = PermissionTemplate.newBuilder();
.setUpdatedAt(formatDateTime(templateDto.getUpdatedAt()));
setNullable(templateDto.getKeyPattern(), templateBuilder::setProjectKeyPattern);
setNullable(templateDto.getDescription(), templateBuilder::setDescription);
- for (String permission : ProjectPermissions.ALL) {
+ for (String permission : permissionsHelper.allPermissions()) {
templateBuilder.addPermissions(
permissionResponse
.clear()
private void buildPermissionsResponse(SearchTemplatesWsResponse.Builder response) {
Permission.Builder permissionResponse = Permission.newBuilder();
- for (String permissionKey : ProjectPermissions.ALL) {
+ for (String permissionKey : permissionsHelper.allPermissions()) {
response.addPermissions(
permissionResponse
.clear()
*/
package org.sonar.server.permission.ws.template;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import org.sonar.api.i18n.I18n;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateQualifier;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef;
import static org.sonar.server.ws.WsParameterBuilder.QualifierParameterContext.newQualifierParameterContext;
import static org.sonar.server.ws.WsParameterBuilder.createDefaultTemplateQualifierParameter;
.setSince("5.2")
.setHandler(this);
- createTemplateParameters(action);
+ WsParameters.createTemplateParameters(action);
createDefaultTemplateQualifierParameter(action, newQualifierParameterContext(i18n, resourceTypes))
.setDefaultValue(Qualifiers.PROJECT);
}
String qualifier = request.getQualifier();
PermissionTemplateDto template = findTemplate(dbSession, request);
checkGlobalAdmin(userSession, template.getOrganizationUuid());
- validateQualifier(qualifier, resourceTypes);
+ RequestValidator.validateQualifier(qualifier, resourceTypes);
setDefaultTemplateUuid(dbSession, template, qualifier);
dbSession.commit();
}
import org.sonar.db.user.GroupDto;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Permissions;
import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE;
import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
public class TemplateGroupsAction implements PermissionsWsAction {
private final DbClient dbClient;
private final UserSession userSession;
- private final PermissionWsSupport support;
+ private final PermissionWsSupport wsSupport;
+ private final RequestValidator requestValidator;
+ private final WsParameters wsParameters;
- public TemplateGroupsAction(DbClient dbClient, UserSession userSession, PermissionWsSupport support) {
+ public TemplateGroupsAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, RequestValidator requestValidator, WsParameters wsParameters) {
this.dbClient = dbClient;
this.userSession = userSession;
- this.support = support;
+ this.wsSupport = wsSupport;
+ this.requestValidator = requestValidator;
+ this.wsParameters = wsParameters;
}
@Override
"When this parameter is not set, only group having at least one permission are returned.")
.setExampleValue("eri");
- createProjectPermissionParameter(action, false);
- createTemplateParameters(action);
+ wsParameters.createProjectPermissionParameter(action, false);
+ WsParameters.createTemplateParameters(action);
}
@Override
public void handle(Request wsRequest, Response wsResponse) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
WsTemplateRef templateRef = WsTemplateRef.fromRequest(wsRequest);
- PermissionTemplateDto template = support.findTemplate(dbSession, templateRef);
+ PermissionTemplateDto template = wsSupport.findTemplate(dbSession, templateRef);
checkGlobalAdmin(userSession, template.getOrganizationUuid());
PermissionQuery query = buildPermissionQuery(wsRequest, template);
}
}
- private static PermissionQuery buildPermissionQuery(Request request, PermissionTemplateDto template) {
+ private PermissionQuery buildPermissionQuery(Request request, PermissionTemplateDto template) {
String textQuery = request.param(TEXT_QUERY);
String permission = request.param(PARAM_PERMISSION);
PermissionQuery.Builder permissionQuery = PermissionQuery.builder()
.setOrganizationUuid(template.getOrganizationUuid())
- .setPermission(permission != null ? validateProjectPermission(permission) : null)
+ .setPermission(permission != null ? requestValidator.validateProjectPermission(permission) : null)
.setPageIndex(request.mandatoryParamAsInt(PAGE))
.setPageSize(request.mandatoryParamAsInt(PAGE_SIZE))
.setSearchQuery(textQuery);
import org.sonar.server.issue.ws.AvatarResolver;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Permissions;
import org.sonarqube.ws.Permissions.UsersWsResponse;
import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE;
import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
private final DbClient dbClient;
private final UserSession userSession;
- private final PermissionWsSupport support;
+ private final PermissionWsSupport wsSupport;
private final AvatarResolver avatarResolver;
+ private final RequestValidator requestValidator;
+ private final WsParameters wsParameters;
- public TemplateUsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport support, AvatarResolver avatarResolver) {
+ public TemplateUsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, AvatarResolver avatarResolver, RequestValidator requestValidator, WsParameters wsParameters) {
this.dbClient = dbClient;
this.userSession = userSession;
- this.support = support;
+ this.wsSupport = wsSupport;
this.avatarResolver = avatarResolver;
+ this.requestValidator = requestValidator;
+ this.wsParameters = wsParameters;
}
@Override
.setDescription("Limit search to user names that contain the supplied string. <br/>" +
"When this parameter is not set, only users having at least one permission are returned.")
