From: Eric Hartmann Date: Thu, 22 Feb 2018 10:36:20 +0000 (+0100) Subject: SONAR-10323 Fix WS not checking SCAN global permission X-Git-Tag: 7.5~1635 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=9d33d9fa1a229413e5c131bcb0bfcae72a8fc87b;p=sonarqube.git SONAR-10323 Fix WS not checking SCAN global permission --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/branch/ws/ListAction.java b/server/sonar-server/src/main/java/org/sonar/server/branch/ws/ListAction.java index ca822de18f8..4583eb92be9 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/branch/ws/ListAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/branch/ws/ListAction.java @@ -39,6 +39,7 @@ import org.sonar.db.component.BranchType; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.SnapshotDto; import org.sonar.db.measure.LiveMeasureDto; +import org.sonar.db.permission.OrganizationPermission; import org.sonar.server.component.ComponentFinder; import org.sonar.server.issue.index.BranchStatistics; import org.sonar.server.issue.index.IssueIndex; @@ -163,7 +164,8 @@ public class ListAction implements BranchWsAction { private void checkPermission(ComponentDto component) { if (!userSession.hasComponentPermission(UserRole.USER, component) && - !userSession.hasComponentPermission(SCAN_EXECUTION, component)) { + !userSession.hasComponentPermission(SCAN_EXECUTION, component) && + !userSession.hasPermission(OrganizationPermission.SCAN, component.getOrganizationUuid())) { throw insufficientPrivilegesException(); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java index 273e8a8a568..4a947af76ae 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java @@ -39,6 +39,7 @@ import org.sonar.api.server.ws.WebService; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; +import org.sonar.db.permission.OrganizationPermission; import org.sonar.server.component.ComponentFinder; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Settings; @@ -154,8 +155,10 @@ public class ValuesAction implements SettingsWsAction { return Optional.empty(); } ComponentDto component = componentFinder.getByKeyAndOptionalBranch(dbSession, componentKey, valuesRequest.getBranch()); - if (!userSession.hasComponentPermission(USER, component) && !userSession.hasComponentPermission(SCAN_EXECUTION, component)) { - throw insufficientPrivilegesException(); + if (!userSession.hasComponentPermission(USER, component) && + !userSession.hasComponentPermission(SCAN_EXECUTION, component) && + !userSession.hasPermission(OrganizationPermission.SCAN, component.getOrganizationUuid())) { + throw insufficientPrivilegesException(); } return Optional.of(component); }