From: Pierre Date: Wed, 14 Jun 2023 08:51:30 +0000 (+0200) Subject: SONAR-19577 allow 'project admin' to use api/ce/task X-Git-Tag: 10.1.0.73491~10 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=8bc53b74c73dd5dc777187ce6842719f87730213;p=sonarqube.git SONAR-19577 allow 'project admin' to use api/ce/task --- diff --git a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/ce/ws/TaskActionIT.java b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/ce/ws/TaskActionIT.java index 42a6b28c5f4..33960fbc82f 100644 --- a/server/sonar-webserver-webapi/src/it/java/org/sonar/server/ce/ws/TaskActionIT.java +++ b/server/sonar-webserver-webapi/src/it/java/org/sonar/server/ce/ws/TaskActionIT.java @@ -344,6 +344,14 @@ public class TaskActionIT { call(task.getUuid()); } + @Test + public void get_project_queue_task_with_project_admin_permission() { + userSession.logIn().addProjectPermission(ADMIN, privateProject); + CeActivityDto task = createAndPersistArchivedTask(privateProject); + + call(task.getUuid()); + } + @Test public void getting_project_queue_task_throws_ForbiddenException_if_no_admin_nor_scan_permissions() { UserDto user = db.users().insertUser(); diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/ce/ws/TaskAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/ce/ws/TaskAction.java index a6e20362242..7024dd95a63 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/ce/ws/TaskAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/ce/ws/TaskAction.java @@ -69,15 +69,19 @@ public class TaskAction implements CeWsAction { public void define(WebService.NewController controller) { WebService.NewAction action = controller.createAction(ACTION) .setDescription("Give Compute Engine task details such as type, status, duration and associated component.
" + - "Requires 'Administer System' or 'Execute Analysis' permission.
" + + "Requires one of the following permissions: " + + "" + "Since 6.1, field \"logs\" is deprecated and its value is always false.") .setResponseExample(getClass().getResource("task-example.json")) .setSince("5.2") .setChangelog( new Change("6.6", "fields \"branch\" and \"branchType\" added"), new Change("10.1", "Warnings field will be now always be filled (it is not necessary to mention it explicitly in 'additionalFields'). " - + "'additionalFields' value `warning' is deprecated.") - ) + + "'additionalFields' value `warning' is deprecated."), + new Change("10.1", "'Project Administrator' is added to the list of allowed permissions to access this endpoint")) .setHandler(this); action @@ -126,17 +130,22 @@ public class TaskAction implements CeWsAction { private void checkPermission(Optional component) { if (component.isPresent()) { - if (!userSession.hasPermission(GlobalPermission.ADMINISTER) && - !userSession.hasPermission(GlobalPermission.SCAN) && - !userSession.hasComponentPermission(UserRole.SCAN, component.get())) { - throw insufficientPrivilegesException(); - } - + checkComponentPermission(component.get()); } else { userSession.checkIsSystemAdministrator(); } } + private void checkComponentPermission(ComponentDto component) { + if (userSession.hasPermission(GlobalPermission.ADMINISTER) || + userSession.hasPermission(GlobalPermission.SCAN) || + userSession.hasComponentPermission(UserRole.ADMIN, component) || + userSession.hasComponentPermission(UserRole.SCAN, component)) { + return; + } + throw insufficientPrivilegesException(); + } + private static void maskErrorStacktrace(CeActivityDto ceActivityDto, Set additionalFields) { if (!additionalFields.contains(AdditionalField.STACKTRACE)) { ceActivityDto.setErrorStacktrace(null);