From: Simon Brandhof <simon.brandhof@sonarsource.com>
Date: Thu, 9 Feb 2017 09:54:09 +0000 (+0100)
Subject: SONAR-8761 remove calls of WS to UserSession#isRoot()
X-Git-Tag: 6.3-RC1~29
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=499254c065e062495c462de6c23a04af11fd383e;p=sonarqube.git

SONAR-8761 remove calls of WS to UserSession#isRoot()

replace by UserSession#isSystemAdministrator()
---

diff --git a/it/it-tests/src/test/java/it/serverSystem/RestartTest.java b/it/it-tests/src/test/java/it/serverSystem/RestartTest.java
index 05b6fa3f528..495836ce6f7 100644
--- a/it/it-tests/src/test/java/it/serverSystem/RestartTest.java
+++ b/it/it-tests/src/test/java/it/serverSystem/RestartTest.java
@@ -33,6 +33,7 @@ import org.sonarqube.ws.client.GetRequest;
 import org.sonarqube.ws.client.PostRequest;
 import org.sonarqube.ws.client.WsClient;
 import org.sonarqube.ws.client.WsResponse;
+import org.sonarqube.ws.client.permission.AddUserWsRequest;
 import util.ItUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -60,7 +61,7 @@ public class RestartTest {
   }
 
   @Test
-  public void restart_in_prod_mode_requires_root_and_restarts_WebServer_and_ES() throws Exception {
+  public void restart_in_prod_mode_requires_sysadmin_permission_and_restarts() throws Exception {
     // server classloader locks Jar files on Windows
     if (!SystemUtils.IS_OS_WINDOWS) {
       orchestrator = Orchestrator.builderEnv()
@@ -70,10 +71,10 @@ public class RestartTest {
 
       verifyFailWith403(() -> newWsClient(orchestrator).system().restart());
 
-      createNonRootUser("john", "doe");
+      createNonSystemAdministrator("john", "doe");
       verifyFailWith403(() -> ItUtils.newUserWsClient(orchestrator, "john", "doe").system().restart());
 
-      createRootUser("big", "boss");
+      createSystemAdministrator("big", "boss");
       ItUtils.newUserWsClient(orchestrator, "big", "boss").system().restart();
       WsResponse wsResponse = newAdminWsClient(orchestrator).wsConnector().call(new GetRequest("/api/system/status")).failIfNotSuccessful();
       assertThat(wsResponse.content()).contains("RESTARTING");
@@ -114,17 +115,17 @@ public class RestartTest {
     }
   }
 
-   private void createRootUser(String login, String password) {
+  private void createSystemAdministrator(String login, String password) {
     WsClient wsClient = newAdminWsClient(orchestrator);
-    createNonRootUser(wsClient, login, password);
-    wsClient.rootService().setRoot(login);
+    createNonSystemAdministrator(wsClient, login, password);
+    wsClient.permissions().addUser(new AddUserWsRequest().setLogin(login).setPermission("admin"));
   }
 
-  private void createNonRootUser(String login, String password) {
-    createNonRootUser(newAdminWsClient(orchestrator), login, password);
+  private void createNonSystemAdministrator(String login, String password) {
+    createNonSystemAdministrator(newAdminWsClient(orchestrator), login, password);
   }
 
-  private static void createNonRootUser(WsClient wsClient, String login, String password) {
+  private static void createNonSystemAdministrator(WsClient wsClient, String login, String password) {
     wsClient.wsConnector().call(
       new PostRequest("api/users/create")
         .setParam("login", login)
diff --git a/server/sonar-server/src/main/java/org/sonar/server/property/ws/IndexAction.java b/server/sonar-server/src/main/java/org/sonar/server/property/ws/IndexAction.java
index 42a5a70ab9e..7154d689f7e 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/property/ws/IndexAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/property/ws/IndexAction.java
@@ -146,7 +146,9 @@ public class IndexAction implements WsAction {
   }
 
