From 29533e50f4add1d6bfd61761b0f5ebab6576fe61 Mon Sep 17 00:00:00 2001 From: Zipeng WU Date: Wed, 20 Oct 2021 16:54:16 +0200 Subject: [PATCH] SONAR-15548 Extend permission on Quality Gate actions to selected users and groups --- .../qualitygate/ws/CreateConditionAction.java | 2 +- .../qualitygate/ws/DeleteConditionAction.java | 2 +- .../qualitygate/ws/UpdateConditionAction.java | 2 +- .../ws/CreateConditionActionTest.java | 40 +++++++++++++++++ .../ws/DeleteConditionActionTest.java | 35 +++++++++++++++ .../ws/UpdateConditionActionTest.java | 44 ++++++++++++++++++- 6 files changed, 121 insertions(+), 4 deletions(-) diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java index fa674dfbf01..90d0faa57c6 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java @@ -100,7 +100,7 @@ public class CreateConditionAction implements QualityGatesWsAction { } else { qualityGate = wsSupport.getByName(dbSession, gateName); } - wsSupport.checkCanEdit(qualityGate); + wsSupport.checkCanLimitedEdit(dbSession, qualityGate); QualityGateConditionDto condition = qualityGateConditionsUpdater.createCondition(dbSession, qualityGate, metric, operator, error); CreateConditionResponse.Builder createConditionResponse = CreateConditionResponse.newBuilder() .setId(condition.getUuid()) diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/DeleteConditionAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/DeleteConditionAction.java index 68aae96a11d..e7bde221f02 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/DeleteConditionAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/DeleteConditionAction.java @@ -63,7 +63,7 @@ public class DeleteConditionAction implements QualityGatesWsAction { QualityGateConditionDto condition = wsSupport.getCondition(dbSession, conditionUuid); QualityGateDto qualityGateDto = dbClient.qualityGateDao().selectByUuid(dbSession, condition.getQualityGateUuid()); checkState(qualityGateDto != null, "Condition '%s' is linked to an unknown quality gate '%s'", conditionUuid, condition.getQualityGateUuid()); - wsSupport.checkCanEdit(qualityGateDto); + wsSupport.checkCanLimitedEdit(dbSession, qualityGateDto); dbClient.gateConditionDao().delete(condition, dbSession); dbSession.commit(); diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java index ca8245693f5..06593b47c6f 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java @@ -86,7 +86,7 @@ public class UpdateConditionAction implements QualityGatesWsAction { QualityGateConditionDto condition = wsSupport.getCondition(dbSession, id); QualityGateDto qualityGateDto = dbClient.qualityGateDao().selectByUuid(dbSession, condition.getQualityGateUuid()); checkState(qualityGateDto != null, "Condition '%s' is linked to an unknown quality gate '%s'", id, condition.getQualityGateUuid()); - wsSupport.checkCanEdit(qualityGateDto); + wsSupport.checkCanLimitedEdit(dbSession, qualityGateDto); QualityGateConditionDto updatedCondition = qualityGateConditionsUpdater.updateCondition(dbSession, condition, metric, operator, error); UpdateConditionResponse.Builder updateConditionResponse = UpdateConditionResponse.newBuilder() .setId(updatedCondition.getUuid()) diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java index 13f93a1e6dd..c160570de2d 100644 --- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java +++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java @@ -34,11 +34,14 @@ import org.sonar.db.DbTester; import org.sonar.db.metric.MetricDto; import org.sonar.db.qualitygate.QualityGateConditionDto; import org.sonar.db.qualitygate.QualityGateDto; +import org.sonar.db.user.GroupDto; +import org.sonar.db.user.UserDto; import org.sonar.server.component.TestComponentFinder; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.qualitygate.QualityGateConditionsUpdater; import org.sonar.server.tester.UserSessionRule; +import org.sonar.server.ws.TestResponse; import org.sonar.server.ws.WsActionTester; import org.sonarqube.ws.Qualitygates.CreateConditionResponse; @@ -175,6 +178,43 @@ public class CreateConditionActionTest { assertThat(response.getError()).isEqualTo("45"); } + @Test + public void user_with_permission_can_call_endpoint() { + QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); + MetricDto metric = insertMetric(); + UserDto user = db.users().insertUser(); + db.qualityGates().addUserPermission(qualityGate, user); + userSession.logIn(user); + + TestResponse response = ws.newRequest() + .setParam(PARAM_GATE_ID, qualityGate.getUuid()) + .setParam(PARAM_METRIC, metric.getKey()) + .setParam(PARAM_OPERATOR, "LT") + .setParam(PARAM_ERROR, "90") + .execute(); + + assertThat(response.getStatus()).isEqualTo(200); + } + + @Test + public void user_with_group_permission_can_call_endpoint() { + QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); + MetricDto metric = insertMetric(); + UserDto user = db.users().insertUser(); + GroupDto group = db.users().insertGroup(); + db.qualityGates().addGroupPermission(qualityGate, group); + userSession.logIn(user).setGroups(group); + + TestResponse response = ws.newRequest() + .setParam(PARAM_GATE_ID, qualityGate.getUuid()) + .setParam(PARAM_METRIC, metric.getKey()) + .setParam(PARAM_OPERATOR, "LT") + .setParam(PARAM_ERROR, "90") + .execute(); + + assertThat(response.getStatus()).isEqualTo(200); + } + @Test public void throw_ForbiddenException_if_not_gate_administrator() { QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/DeleteConditionActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/DeleteConditionActionTest.java index 82e54b75769..30c972b60ac 100644 --- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/DeleteConditionActionTest.java +++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/DeleteConditionActionTest.java @@ -28,6 +28,8 @@ import org.sonar.db.DbTester; import org.sonar.db.metric.MetricDto; import org.sonar.db.qualitygate.QualityGateConditionDto; import org.sonar.db.qualitygate.QualityGateDto; +import org.sonar.db.user.GroupDto; +import org.sonar.db.user.UserDto; import org.sonar.server.component.TestComponentFinder; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; @@ -95,6 +97,39 @@ public class DeleteConditionActionTest { assertThat(result.getStatus()).isEqualTo(HTTP_NO_CONTENT); } + @Test + public void user_with_permission_can_call_endpoint() { + QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); + MetricDto metric = db.measures().insertMetric(); + QualityGateConditionDto qualityGateCondition = db.qualityGates().addCondition(qualityGate, metric); + UserDto user = db.users().insertUser(); + db.qualityGates().addUserPermission(qualityGate, user); + userSession.logIn(user); + + TestResponse response = ws.newRequest() + .setParam(PARAM_ID, qualityGateCondition.getUuid()) + .execute(); + + assertThat(response.getStatus()).isEqualTo(HTTP_NO_CONTENT); + } + + @Test + public void user_with_group_permission_can_call_endpoint() { + QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); + MetricDto metric = db.measures().insertMetric(); + QualityGateConditionDto qualityGateCondition = db.qualityGates().addCondition(qualityGate, metric); + UserDto user = db.users().insertUser(); + GroupDto group = db.users().insertGroup(); + db.qualityGates().addGroupPermission(qualityGate, group); + userSession.logIn(user).setGroups(group); + + TestResponse response = ws.newRequest() + .setParam(PARAM_ID, qualityGateCondition.getUuid()) + .execute(); + + assertThat(response.getStatus()).isEqualTo(HTTP_NO_CONTENT); + } + @Test public void fail_if_built_in_quality_gate() { userSession.addPermission(ADMINISTER_QUALITY_GATES); diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java index 87653060d9b..c976515a9e5 100644 --- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java +++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java @@ -34,12 +34,15 @@ import org.sonar.db.DbTester; import org.sonar.db.metric.MetricDto; import org.sonar.db.qualitygate.QualityGateConditionDto; import org.sonar.db.qualitygate.QualityGateDto; +import org.sonar.db.user.GroupDto; +import org.sonar.db.user.UserDto; import org.sonar.server.component.TestComponentFinder; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.qualitygate.QualityGateConditionsUpdater; import org.sonar.server.tester.UserSessionRule; +import org.sonar.server.ws.TestResponse; import org.sonar.server.ws.WsActionTester; import org.sonarqube.ws.Qualitygates.CreateConditionResponse; @@ -111,6 +114,45 @@ public class UpdateConditionActionTest { assertThat(response.getError()).isEqualTo("45"); } + @Test + public void user_with_permission_can_call_endpoint() { + QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); + MetricDto metric = insertMetric(); + QualityGateConditionDto condition = db.qualityGates().addCondition(qualityGate, metric); + UserDto user = db.users().insertUser(); + db.qualityGates().addUserPermission(qualityGate, user); + userSession.logIn(user); + + TestResponse response = ws.newRequest() + .setParam(PARAM_ID, condition.getUuid()) + .setParam(PARAM_METRIC, metric.getKey()) + .setParam(PARAM_OPERATOR, "LT") + .setParam(PARAM_ERROR, "45") + .execute(); + + assertThat(response.getStatus()).isEqualTo(200); + } + + @Test + public void user_with_group_permission_can_call_endpoint() { + QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); + MetricDto metric = insertMetric(); + QualityGateConditionDto condition = db.qualityGates().addCondition(qualityGate, metric); + UserDto user = db.users().insertUser(); + GroupDto group = db.users().insertGroup(); + db.qualityGates().addGroupPermission(qualityGate, group); + userSession.logIn(user).setGroups(group); + + TestResponse response = ws.newRequest() + .setParam(PARAM_ID, condition.getUuid()) + .setParam(PARAM_METRIC, metric.getKey()) + .setParam(PARAM_OPERATOR, "LT") + .setParam(PARAM_ERROR, "45") + .execute(); + + assertThat(response.getStatus()).isEqualTo(200); + } + @Test public void fail_to_update_built_in_quality_gate() { userSession.addPermission(ADMINISTER_QUALITY_GATES); @@ -243,7 +285,7 @@ public class UpdateConditionActionTest { @DataProvider public static Object[][] update_invalid_operators_and_direction() { - return new Object[][] { + return new Object[][]{ {"GT", "LT", -1}, {"LT", "GT", 1}, }; -- 2.39.5