.setExampleValue("eri");
- createProjectPermissionParameter(action).setRequired(false);
- createTemplateParameters(action);
+ wsParameters.createProjectPermissionParameter(action).setRequired(false);
+ WsParameters.createTemplateParameters(action);
}
@Override
public void handle(Request wsRequest, Response wsResponse) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
WsTemplateRef templateRef = WsTemplateRef.fromRequest(wsRequest);
- PermissionTemplateDto template = support.findTemplate(dbSession, templateRef);
+ PermissionTemplateDto template = wsSupport.findTemplate(dbSession, templateRef);
checkGlobalAdmin(userSession, template.getOrganizationUuid());
PermissionQuery query = buildQuery(wsRequest, template);
}
}
- private static PermissionQuery buildQuery(Request wsRequest, PermissionTemplateDto template) {
+ private PermissionQuery buildQuery(Request wsRequest, PermissionTemplateDto template) {
String textQuery = wsRequest.param(TEXT_QUERY);
String permission = wsRequest.param(PARAM_PERMISSION);
PermissionQuery.Builder query = PermissionQuery.builder()
.setOrganizationUuid(template.getOrganizationUuid())
.setTemplate(template.getUuid())
- .setPermission(permission != null ? validateProjectPermission(permission) : null)
+ .setPermission(permission != null ? requestValidator.validateProjectPermission(permission) : null)
.setPageIndex(wsRequest.mandatoryParamAsInt(PAGE))
.setPageSize(wsRequest.mandatoryParamAsInt(PAGE_SIZE))
.setSearchQuery(textQuery);
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.permission.ws.PermissionsWsAction;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Permissions.PermissionTemplate;
import org.sonarqube.ws.Permissions.UpdateTemplateWsResponse;
import static java.lang.String.format;
import static java.util.Objects.requireNonNull;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.MSG_TEMPLATE_WITH_SAME_NAME;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPattern;
-import static org.sonar.server.permission.ws.PermissionRequestValidator.validateTemplateNameFormat;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createIdParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateDescriptionParameter;
-import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateProjectKeyPatternParameter;
+import static org.sonar.server.permission.ws.RequestValidator.MSG_TEMPLATE_WITH_SAME_NAME;
import static org.sonar.server.permission.ws.template.PermissionTemplateDtoToPermissionTemplateResponse.toPermissionTemplateResponse;
import static org.sonar.server.ws.WsUtils.checkRequest;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
.setPost(true)
.setHandler(this);
- createIdParameter(action);
+ WsParameters.createIdParameter(action);
action.createParam(PARAM_NAME)
.setDescription("Name")
.setExampleValue("Financial Service Permissions");
- createTemplateProjectKeyPatternParameter(action);
- createTemplateDescriptionParameter(action);
+ WsParameters.createTemplateProjectKeyPatternParameter(action);
+ WsParameters.createTemplateDescriptionParameter(action);
}
@Override
private void validateTemplate(DbSession dbSession, PermissionTemplateDto templateToUpdate) {
validateTemplateNameForUpdate(dbSession, templateToUpdate.getOrganizationUuid(), templateToUpdate.getName(), templateToUpdate.getId());
- validateProjectPattern(templateToUpdate.getKeyPattern());
+ RequestValidator.validateProjectPattern(templateToUpdate.getKeyPattern());
}
private PermissionTemplateDto getAndBuildTemplateToUpdate(DbSession dbSession, String uuid, @Nullable String newName, @Nullable String newDescription,
}
private void validateTemplateNameForUpdate(DbSession dbSession, String organizationUuid, String name, long id) {
- validateTemplateNameFormat(name);
+ RequestValidator.validateTemplateNameFormat(name);
PermissionTemplateDto permissionTemplateWithSameName = dbClient.permissionTemplateDao().selectByName(dbSession, organizationUuid, name);
checkRequest(permissionTemplateWithSameName == null || permissionTemplateWithSameName.getId() == id,
insertGroupPermission(dbSession, template, UserRole.ADMIN, admins.get());
insertGroupPermission(dbSession, template, UserRole.ISSUE_ADMIN, admins.get());
insertGroupPermission(dbSession, template, UserRole.SECURITYHOTSPOT_ADMIN, admins.get());
+ insertGroupPermission(dbSession, template, UserRole.APPLICATION_CREATOR, admins.get());
+ insertGroupPermission(dbSession, template, UserRole.PORTFOLIO_CREATOR, admins.get());
} else {
LOG.error("Cannot setup default permission for group: " + DefaultGroups.ADMINISTRATORS);
}
*/
package org.sonar.server.permission;
+import java.util.StringJoiner;
+import org.apache.commons.lang.StringUtils;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
+import org.sonar.api.resources.Qualifiers;
+import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
+import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
+import org.sonar.server.component.ComponentFinder;
import org.sonar.server.exceptions.BadRequestException;
+import org.sonar.server.organization.TestDefaultOrganizationProvider;
+import org.sonar.server.permission.ws.PermissionWsSupport;
+import org.sonar.server.usergroups.DefaultGroupFinder;
import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
+import org.sonar.server.usergroups.ws.GroupWsSupport;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.fail;
@Rule
public ExpectedException expectedException = ExpectedException.none();
- private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient());
+ private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);
+ private GroupWsSupport groupWsSupport = new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider, new DefaultGroupFinder(db.getDbClient()));
+ private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
+ private PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes);
+ private PermissionWsSupport wsSupport = new PermissionWsSupport(db.getDbClient(), new ComponentFinder(db.getDbClient(), resourceTypes), groupWsSupport);
+ private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient(), wsSupport);
private OrganizationDto org;
private GroupDto group;
private ComponentDto privateProject;
public void apply_adds_organization_permission_to_group() {
GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group);
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId));
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
}
public void apply_adds_organization_permission_to_group_AnyOne() {
GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid());
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId));
assertThat(db.users().selectAnyonePermissions(org, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
}
@Test
public void apply_fails_with_BadRequestException_when_adding_any_permission_to_group_AnyOne_on_private_project() {
GroupIdOrAnyone anyOneGroupId = GroupIdOrAnyone.forAnyone(org.getUuid());
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> {
try {
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), anyOneGroupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), anyOneGroupId));
fail("a BadRequestException should have been thrown");
} catch (BadRequestException e) {
assertThat(e).hasMessage("No permission can be granted to Anyone on a private component");
@Test
public void apply_has_no_effect_when_removing_any_permission_to_group_AnyOne_on_private_project() {
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(this::unsafeInsertProjectPermissionOnAnyone);
GroupIdOrAnyone anyOneGroupId = GroupIdOrAnyone.forAnyone(org.getUuid());
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> {
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, perm, new ProjectId(privateProject), anyOneGroupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, perm, new ProjectId(privateProject), anyOneGroupId));
assertThat(db.users().selectAnyonePermissions(org, privateProject)).contains(perm);
});
private void applyAddsPermissionToGroupOnPrivateProject(String permission) {
GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group);
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId));
assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(permission);
GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group);
db.users().insertProjectPermissionOnGroup(group, permission, privateProject);
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId));
assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(permission);
}
public void apply_has_no_effect_when_adding_USER_permission_to_group_AnyOne_on_a_public_project() {
GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid());
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.USER, new ProjectId(publicProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.USER, new ProjectId(publicProject), groupId));
