import org.sonar.core.util.Uuids;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
-import org.sonar.db.organization.OrganizationDto;
-import org.sonar.db.permission.OrganizationPermission;
-import org.sonar.db.qualityprofile.QualityProfileDto;
import org.sonar.server.qualityprofile.ActiveRuleChange;
import org.sonar.server.qualityprofile.RuleActivation;
import org.sonar.server.qualityprofile.RuleActivator;
String profileKey = request.mandatoryParam(PARAM_PROFILE_KEY);
userSession.checkLoggedIn();
try (DbSession dbSession = dbClient.openSession(false)) {
- checkPermission(dbSession, profileKey);
+ wsSupport.checkPermission(dbSession, profileKey);
List<ActiveRuleChange> changes = ruleActivator.activate(dbSession, activation, profileKey);
dbSession.commit();
activeRuleIndexer.index(changes);
private static RuleKey readRuleKey(Request request) {
return RuleKey.parse(request.mandatoryParam(PARAM_RULE_KEY));
}
-
- private void checkPermission(DbSession dbSession, String qualityProfileKey) {
- QualityProfileDto qualityProfile = dbClient.qualityProfileDao().selectByKey(dbSession, qualityProfileKey);
- OrganizationDto organization = wsSupport.getOrganization(dbSession, qualityProfile);
- userSession.checkPermission(OrganizationPermission.ADMINISTER_QUALITY_PROFILES, organization);
- }
}
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
-import org.sonar.server.organization.DefaultOrganizationProvider;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbSession;
import org.sonar.server.qualityprofile.BulkChangeResult;
import org.sonar.server.qualityprofile.RuleActivator;
import org.sonar.server.rule.ws.RuleQueryFactory;
import org.sonar.server.user.UserSession;
-import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;
import static org.sonar.server.rule.ws.SearchAction.defineRuleSearchParameters;
@ServerSide
public static final String PROFILE_KEY = "profile_key";
public static final String SEVERITY = "activation_severity";
- public static final String BULK_ACTIVATE_ACTION = "activate_rules";
+ public static final String ACTIVATE_RULES_ACTION = "activate_rules";
private final RuleQueryFactory ruleQueryFactory;
private final UserSession userSession;
- private final DefaultOrganizationProvider defaultOrganizationProvider;
private final RuleActivator ruleActivator;
+ private final DbClient dbClient;
+ private final QProfileWsSupport wsSupport;
- public ActivateRulesAction(RuleQueryFactory ruleQueryFactory, UserSession userSession, DefaultOrganizationProvider defaultOrganizationProvider,
- RuleActivator ruleActivator) {
+ public ActivateRulesAction(RuleQueryFactory ruleQueryFactory, UserSession userSession, RuleActivator ruleActivator, QProfileWsSupport wsSupport, DbClient dbClient) {
this.ruleQueryFactory = ruleQueryFactory;
this.userSession = userSession;
- this.defaultOrganizationProvider = defaultOrganizationProvider;
this.ruleActivator = ruleActivator;
+ this.dbClient = dbClient;
+ this.wsSupport = wsSupport;
}
public void define(WebService.NewController controller) {
WebService.NewAction activate = controller
- .createAction(BULK_ACTIVATE_ACTION)
+ .createAction(ACTIVATE_RULES_ACTION)
.setDescription("Bulk-activate rules on one or several Quality profiles")
.setPost(true)
.setSince("4.4")
@Override
public void handle(Request request, Response response) throws Exception {
- verifyAdminPermission();
- BulkChangeResult result = ruleActivator.bulkActivate(ruleQueryFactory.createRuleQuery(request), request.mandatoryParam(PROFILE_KEY), request.param(SEVERITY));
+ String qualityProfileKey = request.mandatoryParam(PROFILE_KEY);
+ userSession.checkLoggedIn();
+ try (DbSession dbSession = dbClient.openSession(false)) {
+ wsSupport.checkPermission(dbSession, qualityProfileKey);
+ }
+ BulkChangeResult result = ruleActivator.bulkActivate(ruleQueryFactory.createRuleQuery(request), qualityProfileKey, request.param(SEVERITY));
BulkChangeWsResponse.writeResponse(result, response);
}
-
- private void verifyAdminPermission() {
- // FIXME check for the permission of the appropriate organization, not the default one
- userSession
- .checkLoggedIn()
- .checkPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid());
- }
}
class BulkChangeWsResponse {
+ private BulkChangeWsResponse() {
+ // use static methods
+ }
+
static void writeResponse(BulkChangeResult result, Response response) {
JsonWriter json = response.newJsonWriter().beginObject();
json.prop("succeeded", result.countSucceeded());
import org.sonar.core.util.Uuids;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
