From 3cd91cdaf3f1167677761b476d2d0edb261cdc46 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Wed, 6 Dec 2017 17:49:37 +0100 Subject: [PATCH] SONAR-10134 Add organization parameter in api/qualitygates/deselect --- .../server/qualitygate/ws/DeselectAction.java | 22 +++- .../qualitygate/ws/QualityGatesWsSupport.java | 4 +- .../qualitygate/ws/DeselectActionTest.java | 105 ++++++++++++------ 3 files changed, 91 insertions(+), 40 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java index 94db5339965..699df6cd581 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java @@ -29,8 +29,11 @@ import org.sonar.core.util.Uuids; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; +import org.sonar.db.organization.OrganizationDto; import org.sonar.server.component.ComponentFinder; +import org.sonar.server.exceptions.NotFoundException; +import static java.lang.String.format; import static org.sonar.server.qualitygate.QualityGateUpdater.SONAR_QUALITYGATE_PROPERTY; import static org.sonar.server.qualitygate.ws.QualityGatesWsParameters.PARAM_PROJECT_ID; import static org.sonar.server.qualitygate.ws.QualityGatesWsParameters.PARAM_PROJECT_KEY; @@ -71,26 +74,33 @@ public class DeselectAction implements QualityGatesWsAction { .setDescription("Project key") .setExampleValue(KEY_PROJECT_EXAMPLE_001) .setSince("6.1"); + + wsSupport.createOrganizationParam(action); } @Override public void handle(Request request, Response response) { try (DbSession dbSession = dbClient.openSession(false)) { - ComponentDto project = getProject(dbSession, request.param(PARAM_PROJECT_ID), request.param(PARAM_PROJECT_KEY)); - dissociateProject(dbSession, project); + OrganizationDto organization = wsSupport.getOrganization(dbSession, request); + ComponentDto project = getProject(dbSession, organization, request.param(PARAM_PROJECT_ID), request.param(PARAM_PROJECT_KEY)); + dissociateProject(dbSession, organization, project); response.noContent(); } } - private void dissociateProject(DbSession dbSession, ComponentDto project) { - wsSupport.checkCanAdminProject(project); + private void dissociateProject(DbSession dbSession, OrganizationDto organization, ComponentDto project) { + wsSupport.checkCanAdminProject(organization, project); dbClient.propertiesDao().deleteProjectProperty(SONAR_QUALITYGATE_PROPERTY, project.getId(), dbSession); dbSession.commit(); } - private ComponentDto getProject(DbSession dbSession, @Nullable String projectId, @Nullable String projectKey) { - return selectProjectById(dbSession, projectId) + private ComponentDto getProject(DbSession dbSession, OrganizationDto organization, @Nullable String projectId, @Nullable String projectKey) { + ComponentDto project = selectProjectById(dbSession, projectId) .orElseGet(() -> componentFinder.getByUuidOrKey(dbSession, projectId, projectKey, ComponentFinder.ParamNames.PROJECT_ID_AND_KEY)); + if (project.getOrganizationUuid().equals(organization.getUuid())) { + return project; + } + throw new NotFoundException(format("Project '%s' doesn't exist in organization '%s'", project.getKey(), organization.getKey())); } private Optional selectProjectById(DbSession dbSession, @Nullable String projectId) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/QualityGatesWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/QualityGatesWsSupport.java index eee346dcc18..5ff27149dba 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/QualityGatesWsSupport.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/QualityGatesWsSupport.java @@ -110,8 +110,8 @@ public class QualityGatesWsSupport { userSession.checkPermission(ADMINISTER_QUALITY_GATES, qualityGate.getOrganizationUuid()); } - void checkCanAdminProject(ComponentDto project) { - if (userSession.hasPermission(ADMINISTER_QUALITY_GATES, project.getOrganizationUuid()) + void checkCanAdminProject(OrganizationDto organization, ComponentDto project) { + if (userSession.hasPermission(ADMINISTER_QUALITY_GATES, organization) || userSession.hasComponentPermission(ADMIN, project)) { return; } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java index d55a7004337..f6d740f74a0 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java @@ -31,6 +31,7 @@ import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.property.PropertyDto; +import org.sonar.db.qualitygate.QGateWithOrgDto; import org.sonar.db.qualitygate.QualityGateDto; import org.sonar.server.component.TestComponentFinder; import org.sonar.server.exceptions.ForbiddenException; @@ -65,13 +66,15 @@ public class DeselectActionTest { @Test public void deselect_by_key() { - userSession.addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); - QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); - ComponentDto project = db.components().insertPrivateProject(); + OrganizationDto