From: Julien Lancelot Date: Fri, 8 Jan 2016 13:01:36 +0000 (+0100) Subject: SONAR-7174 Check scan permission per project during analysis X-Git-Tag: 5.4-M5~34 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=2b99549791a3487f87547f1293804959b8c9c2e2;p=sonarqube.git SONAR-7174 Check scan permission per project during analysis --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java index 1505d33c4cd..292dfcab645 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java +++ b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java @@ -30,7 +30,6 @@ import org.sonar.api.server.ServerSide; import org.sonar.api.web.UserRole; import org.sonar.batch.protocol.input.FileData; import org.sonar.batch.protocol.input.ProjectRepositories; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.MyBatis; @@ -42,6 +41,8 @@ import org.sonar.server.user.UserSession; import static com.google.common.collect.Lists.newArrayList; import static com.google.common.collect.Maps.newHashMap; +import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION; +import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; @ServerSide @@ -56,15 +57,16 @@ public class ProjectDataLoader { } public ProjectRepositories load(ProjectDataQuery query) { - boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION); - checkPermission(query.isIssuesMode()); - DbSession session = dbClient.openSession(false); try { ProjectRepositories data = new ProjectRepositories(); ComponentDto module = checkFoundWithOptional(dbClient.componentDao().selectByKey(session, query.getModuleKey()), "Project or module with key '%s' is not found", query.getModuleKey()); + boolean hasScanPerm = userSession.hasComponentUuidPermission(SCAN_EXECUTION, module.projectUuid()); + boolean hasPreviewPerm = userSession.hasPermission(PREVIEW_EXECUTION); + checkPermission(query.isIssuesMode(), hasScanPerm, hasPreviewPerm); + // Scan permission is enough to analyze all projects but preview permission is limited to projects user can access if (query.isIssuesMode() && !userSession.hasComponentUuidPermission(UserRole.USER, module.projectUuid())) { throw new ForbiddenException("You're not authorized to access to project '" + module.name() + "', please contact your SonarQube administrator."); @@ -180,9 +182,7 @@ public class ProjectDataLoader { } } - private void checkPermission(boolean preview) { - boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION); - boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION); + private void checkPermission(boolean preview, boolean hasScanPerm, boolean hasPreviewPerm) { if (!hasPreviewPerm && !hasScanPerm) { throw new ForbiddenException(Messages.NO_PERMISSION); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/report/ReportSubmitter.java b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/report/ReportSubmitter.java index 1e45e26621e..d43f6ee99f0 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/report/ReportSubmitter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/report/ReportSubmitter.java @@ -25,7 +25,6 @@ import org.apache.commons.lang.StringUtils; import org.sonar.api.resources.Qualifiers; import org.sonar.api.server.ServerSide; import org.sonar.core.component.ComponentKeys; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.ce.CeTaskTypes; import org.sonar.db.component.ComponentDto; import org.sonar.server.component.ComponentService; @@ -36,6 +35,8 @@ import org.sonar.server.computation.queue.CeTaskSubmit; import org.sonar.server.permission.PermissionService; import org.sonar.server.user.UserSession; +import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; + @ServerSide public class ReportSubmitter { @@ -55,11 +56,12 @@ public class ReportSubmitter { } public CeTask submit(String projectKey, @Nullable String projectBranch, @Nullable String projectName, InputStream reportInput) { - userSession.checkPermission(GlobalPermissions.SCAN_EXECUTION); - String effectiveProjectKey = ComponentKeys.createKey(projectKey, projectBranch); ComponentDto project = componentService.getNullableByKey(effectiveProjectKey); if (project == null) { + // the project does not exist -> require global permission + userSession.checkPermission(SCAN_EXECUTION); + // the project does not exist -> requires to provision it NewComponent newProject = new NewComponent(projectKey, StringUtils.defaultIfBlank(projectName, projectKey)); newProject.setBranch(projectBranch); @@ -67,6 +69,9 @@ public class ReportSubmitter { // no need to verify the permission "provisioning" as it's already handled by componentService project = componentService.create(newProject); permissionService.applyDefaultPermissionTemplate(project.getKey()); + } else { + // the project exists -> require global or project permission + userSession.checkComponentPermission(SCAN_EXECUTION, projectKey); } // the report file must be saved before submitting the task diff --git a/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderMediumTest.java index 281e3ef0017..d6051b82015 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderMediumTest.java @@ -30,7 +30,6 @@ import org.junit.Test; import org.sonar.api.web.UserRole; import org.sonar.batch.protocol.input.FileData; import org.sonar.batch.protocol.input.ProjectRepositories; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -48,6 +47,8 @@ import org.sonar.server.tester.UserSessionRule; import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.fail; import static org.sonar.api.utils.DateUtils.formatDateTime; +import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION; +import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.server.qualityprofile.QProfileTesting.newQProfileDto; public class ProjectDataLoaderMediumTest { @@ -75,9 +76,31 @@ public class ProjectDataLoaderMediumTest { } @Test - public void return_project_settings() { + public void return_project_settings_with_global_scan_permission() { ComponentDto project = ComponentTesting.newProjectDto(); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); + tester.get(DbClient.class).componentDao().insert(dbSession, project); + addDefaultProfile(); + + // Project properties + tester.get(DbClient.class).propertiesDao().insertProperty( + dbSession, new PropertyDto().setKey("sonar.jira.project.key").setValue("SONAR").setResourceId(project.getId())); + tester.get(DbClient.class).propertiesDao().insertProperty( + dbSession, new PropertyDto().setKey("sonar.jira.login.secured").setValue("john").setResourceId(project.getId())); + dbSession.commit(); + + ProjectRepositories ref = underTest.load(ProjectDataQuery.create().setModuleKey(project.key())); + + Map projectSettings = ref.settings(project.key()); + assertThat(projectSettings).isEqualTo(ImmutableMap.of( + "sonar.jira.project.key", "SONAR", + "sonar.jira.login.secured", "john")); + } + + @Test + public void return_project_settings_with_project_scan_permission() { + ComponentDto project = ComponentTesting.newProjectDto(); + userSessionRule.login("john").addProjectUuidPermissions(SCAN_EXECUTION, project.projectUuid()); tester.get(DbClient.class).componentDao().insert(dbSession, project); addDefaultProfile(); @@ -99,7 +122,7 @@ public class ProjectDataLoaderMediumTest { @Test public void not_returned_secured_settings_with_only_preview_permission() { ComponentDto project = ComponentTesting.newProjectDto(); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION).addProjectUuidPermissions(UserRole.USER, project.uuid()); + userSessionRule.login("john").setGlobalPermissions(PREVIEW_EXECUTION).addProjectUuidPermissions(UserRole.USER, project.uuid()); tester.get(DbClient.class).componentDao().insert(dbSession, project); addDefaultProfile(); @@ -119,7 +142,7 @@ public class ProjectDataLoaderMediumTest { @Test public void return_project_with_module_settings() { ComponentDto project = ComponentTesting.newProjectDto(); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, project); addDefaultProfile(); @@ -153,7 +176,7 @@ public class ProjectDataLoaderMediumTest { @Test public void return_project_with_module_settings_inherited_from_project() { ComponentDto project = ComponentTesting.newProjectDto(); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, project); addDefaultProfile(); @@ -182,7 +205,7 @@ public class ProjectDataLoaderMediumTest { @Test public void return_project_with_module_with_sub_module() { ComponentDto project = ComponentTesting.newProjectDto(); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, project); addDefaultProfile(); @@ -227,7 +250,7 @@ public class ProjectDataLoaderMediumTest { @Test public void return_project_with_two_modules() { ComponentDto project = ComponentTesting.newProjectDto(); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, project); addDefaultProfile(); @@ -271,7 +294,7 @@ public class ProjectDataLoaderMediumTest { public void return_provisioned_project_settings() { // No snapshot attached on the project -> provisioned project ComponentDto project = ComponentTesting.newProjectDto(); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, project); addDefaultProfile(); @@ -289,7 +312,6 @@ public class ProjectDataLoaderMediumTest { @Test public void return_sub_module_settings() { - ComponentDto project = ComponentTesting.newProjectDto(); tester.get(DbClient.class).componentDao().insert(dbSession, project); addDefaultProfile(); @@ -300,7 +322,7 @@ public class ProjectDataLoaderMediumTest { // No module properties ComponentDto subModule = ComponentTesting.newModuleDto(module); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, subModule); // Sub module properties @@ -336,7 +358,7 @@ public class ProjectDataLoaderMediumTest { tester.get(DbClient.class).propertiesDao().insertProperty(dbSession, new PropertyDto().setKey("sonar.jira.login.secured").setValue("john").setResourceId(module.getId())); ComponentDto subModule = ComponentTesting.newModuleDto(module); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, subModule); // Sub module properties @@ -371,7 +393,7 @@ public class ProjectDataLoaderMediumTest { // No module property ComponentDto