From 448166882ad4556b3207fc45315c42546707baa3 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Tue, 12 Jan 2016 14:29:37 +0100 Subject: [PATCH] SONAR-7174 Check global or project permission for every project permission check --- .../org/sonar/server/batch/GlobalAction.java | 6 +- .../org/sonar/server/batch/IssuesAction.java | 4 +- .../sonar/server/batch/ProjectDataLoader.java | 8 +- .../org/sonar/server/batch/UsersAction.java | 4 +- .../server/component/ComponentService.java | 10 +- .../server/component/ws/SearchAction.java | 2 +- .../ws/SearchViewComponentsAction.java | 2 +- .../sonar/server/component/ws/ShowAction.java | 6 +- .../sonar/server/component/ws/TreeAction.java | 6 +- .../queue/report/ReportSubmitter.java | 2 +- .../server/computation/ws/ActivityAction.java | 4 +- .../server/computation/ws/CancelAction.java | 2 +- .../computation/ws/CancelAllAction.java | 2 +- .../server/computation/ws/LogsAction.java | 4 +- .../server/computation/ws/QueueAction.java | 4 +- .../server/computation/ws/TaskAction.java | 2 +- .../sonar/server/debt/DebtModelBackup.java | 4 +- .../server/debt/DebtModelOperations.java | 4 +- .../org/sonar/server/issue/ActionService.java | 2 +- .../issue/InternalRubyIssueService.java | 4 +- .../sonar/server/issue/IssueQueryService.java | 2 +- .../org/sonar/server/issue/IssueService.java | 8 +- .../sonar/server/issue/SetSeverityAction.java | 2 +- .../sonar/server/issue/TransitionAction.java | 2 +- .../issue/actionplan/ActionPlanService.java | 6 +- .../issue/filter/IssueFilterJsonWriter.java | 2 +- .../custom/ws/CustomMeasureValidator.java | 4 +- .../measure/custom/ws/DeleteAction.java | 4 +- .../sonar/server/metric/ws/CreateAction.java | 2 +- .../sonar/server/metric/ws/DeleteAction.java | 4 +- .../sonar/server/metric/ws/UpdateAction.java | 2 +- .../PermissionPrivilegeChecker.java | 10 +- .../server/permission/PermissionService.java | 2 +- .../platform/ws/ChangeLogLevelAction.java | 2 +- .../sonar/server/platform/ws/InfoAction.java | 5 +- .../sonar/server/platform/ws/LogsAction.java | 4 +- .../server/plugins/ws/CancelAllAction.java | 2 +- .../server/plugins/ws/InstallAction.java | 2 +- .../server/plugins/ws/UninstallAction.java | 2 +- .../sonar/server/plugins/ws/UpdateAction.java | 2 +- .../server/project/ws/BulkDeleteAction.java | 2 +- .../sonar/server/project/ws/DeleteAction.java | 6 +- .../sonar/server/project/ws/GhostsAction.java | 2 +- .../server/project/ws/ProvisionedAction.java | 2 +- .../server/qualitygate/QualityGates.java | 4 +- .../qualitygate/ws/ProjectStatusAction.java | 2 +- .../QProfileProjectOperations.java | 4 +- .../qualityprofile/QProfileService.java | 4 +- .../qualityprofile/ws/ChangeParentAction.java | 4 +- .../server/qualityprofile/ws/CopyAction.java | 2 +- .../qualityprofile/ws/CreateAction.java | 4 +- .../qualityprofile/ws/DeleteAction.java | 4 +- .../qualityprofile/ws/OldRestoreAction.java | 2 +- .../qualityprofile/ws/RenameAction.java | 2 +- .../qualityprofile/ws/RestoreAction.java | 9 +- .../qualityprofile/ws/SetDefaultAction.java | 2 +- .../org/sonar/server/rule/RuleOperations.java | 4 +- .../org/sonar/server/rule/RuleService.java | 6 +- .../org/sonar/server/rule/ws/AppAction.java | 2 +- .../sonar/server/source/ws/HashAction.java | 2 +- .../sonar/server/source/ws/LinesAction.java | 2 +- .../org/sonar/server/source/ws/RawAction.java | 2 +- .../org/sonar/server/source/ws/ScmAction.java | 2 +- .../sonar/server/source/ws/ShowAction.java | 2 +- .../sonar/server/test/CoverageService.java | 4 +- .../org/sonar/server/test/ws/ListAction.java | 2 +- .../java/org/sonar/server/ui/ViewProxy.java | 4 +- .../ui/ws/ComponentNavigationAction.java | 6 +- .../ui/ws/SettingsNavigationAction.java | 4 +- .../server/user/AbstractUserSession.java | 31 +--- .../server/user/AnonymousUserSession.java | 10 -- .../sonar/server/user/DefaultUserService.java | 10 +- .../org/sonar/server/user/DoPrivileged.java | 15 +- .../sonar/server/user/ServerUserSession.java | 28 ++-- .../server/user/ThreadLocalUserSession.java | 38 +---- .../org/sonar/server/user/UserSession.java | 49 ++---- .../server/user/ws/ChangePasswordAction.java | 2 +- .../sonar/server/user/ws/CreateAction.java | 2 +- .../server/user/ws/DeactivateAction.java | 4 +- .../sonar/server/user/ws/GroupsAction.java | 2 +- .../sonar/server/user/ws/UpdateAction.java | 4 +- .../sonar/server/user/ws/UserJsonWriter.java | 2 +- .../server/usergroups/ws/AddUserAction.java | 2 +- .../server/usergroups/ws/CreateAction.java | 2 +- .../server/usergroups/ws/DeleteAction.java | 2 +- .../usergroups/ws/RemoveUserAction.java | 2 +- .../server/usergroups/ws/UpdateAction.java | 2 +- .../server/usergroups/ws/UsersAction.java | 2 +- .../server/usertoken/ws/GenerateAction.java | 2 +- .../server/usertoken/ws/RevokeAction.java | 2 +- .../server/usertoken/ws/SearchAction.java | 2 +- .../server/issue/SetSeverityActionTest.java | 8 +- .../actionplan/ActionPlanServiceTest.java | 43 +++--- .../sonar/server/tester/MockUserSession.java | 24 +-- .../sonar/server/tester/UserSessionRule.java | 37 +---- .../sonar/server/user/DoPrivilegedTest.java | 8 +- .../server/user/ServerUserSessionTest.java | 146 +++++++++--------- 97 files changed, 306 insertions(+), 423 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/GlobalAction.java b/server/sonar-server/src/main/java/org/sonar/server/batch/GlobalAction.java index 73b5007580b..6811fa025e7 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/batch/GlobalAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/batch/GlobalAction.java @@ -32,8 +32,8 @@ import org.sonar.db.metric.MetricDto; import org.sonar.db.property.PropertiesDao; import org.sonar.db.property.PropertyDto; import org.sonar.server.exceptions.ForbiddenException; -import org.sonarqube.ws.MediaTypes; import org.sonar.server.user.UserSession; +import org.sonarqube.ws.MediaTypes; public class GlobalAction implements BatchWsAction { @@ -59,8 +59,8 @@ public class GlobalAction implements BatchWsAction { @Override public void handle(Request request, Response response) throws Exception { - boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION); - boolean hasPreviewPerm = userSession.hasGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); + boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION); + boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION); if (!hasPreviewPerm && !hasScanPerm) { throw new ForbiddenException(Messages.NO_PERMISSION); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/IssuesAction.java b/server/sonar-server/src/main/java/org/sonar/server/batch/IssuesAction.java index 7d00c9195f8..cdbc0cb5373 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/batch/IssuesAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/batch/IssuesAction.java @@ -37,8 +37,8 @@ import org.sonar.db.component.ComponentDto; import org.sonar.server.component.ComponentFinder; import org.sonar.server.issue.index.IssueDoc; import org.sonar.server.issue.index.IssueIndex; -import org.sonarqube.ws.MediaTypes; import org.sonar.server.user.UserSession; +import org.sonarqube.ws.MediaTypes; import static com.google.common.collect.Maps.newHashMap; @@ -76,7 +76,7 @@ public class IssuesAction implements BatchWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); + userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION); final String moduleKey = request.mandatoryParam(PARAM_KEY); response.stream().setMediaType(MediaTypes.PROTOBUF); diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java index a60153466bd..1505d33c4cd 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java +++ b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java @@ -56,7 +56,7 @@ public class ProjectDataLoader { } public ProjectRepositories load(ProjectDataQuery query) { - boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION); + boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION); checkPermission(query.isIssuesMode()); DbSession session = dbClient.openSession(false); @@ -66,7 +66,7 @@ public class ProjectDataLoader { "Project or module with key '%s' is not found", query.getModuleKey()); // Scan permission is enough to analyze all projects but preview permission is limited to projects user can access - if (query.isIssuesMode() && !userSession.hasProjectPermissionByUuid(UserRole.USER, module.projectUuid())) { + if (query.isIssuesMode() && !userSession.hasComponentUuidPermission(UserRole.USER, module.projectUuid())) { throw new ForbiddenException("You're not authorized to access to project '" + module.name() + "', please contact your SonarQube administrator."); } @@ -181,8 +181,8 @@ public class ProjectDataLoader { } private void checkPermission(boolean preview) { - boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION); - boolean hasPreviewPerm = userSession.hasGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); + boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION); + boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION); if (!hasPreviewPerm && !hasScanPerm) { throw new ForbiddenException(Messages.NO_PERMISSION); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/UsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/batch/UsersAction.java index d8db78dbc2c..d885f9207b7 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/batch/UsersAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/batch/UsersAction.java @@ -28,10 +28,10 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.batch.protocol.input.BatchInput; import org.sonar.core.permission.GlobalPermissions; -import org.sonarqube.ws.MediaTypes; import org.sonar.server.user.UserSession; import org.sonar.server.user.index.UserDoc; import org.sonar.server.user.index.UserIndex; +import org.sonarqube.ws.MediaTypes; public class UsersAction implements BatchWsAction { @@ -63,7 +63,7 @@ public class UsersAction implements BatchWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); + userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION); List logins = request.mandatoryParamAsStrings(PARAM_LOGINS); response.stream().setMediaType(MediaTypes.PROTOBUF); diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java index 7bf61c782d4..386fa1a6755 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java @@ -109,7 +109,7 @@ public class ComponentService { DbSession session = dbClient.openSession(false); try { ComponentDto projectOrModule = getByKey(session, projectOrModuleKey); - userSession.checkProjectUuidPermission(UserRole.ADMIN, projectOrModule.projectUuid()); + userSession.checkComponentUuidPermission(UserRole.ADMIN, projectOrModule.projectUuid()); dbClient.resourceKeyUpdaterDao().updateKey(projectOrModule.getId(), newKey); session.commit(); @@ -123,7 +123,7 @@ public class ComponentService { DbSession session = dbClient.openSession(false); try { ComponentDto project = getByKey(projectKey); - userSession.checkProjectUuidPermission(UserRole.ADMIN, project.projectUuid()); + userSession.checkComponentUuidPermission(UserRole.ADMIN, project.projectUuid()); return dbClient.resourceKeyUpdaterDao().checkModuleKeysBeforeRenaming(project.getId(), stringToReplace, replacementString); } finally { session.close(); @@ -135,7 +135,7 @@ public class ComponentService { DbSession session = dbClient.openSession(true); try { ComponentDto project = getByKey(session, projectKey); - userSession.checkProjectUuidPermission(UserRole.ADMIN, project.projectUuid()); + userSession.checkComponentUuidPermission(UserRole.ADMIN, project.projectUuid()); dbClient.resourceKeyUpdaterDao().bulkUpdateKey(session, project.getId(), stringToReplace, replacementString); session.commit(); } finally { @@ -144,7 +144,7 @@ public class ComponentService { } public ComponentDto create(NewComponent newComponent) { - userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); + userSession.checkPermission(GlobalPermissions.PROVISIONING); DbSession session = dbClient.openSession(false); try { @@ -155,7 +155,7 @@ public class ComponentService { } public ComponentDto create(DbSession session, NewComponent newComponent) { - userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); + userSession.checkPermission(GlobalPermissions.PROVISIONING); checkKeyFormat(newComponent.qualifier(), newComponent.key()); ComponentDto project = createProject(session, newComponent); removeDuplicatedProjects(session, project.getKey()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchAction.java index 124b4d2ee1a..9a33168698b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchAction.java @@ -100,7 +100,7 @@ public class SearchAction implements ComponentsWsAction { } private SearchWsResponse doHandle(SearchWsRequest request) { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); List qualifiers = request.getQualifiers(); validateQualifiers(qualifiers); diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchViewComponentsAction.java b/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchViewComponentsAction.java index 117cffd2e8a..6f0934348a8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchViewComponentsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchViewComponentsAction.java @@ -97,7 +97,7 @@ public class SearchViewComponentsAction implements RequestHandler { DbSession session = dbClient.openSession(false); try { ComponentDto componentDto = componentFinder.getByUuid(session, componentUuid); - userSession.checkProjectUuidPermission(UserRole.USER, componentDto.projectUuid()); + userSession.checkComponentUuidPermission(UserRole.USER, componentDto.projectUuid()); Set projectIds = newLinkedHashSet(dbClient.componentIndexDao().selectProjectIdsFromQueryAndViewOrSubViewUuid(session, query, componentDto.uuid())); Collection authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(session, projectIds, userSession.getUserId(), UserRole.USER); diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ws/ShowAction.java b/server/sonar-server/src/main/java/org/sonar/server/component/ws/ShowAction.java index cf3af3b5b6a..d949d6d65dd 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/component/ws/ShowAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/component/ws/ShowAction.java @@ -143,9 +143,9 @@ public class ShowAction implements ComponentsWsAction { private ComponentDto getComponentByUuidOrKey(DbSession dbSession, ShowWsRequest request) { ComponentDto component = componentFinder.getByUuidOrKey(dbSession, request.getId(), request.getKey(), ParamNames.ID_AND_KEY); String projectUuid = firstNonNull(component.projectUuid(), component.uuid()); - if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) && - !