import org.sonar.server.user.UserSession;
import org.sonarqube.ws.client.permission.AddProjectCreatorToTemplateWsRequest;
-import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission;
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION_KEY;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
@Override
public void handle(Request request, Response response) throws Exception {
- checkGlobalAdminUser(userSession);
doHandle(toWsRequest(request));
response.noContent();
}
private void doHandle(AddProjectCreatorToTemplateWsRequest request) {
try (DbSession dbSession = dbClient.openSession(false)) {
- PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef(request.getTemplateId(), request.getTemplateName()));
+ PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef(
+ request.getTemplateId(), request.getOrganization(), request.getTemplateName()));
+ checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty());
+
Optional<PermissionTemplateCharacteristicDto> templatePermission = dbClient.permissionTemplateCharacteristicDao()
.selectByPermissionAndTemplateId(dbSession, request.getPermission(), template.getId());
if (templatePermission.isPresent()) {
AddProjectCreatorToTemplateWsRequest wsRequest = AddProjectCreatorToTemplateWsRequest.builder()
.setPermission(request.mandatoryParam(PARAM_PERMISSION))
.setTemplateId(request.param(PARAM_TEMPLATE_ID))
+ .setOrganization(request.param(PARAM_ORGANIZATION_KEY))
.setTemplateName(request.param(PARAM_TEMPLATE_NAME))
.build();
validateProjectPermission(wsRequest.getPermission());
import org.junit.Test;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
-import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.permission.ws.BasePermissionWsTest;
import org.sonar.server.ws.WsTester;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.when;
+import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.CONTROLLER;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
@Before
public void setUp() {
- userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
template = insertTemplate();
when(system.now()).thenReturn(2_000_000_000L);
}
@Test
public void insert_row_when_no_template_permission() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
newRequest()
.setParam(PARAM_PERMISSION, UserRole.ADMIN)
.setParam(PARAM_TEMPLATE_ID, template.getUuid())
@Test
public void update_row_when_existing_template_permission() throws Exception {
+ loginAsAdminOnDefaultOrganization();
PermissionTemplateCharacteristicDto characteristic = db.getDbClient().permissionTemplateCharacteristicDao().insert(db.getSession(),
new PermissionTemplateCharacteristicDto()
.setTemplateId(template.getId())
@Test
public void fail_when_template_does_not_exist() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(NotFoundException.class);
newRequest()
@Test
public void fail_if_permission_is_not_a_project_permission() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(IllegalArgumentException.class);
newRequest()
- .setParam(PARAM_PERMISSION, GlobalPermissions.QUALITY_GATE_ADMIN)
+ .setParam(PARAM_PERMISSION, QUALITY_GATE_ADMIN)
.setParam(PARAM_TEMPLATE_ID, template.getUuid())
.execute();
}
@Test
- public void fail_if_not_authenticated() throws Exception {
- expectedException.expect(UnauthorizedException.class);
- userSession.anonymous();
-
- newRequest()
- .setParam(PARAM_PERMISSION, UserRole.ADMIN)
- .setParam(PARAM_TEMPLATE_ID, template.getUuid())
- .execute();
- }
+ public void fail_if_not_admin_of_default_organization() throws Exception {
+ userSession.login().addOrganizationPermission(db.getDefaultOrganization().getUuid(), QUALITY_GATE_ADMIN);
- @Test
- public void fail_if_insufficient_privileges() throws Exception {
expectedException.expect(ForbiddenException.class);
- userSession.login().setGlobalPermissions(GlobalPermissions.QUALITY_GATE_ADMIN);
newRequest()
.setParam(PARAM_PERMISSION, UserRole.ADMIN)
public class AddProjectCreatorToTemplateWsRequest {
private final String templateId;
+ private final String organization;
private final String templateName;
private final String permission;
public AddProjectCreatorToTemplateWsRequest(Builder builder) {
this.templateId = builder.templateId;
+ this.organization = builder.organization;
this.templateName = builder.templateName;
this.permission = requireNonNull(builder.permission);
}
return templateId;
}
+ @CheckForNull
+ public String getOrganization() {
+ return organization;
+ }
+
@CheckForNull
public String getTemplateName() {
return templateName;
public static class Builder {
private String templateId;
+ private String organization;
private String templateName;
private String permission;
return this;
}
+ public Builder setOrganization(String s) {
+ this.organization = s;
+ return this;
+ }
+
public Builder setTemplateName(String templateName) {
this.templateName = templateName;
return this;
projects / sonarqube.git / commitdiff