-import org.sonar.db.organization.OrganizationDto;
-import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.qualityprofile.ActiveRuleKey;
-import org.sonar.db.qualityprofile.QualityProfileDto;
import org.sonar.server.qualityprofile.RuleActivator;
import org.sonar.server.user.UserSession;
String qualityProfileKey = request.mandatoryParam(PARAM_PROFILE_KEY);
userSession.checkLoggedIn();
try (DbSession dbSession = dbClient.openSession(false)) {
- checkPermission(dbSession, qualityProfileKey);
+ wsSupport.checkPermission(dbSession, qualityProfileKey);
ActiveRuleKey activeRuleKey = ActiveRuleKey.of(qualityProfileKey, ruleKey);
ruleActivator.deactivateAndUpdateIndex(dbSession, activeRuleKey);
}
}
-
- private void checkPermission(DbSession dbSession, String qualityProfileKey) {
- QualityProfileDto qualityProfile = dbClient.qualityProfileDao().selectByKey(dbSession, qualityProfileKey);
- OrganizationDto organization = wsSupport.getOrganization(dbSession, qualityProfile);
- userSession.checkPermission(OrganizationPermission.ADMINISTER_QUALITY_PROFILES, organization);
- }
}
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
-import org.sonar.server.organization.DefaultOrganizationProvider;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbSession;
import org.sonar.server.qualityprofile.BulkChangeResult;
import org.sonar.server.qualityprofile.RuleActivator;
import org.sonar.server.rule.ws.RuleQueryFactory;
import org.sonar.server.user.UserSession;
-import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;
import static org.sonar.server.rule.ws.SearchAction.defineRuleSearchParameters;
@ServerSide
public static final String PROFILE_KEY = "profile_key";
public static final String SEVERITY = "activation_severity";
- public static final String BULK_DEACTIVATE_ACTION = "deactivate_rules";
+ public static final String DEACTIVATE_RULES_ACTION = "deactivate_rules";
private final RuleQueryFactory ruleQueryFactory;
private final UserSession userSession;
- private final DefaultOrganizationProvider defaultOrganizationProvider;
private final RuleActivator ruleActivator;
+ private final QProfileWsSupport wsSupport;
+ private final DbClient dbClient;
- public DeactivateRulesAction(RuleQueryFactory ruleQueryFactory, UserSession userSession, DefaultOrganizationProvider defaultOrganizationProvider,
- RuleActivator ruleActivator) {
+ public DeactivateRulesAction(RuleQueryFactory ruleQueryFactory, UserSession userSession, RuleActivator ruleActivator, QProfileWsSupport wsSupport, DbClient dbClient) {
this.ruleQueryFactory = ruleQueryFactory;
this.userSession = userSession;
- this.defaultOrganizationProvider = defaultOrganizationProvider;
this.ruleActivator = ruleActivator;
+ this.wsSupport = wsSupport;
+ this.dbClient = dbClient;
}
public void define(WebService.NewController controller) {
WebService.NewAction deactivate = controller
- .createAction(BULK_DEACTIVATE_ACTION)
+ .createAction(DEACTIVATE_RULES_ACTION)
.setDescription("Bulk deactivate rules on Quality profiles")
.setPost(true)
.setSince("4.4")
@Override
public void handle(Request request, Response response) throws Exception {
- verifyAdminPermission();
- BulkChangeResult result = ruleActivator.bulkDeactivate(ruleQueryFactory.createRuleQuery(request), request.mandatoryParam(PROFILE_KEY));
+ String qualityProfileKey = request.mandatoryParam(PROFILE_KEY);
+ userSession.checkLoggedIn();
+ try (DbSession dbSession = dbClient.openSession(false)) {
+ wsSupport.checkPermission(dbSession, qualityProfileKey);
+ }
+ BulkChangeResult result = ruleActivator.bulkDeactivate(ruleQueryFactory.createRuleQuery(request), qualityProfileKey);
BulkChangeWsResponse.writeResponse(result, response);
}
-
- private void verifyAdminPermission() {
- // FIXME check for the permission of the appropriate organization, not the default one
- userSession
- .checkLoggedIn()
- .checkPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid());
- }
}
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.organization.OrganizationDto;
+import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.qualityprofile.QualityProfileDto;
import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.user.UserSession;
}
return profile;
}
+
+ public void checkPermission(DbSession dbSession, String qualityProfileKey) {
+ QualityProfileDto qualityProfile = dbClient.qualityProfileDao().selectByKey(dbSession, qualityProfileKey);
+ OrganizationDto organization = getOrganization(dbSession, qualityProfile);
+ userSession.checkPermission(OrganizationPermission.ADMINISTER_QUALITY_PROFILES, organization);
