From: Jean-Baptiste Lievremont Date: Wed, 10 Jun 2015 13:03:51 +0000 (+0200) Subject: SONAR-6582 Fix bug with permission checks in ServerUserSession X-Git-Tag: 5.2-RC1~1439 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=6d3d08a52019b1d98776883b577f1785bb0cd84f;p=sonarqube.git SONAR-6582 Fix bug with permission checks in ServerUserSession --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java b/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java index 0011cb1a228..c2331f884c0 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java @@ -19,10 +19,6 @@ */ package org.sonar.server.issue; -import org.sonar.server.issue.ws.IssueComponentHelper; -import org.sonar.server.issue.ws.IssueJsonWriter; - -import org.elasticsearch.common.collect.Lists; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Function; import com.google.common.base.Predicate; @@ -32,6 +28,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableMultimap; import com.google.common.collect.ImmutableSet; import com.google.common.collect.Iterables; +import com.google.common.collect.Lists; import com.google.common.collect.Maps; import com.google.common.collect.Sets; import java.io.StringWriter; @@ -73,13 +70,15 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.issue.actionplan.ActionPlanService; import org.sonar.server.issue.filter.IssueFilterParameters; import org.sonar.server.issue.filter.IssueFilterService; +import org.sonar.server.issue.ws.IssueComponentHelper; +import org.sonar.server.issue.ws.IssueJsonWriter; import org.sonar.server.search.QueryContext; import org.sonar.server.user.UserSession; import org.sonar.server.user.index.UserIndex; import org.sonar.server.util.RubyUtils; import org.sonar.server.util.Validation; + import static com.google.common.collect.Lists.newArrayList; -import static com.google.common.collect.Maps.newHashMap; /** * Used through ruby code 
Internal.issues
diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/IssueComponentHelper.java b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/IssueComponentHelper.java index 2d9d2ae6b5a..fd7e7e22837 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/IssueComponentHelper.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/IssueComponentHelper.java @@ -19,15 +19,15 @@ */ package org.sonar.server.issue.ws; -import static com.google.common.collect.Maps.newHashMap; - -import org.sonar.server.db.DbClient; import java.util.Collection; import java.util.List; import java.util.Map; import java.util.Set; import org.sonar.core.component.ComponentDto; import org.sonar.core.persistence.DbSession; +import org.sonar.server.db.DbClient; + +import static com.google.common.collect.Maps.newHashMap; /** * This class computes some collections of {@link ComponentDto}s used to serialize issues. diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/IssueJsonWriter.java b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/IssueJsonWriter.java index fac3c5e367e..9e37fe17d24 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/ws/IssueJsonWriter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/ws/IssueJsonWriter.java @@ -20,8 +20,6 @@ package org.sonar.server.issue.ws; -import org.sonar.server.user.ws.UserJsonWriter; - import com.google.common.collect.ImmutableSet; import com.google.common.collect.Multimap; import java.util.Collection; @@ -44,6 +42,7 @@ import org.sonar.api.utils.text.JsonWriter; import org.sonar.core.component.ComponentDto; import org.sonar.markdown.Markdown; import org.sonar.server.user.UserSession; +import org.sonar.server.user.ws.UserJsonWriter; public class IssueJsonWriter { diff --git a/server/sonar-server/src/main/java/org/sonar/server/platform/platformlevel/PlatformLevel4.java b/server/sonar-server/src/main/java/org/sonar/server/platform/platformlevel/PlatformLevel4.java index dfccb580160..42ef539aa6c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/platform/platformlevel/PlatformLevel4.java +++ b/server/sonar-server/src/main/java/org/sonar/server/platform/platformlevel/PlatformLevel4.java @@ -19,9 +19,6 @@ */ package org.sonar.server.platform.platformlevel; -import org.sonar.server.issue.ws.IssueComponentHelper; -import org.sonar.server.issue.ws.IssueJsonWriter; - import java.util.List; import org.sonar.api.config.EmailSettings; import org.sonar.api.issue.action.Actions; @@ -159,6 +156,8 @@ import org.sonar.server.issue.notification.NewIssuesNotificationDispatcher; import