import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService.NewAction;
import org.sonar.api.server.ws.WebService.NewController;
+import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.persistence.DbSession;
import org.sonar.server.db.DbClient;
import org.sonar.server.qualityprofile.QProfileFactory;
import org.sonar.server.qualityprofile.RuleActivator;
+import org.sonar.server.user.UserSession;
import static org.apache.commons.lang.StringUtils.isEmpty;
@Override
public void handle(Request request, Response response) throws Exception {
+ UserSession.get().checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+
DbSession session = dbClient.openSession(false);
try {
String profileKey = QProfileIdentificationParamUtils.getProfileKeyFromParameters(request, profileFactory, session);
import org.sonar.core.qualityprofile.db.QualityProfileDto;
import org.sonar.core.rule.RuleDto;
import org.sonar.server.db.DbClient;
+import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.qualityprofile.QProfileName;
import org.sonar.server.qualityprofile.QProfileTesting;
import org.sonar.server.qualityprofile.RuleActivator;
.execute();
}
+ @Test(expected = ForbiddenException.class)
+ public void fail_if_missing_permission() throws Exception {
+ MockUserSession.set().setLogin("anakin");
+ wsTester.newGetRequest(QProfilesWs.API_ENDPOINT, "change_parent")
+ .setParam(QProfileIdentificationParamUtils.PARAM_PROFILE_KEY, "polop")
+ .setParam("parentKey", "pulup")
+ .execute();
+ }
+
private QualityProfileDto createProfile(String lang, String name) {
QualityProfileDto profile = QProfileTesting.newDto(new QProfileName(lang, name), "p" + lang + "-" + name.toLowerCase());
db.qualityProfileDao().insert(session, profile);