+ }
}
*/
package org.sonar.server.qualityprofile.ws;
+import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.server.ws.WebService;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
+import org.sonar.db.organization.OrganizationDto;
+import org.sonar.db.permission.OrganizationPermission;
+import org.sonar.db.qualityprofile.QualityProfileDto;
+import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.qualityprofile.RuleActivator;
+import org.sonar.server.rule.ws.RuleQueryFactory;
import org.sonar.server.tester.UserSessionRule;
+import org.sonar.server.ws.TestRequest;
import org.sonar.server.ws.WsActionTester;
+import static org.apache.commons.lang.RandomStringUtils.randomAlphanumeric;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
+import static org.sonar.server.platform.db.migration.def.VarcharColumnDef.UUID_SIZE;
public class ActivateRulesActionTest {
private DbClient dbClient = dbTester.getDbClient();
private RuleActivator ruleActivator = mock(RuleActivator.class);
- private ActivateRulesAction underTest = new ActivateRulesAction(null, null, TestDefaultOrganizationProvider.from(dbTester), ruleActivator);
+ private QProfileWsSupport wsSupport = new QProfileWsSupport(dbClient, userSession, TestDefaultOrganizationProvider.from(dbTester));
+ private RuleQueryFactory ruleQueryFactory = mock(RuleQueryFactory.class);
+ private ActivateRulesAction underTest = new ActivateRulesAction(ruleQueryFactory, userSession, ruleActivator, wsSupport, dbClient);
private WsActionTester wsActionTester = new WsActionTester(underTest);
+ private OrganizationDto defaultOrganization;
+ private OrganizationDto organization;
+
+ @Before
+ public void before() {
+ defaultOrganization = dbTester.getDefaultOrganization();
+ organization = dbTester.organizations().insert();
+ }
@Test
public void define_bulk_activate_rule_action() {
"severities"
);
}
-}
\ No newline at end of file
+
+ @Test
+ public void should_fail_if_not_logged_in() {
+ TestRequest request = wsActionTester.newRequest()
+ .setMethod("POST")
+ .setParam("profile_key", randomAlphanumeric(UUID_SIZE));
+
+ thrown.expect(UnauthorizedException.class);
+ request.execute();
+ }
+
+ @Test
+ public void should_fail_if_not_organization_quality_profile_administrator() {
+ userSession.logIn().addPermission(OrganizationPermission.ADMINISTER_QUALITY_PROFILES, defaultOrganization);
+ QualityProfileDto qualityProfile = dbTester.qualityProfiles().insert(organization);
+ TestRequest request = wsActionTester.newRequest()
+ .setMethod("POST")
+ .setParam("profile_key", qualityProfile.getKey());
+
+ thrown.expect(ForbiddenException.class);
+ request.execute();
+ }
+}
*/
package org.sonar.server.qualityprofile.ws;
+import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.server.ws.WebService;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
+import org.sonar.db.organization.OrganizationDto;
+import org.sonar.db.permission.OrganizationPermission;
+import org.sonar.db.qualityprofile.QualityProfileDto;
+import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.qualityprofile.RuleActivator;
+import org.sonar.server.rule.ws.RuleQueryFactory;
import org.sonar.server.tester.UserSessionRule;
+import org.sonar.server.ws.TestRequest;
import org.sonar.server.ws.WsActionTester;
+import static org.apache.commons.lang.RandomStringUtils.randomAlphanumeric;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
+import static org.sonar.server.platform.db.migration.def.VarcharColumnDef.UUID_SIZE;
public class DeactivateRulesActionTest {
private DbClient dbClient = dbTester.getDbClient();
private RuleActivator ruleActivator = mock(RuleActivator.class);
- private DeactivateRulesAction underTest = new DeactivateRulesAction(null, null, TestDefaultOrganizationProvider.from(dbTester), ruleActivator);
+ private QProfileWsSupport wsSupport = new QProfileWsSupport(dbClient, userSession, TestDefaultOrganizationProvider.from(dbTester));
+ private RuleQueryFactory ruleQueryFactory = mock(RuleQueryFactory.class);
+ private DeactivateRulesAction underTest = new DeactivateRulesAction(ruleQueryFactory, userSession, ruleActivator, wsSupport, dbClient);
private WsActionTester wsActionTester = new WsActionTester(underTest);
+ private OrganizationDto defaultOrganization;
+ private OrganizationDto organization;
+
+ @Before
+ public void before() {
+ defaultOrganization = dbTester.getDefaultOrganization();
+ organization = dbTester.organizations().insert();
+ }
@Test
public void define_bulk_deactivate_rule_action() {
"severities"