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, projectUuid) && - !userSession.hasProjectPermissionByUuid(UserRole.USER, projectUuid)) { + if (!userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) && + !userSession.hasComponentUuidPermission(UserRole.ADMIN, projectUuid) && + !userSession.hasComponentUuidPermission(UserRole.USER, projectUuid)) { throw insufficientPrivilegesException(); } return component; diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ws/TreeAction.java b/server/sonar-server/src/main/java/org/sonar/server/component/ws/TreeAction.java index 80cac2f20d8..33caeefffed 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/component/ws/TreeAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/component/ws/TreeAction.java @@ -164,9 +164,9 @@ public class TreeAction implements ComponentsWsAction { private void checkPermissions(ComponentDto baseComponent) { String projectUuid = firstNonNull(baseComponent.projectUuid(), baseComponent.uuid()); - if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) && - !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, projectUuid) && - !userSession.hasProjectPermissionByUuid(UserRole.USER, projectUuid)) { + if (!userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) && + !userSession.hasComponentUuidPermission(UserRole.ADMIN, projectUuid) && + !userSession.hasComponentUuidPermission(UserRole.USER, projectUuid)) { throw insufficientPrivilegesException(); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/report/ReportSubmitter.java b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/report/ReportSubmitter.java index 1525bd87948..1e45e26621e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/report/ReportSubmitter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/report/ReportSubmitter.java @@ -55,7 +55,7 @@ public class ReportSubmitter { } public CeTask submit(String projectKey, @Nullable String projectBranch, @Nullable String projectName, InputStream reportInput) { - userSession.checkGlobalPermission(GlobalPermissions.SCAN_EXECUTION); + userSession.checkPermission(GlobalPermissions.SCAN_EXECUTION); String effectiveProjectKey = ComponentKeys.createKey(projectKey, projectBranch); ComponentDto project = componentService.getNullableByKey(effectiveProjectKey); diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/ActivityAction.java b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/ActivityAction.java index 7f7f9deb0b8..583b7dea992 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/ActivityAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/ActivityAction.java @@ -173,7 +173,7 @@ public class ActivityAction implements CeWsAction { throw new ForbiddenException("Requires administration permission"); } } else { - userSession.checkGlobalPermission(UserRole.ADMIN); + userSession.checkPermission(UserRole.ADMIN); } } @@ -189,6 +189,6 @@ public class ActivityAction implements CeWsAction { } public static boolean isAllowedOnComponentUuid(UserSession userSession, String componentUuid) { - return userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid); + return userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/CancelAction.java b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/CancelAction.java index 1582c3b3e18..bf07190ccd9 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/CancelAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/CancelAction.java @@ -57,7 +57,7 @@ public class CancelAction implements CeWsAction { @Override public void handle(Request wsRequest, Response wsResponse) { - userSession.checkGlobalPermission(UserRole.ADMIN); + userSession.checkPermission(UserRole.ADMIN); String taskId = wsRequest.mandatoryParam(PARAM_TASK_ID); queue.cancel(taskId); wsResponse.noContent(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/CancelAllAction.java b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/CancelAllAction.java index a36e9e764f5..97346edb5b1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/CancelAllAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/CancelAllAction.java @@ -48,7 +48,7 @@ public class CancelAllAction implements CeWsAction { @Override public void handle(Request wsRequest, Response wsResponse) { - userSession.checkGlobalPermission(UserRole.ADMIN); + userSession.checkPermission(UserRole.ADMIN); queue.cancelAll(); wsResponse.noContent(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/LogsAction.java b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/LogsAction.java index dd64ccbf269..da963a768fc 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/LogsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/LogsAction.java @@ -35,8 +35,8 @@ import org.sonar.db.ce.CeQueueDto; import org.sonar.server.computation.log.CeLogging; import org.sonar.server.computation.log.LogFileRef; import org.sonar.server.exceptions.NotFoundException; -import org.sonarqube.ws.MediaTypes; import org.sonar.server.user.UserSession; +import org.sonarqube.ws.MediaTypes; import static java.lang.String.format; @@ -74,7 +74,7 @@ public class LogsAction implements CeWsAction { @Override public void handle(Request wsRequest, Response wsResponse) throws Exception { - userSession.checkGlobalPermission(UserRole.ADMIN); + userSession.checkPermission(UserRole.ADMIN); String taskUuid = wsRequest.mandatoryParam(PARAM_TASK_UUID); LogFileRef ref = loadLogRef(taskUuid); diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/QueueAction.java b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/QueueAction.java index 757df350652..d4ba91023a9 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/QueueAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/QueueAction.java @@ -72,11 +72,11 @@ public class QueueAction implements CeWsAction { List dtos; if (componentUuid == null) { // no filters - userSession.checkGlobalPermission(UserRole.ADMIN); + userSession.checkPermission(UserRole.ADMIN); dtos = dbClient.ceQueueDao().selectAllInAscOrder(dbSession); } else { // filter by component - if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) { + if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) { dtos = dbClient.ceQueueDao().selectByComponentUuid(dbSession, componentUuid); } else { throw new ForbiddenException("Requires system administration permission"); diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java index ec8d11efab7..d7b8987c5f1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java @@ -71,7 +71,7 @@ public class TaskAction implements CeWsAction { @Override public void handle(Request wsRequest, Response wsResponse) throws Exception { - userSession.checkAnyGlobalPermissions(AUTHORIZED_PERMISSIONS); + userSession.checkAnyPermissions(AUTHORIZED_PERMISSIONS); String taskUuid = wsRequest.mandatoryParam(PARAM_TASK_UUID); DbSession dbSession = dbClient.openSession(false); diff --git a/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelBackup.java b/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelBackup.java index 93786676ffd..adb2fac05d8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelBackup.java +++ b/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelBackup.java @@ -43,8 +43,8 @@ import org.sonar.api.utils.log.Loggers; import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbSession; import org.sonar.db.MyBatis; -import org.sonar.db.rule.RuleDto; import org.sonar.db.debt.CharacteristicDto; +import org.sonar.db.rule.RuleDto; import org.sonar.server.db.DbClient; import org.sonar.server.debt.DebtModelXMLExporter.DebtModel; import org.sonar.server.debt.DebtModelXMLExporter.RuleDebt; @@ -391,7 +391,7 @@ public class DebtModelBackup { } private void checkPermission() { - userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); } private static class RuleDtoMatchLanguage implements Predicate { diff --git a/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelOperations.java b/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelOperations.java index 19ae1a186e9..b585d16f961 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelOperations.java +++ b/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelOperations.java @@ -32,8 +32,8 @@ import org.sonar.api.utils.System2; import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbSession; import org.sonar.db.MyBatis; -import org.sonar.db.rule.RuleDto; import org.sonar.db.debt.CharacteristicDto; +import org.sonar.db.rule.RuleDto; import org.sonar.server.db.DbClient; import org.sonar.server.debt.DebtPredicates.CharacteristicDtoMatchKey; import org.sonar.server.exceptions.BadRequestException; @@ -250,7 +250,7 @@ public class DebtModelOperations { } private void checkPermission() { - userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); } private static DebtCharacteristic toCharacteristic(CharacteristicDto dto) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/ActionService.java b/server/sonar-server/src/main/java/org/sonar/server/issue/ActionService.java index 3851d849623..24e23587bec 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/ActionService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/ActionService.java @@ -93,7 +93,7 @@ public class ActionService { } availableActions.add("plan"); String projectUuid = issue.projectUuid(); - if (projectUuid != null && userSession.hasProjectPermissionByUuid(ISSUE_ADMIN, projectUuid)) { + if (projectUuid != null && userSession.hasComponentUuidPermission(ISSUE_ADMIN, projectUuid)) { availableActions.add("set_severity"); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java b/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java index 35420802891..00e07733a49 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java @@ -49,12 +49,12 @@ import org.sonar.db.issue.IssueFilterDto; import org.sonar.server.es.SearchOptions; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.issue.actionplan.ActionPlanService; -import org.sonarqube.ws.client.issue.IssueFilterParameters; import org.sonar.server.issue.filter.IssueFilterService; import org.sonar.server.search.QueryContext; import org.sonar.server.user.UserSession; import org.sonar.server.util.RubyUtils; import org.sonar.server.util.Validation; +import org.sonarqube.ws.client.issue.IssueFilterParameters; /** * Used through ruby code 
Internal.issues
