SONAR-9739 add UserSession#checkIsRoot

diff --git a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java
index 36d4c8c29289b6f0e4d63e57a4fa32689c93463f..fcdbfb6f260f9055ab7dce23a73714645584ac64 100644 (file)
--- a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java
+++ b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java
@@ -67,6 +67,11 @@ public class CeUserSession implements UserSession {
     throw notImplemented();
   }
 
+  @Override
+  public UserSession checkIsRoot() {
+    throw notImplemented();
+  }
+
   @Override
   public UserSession checkLoggedIn() {
     throw notImplemented();

diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java
index 5012cd3b96b371313f282f9a5d381492b9af3440..47c5ea88abea38d56f211a33d8fdf9d0113e5c2f 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java
@@ -38,6 +38,14 @@ public abstract class AbstractUserSession implements UserSession {
   private static final ForbiddenException INSUFFICIENT_PRIVILEGES_EXCEPTION = new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);
   private static final String AUTHENTICATION_IS_REQUIRED_MESSAGE = "Authentication is required";
 
+  @Override
+  public UserSession checkIsRoot() {
+    if (!isRoot()) {
+      throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);
+    }
+    return this;
+  }
+
   @Override
   public final UserSession checkLoggedIn() {
     if (!isLoggedIn()) {

diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
index d27f4b02381387b43fe850f2ff72fda163047157..3fafcaf44fcac5c57901b6453027b6791195e441 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
@@ -83,6 +83,11 @@ public class ThreadLocalUserSession implements UserSession {
     return get().isLoggedIn();
   }
 
+  @Override
+  public UserSession checkIsRoot() {
+    return get().checkIsRoot();
+  }
+
   @Override
   public boolean isRoot() {
     return get().isRoot();

diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
index 23b16f560a2bb3d860f29cba74f7d1aa893cf46a..6ed0c42c657b56d82daa24ea9d0eb10ccf1f8e8d 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
@@ -67,6 +67,12 @@ public interface UserSession {
    */
   boolean isRoot();
 
+  /**
+   * Ensures that {@link #isRoot()} returns {@code true} otherwise throws a
+   * {@link org.sonar.server.exceptions.ForbiddenException}.
+   */
+  UserSession checkIsRoot();
+
   /**
    * Ensures that user is logged in otherwise throws {@link org.sonar.server.exceptions.UnauthorizedException}.
    */

diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
index 12a892587dbc70897b2d6578b2dd185ae5dd3434..508bed2249f9a9d081af3ab1462254e19c89f371 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
@@ -272,6 +272,11 @@ public class UserSessionRule implements TestRule, UserSession {
     return currentUserSession.isRoot();
   }
 
+  @Override
+  public UserSession checkIsRoot() {
+    return currentUserSession.checkIsRoot();
+  }
+
   @Override
   public UserSession checkLoggedIn() {
     currentUserSession.checkLoggedIn();

diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
index b4fff65d1c7e5b90f69d2419e53a20ae7a066f36..d19500ea2e4ff536523ba6eb79a5c12c7b707f98 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
@@ -138,6 +138,22 @@ public class ServerUserSessionTest {
     assertThat(newUserSession(NON_ROOT_USER_DTO).isRoot()).isFalse();
   }
 
+  @Test
+  public void checkIsRoot_throws_IPFE_if_flag_root_is_false_on_UserDto() {
+    UserSession underTest = newUserSession(NON_ROOT_USER_DTO);
+
+    expectInsufficientPrivilegesForbiddenException();
+
+    underTest.checkIsRoot();
+  }
+
+  @Test
+  public void checkIsRoot_does_not_fail_if_flag_root_is_true_on_UserDto() {
+    UserSession underTest = newUserSession(ROOT_USER_DTO);
+
+    assertThat(underTest.checkIsRoot()).isSameAs(underTest);
+  }
+
   @Test
   public void hasComponentUuidPermission_returns_true_when_flag_root_is_true_on_UserDto_no_matter_if_user_has_project_permission_for_given_uuid() {
     UserSession underTest = newUserSession(ROOT_USER_DTO);