);
}
-}
\ No newline at end of file
+
+ @Test
+ public void should_fail_if_not_logged_in() {
+ TestRequest request = wsActionTester.newRequest()
+ .setMethod("POST")
+ .setParam("profile_key", randomAlphanumeric(UUID_SIZE));
+
+ thrown.expect(UnauthorizedException.class);
+ request.execute();
+ }
+
+ @Test
+ public void should_fail_if_not_organization_quality_profile_administrator() {
+ userSession.logIn().addPermission(OrganizationPermission.ADMINISTER_QUALITY_PROFILES, defaultOrganization);
+ QualityProfileDto qualityProfile = dbTester.qualityProfiles().insert(organization);
+ TestRequest request = wsActionTester.newRequest()
+ .setMethod("POST")
+ .setParam("profile_key", qualityProfile.getKey());
+
+ thrown.expect(ForbiddenException.class);
+ request.execute();
+ }
+}
assertThat(db.activeRuleDao().selectByProfileKey(session, profile.getKey())).hasSize(4);
// 1. Deactivate Rule
- WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.BULK_DEACTIVATE_ACTION);
+ WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.DEACTIVATE_RULES_ACTION);
request.setParam(PARAM_PROFILE_KEY, profile.getKey());
WsTester.Result result = request.execute();
session.clearCache();
assertThat(db.activeRuleDao().selectByProfileKey(session, profile.getKey())).hasSize(2);
// 1. Deactivate Rule
- WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.BULK_DEACTIVATE_ACTION);
+ WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.DEACTIVATE_RULES_ACTION);
request.setParam(PARAM_PROFILE_KEY, profile.getKey());
WsTester.Result result = request.execute();
session.clearCache();
assertThat(db.activeRuleDao().selectByProfileKey(session, profile.getKey())).hasSize(2);
// 1. Deactivate Rule
- WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.BULK_DEACTIVATE_ACTION);
+ WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.DEACTIVATE_RULES_ACTION);
request.setParam(PARAM_PROFILE_KEY, profile.getKey());
request.setParam(WebService.Param.TEXT_QUERY, "hello");
WsTester.Result result = request.execute();
assertThat(db.activeRuleDao().selectByProfileKey(session, profile.getKey())).isEmpty();
// 1. Activate Rule
- WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.BULK_ACTIVATE_ACTION);
+ WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.ACTIVATE_RULES_ACTION);
request.setParam(PARAM_PROFILE_KEY, profile.getKey());
request.setParam(PARAM_LANGUAGES, "java");
request.execute().assertJson(getClass(), "bulk_activate_rule.json");
assertThat(db.activeRuleDao().selectByProfileKey(session, php.getKey())).isEmpty();
// 1. Activate Rule
- WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.BULK_ACTIVATE_ACTION);
+ WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.ACTIVATE_RULES_ACTION);
request.setParam(PARAM_PROFILE_KEY, php.getKey());
request.setParam(PARAM_LANGUAGES, "php");
request.execute().assertJson(getClass(), "bulk_activate_rule_not_all.json");
assertThat(db.activeRuleDao().selectByProfileKey(session, profile.getKey())).isEmpty();
// 1. Activate Rule with query returning 0 hits
- WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.BULK_ACTIVATE_ACTION);
+ WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.ACTIVATE_RULES_ACTION);
request.setParam(PARAM_PROFILE_KEY, profile.getKey());
request.setParam(WebService.Param.TEXT_QUERY, "php");
request.execute();
assertThat(db.activeRuleDao().selectByProfileKey(session, profile.getKey())).hasSize(0);
// 1. Activate Rule with query returning 1 hits
- request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.BULK_ACTIVATE_ACTION);
+ request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.ACTIVATE_RULES_ACTION);
request.setParam(PARAM_PROFILE_KEY, profile.getKey());
request.setParam(WebService.Param.TEXT_QUERY, "world");
request.execute();
new SearchOptions()).getIds()).hasSize(2);
// 1. Activate Rule with query returning 2 hits
- WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.BULK_ACTIVATE_ACTION);
+ WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.ACTIVATE_RULES_ACTION);
request.setParam(ActivateRulesAction.PROFILE_KEY, profile.getKey());
request.setParam(ActivateRulesAction.SEVERITY, "MINOR");
request.execute();
ruIndexer.index();
// 1. Activate Rule
- WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.BULK_ACTIVATE_ACTION);
+ WsTester.TestRequest request = wsTester.newPostRequest(QProfilesWs.API_ENDPOINT, ActivateRulesAction.ACTIVATE_RULES_ACTION);
request.setParam(PARAM_PROFILE_KEY, javaProfile.getKey());
request.setParam(PARAM_QPROFILE, javaProfile.getKey());
request.setParam("activation", "false");