import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
+import org.sonar.core.permission.GlobalPermissions;
import org.sonar.server.plugins.PluginDownloader;
import org.sonar.server.plugins.UpdateCenterMatrixFactory;
+import org.sonar.server.user.UserSession;
import org.sonar.updatecenter.common.PluginUpdate;
import javax.annotation.Nonnull;
public void define(WebService.NewController controller) {
WebService.NewAction action = controller.createAction("update")
.setPost(true)
- .setDescription("Updates a plugin specified by its key to the latest version compatible with the SonarQube instance")
+ .setDescription("Updates a plugin specified by its key to the latest version compatible with the SonarQube instance." +
+ "<br/>" +
+ "Requires user to be authenticated with Administer System permissions")
.setHandler(this);
action.createParam(PARAM_KEY)
@Override
public void handle(Request request, Response response) throws Exception {
+ UserSession.get().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
String key = request.mandatoryParam(PARAM_KEY);
PluginUpdate pluginUpdate = findPluginUpdateByKey(key);
pluginDownloader.download(key, pluginUpdate.getRelease().getVersion());
import org.junit.rules.ExpectedException;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.WebService;
+import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.plugins.PluginDownloader;
import org.sonar.server.plugins.UpdateCenterMatrixFactory;
+import org.sonar.server.user.MockUserSession;
import org.sonar.server.ws.WsTester;
import org.sonar.updatecenter.common.Plugin;
import org.sonar.updatecenter.common.PluginUpdate;
+import org.sonar.updatecenter.common.PluginUpdate.Status;
import org.sonar.updatecenter.common.Release;
import org.sonar.updatecenter.common.UpdateCenter;
import org.sonar.updatecenter.common.Version;
@Before
public void setUp() throws Exception {
when(updateCenterFactory.getUpdateCenter(anyBoolean())).thenReturn(updateCenter);
+
+ MockUserSession.set().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+ }
+
+ @Test
+ public void user_must_have_system_admin_permission() throws Exception {
+ expectedException.expect(ForbiddenException.class);
+ expectedException.expectMessage("Insufficient privileges");
+
+ // no permission on user
+ MockUserSession.set().setGlobalPermissions();
+
+ underTest.handle(validRequest, response);
}
@Test
public void if_plugin_has_an_update_download_is_triggered_with_latest_version_from_updatecenter() throws Exception {
Version version = Version.create("1.0");
when(updateCenter.findPluginUpdates()).thenReturn(ImmutableList.of(
- PluginUpdate.createWithStatus(new Release(new Plugin(PLUGIN_KEY), version), PluginUpdate.Status.COMPATIBLE)
+ PluginUpdate.createWithStatus(new Release(new Plugin(PLUGIN_KEY), version), Status.COMPATIBLE)
));
underTest.handle(validRequest, response);