.setExampleValue(Uuids.UUID_EXAMPLE_01);
action.createParam(PARAM_ASSIGNEE)
- .setDescription("Login of the assignee")
+ .setDescription("Login of the assignee with 'Browse' project permission")
.setRequired(true)
.setExampleValue("admin");
return checkFound(dbClient.userDao().selectActiveUserByLogin(dbSession, assignee), "Unknown user: %s", assignee);
}
- private void checkAssigneeProjectPermission(DbSession dbSession, UserDto assignee, String projectUuid) {
- ComponentDto componentDto = checkFoundWithOptional(dbClient.componentDao().selectByUuid(dbSession, projectUuid),
+ private void checkAssigneeProjectPermission(DbSession dbSession, UserDto assignee, String issueProjectUuid) {
+ ComponentDto componentDto = checkFoundWithOptional(dbClient.componentDao().selectByUuid(dbSession, issueProjectUuid),
"Could not find project for issue");
- if (componentDto.isPrivate() && !hasProjectPermission(dbSession, assignee.getUuid(), projectUuid)) {
- throw new IllegalArgumentException(String.format("Provided user with login '%s' does not have access to project", assignee.getLogin()));
+ String mainProjectUuid = componentDto.getMainBranchProjectUuid() == null ? componentDto.uuid() : componentDto.getMainBranchProjectUuid();
+ if (componentDto.isPrivate() && !hasProjectPermission(dbSession, assignee.getUuid(), mainProjectUuid)) {
+ throw new IllegalArgumentException(String.format("Provided user with login '%s' does not have 'Browse' permission to project", assignee.getLogin()));
}
}
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
- insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), hotspot, project, UserRole.USER);
+ insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), project, UserRole.USER);
+ UserDto assignee = insertUserWithProjectUserPermission(randomAlphanumeric(15), project);
+
+ when(issueFieldsSetter.assign(eq(hotspot.toDefaultIssue()), userMatcher(assignee), any(IssueChangeContext.class))).thenReturn(true);
+
+ executeRequest(hotspot, assignee.getLogin(), null);
+
+ verifyFieldSetters(assignee, null);
+ }
+
+ @Test
+ public void assign_hotspot_to_someone_for_private_project_branch() {
+ ComponentDto project = dbTester.components().insertPrivateProject();
+ ComponentDto branch = dbTester.components().insertProjectBranch(project);
+ ComponentDto file = dbTester.components().insertComponent(newFileDto(branch));
+ IssueDto hotspot = dbTester.issues().insertHotspot(branch, file);
+
+ insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), project, UserRole.USER);
UserDto assignee = insertUserWithProjectUserPermission(randomAlphanumeric(15), project);
when(issueFieldsSetter.assign(eq(hotspot.toDefaultIssue()), userMatcher(assignee), any(IssueChangeContext.class))).thenReturn(true);
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
- insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), hotspot, project, UserRole.USER);
+ insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), project, UserRole.USER);
+ UserDto assignee = insertUser(randomAlphanumeric(15));
+
+ when(issueFieldsSetter.assign(eq(hotspot.toDefaultIssue()), userMatcher(assignee), any(IssueChangeContext.class))).thenReturn(true);
+
+ assertThatThrownBy(() -> executeRequest(hotspot, assignee.getLogin(), null))
+ .isInstanceOf(IllegalArgumentException.class)
+ .hasMessage("Provided user with login '%s' does not have 'Browse' permission to project", assignee.getLogin());
+ }
+
+ @Test
+ public void fail_if_assignee_does_not_have_access_for_private_project_branch() {
+ ComponentDto project = dbTester.components().insertPrivateProject();
+ ComponentDto branch = dbTester.components().insertProjectBranch(project);
+ ComponentDto file = dbTester.components().insertComponent(newFileDto(branch));
+ IssueDto hotspot = dbTester.issues().insertHotspot(branch, file);
+
+ insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), project, UserRole.USER);
UserDto assignee = insertUser(randomAlphanumeric(15));
when(issueFieldsSetter.assign(eq(hotspot.toDefaultIssue()), userMatcher(assignee), any(IssueChangeContext.class))).thenReturn(true);
assertThatThrownBy(() -> executeRequest(hotspot, assignee.getLogin(), null))
.isInstanceOf(IllegalArgumentException.class)
- .hasMessage("Provided user with login '%s' does not have access to project", assignee.getLogin());
+ .hasMessage("Provided user with login '%s' does not have 'Browse' permission to project", assignee.getLogin());
}
@Test
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
- UserDto me = insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), hotspot, project, UserRole.USER);
+ UserDto me = insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), project, UserRole.USER);
when(issueFieldsSetter.assign(eq(hotspot.toDefaultIssue()), userMatcher(me), any(IssueChangeContext.class))).thenReturn(true);
ComponentDto file = dbTester.components().insertComponent(newFileDto(project));
IssueDto hotspot = dbTester.issues().insertHotspot(project, file);
- UserDto me = insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), hotspot, project, UserRole.CODEVIEWER);
+ UserDto me = insertAndLoginAsUserWithProjectUserPermission(randomAlphanumeric(10), project, UserRole.CODEVIEWER);
when(issueFieldsSetter.assign(eq(hotspot.toDefaultIssue()), userMatcher(me), any(IssueChangeContext.class))).thenReturn(true);
return insertUserWithProjectPermission(login, project, UserRole.USER);
}
- private UserDto insertAndLoginAsUserWithProjectUserPermission(String login, IssueDto issue, ComponentDto project, String permission) {
+ private UserDto insertAndLoginAsUserWithProjectUserPermission(String login, ComponentDto project, String permission) {
UserDto user = insertUserWithProjectUserPermission(login, project);
userSessionRule.logIn(user)
.addProjectPermission(permission,
- dbClient.componentDao().selectByUuid(dbTester.getSession(), issue.getProjectUuid()).get(),
- dbClient.componentDao().selectByUuid(dbTester.getSession(), issue.getComponentUuid()).get());
+ dbClient.componentDao().selectByUuid(dbTester.getSession(), project.uuid()).get());
return user;
}