subModule = ComponentTesting.newModuleDto(module); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, subModule); // No sub module property @@ -404,7 +426,7 @@ public class ProjectDataLoaderMediumTest { tester.get(DbClient.class).propertiesDao().insertProperty(dbSession, new PropertyDto().setKey("sonar.jira.project.key").setValue("SONAR-SERVER").setResourceId(module.getId())); ComponentDto subModule = ComponentTesting.newModuleDto(module); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, subModule); // No sub module property @@ -437,7 +459,7 @@ public class ProjectDataLoaderMediumTest { @Test public void fail_when_not_preview_and_only_dry_run_permission() { - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(PREVIEW_EXECUTION); ComponentDto project = ComponentTesting.newProjectDto(); tester.get(DbClient.class).componentDao().insert(dbSession, project); @@ -456,7 +478,7 @@ public class ProjectDataLoaderMediumTest { @Test public void return_file_data_from_single_project() { ComponentDto project = ComponentTesting.newProjectDto(); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, project); addDefaultProfile(); @@ -475,7 +497,7 @@ public class ProjectDataLoaderMediumTest { @Test public void return_file_data_from_multi_modules() { ComponentDto project = ComponentTesting.newProjectDto(); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, project); addDefaultProfile(); @@ -511,7 +533,7 @@ public class ProjectDataLoaderMediumTest { tester.get(FileSourceDao.class).insert(newFileSourceDto(projectFile).setSrcHash("123456").setRevision("987654321")); ComponentDto module = ComponentTesting.newModuleDto(project); - userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION); tester.get(DbClient.class).componentDao().insert(dbSession, module); // File on module @@ -537,7 +559,6 @@ public class ProjectDataLoaderMediumTest { return new FileSourceDto() .setFileUuid(file.uuid()) .setProjectUuid(file.projectUuid()) - // .setSourceData(",,,,,,,,,,,,,,,unchanged ,,,,,,,,,,,,,,,content ") .setDataHash("0263047cd758c68c27683625f072f010") .setLineHashes("8d7b3d6b83c0a517eac07e1aac94b773") .setCreatedAt(System.currentTimeMillis()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/report/ReportSubmitterTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/report/ReportSubmitterTest.java index 140cf85ee77..666f1ff1820 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/report/ReportSubmitterTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/report/ReportSubmitterTest.java @@ -24,6 +24,7 @@ import org.hamcrest.Description; import org.hamcrest.TypeSafeMatcher; import org.junit.Rule; import org.junit.Test; +import org.junit.rules.ExpectedException; import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.ce.CeTaskTypes; import org.sonar.db.component.ComponentDto; @@ -32,6 +33,7 @@ import org.sonar.server.component.NewComponent; import org.sonar.server.computation.queue.CeQueue; import org.sonar.server.computation.queue.CeQueueImpl; import org.sonar.server.computation.queue.CeTaskSubmit; +import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.permission.PermissionService; import org.sonar.server.tester.UserSessionRule; @@ -44,6 +46,14 @@ import static org.mockito.Mockito.when; public class ReportSubmitterTest { + static final String PROJECT_KEY = "MY_PROJECT"; + static final String PROJECT_UUID = "P1"; + static final String PROJECT_NAME = "My Project"; + static final String TASK_UUID = "TASK_1"; + + @Rule + public ExpectedException thrown = ExpectedException.none(); + @Rule public UserSessionRule userSession = UserSessionRule.standalone(); @@ -55,18 +65,19 @@ public class ReportSubmitterTest { @Test public void submit_a_report_on_existing_project() { - when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder("TASK_1")); userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); - when(componentService.getNullableByKey("MY_PROJECT")).thenReturn(new ComponentDto().setUuid("P1")); - underTest.submit("MY_PROJECT", null, "My Project", IOUtils.toInputStream("{binary}")); + when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); + when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(new ComponentDto().setUuid(PROJECT_UUID)); + + underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}")); verifyZeroInteractions(permissionService); verify(queue).submit(argThat(new TypeSafeMatcher() { @Override protected boolean matchesSafely(CeTaskSubmit submit) { - return submit.getType().equals(CeTaskTypes.REPORT) && submit.getComponentUuid().equals("P1") && - submit.getUuid().equals("TASK_1"); + return submit.getType().equals(CeTaskTypes.REPORT) && submit.getComponentUuid().equals(PROJECT_UUID) && + submit.getUuid().equals(TASK_UUID); } @Override @@ -78,19 +89,20 @@ public class ReportSubmitterTest { @Test public void provision_project_if_does_not_exist() throws Exception { - when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder("TASK_1")); userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.PROVISIONING); - when(componentService.getNullableByKey("MY_PROJECT")).thenReturn(null); - when(componentService.create(any(NewComponent.class))).thenReturn(new