SONAR-7034 WS ce/task works for users with the 'Execute Analysis' permission

diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java
index e36a9a671a1cebc3aef3bc29aaec2a262dca5d0c..18ebb59aaa57144c2e931bc9e0dd1f10eb441d1e 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java
@@ -23,7 +23,7 @@ import com.google.common.base.Optional;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
-import org.sonar.api.web.UserRole;
+import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.core.util.Uuids;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
@@ -67,7 +67,11 @@ public class TaskAction implements CeWsAction {
 
   @Override
   public void handle(Request wsRequest, Response wsResponse) throws Exception {
-    userSession.checkGlobalPermission(UserRole.ADMIN);
+    if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)
+      // WS can be used at the end of an analysis to implement a build breaker
+      && !userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION)) {
+      userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+    }
 
     String taskUuid = wsRequest.mandatoryParam(PARAM_TASK_UUID);
     DbSession dbSession = dbClient.openSession(false);

diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java
index 0768dd0c99f242c485232fdae5ddc861abcf0e92..a67dcbd65df79f4ba22dfa315cca7ec22b590eb5 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java
@@ -24,8 +24,9 @@ import java.io.File;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.sonar.api.utils.System2;
-import org.sonar.api.web.UserRole;
+import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.core.util.Protobuf;
 import org.sonar.db.DbTester;
 import org.sonar.db.ce.CeActivityDto;
@@ -35,41 +36,41 @@ import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.ComponentTesting;
 import org.sonar.server.computation.log.CeLogging;
 import org.sonar.server.computation.log.LogFileRef;
+import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
-import org.sonarqube.ws.MediaTypes;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
-import org.sonar.test.JsonAssert;
+import org.sonarqube.ws.MediaTypes;
 import org.sonarqube.ws.WsCe;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Matchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
+import static org.sonar.test.JsonAssert.assertJson;
 
 public class TaskActionTest {
-
   @Rule
   public UserSessionRule userSession = UserSessionRule.standalone();
-
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
   @Rule
   public DbTester dbTester = DbTester.create(System2.INSTANCE);
 
   CeLogging ceLogging = mock(CeLogging.class);
   TaskFormatter formatter = new TaskFormatter(dbTester.getDbClient(), ceLogging, System2.INSTANCE);
   TaskAction underTest = new TaskAction(dbTester.getDbClient(), formatter, userSession);
-  WsActionTester tester = new WsActionTester(underTest);
+  WsActionTester ws = new WsActionTester(underTest);
 
   @Before
   public void setUp() {
     when(ceLogging.getFile(any(LogFileRef.class))).thenReturn(Optional.<File>absent());
+    userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
   }
 
   @Test
   public void task_is_in_queue() throws Exception {
-    userSession.setGlobalPermissions(UserRole.ADMIN);
-
     ComponentDto project = ComponentTesting.newProjectDto().setUuid("PROJECT_1").setName("Project One").setKey("P1");
     dbTester.getDbClient().componentDao().insert(dbTester.getSession(), project);
 
@@ -82,7 +83,7 @@ public class TaskActionTest {
     dbTester.getDbClient().ceQueueDao().insert(dbTester.getSession(), queueDto);
     dbTester.commit();
 
-    TestResponse wsResponse = tester.newRequest()
+    TestResponse wsResponse = ws.newRequest()
       .setMediaType(MediaTypes.PROTOBUF)
       .setParam("id", "TASK_1")
       .execute();
@@ -100,8 +101,6 @@ public class TaskActionTest {
 
   @Test
   public void task_is_archived() throws Exception {
-    userSession.setGlobalPermissions(UserRole.ADMIN);
-
     ComponentDto project = ComponentTesting.newProjectDto().setUuid("PROJECT_1").setName("Project One").setKey("P1");
     dbTester.getDbClient().componentDao().insert(dbTester.getSession(), project);
 
@@ -115,7 +114,7 @@ public class TaskActionTest {
     dbTester.getDbClient().ceActivityDao().insert(dbTester.getSession(), activityDto);
     dbTester.commit();
 
-    TestResponse wsResponse = tester.newRequest()
+    TestResponse wsResponse = ws.newRequest()
       .setMediaType(MediaTypes.PROTOBUF)
       .setParam("id", "TASK_1")
       .execute();
@@ -130,17 +129,35 @@ public class TaskActionTest {
     assertThat(taskResponse.getTask().getLogs()).isFalse();
   }
 
-  @Test(expected = NotFoundException.class)
+  @Test
   public void task_not_found() throws Exception {
-    userSession.setGlobalPermissions(UserRole.ADMIN);
+    expectedException.expect(NotFoundException.class);
 
-    tester.newRequest()
+    ws.newRequest()
       .setParam("id", "DOES_NOT_EXIST")
       .execute();
   }
 
   @Test
-  public void support_json_response() {
+  public void fail_if_not_admin_nor_scan_permission() {
+    expectedException.expect(ForbiddenException.class);
+    userSession.setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
+    CeQueueDto queueDto = new CeQueueDto();
+    queueDto.setTaskType("fake");
+    queueDto.setUuid("TASK_1");
+    queueDto.setStatus(CeQueueDto.Status.PENDING);
+    dbTester.getDbClient().ceQueueDao().insert(dbTester.getSession(), queueDto);
+    dbTester.commit();
+
+    ws.newRequest()
+      .setMediaType(MediaTypes.PROTOBUF)
+      .setParam("id", "TASK_1")
+      .execute();
+  }
+
+  @Test
+  public void support_json_response_with_scan_permissions() {
+    userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
     CeQueueDto queueDto = new CeQueueDto();
     queueDto.setTaskType("fake");
     queueDto.setUuid("TASK_1");
@@ -148,12 +165,11 @@ public class TaskActionTest {
     dbTester.getDbClient().ceQueueDao().insert(dbTester.getSession(), queueDto);
     dbTester.commit();
 
-    userSession.setGlobalPermissions(UserRole.ADMIN);
-    TestResponse wsResponse = tester.newRequest()
+    TestResponse wsResponse = ws.newRequest()
       .setMediaType(MediaTypes.JSON)
       .setParam("id", "TASK_1")
       .execute();
 
-    JsonAssert.assertJson(wsResponse.getInput()).isSimilarTo("{\"task\":{}}");
+    assertJson(wsResponse.getInput()).isSimilarTo("{\"task\":{}}");
   }
 }