organization = db.organizations().insert(); + userSession.addPermission(ADMINISTER_QUALITY_GATES, organization); + QGateWithOrgDto qualityGate = db.qualityGates().insertQualityGate(organization); + ComponentDto project = db.components().insertPrivateProject(organization); associateProjectToQualityGate(project, qualityGate); ws.newRequest() - .setParam("projectKey", project.getDbKey()) + .setParam("projectKey", project.getKey()) + .setParam("organization", organization.getKey()) .execute(); assertDeselected(project.getId()); @@ -79,13 +82,15 @@ public class DeselectActionTest { @Test public void deselect_by_uuid() { - userSession.addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); - QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); - ComponentDto project = db.components().insertPrivateProject(); + OrganizationDto organization = db.organizations().insert(); + userSession.addPermission(ADMINISTER_QUALITY_GATES, organization); + QGateWithOrgDto qualityGate = db.qualityGates().insertQualityGate(organization); + ComponentDto project = db.components().insertPrivateProject(organization); associateProjectToQualityGate(project, qualityGate); ws.newRequest() .setParam("projectId", project.uuid()) + .setParam("organization", organization.getKey()) .execute(); assertDeselected(project.getId()); @@ -93,13 +98,15 @@ public class DeselectActionTest { @Test public void deselect_by_id() { - userSession.addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); - QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); - ComponentDto project = db.components().insertPrivateProject(); + OrganizationDto organization = db.organizations().insert(); + userSession.addPermission(ADMINISTER_QUALITY_GATES, organization); + QGateWithOrgDto qualityGate = db.qualityGates().insertQualityGate(organization); + ComponentDto project = db.components().insertPrivateProject(organization); associateProjectToQualityGate(project, qualityGate); ws.newRequest() .setParam("projectId", valueOf(project.getId())) + .setParam("organization", organization.getKey()) .execute(); assertDeselected(project.getId()); @@ -108,13 +115,13 @@ public class DeselectActionTest { @Test public void project_admin() { OrganizationDto organization = db.organizations().insert(); - QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); + QGateWithOrgDto qualityGate = db.qualityGates().insertQualityGate(organization); ComponentDto project = db.components().insertPrivateProject(organization); associateProjectToQualityGate(project, qualityGate); userSession.logIn().addProjectPermission(UserRole.ADMIN, project); ws.newRequest() - .setParam("projectKey", project.getDbKey()) + .setParam("projectKey", project.getKey()) .setParam("organization", organization.getKey()) .execute(); @@ -123,17 +130,19 @@ public class DeselectActionTest { @Test public void other_project_should_not_be_updated() { - userSession.addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); - QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); - ComponentDto project = db.components().insertPrivateProject(); + OrganizationDto organization = db.organizations().insert(); + userSession.addPermission(ADMINISTER_QUALITY_GATES, organization); + QGateWithOrgDto qualityGate = db.qualityGates().insertQualityGate(organization); + ComponentDto project = db.components().insertPrivateProject(organization); String gateId = valueOf(qualityGate.getId()); associateProjectToQualityGate(project, qualityGate); // Another project - ComponentDto anotherProject = db.components().insertPrivateProject(); + ComponentDto anotherProject = db.components().insertPrivateProject(organization); associateProjectToQualityGate(anotherProject, qualityGate); ws.newRequest() .setParam("projectKey", project.getKey()) + .setParam("organization", organization.getKey()) .execute(); assertDeselected(project.getId()); @@ -142,80 +151,108 @@ public class DeselectActionTest { @Test public void default_organization_is_used_when_no_organization_parameter() { - userSession.addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); - QualityGateDto qualityGate = db.qualityGates().insertQualityGate(); - ComponentDto project = db.components().insertPrivateProject(); + OrganizationDto organization = db.getDefaultOrganization(); + userSession.addPermission(ADMINISTER_QUALITY_GATES, organization); + QGateWithOrgDto qualityGate = db.qualityGates().insertQualityGate(organization); + ComponentDto project = db.components().insertPrivateProject(organization); associateProjectToQualityGate(project, qualityGate); ws.newRequest() - .setParam("projectKey", project.getDbKey()) + .setParam("projectKey", project.getKey()) .execute(); assertDeselected(project.getId()); } + @Test + public void