assertThat(db.users().selectAnyonePermissions(org, publicProject)).isEmpty();
}
public void apply_has_no_effect_when_adding_CODEVIEWER_permission_to_group_AnyOne_on_a_public_project() {
GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid());
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId));
assertThat(db.users().selectAnyonePermissions(org, publicProject)).isEmpty();
}
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("It is not possible to add the 'admin' permission to group 'Anyone'");
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.ADMIN, new ProjectId(publicProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.ADMIN, new ProjectId(publicProject), groupId));
}
@Test
public void apply_adds_permission_ISSUE_ADMIN_to_group_AnyOne_on_a_public_project() {
GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid());
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.ISSUE_ADMIN, new ProjectId(publicProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.ISSUE_ADMIN, new ProjectId(publicProject), groupId));
assertThat(db.users().selectAnyonePermissions(org, publicProject)).containsOnly(UserRole.ISSUE_ADMIN);
}
public void apply_adds_permission_SCAN_EXECUTION_to_group_AnyOne_on_a_public_project() {
GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid());
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.SCAN_EXECUTION, new ProjectId(publicProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.SCAN_EXECUTION, new ProjectId(publicProject), groupId));
assertThat(db.users().selectAnyonePermissions(org, publicProject)).containsOnly(GlobalPermissions.SCAN_EXECUTION);
}
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Permission user can't be removed from a public component");
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId));
}
@Test
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Permission codeviewer can't be removed from a public component");
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId));
}
@Test
GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid());
db.users().insertProjectPermissionOnAnyone(permission, publicProject);
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, permission, new ProjectId(publicProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, permission, new ProjectId(publicProject), groupId));
assertThat(db.users().selectAnyonePermissions(org, publicProject)).isEmpty();
}
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Permission user can't be removed from a public component");
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId));
}
@Test
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Permission codeviewer can't be removed from a public component");
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId));
}
@Test
OrganizationDto defaultOrganization = db.getDefaultOrganization();
GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(defaultOrganization.getUuid());
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId));
assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
assertThat(db.users().selectAnyonePermissions(defaultOrganization, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group);
db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES);
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupId));
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey());
}
.filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm))
.forEach(perm -> {
try {
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), groupId));
fail("a BadRequestException should have been thrown for permission " + perm);
} catch (BadRequestException e) {
- assertThat(e).hasMessage("Invalid project permission '" + perm + "'. Valid values are [admin, codeviewer, issueadmin, securityhotspotadmin, scan, user]");
+ assertThat(e).hasMessage("Invalid project permission '" + perm +
+ "'. Valid values are [" + StringUtils.join(permissionsHelper.allPermissions(), ", ") + "]");
}
});
}
.filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm))
.forEach(perm -> {
try {
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, perm, new ProjectId(publicProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, perm, new ProjectId(publicProject), groupId));
fail("a BadRequestException should have been thrown for permission " + perm);
} catch (BadRequestException e) {
- assertThat(e).hasMessage("Invalid project permission '" + perm + "'. Valid values are [admin, codeviewer, issueadmin, securityhotspotadmin, scan, user]");
+ assertThat(e).hasMessage("Invalid project permission '" + perm +
+ "'. Valid values are [" + StringUtils.join(permissionsHelper.allPermissions(), ", ") + "]");
}
});
}
public void fail_to_add_project_permission_but_SCAN_and_ADMIN_on_global_group() {
GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group);
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.stream()
.filter(perm -> !GlobalPermissions.SCAN_EXECUTION.equals(perm) && !OrganizationPermission.ADMINISTER.getKey().equals(perm))
.forEach(permission -> {
try {
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, null, groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, permission, null, groupId));
fail("a BadRequestException should have been thrown for permission " + permission);
} catch (BadRequestException e) {
assertThat(e).hasMessage("Invalid global permission '" + permission + "'. Valid values are [admin, profileadmin, gateadmin, scan, provisioning]");
db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES);
db.users().insertPermissionOnGroup(group, PROVISION_PROJECTS);
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupId));
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(PROVISION_PROJECTS.getKey());
}
db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, privateProject);
db.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, privateProject);
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId));
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey());
assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(UserRole.CODEVIEWER);
public void do_not_fail_if_removing_a_permission_that_does_not_exist() {
GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group);
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId));
assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
assertThat(db.users().selectGroupPermissions(group, privateProject)).isEmpty();
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed.");
- underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId));
+ underTest.apply(db.getSession(), new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId));
}
@Test
UserDto admin = db.users().insertUser();
db.users().insertPermissionOnUser(org, admin, ADMINISTER);
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId));
+ apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId));
assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
}
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.resources.Qualifiers;
+import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
+import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.template.PermissionTemplateDbTester;
import org.sonar.db.permission.template.PermissionTemplateDto;
@Rule
public DefaultTemplatesResolverRule defaultTemplatesResolver = DefaultTemplatesResolverRule.withGovernance();
+ private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
+ private PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes);
private UserSessionRule userSession = UserSessionRule.standalone();
private PermissionTemplateDbTester templateDb = dbTester.permissionTemplates();
private DbSession session = dbTester.getSession();
OrganizationDto organization = dbTester.organizations().insert();
ComponentDto publicProject = dbTester.components().insertPublicProject(organization);
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm));
dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
OrganizationDto organization = dbTester.organizations().insert();
ComponentDto publicProject = dbTester.components().insertPublicProject(organization);
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm));
dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);
GroupDto group = dbTester.users().insertGroup(organization);
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject))
- .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
GroupDto group = dbTester.users().insertGroup(organization);
ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
underTest.applyDefault(session, organization.getUuid(), privateProject, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject))
- .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
ComponentDto publicProject = dbTester.components().insertPublicProject(organization);
GroupDto group = dbTester.users().insertGroup(organization);
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
