import static java.util.Collections.singleton;
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_have_permission_at_all() {
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);
// user is not part of this group
- db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION);
+ db.users().insertPermissionOnGroup(group1, SCAN);
- Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN_EXECUTION);
+ Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey());
assertThat(orgUuids).isEmpty();
}
@Test
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_organizations_on_which_user_has_permission() {
- db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION);
+ db.users().insertPermissionOnGroup(group1, SCAN);
db.users().insertPermissionOnGroup(group2, QUALITY_GATE_ADMIN);
db.users().insertMember(group1, user);
db.users().insertMember(group2, user);
- Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN_EXECUTION);
+ Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey());
assertThat(orgUuids).containsExactly(group1.getOrganizationUuid());
}
@Test
public void selectOrganizationUuidsOfUserWithGlobalPermission_handles_user_permissions_and_group_permissions() {
// organization: through group membership
- db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION);
+ db.users().insertPermissionOnGroup(group1, SCAN);
db.users().insertMember(group1, user);
// org2 : direct user permission
OrganizationDto org2 = db.organizations().insert();
- db.users().insertPermissionOnUser(org2, user, SCAN_EXECUTION);
+ db.users().insertPermissionOnUser(org2, user, SCAN);
// org3 : another permission QUALITY_GATE_ADMIN
OrganizationDto org3 = db.organizations().insert();
// exclude project permission
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, db.components().insertPrivateProject());
- Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN_EXECUTION);
+ Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey());
assertThat(orgUuids).containsOnly(organization.getUuid(), org2.getUuid());
}
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.OrganizationPermission.SCAN;
ComponentDto project = db.components().insertPrivateProject();
ComponentDto anotherProject = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnGroup(group1, SCAN_EXECUTION, project);
- db.users().insertProjectPermissionOnGroup(group1, PROVISIONING, project);
+ db.users().insertProjectPermissionOnGroup(group1, SCAN.getKey(), project);
+ db.users().insertProjectPermissionOnGroup(group1, PROVISION_PROJECTS.getKey(), project);
- db.users().insertProjectPermissionOnGroup(group1, SYSTEM_ADMIN, anotherProject);
- db.users().insertProjectPermissionOnGroup(group3, SCAN_EXECUTION, anotherProject);
+ db.users().insertProjectPermissionOnGroup(group1, ADMIN, anotherProject);
+ db.users().insertProjectPermissionOnGroup(group3, UserRole.SCAN, anotherProject);
db.users().insertPermissionOnGroup(group2, SCAN);
PermissionQuery.Builder builderOnComponent = newQuery().setComponentUuid(project.uuid());
assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(group3.getId()), null))
.extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId)
- .containsOnly(tuple(group3.getId(), SYSTEM_ADMIN, null));
+ .containsOnly(tuple(group3.getId(), ADMINISTER.getKey(), null));
assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(ANYONE_ID), null))
.extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId)
.containsOnly(
- tuple(0, SCAN_EXECUTION, null),
- tuple(0, PROVISIONING, null));
+ tuple(0, SCAN.getKey(), null),
+ tuple(0, PROVISION_PROJECTS.getKey(), null));
assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(group1.getId(), group2.getId(), ANYONE_ID), null)).hasSize(3);
assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(MISSING_ID), null)).isEmpty();
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.Scopes;
import org.sonar.api.server.ServerSide;
+import org.sonar.api.web.UserRole;
import org.sonar.core.util.stream.MoreCollectors;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import static com.google.common.collect.Lists.newArrayList;
import static com.google.common.collect.Maps.newHashMap;
import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.util.stream.MoreCollectors.index;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
import static org.sonar.server.ws.WsUtils.checkRequest;
String pullRequest = query.getPullRequest();
ComponentDto mainModule = componentFinder.getByKey(session, moduleKey);
checkRequest(isProjectOrModule(mainModule), "Key '%s' belongs to a component which is not a Project", moduleKey);
- boolean hasScanPerm = userSession.hasComponentPermission(SCAN_EXECUTION, mainModule) ||
+ boolean hasScanPerm = userSession.hasComponentPermission(UserRole.SCAN, mainModule) ||
userSession.hasPermission(OrganizationPermission.SCAN, mainModule.getOrganizationUuid());
boolean hasBrowsePerm = userSession.hasComponentPermission(USER, mainModule);
checkPermission(query.isIssuesMode(), hasScanPerm, hasBrowsePerm);
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.BranchDto;
import static org.sonar.api.resources.Qualifiers.PROJECT;
import static org.sonar.api.utils.DateUtils.formatDateTime;
import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.util.Protobuf.setNullable;
import static org.sonar.core.util.stream.MoreCollectors.toList;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
private void checkPermission(ComponentDto component) {
if (userSession.hasComponentPermission(USER, component) ||
- userSession.hasComponentPermission(SCAN_EXECUTION, component) ||
+ userSession.hasComponentPermission(UserRole.SCAN, component) ||
userSession.hasPermission(OrganizationPermission.SCAN, component.getOrganizationUuid())) {
return;
}
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.BranchDto;
import static org.sonar.api.resources.Qualifiers.PROJECT;
import static org.sonar.api.utils.DateUtils.formatDateTime;
import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.util.Protobuf.setNullable;
import static org.sonar.core.util.stream.MoreCollectors.toList;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
private void checkPermission(ComponentDto component) {
if (!userSession.hasComponentPermission(USER, component) &&
- !userSession.hasComponentPermission(SCAN_EXECUTION, component) &&
+ !userSession.hasComponentPermission(UserRole.SCAN, component) &&
!userSession.hasPermission(SCAN, component.getOrganizationUuid())) {
throw insufficientPrivilegesException();
}
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.Scopes;
import org.sonar.api.server.ServerSide;
+import org.sonar.api.web.UserRole;
import org.sonar.ce.queue.CeQueue;
import org.sonar.ce.queue.CeTaskSubmit;
import org.sonar.ce.task.CeTask;
import static com.google.common.base.Preconditions.checkArgument;
import static java.lang.String.format;
import static org.apache.commons.lang.StringUtils.defaultIfBlank;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.server.component.NewComponent.newComponentBuilder;
import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
// they don't have the direct permission on the project.