fail_when_project_belongs_to_another_organization() { + OrganizationDto organization = db.organizations().insert(); + userSession.addPermission(ADMINISTER_QUALITY_GATES, organization); + OrganizationDto anotherOrganization = db.organizations().insert(); + ComponentDto project = db.components().insertPrivateProject(anotherOrganization); + + expectedException.expect(NotFoundException.class); + expectedException.expectMessage(format("Project '%s' doesn't exist in organization '%s'", project.getKey(), organization.getKey())); + + ws.newRequest() + .setParam("projectKey", project.getKey()) + .setParam("organization", organization.getKey()) + .execute(); + } + @Test public void fail_when_no_project_id() { - userSession.addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); + OrganizationDto organization = db.organizations().insert(); + userSession.addPermission(ADMINISTER_QUALITY_GATES, organization); expectedException.expect(NotFoundException.class); ws.newRequest() .setParam("projectId", valueOf((Long) 1L)) + .setParam("organization", organization.getKey()) .execute(); } @Test public void fail_when_no_project_key() { - userSession.addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); + OrganizationDto organization = db.organizations().insert(); + userSession.addPermission(ADMINISTER_QUALITY_GATES, organization); expectedException.expect(NotFoundException.class); ws.newRequest() .setParam("projectKey", "unknown") + .setParam("organization", organization.getKey()) .execute(); } @Test public void fail_when_anonymous() { - ComponentDto project = db.components().insertPrivateProject(); + OrganizationDto organization = db.organizations().insert(); + ComponentDto project = db.components().insertPrivateProject(organization); userSession.anonymous(); expectedException.expect(ForbiddenException.class); ws.newRequest() - .setParam("projectKey", project.getDbKey()) + .setParam("projectKey", project.getKey()) + .setParam("organization", organization.getKey()) .execute(); } @Test public void fail_when_not_project_admin() { - ComponentDto project = db.components().insertPrivateProject(); + OrganizationDto organization = db.organizations().insert(); + ComponentDto project = db.components().insertPrivateProject(organization); userSession.logIn().addProjectPermission(UserRole.ISSUE_ADMIN, project); expectedException.expect(ForbiddenException.class); ws.newRequest() - .setParam("projectKey", project.getDbKey()) + .setParam("projectKey", project.getKey()) + .setParam("organization", organization.getKey()) .execute(); } @Test public void fail_when_not_quality_gates_admin() { - userSession.addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); - ComponentDto project = db.components().insertPrivateProject(); + OrganizationDto organization = db.organizations().insert(); + userSession.addPermission(ADMINISTER_QUALITY_GATES, organization); + ComponentDto project = db.components().insertPrivateProject(organization); userSession.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, project.getOrganizationUuid()); expectedException.expect(ForbiddenException.class); ws.newRequest() - .setParam("projectKey", project.getDbKey()) + .setParam("projectKey", project.getKey()) + .setParam("organization", organization.getKey()) .execute(); } @Test public void fail_when_using_branch_db_key() throws Exception { - ComponentDto project = db.components().insertMainBranch(); + OrganizationDto organization = db.organizations().insert(); + ComponentDto project = db.components().insertMainBranch(organization); userSession.logIn().addProjectPermission(UserRole.ADMIN, project); ComponentDto branch = db.components().insertProjectBranch(project); @@ -224,12 +261,14 @@ public class DeselectActionTest { ws.newRequest() .setParam("projectKey", branch.getDbKey()) + .setParam("organization", organization.getKey()) .execute(); } @Test public void fail_when_using_branch_id() { - ComponentDto project = db.components().insertMainBranch(db.getDefaultOrganization()); + OrganizationDto organization = db.organizations().insert(); + ComponentDto project = db.components().insertMainBranch(organization); userSession.logIn().addProjectPermission(UserRole.ADMIN, project); ComponentDto branch = db.components().insertProjectBranch(project); @@ -238,6 +277,7 @@ public class DeselectActionTest { ws.newRequest() .setParam("projectId", branch.uuid()) + .setParam("organization", organization.getKey()) .execute(); } @@ -255,7 +295,8 @@ public class DeselectActionTest { .extracting(WebService.Param::key, WebService.Param::isRequired) .containsExactlyInAnyOrder( tuple("projectKey", false), - tuple("projectId", false)); + tuple("projectId", false), + tuple("organization", false)); } private void associateProjectToQualityGate(ComponentDto project, QualityGateDto qualityGate) { -- 2.39.5