@@ -565,7 +565,7 @@ public class InternalRubyIssueService { } public boolean isUserIssueAdmin(String projectUuid) { - return userSession.hasProjectPermissionByUuid(UserRole.ISSUE_ADMIN, projectUuid); + return userSession.hasComponentUuidPermission(UserRole.ISSUE_ADMIN, projectUuid); } private enum MatchIssueFilterParameters implements Predicate> { diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/IssueQueryService.java b/server/sonar-server/src/main/java/org/sonar/server/issue/IssueQueryService.java index ceb5b1f8097..2963cb91ebc 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/IssueQueryService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/IssueQueryService.java @@ -341,7 +341,7 @@ public class IssueQueryService { private void addViewsOrSubViews(IssueQuery.Builder builder, Collection componentUuids, String uniqueQualifier) { List filteredViewUuids = newArrayList(); for (String viewUuid : componentUuids) { - if ((Qualifiers.VIEW.equals(uniqueQualifier) && userSession.hasProjectPermissionByUuid(UserRole.USER, viewUuid)) + if ((Qualifiers.VIEW.equals(uniqueQualifier) && userSession.hasComponentUuidPermission(UserRole.USER, viewUuid)) || (Qualifiers.SUBVIEW.equals(uniqueQualifier) && userSession.hasComponentUuidPermission(UserRole.USER, viewUuid))) { filteredViewUuids.add(viewUuid); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/IssueService.java b/server/sonar-server/src/main/java/org/sonar/server/issue/IssueService.java index 501576abd00..1d5caedb031 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/IssueService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/IssueService.java @@ -136,7 +136,7 @@ public class IssueService { for (Transition transition : outTransitions) { String projectUuid = issue.projectUuid(); if (userSession.isLoggedIn() && StringUtils.isBlank(transition.requiredProjectPermission()) || - (projectUuid != null && userSession.hasProjectPermissionByUuid(transition.requiredProjectPermission(), projectUuid))) { + (projectUuid != null && userSession.hasComponentUuidPermission(transition.requiredProjectPermission(), projectUuid))) { allowedTransitions.add(transition); } } @@ -166,7 +166,7 @@ public class IssueService { for (Transition transition : outTransitions) { String projectKey = defaultIssue.projectKey(); if (transition.key().equals(transitionKey) && StringUtils.isNotBlank(transition.requiredProjectPermission()) && projectKey != null) { - userSession.checkProjectPermission(transition.requiredProjectPermission(), projectKey); + userSession.checkComponentPermission(transition.requiredProjectPermission(), projectKey); } } } @@ -226,7 +226,7 @@ public class IssueService { DbSession session = dbClient.openSession(false); try { DefaultIssue issue = getByKeyForUpdate(session, issueKey).toDefaultIssue(); - userSession.checkProjectPermission(UserRole.ISSUE_ADMIN, issue.projectKey()); + userSession.checkComponentPermission(UserRole.ISSUE_ADMIN, issue.projectKey()); IssueChangeContext context = IssueChangeContext.createUser(new Date(), userSession.getLogin()); if (issueUpdater.setManualSeverity(issue, severity, context)) { @@ -250,7 +250,7 @@ public class IssueService { ComponentDto component = componentOptional.get(); ComponentDto project = dbClient.componentDao().selectOrFailByUuid(dbSession, component.projectUuid()); - userSession.checkProjectPermission(UserRole.USER, project.getKey()); + userSession.checkComponentPermission(UserRole.USER, project.getKey()); if (!ruleKey.isManual()) { throw new IllegalArgumentException("Issues can be created only on rules marked as 'manual': " + ruleKey); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/SetSeverityAction.java b/server/sonar-server/src/main/java/org/sonar/server/issue/SetSeverityAction.java index 0ccaa612ba6..a9769c91001 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/SetSeverityAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/SetSeverityAction.java @@ -52,7 +52,7 @@ public class SetSeverityAction extends Action { } private boolean isCurrentUserIssueAdmin(String projectKey) { - return userSession.hasProjectPermission(UserRole.ISSUE_ADMIN, projectKey); + return userSession.hasComponentPermission(UserRole.ISSUE_ADMIN, projectKey); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/TransitionAction.java b/server/sonar-server/src/main/java/org/sonar/server/issue/TransitionAction.java index 13494c636de..f4b106ae6f6 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/TransitionAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/TransitionAction.java @@ -69,7 +69,7 @@ public class TransitionAction extends Action { public boolean apply(Transition input) { return input.key().equals(transition) && (StringUtils.isBlank(input.requiredProjectPermission()) || - userSession.hasProjectPermission(input.requiredProjectPermission(), defaultIssue.projectKey())); + userSession.hasComponentPermission(input.requiredProjectPermission(), defaultIssue.projectKey())); } }, null) != null; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/actionplan/ActionPlanService.java b/server/sonar-server/src/main/java/org/sonar/server/issue/actionplan/ActionPlanService.java index 3ed2200970e..8d6c9c7bc4a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/actionplan/ActionPlanService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/actionplan/ActionPlanService.java @@ -34,6 +34,7 @@ import org.sonar.core.issue.DefaultActionPlan; import org.sonar.core.issue.DefaultIssue; import org.sonar.core.issue.IssueChangeContext; import org.sonar.core.issue.IssueUpdater; +import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ResourceDao; import org.sonar.db.component.ResourceDto; @@ -43,7 +44,6 @@ import org.sonar.db.issue.ActionPlanDto; import org.sonar.db.issue.ActionPlanStatsDao; import org.sonar.db.issue.ActionPlanStatsDto; import org.sonar.db.issue.IssueDto; -import org.sonar.db.DbClient; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.issue.IssueStorage; import org.sonar.server.user.UserSession; @@ -188,11 +188,11 @@ public class ActionPlanService { } private static void checkUserCanAccessProject(String projectKey, UserSession userSession) { - userSession.checkProjectPermission(UserRole.USER, projectKey); + userSession.checkComponentPermission(UserRole.USER, projectKey); } private static void checkUserIsProjectAdministrator(String projectKey, UserSession userSession) { - userSession.checkProjectPermission(UserRole.ADMIN, projectKey); + userSession.checkComponentPermission(UserRole.ADMIN, projectKey); } private enum ToActionPlanStats implements Function { diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/filter/IssueFilterJsonWriter.java b/server/sonar-server/src/main/java/org/sonar/server/issue/filter/IssueFilterJsonWriter.java index 54e1022ce23..77b7a0407db 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/filter/IssueFilterJsonWriter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/filter/IssueFilterJsonWriter.java @@ -59,7 +59,7 @@ class IssueFilterJsonWriter { private static boolean canModifyFilter(UserSession userSession, IssueFilterDto filter) { return userSession.isLoggedIn() && - (StringUtils.equals(filter.getUserLogin(), userSession.getLogin()) || userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)); + (StringUtils.equals(filter.getUserLogin(), userSession.getLogin()) || userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/CustomMeasureValidator.java b/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/CustomMeasureValidator.java index 85fc4031e80..c463a665fee 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/CustomMeasureValidator.java +++ b/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/CustomMeasureValidator.java @@ -95,10 +95,10 @@ public class CustomMeasureValidator { } public static void checkPermissions(UserSession userSession, ComponentDto component) { - if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) { + if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) { return; } - userSession.checkLoggedIn().checkProjectUuidPermission(UserRole.ADMIN, component.projectUuid()); + userSession.checkLoggedIn().checkComponentUuidPermission(UserRole.ADMIN, component.projectUuid()); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/DeleteAction.java index b6e90ae04d8..7661fc0c551 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/DeleteAction.java @@ -76,11 +76,11 @@ public class DeleteAction implements CustomMeasuresWsAction { } private void checkPermissions(DbSession dbSession, CustomMeasureDto customMeasure) { - if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) { + if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) { return; } ComponentDto component = dbClient.componentDao().selectOrFailByUuid(dbSession, customMeasure.getComponentUuid()); - userSession.checkLoggedIn().checkProjectUuidPermission(UserRole.ADMIN, component.projectUuid()); + userSession.checkLoggedIn().checkComponentUuidPermission(UserRole.ADMIN, component.projectUuid()); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/metric/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/metric/ws/CreateAction.java index 33b09ea8352..83c8de1bc0a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/metric/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/metric/ws/CreateAction.java @@ -98,7 +98,7 @@ public class CreateAction implements MetricsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); String key = request.mandatoryParam(PARAM_KEY); DbSession dbSession = dbClient.openSession(false); diff --git a/server/sonar-server/src/main/java/org/sonar/server/metric/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/metric/ws/DeleteAction.java index 04bea81a6b2..e289635cca2 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/metric/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/metric/ws/DeleteAction.java @@ -26,10 +26,10 @@ import javax.annotation.Nonnull; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; -import org.sonar.db.metric.MetricDto; import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbSession; import org.sonar.db.MyBatis; +import org.sonar.db.metric.MetricDto; import org.sonar.server.db.DbClient; import org.sonar.server.ruby.RubyBridge; import org.sonar.server.user.UserSession; @@ -69,7 +69,7 @@ public class DeleteAction implements MetricsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); DbSession dbSession = dbClient.openSession(false); try { List ids = loadIds(dbSession, request); diff --git a/server/sonar-server/src/main/java/org/sonar/server/metric/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/metric/ws/UpdateAction.java index 1f9d834a2c5..2ee0cc3baff 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/metric/ws/UpdateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/metric/ws/UpdateAction.java @@ -100,7 +100,7 @@ public class UpdateAction implements MetricsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); int id = request.mandatoryParamAsInt(PARAM_ID); DbSession dbSession = dbClient.openSession(false); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java index cff16ee6835..2fb44bce526 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java @@ -34,20 +34,20 @@ public class PermissionPrivilegeChecker { public static void checkGlobalAdminUser(UserSession userSession) { userSession .checkLoggedIn() - .checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + .checkPermission(GlobalPermissions.SYSTEM_ADMIN); } public static void checkProjectAdminUserByComponentKey(UserSession userSession, @Nullable String componentKey) { userSession.checkLoggedIn(); - if (componentKey == null || !userSession.hasProjectPermission(UserRole.ADMIN, componentKey)) { - userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + if (componentKey == null || !userSession.hasComponentPermission(UserRole.ADMIN, componentKey)) { + userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); } } public static void checkProjectAdminUserByComponentUuid(UserSession userSession, @Nullable String componentUuid) { userSession.checkLoggedIn(); - if (componentUuid == null || !