import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
+import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.SnapshotDto;
import org.sonar.db.measure.MeasureDto;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse;
import org.sonarqube.ws.client.qualitygate.ProjectStatusWsRequest;
-import static com.google.common.collect.Sets.newHashSet;
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
+import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
+import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
import static org.sonar.server.ws.WsUtils.checkFound;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
.join(Lists.transform(Arrays.asList(ProjectStatusWsResponse.Status.values()), new Function<ProjectStatusWsResponse.Status, String>() {
@Nonnull
@Override
- public String apply(ProjectStatusWsResponse.Status input) {
+ public String apply(@Nonnull ProjectStatusWsResponse.Status input) {
return input.toString();
}
}));
}
private ProjectStatusWsResponse doHandle(ProjectStatusWsRequest request) {
- checkScanOrAdminPermission();
-
DbSession dbSession = dbClient.openSession(false);
try {
String snapshotId = request.getAnalysisId();
SnapshotDto snapshotDto = getSnapshot(dbSession, snapshotId);
+ ComponentDto projectDto = dbClient.componentDao().selectOrFailById(dbSession, snapshotDto.getComponentId());
+ checkPermission(projectDto.uuid());
String measureData = getQualityGateDetailsMeasureData(dbSession, snapshotDto);
return ProjectStatusWsResponse.newBuilder()
.setAnalysisId(request.mandatoryParam("analysisId"));
}
- private void checkScanOrAdminPermission() {
- userSession.checkAnyPermissions(newHashSet(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.SYSTEM_ADMIN));
+ private void checkPermission(String projectUuid) {
+ if (!userSession.hasPermission(SYSTEM_ADMIN)
+ && !userSession.hasComponentUuidPermission(SCAN_EXECUTION, projectUuid)) {
+ throw insufficientPrivilegesException();
+ }
}
}
import org.junit.rules.ExpectedException;
import org.sonar.api.measures.CoreMetrics;
import org.sonar.api.utils.System2;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse.Status;
import static org.assertj.core.api.Assertions.assertThat;
+import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
+import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.component.SnapshotTesting.newSnapshotForProject;
import static org.sonar.db.measure.MeasureTesting.newMeasureDto;
dbSession = db.getSession();
ws = new WsActionTester(new ProjectStatusAction(dbClient, userSession));
- userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
}
@Test
public void json_example() throws IOException {
+ userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
+
ComponentDto project = newProjectDto("project-uuid");
dbClient.componentDao().insert(dbSession, project);
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project)
@Test
public void fail_if_no_snapshot_id_found() {
+ userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
+
expectedException.expect(NotFoundException.class);
expectedException.expectMessage("Analysis with id 'task-uuid' is not found");
@Test
public void return_undefined_status_if_measure_is_not_found() {
+ userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
+
ComponentDto project = newProjectDto("project-uuid");
dbClient.componentDao().insert(dbSession, project);
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
@Test
public void return_undefined_status_if_measure_data_is_not_well_formatted() {
- userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSession.login("john").setGlobalPermissions(SCAN_EXECUTION);
+
ComponentDto project = newProjectDto("project-uuid");
dbClient.componentDao().insert(dbSession, project);
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
@Test
public void fail_if_insufficient_privileges() {
- userSession.setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
+ userSession.login("john").setGlobalPermissions(PREVIEW_EXECUTION);
+
+ ComponentDto project = newProjectDto("project-uuid");
+ dbClient.componentDao().insert(dbSession, project);
+ SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
+ dbSession.commit();
+
expectedException.expect(ForbiddenException.class);
+ newRequest(snapshot.getId().toString());
+ }
- newRequest(ANALYSIS_ID);
+ @Test
+ public void not_fail_with_system_admin_permission() {
+ userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
+
+ ComponentDto project = newProjectDto("project-uuid");
+ dbClient.componentDao().insert(dbSession, project);
+ SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
+ dbSession.commit();
+
+ newRequest(snapshot.getId().toString());
+ }
+
+ @Test
+ public void not_fail_with_global_scan_permission() {
+ userSession.login("john").setGlobalPermissions(SCAN_EXECUTION);
+
+ ComponentDto project = newProjectDto("project-uuid");
+ dbClient.componentDao().insert(dbSession, project);
+ SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
+ dbSession.commit();
+
+ newRequest(snapshot.getId().toString());
+ }
+
+ @Test
+ public void not_fail_with_project_scan_permission() {
+ ComponentDto project = newProjectDto("project-uuid");
+ dbClient.componentDao().insert(dbSession, project);
+ SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
+ dbSession.commit();
+
+ userSession.login("john").addProjectUuidPermissions(SCAN_EXECUTION, project.uuid());
+
+ newRequest(snapshot.getId().toString());
}
private ProjectStatusWsResponse newRequest(String taskId) {
projects / sonarqube.git / commitdiff