   private boolean hasAdminPermission(Optional<ComponentDto> component) {
-    return component.isPresent() ? userSession.hasComponentPermission(ADMIN, component.get()) : userSession.isRoot();
+    return component
+      .map(c -> userSession.hasComponentPermission(ADMIN, c))
+      .orElse(userSession.isSystemAdministrator());
   }
 
   private List<PropertyDto> loadGlobalSettings(DbSession dbSession, Optional<String> key) {
diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/SettingsAction.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/SettingsAction.java
index 65afbfdb246..b104a0d89fb 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/SettingsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/SettingsAction.java
@@ -57,13 +57,13 @@ public class SettingsAction implements NavigationWsAction {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    boolean isRoot = userSession.isRoot();
+    boolean isSysAdmin = userSession.isSystemAdministrator();
 
     JsonWriter json = response.newJsonWriter().beginObject();
-    json.prop("showUpdateCenter", isRoot && settings.getBoolean(WebConstants.SONAR_UPDATECENTER_ACTIVATE));
+    json.prop("showUpdateCenter", isSysAdmin && settings.getBoolean(WebConstants.SONAR_UPDATECENTER_ACTIVATE));
 
     json.name("extensions").beginArray();
-    if (isRoot) {
+    if (isSysAdmin) {
       for (Page page : pageRepository.getGlobalPages(true)) {
         json.beginObject()
           .prop("key", page.getKey())
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java
index 79591dd307d..a26136bdc28 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java
@@ -93,7 +93,7 @@ public class UserJsonWriter {
   }
 
   private void writeGroupsIfNeeded(JsonWriter json, Collection<String> groups, @Nullable Collection<String> fields) {
-    if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.isRoot()) {
+    if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.isSystemAdministrator()) {
       json.name(FIELD_GROUPS).beginArray();
       for (String groupName : groups) {
         json.value(groupName);
diff --git a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/TokenPermissionsValidator.java b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/TokenPermissionsValidator.java
index 81397044761..e0008553358 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/TokenPermissionsValidator.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/TokenPermissionsValidator.java
@@ -31,7 +31,7 @@ class TokenPermissionsValidator {
 
   static void validate(UserSession userSession, @Nullable String requestLogin) {
     userSession.checkLoggedIn();
-    if (!userSession.isRoot() && !isLoggedInUser(userSession, requestLogin)) {
+    if (!userSession.isSystemAdministrator() && !isLoggedInUser(userSession, requestLogin)) {
       throw insufficientPrivilegesException();
     }
   }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
index 6f9d0c55bd7..f71e74df946 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
@@ -139,6 +139,16 @@ public class UserSessionRule implements TestRule, UserSession {
     return this;
   }
 
+  public UserSessionRule setSystemAdministrator() {
+    ensureMockUserSession().setSystemAdministrator(true);
+    return this;
+  }
+
+  public UserSessionRule setNonSystemAdministrator() {
+    ensureMockUserSession().setSystemAdministrator(false);
+    return this;
+  }
+
   @Override
   public Statement apply(Statement statement, Description description) {
     return this.statement(statement);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java
index 3b7a497fde3..8e28e4a4f0b 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/GenerateActionTest.java
@@ -79,7 +79,7 @@ public class GenerateActionTest {
 
   @Test
   public void json_example() {
-    userSession.logIn().setRoot();
+    logInAsSystemAdministrator();
 
     String response = ws.newRequest()
       .setMediaType(MediaTypes.JSON)
@@ -101,7 +101,7 @@ public class GenerateActionTest {
 
   @Test
   public void fail_if_name_is_longer_than_100_characters() {
-    userSession.logIn().setRoot();
+    logInAsSystemAdministrator();
 
     expectedException.expect(IllegalArgumentException.class);
     expectedException.expectMessage("Token name length (101) is longer than the maximum authorized (100)");
@@ -111,7 +111,7 @@ public class GenerateActionTest {
 
   @Test
   public void fail_if_login_does_not_exist() {
-    userSession.logIn().setRoot();
+    logInAsSystemAdministrator();
 
     expectedException.expect(ForbiddenException.class);
 
