import static org.sonar.api.measures.CoreMetrics.ALERT_STATUS_KEY;
import static org.sonar.api.resources.Qualifiers.PROJECT;
import static org.sonar.api.utils.DateUtils.formatDateTime;
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.util.Protobuf.setNullable;
import static org.sonar.core.util.stream.MoreCollectors.toList;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
import static org.sonar.db.component.BranchType.LONG;
import static org.sonar.db.component.BranchType.SHORT;
import static org.sonar.server.projectbranch.ws.BranchesWs.addProjectParam;
+import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
import static org.sonarqube.ws.client.projectbranches.ProjectBranchesParameters.ACTION_LIST;
import static org.sonarqube.ws.client.projectbranches.ProjectBranchesParameters.PARAM_PROJECT;
WebService.NewAction action = context.createAction(ACTION_LIST)
.setSince("6.6")
.setDescription("List the branches of a project.<br/>" +
- "Requires 'Administer' rights on the specified project.")
+ "Requires 'Browse' or 'Execute analysis' rights on the specified project.")
.setResponseExample(Resources.getResource(getClass(), "list-example.json"))
.setHandler(this);
try (DbSession dbSession = dbClient.openSession(false)) {
ComponentDto project = componentFinder.getByKey(dbSession, projectKey);
- userSession.checkComponentPermission(UserRole.USER, project);
+ checkPermission(project);
checkArgument(project.isEnabled() && PROJECT.equals(project.qualifier()), "Invalid project key");
Collection<BranchDto> branches = dbClient.branchDao().selectByComponent(dbSession, project);
}
builder.setStatus(statusBuilder);
}
+
+ private void checkPermission(ComponentDto component) {
+ if (!userSession.hasComponentPermission(UserRole.USER, component) &&
+ !userSession.hasComponentPermission(SCAN_EXECUTION, component)) {
+ throw insufficientPrivilegesException();
+ }
+ }
}
import static org.sonar.api.CoreProperties.SERVER_STARTTIME;
import static org.sonar.api.PropertyType.PROPERTY_SET;
import static org.sonar.api.web.UserRole.USER;
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
+import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
import static org.sonar.server.ws.KeyExamples.KEY_BRANCH_EXAMPLE_001;
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
WebService.NewAction action = context.createAction(ACTION_VALUES)
.setDescription("List settings values.<br>" +
"If no value has been set for a setting, then the default value is returned.<br>" +
- "Requires 'Browse' permission when a component is specified<br/>",
+ "Requires 'Browse' or 'Execute Analysis' permission when a component is specified<br/>",
"To access licensed settings, authentication is required<br/>" +
"To access secured settings, one of the following permissions is required: " +
"<ul>" +
return Optional.empty();
}
ComponentDto component = componentFinder.getByKeyAndOptionalBranch(dbSession, componentKey, valuesRequest.getBranch());
- userSession.checkComponentPermission(USER, component);
+ if (!userSession.hasComponentPermission(USER, component) && !userSession.hasComponentPermission(SCAN_EXECUTION, component)) {
+ throw insufficientPrivilegesException();
+ }
return Optional.of(component);
}
import static org.sonar.api.rules.RuleType.VULNERABILITY;
import static org.sonar.api.utils.DateUtils.dateToLong;
import static org.sonar.api.utils.DateUtils.parseDateTime;
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.WsBranches.Branch.Status;
assertJson(json).isSimilarTo(ws.getDef().responseExampleAsString());
}
+ @Test
+ public void test_with_SCAN_EXCUTION_permission() {
+ ComponentDto project = db.components().insertPrivateProject(p -> p.setDbKey("sonarqube"));
+ ComponentDto longLivingBranch = db.components().insertProjectBranch(project, b -> b.setKey("feature/bar").setBranchType(BranchType.LONG));
+ ComponentDto shortLivingBranch = db.components().insertProjectBranch(project, b -> b.setKey("feature/foo").setBranchType(BranchType.SHORT).setMergeBranchUuid(longLivingBranch.uuid()));
+ userSession.logIn().addProjectPermission(SCAN_EXECUTION, project);
+
+ db.getDbClient().snapshotDao().insert(db.getSession(), SnapshotTesting.newAnalysis(longLivingBranch).setLast(true).setCreatedAt(DateUtils.parseDateTime("2017-04-01T01:15:42+0100").getTime()));
+ db.getDbClient().snapshotDao().insert(db.getSession(), SnapshotTesting.newAnalysis(shortLivingBranch).setLast(true).setCreatedAt(DateUtils.parseDateTime("2017-04-03T13:37:00+0100").getTime()));
+ db.commit();
+
+ String json = ws.newRequest()
+ .setParam("project", project.getDbKey())
+ .execute()
+ .getInput();
+
+ assertJson(json).isSimilarTo(ws.getDef().responseExampleAsString());
+ }
+
@Test
public void main_branch() {
ComponentDto project = db.components().insertMainBranch();
projects / sonarqube.git / commitdiff