From: Daniel Schwarz Date: Tue, 2 May 2017 15:21:47 +0000 (+0200) Subject: SONAR-8949 let api/rules/update permission check use the specified org X-Git-Tag: 6.4-RC1~137 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=b654b210c6f9d1afcc523bdd40a0f559e5ef7b64;p=sonarqube.git SONAR-8949 let api/rules/update permission check use the specified org --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/CreateAction.java index 7f4d99b8873..d0625002a03 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/CreateAction.java @@ -136,7 +136,7 @@ public class CreateAction implements RulesWsAction { @Override public void handle(Request request, Response response) throws Exception { - ruleWsSupport.checkQProfileAdminPermission(); + ruleWsSupport.checkQProfileAdminPermissionOnDefaultOrganization(); String customKey = request.mandatoryParam(PARAM_CUSTOM_KEY); try (DbSession dbSession = dbClient.openSession(false)) { try { diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/DeleteAction.java index ae07fa32c02..2371bd07729 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/DeleteAction.java @@ -70,7 +70,7 @@ public class DeleteAction implements RulesWsAction { @Override public void handle(Request request, Response response) { - ruleWsSupport.checkQProfileAdminPermission(); + ruleWsSupport.checkQProfileAdminPermissionOnDefaultOrganization(); RuleKey key = RuleKey.parse(request.mandatoryParam(PARAM_KEY)); delete(key); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java index 27a14b2678a..5e603d13e00 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java @@ -44,7 +44,7 @@ public class RuleWsSupport { this.defaultOrganizationProvider = defaultOrganizationProvider; } - public void checkQProfileAdminPermission() { + public void checkQProfileAdminPermissionOnDefaultOrganization() { userSession .checkLoggedIn() .checkPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/UpdateAction.java index 15e14891463..52a04e17496 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/UpdateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/UpdateAction.java @@ -52,6 +52,7 @@ import static java.lang.String.format; import static java.util.Collections.singletonList; import static java.util.Optional.ofNullable; import static org.apache.commons.lang.StringUtils.defaultIfEmpty; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.server.ws.WsUtils.writeProtobuf; public class UpdateAction implements RulesWsAction { @@ -76,16 +77,14 @@ public class UpdateAction implements RulesWsAction { private final RuleUpdater ruleUpdater; private final RuleMapper mapper; private final UserSession userSession; - private final RuleWsSupport ruleWsSupport; private final DefaultOrganizationProvider defaultOrganizationProvider; public UpdateAction(DbClient dbClient, RuleUpdater ruleUpdater, RuleMapper mapper, UserSession userSession, - RuleWsSupport ruleWsSupport, DefaultOrganizationProvider defaultOrganizationProvider) { + DefaultOrganizationProvider defaultOrganizationProvider) { this.dbClient = dbClient; this.ruleUpdater = ruleUpdater; this.mapper = mapper; this.userSession = userSession; - this.ruleWsSupport = ruleWsSupport; this.defaultOrganizationProvider = defaultOrganizationProvider; } @@ -176,10 +175,10 @@ public class UpdateAction implements RulesWsAction { @Override public void handle(Request request, Response response) throws Exception { - ruleWsSupport.checkQProfileAdminPermission(); - + userSession.checkLoggedIn(); try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = getOrganization(request, dbSession); + userSession.checkPermission(ADMINISTER_QUALITY_PROFILES, organization); RuleUpdate update = readRequest(dbSession, request, organization); ruleUpdater.update(dbSession, update, organization, userSession); UpdateResponse updateResponse = buildResponse(dbSession, update.getRuleKey(), organization); diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionTest.java index 5ab6f15a677..bf4962032a6 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionTest.java @@ -99,7 +99,7 @@ public class UpdateActionTest { private RuleIndexer ruleIndexer = new RuleIndexer(esClient, dbClient); private RuleUpdater ruleUpdater = new RuleUpdater(dbClient, ruleIndexer, System2.INSTANCE); private RuleWsSupport ruleWsSupport = new RuleWsSupport(dbClient, userSession, defaultOrganizationProvider); - private WsAction underTest = new UpdateAction(dbClient, ruleUpdater, mapper, userSession, ruleWsSupport, defaultOrganizationProvider); + private WsAction underTest = new UpdateAction(dbClient, ruleUpdater, mapper, userSession, defaultOrganizationProvider); private WsActionTester ws = new WsActionTester(underTest); @Test @@ -175,9 +175,8 @@ public class UpdateActionTest { @Test public void update_tags_for_specific_organization() throws IOException { - logInAsQProfileAdministrator(); - OrganizationDto organization = db.organizations().insert(); + logInAsQProfileAdministrator(organization.getUuid()); RuleDefinitionDto rule = db.rules().insert(setSystemTags("stag1", "stag2")); db.rules().insertOrUpdateMetadata(rule, organization, setTags("tagAlt1", "tagAlt2")); @@ -204,9 +203,8 @@ public class UpdateActionTest { @Test public void update_rule_remediation_function() throws IOException { - logInAsQProfileAdministrator(); - OrganizationDto organization = db.organizations().insert(); + logInAsQProfileAdministrator(organization.getUuid()); RuleDefinitionDto rule = db.rules().insert( r -> r.setDefRemediationFunction(LINEAR.toString()), @@ -342,9 +340,13 @@ public class UpdateActionTest { } private void logInAsQProfileAdministrator() { + logInAsQProfileAdministrator(db.getDefaultOrganization().getUuid()); + } + + private void logInAsQProfileAdministrator(String orgUuid) { userSession .logIn() - .addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization().getUuid()); + .addPermission(ADMINISTER_QUALITY_PROFILES, orgUuid); } private static MacroInterpreter createMacroInterpreter() {