return notImplemented();
}
- @Override
- public UserSession checkComponentPermission(String projectPermission, String componentKey) {
- return notImplemented();
- }
-
@Override
public UserSession checkComponentUuidPermission(String permission, String componentUuid) {
return notImplemented();
import org.sonar.api.server.ws.WebService;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
-import org.sonar.db.MyBatis;
import org.sonar.db.component.ComponentDto;
import org.sonar.scanner.protocol.input.ScannerInput;
import org.sonar.server.component.ComponentFinder;
@Override
public void handle(Request request, Response response) throws Exception {
- String componentKey = request.mandatoryParam(PARAM_KEY);
- userSession.checkComponentPermission(USER, componentKey);
-
response.stream().setMediaType(MediaTypes.PROTOBUF);
- DbSession session = dbClient.openSession(false);
- try {
+
+ try (DbSession session = dbClient.openSession(false)) {
+ String componentKey = request.mandatoryParam(PARAM_KEY);
ComponentDto component = componentFinder.getByKey(session, componentKey);
+ userSession.checkComponentPermission(USER, component);
+
Map<String, String> keysByUUid = keysByUUid(session, component);
ScannerInput.ServerIssue.Builder issueBuilder = ScannerInput.ServerIssue.newBuilder();
for (Iterator<IssueDoc> issueDocIterator = issueIndex.selectIssuesForBatch(component); issueDocIterator.hasNext();) {
handleIssue(issueDocIterator.next(), issueBuilder, keysByUUid, response.stream().output());
}
- } finally {
- MyBatis.closeQuietly(session);
}
}
@Override
public void handle(Request request, Response response) {
- DbSession dbSession = dbClient.openSession(false);
- try {
+ try (DbSession dbSession = dbClient.openSession(false)) {
ComponentDto component = componentFinder.getByUuidOrKey(dbSession, request.param("uuid"), request.param("key"), UUID_AND_KEY);
userSession.checkComponentPermission(UserRole.CODEVIEWER, component);
JsonWriter json = response.newJsonWriter().beginObject();
List<DuplicationsParser.Block> blocks = parser.parse(component, duplications, dbSession);
duplicationsJsonWriter.write(blocks, json, dbSession);
json.endObject().close();
- } finally {
- dbClient.closeSession(dbSession);
}
}
return this;
}
- @Override
- public UserSession checkComponentPermission(String projectPermission, String componentKey) {
- if (!hasComponentPermission(projectPermission, componentKey)) {
- throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);
- }
- return this;
- }
-
@Override
public UserSession checkComponentUuidPermission(String permission, String componentUuid) {
if (!hasComponentUuidPermission(permission, componentUuid)) {
return this;
}
- @Override
- public UserSession checkComponentPermission(String projectPermission, String componentKey) {
- get().checkComponentPermission(projectPermission, componentKey);
- return this;
- }
-
@Override
public UserSession checkComponentUuidPermission(String permission, String componentUuid) {
get().checkComponentUuidPermission(permission, componentUuid);
*/
UserSession checkComponentPermission(String projectPermission, ComponentDto component);
- /**
- * Ensures that permission is granted to user on the specified component, otherwise throws
- * a {@link org.sonar.server.exceptions.ForbiddenException}.
- * If the component doesn't exist and the user doesn't have the global permission,
- * throws a {@link org.sonar.server.exceptions.ForbiddenException}.
