]> source.dussan.org Git - sonarqube.git/commitdiff
projects / sonarqube.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fcdbb22)
SONAR-8275 organization in WS api/permissions/remove_group_from_template
authorSimon Brandhof <simon.brandhof@sonarsource.com>
Sun, 16 Oct 2016 21:07:39 +0000 (23:07 +0200)
committerSimon Brandhof <simon.brandhof@sonarsource.com>
Sun, 16 Oct 2016 21:16:39 +0000 (23:16 +0200)
server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java patch | blob | history
server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java patch | blob | history

diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java
index b6ca44a57ca6616ea34885bd9682114b7a00c514..4104b40b2bc597db3c1814be8f01207be342e1fa 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java
@@ -19,6 +19,7 @@
  */
 package org.sonar.server.permission.ws.template;
 
+import java.util.Optional;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
@@ -30,7 +31,8 @@ import org.sonar.server.permission.ws.PermissionsWsAction;
 import org.sonar.server.user.UserSession;
 import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
 
-import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
+import static com.google.common.base.Preconditions.checkArgument;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
 import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter;
 import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter;
 import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
@@ -67,12 +69,12 @@ public class RemoveGroupFromTemplateAction implements PermissionsWsAction {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    checkGlobalAdminUser(userSession);
-    String permission = request.mandatoryParam(PARAM_PERMISSION);
-
     try (DbSession dbSession = dbClient.openSession(false)) {
-      GroupIdOrAnyone groupId = wsSupport.findGroup(dbSession, request);
+      String permission = request.mandatoryParam(PARAM_PERMISSION);
       PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.fromRequest(request));
+      checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty());
+      GroupIdOrAnyone groupId = wsSupport.findGroup(dbSession, request);
+      checkArgument(groupId.getOrganizationUuid().equals(template.getOrganizationUuid()), "Group and template are on different organizations");
 
       dbClient.permissionTemplateDao().deleteGroupPermission(dbSession, template.getId(), groupId.getId(), permission);
       dbSession.commit();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
index 96d009595b9edc0686d5991319ef1ee5aec0eb20..bfcdea01e6776899c274d9de6b4a3527d28a64a1 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
@@ -37,6 +37,7 @@ import org.sonar.server.ws.WsTester;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.security.DefaultGroups.ANYONE;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.CONTROLLER;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
@@ -59,7 +60,7 @@ public class RemoveGroupFromTemplateActionTest extends BasePermissionWsTest<Remo
 
   @Before
   public void setUp() {
-    userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+    loginAsAdminOnDefaultOrganization();
 
     group = db.users().insertGroup(defaultOrganizationProvider.getDto(), "group-name");
     template = insertTemplate();
@@ -121,8 +122,9 @@ public class RemoveGroupFromTemplateActionTest extends BasePermissionWsTest<Remo
 
   @Test
   public void fail_if_insufficient_privileges() throws Exception {
+    userSession.login().addOrganizationPermission(db.getDefaultOrganization().getUuid(), SCAN_EXECUTION);
+
     expectedException.expect(ForbiddenException.class);
-    userSession.setGlobalPermissions(GlobalPermissions.QUALITY_PROFILE_ADMIN);
 
     newRequest(group.getName(), template.getUuid(), PERMISSION);
   }
Continuous Inspection: https://github.com/SonarSource/sonarqube