SONAR-8193 api/system/info require root

author Sébastien Lesaint <sebastien.lesaint@sonarsource.com>

Thu, 6 Oct 2016 09:12:26 +0000 (11:12 +0200)

committer Sébastien Lesaint <sebastien.lesaint@sonarsource.com>

Wed, 12 Oct 2016 10:24:31 +0000 (12:24 +0200)
author Sébastien Lesaint <sebastien.lesaint@sonarsource.com>
Thu, 6 Oct 2016 09:12:26 +0000 (11:12 +0200)
committer Sébastien Lesaint <sebastien.lesaint@sonarsource.com>
Wed, 12 Oct 2016 10:24:31 +0000 (12:24 +0200)
diff --git a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/InfoAction.java b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/InfoAction.java

index 8006c68042961dc7ea50986a7dc9b416231470a1..bc605862db5d70c8f9d6fc51d5f7d2183a675b68 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/InfoAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/InfoAction.java
@@ -26,7 +26,6 @@ import org.sonar.api.server.ws.Response;
  import org.sonar.api.server.ws.WebService;
  import org.sonar.api.utils.text.JsonWriter;
  import org.sonar.ce.http.CeHttpClient;
-import org.sonar.core.permission.GlobalPermissions;
  import org.sonar.process.systeminfo.protobuf.ProtobufSystemInfo;
  import org.sonar.server.platform.monitoring.Monitor;
  import org.sonar.server.user.UserSession;
@@ -60,7 +59,8 @@ public class InfoAction implements SystemWsAction {
  
    @Override
    public void handle(Request request, Response response) {
-    userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
+    userSession.checkIsRoot();
+
      JsonWriter json = response.newJsonWriter();
      writeJson(json);
      json.close();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/platform/ws/InfoActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/platform/ws/InfoActionTest.java

index af70d848614a7fbd2b47323aab1391a8237315a3..6b00f554096b575609e30cc69c813c61e0a160dd 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/platform/ws/InfoActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/platform/ws/InfoActionTest.java
@@ -24,11 +24,11 @@ import java.util.Map;
  import java.util.Optional;
  import org.junit.Rule;
  import org.junit.Test;
+import org.junit.rules.ExpectedException;
  import org.mockito.Mockito;
-import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.ce.http.CeHttpClient;
  import org.sonar.server.exceptions.ForbiddenException;
  import org.sonar.server.platform.monitoring.Monitor;
-import org.sonar.ce.http.CeHttpClient;
  import org.sonar.server.tester.UserSessionRule;
  import org.sonar.server.ws.TestResponse;
  import org.sonar.server.ws.WsActionTester;
@@ -41,31 +41,43 @@ public class InfoActionTest {
    @Rule
    public UserSessionRule userSessionRule = UserSessionRule.standalone().login("login")
      .setName("name");
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
  
-  Monitor monitor1 = mock(Monitor.class);
-  Monitor monitor2 = mock(Monitor.class);
-  CeHttpClient ceHttpClient = mock(CeHttpClient.class, Mockito.RETURNS_MOCKS);
+  private Monitor monitor1 = mock(Monitor.class);
+  private Monitor monitor2 = mock(Monitor.class);
+  private CeHttpClient ceHttpClient = mock(CeHttpClient.class, Mockito.RETURNS_MOCKS);
  
-  WsActionTester ws = new WsActionTester(new InfoAction(userSessionRule, ceHttpClient, monitor1, monitor2));
+  private InfoAction underTest = new InfoAction(userSessionRule, ceHttpClient, monitor1, monitor2);
+  private WsActionTester actionTester = new WsActionTester(underTest);
  
    @Test
    public void test_definition() throws Exception {
-    assertThat(ws.getDef().key()).isEqualTo("info");
-    assertThat(ws.getDef().isInternal()).isTrue();
-    assertThat(ws.getDef().responseExampleAsString()).isNotEmpty();
-    assertThat(ws.getDef().params()).isEmpty();
+    assertThat(actionTester.getDef().key()).isEqualTo("info");
+    assertThat(actionTester.getDef().isInternal()).isTrue();
+    assertThat(actionTester.getDef().responseExampleAsString()).isNotEmpty();
+    assertThat(actionTester.getDef().params()).isEmpty();
    }
  
-  @Test(expected = ForbiddenException.class)
-  public void should_fail_when_does_not_have_admin_right() {
-    userSessionRule.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+  @Test
+  public void request_fails_with_ForbiddenException_when_user_is_not_logged_in() {
+    expectedException.expect(ForbiddenException.class);
  
-    ws.newRequest().execute();
+    actionTester.newRequest().execute();
+  }
+
+  @Test
+  public void request_fails_with_ForbiddenException_when_user_is_not_root() {
+    userSessionRule.login();
+
+    expectedException.expect(ForbiddenException.class);
+
+    actionTester.newRequest().execute();
    }
  
    @Test
    public void write_json() {
-    userSessionRule.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+    makeAuthenticatedUserRoot();
  
      Map<String, Object> attributes1 = new LinkedHashMap<>();
      attributes1.put("foo", "bar");
@@ -78,8 +90,12 @@ public class InfoActionTest {
      when(monitor2.attributes()).thenReturn(attributes2);
      when(ceHttpClient.retrieveSystemInfo()).thenReturn(Optional.empty());
  
-    TestResponse response = ws.newRequest().execute();
+    TestResponse response = actionTester.newRequest().execute();
      // response does not contain empty "Monitor Three"
      assertThat(response.getInput()).isEqualTo("{\"Monitor One\":{\"foo\":\"bar\"},\"Monitor Two\":{\"one\":1,\"two\":2}}");
    }
+
+  private void makeAuthenticatedUserRoot() {
+    userSessionRule.login().setRoot();
+  }
  }
author	Sébastien Lesaint <sebastien.lesaint@sonarsource.com>
	Thu, 6 Oct 2016 09:12:26 +0000 (11:12 +0200)
committer	Sébastien Lesaint <sebastien.lesaint@sonarsource.com>
	Wed, 12 Oct 2016 10:24:31 +0000 (12:24 +0200)
server/sonar-server/src/main/java/org/sonar/server/platform/ws/InfoAction.java		patch \| blob \| history
server/sonar-server/src/test/java/org/sonar/server/platform/ws/InfoActionTest.java		patch \| blob \| history