- */
- UserSession checkComponentPermission(String projectPermission, String componentKey);
-
/**
* Ensures that permission is granted to user, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
* If the component doesn't exist and the user doesn't have the permission, throws
.setChecksum(null)
.setAssignee(null));
- addBrowsePermissionOnComponent(PROJECT_KEY);
+ addBrowsePermissionOnComponent(project);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);
ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
.setChecksum("123456")
.setAssignee("john"));
- addBrowsePermissionOnComponent(PROJECT_KEY);
+ addBrowsePermissionOnComponent(project);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);
ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
.setChecksum("123456")
.setAssignee("john"));
- addBrowsePermissionOnComponent(PROJECT_KEY);
+ addBrowsePermissionOnComponent(project);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);
ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
.setChecksum("123456")
.setAssignee("john"));
- addBrowsePermissionOnComponent(FILE_KEY);
+ addBrowsePermissionOnComponent(project);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", FILE_KEY);
ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
.setChecksum("123456")
.setAssignee("john"));
- addBrowsePermissionOnComponent(MODULE_KEY);
+ addBrowsePermissionOnComponent(project);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", MODULE_KEY);
ServerIssue previousIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
.setChecksum("123456")
.setAssignee("john"));
- addBrowsePermissionOnComponent(PROJECT_KEY);
+ addBrowsePermissionOnComponent(project);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);
ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
@Test
public void fail_without_browse_permission_on_file() throws Exception {
- addBrowsePermissionOnComponent(PROJECT_KEY);
+ ComponentDto project = db.components().insertProject();
+ ComponentDto file = db.components().insertComponent(ComponentTesting.newFileDto(project));
thrown.expect(ForbiddenException.class);
- tester.newGetRequest("batch", "issues").setParam("key", "Other component key").execute();
+
+ tester.newGetRequest("batch", "issues").setParam("key", file.key()).execute();
}
private void indexIssues(IssueDoc... issues) {
authorizationIndexerTester.allow(access);
}
- private void addBrowsePermissionOnComponent(String componentKey) {
- userSessionRule.addComponentPermission(UserRole.USER, PROJECT_KEY, componentKey);
+ private void addBrowsePermissionOnComponent(ComponentDto project) {
+ userSessionRule.addProjectUuidPermissions(UserRole.USER, project.uuid());
}
}
return this;
}
- @Override
- public UserSession checkComponentPermission(String projectPermission, String componentKey) {
- currentUserSession.checkComponentPermission(projectPermission, componentKey);
- return this;
- }
-
@Override
public UserSession checkComponentUuidPermission(String permission, String componentUuid) {
currentUserSession.checkComponentUuidPermission(permission, componentUuid);
assertThat(session.hasComponentUuidPermission(UserRole.ADMIN, FILE_UUID)).isFalse();
}
- @Test
- public void checkComponentPermission_succeeds_if_user_has_permission_for_specified_key_in_db() {
- addProjectPermissions(project, UserRole.USER);
- UserSession session = newUserSession(userDto);
-
- session.checkComponentPermission(UserRole.USER, FILE_KEY);
- }
-
- @Test
- public void checkComponentPermission_succeeds_if_user_has_global_permission_in_db() {
- addGlobalPermissions(UserRole.USER);
- UserSession session = newUserSession(userDto);
-
- session.checkComponentPermission(UserRole.USER, FILE_KEY);
- }
-
- @Test
- public void checkComponentPermission_succeeds_when_flag_is_true_on_UserDto_no_matter_if_user_has_permission_for_specified_key_in_db() {
- UserSession underTest = newUserSession(ROOT_USER_DTO);
-
- assertThat(underTest.checkComponentPermission(UserRole.USER, FILE_KEY)).isSameAs(underTest);
- assertThat(underTest.checkComponentPermission(UserRole.CODEVIEWER, FILE_KEY)).isSameAs(underTest);
- assertThat(underTest.checkComponentPermission("whatever", "who cares?")).isSameAs(underTest);
- }
-
- @Test
- public void checkComponentPermission_throws_FE_when_user_has_not_permission_for_specified_key_in_db() {
- ComponentDto project2 = db.components().insertComponent(ComponentTesting.newProjectDto(db.organizations().insert()));
- ComponentDto file2 = db.components().insertComponent(ComponentTesting.newFileDto(project2, null));
- addProjectPermissions(project, UserRole.USER);
- UserSession session = newUserSession(userDto);
-
- expectInsufficientPrivilegesForbiddenException();
-
- session.checkComponentPermission(UserRole.USER, file2.getKey());
- }
-
- @Test
- public void checkComponentPermission_throws_FE_when_project_does_not_exist_in_db() {
- addProjectPermissions(project, UserRole.USER);
- UserSession session = newUserSession(userDto);
-
- expectInsufficientPrivilegesForbiddenException();
-
- session.checkComponentPermission(UserRole.USER, "another");
- }
-
- @Test
- public void checkComponentPermission_fails_with_FE_when_project_of_specified_uuid_can_not_be_found() {
- ComponentDto project2 = db.components().insertComponent(ComponentTesting.newProjectDto(db.organizations().insert()));
- ComponentDto file2 = db.components().insertComponent(ComponentTesting.newFileDto(project2, null)
- // Simulate file is linked to an invalid project
- .setProjectUuid("INVALID"));
- addProjectPermissions(project, UserRole.USER);
- UserSession session = newUserSession(userDto);
-
- expectInsufficientPrivilegesForbiddenException();
-
- session.checkComponentPermission(UserRole.USER, file2.getKey());
- }
-
@Test
public void checkComponentUuidPermission_succeeds_if_user_has_permission_for_specified_uuid_in_db() {
UserSession underTest = newUserSession(ROOT_USER_DTO);
projects / sonarqube.git / commitdiff