From 4345cc170846b25d06fed206df003fb28ea3305c Mon Sep 17 00:00:00 2001 From: Aurelien Poscia Date: Mon, 26 Sep 2022 09:24:30 +0200 Subject: [PATCH] SONAR_17313 Allow to provision projects with Global Analysis Token, when user has provisioning permission --- .../sonar/server/user/TokenUserSession.java | 6 ++- .../server/user/TokenUserSessionTest.java | 40 +++++++++++++++++-- 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java index 9c1e401e4cf..c47709f6ec7 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java @@ -19,6 +19,8 @@ */ package org.sonar.server.user; +import java.util.EnumSet; +import java.util.Set; import org.sonar.db.DbClient; import org.sonar.db.permission.GlobalPermission; import org.sonar.db.user.TokenType; @@ -28,6 +30,7 @@ import org.sonar.db.user.UserTokenDto; public class TokenUserSession extends ServerUserSession { private static final String SCAN = "scan"; + private static final Set GLOBAL_ANALYSIS_TOKEN_SUPPORTED_PERMISSIONS = EnumSet.of(GlobalPermission.SCAN, GlobalPermission.PROVISION_PROJECTS); private final UserTokenDto userToken; public TokenUserSession(DbClient dbClient, UserDto user, UserTokenDto userToken) { @@ -66,8 +69,7 @@ public class TokenUserSession extends ServerUserSession { //the project analysis token to work for multiple projects in case the user has Global Permissions. return false; case GLOBAL_ANALYSIS_TOKEN: - return GlobalPermission.SCAN.equals(permission) && - super.hasPermissionImpl(permission); + return GLOBAL_ANALYSIS_TOKEN_SUPPORTED_PERMISSIONS.contains(permission) && super.hasPermissionImpl(permission); default: throw new IllegalArgumentException("Unsupported token type " + tokenType.name()); } diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java index 0af1c638820..43c1b394648 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java @@ -144,6 +144,40 @@ public class TokenUserSessionTest { assertThat(userSession.hasPermission(GlobalPermission.SCAN)).isTrue(); } + @Test + public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsTrueIfUserIsGranted() { + UserDto user = db.users().insertUser(); + + db.users().insertPermissionOnUser(user, GlobalPermission.SCAN); + db.users().insertPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS); + + TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user); + + assertThat(userSession.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue(); + } + + @Test + public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsFalseIfUserIsNotGranted() { + UserDto user = db.users().insertUser(); + + db.users().insertPermissionOnUser(user, GlobalPermission.SCAN); + + TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user); + + assertThat(userSession.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isFalse(); + } + + @Test + public void test_hasAdministerGlobalPermission_for_GlobalAnalysisToken_returnsFalse() { + UserDto user = db.users().insertUser(); + + db.users().insertPermissionOnUser(user, GlobalPermission.ADMINISTER); + + TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user); + + assertThat(userSession.hasPermission(GlobalPermission.ADMINISTER)).isFalse(); + } + private TokenUserSession mockTokenUserSession(UserDto userDto) { return new TokenUserSession(dbClient, userDto, mockUserTokenDto()); } @@ -156,7 +190,7 @@ public class TokenUserSessionTest { return new TokenUserSession(dbClient, userDto, mockGlobalAnalysisTokenDto()); } - private UserTokenDto mockUserTokenDto() { + private static UserTokenDto mockUserTokenDto() { UserTokenDto userTokenDto = new UserTokenDto(); userTokenDto.setType(USER_TOKEN.name()); userTokenDto.setName("User Token"); @@ -164,7 +198,7 @@ public class TokenUserSessionTest { return userTokenDto; } - private UserTokenDto mockProjectAnalysisTokenDto(ComponentDto componentDto) { + private static UserTokenDto mockProjectAnalysisTokenDto(ComponentDto componentDto) { UserTokenDto userTokenDto = new UserTokenDto(); userTokenDto.setType(PROJECT_ANALYSIS_TOKEN.name()); userTokenDto.setName("Project Analysis Token"); @@ -175,7 +209,7 @@ public class TokenUserSessionTest { return userTokenDto; } - private UserTokenDto mockGlobalAnalysisTokenDto() { + private static UserTokenDto mockGlobalAnalysisTokenDto() { UserTokenDto userTokenDto = new UserTokenDto(); userTokenDto.setType(GLOBAL_ANALYSIS_TOKEN.name()); userTokenDto.setName("Global Analysis Token"); -- 2.39.5