import org.sonar.db.DbSession;
import org.sonar.db.permission.GroupPermissionDto;
+import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.server.permission.PermissionChange.Operation.ADD;
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;
public class GroupPermissionChanger {
private final DbClient dbClient;
- private final PermissionService permissionService;
- public GroupPermissionChanger(DbClient dbClient, PermissionService permissionService) {
+ public GroupPermissionChanger(DbClient dbClient) {
this.dbClient = dbClient;
- this.permissionService = permissionService;
}
public boolean apply(DbSession dbSession, GroupPermissionChange change) {
private boolean isAttemptToAddPublicPermissionToPublicComponent(GroupPermissionChange change, ProjectId projectId) {
return !projectId.isPrivate()
&& change.getOperation() == ADD
- && permissionService.getPublicPermissions().contains(change.getPermission());
+ && PUBLIC_PERMISSIONS.contains(change.getPermission());
}
private static boolean isAttemptToRemovePermissionFromAnyoneOnPrivateComponent(GroupPermissionChange change, ProjectId projectId) {
private boolean isAttemptToRemovePublicPermissionFromPublicComponent(GroupPermissionChange change, ProjectId projectId) {
return !projectId.isPrivate()
&& change.getOperation() == REMOVE
- && permissionService.getPublicPermissions().contains(change.getPermission());
+ && PUBLIC_PERMISSIONS.contains(change.getPermission());
}
private boolean addPermission(DbSession dbSession, GroupPermissionChange change) {
List<OrganizationPermission> getAllOrganizationPermissions();
List<String> getAllProjectPermissions();
- List<String> getPublicPermissions();
+
}
private static final List<OrganizationPermission> ALL_GLOBAL_PERMISSIONS = ImmutableList.copyOf(OrganizationPermission.values());
- /**
- * Permissions which are implicitly available for any user, any group and to group "AnyOne" on public components.
- */
- private static final List<String> PUBLIC_PERMISSIONS = ImmutableList.of(UserRole.USER, UserRole.CODEVIEWER);
-
private final List<OrganizationPermission> globalPermissions;
private final List<String> projectPermissions;
public List<String> getAllProjectPermissions() {
return projectPermissions;
}
-
- /**
- * Permissions which are implicitly available for any user, any group and to group "AnyOne" on public components.
- */
- @Override
- public List<String> getPublicPermissions() {
- return PUBLIC_PERMISSIONS;
- }
}
import static java.lang.String.format;
import static java.util.Collections.singletonList;
import static org.sonar.api.security.DefaultGroups.isAnyone;
+import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;
@ServerSide
public class PermissionTemplateService {
}
private boolean permissionValidForProject(ComponentDto project, String permission) {
- return project.isPrivate() || !permissionService.getPublicPermissions().contains(permission);
+ return project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission);
}
private static boolean groupNameValidForProject(ComponentDto project, String groupName) {
import org.sonar.db.DbSession;
import org.sonar.db.permission.UserPermissionDto;
+import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.server.permission.PermissionChange.Operation.ADD;
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;
public class UserPermissionChanger {
private final DbClient dbClient;
- private final PermissionService permissionService;
- public UserPermissionChanger(DbClient dbClient, PermissionService permissionService) {
+ public UserPermissionChanger(DbClient dbClient) {
this.dbClient = dbClient;
- this.permissionService = permissionService;
}
public boolean apply(DbSession dbSession, UserPermissionChange change) {
private boolean isAttemptToAddPublicPermissionToPublicComponent(UserPermissionChange change, ProjectId projectId) {
return !projectId.isPrivate()
&& change.getOperation() == ADD
- && permissionService.getPublicPermissions().contains(change.getPermission());
+ && PUBLIC_PERMISSIONS.contains(change.getPermission());
}
private void ensureConsistencyWithVisibility(UserPermissionChange change) {
private boolean isAttemptToRemovePublicPermissionFromPublicComponent(UserPermissionChange change, ProjectId projectId) {
return !projectId.isPrivate()
&& change.getOperation() == REMOVE
- && permissionService.getPublicPermissions().contains(change.getPermission());
+ && PUBLIC_PERMISSIONS.contains(change.getPermission());
}
private boolean addPermission(DbSession dbSession, UserPermissionChange change) {
import static java.lang.String.format;
import static java.util.Collections.singletonList;
+import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
