SONAR-8716 fix check of permissions in ReportSubmitter

author Simon Brandhof <simon.brandhof@sonarsource.com>

Thu, 2 Feb 2017 13:31:26 +0000 (14:31 +0100)

committer Simon Brandhof <simon.brandhof@sonarsource.com>

Tue, 7 Feb 2017 13:22:43 +0000 (14:22 +0100)
author Simon Brandhof <simon.brandhof@sonarsource.com>
Thu, 2 Feb 2017 13:31:26 +0000 (14:31 +0100)
committer Simon Brandhof <simon.brandhof@sonarsource.com>
Tue, 7 Feb 2017 13:22:43 +0000 (14:22 +0100)
diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java

index a3c345a1f680ccbe6c2a65c45cb2c8a87650c77d..e2bb3fbafb17fe42f9f0fe3f1fb89c1468d93165 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java
@@ -95,7 +95,7 @@ public class ReportSubmitter {
    }
  
    private ComponentDto createProject(DbSession dbSession, String organizationUuid, String projectKey, @Nullable String projectBranch, @Nullable String projectName) {
-    userSession.checkPermission(PROVISIONING);
+    userSession.checkOrganizationPermission(organizationUuid, PROVISIONING);
      Integer userId = userSession.getUserId();
      Long projectCreatorUserId = userId == null ? null : userId.longValue();
  
diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java

index 09ef9ebd833b1f383ff4c685b665404eca3dc05f..1f11dfbe05971543ba6224b243a9f0d54072de8d 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java
@@ -57,6 +57,7 @@ import static org.mockito.Mockito.verifyZeroInteractions;
  import static org.mockito.Mockito.when;
  import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
  import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
+import static org.sonar.db.component.ComponentTesting.newProjectDto;
  
  public class ReportSubmitterTest {
  
@@ -97,7 +98,7 @@ public class ReportSubmitterTest {
  
    @Test
    public void submit_fails_with_organizationKey_does_not_match_organization_of_specified_component() {
-    userSession.setGlobalPermissions(SCAN_EXECUTION);
+    userSession.login().setRoot();
      OrganizationDto organization = db.organizations().insert();
      ComponentDto project = db.components().insertProject(organization);
      mockSuccessfulPrepareSubmitCall();
@@ -107,8 +108,8 @@ public class ReportSubmitterTest {
  
    @Test
    public void submit_a_report_on_existing_project() {
-    userSession.setGlobalPermissions(SCAN_EXECUTION);
      ComponentDto project = db.components().insertProject(db.getDefaultOrganization());
+    userSession.login().addProjectUuidPermissions(SCAN_EXECUTION, project.uuid());
  
      mockSuccessfulPrepareSubmitCall();
  
@@ -134,10 +135,12 @@ public class ReportSubmitterTest {
    @Test
    public void provision_project_if_does_not_exist() throws Exception {
      OrganizationDto organization = db.organizations().insert();
-    userSession.setGlobalPermissions(SCAN_EXECUTION, PROVISIONING);
+    userSession
+      .addProjectUuidPermissions(SCAN_EXECUTION, PROJECT_UUID)
+      .addOrganizationPermission(organization, PROVISIONING);
  
      mockSuccessfulPrepareSubmitCall();
-    ComponentDto createdProject = new ComponentDto().setId(23L).setUuid(PROJECT_UUID).setKey(PROJECT_KEY);
+    ComponentDto createdProject = newProjectDto(organization, PROJECT_UUID).setKey(PROJECT_KEY);
      when(componentUpdater.create(any(DbSession.class), any(NewComponent.class), eq(null))).thenReturn(createdProject);
      when(permissionTemplateService.wouldUserHavePermissionWithDefaultTemplate(any(DbSession.class), eq(organization.getUuid()), anyLong(), eq(SCAN_EXECUTION), anyString(),
        eq(PROJECT_KEY), eq(Qualifiers.PROJECT)))
@@ -163,10 +166,13 @@ public class ReportSubmitterTest {
  
    @Test
    public void no_favorite_when_no_project_creator_permission_on_permission_template() {
-    userSession.setGlobalPermissions(SCAN_EXECUTION, PROVISIONING);
+    userSession
+      .addProjectUuidPermissions(SCAN_EXECUTION, PROJECT_UUID)
+      .addOrganizationPermission(db.getDefaultOrganization(), PROVISIONING);
+
  
      mockSuccessfulPrepareSubmitCall();
-    ComponentDto createdProject = new ComponentDto().setId(23L).setUuid(PROJECT_UUID).setKey(PROJECT_KEY);
+    ComponentDto createdProject = newProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setKey(PROJECT_KEY);
      when(componentUpdater.create(any(DbSession.class), any(NewComponent.class), eq(null))).thenReturn(createdProject);
      when(permissionTemplateService.wouldUserHavePermissionWithDefaultTemplate(any(DbSession.class), eq(defaultOrganizationUuid), anyLong(), eq(SCAN_EXECUTION), anyString(),
        eq(PROJECT_KEY), eq(Qualifiers.PROJECT)))
@@ -179,11 +185,14 @@ public class ReportSubmitterTest {
    }
  
    @Test
-  public void submit_a_report_on_new_project_with_global_scan_permission() {
-    userSession.setGlobalPermissions(SCAN_EXECUTION, PROVISIONING);
+  public void submit_a_report_on_new_project_with_scan_permission_on_organization() {
+    userSession
+      .addProjectUuidPermissions(SCAN_EXECUTION, PROJECT_UUID)
+      .addOrganizationPermission(db.getDefaultOrganization(), PROVISIONING);
  
      mockSuccessfulPrepareSubmitCall();
-    when(componentUpdater.create(any(DbSession.class), any(NewComponent.class), eq(null))).thenReturn(new ComponentDto().setId(23L).setUuid(PROJECT_UUID).setKey(PROJECT_KEY));
+    ComponentDto project = newProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setKey(PROJECT_KEY);
+    when(componentUpdater.create(any(DbSession.class), any(NewComponent.class), eq(null))).thenReturn(project);
      when(permissionTemplateService.wouldUserHavePermissionWithDefaultTemplate(any(DbSession.class), eq(defaultOrganizationUuid), anyLong(), eq(SCAN_EXECUTION), anyString(),
        eq(PROJECT_KEY), eq(Qualifiers.PROJECT)))
          .thenReturn(true);
@@ -194,7 +203,7 @@ public class ReportSubmitterTest {
    }
  
    @Test
-  public void submit_a_report_on_existing_project_with_global_scan_permission() {
+  public void submit_a_report_on_existing_project_with_scan_permission_on_organization() {
      userSession.setGlobalPermissions(SCAN_EXECUTION);
  
      ComponentDto project = db.components().insertProject(db.getDefaultOrganization());
author	Simon Brandhof <simon.brandhof@sonarsource.com>
	Thu, 2 Feb 2017 13:31:26 +0000 (14:31 +0100)
committer	Simon Brandhof <simon.brandhof@sonarsource.com>
	Tue, 7 Feb 2017 13:22:43 +0000 (14:22 +0100)
server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java		patch \| blob \| history
server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java		patch \| blob \| history