ComponentDto publicProject = dbTester.components().insertPublicProject(organization);
GroupDto group = dbTester.users().insertGroup(organization);
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
ComponentDto publicProject = dbTester.components().insertPublicProject(organization);
UserDto user = dbTester.users().insertUser();
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
ComponentDto publicProject = dbTester.components().insertPublicProject(organization);
UserDto user = dbTester.users().insertUser();
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);
UserDto user = dbTester.users().insertUser();
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);
UserDto user = dbTester.users().insertUser();
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
underTest.applyDefault(session, organization.getUuid(), privateProject, null);
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
ComponentDto publicProject = dbTester.components().insertPublicProject(organization);
UserDto user = dbTester.users().insertUser();
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm));
dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);
UserDto user = dbTester.users().insertUser();
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm));
dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
underTest.applyDefault(session, organization.getUuid(), privateProject, user.getId());
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
*/
package org.sonar.server.permission;
+import org.apache.commons.lang.StringUtils;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
+import org.sonar.api.resources.Qualifiers;
+import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.utils.System2;
import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
+import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.GroupDto;
@Rule
public ExpectedException expectedException = ExpectedException.none();
+ private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP);
+ private PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes);
private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient());
private OrganizationDto org1;
private OrganizationDto org2;
public void apply_adds_any_organization_permission_to_user() {
OrganizationPermission.all()
.forEach(perm -> {
- UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), perm.getKey(), null, UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), perm.getKey(), null, UserId.from(user1));
apply(change);
OrganizationPermission.all()
.forEach(perm -> {
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), perm.getKey(), null, UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), perm.getKey(), null, UserId.from(user1));
apply(change);
@Test
public void apply_has_no_effect_when_adding_permission_USER_on_a_public_project() {
- UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1));
apply(change);
@Test
public void apply_has_no_effect_when_adding_permission_CODEVIEWER_on_a_public_project() {
- UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1));
apply(change);
}
private void applyAddsPermissionOnAPublicProject(String permission) {
- UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1));
apply(change);
@Test
public void apply_fails_with_BadRequestException_when_removing_permission_USER_from_a_public_project() {
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1));
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Permission user can't be removed from a public component");
@Test
public void apply_fails_with_BadRequestException_when_removing_permission_CODEVIEWER_from_a_public_project() {
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1));
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Permission codeviewer can't be removed from a public component");
private void applyRemovesPermissionFromPublicProject(String permission) {
db.users().insertProjectPermissionOnUser(user1, permission, publicProject);
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1));
apply(change);
@Test
public void apply_adds_any_permission_to_a_private_project() {
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(permission -> {
- UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1));
apply(change);
@Test
public void apply_removes_any_permission_from_a_private_project() {
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(permission -> db.users().insertProjectPermissionOnUser(user1, permission, privateProject));
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(permission -> {
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1));
apply(change);
@Test
public void add_global_permission_to_user() {
- UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), SCAN_EXECUTION, null, UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), SCAN_EXECUTION, null, UserId.from(user1));
apply(change);
@Test
public void add_project_permission_to_user() {
- UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1));
apply(change);
assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty();
public void do_nothing_when_adding_global_permission_that_already_exists() {
db.users().insertPermissionOnUser(org1, user1, ADMINISTER_QUALITY_GATES);
- UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
apply(change);
assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(ADMINISTER_QUALITY_GATES);
@Test
public void fail_to_add_global_permission_on_project() {
expectedException.expect(BadRequestException.class);
- expectedException.expectMessage("Invalid project permission 'gateadmin'. Valid values are [admin, codeviewer, issueadmin, securityhotspotadmin, scan, user]");
+ expectedException.expectMessage("Invalid project permission 'gateadmin'. Valid values are [" + StringUtils.join(permissionsHelper.allPermissions(), ", ") + "]");
- UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, new ProjectId(privateProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), QUALITY_GATE_ADMIN, new ProjectId(privateProject), UserId.from(user1));
apply(change);
}
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Invalid global permission 'issueadmin'. Valid values are [admin, profileadmin, gateadmin, scan, provisioning]");
- UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), ISSUE_ADMIN, null, UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), ISSUE_ADMIN, null, UserId.from(user1));
apply(change);
}
db.users().insertPermissionOnUser(org1, user2, QUALITY_GATE_ADMIN);
db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, privateProject);
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
apply(change);
assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN);
db.users().insertProjectPermissionOnUser(user2, ISSUE_ADMIN, privateProject);
db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, project2);
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1));
apply(change);
assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(USER);
@Test
public void do_not_fail_if_removing_a_global_permission_that_does_not_exist() {
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
apply(change);
assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty();
@Test
public void do_not_fail_if_removing_a_project_permission_that_does_not_exist() {
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1));
apply(change);
assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).isEmpty();
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Last user with permission 'admin'. Permission cannot be removed.");
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), SYSTEM_ADMIN, null, UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), SYSTEM_ADMIN, null, UserId.from(user1));
underTest.apply(db.getSession(), change);
}
db.users().insertMember(admins, user2);
db.users().insertPermissionOnGroup(admins, ADMINISTER);
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1));
underTest.apply(db.getSession(), change);
assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty();
import org.junit.Test;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.ServerException;
+import org.sonar.server.permission.PermissionsHelper;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
private static final String A_PROJECT_UUID = "project-uuid";
private static final String A_PROJECT_KEY = "project-key";
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+
@Override
protected AddGroupAction buildWsAction() {
- return new AddGroupAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport());
+ return new AddGroupAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionsHelper);
}
@Test
ComponentDto project = db.components().insertPrivateProject();
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
- ProjectPermissions.ALL
+ newPermissionsHelper().allPermissions()
.forEach(permission -> {
try {
newRequest()
