SONAR-8134 do not verify provisioning permission in PermissionService

diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java
index 5780fedd6a0c39b207d186d2cf7ef1c414c1f894..778913995f42557e885794a4dc57432488c00780 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java
@@ -83,7 +83,9 @@ public class ReportSubmitter {
     newProject.setQualifier(Qualifiers.PROJECT);
     // "provisioning" permission is check in ComponentService
     ComponentDto project = componentService.create(dbSession, newProject);
-    permissionTemplateService.applyDefaultPermissionTemplate(project.getKey());
+
+    Integer currentUserId = userSession.getUserId();
+    permissionTemplateService.applyDefault(dbSession, project, currentUserId != null ? currentUserId.longValue() : null);
     return project;
   }
 

diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java
index 1863027a50b1edc4cfe7617e5d9cb319a5f80f82..e060991ed80c95c6ba7d41fbb30f282c764bb6e8 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java
@@ -67,6 +67,11 @@ public class PermissionService {
     }
   }
 
+  /**
+   * @deprecated replaced by {@link #applyDefault(DbSession, ComponentDto, Long)}, which <b>does not
+   * verify that user is authorized to administrate the component</b>.
+   */
+  @Deprecated
   public void applyDefaultPermissionTemplate(DbSession session, String componentKey) {
     ComponentDto component = componentFinder.getByKey(session, componentKey);
     ResourceDto provisioned = dbClient.resourceDao().selectProvisionedProject(session, componentKey);
@@ -106,6 +111,21 @@ public class PermissionService {
     indexProjectPermissions(dbSession, projects.stream().map(ComponentDto::uuid).collect(Collectors.toList()));
   }
 
+  /**
+   * Apply the default permission template to component, whatever it already exists (and has permissions) or if it's
+   * provisioned (and has no permissions yet).
+   *
+   * @param dbSession
+   * @param component
+   * @param projectCreatorUserId id of the user who creates the project, only if project is provisioned. He will
+   *                             benefit from the permissions defined in the template for "project creator".
+   */
+  public void applyDefault(DbSession dbSession, ComponentDto component, @Nullable Long projectCreatorUserId) {
+    permissionRepository.applyDefaultPermissionTemplate(dbSession, component, projectCreatorUserId);
+    dbSession.commit();
+    indexProjectPermissions(dbSession, asList(component.uuid()));
+  }
+
   private void indexProjectPermissions(DbSession dbSession, List<String> projectUuids) {
     permissionIndexer.index(dbSession, projectUuids);
   }

diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java
index 69265ea1655cddfc1603c6b36239a0b9b23bb5db..5544076684e006ddd264b19407577421b1621c58 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java
@@ -43,6 +43,7 @@ import org.sonar.server.tester.UserSessionRule;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyLong;
 import static org.mockito.Matchers.anyString;
 import static org.mockito.Matchers.argThat;
 import static org.mockito.Matchers.eq;
@@ -67,17 +68,18 @@ public class ReportSubmitterTest {
   public UserSessionRule userSession = UserSessionRule.standalone();
 
   @Rule
-  public DbTester dbTester = DbTester.create(System2.INSTANCE);
+  public DbTester db = DbTester.create(System2.INSTANCE);
 
   private CeQueue queue = mock(CeQueueImpl.class);
   private ComponentService componentService = mock(ComponentService.class);
   private PermissionService permissionService = mock(PermissionService.class);
-  private ReportSubmitter underTest = new ReportSubmitter(queue, userSession, componentService, permissionService, dbTester.getDbClient());
+  private ReportSubmitter underTest = new ReportSubmitter(queue, userSession, componentService, permissionService, db.getDbClient());
 
   @Test
   public void submit_a_report_on_existing_project() {
     userSession.setGlobalPermissions(SCAN_EXECUTION);
-    ComponentDto project = dbTester.components().insertProject();
+    ComponentDto project = db.components().insertProject();
+
     when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID));
 
     underTest.submit(project.getKey(), null, project.name(), IOUtils.toInputStream("{binary}"));
@@ -103,14 +105,15 @@ public class ReportSubmitterTest {
     userSession.setGlobalPermissions(SCAN_EXECUTION, PROVISIONING);
 
     when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID));
-    when(componentService.create(any(DbSession.class), any(NewComponent.class))).thenReturn(new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY));
+    ComponentDto createdProject = new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY);
+    when(componentService.create(any(DbSession.class), any(NewComponent.class))).thenReturn(createdProject);
     when(permissionService.wouldCurrentUserHavePermissionWithDefaultTemplate(any(DbSession.class), eq(SCAN_EXECUTION), anyString(), eq(PROJECT_KEY), eq(Qualifiers.PROJECT)))
       .thenReturn(true);
 
     underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}"));
 
     verifyReportIsPersisted(TASK_UUID);
-    verify(permissionService).applyDefaultPermissionTemplate(any(DbSession.class), eq(PROJECT_KEY));
+    verify(permissionService).applyDefault(any(DbSession.class), eq(createdProject), anyLong());
     verify(queue).submit(argThat(new TypeSafeMatcher<CeTaskSubmit>() {
       @Override
       protected boolean matchesSafely(CeTaskSubmit submit) {
@@ -141,7 +144,7 @@ public class ReportSubmitterTest {
 
   @Test
   public void submit_a_report_on_existing_project_with_global_scan_permission() {
-    ComponentDto project = dbTester.components().insertProject();
+    ComponentDto project = db.components().insertProject();
     userSession.setGlobalPermissions(SCAN_EXECUTION);
 
     when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID));
@@ -153,7 +156,7 @@ public class ReportSubmitterTest {
 
   @Test
   public void submit_a_report_on_existing_project_with_project_scan_permission() {
-    ComponentDto project = dbTester.components().insertProject();
+    ComponentDto project = db.components().insertProject();
     userSession.addProjectUuidPermissions(SCAN_EXECUTION, project.uuid());
 
     when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID));
@@ -183,7 +186,7 @@ public class ReportSubmitterTest {
   }
 
   private void verifyReportIsPersisted(String taskUuid) {
-    assertThat(dbTester.selectFirst("select task_uuid from ce_task_input where task_uuid='" + taskUuid + "'")).isNotNull();
+    assertThat(db.selectFirst("select task_uuid from ce_task_input where task_uuid='" + taskUuid + "'")).isNotNull();
   }
 
 }