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, componentUuid)) { - userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + if (componentUuid == null || !userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) { + userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java index 9d8b115a316..3580a8a1f07 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java @@ -72,7 +72,7 @@ public class PermissionService { if (provisioned == null) { checkProjectAdminUserByComponentKey(userSession, componentKey); } else { - userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); + userSession.checkPermission(GlobalPermissions.PROVISIONING); } permissionRepository.applyDefaultPermissionTemplate(session, component); session.commit(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/ChangeLogLevelAction.java b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/ChangeLogLevelAction.java index c84a11f60f7..86e110fce31 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/ChangeLogLevelAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/ChangeLogLevelAction.java @@ -59,7 +59,7 @@ public class ChangeLogLevelAction implements SystemWsAction { @Override public void handle(Request wsRequest, Response wsResponse) { - userSession.checkGlobalPermission(UserRole.ADMIN); + userSession.checkPermission(UserRole.ADMIN); LoggerLevel level = LoggerLevel.valueOf(wsRequest.mandatoryParam(PARAM_LEVEL)); db.enableSqlLogging(level.equals(LoggerLevel.TRACE)); logging.changeLevel(level); diff --git a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/InfoAction.java b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/InfoAction.java index 64e218760d3..918f8af92cb 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/InfoAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/InfoAction.java @@ -19,6 +19,7 @@ */ package org.sonar.server.platform.ws; +import java.util.Map; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -27,8 +28,6 @@ import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.platform.monitoring.Monitor; import org.sonar.server.user.UserSession; -import java.util.Map; - /** * Implementation of the {@code info} action for the System WebService. */ @@ -55,7 +54,7 @@ public class InfoAction implements SystemWsAction { @Override public void handle(Request request, Response response) { - userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); JsonWriter json = response.newJsonWriter(); writeJson(json); json.close(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/LogsAction.java b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/LogsAction.java index aedf32a53e2..4ab29ea9bbe 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/platform/ws/LogsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/platform/ws/LogsAction.java @@ -26,8 +26,8 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.web.UserRole; import org.sonar.server.platform.ServerLogging; -import org.sonarqube.ws.MediaTypes; import org.sonar.server.user.UserSession; +import org.sonarqube.ws.MediaTypes; public class LogsAction implements SystemWsAction { @@ -50,7 +50,7 @@ public class LogsAction implements SystemWsAction { @Override public void handle(Request wsRequest, Response wsResponse) throws Exception { - userSession.checkGlobalPermission(UserRole.ADMIN); + userSession.checkPermission(UserRole.ADMIN); wsResponse.stream().setMediaType(MediaTypes.TXT); File file = serverLogging.getCurrentLogFile(); if (file.exists()) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/CancelAllAction.java b/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/CancelAllAction.java index 9ea2f1dbf03..fdbfa9d6a0d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/CancelAllAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/CancelAllAction.java @@ -52,7 +52,7 @@ public class CancelAllAction implements PluginsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); pluginDownloader.cancelDownloads(); pluginRepository.cancelUninstalls(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/InstallAction.java b/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/InstallAction.java index f81ddf9493a..71eaf4f8880 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/InstallAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/InstallAction.java @@ -72,7 +72,7 @@ public class InstallAction implements PluginsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); String key = request.mandatoryParam(PARAM_KEY); PluginUpdate pluginUpdate = findAvailablePluginByKey(key); pluginDownloader.download(key, pluginUpdate.getRelease().getVersion()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/UninstallAction.java b/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/UninstallAction.java index 0990b74473f..828418e97db 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/UninstallAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/UninstallAction.java @@ -59,7 +59,7 @@ public class UninstallAction implements PluginsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); String key = request.mandatoryParam(PARAM_KEY); ensurePluginIsInstalled(key); pluginRepository.uninstall(key); diff --git a/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/UpdateAction.java index 553f93c71cd..fc7bc5f42e8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/UpdateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/plugins/ws/UpdateAction.java @@ -73,7 +73,7 @@ public class UpdateAction implements PluginsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); String key = request.mandatoryParam(PARAM_KEY); PluginUpdate pluginUpdate = findPluginUpdateByKey(key); pluginDownloader.download(key, pluginUpdate.getRelease().getVersion()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java index e8463c37d09..3f59bd72202 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java @@ -70,7 +70,7 @@ public class BulkDeleteAction implements ProjectsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkGlobalPermission(UserRole.ADMIN); + userSession.checkPermission(UserRole.ADMIN); List uuids = request.paramAsStrings(PARAM_IDS); List keys = request.paramAsStrings(PARAM_KEYS); diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java index e40f6ba40aa..5941567e712 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java @@ -93,16 +93,16 @@ public class DeleteAction implements ProjectsWsAction { private void checkPermissions(@Nullable String uuid, @Nullable String key) { if (missPermissionsBasedOnUuid(uuid) || missPermissionsBasedOnKey(key)) { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); } } private boolean missPermissionsBasedOnKey(@Nullable String key) { - return key != null && !userSession.hasProjectPermission(UserRole.ADMIN, key) && !userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + return key != null && !userSession.hasComponentPermission(UserRole.ADMIN, key) && !userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN); } private boolean missPermissionsBasedOnUuid(@Nullable String uuid) { - return uuid != null && !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, uuid) && !userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + return uuid != null && !userSession.hasComponentUuidPermission(UserRole.ADMIN, uuid) && !userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java index 214d42a0b77..e584a9aa1cf 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java @@ -67,7 +67,7 @@ public class GhostsAction implements ProjectsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkGlobalPermission(UserRole.ADMIN); + userSession.checkPermission(UserRole.ADMIN); DbSession dbSession = dbClient.openSession(false); SearchOptions searchOptions = new SearchOptions() .setPage(request.mandatoryParamAsInt(Param.PAGE), diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java index 12d1fd4721d..01a2d208e16 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java @@ -67,7 +67,7 @@ public class ProvisionedAction implements ProjectsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); + userSession.checkPermission(GlobalPermissions.PROVISIONING); SearchOptions options = new SearchOptions().setPage( request.mandatoryParamAsInt(Param.PAGE), request.mandatoryParamAsInt(Param.PAGE_SIZE) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java index 7c3455f1643..7553c02d245 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java @@ -361,12 +361,12 @@ public class QualityGates { } private void checkPermission() { - userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); } private void checkPermission(Long projectId, DbSession session) { ComponentDto project = componentDao.selectOrFailById(session, projectId); - if (!userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, project.key())) { + if (!userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasComponentPermission(UserRole.ADMIN, project.key())) { throw new ForbiddenException("Insufficient privileges"); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/ProjectStatusAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/ProjectStatusAction.java index 594af78e773..f550d642279 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/ProjectStatusAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/ProjectStatusAction.java @@ -134,6 +134,6 @@ public class ProjectStatusAction implements QGateWsAction { } private void checkScanOrAdminPermission() { - userSession.checkAnyGlobalPermissions(newHashSet(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.SYSTEM_ADMIN)); + userSession.checkAnyPermissions(newHashSet(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.SYSTEM_ADMIN)); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java index a6658b43ba5..66b0807bf97 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java @@ -122,11 +122,11 @@ public class QProfileProjectOperations { } private static void checkPermission(UserSession userSession) { - userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); } private static void checkPermission(UserSession userSession, String projectKey) { - if (!userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, projectKey)) { + if (!userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasComponentPermission(UserRole.ADMIN, projectKey)) { throw new ForbiddenException("Insufficient privileges"); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java index f546d61b01e..1941fda3abd 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java @@ -26,10 +26,8 @@ import java.io.Writer; import java.util.Collection; import java.util.List; import java.util.Map; - import javax.annotation.CheckForNull; import javax.annotation.Nullable; - import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.search.SearchHit; import org.sonar.api.server.ServerSide; @@ -211,7 +209,7 @@ public class QProfileService { private void verifyAdminPermission() { userSession.checkLoggedIn(); - userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); } public Result searchActivities(QProfileActivityQuery query, SearchOptions options) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangeParentAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangeParentAction.java index ae8b2f70de9..684dc4bc920 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangeParentAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangeParentAction.java @@ -26,8 +26,8 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService.NewAction; import org.sonar.api.server.ws.WebService.NewController; import org.sonar.core.permission.GlobalPermissions; -import org.sonar.db.DbSession; import org.sonar.db.DbClient; +import org.sonar.db.DbSession; import org.sonar.server.qualityprofile.QProfileFactory; import org.sonar.server.qualityprofile.RuleActivator; import org.sonar.server.user.UserSession; @@ -80,7 +80,7 @@ public class ChangeParentAction implements QProfileWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); DbSession session = dbClient.openSession(false); try { diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CopyAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CopyAction.java index 3409ca9a2f5..b6c38cfa121 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CopyAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CopyAction.java @@ -66,7 +66,7 @@ public class CopyAction implements QProfileWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); String newName = request.mandatoryParam(PARAM_PROFILE_NAME); String profileKey = request.mandatoryParam(PARAM_PROFILE_KEY); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CreateAction.java index 349a196b478..93be6229f22 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CreateAction.java @@ -34,12 +34,12 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualityprofile.QualityProfileDto; import org.sonar.server.component.ws.LanguageParamUtils; -import org.sonarqube.ws.MediaTypes; import org.sonar.server.qualityprofile.QProfileExporters; import org.sonar.server.qualityprofile.QProfileFactory; import org.sonar.server.qualityprofile.QProfileName; import org.sonar.server.qualityprofile.QProfileResult; import org.sonar.server.user.UserSession; +import org.sonarqube.ws.MediaTypes; public class CreateAction implements QProfileWsAction { @@ -100,7 +100,7 @@ public class CreateAction implements QProfileWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); String name = request.mandatoryParam(PARAM_PROFILE_NAME); String language = request.mandatoryParam(PARAM_LANGUAGE); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeleteAction.java index 92f53a3748f..e8feba02508 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeleteAction.java @@ -25,8 +25,8 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService.NewAction; import org.sonar.api.server.ws.WebService.NewController; import org.sonar.core.permission.GlobalPermissions; -import org.sonar.db.DbSession; import org.sonar.db.DbClient; +import org.sonar.db.DbSession; import org.sonar.server.qualityprofile.QProfileFactory; import org.sonar.server.user.UserSession; @@ -59,7 +59,7 @@ public class DeleteAction implements QProfileWsAction { @Override public void handle(Request request, Response response) throws Exception { userSession.checkLoggedIn(); - userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); DbSession session = dbClient.openSession(false); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/OldRestoreAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/OldRestoreAction.java index f7b92c65c46..58c2b6b4c01 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/OldRestoreAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/OldRestoreAction.java @@ -72,7 +72,7 @@ public class OldRestoreAction implements WsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); InputStream backup = request.paramAsInputStream(PARAM_BACKUP); InputStreamReader