]> source.dussan.org Git - sonarqube.git/commitdiff
SONAR-8754 api/organizations/create require root for guarded org
authorSébastien Lesaint <sebastien.lesaint@sonarsource.com>
Tue, 7 Feb 2017 17:18:03 +0000 (18:18 +0100)
committerSébastien Lesaint <sebastien.lesaint@sonarsource.com>
Fri, 10 Feb 2017 08:48:36 +0000 (09:48 +0100)
server/sonar-server/src/main/java/org/sonar/server/organization/ws/DeleteAction.java
server/sonar-server/src/test/java/org/sonar/server/organization/ws/DeleteActionTest.java
sonar-db/src/test/java/org/sonar/db/organization/OrganizationDbTester.java

index 5f55af3c5f31dae5262c730ab0b9112fe74688c7..f25940ff6fb4f55e8928ebe7232885ee2007aeec 100644 (file)
@@ -82,7 +82,11 @@ public class DeleteAction implements OrganizationsAction {
         "Organization with key '%s' not found",
         key);
 
-      userSession.checkOrganizationPermission(organizationDto.getUuid(), SYSTEM_ADMIN);
+      if (organizationDto.isGuarded()) {
+        userSession.checkIsRoot();
+      } else {
+        userSession.checkOrganizationPermission(organizationDto.getUuid(), SYSTEM_ADMIN);
+      }
 
       deleteProjects(dbSession, organizationDto.getUuid());
       deletePermissions(dbSession, organizationDto.getUuid());
index 5b49ab1177294abd4c00f468c6388e5d14e8572d..3fcf6e4332940373fd23feb7dad49d2e21198f93 100644 (file)
@@ -126,7 +126,7 @@ public class DeleteActionTest {
   }
 
   @Test
-  public void request_fails_with_ForbiddenException_when_user_has_no_System_Administer_permission() {
+  public void request_fails_with_ForbiddenException_when_user_has_no_System_Administer_permission_for_non_guarded_organization() {
     OrganizationDto organization = dbTester.organizations().insert();
     userSession.logIn();
 
@@ -137,7 +137,7 @@ public class DeleteActionTest {
   }
 
   @Test
-  public void request_fails_with_ForbiddenException_when_user_does_not_have_System_Administer_permission_on_specified_organization() {
+  public void request_fails_with_ForbiddenException_when_user_does_not_have_System_Administer_permission_on_specified_non_guarded_organization() {
     OrganizationDto organization = dbTester.organizations().insert();
     userSession.logIn().addOrganizationPermission(dbTester.getDefaultOrganization().getUuid(), SYSTEM_ADMIN);
 
@@ -148,7 +148,7 @@ public class DeleteActionTest {
   }
 
   @Test
-  public void request_deletes_specified_organization_if_exists_and_user_has_Admin_permission_on_it() {
+  public void request_deletes_specified_non_guarded_organization_if_exists_and_user_has_Admin_permission_on_it() {
     OrganizationDto organization = dbTester.organizations().insert();
     userSession.logIn().addOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN);
 
@@ -158,7 +158,18 @@ public class DeleteActionTest {
   }
 
   @Test
-  public void request_deletes_specified_organization_if_exists_and_user_is_root() {
+  public void request_fails_with_ForbiddenException_when_user_has_System_Administer_permission_on_specified_guarded_organization() {
+    OrganizationDto organization = dbTester.organizations().insert(dto -> dto.setGuarded(true));
+    userSession.logIn().addOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN);
+
+    expectedException.expect(ForbiddenException.class);
+    expectedException.expectMessage("Insufficient privileges");
+
+    sendRequest(organization);
+  }
+
+  @Test
+  public void request_deletes_specified_non_guarded_organization_if_exists_and_user_is_root() {
     OrganizationDto organization = dbTester.organizations().insert();
     userSession.logIn().setRoot();
 
@@ -167,6 +178,16 @@ public class DeleteActionTest {
     verifyOrganizationDoesNotExist(organization);
   }
 
+  @Test
+  public void request_deletes_specified_guarded_organization_if_exists_and_user_is_root() {
+    OrganizationDto organization = dbTester.organizations().insert(dto -> dto.setGuarded(true));
+    userSession.logIn().setRoot();
+
+    sendRequest(organization);
+
+    verifyOrganizationDoesNotExist(organization);
+  }
+
   @Test
   public void request_also_deletes_components_of_specified_organization() {
     userSession.logIn().setRoot();
index ee67f83555bcb54185301bb4fc79ac82afec6292..b6de3ebc3219cab7b201df17bbec812da2ef369a 100644 (file)
@@ -19,6 +19,7 @@
  */
 package org.sonar.db.organization;
 
+import java.util.function.Consumer;
 import javax.annotation.Nullable;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
@@ -40,12 +41,18 @@ public class OrganizationDbTester {
     return insert(OrganizationTesting.newOrganizationDto());
   }
 
+  public OrganizationDto insert(Consumer<OrganizationDto> populator) {
+    OrganizationDto dto = OrganizationTesting.newOrganizationDto();
+    populator.accept(dto);
+    return insert(dto);
+  }
+
   public OrganizationDto insertForKey(String key) {
-    return insert(OrganizationTesting.newOrganizationDto().setKey(key));
+    return insert(dto -> dto.setKey(key));
   }
 
   public OrganizationDto insertForUuid(String organizationUuid) {
-    return insert(OrganizationTesting.newOrganizationDto().setUuid(organizationUuid));
+    return insert(dto -> dto.setUuid(organizationUuid));
   }
 
   /**