SONAR-8949 let api/rules/update permission check use the specified org

diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/CreateAction.java
index 7f4d99b8873d37f83fc50b8b2266c5bfd564b1c3..d0625002a035302326215302614c6f527dbbeef4 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/CreateAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/CreateAction.java
@@ -136,7 +136,7 @@ public class CreateAction implements RulesWsAction {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    ruleWsSupport.checkQProfileAdminPermission();
+    ruleWsSupport.checkQProfileAdminPermissionOnDefaultOrganization();
     String customKey = request.mandatoryParam(PARAM_CUSTOM_KEY);
     try (DbSession dbSession = dbClient.openSession(false)) {
       try {

diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/DeleteAction.java
index ae07fa32c022507e811c8f004e3e7776c45ae7b5..2371bd07729b3055f0c9610a0f2456a45be1a32c 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/DeleteAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/DeleteAction.java
@@ -70,7 +70,7 @@ public class DeleteAction implements RulesWsAction {
 
   @Override
   public void handle(Request request, Response response) {
-    ruleWsSupport.checkQProfileAdminPermission();
+    ruleWsSupport.checkQProfileAdminPermissionOnDefaultOrganization();
     RuleKey key = RuleKey.parse(request.mandatoryParam(PARAM_KEY));
     delete(key);
   }

diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java
index 27a14b2678a7eb054b808cd307747837b7794d5a..5e603d13e00199df995fda54a5a9684834b0f59b 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java
@@ -44,7 +44,7 @@ public class RuleWsSupport {
     this.defaultOrganizationProvider = defaultOrganizationProvider;
   }
 
-  public void checkQProfileAdminPermission() {
+  public void checkQProfileAdminPermissionOnDefaultOrganization() {
     userSession
       .checkLoggedIn()
       .checkPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid());

diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/UpdateAction.java
index 15e148914638349fb3928e7be98360c06ea56013..52a04e174963038b4b043ba433c4ec7929b07aa9 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/UpdateAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/UpdateAction.java
@@ -52,6 +52,7 @@ import static java.lang.String.format;
 import static java.util.Collections.singletonList;
 import static java.util.Optional.ofNullable;
 import static org.apache.commons.lang.StringUtils.defaultIfEmpty;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;
 
 public class UpdateAction implements RulesWsAction {
@@ -76,16 +77,14 @@ public class UpdateAction implements RulesWsAction {
   private final RuleUpdater ruleUpdater;
   private final RuleMapper mapper;
   private final UserSession userSession;
-  private final RuleWsSupport ruleWsSupport;
   private final DefaultOrganizationProvider defaultOrganizationProvider;
 
   public UpdateAction(DbClient dbClient, RuleUpdater ruleUpdater, RuleMapper mapper, UserSession userSession,
-    RuleWsSupport ruleWsSupport, DefaultOrganizationProvider defaultOrganizationProvider) {
+    DefaultOrganizationProvider defaultOrganizationProvider) {
     this.dbClient = dbClient;
     this.ruleUpdater = ruleUpdater;
     this.mapper = mapper;
     this.userSession = userSession;
-    this.ruleWsSupport = ruleWsSupport;
     this.defaultOrganizationProvider = defaultOrganizationProvider;
   }
 
@@ -176,10 +175,10 @@ public class UpdateAction implements RulesWsAction {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    ruleWsSupport.checkQProfileAdminPermission();
-
+    userSession.checkLoggedIn();
     try (DbSession dbSession = dbClient.openSession(false)) {
       OrganizationDto organization = getOrganization(request, dbSession);
+      userSession.checkPermission(ADMINISTER_QUALITY_PROFILES, organization);
       RuleUpdate update = readRequest(dbSession, request, organization);
       ruleUpdater.update(dbSession, update, organization, userSession);
       UpdateResponse updateResponse = buildResponse(dbSession, update.getRuleKey(), organization);

diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionTest.java
index 5ab6f15a677c3c5df711024372c728ead1b11b94..bf4962032a6cc12558e778246a9e303dd02b2761 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionTest.java
@@ -99,7 +99,7 @@ public class UpdateActionTest {
   private RuleIndexer ruleIndexer = new RuleIndexer(esClient, dbClient);
   private RuleUpdater ruleUpdater = new RuleUpdater(dbClient, ruleIndexer, System2.INSTANCE);
   private RuleWsSupport ruleWsSupport = new RuleWsSupport(dbClient, userSession, defaultOrganizationProvider);
-  private WsAction underTest = new UpdateAction(dbClient, ruleUpdater, mapper, userSession, ruleWsSupport, defaultOrganizationProvider);
+  private WsAction underTest = new UpdateAction(dbClient, ruleUpdater, mapper, userSession, defaultOrganizationProvider);
   private WsActionTester ws = new WsActionTester(underTest);
 
   @Test
@@ -175,9 +175,8 @@ public class UpdateActionTest {
 
   @Test
   public void update_tags_for_specific_organization() throws IOException {
-    logInAsQProfileAdministrator();
-
     OrganizationDto organization = db.organizations().insert();
+    logInAsQProfileAdministrator(organization.getUuid());
 
     RuleDefinitionDto rule = db.rules().insert(setSystemTags("stag1", "stag2"));
     db.rules().insertOrUpdateMetadata(rule, organization, setTags("tagAlt1", "tagAlt2"));
@@ -204,9 +203,8 @@ public class UpdateActionTest {
 
   @Test
   public void update_rule_remediation_function() throws IOException {
-    logInAsQProfileAdministrator();
-
     OrganizationDto organization = db.organizations().insert();
+    logInAsQProfileAdministrator(organization.getUuid());
 
     RuleDefinitionDto rule = db.rules().insert(
       r -> r.setDefRemediationFunction(LINEAR.toString()),
@@ -342,9 +340,13 @@ public class UpdateActionTest {
   }
 
   private void logInAsQProfileAdministrator() {
+    logInAsQProfileAdministrator(db.getDefaultOrganization().getUuid());
+  }
+
+  private void logInAsQProfileAdministrator(String orgUuid) {
     userSession
       .logIn()
-      .addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization().getUuid());
+      .addPermission(ADMINISTER_QUALITY_PROFILES, orgUuid);
   }
 
   private static MacroInterpreter createMacroInterpreter() {