import static org.sonar.server.ws.WsUtils.checkRequest;
import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_PROJECT;
// delete project permissions for group AnyOne
dbClient.groupPermissionDao().deleteByRootComponentIdAndGroupId(dbSession, component.getId(), null);
// grant UserRole.CODEVIEWER and UserRole.USER to any group or user with at least one permission on project
- permissionService.getPublicPermissions().forEach(permission -> {
+ PUBLIC_PERMISSIONS.forEach(permission -> {
dbClient.groupPermissionDao().selectGroupIdsWithPermissionOnProjectBut(dbSession, component.getId(), permission)
.forEach(groupId -> insertProjectPermissionOnGroup(dbSession, component, permission, groupId));
dbClient.userPermissionDao().selectUserIdsWithPermissionOnProjectBut(dbSession, component.getId(), permission)
}
private void updatePermissionsToPublic(DbSession dbSession, ComponentDto component) {
- permissionService.getPublicPermissions().forEach(permission -> {
+ PUBLIC_PERMISSIONS.forEach(permission -> {
// delete project group permission for UserRole.CODEVIEWER and UserRole.USER
dbClient.groupPermissionDao().deleteByRootComponentIdAndPermission(dbSession, component.getId(), permission);
// delete project user permission for UserRole.CODEVIEWER and UserRole.USER
import org.sonar.db.user.UserDto;
import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.organization.OrganizationFlags;
-import org.sonar.server.permission.PermissionService;
import static java.util.Objects.requireNonNull;
import static java.util.Optional.of;
import static java.util.Optional.ofNullable;
import static org.apache.commons.lang.StringUtils.defaultIfEmpty;
+import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;
/**
* Implementation of {@link UserSession} used in web server
private final Supplier<Collection<GroupDto>> groups = Suppliers.memoize(this::loadGroups);
private final Supplier<Boolean> isSystemAdministratorSupplier = Suppliers.memoize(this::loadIsSystemAdministrator);
private final Map<String, String> projectUuidByComponentUuid = new HashMap<>();
- private final PermissionService permissionService;
private Map<String, Set<OrganizationPermission>> permissionsByOrganizationUuid;
private Map<String, Set<String>> permissionsByProjectUuid;
private Set<String> organizationMembership = new HashSet<>();
ServerUserSession(DbClient dbClient, OrganizationFlags organizationFlags,
- DefaultOrganizationProvider defaultOrganizationProvider, @Nullable UserDto userDto, PermissionService permissionService) {
+ DefaultOrganizationProvider defaultOrganizationProvider, @Nullable UserDto userDto) {
this.dbClient = dbClient;
this.organizationFlags = organizationFlags;
this.defaultOrganizationProvider = defaultOrganizationProvider;
this.userDto = userDto;
- this.permissionService = permissionService;
}
private Collection<GroupDto> loadGroups() {
return loadDbPermissions(dbSession, projectUuid);
}
ImmutableSet.Builder<String> builder = ImmutableSet.builder();
- builder.addAll(permissionService.getPublicPermissions());
+ builder.addAll(PUBLIC_PERMISSIONS);
builder.addAll(loadDbPermissions(dbSession, projectUuid));
return builder.build();
}
import org.sonar.db.user.UserDto;
import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.organization.OrganizationFlags;
-import org.sonar.server.permission.PermissionService;
import static java.util.Objects.requireNonNull;
private final DbClient dbClient;
private final DefaultOrganizationProvider defaultOrganizationProvider;
private final OrganizationFlags organizationFlags;
- private final PermissionService permissionService;
public UserSessionFactoryImpl(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider,
- OrganizationFlags organizationFlags, PermissionService permissionService) {
+ OrganizationFlags organizationFlags) {
this.dbClient = dbClient;
this.defaultOrganizationProvider = defaultOrganizationProvider;
this.organizationFlags = organizationFlags;
- this.permissionService = permissionService;
}
@Override
public ServerUserSession create(UserDto user) {
requireNonNull(user, "UserDto must not be null");
- return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, user, permissionService);
+ return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, user);
}
@Override
public ServerUserSession createAnonymous() {
- return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, null, permissionService);
+ return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, null);
}
}
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.organization.TestDefaultOrganizationProvider;
-import org.sonar.server.usergroups.DefaultGroupFinder;
