*/
package org.sonar.server.permission.ws.template;
+import java.util.Optional;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
import static java.lang.String.format;
-import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
+import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter;
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter;
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
@Override
public void handle(Request request, Response response) {
- checkGlobalAdminUser(userSession);
-
try (DbSession dbSession = dbClient.openSession(false)) {
String permission = request.mandatoryParam(PARAM_PERMISSION);
GroupIdOrAnyone groupId = support.findGroup(dbSession, request);
- checkRequest(!GlobalPermissions.SYSTEM_ADMIN.equals(permission) || !groupId.isAnyone(),
+ checkRequest(!SYSTEM_ADMIN.equals(permission) || !groupId.isAnyone(),
format("It is not possible to add the '%s' permission to the group 'Anyone'.", permission));
PermissionTemplateDto template = support.findTemplate(dbSession, fromRequest(request));
+ checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty());
if (!groupAlreadyAdded(dbSession, template.getId(), permission, groupId)) {
dbClient.permissionTemplateDao().insertGroupPermission(dbSession, template.getId(), groupId.getId(), permission);
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
-import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.permission.ws.BasePermissionWsTest;
import org.sonar.server.ws.WsTester;
@Before
public void setUp() {
- loginAsAdmin();
template = insertTemplate();
group = db.users().insertGroup(defaultOrganizationProvider.getDto(), "group-name");
}
@Test
public void add_group_to_template() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
newRequest(group.getName(), template.getUuid(), CODEVIEWER);
assertThat(getGroupNamesInTemplateAndPermission(template.getId(), CODEVIEWER)).containsExactly(group.getName());
@Test
public void add_group_to_template_by_name() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PERMISSION, CODEVIEWER)
@Test
public void add_with_group_id() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
newRequest()
.setParam(PARAM_TEMPLATE_ID, template.getUuid())
.setParam(PARAM_PERMISSION, CODEVIEWER)
@Test
public void does_not_add_a_group_twice() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
newRequest(group.getName(), template.getUuid(), ISSUE_ADMIN);
newRequest(group.getName(), template.getUuid(), ISSUE_ADMIN);
@Test
public void add_anyone_group_to_template() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
newRequest(ANYONE, template.getUuid(), CODEVIEWER);
assertThat(getGroupNamesInTemplateAndPermission(template.getId(), CODEVIEWER)).containsExactly(ANYONE);
@Test
public void fail_if_add_anyone_group_to_admin_permission() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(BadRequestException.class);
expectedException.expectMessage(String.format("It is not possible to add the '%s' permission to the group 'Anyone'", UserRole.ADMIN));
@Test
public void fail_if_not_a_project_permission() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(IllegalArgumentException.class);
newRequest(group.getName(), template.getUuid(), GlobalPermissions.PROVISIONING);
}
@Test
- public void fail_if_insufficient_privileges() throws Exception {
- userSession.setGlobalPermissions(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ public void fail_if_not_admin_of_default_organization() throws Exception {
+ userSession.login();
expectedException.expect(ForbiddenException.class);
newRequest(group.getName(), template.getUuid(), CODEVIEWER);
}
- @Test
- public void fail_if_not_logged_in() throws Exception {
- expectedException.expect(UnauthorizedException.class);
- userSession.anonymous();
-
- newRequest(group.getName(), template.getUuid(), CODEVIEWER);
- }
-
@Test
public void fail_if_group_params_missing() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(BadRequestException.class);
newRequest(null, template.getUuid(), CODEVIEWER);
@Test
public void fail_if_permission_missing() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(IllegalArgumentException.class);
newRequest(group.getName(), template.getUuid(), null);
@Test
public void fail_if_template_uuid_and_name_missing() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(BadRequestException.class);
newRequest(group.getName(), null, CODEVIEWER);
@Test
public void fail_if_group_does_not_exist() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(NotFoundException.class);
expectedException.expectMessage("No group with name 'unknown-group-name'");
@Test
public void fail_if_template_key_does_not_exist() throws Exception {
+ loginAsAdminOnDefaultOrganization();
+
expectedException.expect(NotFoundException.class);
expectedException.expectMessage("Permission template with id 'unknown-key' is not found");
private WsTester.TestRequest newRequest() {
return wsTester.newPostRequest(CONTROLLER, "add_group_to_template");
}
-
- private void loginAsAdmin() {
- userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
- }
}
projects / sonarqube.git / commitdiff