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.ServerException;
+import org.sonar.server.permission.PermissionsHelper;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
private UserDto user;
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+
@Before
public void setUp() {
user = db.users().insertUser("ray.bradbury");
@Override
protected AddUserAction buildWsAction() {
- return new AddUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport());
+ return new AddUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionsHelper);
}
@Test
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.permission.GroupPermissionChanger;
import org.sonar.server.permission.PermissionUpdater;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.UserPermissionChanger;
import org.sonar.server.permission.index.FooIndexDefinition;
import org.sonar.server.permission.index.PermissionIndexer;
return new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP);
}
+ protected PermissionsHelper newPermissionsHelper() {
+ return new PermissionsHelper(newRootResourceTypes());
+ }
+
protected PermissionUpdater newPermissionUpdater() {
return new PermissionUpdater(
new ProjectIndexersImpl(new PermissionIndexer(db.getDbClient(), es.client())),
new UserPermissionChanger(db.getDbClient()),
- new GroupPermissionChanger(db.getDbClient()));
+ new GroupPermissionChanger(db.getDbClient(), newPermissionWsSupport()));
}
protected TestRequest newRequest() {
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
+import org.sonar.server.permission.PermissionsHelper;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
private GroupDto group2;
private GroupDto group3;
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+
@Override
protected GroupsAction buildWsAction() {
return new GroupsAction(
db.getDbClient(),
userSession,
- newPermissionWsSupport());
+ newPermissionWsSupport(), wsParameters);
}
@Before
public void verify_count_of_added_components() {
ComponentContainer container = new ComponentContainer();
new PermissionsWsModule().configure(container);
- assertThat(container.size()).isEqualTo(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER + 25);
+ assertThat(container.size()).isEqualTo(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER + 28);
}
}
*/
package org.sonar.server.permission.ws;
-import org.junit.Before;
+import org.junit.Rule;
import org.junit.Test;
+import org.sonar.api.resources.Qualifiers;
import org.sonar.api.server.ws.WebService;
-import org.sonar.db.DbClient;
+import org.sonar.db.DbTester;
+import org.sonar.db.component.ResourceTypesRule;
+import org.sonar.server.component.ComponentFinder;
import org.sonar.server.issue.ws.AvatarResolverImpl;
+import org.sonar.server.organization.TestDefaultOrganizationProvider;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.template.TemplateGroupsAction;
import org.sonar.server.permission.ws.template.TemplateUsersAction;
-import org.sonar.server.user.UserSession;
+import org.sonar.server.tester.UserSessionRule;
+import org.sonar.server.usergroups.DefaultGroupFinder;
+import org.sonar.server.usergroups.ws.GroupWsSupport;
import org.sonar.server.ws.WsTester;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
public class PermissionsWsTest {
- WsTester ws;
+ @Rule
+ public DbTester db = DbTester.create();
+ @Rule
+ public UserSessionRule userSession = UserSessionRule.standalone();
- @Before
- public void setUp() {
- DbClient dbClient = mock(DbClient.class);
- UserSession userSession = mock(UserSession.class);
- PermissionWsSupport permissionWsSupport = mock(PermissionWsSupport.class);
+ private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);
+ private final ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
+ private final PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes);
+ private final GroupWsSupport groupWsSupport = new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider, new DefaultGroupFinder(db.getDbClient()));
+ private final PermissionWsSupport wsSupport = new PermissionWsSupport(db.getDbClient(), new ComponentFinder(db.getDbClient(), resourceTypes), groupWsSupport);
- ws = new WsTester(new PermissionsWs(
- new TemplateUsersAction(dbClient, userSession, permissionWsSupport, new AvatarResolverImpl()),
- new TemplateGroupsAction(dbClient, userSession, permissionWsSupport)));
- }
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+ private RequestValidator requestValidator = new RequestValidator(permissionsHelper);
+
+ private WsTester underTest = new WsTester(new PermissionsWs(
+ new TemplateUsersAction(db.getDbClient(), userSession, wsSupport, new AvatarResolverImpl(), requestValidator, wsParameters),
+ new TemplateGroupsAction(db.getDbClient(), userSession, wsSupport, requestValidator, wsParameters)));
@Test
public void define_controller() {
}
private WebService.Controller controller() {
- return ws.controller("api/permissions");
+ return underTest.controller("api/permissions");
}
}
import org.junit.Before;
import org.junit.Test;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.permission.PermissionsHelper;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
private GroupDto aGroup;
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+
@Before
public void setUp() {
aGroup = db.users().insertGroup(db.getDefaultOrganization(), "sonar-administrators");
@Override
protected RemoveGroupAction buildWsAction() {
- return new RemoveGroupAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport());
+ return new RemoveGroupAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionsHelper);
}
@Test
@Test
public void no_effect_when_removing_any_permission_from_group_AnyOne_on_a_private_project() {
ComponentDto project = db.components().insertPrivateProject();
- ProjectPermissions.ALL
+ newPermissionsHelper().allPermissions()
.forEach(perm -> unsafeInsertProjectPermissionOnAnyone(perm, project));
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
- ProjectPermissions.ALL
+ newPermissionsHelper().allPermissions()
.forEach(permission -> {
newRequest()
.setParam(PARAM_GROUP_NAME, "anyone")
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.ServerException;
+import org.sonar.server.permission.PermissionsHelper;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
private UserDto user;
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+
@Before
public void setUp() {
user = db.users().insertUser(A_LOGIN);
@Override
protected RemoveUserAction buildWsAction() {
- return new RemoveUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport());
+ return new RemoveUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionsHelper);
}
@Test
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.l18n.I18nRule;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonarqube.ws.Permissions;
import static java.lang.String.format;
private ComponentDbTester componentDb = new ComponentDbTester(db);
private I18nRule i18n = new I18nRule();
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+
@Before
public void setUp() {
i18n.setProjectPermissions();
i18n.setProjectPermissions();
ResourceTypesRule rootResourceTypes = newRootResourceTypes();
PermissionWsSupport wsSupport = newPermissionWsSupport();
- return new SearchProjectPermissionsAction(db.getDbClient(), userSession, i18n, rootResourceTypes, wsSupport);
+ return new SearchProjectPermissionsAction(db.getDbClient(), userSession, i18n, rootResourceTypes, wsSupport, wsParameters, permissionsHelper);
}
@Test
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.issue.ws.AvatarResolverImpl;
+import org.sonar.server.permission.PermissionsHelper;
import static java.lang.String.format;
import static org.apache.commons.lang.StringUtils.countMatches;
public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+ private RequestValidator requestValidator = new RequestValidator(permissionsHelper);
+
@Override
protected UsersAction buildWsAction() {
- return new UsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl());
+ return new UsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl(), requestValidator, wsParameters);
}
@Test
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.BasePermissionWsTest;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.ws.TestRequest;
import static org.assertj.core.api.Assertions.assertThat;
private PermissionTemplateDto template;
private GroupDto group;
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
@Override
protected AddGroupToTemplateAction buildWsAction() {
- return new AddGroupToTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession);
+ return new AddGroupToTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, wsParameters);
}
@Before
}
@Test
- public void add_group_to_template() throws Exception {
+ public void add_group_to_template() {
loginAsAdmin(db.getDefaultOrganization());
newRequest(group.getName(), template.getUuid(), CODEVIEWER);
