package org.sonar.server.permission.ws.template;
import java.util.Date;
+import java.util.Optional;
import javax.annotation.Nullable;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import static com.google.common.base.MoreObjects.firstNonNull;
import static java.lang.String.format;
-import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
import static org.sonar.server.permission.ws.PermissionRequestValidator.MSG_TEMPLATE_WITH_SAME_NAME;
import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPattern;
import static org.sonar.server.permission.ws.PermissionRequestValidator.validateTemplateNameFormat;
}
private UpdateTemplateWsResponse doHandle(UpdateTemplateWsRequest request) {
- checkGlobalAdminUser(userSession);
-
String uuid = request.getId();
String nameParam = request.getName();
String descriptionParam = request.getDescription();
try (DbSession dbSession = dbClient.openSession(false)) {
PermissionTemplateDto templateToUpdate = getAndBuildTemplateToUpdate(dbSession, uuid, nameParam, descriptionParam, projectPatternParam);
+ checkProjectAdmin(userSession, templateToUpdate.getOrganizationUuid(), Optional.empty());
+
validateTemplate(dbSession, templateToUpdate);
PermissionTemplateDto updatedTemplate = updateTemplate(dbSession, templateToUpdate);
}
private void validateTemplate(DbSession dbSession, PermissionTemplateDto templateToUpdate) {
- validateTemplateNameForUpdate(dbSession, templateToUpdate.getName(), templateToUpdate.getId());
+ validateTemplateNameForUpdate(dbSession, templateToUpdate.getOrganizationUuid(), templateToUpdate.getName(), templateToUpdate.getId());
validateProjectPattern(templateToUpdate.getKeyPattern());
}
private PermissionTemplateDto getAndBuildTemplateToUpdate(DbSession dbSession, String uuid, @Nullable String newName, @Nullable String newDescription,
@Nullable String newProjectKeyPattern) {
- PermissionTemplateDto templateToUpdate = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef(uuid, null));
+ PermissionTemplateDto templateToUpdate = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef(uuid, null, null));
templateToUpdate.setName(firstNonNull(newName, templateToUpdate.getName()));
templateToUpdate.setDescription(firstNonNull(newDescription, templateToUpdate.getDescription()));
templateToUpdate.setKeyPattern(firstNonNull(newProjectKeyPattern, templateToUpdate.getKeyPattern()));
return UpdateTemplateWsResponse.newBuilder().setPermissionTemplate(permissionTemplateBuilder).build();
}
- private void validateTemplateNameForUpdate(DbSession dbSession, String name, long id) {
+ private void validateTemplateNameForUpdate(DbSession dbSession, String organizationUuid, String name, long id) {
validateTemplateNameFormat(name);
- PermissionTemplateDto permissionTemplateWithSameName = dbClient.permissionTemplateDao().selectByName(dbSession, name);
+ PermissionTemplateDto permissionTemplateWithSameName = dbClient.permissionTemplateDao().selectByName(dbSession, organizationUuid, name);
checkRequest(permissionTemplateWithSameName == null || permissionTemplateWithSameName.getId() == id,
format(MSG_TEMPLATE_WITH_SAME_NAME, name));
}
import org.junit.Before;
import org.junit.Test;
import org.sonar.api.utils.System2;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.when;
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.CONTROLLER;
@Before
public void setUp() {
- userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
when(system.now()).thenReturn(1_440_512_328_743L);
-
- template = insertTemplate(newPermissionTemplateDto()
+ template = db.getDbClient().permissionTemplateDao().insert(db.getSession(), newPermissionTemplateDto()
+ .setOrganizationUuid(db.getDefaultOrganization().getUuid())
.setName("Permission Template Name")
.setDescription("Permission Template Description")
.setKeyPattern(".*\\.pattern\\..*")
.setCreatedAt(new Date(1_000_000_000_000L))
.setUpdatedAt(new Date(1_000_000_000_000L)));
+ db.commit();
}
@Test
public void update_all_permission_template_fields() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
String result = call(template.getUuid(), "Finance", "Permissions for financially related projects", ".*\\.finance\\..*");
assertJson(result)
.ignoreFields("id")
.isSimilarTo(getClass().getResource("update_template-example.json"));
- PermissionTemplateDto finance = db.getDbClient().permissionTemplateDao().selectByName(db.getSession(), "Finance");
