From 2d98999918574c56056c21f9c4791476d644a041 Mon Sep 17 00:00:00 2001 From: Guillaume Jambet Date: Tue, 27 Feb 2018 17:36:32 +0100 Subject: [PATCH] SONAR-10423 add consistency validation on homepage retrieval --- .../sonar/server/user/ws/CurrentAction.java | 14 +++- .../server/user/ws/CurrentActionTest.java | 72 +++++++++++++++++-- 2 files changed, 78 insertions(+), 8 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java index 2df9909bcee..599604ef1e1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java @@ -46,6 +46,7 @@ import static java.util.Optional.of; import static java.util.Optional.ofNullable; import static java.util.stream.Collectors.toList; import static org.apache.commons.lang.StringUtils.EMPTY; +import static org.sonar.api.web.UserRole.USER; import static org.sonar.core.util.Protobuf.setNullable; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.Users.CurrentWsResponse.Permissions; @@ -164,7 +165,7 @@ public class CurrentAction implements UsersWsAction { private Optional projectHomepage(DbSession dbSession, UserDto user) { Optional projectOptional = ofNullable(dbClient.componentDao().selectByUuid(dbSession, of(user.getHomepageParameter()).orElse(EMPTY)).orNull()); - if (!projectOptional.isPresent()) { + if (shouldCleanProjectHomepage(projectOptional)) { cleanUserHomepageInDb(dbSession, user); return empty(); } @@ -176,9 +177,13 @@ public class CurrentAction implements UsersWsAction { return of(homepage.build()); } + private boolean shouldCleanProjectHomepage(Optional projectOptional) { + return !projectOptional.isPresent() || !userSession.hasComponentPermission(USER, projectOptional.get()); + } + private Optional applicationAndPortfolioHomepage(DbSession dbSession, UserDto user) { Optional componentOptional = ofNullable(dbClient.componentDao().selectByUuid(dbSession, of(user.getHomepageParameter()).orElse(EMPTY)).orNull()); - if (!componentOptional.isPresent() || !pluginRepository.hasPlugin(GOVERNANCE_PLUGIN_KEY)) { + if (shouldCleanApplicationOrPortfolioHomepage(componentOptional)) { cleanUserHomepageInDb(dbSession, user); return empty(); } @@ -189,6 +194,11 @@ public class CurrentAction implements UsersWsAction { .build()); } + private boolean shouldCleanApplicationOrPortfolioHomepage(Optional componentOptional) { + return !componentOptional.isPresent() || !pluginRepository.hasPlugin(GOVERNANCE_PLUGIN_KEY) + || !userSession.hasComponentPermission(USER, componentOptional.get()); + } + private Optional organizationHomepage(DbSession dbSession, UserDto user) { Optional organizationOptional = dbClient.organizationDao().selectByUuid(dbSession, of(user.getHomepageParameter()).orElse(EMPTY)); if (!organizationOptional.isPresent()) { diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java index f148c030860..ace7efa2150 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java @@ -29,6 +29,8 @@ import org.sonar.core.platform.PluginRepository; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; +import org.sonar.db.organization.OrganizationDbTester; +import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.UserDto; import org.sonar.server.issue.ws.AvatarResolverImpl; import org.sonar.server.organization.DefaultOrganizationProvider; @@ -42,6 +44,7 @@ import static com.google.common.collect.Lists.newArrayList; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import static org.sonar.api.web.UserRole.USER; import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; @@ -59,6 +62,7 @@ public class CurrentActionTest { private DbClient dbClient = db.getDbClient(); private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); + private OrganizationDbTester organizationDbTester = db.organizations(); private PluginRepository pluginRepository = mock(PluginRepository.class); private MapSettings settings = new MapSettings(); @@ -184,7 +188,7 @@ public class CurrentActionTest { withGovernancePlugin(); ComponentDto portfolio = db.components().insertPrivatePortfolio(db.getDefaultOrganization()); UserDto user = db.users().insertUser(u -> u.setHomepageType("PORTFOLIO").setHomepageParameter(portfolio.uuid())); - userSessionRule.logIn(user); + userSessionRule.logIn(user).addProjectPermission(USER, portfolio); CurrentWsResponse response = call(); @@ -193,12 +197,26 @@ public class CurrentActionTest { .containsExactly(CurrentWsResponse.HomepageType.PORTFOLIO, portfolio.getKey()); } + @Test + public void return_default_when_set_to_a_portfolio_but_no_rights_on_this_portfolio() { + withGovernancePlugin(); + ComponentDto portfolio = db.components().insertPrivatePortfolio(db.getDefaultOrganization()); + UserDto