reader = null; diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RenameAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RenameAction.java index c72fee90508..e62dc0c6028 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RenameAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RenameAction.java @@ -61,7 +61,7 @@ public class RenameAction implements QProfileWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); String newName = request.mandatoryParam(PARAM_PROFILE_NAME); String profileKey = request.mandatoryParam(PARAM_PROFILE_KEY); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RestoreAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RestoreAction.java index 99296d58de3..a9c6aaa39a3 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RestoreAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RestoreAction.java @@ -20,6 +20,9 @@ package org.sonar.server.qualityprofile.ws; import com.google.common.base.Preconditions; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; import org.apache.commons.io.IOUtils; import org.sonar.api.resources.Language; import org.sonar.api.resources.Languages; @@ -33,10 +36,6 @@ import org.sonar.server.qualityprofile.BulkChangeResult; import org.sonar.server.qualityprofile.QProfileBackuper; import org.sonar.server.user.UserSession; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.nio.charset.StandardCharsets; - public class RestoreAction implements QProfileWsAction { private static final String PARAM_BACKUP = "backup"; @@ -66,7 +65,7 @@ public class RestoreAction implements QProfileWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); InputStream backup = request.paramAsInputStream(PARAM_BACKUP); InputStreamReader reader = null; diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/SetDefaultAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/SetDefaultAction.java index 644203bc596..2265deccde1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/SetDefaultAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/SetDefaultAction.java @@ -79,7 +79,7 @@ public class SetDefaultAction implements QProfileWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); String language = request.param(PARAM_LANGUAGE); String profileName = request.param(PARAM_PROFILE_NAME); diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/RuleOperations.java b/server/sonar-server/src/main/java/org/sonar/server/rule/RuleOperations.java index 3160585d477..4e3f943e870 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/RuleOperations.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/RuleOperations.java @@ -30,8 +30,8 @@ import org.sonar.api.server.debt.internal.DefaultDebtRemediationFunction; import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbSession; import org.sonar.db.MyBatis; -import org.sonar.db.rule.RuleDto; import org.sonar.db.debt.CharacteristicDto; +import org.sonar.db.rule.RuleDto; import org.sonar.server.db.DbClient; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.NotFoundException; @@ -152,7 +152,7 @@ public class RuleOperations { private static void checkPermission(UserSession userSession) { userSession.checkLoggedIn(); - userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); } public static class RuleChange { diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/RuleService.java b/server/sonar-server/src/main/java/org/sonar/server/rule/RuleService.java index ca4fd8916c3..7fec614cf8f 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/RuleService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/RuleService.java @@ -22,12 +22,10 @@ package org.sonar.server.rule; import java.util.Collection; import java.util.List; import java.util.Set; - import javax.annotation.CheckForNull; import javax.annotation.Nullable; - -import org.sonar.api.server.ServerSide; import org.sonar.api.rule.RuleKey; +import org.sonar.api.server.ServerSide; import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.rule.index.RuleIndex; @@ -115,6 +113,6 @@ public class RuleService { private void checkPermission() { userSession.checkLoggedIn(); - userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java index 848de3ad0fd..7ba5a83623d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java @@ -91,7 +91,7 @@ public class AppAction implements RulesWsAction { } private void addPermissions(JsonWriter json) { - json.prop("canWrite", userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)); + json.prop("canWrite", userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)); } private void addProfiles(JsonWriter json) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/source/ws/HashAction.java b/server/sonar-server/src/main/java/org/sonar/server/source/ws/HashAction.java index bebcb81af14..2fc22e10b7b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/source/ws/HashAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/source/ws/HashAction.java @@ -70,7 +70,7 @@ public class HashAction implements SourcesWsAction { try { final String componentKey = request.mandatoryParam("key"); final ComponentDto component = componentFinder.getByKey(session, componentKey); - userSession.checkProjectUuidPermission(UserRole.USER, component.projectUuid()); + userSession.checkComponentUuidPermission(UserRole.USER, component.projectUuid()); response.stream().setMediaType("text/plain"); OutputStreamWriter writer = new OutputStreamWriter(response.stream().output(), StandardCharsets.UTF_8); diff --git a/server/sonar-server/src/main/java/org/sonar/server/source/ws/LinesAction.java b/server/sonar-server/src/main/java/org/sonar/server/source/ws/LinesAction.java index fbccd75a2b3..a78bff7706e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/source/ws/LinesAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/source/ws/LinesAction.java @@ -115,7 +115,7 @@ public class LinesAction implements SourcesWsAction { DbSession dbSession = dbClient.openSession(false); try { ComponentDto file = componentFinder.getByUuidOrKey(dbSession, request.param(PARAM_UUID), request.param(PARAM_KEY), UUID_AND_KEY); - userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); + userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); int from = request.mandatoryParamAsInt(PARAM_FROM); int to = Objects.firstNonNull(request.paramAsInt(PARAM_TO), Integer.MAX_VALUE); diff --git a/server/sonar-server/src/main/java/org/sonar/server/source/ws/RawAction.java b/server/sonar-server/src/main/java/org/sonar/server/source/ws/RawAction.java index b291c0b2c83..8b2f75d9aac 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/source/ws/RawAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/source/ws/RawAction.java @@ -70,7 +70,7 @@ public class RawAction implements SourcesWsAction { DbSession dbSession = dbClient.openSession(false); try { ComponentDto file = componentFinder.getByKey(dbSession, fileKey); - userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); + userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); Optional> lines = sourceService.getLinesAsRawText(dbSession, file.uuid(), 1, Integer.MAX_VALUE); response.stream().setMediaType("text/plain"); diff --git a/server/sonar-server/src/main/java/org/sonar/server/source/ws/ScmAction.java b/server/sonar-server/src/main/java/org/sonar/server/source/ws/ScmAction.java index 432b1802512..e9c28c52bce 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/source/ws/ScmAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/source/ws/ScmAction.java @@ -104,7 +104,7 @@ public class ScmAction implements SourcesWsAction { DbSession dbSession = dbClient.openSession(false); try { ComponentDto file = componentFinder.getByKey(dbSession, fileKey); - userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); + userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); Optional> sourceLines = sourceService.getLines(dbSession, file.uuid(), from, to); if (!sourceLines.isPresent()) { throw new NotFoundException(String.format("File '%s' has no sources", fileKey)); diff --git a/server/sonar-server/src/main/java/org/sonar/server/source/ws/ShowAction.java b/server/sonar-server/src/main/java/org/sonar/server/source/ws/ShowAction.java index 3b5fa8b7794..75418ca1ad5 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/source/ws/ShowAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/source/ws/ShowAction.java @@ -89,7 +89,7 @@ public class ShowAction implements SourcesWsAction { DbSession dbSession = dbClient.openSession(false); try { ComponentDto file = componentFinder.getByKey(dbSession, fileKey); - userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); + userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); Optional> linesHtml = sourceService.getLinesAsHtml(dbSession, file.uuid(), from, to); if (linesHtml.isPresent()) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/test/CoverageService.java b/server/sonar-server/src/main/java/org/sonar/server/test/CoverageService.java index 797f7f6792d..936f1a94519 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/test/CoverageService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/test/CoverageService.java @@ -22,14 +22,14 @@ package org.sonar.server.test; import com.google.common.collect.Maps; import java.util.Map; import javax.annotation.CheckForNull; -import org.sonar.api.server.ServerSide; import org.sonar.api.measures.CoreMetrics; +import org.sonar.api.server.ServerSide; import org.sonar.api.utils.KeyValueFormat; import org.sonar.api.web.UserRole; -import org.sonar.db.measure.MeasureDto; import org.sonar.db.DbSession; import org.sonar.db.MyBatis; import org.sonar.db.measure.MeasureDao; +import org.sonar.db.measure.MeasureDto; import org.sonar.server.user.UserSession; @ServerSide diff --git a/server/sonar-server/src/main/java/org/sonar/server/test/ws/ListAction.java b/server/sonar-server/src/main/java/org/sonar/server/test/ws/ListAction.java index eeba1956ecf..864ef190d21 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/test/ws/ListAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/test/ws/ListAction.java @@ -236,6 +236,6 @@ public class ListAction implements TestsWsAction { private void checkComponentUuidPermission(DbSession dbSession, String componentUuid) { ComponentDto component = dbClient.componentDao().selectOrFailByUuid(dbSession, componentUuid); - userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, component.projectUuid()); + userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, component.projectUuid()); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ViewProxy.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ViewProxy.java index c1dfe26ae59..1110726f388 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ui/ViewProxy.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ViewProxy.java @@ -278,7 +278,7 @@ public class ViewProxy implements Comparable { public boolean isUserAuthorized() { boolean authorized = userRoles.length == 0; for (String userRole : getUserRoles()) { - authorized |= userSession.hasGlobalPermission(userRole); + authorized |= userSession.hasPermission(userRole); } return authorized; } @@ -286,7 +286,7 @@ public class ViewProxy implements Comparable { public boolean isUserAuthorized(ComponentDto component) { boolean authorized = userRoles.length == 0; for (String userRole : getUserRoles()) { - authorized |= userSession.hasProjectPermissionByUuid(userRole, component.uuid()); + authorized |= userSession.hasComponentUuidPermission(userRole, component.uuid()); } return authorized; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentNavigationAction.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentNavigationAction.java index 5eb90e93c1e..20e3423dc55 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentNavigationAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentNavigationAction.java @@ -112,7 +112,7 @@ public class ComponentNavigationAction implements NavigationWsAction { try { ComponentDto component = componentFinder.getByKey(session, componentKey); - userSession.checkProjectUuidPermission(UserRole.USER, component.projectUuid()); + userSession.checkComponentUuidPermission(UserRole.USER, component.projectUuid()); SnapshotDto snapshot = dbClient.snapshotDao().selectLastSnapshotByComponentId(session, component.getId()); @@ -120,7 +120,7 @@ public class ComponentNavigationAction implements NavigationWsAction { json.beginObject(); writeComponent(json, session, component, snapshot, userSession); - if (userSession.hasProjectPermissionByUuid(UserRole.ADMIN, component.projectUuid()) || userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)) { + if (userSession.hasComponentUuidPermission(UserRole.ADMIN, component.projectUuid()) || userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)) { writeConfiguration(json, component, userSession); } @@ -210,7 +210,7 @@ public class ComponentNavigationAction implements NavigationWsAction { } private void writeConfiguration(JsonWriter json, ComponentDto component, UserSession userSession) { - boolean isAdmin = userSession.hasProjectPermissionByUuid(UserRole.ADMIN, component.projectUuid()); + boolean isAdmin = userSession.hasComponentUuidPermission(UserRole.ADMIN, component.projectUuid()); Locale locale = userSession.locale(); json.name("configuration").beginObject(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/SettingsNavigationAction.