private final Configuration configuration;
public AddUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport,
- WsParameters wsParameters, PermissionService permissionService, Configuration configuration) {
+ WsParameters wsParameters, PermissionService permissionService, Configuration configuration) {
this.dbClient = dbClient;
this.userSession = userSession;
this.permissionUpdater = permissionUpdater;
@Override
public void handle(Request request, Response response) throws Exception {
try (DbSession dbSession = dbClient.openSession(false)) {
- UserId user = wsSupport.findUser(dbSession, request.mandatoryParam(PARAM_USER_LOGIN));
+ String userLogin = request.mandatoryParam(PARAM_USER_LOGIN);
Optional<ComponentDto> project = wsSupport.findProject(dbSession, request);
checkProjectAdmin(userSession, configuration, project.orElse(null));
+ UserId user = wsSupport.findUser(dbSession, userLogin);
PermissionChange change = new UserPermissionChange(
PermissionChange.Operation.ADD,
import static java.net.HttpURLConnection.HTTP_BAD_REQUEST;
import static java.net.HttpURLConnection.HTTP_NO_CONTENT;
import static org.sonarqube.ws.WsUtils.checkArgument;
+import static org.sonarqube.ws.WsUtils.isNullOrEmpty;
import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_LOGIN;
import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_PASSWORD;
import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_PREVIOUS_PASSWORD;
try (DbSession dbSession = dbClient.openSession(false)) {
String login = getParamOrThrow(request, PARAM_LOGIN);
String newPassword = getParamOrThrow(request, PARAM_PASSWORD);
- UserDto user = getUserOrThrow(dbSession, login);
+ UserDto user;
+
if (login.equals(userSession.getLogin())) {
+ user = getUserOrThrow(dbSession, login);
String previousPassword = getParamOrThrow(request, PARAM_PREVIOUS_PASSWORD);
checkPreviousPassword(dbSession, user, previousPassword);
checkArgument(!previousPassword.equals(newPassword), "Password must be different from old password");
deleteTokensAndRefreshSession(request, response, dbSession, user);
} else {
userSession.checkIsSystemAdministrator();
+ user = getUserOrThrow(dbSession, login);
dbClient.sessionTokensDao().deleteByUser(dbSession, user);
}
- UpdateUser updateUser = new UpdateUser().setPassword(newPassword);
- userUpdater.updateAndCommit(dbSession, user, updateUser, u -> {});
+ updatePassword(dbSession, user, newPassword);
setResponseStatus(response, HTTP_NO_CONTENT);
} catch (BadRequestException badRequestException) {
setResponseStatus(response, HTTP_BAD_REQUEST);
}
}
-
private static String getParamOrThrow(ServletRequest request, String key) {
String value = request.getParameter(key);
- checkArgument(value != null && !value.isEmpty(), MSG_PARAMETER_MISSING, key);
+ checkArgument(!isNullOrEmpty(value), MSG_PARAMETER_MISSING, key);
return value;
}
jwtHttpHandler.generateToken(user, httpRequest, httpResponse);
}
+ private void updatePassword(DbSession dbSession, UserDto user, String newPassword) {
+ UpdateUser updateUser = new UpdateUser().setPassword(newPassword);
+ userUpdater.updateAndCommit(dbSession, user, updateUser, u -> {
+ });
+ }
+
private static void setResponseStatus(ServletResponse response, int newStatusCode) {
((HttpServletResponse) response).setStatus(newStatusCode);
}
import org.sonar.server.exceptions.ServerException;
import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionServiceImpl;
+import org.sonar.server.ws.TestRequest;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
public void fail_when_project_uuid_is_unknown() {
loginAsAdmin();
- assertThatThrownBy(() -> {
+ assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, "unknown-project-uuid")
private void failIfComponentIsNotAProjectOrView(ComponentDto file) {
loginAsAdmin();
- assertThatThrownBy(() -> {
+ assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, file.uuid())
public void fail_when_project_permission_without_project() {
loginAsAdmin();
- assertThatThrownBy(() -> {
+ assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
db.components().insertComponent(newFileDto(project, null, "file-uuid"));
loginAsAdmin();
- assertThatThrownBy(() -> {
+ assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, "file-uuid")
public void fail_when_get_request() {
loginAsAdmin();
- assertThatThrownBy(() -> {
+ assertThatThrownBy(() -> {
newRequest()
.setMethod("GET")
.setParam(PARAM_USER_LOGIN, "george.orwell")
public void fail_when_user_login_is_missing() {
loginAsAdmin();
- assertThatThrownBy(() -> {
+ assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.execute();
public void fail_when_permission_is_missing() {
loginAsAdmin();
- assertThatThrownBy(() -> {
+ assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, "jrr.tolkien")
.execute();
db.components().insertPrivateProject();
loginAsAdmin();
- assertThatThrownBy(() -> {
+ assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_USER_LOGIN, user.getLogin())
public void adding_global_permission_fails_if_not_system_administrator() {
userSession.logIn();
- assertThatThrownBy(() -> {
+ assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
ComponentDto project = db.components().insertPrivateProject();
userSession.logIn();
- assertThatThrownBy(() -> {
- newRequest()
- .setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
- .setParam(PARAM_PROJECT_KEY, project.getKey())
- .execute();
- })
+ TestRequest request = newRequest()
+ .setParam(PARAM_USER_LOGIN, user.getLogin())
+ .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PROJECT_KEY, project.getKey());
+
+ assertThatThrownBy(() -> request.execute())
+ .isInstanceOf(ForbiddenException.class);
+ }
+
+ @Test
+ public void adding_project_permission_fails_if_user_doesnt_exist_and_not_administrator_of_project() {
+ ComponentDto project = db.components().insertPrivateProject();
+ userSession.logIn();
+
+ TestRequest request = newRequest()
+ .setParam(PARAM_USER_LOGIN, "unknown")
+ .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PROJECT_KEY, project.getKey());
+ assertThatThrownBy(() -> request.execute())
.isInstanceOf(ForbiddenException.class);
}
+ @Test
+ public void adding_project_permission_fails_if_not_administrator_of_project_and_login_param_is_missing() {
+ ComponentDto project = db.components().insertPrivateProject();
+ userSession.logIn();
+
+ TestRequest request = newRequest()
+ .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PROJECT_KEY, project.getKey());
+
+ assertThatThrownBy(() -> request.execute())
+ .isInstanceOf(IllegalArgumentException.class);
+ }
+
/**
* User is project administrator but not system administrator
*/
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
ComponentDto branch = db.components().insertProjectBranch(project);
- assertThatThrownBy(() -> {
- newRequest()
- .setParam(PARAM_PROJECT_ID, branch.uuid())
- .setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
- .execute();
- })
+ TestRequest request = newRequest()
+ .setParam(PARAM_PROJECT_ID, branch.uuid())
+ .setParam(PARAM_USER_LOGIN, user.getLogin())
+ .setParam(PARAM_PERMISSION, SYSTEM_ADMIN);
+
+ assertThatThrownBy(() -> request.execute())
.isInstanceOf(NotFoundException.class)
.hasMessage(format("Project id '%s' not found", branch.uuid()));
}