user = db.users().insertUser(u -> u.setHomepageType("PORTFOLIO").setHomepageParameter(portfolio.uuid())); + userSessionRule.logIn(user); + + CurrentWsResponse response = call(); + + assertThat(response.getHomepage()) + .extracting(CurrentWsResponse.Homepage::getType) + .containsExactly(CurrentWsResponse.HomepageType.PROJECTS); + } + @Test public void return_homepage_when_set_to_an_application() { withGovernancePlugin(); ComponentDto application = db.components().insertPrivateApplication(db.getDefaultOrganization()); UserDto user = db.users().insertUser(u -> u.setHomepageType("APPLICATION").setHomepageParameter(application.uuid())); - userSessionRule.logIn(user); + userSessionRule.logIn(user).addProjectPermission(USER, application); CurrentWsResponse response = call(); @@ -207,11 +225,25 @@ public class CurrentActionTest { .containsExactly(CurrentWsResponse.HomepageType.APPLICATION, application.getKey()); } + @Test + public void return_default_homepage_when_set_to_an_application_but_no_rights_on_this_application() { + withGovernancePlugin(); + ComponentDto application = db.components().insertPrivateApplication(db.getDefaultOrganization()); + UserDto user = db.users().insertUser(u -> u.setHomepageType("APPLICATION").setHomepageParameter(application.uuid())); + userSessionRule.logIn(user); + + CurrentWsResponse response = call(); + + assertThat(response.getHomepage()) + .extracting(CurrentWsResponse.Homepage::getType) + .containsExactly(CurrentWsResponse.HomepageType.PROJECTS); + } + @Test public void return_homepage_when_set_to_a_project() { ComponentDto project = db.components().insertPrivateProject(); UserDto user = db.users().insertUser(u -> u.setHomepageType("PROJECT").setHomepageParameter(project.uuid())); - userSessionRule.logIn(user); + userSessionRule.logIn(user).addProjectPermission(USER, project); CurrentWsResponse response = call(); @@ -220,12 +252,39 @@ public class CurrentActionTest { .containsExactly(CurrentWsResponse.HomepageType.PROJECT, project.getKey()); } + @Test + public void return_default_homepage_when_set_to_a_project_but_no_rights_on_this_project() { + ComponentDto project = db.components().insertPrivateProject(); + UserDto user = db.users().insertUser(u -> u.setHomepageType("PROJECT").setHomepageParameter(project.uuid())); + userSessionRule.logIn(user); + + CurrentWsResponse response = call(); + + assertThat(response.getHomepage()) + .extracting(CurrentWsResponse.Homepage::getType) + .containsExactly(CurrentWsResponse.HomepageType.PROJECTS); + } + + @Test + public void return_homepage_when_set_to_an_organization() { + + OrganizationDto organizationDto = organizationDbTester.insert(); + UserDto user = db.users().insertUser(u -> u.setHomepageType("ORGANIZATION").setHomepageParameter(organizationDto.getUuid())); + userSessionRule.logIn(user); + + CurrentWsResponse response = call(); + + assertThat(response.getHomepage()) + .extracting(CurrentWsResponse.Homepage::getType, CurrentWsResponse.Homepage::getOrganization) + .containsExactly(CurrentWsResponse.HomepageType.ORGANIZATION, organizationDto.getKey()); + } + @Test public void return_homepage_when_set_to_a_branch() { ComponentDto project = db.components().insertMainBranch(); ComponentDto branch = db.components().insertProjectBranch(project); UserDto user = db.users().insertUser(u -> u.setHomepageType("PROJECT").setHomepageParameter(branch.uuid())); - userSessionRule.logIn(user); + userSessionRule.logIn(user).addProjectPermission(USER, project); CurrentWsResponse response = call(); @@ -266,10 +325,12 @@ public class CurrentActionTest { @Test public void json_example() { + ComponentDto componentDto = db.components().insertPrivateProject(u -> u.setUuid("UUID-of-the-death-star"), u -> u.setDbKey("death-star-key")); userSessionRule .logIn("obiwan.kenobi") .addPermission(SCAN, db.getDefaultOrganization()) - .addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization()); + .addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization()) + .addProjectPermission(USER, componentDto); UserDto obiwan = db.users().insertUser(user -> user .setLogin("obiwan.kenobi") .setName("Obiwan Kenobi") @@ -284,7 +345,6 @@ public class CurrentActionTest { db.users().insertMember(db.users().insertGroup(newGroupDto().setName("Jedi")), obiwan); db.users().insertMember(db.users().insertGroup(newGroupDto().setName("Rebel")), obiwan); - db.components().insertPublicProject(u -> u.setUuid("UUID-of-the-death-star"), u -> u.setDbKey("death-star-key")); String response = ws.newRequest().execute().getInput(); -- 2.39.5