org.sonar.server.issue.notification.NewIssuesNotificationFactory; import org.sonar.server.issue.ws.ComponentTagsAction; import org.sonar.server.issue.ws.IssueActionsWriter; +import org.sonar.server.issue.ws.IssueComponentHelper; +import org.sonar.server.issue.ws.IssueJsonWriter; import org.sonar.server.issue.ws.IssuesWs; import org.sonar.server.issue.ws.SetTagsAction; import org.sonar.server.language.ws.LanguageWs; diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java index 8c91da19730..e8e6c831c4b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java @@ -48,7 +48,8 @@ public abstract class AbstractUserSession impleme protected HashMultimap projectKeyByPermission = HashMultimap.create(); protected HashMultimap projectUuidByPermission = HashMultimap.create(); protected Map projectUuidByComponentUuid = newHashMap(); - protected List projectPermissions = newArrayList(); + protected List projectPermissionsCheckedByKey = newArrayList(); + protected List projectPermissionsCheckedByUuid = newArrayList(); protected String name; protected Locale locale = Locale.ENGLISH; diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java index 454caa863d5..74580dc4909 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java @@ -75,19 +75,19 @@ public class ServerUserSession extends AbstractUserSession @Override public boolean hasProjectPermission(String permission, String projectKey) { - if (!projectPermissions.contains(permission)) { + if (!projectPermissionsCheckedByKey.contains(permission)) { Collection projectKeys = authorizationDao.selectAuthorizedRootProjectsKeys(userId, permission); for (String key : projectKeys) { projectKeyByPermission.put(permission, key); } - projectPermissions.add(permission); + projectPermissionsCheckedByKey.add(permission); } return projectKeyByPermission.get(permission).contains(projectKey); } @Override public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { - if (!projectPermissions.contains(permission)) { + if (!projectPermissionsCheckedByUuid.contains(permission)) { Collection projectUuids = authorizationDao.selectAuthorizedRootProjectsUuids(userId, permission); addProjectPermission(permission, projectUuids); } @@ -98,7 +98,7 @@ public class ServerUserSession extends AbstractUserSession for (String key : authorizedProjectUuids) { projectUuidByPermission.put(permission, key); } - projectPermissions.add(permission); + projectPermissionsCheckedByUuid.add(permission); } @Override diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java b/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java index 25b5f2081c9..6eb56702ffa 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java @@ -52,7 +52,7 @@ public class MockUserSession extends AbstractUserSession implem this.projectKeyByPermission = ruleUserSession.projectKeyByPermission; this.projectUuidByPermission = ruleUserSession.projectUuidByPermission; this.projectUuidByComponentUuid = ruleUserSession.projectUuidByComponentUuid; - this.projectPermissions = ruleUserSession.projectPermissions; + this.projectPermissionsCheckedByKey = ruleUserSession.projectPermissionsCheckedByKey; this.name = ruleUserSession.name; this.locale = ruleUserSession.locale; } @@ -97,13 +97,13 @@ public class MockUserSession extends AbstractUserSession implem */ @Deprecated public MockUserSession addProjectPermissions(String projectPermission, String... projectKeys) { - this.projectPermissions.add(projectPermission); + this.projectPermissionsCheckedByKey.add(projectPermission); this.projectKeyByPermission.putAll(projectPermission, newArrayList(projectKeys)); return this; } public MockUserSession addProjectUuidPermissions(String projectPermission, String... projectUuids) { - this.projectPermissions.add(projectPermission); + this.projectPermissionsCheckedByUuid.add(projectPermission); this.projectUuidByPermission.putAll(projectPermission, newArrayList(projectUuids)); return this; } @@ -131,12 +131,12 @@ public class MockUserSession extends AbstractUserSession implem @Override public boolean hasProjectPermission(String permission, String projectKey) { - return projectPermissions.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey); + return projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey); } @Override public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { - return projectPermissions.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid); + return projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid); } @Override