+ PermissionTemplateDto finance = selectTemplateInDefaultOrganization("Finance");
assertThat(finance.getName()).isEqualTo("Finance");
assertThat(finance.getDescription()).isEqualTo("Permissions for financially related projects");
assertThat(finance.getKeyPattern()).isEqualTo(".*\\.finance\\..*");
@Test
public void update_with_the_same_values() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
call(template.getUuid(), template.getName(), template.getDescription(), template.getKeyPattern());
PermissionTemplateDto reloaded = db.getDbClient().permissionTemplateDao().selectByUuid(db.getSession(), template.getUuid());
@Test
public void update_name_only() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
call(template.getUuid(), "Finance", null, null);
- PermissionTemplateDto finance = db.getDbClient().permissionTemplateDao().selectByName(db.getSession(), "Finance");
+ PermissionTemplateDto finance = selectTemplateInDefaultOrganization("Finance");
assertThat(finance.getName()).isEqualTo("Finance");
assertThat(finance.getDescription()).isEqualTo(template.getDescription());
assertThat(finance.getKeyPattern()).isEqualTo(template.getKeyPattern());
@Test
public void fail_if_key_is_not_found() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(NotFoundException.class);
expectedException.expectMessage("Permission template with id 'unknown-key' is not found");
@Test
public void fail_if_name_already_exists_in_another_template() throws Exception {
- insertTemplate(newPermissionTemplateDto()
- .setName("My Template")
- .setUuid("my-key")
- .setCreatedAt(new Date(12345789L))
- .setUpdatedAt(new Date(12345789L)));
+ loginAsAdminOnDefaultOrganization();
+ PermissionTemplateDto anotherTemplate = addTemplateToDefaultOrganization();
expectedException.expect(BadRequestException.class);
- expectedException.expectMessage("A template with the name 'My Template' already exists (case insensitive).");
+ expectedException.expectMessage("A template with the name '" + anotherTemplate.getName() + "' already exists (case insensitive).");
- call(template.getUuid(), "My Template", null, null);
+ call(this.template.getUuid(), anotherTemplate.getName(), null, null);
}
@Test
public void fail_if_key_is_not_provided() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(IllegalArgumentException.class);
call(null, "Finance", null, null);
@Test
public void fail_if_name_empty() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("The template name must not be blank");
@Test
public void fail_if_name_has_just_whitespaces() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("The template name must not be blank");
@Test
public void fail_if_regexp_if_not_valid() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("The 'projectKeyPattern' parameter must be a valid Java regular expression. '[azerty' was passed");
@Test
public void fail_if_name_already_exists_in_database_case_insensitive() throws Exception {
- insertTemplate(newPermissionTemplateDto().setName("finance"));
+ loginAsAdminOnDefaultOrganization();
+ PermissionTemplateDto anotherTemplate = addTemplateToDefaultOrganization();
+ String nameCaseInsensitive = anotherTemplate.getName().toUpperCase();
expectedException.expect(BadRequestException.class);
- expectedException.expectMessage("A template with the name 'Finance' already exists (case insensitive).");
+ expectedException.expectMessage("A template with the name '" + nameCaseInsensitive + "' already exists (case insensitive).");
- call(template.getUuid(), "Finance", null, null);
+ call(this.template.getUuid(), nameCaseInsensitive, null, null);
}
@Test
@Test
public void fail_if_not_admin() throws Exception {
+ userSession.login().addOrganizationPermission(db.getDefaultOrganization().getUuid(), SCAN_EXECUTION);
+
expectedException.expect(ForbiddenException.class);
- userSession.setGlobalPermissions(GlobalPermissions.QUALITY_PROFILE_ADMIN);
call(template.getUuid(), "Finance", null, null);
}
- private PermissionTemplateDto insertTemplate(PermissionTemplateDto dto) {
- db.getDbClient().permissionTemplateDao().insert(db.getSession(), dto);
- db.commit();
- return dto;
- }
-
private String call(@Nullable String key, @Nullable String name, @Nullable String description, @Nullable String projectPattern) throws Exception {
WsTester.TestRequest request = wsTester.newPostRequest(CONTROLLER, ACTION);
if (key != null) {