// That means that dropping the permission on the project does not have any effects
// if user has still the permission on the organization
- if (!userSession.hasComponentPermission(SCAN_EXECUTION, project) &&
+ if (!userSession.hasComponentPermission(UserRole.SCAN, project) &&
!userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid())) {
throw insufficientPrivilegesException();
}
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
import org.sonar.core.util.Uuids;
import org.sonar.core.util.stream.MoreCollectors;
import org.sonar.db.DbClient;
import org.sonar.server.ws.WsUtils;
import org.sonarqube.ws.Ce;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
String orgUuid = component.get().getOrganizationUuid();
if (!userSession.hasPermission(OrganizationPermission.ADMINISTER, orgUuid) &&
!userSession.hasPermission(OrganizationPermission.SCAN, orgUuid) &&
- !userSession.hasComponentPermission(SCAN_EXECUTION, component.get())) {
+ !userSession.hasComponentPermission(UserRole.SCAN, component.get())) {
throw insufficientPrivilegesException();
}
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbSession;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.UserDto;
* <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#ADMIN ADMIN}</li>
* <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#ISSUE_ADMIN ISSUE_ADMIN}</li>
* <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#SECURITYHOTSPOT_ADMIN SECURITYHOTSPOT_ADMIN}</li>
- * <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link GlobalPermissions#SCAN_EXECUTION SCAN_EXECUTION}</li>
+ * <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#SCAN SCAN}</li>
* <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#USER USER}</li>
* <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#CODEVIEWER CODEVIEWER}</li>
* </ul>
* <li>project creator : {@link UserRole#ADMIN ADMIN}</li>
* <li>project creator : {@link UserRole#ISSUE_ADMIN ISSUE_ADMIN}</li>
* <li>project creator : {@link UserRole#SECURITYHOTSPOT_ADMIN SECURITYHOTSPOT_ADMIN}</li>
- * <li>project creator : {@link GlobalPermissions#SCAN_EXECUTION SCAN_EXECUTION}</li>
+ * <li>project creator : {@link UserRole#SCAN SCAN}</li>
* <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#USER USER}</li>
* <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#CODEVIEWER CODEVIEWER}</li>
* </ul>
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.permission.OrganizationPermission;
import static java.util.stream.Collectors.toList;
public class PermissionServiceImpl implements PermissionService {
private static final List<String> ALL_PROJECT_PERMISSIONS = ImmutableList.of(
- UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION, UserRole.USER);
+ UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, UserRole.SCAN, UserRole.USER);
private static final List<OrganizationPermission> ALL_GLOBAL_PERMISSIONS = ImmutableList.copyOf(OrganizationPermission.values());
import org.sonar.api.config.PropertyDefinition;
import org.sonar.api.server.ServerSide;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.process.ProcessProperties;
import static java.util.Arrays.stream;
import static org.sonar.api.PropertyType.LICENSE;
import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_BRANCH;
import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_PULL_REQUEST;
import static org.sonar.server.ws.KeyExamples.KEY_BRANCH_EXAMPLE_001;
}
boolean isVisible(String key, @Nullable PropertyDefinition definition, Optional<ComponentDto> component) {
- return hasPermission(OrganizationPermission.SCAN, SCAN_EXECUTION, component) || (verifySecuredSetting(key, definition, component) && (verifyLicenseSetting(key, definition)));
+ return hasPermission(OrganizationPermission.SCAN, UserRole.SCAN, component) || (verifySecuredSetting(key, definition, component) && (verifyLicenseSetting(key, definition)));
}
static boolean isSecured(String key) {
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
import org.sonar.core.util.stream.MoreCollectors;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import static org.sonar.api.CoreProperties.SERVER_STARTTIME;
import static org.sonar.api.PropertyType.PROPERTY_SET;
import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.process.ProcessProperties.Property.SONARCLOUD_ENABLED;
import static org.sonar.server.setting.ws.PropertySetExtractor.extractPropertySetKeys;
import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_BRANCH;
}
ComponentDto component = componentFinder.getByKeyAndOptionalBranchOrPullRequest(dbSession, componentKey, valuesRequest.getBranch(), valuesRequest.getPullRequest());
if (!userSession.hasComponentPermission(USER, component) &&
- !userSession.hasComponentPermission(SCAN_EXECUTION, component) &&
+ !userSession.hasComponentPermission(UserRole.SCAN, component) &&
!userSession.hasPermission(OrganizationPermission.SCAN, component.getOrganizationUuid())) {
throw insufficientPrivilegesException();
}
*/
String SECURITYHOTSPOT_ADMIN = "securityhotspotadmin";
+ /**
+ * @since 7.5
+ */
+ String SCAN = "scan";
+
String[] value() default {};
/**
* Permissions which are implicitly available for any user, any group and to group "AnyOne" on public components.
+ * @since 7.5
*/
Set<String> PUBLIC_PERMISSIONS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(UserRole.USER, UserRole.CODEVIEWER)));
projects / sonarqube.git / commitdiff