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/SettingsNavigationAction.java index 685eafaa2cb..48ef2abadca 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/SettingsNavigationAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/SettingsNavigationAction.java @@ -63,11 +63,11 @@ public class SettingsNavigationAction implements NavigationWsAction { @Override public void handle(Request request, Response response) throws Exception { - boolean isAdmin = userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + boolean isAdmin = userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN); JsonWriter json = response.newJsonWriter().beginObject(); json.prop("showUpdateCenter", isAdmin && settings.getBoolean(UpdateCenterClient.ACTIVATION_PROPERTY)); - json.prop("showProvisioning", userSession.hasGlobalPermission(GlobalPermissions.PROVISIONING)); + json.prop("showProvisioning", userSession.hasPermission(GlobalPermissions.PROVISIONING)); json.name("extensions").beginArray(); if (isAdmin) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java index 01328aaab30..60a531c3055 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java @@ -130,20 +130,15 @@ public abstract class AbstractUserSession impleme } @Override - public UserSession checkGlobalPermission(String globalPermission) { - return checkGlobalPermission(globalPermission, null); - } - - @Override - public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) { - if (!hasGlobalPermission(globalPermission)) { - throw new ForbiddenException(errorMessage != null ? errorMessage : INSUFFICIENT_PRIVILEGES_MESSAGE); + public UserSession checkPermission(String globalPermission) { + if (!hasPermission(globalPermission)) { + throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); } return this; } @Override - public UserSession checkAnyGlobalPermissions(Collection globalPermissionsToTest) { + public UserSession checkAnyPermissions(Collection globalPermissionsToTest) { List userGlobalPermissions = globalPermissions(); for (String userGlobalPermission : userGlobalPermissions) { if (globalPermissionsToTest.contains(userGlobalPermission)) { @@ -155,26 +150,10 @@ public abstract class AbstractUserSession impleme } @Override - public boolean hasGlobalPermission(String globalPermission) { + public boolean hasPermission(String globalPermission) { return globalPermissions().contains(globalPermission); } - @Override - public UserSession checkProjectPermission(String projectPermission, String projectKey) { - if (!hasProjectPermission(projectPermission, projectKey)) { - throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); - } - return this; - } - - @Override - public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) { - if (!hasProjectPermissionByUuid(projectPermission, projectUuid)) { - throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); - } - return this; - } - @Override public UserSession checkComponentPermission(String projectPermission, String componentKey) { if (!hasComponentPermission(projectPermission, componentKey)) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/AnonymousUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/AnonymousUserSession.java index e3e87a3853c..63d38a78515 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/AnonymousUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/AnonymousUserSession.java @@ -34,16 +34,6 @@ public final class AnonymousUserSession extends AbstractUserSession - implements UserSession { - - private static final Logger LOG = Loggers.get(ServerUserSession.class); + implements UserSession { private Map projectKeyByComponentKey = newHashMap(); @@ -63,18 +58,13 @@ public class ServerUserSession extends AbstractUserSession List permissionKeys = authorizationDao.selectGlobalPermissions(login); globalPermissions = new ArrayList<>(); for (String permissionKey : permissionKeys) { - if (!GlobalPermissions.ALL.contains(permissionKey)) { - LOG.warn("Ignoring unknown permission {} for user {}", permissionKey, login); - } else { - globalPermissions.add(permissionKey); - } + globalPermissions.add(permissionKey); } } return globalPermissions; } - @Override - public boolean hasProjectPermission(String permission, String projectKey) { + private boolean hasProjectPermission(String permission, String projectKey) { if (!projectPermissionsCheckedByKey.contains(permission)) { Collection projectKeys = authorizationDao.selectAuthorizedRootProjectsKeys(userId, permission); for (String key : projectKeys) { @@ -85,8 +75,8 @@ public class ServerUserSession extends AbstractUserSession return projectKeyByPermission.get(permission).contains(projectKey); } - @Override - public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { + // To keep private + private boolean hasProjectPermissionByUuid(String permission, String projectUuid) { if (!projectPermissionsCheckedByUuid.contains(permission)) { Collection projectUuids = authorizationDao.selectAuthorizedRootProjectsUuids(userId, permission); addProjectPermission(permission, projectUuids); @@ -103,6 +93,10 @@ public class ServerUserSession extends AbstractUserSession @Override public boolean hasComponentPermission(String permission, String componentKey) { + if (hasPermission(permission)) { + return true; + } + String projectKey = projectKeyByComponentKey.get(componentKey); if (projectKey == null) { ResourceDto project = resourceDao.getRootProjectByComponentKey(componentKey); @@ -121,6 +115,10 @@ public class ServerUserSession extends AbstractUserSession @Override public boolean hasComponentUuidPermission(String permission, String componentUuid) { + if (hasPermission(permission)) { + return true; + } + String projectUuid = projectUuidByComponentUuid.get(componentUuid); if (projectUuid == null) { ResourceDto project = resourceDao.selectResource(componentUuid); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java index 23e7724c7cf..b871a8aa769 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java @@ -25,7 +25,6 @@ import java.util.List; import java.util.Locale; import java.util.Set; import javax.annotation.CheckForNull; -import javax.annotation.Nullable; /** * Part of the current HTTP session @@ -89,23 +88,18 @@ public class ThreadLocalUserSession implements UserSession { } @Override - public UserSession checkGlobalPermission(String globalPermission) { - return get().checkGlobalPermission(globalPermission); + public UserSession checkPermission(String globalPermission) { + return get().checkPermission(globalPermission); } @Override - public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) { - return get().checkGlobalPermission(globalPermission, errorMessage); + public UserSession checkAnyPermissions(Collection globalPermissions) { + return get().checkAnyPermissions(globalPermissions); } @Override - public UserSession checkAnyGlobalPermissions(Collection globalPermissions) { - return get().checkAnyGlobalPermissions(globalPermissions); - } - - @Override - public boolean hasGlobalPermission(String globalPermission) { - return get().hasGlobalPermission(globalPermission); + public boolean hasPermission(String globalPermission) { + return get().hasPermission(globalPermission); } @Override @@ -113,26 +107,6 @@ public class ThreadLocalUserSession implements UserSession { return get().globalPermissions(); } - @Override - public UserSession checkProjectPermission(String projectPermission, String projectKey) { - return get().checkProjectPermission(projectPermission, projectKey); - } - - @Override - public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) { - return get().checkProjectUuidPermission(projectPermission, projectUuid); - } - - @Override - public boolean hasProjectPermission(String permission, String projectKey) { - return get().hasProjectPermission(permission, projectKey); - } - - @Override - public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { - return get().hasProjectPermissionByUuid(permission, projectUuid); - } - @Override public UserSession checkComponentPermission(String projectPermission, String componentKey) { return get().checkComponentPermission(projectPermission, componentKey); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java index af853a2cc96..a926ee1de9e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java @@ -24,7 +24,6 @@ import java.util.List; import java.util.Locale; import java.util.Set; import javax.annotation.CheckForNull; -import javax.annotation.Nullable; public interface UserSession { @CheckForNull @@ -50,64 +49,48 @@ public interface UserSession { /** * Ensures that user implies the specified global permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. */ - UserSession checkGlobalPermission(String globalPermission); - - /** - * Ensures that user implies the specified global permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException} with - * the specified error message. - */ - UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage); + UserSession checkPermission(String globalPermission); /** * Ensures that user implies any of the specified global permissions, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException} with * the specified error message. */ - UserSession checkAnyGlobalPermissions(Collection globalPermissions); + UserSession checkAnyPermissions(Collection globalPermissions); /** * Does the user have the given permission ? */ - boolean hasGlobalPermission(String globalPermission); + boolean hasPermission(String globalPermission); List globalPermissions(); /** - * Ensures that user implies the specified project permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. - */ - UserSession checkProjectPermission(String projectPermission, String projectKey); - - /** - * Ensures that user implies the specified project permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. - */ - UserSession checkProjectUuidPermission(String projectPermission, String projectUuid); - - /** - * Does the user have the given project permission ? - */ - boolean hasProjectPermission(String permission, String projectKey); - - /** - * Does the user have the given project permission ? - */ - boolean hasProjectPermissionByUuid(String permission, String projectUuid); - - /** - * Ensures that user implies the specified project permission on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. + * Ensures that user implies the specified permission globally or on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. + * If the component doesn't exist and the user hasn't the global permission, throws a {@link org.sonar.server.exceptions.ForbiddenException}. */ UserSession checkComponentPermission(String projectPermission, String componentKey); /** - * Ensures that user implies the specified component permission on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. + * Ensures that user implies the specified component permission globally or on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. + * If the component doesn't exist and the user hasn't the global permission, throws a {@link org.sonar.server.exceptions.ForbiddenException}. */ UserSession checkComponentUuidPermission(String permission, String componentUuid); /** - * Does the user have the given project permission for a component key ? + * Does the user have the given permission for a component key ? + * + * First, check if the user has the global permission (even if the component doesn't exist) + * If not, check is the user has the permission on the project of the component + * If the component doesn't exist, return false */ boolean hasComponentPermission(String permission, String componentKey); /** * Does the user have the given project permission for a component uuid ? + + * First, check if the user has the global permission (even if the component doesn't exist) + * If not, check is the user has the permission on the project of the component + * If the component doesn't exist, return false */ boolean hasComponentUuidPermission(String permission, String componentUuid); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java index f68e1454e96..f08e31ad6c7 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java @@ -76,7 +76,7 @@ public class ChangePasswordAction implements UsersWsAction { String previousPassword = request.mandatoryParam(PARAM_PREVIOUS_PASSWORD); userUpdater.checkCurrentPassword(login, previousPassword); } else { - userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); } String password = request.mandatoryParam(PARAM_PASSWORD); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java