@@ -120,7 +120,7 @@ public class GenerateActionTest {
 
   @Test
   public void fail_if_name_is_blank() {
-    userSession.logIn().setRoot();
+    logInAsSystemAdministrator();
 
     expectedException.expect(BadRequestException.class);
     expectedException.expectMessage("The 'name' parameter must not be blank");
@@ -130,7 +130,7 @@ public class GenerateActionTest {
 
   @Test
   public void fail_if_token_with_same_login_and_name_exists() {
-    userSession.logIn().setRoot();
+    logInAsSystemAdministrator();
 
     newRequest(GRACE_HOPPER, TOKEN_NAME);
     expectedException.expect(BadRequestException.class);
@@ -141,7 +141,7 @@ public class GenerateActionTest {
 
   @Test
   public void fail_if_token_hash_already_exists_in_db() {
-    userSession.logIn().setRoot();
+    logInAsSystemAdministrator();
 
     when(tokenGenerator.hash(anyString())).thenReturn("987654321");
     db.getDbClient().userTokenDao().insert(db.getSession(), newUserToken().setTokenHash("987654321"));
@@ -154,7 +154,7 @@ public class GenerateActionTest {
 
   @Test
   public void throw_ForbiddenException_if_non_administrator_creates_token_for_someone_else() {
-    userSession.logIn().setNonRoot();
+    userSession.logIn().setNonSystemAdministrator();
 
     expectedException.expect(ForbiddenException.class);
 
@@ -187,4 +187,8 @@ public class GenerateActionTest {
       throw propagate(e);
     }
   }
+
+  private void logInAsSystemAdministrator() {
+    userSession.logIn().setSystemAdministrator();
+  }
 }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/RevokeActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/RevokeActionTest.java
index 013888dd7ee..7ef7baf7921 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/RevokeActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/RevokeActionTest.java
@@ -65,7 +65,7 @@ public class RevokeActionTest {
 
   @Test
   public void delete_token_in_db() {
-    userSession.logIn().setRoot();
+    logInAsSystemAdministrator();
     insertUserToken(newUserToken().setLogin(GRACE_HOPPER).setName("token-to-delete"));
     insertUserToken(newUserToken().setLogin(GRACE_HOPPER).setName("token-to-keep-1"));
     insertUserToken(newUserToken().setLogin(GRACE_HOPPER).setName("token-to-keep-2"));
@@ -91,7 +91,7 @@ public class RevokeActionTest {
 
   @Test
   public void does_not_fail_when_incorrect_login_or_name() {
-    userSession.logIn().setRoot();
+    logInAsSystemAdministrator();
     insertUserToken(newUserToken().setLogin(GRACE_HOPPER).setName(TOKEN_NAME));
 
     newRequest(ADA_LOVELACE, "another-token-name");
@@ -131,4 +131,8 @@ public class RevokeActionTest {
     dbClient.userTokenDao().insert(dbSession, userToken);
     dbSession.commit();
   }
+
+  private void logInAsSystemAdministrator() {
+    userSession.logIn().setSystemAdministrator();
+  }
 }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/SearchActionTest.java
index 9fcb1f079bb..bf448aa09fc 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/SearchActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usertoken/ws/SearchActionTest.java
@@ -68,7 +68,7 @@ public class SearchActionTest {
 
   @Test
   public void search_json_example() {
-    userSession.logIn().setRoot();
+    logInAsSystemAdministrator();
 
     dbClient.userTokenDao().insert(dbSession, newUserToken()
       .setCreatedAt(1448523067221L)
@@ -111,7 +111,7 @@ public class SearchActionTest {
 
   @Test
   public void fail_when_login_does_not_exist() {
-    userSession.logIn().setRoot();
+    logInAsSystemAdministrator();
 
     expectedException.expect(NotFoundException.class);
     expectedException.expectMessage("User with login 'unknown-login' not found");
@@ -154,4 +154,8 @@ public class SearchActionTest {
 
     throw new IllegalStateException("unreachable");
   }
+
+  private void logInAsSystemAdministrator() {
+    userSession.logIn().setSystemAdministrator();
+  }
 }