ComponentDto().setUuid("P1").setKey("MY_PROJECT")); - underTest.submit("MY_PROJECT", null, "My Project", IOUtils.toInputStream("{binary}")); + when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); + when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(null); + when(componentService.create(any(NewComponent.class))).thenReturn(new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY)); + + underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}")); - verify(permissionService).applyDefaultPermissionTemplate("MY_PROJECT"); + verify(permissionService).applyDefaultPermissionTemplate(PROJECT_KEY); verify(queue).submit(argThat(new TypeSafeMatcher() { @Override protected boolean matchesSafely(CeTaskSubmit submit) { - return submit.getType().equals(CeTaskTypes.REPORT) && submit.getComponentUuid().equals("P1") && - submit.getUuid().equals("TASK_1"); + return submit.getType().equals(CeTaskTypes.REPORT) && submit.getComponentUuid().equals(PROJECT_UUID) && + submit.getUuid().equals(TASK_UUID); } @Override @@ -98,6 +110,63 @@ public class ReportSubmitterTest { } })); + } + + @Test + public void submit_a_report_on_new_project_with_global_scan_permission() { + userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + + when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); + when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(null); + when(componentService.create(any(NewComponent.class))).thenReturn(new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY)); + + underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}")); + + verify(queue).submit(any(CeTaskSubmit.class)); + } + + @Test + public void submit_a_report_on_existing_project_with_global_scan_permission() { + userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + + when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); + when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(new ComponentDto().setUuid(PROJECT_UUID)); + underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}")); + + verify(queue).submit(any(CeTaskSubmit.class)); } + + @Test + public void submit_a_report_on_existing_project_with_project_scan_permission() { + userSession.addProjectPermissions(GlobalPermissions.SCAN_EXECUTION, PROJECT_KEY); + + when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); + when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(new ComponentDto().setUuid(PROJECT_UUID)); + + underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}")); + + verify(queue).submit(any(CeTaskSubmit.class)); + } + + @Test + public void fail_with_forbidden_exception_when_no_scan_permission() { + userSession.setGlobalPermissions(GlobalPermissions.DASHBOARD_SHARING); + + thrown.expect(ForbiddenException.class); + underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}")); + } + + @Test + public void fail_with_forbidden_exception_on_new_project_when_only_project_scan_permission() { + userSession.addProjectPermissions(GlobalPermissions.SCAN_EXECUTION, PROJECT_KEY); + + when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); + when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(null); + when(componentService.create(any(NewComponent.class))).thenReturn(new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY)); + + thrown.expect(ForbiddenException.class); + underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}")); + } + } diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java b/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java index 76ab980286d..1013c858dda 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java @@ -138,20 +138,20 @@ public class MockUserSession extends AbstractUserSession implem @Override public boolean hasComponentPermission(String permission, String componentKey) { String projectKey = projectKeyByComponentKey.get(componentKey); - return projectKey != null && hasProjectPermission(permission, projectKey); + return hasPermission(permission) || (projectKey != null && hasProjectPermission(permission, projectKey)); } private boolean hasProjectPermission(String permission, String projectKey) { - return hasPermission(permission) || (projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey)); + return projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey); } @Override public boolean hasComponentUuidPermission(String permission, String componentUuid) { String projectUuid = projectUuidByComponentUuid.get(componentUuid); - return projectUuid != null && hasProjectPermissionByUuid(permission, projectUuid); + return hasPermission(permission) || (projectUuid != null && hasProjectPermissionByUuid(permission, projectUuid)); } private boolean hasProjectPermissionByUuid(String permission, String projectUuid) { - return hasPermission(permission) || (projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid)); + return projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid); } }