SONAR-18856 permissions system now correctly validates subportfolios

author Lukasz Jarocki <lukasz.jarocki@sonarsource.com>

Fri, 26 May 2023 13:56:26 +0000 (15:56 +0200)

committer sonartech <sonartech@sonarsource.com>

Thu, 1 Jun 2023 20:02:59 +0000 (20:02 +0000)
author Lukasz Jarocki <lukasz.jarocki@sonarsource.com>
Fri, 26 May 2023 13:56:26 +0000 (15:56 +0200)
committer sonartech <sonartech@sonarsource.com>
Thu, 1 Jun 2023 20:02:59 +0000 (20:02 +0000)
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/entity/EntityDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/entity/EntityDto.java

index 03e0b564dc3d3bd18a592c291624d429244fd739..ab4db5a449a168935111274be13ddc901f06d55e 100644 (file)
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/entity/EntityDto.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/entity/EntityDto.java
@@ -36,7 +36,7 @@ public class EntityDto {
    protected String authUuid;
  
    public String getAuthUuid() {
-    if (qualifier.equals("SVW")) {
+    if ("SVW".equals(qualifier)) {
        return authUuid;
      }
      return uuid;
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java

index 44ee9a5e252d347d23d524ea0694b6d2ca612b69..62276076f39e80727c9495464ab5548f1f28d976 100644 (file)
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java
@@ -103,7 +103,7 @@ public abstract class AbstractUserSession implements UserSession {
  
    @Override
    public final boolean hasEntityPermission(String permission, EntityDto entity) {
-    return hasProjectUuidPermission(permission, entity.getUuid());
+    return hasProjectUuidPermission(permission, entity.getAuthUuid());
    }
  
    @Override
diff --git a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/setting/ws/SetActionIT.java b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/setting/ws/SetActionIT.java

index 8003484b19c3e75d44f8a2db5b1d6ebc8a31f074..24510b7afc2623a567fe63d177267431c858f77d 100644 (file)
--- a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/setting/ws/SetActionIT.java
+++ b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/setting/ws/SetActionIT.java
@@ -153,6 +153,20 @@ public class SetActionIT {
      assertThat(settingsChangeNotifier.wasCalled).isFalse();
    }
  
+  @Test
+  public void persist_new_subportfolio_setting() {
+    propertyDb.insertProperty(newGlobalPropertyDto("my.key", "my global value"), null, null, null, null);
+    ComponentDto portfolio = db.components().insertPrivatePortfolio();
+    ComponentDto subportfolio = db.components().insertSubportfolio(portfolio);
+    logInAsProjectAdministrator(portfolio);
+
+    callForProjectSettingByKey("my.key", "my project value", subportfolio.getKey());
+
+    assertGlobalSetting("my.key", "my global value");
+    assertComponentSetting("my.key", "my project value", subportfolio.uuid());
+    assertThat(settingsChangeNotifier.wasCalled).isFalse();
+  }
+
    @Test
    public void persist_project_property_with_project_admin_permission() {
      ComponentDto project = db.components().insertPrivateProject().getMainBranchComponent();
author	Lukasz Jarocki <lukasz.jarocki@sonarsource.com>
	Fri, 26 May 2023 13:56:26 +0000 (15:56 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Thu, 1 Jun 2023 20:02:59 +0000 (20:02 +0000)
server/sonar-db-dao/src/main/java/org/sonar/db/entity/EntityDto.java		patch \| blob \| history
server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java		patch \| blob \| history
server/sonar-webserver-webapi/src/it/java/org/sonar/server/setting/ws/SetActionIT.java		patch \| blob \| history