}
@Test
- public void does_not_add_a_group_twice() throws Exception {
+ public void does_not_add_a_group_twice() {
loginAsAdmin(db.getDefaultOrganization());
newRequest(group.getName(), template.getUuid(), ISSUE_ADMIN);
}
@Test
- public void add_anyone_group_to_template() throws Exception {
+ public void add_anyone_group_to_template() {
loginAsAdmin(db.getDefaultOrganization());
newRequest(ANYONE, template.getUuid(), CODEVIEWER);
}
@Test
- public void fail_if_add_anyone_group_to_admin_permission() throws Exception {
+ public void fail_if_add_anyone_group_to_admin_permission() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(BadRequestException.class);
}
@Test
- public void fail_if_not_a_project_permission() throws Exception {
+ public void fail_if_not_a_project_permission() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(IllegalArgumentException.class);
}
@Test
- public void fail_if_not_admin_of_default_organization() throws Exception {
+ public void fail_if_not_admin_of_default_organization() {
userSession.logIn();
expectedException.expect(ForbiddenException.class);
}
@Test
- public void fail_if_group_params_missing() throws Exception {
+ public void fail_if_group_params_missing() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(BadRequestException.class);
}
@Test
- public void fail_if_permission_missing() throws Exception {
+ public void fail_if_permission_missing() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(IllegalArgumentException.class);
}
@Test
- public void fail_if_template_uuid_and_name_missing() throws Exception {
+ public void fail_if_template_uuid_and_name_missing() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(BadRequestException.class);
}
@Test
- public void fail_if_group_does_not_exist() throws Exception {
+ public void fail_if_group_does_not_exist() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(NotFoundException.class);
}
@Test
- public void fail_if_template_key_does_not_exist() throws Exception {
+ public void fail_if_template_key_does_not_exist() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(NotFoundException.class);
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.BasePermissionWsTest;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.spy;
private System2 system = spy(System2.INSTANCE);
private PermissionTemplateDto template;
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+ private RequestValidator requestValidator = new RequestValidator(permissionsHelper);
@Override
protected AddProjectCreatorToTemplateAction buildWsAction() {
- return new AddProjectCreatorToTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, system);
+ return new AddProjectCreatorToTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, system, requestValidator, wsParameters);
}
@Before
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.BasePermissionWsTest;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.ws.TestRequest;
import static org.assertj.core.api.Assertions.assertThat;
private UserDto user;
private PermissionTemplateDto permissionTemplate;
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
@Override
protected AddUserToTemplateAction buildWsAction() {
- return new AddUserToTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession);
+ return new AddUserToTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, wsParameters);
}
@Before
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.permission.PermissionTemplateService;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.BasePermissionWsTest;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.ws.TestRequest;
import org.sonar.server.ws.TestResponse;
private PermissionTemplateDto template1;
private PermissionTemplateDto template2;
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+
private PermissionTemplateService permissionTemplateService = new PermissionTemplateService(db.getDbClient(),
new TestProjectIndexers(), userSession, defaultTemplatesResolver);
@Override
protected ApplyTemplateAction buildWsAction() {
- return new ApplyTemplateAction(db.getDbClient(), userSession, permissionTemplateService, newPermissionWsSupport());
+ return new ApplyTemplateAction(db.getDbClient(), userSession, permissionTemplateService, newPermissionWsSupport(), wsParameters);
}
@Before
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.l18n.I18nRule;
import org.sonar.server.permission.PermissionTemplateService;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.BasePermissionWsTest;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.api.utils.DateUtils.parseDate;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.PermissionWsSupport;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.usergroups.DefaultGroupFinder;
private DbClient dbClient = db.getDbClient();
private final ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
private final ResourceTypesRule resourceTypesWithViews = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW);
+
private DefaultTemplatesResolver defaultTemplatesResolver = new DefaultTemplatesResolverImpl(resourceTypes);
private DefaultTemplatesResolver defaultTemplatesResolverWithViews = new DefaultTemplatesResolverImpl(resourceTypesWithViews);
public void setUp() throws Exception {
GroupWsSupport groupWsSupport = new GroupWsSupport(dbClient, TestDefaultOrganizationProvider.from(db), new DefaultGroupFinder(db.getDbClient()));
this.underTestWithoutViews = new WsActionTester(new DeleteTemplateAction(dbClient, userSession,
- new PermissionWsSupport(dbClient, new ComponentFinder(dbClient, resourceTypes), groupWsSupport),
- defaultTemplatesResolver));
+ new PermissionWsSupport(dbClient, new ComponentFinder(dbClient, resourceTypes), groupWsSupport), defaultTemplatesResolver));
this.underTestWithViews = new WsActionTester(new DeleteTemplateAction(dbClient, userSession,
- new PermissionWsSupport(dbClient, new ComponentFinder(dbClient, resourceTypes), groupWsSupport),
- defaultTemplatesResolverWithViews));
+ new PermissionWsSupport(dbClient, new ComponentFinder(dbClient, resourceTypes), groupWsSupport), defaultTemplatesResolverWithViews));
}
@Test
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.BasePermissionWsTest;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.ws.TestRequest;
import static org.assertj.core.api.Assertions.assertThat;
private GroupDto group;
private PermissionTemplateDto template;
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
@Override
protected RemoveGroupFromTemplateAction buildWsAction() {
- return new RemoveGroupFromTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession);
+ return new RemoveGroupFromTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, wsParameters);
}
@Before
}
@Test
- public void remove_group_from_template() throws Exception {
+ public void remove_group_from_template() {
newRequest(group.getName(), template.getUuid(), PERMISSION);
assertThat(getGroupNamesInTemplateAndPermission(template, PERMISSION)).isEmpty();
}
@Test
- public void remove_group_twice_without_error() throws Exception {
+ public void remove_group_twice_without_error() {
newRequest(group.getName(), template.getUuid(), PERMISSION);
newRequest(group.getName(), template.getUuid(), PERMISSION);
}
@Test
- public void remove_anyone_group_from_template() throws Exception {
+ public void remove_anyone_group_from_template() {
addGroupToTemplate(template, null, PERMISSION);
newRequest(ANYONE, template.getUuid(), PERMISSION);
}
@Test
- public void fail_if_not_a_project_permission() throws Exception {
+ public void fail_if_not_a_project_permission() {
expectedException.expect(IllegalArgumentException.class);
newRequest(group.getName(), template.getUuid(), GlobalPermissions.PROVISIONING);
}
@Test
- public void fail_if_insufficient_privileges() throws Exception {
+ public void fail_if_insufficient_privileges() {
userSession.logIn().addPermission(SCAN, db.getDefaultOrganization());
expectedException.expect(ForbiddenException.class);
}
@Test
- public void fail_if_not_logged_in() throws Exception {
+ public void fail_if_not_logged_in() {
expectedException.expect(UnauthorizedException.class);
userSession.anonymous();
}
@Test
- public void fail_if_group_params_missing() throws Exception {
+ public void fail_if_group_params_missing() {
expectedException.expect(BadRequestException.class);
newRequest(null, template.getUuid(), PERMISSION);
}
@Test
- public void fail_if_permission_missing() throws Exception {
+ public void fail_if_permission_missing() {
expectedException.expect(IllegalArgumentException.class);
newRequest(group.getName(), template.getUuid(), null);
}
@Test
- public void fail_if_template_missing() throws Exception {
+ public void fail_if_template_missing() {
expectedException.expect(BadRequestException.class);
newRequest(group.getName(), null, PERMISSION);
}
@Test