import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
-import org.sonar.server.usergroups.ws.GroupWsSupport;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.fail;
@Rule
public ExpectedException expectedException = ExpectedException.none();
- private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);
- private GroupWsSupport groupWsSupport = new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider, new DefaultGroupFinder(db.getDbClient()));
private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
private PermissionService permissionService = new PermissionServiceImpl(resourceTypes);
- private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient(), permissionService);
+ private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient());
private OrganizationDto org;
private GroupDto group;
private ComponentDto privateProject;
import static org.assertj.core.api.Assertions.assertThat;
-
public class PermissionServiceImplTest {
private ResourceTypesRule resourceTypesRule = new ResourceTypesRule().setRootQualifiers("APP", "VW");
.containsExactly("admin", "gateadmin", "profileadmin", "provisioning", "scan", "applicationcreator", "portfoliocreator");
}
- @Test
- public void publicPermissions_must_be_ordered() {
- assertThat(underTest.getPublicPermissions())
- .containsExactly("user", "codeviewer");
- }
-
@Test
public void projectPermissions_must_be_ordered() {
assertThat(underTest.getAllProjectPermissions())
private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
private PermissionService permissionService = new PermissionServiceImpl(resourceTypes);
-
- private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient(), permissionService);
+ private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient());
private OrganizationDto org1;
private OrganizationDto org2;
private UserDto user1;
import org.junit.Rule;
import org.junit.rules.ExpectedException;
import org.sonar.api.resources.Qualifiers;
-import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.server.es.ProjectIndexersImpl;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.permission.GroupPermissionChanger;
-import org.sonar.server.permission.PermissionService;
-import org.sonar.server.permission.PermissionServiceImpl;
import org.sonar.server.permission.PermissionUpdater;
import org.sonar.server.permission.UserPermissionChanger;
import org.sonar.server.permission.index.FooIndexDefinition;
@Rule
public ExpectedException expectedException = ExpectedException.none();
- protected ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
- protected PermissionService permissionService = new PermissionServiceImpl(resourceTypes);
-
private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);
protected UserSessionRule userSession = UserSessionRule.standalone();
protected WsActionTester wsTester;
protected PermissionUpdater newPermissionUpdater() {
return new PermissionUpdater(
new ProjectIndexersImpl(new PermissionIndexer(db.getDbClient(), es.client())),
- new UserPermissionChanger(db.getDbClient(), permissionService),
- new GroupPermissionChanger(db.getDbClient(), permissionService));
+ new UserPermissionChanger(db.getDbClient()),
+ new GroupPermissionChanger(db.getDbClient()));
}
protected TestRequest newRequest() {
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.organization.TestOrganizationFlags;
-import org.sonar.server.permission.PermissionService;
-import org.sonar.server.permission.PermissionServiceImpl;
import static com.google.common.base.Preconditions.checkState;
import static java.util.Arrays.asList;
public DbTester db = DbTester.create(System2.INSTANCE);
@Rule
public ExpectedException expectedException = ExpectedException.none();
- private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
- private PermissionService permissionService = new PermissionServiceImpl(resourceTypes);
-
private DbClient dbClient = db.getDbClient();
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone();
private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);
}
private ServerUserSession newUserSession(@Nullable UserDto userDto) {
- return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, userDto, permissionService);
+ return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, userDto);
}
private ServerUserSession newAnonymousSession() {
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
/**
* @since 1.11
String[] value() default {};
+ /**
+ * Permissions which are implicitly available for any user, any group and to group "AnyOne" on public components.
+ */
+ Set<String> PUBLIC_PERMISSIONS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(UserRole.USER, UserRole.CODEVIEWER)));
+
}