- public void fail_if_group_does_not_exist() throws Exception {
+ public void fail_if_group_does_not_exist() {
expectedException.expect(NotFoundException.class);
expectedException.expectMessage("No group with name 'unknown-group-name'");
}
@Test
- public void fail_if_template_key_does_not_exist() throws Exception {
+ public void fail_if_template_key_does_not_exist() {
expectedException.expect(NotFoundException.class);
expectedException.expectMessage("Permission template with id 'unknown-key' is not found");
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.BasePermissionWsTest;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
private System2 system = mock(System2.class);
private PermissionTemplateDto template;
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private RequestValidator requestValidator = new RequestValidator(permissionsHelper);
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
@Override
protected RemoveProjectCreatorFromTemplateAction buildWsAction() {
- return new RemoveProjectCreatorFromTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, system);
+ return new RemoveProjectCreatorFromTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, system, requestValidator, wsParameters);
}
@Before
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.BasePermissionWsTest;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.ws.TestRequest;
import static org.assertj.core.api.Assertions.assertThat;
private UserDto user;
private PermissionTemplateDto template;
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+ private RequestValidator requestValidator = new RequestValidator(permissionsHelper);
@Override
protected RemoveUserFromTemplateAction buildWsAction() {
- return new RemoveUserFromTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession);
+ return new RemoveUserFromTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, requestValidator, wsParameters);
}
@Before
}
@Test
- public void remove_user_from_template() throws Exception {
+ public void remove_user_from_template() {
loginAsAdmin(db.getDefaultOrganization());
newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);
}
@Test
- public void remove_user_from_template_twice_without_failing() throws Exception {
+ public void remove_user_from_template_twice_without_failing() {
loginAsAdmin(db.getDefaultOrganization());
newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);
newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);
}
@Test
- public void keep_user_permission_not_removed() throws Exception {
+ public void keep_user_permission_not_removed() {
addUserToTemplate(user, template, ISSUE_ADMIN);
loginAsAdmin(db.getDefaultOrganization());
}
@Test
- public void keep_other_users_when_one_user_removed() throws Exception {
+ public void keep_other_users_when_one_user_removed() {
UserDto newUser = db.users().insertUser("new-login");
db.organizations().addMember(db.getDefaultOrganization(), newUser);
addUserToTemplate(newUser, template, DEFAULT_PERMISSION);
}
@Test
- public void fail_if_not_a_project_permission() throws Exception {
+ public void fail_if_not_a_project_permission() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(IllegalArgumentException.class);
}
@Test
- public void fail_if_insufficient_privileges() throws Exception {
+ public void fail_if_insufficient_privileges() {
userSession.logIn();
expectedException.expect(ForbiddenException.class);
}
@Test
- public void fail_if_not_logged_in() throws Exception {
+ public void fail_if_not_logged_in() {
userSession.anonymous();
expectedException.expect(UnauthorizedException.class);
}
@Test
- public void fail_if_user_missing() throws Exception {
+ public void fail_if_user_missing() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(IllegalArgumentException.class);
}
@Test
- public void fail_if_permission_missing() throws Exception {
+ public void fail_if_permission_missing() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(IllegalArgumentException.class);
}
@Test
- public void fail_if_template_missing() throws Exception {
+ public void fail_if_template_missing() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(BadRequestException.class);
}
@Test
- public void fail_if_user_does_not_exist() throws Exception {
+ public void fail_if_user_does_not_exist() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(NotFoundException.class);
}
@Test
- public void fail_if_template_key_does_not_exist() throws Exception {
+ public void fail_if_template_key_does_not_exist() {
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(NotFoundException.class);
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.l18n.I18nRule;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.BasePermissionWsTest;
import org.sonar.server.ws.TestRequest;
import org.sonar.server.ws.WsActionTester;
private I18nRule i18n = new I18nRule();
private DbClient dbClient = db.getDbClient();
private DbSession dbSession = db.getSession();
- private ResourceTypesRule resourceTypesWithViews = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW);
+ private ResourceTypesRule resourceTypesWithViews = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP);
private ResourceTypesRule resourceTypesWithoutViews = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
-
+ private PermissionsHelper permissionsHelperWithViews = new PermissionsHelper(resourceTypesWithViews);
+ private PermissionsHelper permissionsHelperWithoutViews = new PermissionsHelper(resourceTypesWithoutViews);
private WsActionTester underTestWithoutViews;
@Override
protected SearchTemplatesAction buildWsAction() {
DefaultTemplatesResolver defaultTemplatesResolverWithViews = new DefaultTemplatesResolverImpl(resourceTypesWithViews);
- SearchTemplatesAction searchTemplatesAction = new SearchTemplatesAction(dbClient, userSession, i18n, newPermissionWsSupport(), defaultTemplatesResolverWithViews);
+ SearchTemplatesAction searchTemplatesAction = new SearchTemplatesAction(dbClient, userSession, i18n, newPermissionWsSupport(), defaultTemplatesResolverWithViews, permissionsHelperWithViews);
return searchTemplatesAction;
}
@Before
public void setUp() {
DefaultTemplatesResolver defaultTemplatesResolverWithViews = new DefaultTemplatesResolverImpl(resourceTypesWithoutViews);
- underTestWithoutViews = new WsActionTester(new SearchTemplatesAction(dbClient, userSession, i18n, newPermissionWsSupport(), defaultTemplatesResolverWithViews));
+ underTestWithoutViews = new WsActionTester(new SearchTemplatesAction(dbClient, userSession, i18n, newPermissionWsSupport(), defaultTemplatesResolverWithViews, permissionsHelperWithoutViews));
i18n.setProjectPermissions();
userSession.logIn().addPermission(ADMINISTER, db.getDefaultOrganization());
}
" }" +
" ]" +
"}");
- }
+ }
private PermissionTemplateDto insertProjectTemplate(OrganizationDto org) {
return insertTemplate(newPermissionTemplateDto()
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.BasePermissionWsTest;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonarqube.ws.Permissions.WsGroupsResponse;
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
public class TemplateGroupsActionTest extends BasePermissionWsTest<TemplateGroupsAction> {
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+ private RequestValidator requestValidator = new RequestValidator(permissionsHelper);
@Override
protected TemplateGroupsAction buildWsAction() {
- return new TemplateGroupsAction(db.getDbClient(), userSession, newPermissionWsSupport());
+ return new TemplateGroupsAction(db.getDbClient(), userSession, newPermissionWsSupport(), requestValidator, wsParameters);
}
@Test
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.issue.ws.AvatarResolverImpl;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.ws.BasePermissionWsTest;
+import org.sonar.server.permission.ws.RequestValidator;
+import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.ws.TestRequest;
import org.sonarqube.ws.Permissions;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
public class TemplateUsersActionTest extends BasePermissionWsTest<TemplateUsersAction> {
+ private PermissionsHelper permissionsHelper = newPermissionsHelper();
+ private WsParameters wsParameters = new WsParameters(permissionsHelper);
+ private RequestValidator requestValidator = new RequestValidator(permissionsHelper);
@Override
protected TemplateUsersAction buildWsAction() {
- return new TemplateUsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl());
+ return new TemplateUsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl(), requestValidator, wsParameters);
}
@Test
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
+import org.sonar.api.resources.Qualifiers;
+import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.ProjectPermissions;
import org.sonar.core.util.stream.MoreCollectors;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.BranchDto;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
+import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.server.organization.BillingValidations;
import org.sonar.server.organization.BillingValidationsProxy;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
+import org.sonar.server.permission.PermissionsHelper;
import org.sonar.server.permission.index.FooIndexDefinition;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.TestRequest;
private static final String PARAM_PROJECT = "project";
private static final String PUBLIC = "public";
private static final String PRIVATE = "private";
+
+ private static final ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP);
+ private static final PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes);
+
private static final Set<String> ORGANIZATION_PERMISSIONS_NAME_SET = stream(OrganizationPermission.values()).map(OrganizationPermission::getKey)
.collect(MoreCollectors.toSet(OrganizationPermission.values().length));
- private static final Set<String> PROJECT_PERMISSIONS_BUT_USER_AND_CODEVIEWER = ProjectPermissions.ALL.stream()
- .filter(perm -> !perm.equals(UserRole.USER) && !perm.equals(UserRole.CODEVIEWER)).collect(MoreCollectors.toSet(ProjectPermissions.ALL.size() - 2));
+ private static final Set<String> PROJECT_PERMISSIONS_BUT_USER_AND_CODEVIEWER = permissionsHelper.allPermissions().stream()
+ .filter(perm -> !perm.equals(UserRole.USER) && !perm.equals(UserRole.CODEVIEWER))
+ .collect(MoreCollectors.toSet(permissionsHelper.allPermissions().size() - 2));
@Rule
public DbTester dbTester = DbTester.create(System2.INSTANCE);
dbTester.users().insertPermissionOnGroup(group, organizationPermission);
dbTester.users().insertPermissionOnUser(organization, user, organizationPermission);
});
- ProjectPermissions.ALL
+ permissionsHelper.allPermissions()
.forEach(permission -> {
unsafeInsertProjectPermissionOnAnyone(component, permission);
unsafeInsertProjectPermissionOnGroup(component, group, permission);
assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), null, component.getId()))
.isEmpty();
assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), group.getId(), component.getId()))
- .containsAll(ProjectPermissions.ALL);
+ .containsAll(permissionsHelper.allPermissions());
assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession, user.getId(), component.getId()))
- .containsAll(ProjectPermissions.ALL);
+ .containsAll(permissionsHelper.allPermissions());
}
private void verifyHasAllPermissionsButProjectPermissionsUserAndBrowse(ComponentDto component, UserDto user, GroupDto group) {
assertThat(dbClient.userPermissionDao().selectGlobalPermissionsOfUser(dbSession, user.getId(), component.getOrganizationUuid()))
.containsAll(ORGANIZATION_PERMISSIONS_NAME_SET);
assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), null, component.getId()))
- .containsAll(ProjectPermissions.ALL);
+ .containsAll(permissionsHelper.allPermissions());
assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), group.getId(), component.getId()))
- .containsAll(ProjectPermissions.ALL);
+ .containsAll(permissionsHelper.allPermissions());
assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession, user.getId(), component.getId()))
- .containsAll(ProjectPermissions.ALL);
+ .containsAll(permissionsHelper.allPermissions());
}
private void insertPendingTask(ComponentDto project) {
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
+import org.sonar.api.resources.Qualifiers;
+import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.utils.System2;
import org.sonar.api.utils.log.LogTester;
import org.sonar.api.utils.log.LoggerLevel;
import org.sonar.api.web.UserRole;
+import org.sonar.api.web.page.Page;
import org.sonar.db.DbTester;
import org.sonar.db.organization.DefaultTemplates;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
public class RegisterPermissionTemplatesTest {
public ExpectedException expectedException = ExpectedException.none();
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);
+ private ResourceTypes resourceTypes = mock(ResourceTypes.class);
private RegisterPermissionTemplates underTest = new RegisterPermissionTemplates(db.getDbClient(), defaultOrganizationProvider);
@Test
}
@Test
- public void insert_default_permission_template_if_fresh_install() {
+ public void insert_default_permission_template_if_fresh_install_without_governance() {
GroupDto defaultGroup = createAndSetDefaultGroup();
db.users().insertGroup(db.getDefaultOrganization(), DefaultGroups.ADMINISTRATORS);
+ when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(false);
+ when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(false);
underTest.start();
PermissionTemplateDto defaultTemplate = selectTemplate();
assertThat(defaultTemplate.getName()).isEqualTo("Default template");
List<PermissionTemplateGroupDto> groupPermissions = selectGroupPermissions(defaultTemplate);
- assertThat(groupPermissions).hasSize(5);
+ assertThat(groupPermissions).hasSize(7);
expectGroupPermission(groupPermissions, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS);
expectGroupPermission(groupPermissions, UserRole.ISSUE_ADMIN, DefaultGroups.ADMINISTRATORS);
expectGroupPermission(groupPermissions, UserRole.SECURITYHOTSPOT_ADMIN, DefaultGroups.ADMINISTRATORS);
+ expectGroupPermission(groupPermissions, UserRole.APPLICATION_CREATOR, DefaultGroups.ADMINISTRATORS);
+ expectGroupPermission(groupPermissions, UserRole.PORTFOLIO_CREATOR, DefaultGroups.ADMINISTRATORS);
+ expectGroupPermission(groupPermissions, UserRole.CODEVIEWER, defaultGroup.getName());
+ expectGroupPermission(groupPermissions, UserRole.USER, defaultGroup.getName());
+
+ verifyDefaultTemplates();
+
+ assertThat(logTester.logs(LoggerLevel.ERROR)).isEmpty();
+ }
+
+ @Test
+ public void insert_default_permission_template_if_fresh_install_with_governance() {
+ GroupDto defaultGroup = createAndSetDefaultGroup();
+ db.users().insertGroup(db.getDefaultOrganization(), DefaultGroups.ADMINISTRATORS);
+
+ when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(true);
+ when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(true);
+ underTest.start();
+
+ PermissionTemplateDto defaultTemplate = selectTemplate();
+ assertThat(defaultTemplate.getName()).isEqualTo("Default template");
+
+ List<PermissionTemplateGroupDto> groupPermissions = selectGroupPermissions(defaultTemplate);
+ assertThat(groupPermissions).hasSize(7);
+ expectGroupPermission(groupPermissions, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS);
+ expectGroupPermission(groupPermissions, UserRole.ISSUE_ADMIN, DefaultGroups.ADMINISTRATORS);
+ expectGroupPermission(groupPermissions, UserRole.SECURITYHOTSPOT_ADMIN, DefaultGroups.ADMINISTRATORS);
+ expectGroupPermission(groupPermissions, UserRole.APPLICATION_CREATOR, DefaultGroups.ADMINISTRATORS);
+ expectGroupPermission(groupPermissions, UserRole.PORTFOLIO_CREATOR, DefaultGroups.ADMINISTRATORS);
expectGroupPermission(groupPermissions, UserRole.CODEVIEWER, defaultGroup.getName());
expectGroupPermission(groupPermissions, UserRole.USER, defaultGroup.getName());
projects_role.are_you_sure_to_turn_project_to_public.APP=Are you sure you want to turn your application to public?
projects_role.are_you_sure_to_turn_project_to_public.warning.APP=Everybody will be able to browse it.
projects_role.public_projects_warning=This permission is always granted by default to everybody (anonymous and authenticated users) for public projects. Therefore, the selection made on this page will be applied to private projects only.
+projects_role.applicationcreator=Create Applications
+projects_role.applicationcreator.desc=Allow to create applications for non system administrator.
+projects_role.portfoliocreator=Create Portfolios
+projects_role.portfoliocreator.desc=Allow to create portfolios for non system administrator.
return rootTypes;
}
+ public boolean isQualifierPresent(String qualifier) {
+ return typeByQualifier.get(qualifier) != null;
+ }
+
public List<String> getLeavesQualifiers(String qualifier) {
ResourceTypeTree tree = getTree(qualifier);
if (tree != null) {
*/
String SECURITYHOTSPOT_ADMIN = "securityhotspotadmin";
+ /**
+ * @since 7.4
+ */
+ String APPLICATION_CREATOR = "applicationcreator";
+ String PORTFOLIO_CREATOR = "portfoliocreator";
+
String[] value() default {};
}
new ResourceTypes(new ResourceTypeTree[] {tree1, tree2});
}
+ @Test
+ public void isQualifierPresent() {
+ assertThat(types.isQualifierPresent(Qualifiers.APP)).isTrue();
+ assertThat(types.isQualifierPresent(Qualifiers.VIEW)).isTrue();
+ assertThat(types.isQualifierPresent("XXXX")).isFalse();
+ }
+
static Collection<String> qualifiers(Collection<ResourceType> types) {
return Collections2.transform(types, ResourceType::getQualifier);
}
projects / sonarqube.git / commitdiff