index b4978c411b3..4a920b8a90d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java @@ -91,7 +91,7 @@ public class CreateAction implements UsersWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); String login = request.mandatoryParam(PARAM_LOGIN); String password = request.mandatoryParam(PARAM_PASSWORD); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java index 12b3e0849e0..97a66d498e9 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java @@ -28,9 +28,9 @@ import org.sonar.api.server.ws.WebService; import org.sonar.api.server.ws.WebService.NewAction; import org.sonar.api.utils.text.JsonWriter; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.MyBatis; -import org.sonar.db.DbClient; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.user.UserSession; import org.sonar.server.user.UserUpdater; @@ -71,7 +71,7 @@ public class DeactivateAction implements UsersWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); String login = request.mandatoryParam(PARAM_LOGIN); if (login.equals(userSession.getLogin())) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/GroupsAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/GroupsAction.java index d0ed66fd082..f0bc07b125a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/GroupsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/GroupsAction.java @@ -78,7 +78,7 @@ public class GroupsAction implements UsersWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); String login = request.mandatoryParam(PARAM_LOGIN); int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java index 2fceb50620a..b9012cc05f7 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java @@ -27,9 +27,9 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.text.JsonWriter; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.MyBatis; -import org.sonar.db.DbClient; import org.sonar.server.user.UpdateUser; import org.sonar.server.user.UserSession; import org.sonar.server.user.UserUpdater; @@ -89,7 +89,7 @@ public class UpdateAction implements UsersWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); String login = request.mandatoryParam(PARAM_LOGIN); UpdateUser updateUser = UpdateUser.create(login); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java index 6c3f910a045..1f485e5e559 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java @@ -76,7 +76,7 @@ public class UserJsonWriter { } private void writeGroupsIfNeeded(JsonWriter json, Collection groups, @Nullable Collection fields) { - if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) { + if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) { json.name(FIELD_GROUPS).beginArray(); for (String groupName : groups) { json.value(groupName); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java index e0b15f214a4..c8656b1b4dd 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java @@ -68,7 +68,7 @@ public class AddUserAction implements UserGroupsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); String login = request.mandatoryParam(PARAM_LOGIN); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java index 6ae33a47c1a..db5339a1ea9 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java @@ -70,7 +70,7 @@ public class CreateAction implements UserGroupsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); String name = request.mandatoryParam(PARAM_NAME); String description = request.param(PARAM_DESCRIPTION); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java index 37761633bf9..d3a6a49628c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java @@ -67,7 +67,7 @@ public class DeleteAction implements UserGroupsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); WsGroupRef groupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java index a2efef2159f..9b6a67d210a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java @@ -68,7 +68,7 @@ public class RemoveUserAction implements UserGroupsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); String login = request.mandatoryParam(PARAM_LOGIN); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java index 5cbb234de96..2417f4672ad 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java @@ -77,7 +77,7 @@ public class UpdateAction implements UserGroupsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); Long groupId = request.mandatoryParamAsLong(PARAM_ID); String name = request.param(PARAM_NAME); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java index e4d6e2bdfcb..7a2d5759328 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java @@ -73,7 +73,7 @@ public class UsersAction implements UserGroupsWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java index aaa5da2177f..df13cbe662c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java @@ -85,7 +85,7 @@ public class GenerateAction implements UserTokensWsAction { } private WsUserTokens.GenerateWsResponse doHandle(GenerateWsRequest request) { - userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); DbSession dbSession = dbClient.openSession(false); try { diff --git a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/RevokeAction.java b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/RevokeAction.java index bad78873620..c6d3d6b4716 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/RevokeAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/RevokeAction.java @@ -68,7 +68,7 @@ public class RevokeAction implements UserTokensWsAction { } private void doHandle(RevokeWsRequest request) { - userSession.checkLoggedIn().checkGlobalPermission(SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(SYSTEM_ADMIN); DbSession dbSession = dbClient.openSession(false); try { diff --git a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/SearchAction.java index fdc7df40519..36e18e7a545 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/SearchAction.java @@ -70,7 +70,7 @@ public class SearchAction implements UserTokensWsAction { } private SearchWsResponse doHandle(SearchWsRequest request) { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); DbSession dbSession = dbClient.openSession(false); try { diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/SetSeverityActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/SetSeverityActionTest.java index 35f190014b6..48297375b9d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/issue/SetSeverityActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/issue/SetSeverityActionTest.java @@ -25,12 +25,12 @@ import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.sonar.api.issue.Issue; +import org.sonar.api.web.UserRole; import org.sonar.core.issue.DefaultIssue; import org.sonar.core.issue.IssueChangeContext; -import org.sonar.api.web.UserRole; import org.sonar.core.issue.IssueUpdater; -import org.sonar.server.tester.UserSessionRule; import org.sonar.server.tester.AnonymousMockUserSession; +import org.sonar.server.tester.UserSessionRule; import org.sonar.server.user.UserSession; import static com.google.common.collect.Maps.newHashMap; @@ -89,14 +89,14 @@ public class SetSeverityActionTest { @Test public void should_support_only_unresolved_issues() { - when(userSessionMock.hasProjectPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); + when(userSessionMock.hasComponentPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(null))).isTrue(); assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(Issue.RESOLUTION_FIXED))).isFalse(); } @Test public void should_support_only_issues_with_issue_admin_permission() { - when(userSessionMock.hasProjectPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); + when(userSessionMock.hasComponentPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(null))).isTrue(); assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar2").setResolution(null))).isFalse(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/actionplan/ActionPlanServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/actionplan/ActionPlanServiceTest.java index 98161d714cc..d52ff893907 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/issue/actionplan/ActionPlanServiceTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/issue/actionplan/ActionPlanServiceTest.java @@ -88,10 +88,11 @@ public class ActionPlanServiceTest { @Mock IssueStorage issueStorage; - String projectKey = "org.sonar.Sample"; + static final String PROJECT_KEY = "org.sonar.Sample"; + static final String PROJECT_UUID = "ABCD"; - UserSession projectAdministratorUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.ADMIN, projectKey); - UserSession projectUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.USER, projectKey); + UserSession projectAdministratorUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.ADMIN, PROJECT_KEY); + UserSession projectUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.USER, PROJECT_KEY); UserSession unauthorizedUserSession = new MockUserSession("nicolas").setName("Nicolas"); private ActionPlanService actionPlanService; @@ -105,7 +106,7 @@ public class ActionPlanServiceTest { @Test public void create() { - when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); + when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setUuid(PROJECT_UUID).setId(1l)); ActionPlan actionPlan = DefaultActionPlan.create("Long term"); actionPlanService.create(actionPlan, projectAdministratorUserSession); @@ -114,7 +115,7 @@ public class ActionPlanServiceTest { @Test public void create_required_admin_role() { - when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); + when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); ActionPlan actionPlan = DefaultActionPlan.create("Long term"); try { @@ -128,8 +129,8 @@ public class ActionPlanServiceTest { @Test public void set_status() { - when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); - when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); + when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); + when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); ActionPlan result = actionPlanService.setStatus("ABCD", "CLOSED", projectAdministratorUserSession); verify(actionPlanDao).update(any(ActionPlanDto.class)); @@ -140,7 +141,7 @@ public class ActionPlanServiceTest { @Test public void update() { - when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); + when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); ActionPlan actionPlan = DefaultActionPlan.create("Long term"); actionPlanService.update(actionPlan, projectAdministratorUserSession); @@ -149,16 +150,16 @@ public class ActionPlanServiceTest { @Test public void delete() { - when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); - when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); + when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); + when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); actionPlanService.delete("ABCD", projectAdministratorUserSession); verify(actionPlanDao).delete("ABCD"); } @Test public void unplan_all_linked_issues_when_deleting_an_action_plan() { - when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); - when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); + when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); + when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); IssueDto issueDto = new IssueDto().setId(100L).setStatus(Issue.STATUS_OPEN).setRuleKey("squid", "s100").setIssueCreationDate(new Date()); when(issueDao.selectByActionPlan(session, "ABCD")).thenReturn(newArrayList(issueDto)); @@ -173,8 +174,8 @@ public class ActionPlanServiceTest { @Test public void find_by_key() { - when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); - when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); + when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); + when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); ActionPlan result = actionPlanService.findByKey("ABCD", projectUserSession); assertThat(result).isNotNull(); @@ -197,20 +198,20 @@ public class ActionPlanServiceTest { @Test public void find_open_by_project_key() { - when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); + when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); when(actionPlanDao.selectOpenByProjectId(1l)).thenReturn(newArrayList(new ActionPlanDto().setKey("ABCD"))); - Collection results = actionPlanService.findOpenByProjectKey(projectKey, projectUserSession); + Collection results = actionPlanService.findOpenByProjectKey(PROJECT_KEY, projectUserSession); assertThat(results).hasSize(1); assertThat(results.iterator().next().key()).isEqualTo("ABCD"); } @Test public void find_open_by_project_key_required_user_role() { - when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); + when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); when(actionPlanDao.selectOpenByProjectId(1l)).thenReturn(newArrayList(new ActionPlanDto().setKey("ABCD"))); try { - actionPlanService.findOpenByProjectKey(projectKey, unauthorizedUserSession); + actionPlanService.findOpenByProjectKey(PROJECT_KEY, unauthorizedUserSession); fail(); } catch (Exception e) { assertThat(e).isInstanceOf(ForbiddenException.class); @@ -226,10 +227,10 @@ public class ActionPlanServiceTest { @Test public void find_action_plan_stats() { - when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setId(1L).setKey(projectKey)); + when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setId(1L).setKey(PROJECT_KEY)); when(actionPlanStatsDao.selectByProjectId(1L)).thenReturn(newArrayList(new ActionPlanStatsDto())); - Collection results = actionPlanService.findActionPlanStats(projectKey, projectUserSession); + Collection results = actionPlanService.findActionPlanStats(PROJECT_KEY, projectUserSession); assertThat(results).hasSize(1); } @@ -237,7 +238,7 @@ public class ActionPlanServiceTest { public void throw_exception_if_project_not_found_when_find_open_action_plan_stats() { when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(null); - actionPlanService.findActionPlanStats(projectKey, projectUserSession); + actionPlanService.findActionPlanStats(PROJECT_KEY, projectUserSession); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java b/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java index c419644871e..76ab980286d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java @@ -99,12 +99,18 @@ public class MockUserSession extends AbstractUserSession implem public MockUserSession addProjectPermissions(String projectPermission, String... projectKeys) { this.projectPermissionsCheckedByKey.add(projectPermission); this.projectKeyByPermission.putAll(projectPermission, newArrayList(projectKeys)); + for (String projectKey : projectKeys) { + this.projectKeyByComponentKey.put(projectKey, projectKey); + } return this; } public MockUserSession addProjectUuidPermissions(String projectPermission, String... projectUuids) { this.projectPermissionsCheckedByUuid.add(projectPermission); this.projectUuidByPermission.putAll(projectPermission, newArrayList(projectUuids)); + for (String projectUuid : projectUuids) { + this.projectUuidByComponentUuid.put(projectUuid, projectUuid); + } return this; } @@ -129,25 +135,23 @@ public class MockUserSession extends AbstractUserSession implem return globalPermissions; } - @Override - public boolean hasProjectPermission(String permission, String projectKey) { - return projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey); - } - - @Override - public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { - return projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid); - } - @Override public boolean hasComponentPermission(String permission, String componentKey) { String projectKey = projectKeyByComponentKey.get(componentKey); return projectKey != null && hasProjectPermission(permission, projectKey); } + private boolean hasProjectPermission(String permission, String projectKey) { + return hasPermission(permission) || (projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey)); + } + @Override public boolean hasComponentUuidPermission(String permission, String componentUuid) { String projectUuid = projectUuidByComponentUuid.get(componentUuid); return projectUuid != null && hasProjectPermissionByUuid(permission, projectUuid); } + + private boolean hasProjectPermissionByUuid(String permission, String projectUuid) { + return hasPermission(permission) || (projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid)); + } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java index f23590957d5..fd2b6c4482f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java @@ -221,16 +221,6 @@ public class UserSessionRule implements TestRule, UserSession { return currentUserSession.globalPermissions(); } - @Override - public boolean hasProjectPermission(String permission, String projectKey) { - return currentUserSession.hasProjectPermission(permission, projectKey); - } - - @Override - public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { - return currentUserSession.hasProjectPermissionByUuid(permission, projectUuid); - } - @Override public boolean hasComponentPermission(String permission, String componentKey) { return currentUserSession.hasComponentPermission(permission, componentKey); @@ -280,33 +270,18 @@ public class UserSessionRule implements TestRule, UserSession { } @Override - public UserSession checkGlobalPermission(String globalPermission) { - return currentUserSession.checkGlobalPermission(globalPermission); - } - - @Override - public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) { - return currentUserSession.checkGlobalPermission(globalPermission, errorMessage); - } - - @Override - public UserSession checkAnyGlobalPermissions(Collection globalPermissions) { - return currentUserSession.checkAnyGlobalPermissions(globalPermissions); - } - - @Override - public boolean hasGlobalPermission(String globalPermission) { - return currentUserSession.hasGlobalPermission(globalPermission); + public UserSession checkPermission(String globalPermission) { + return currentUserSession.checkPermission(globalPermission); } @Override - public UserSession checkProjectPermission(String projectPermission, String projectKey) { - return currentUserSession.checkProjectPermission(projectPermission, projectKey); + public UserSession checkAnyPermissions(Collection globalPermissions) { + return currentUserSession.checkAnyPermissions(globalPermissions); } @Override - public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) { - return currentUserSession.checkProjectUuidPermission(projectPermission, projectUuid); + public boolean hasPermission(String globalPermission) { + return currentUserSession.hasPermission(globalPermission); } @Override diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/DoPrivilegedTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/DoPrivilegedTest.java index d6de7f11570..606407b99c7 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/DoPrivilegedTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/DoPrivilegedTest.java @@ -46,8 +46,8 @@ public class DoPrivilegedTest { // verify the session used inside Privileged task assertThat(catcher.userSession.isLoggedIn()).isFalse(); - assertThat(catcher.userSession.hasGlobalPermission("any permission")).isTrue(); - assertThat(catcher.userSession.hasProjectPermission("any permission", "any project")).isTrue(); + assertThat(catcher.userSession.hasPermission("any permission")).isTrue(); + assertThat(catcher.userSession.hasComponentPermission("any permission", "any project")).isTrue(); // verify session in place after task is done assertThat(threadLocalUserSession.get()).isSameAs(session); @@ -72,8 +72,8 @@ public class DoPrivilegedTest { // verify the session used inside Privileged task assertThat(catcher.userSession.isLoggedIn()).isFalse(); - assertThat(catcher.userSession.hasGlobalPermission("any permission")).isTrue(); - assertThat(catcher.userSession.hasProjectPermission("any permission", "any project")).isTrue(); + assertThat(catcher.userSession.hasPermission("any permission")).isTrue(); + assertThat(catcher.userSession.hasComponentPermission("any permission", "any project")).isTrue(); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java index 47d403671f2..7b4492f2888 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java @@ -22,12 +22,12 @@ package org.sonar.server.user; import java.util.Arrays; import org.junit.Test; import org.sonar.api.web.UserRole; -import org.sonar.db.component.ComponentDto; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.component.ComponentDto; +import org.sonar.db.component.ComponentTesting; import org.sonar.db.component.ResourceDao; import org.sonar.db.component.ResourceDto; import org.sonar.db.user.AuthorizationDao; -import org.sonar.db.component.ComponentTesting; import org.sonar.server.exceptions.ForbiddenException; import static com.google.common.collect.Lists.newArrayList; @@ -36,6 +36,12 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; public class ServerUserSessionTest { + static final String LOGIN = "marius"; + static final String PROJECT_KEY = "com.foo:Bar"; + static final String PROJECT_UUID = "ABCD"; + static final String FILE_KEY = "com.foo:Bar:BarFile.xoo"; + static final String FILE_UUID = "BCDE"; + AuthorizationDao authorizationDao = mock(AuthorizationDao.class); ResourceDao resourceDao = mock(ResourceDao.class); @@ -48,125 +54,118 @@ public class ServerUserSessionTest { @Test public void has_global_permission() { - UserSession session = newServerUserSession().setLogin("marius"); + UserSession session = newServerUserSession().setLogin(LOGIN); - when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); + when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin")); - assertThat(session.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)).isTrue(); - assertThat(session.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)).isTrue(); - assertThat(session.hasGlobalPermission(GlobalPermissions.DASHBOARD_SHARING)).isFalse(); + assertThat(session.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)).isTrue(); + assertThat(session.hasPermission(GlobalPermissions.SYSTEM_ADMIN)).isTrue(); + assertThat(session.hasPermission(GlobalPermissions.DASHBOARD_SHARING)).isFalse(); } @Test public void check_global_Permission_ok() { - UserSession session = newServerUserSession().setLogin("marius"); + UserSession session = newServerUserSession().setLogin(LOGIN); - when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); + when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin")); - session.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); + session.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); } @Test(expected = ForbiddenException.class) public void check_global_Permission_ko() { - UserSession session = newServerUserSession().setLogin("marius"); + UserSession session = newServerUserSession().setLogin(LOGIN); - when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); + when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin")); - session.checkGlobalPermission(GlobalPermissions.DASHBOARD_SHARING); + session.checkPermission(GlobalPermissions.DASHBOARD_SHARING); } @Test - public void has_project_permission() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); - when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); - - assertThat(session.hasProjectPermission(UserRole.USER, "com.foo:Bar")).isTrue(); - assertThat(session.hasProjectPermission(UserRole.CODEVIEWER, "com.foo:Bar")).isFalse(); - assertThat(session.hasProjectPermission(UserRole.ADMIN, "com.foo:Bar")).isFalse(); - } + public void has_component_permission() { + UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); - @Test - public void has_project_permission_by_uuid() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); - when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList("ABCD")); + String componentKey = FILE_KEY; + when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey)); + when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(componentKey)); - assertThat(session.hasProjectPermissionByUuid(UserRole.USER, "ABCD")).isTrue(); - assertThat(session.hasProjectPermissionByUuid(UserRole.CODEVIEWER, "ABCD")).isFalse(); - assertThat(session.hasProjectPermissionByUuid(UserRole.ADMIN, "ABCD")).isFalse(); + assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue(); + assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse(); + assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse(); } @Test - public void check_project_permission_ok() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); - when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); + public void has_component_uuid_permission() { + UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); - session.checkProjectPermission(UserRole.USER, "com.foo:Bar"); - } - - @Test(expected = ForbiddenException.class) - public void check_project_permission_ko() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); - when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar2")); + String componentUuid = FILE_UUID; + when(resourceDao.selectResource(componentUuid)).thenReturn(new ResourceDto().setUuid(componentUuid).setProjectUuid(PROJECT_UUID)); + when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_UUID)); - session.checkProjectPermission(UserRole.USER, "com.foo:Bar"); + assertThat(session.hasComponentUuidPermission(UserRole.USER, componentUuid)).isTrue(); + assertThat(session.hasComponentUuidPermission(UserRole.CODEVIEWER, componentUuid)).isFalse(); + assertThat(session.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)).isFalse(); } @Test - public void check_project_uuid_permission_ok() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); + public void has_component_permission_with_only_global_permission() { + UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); - ComponentDto project = ComponentTesting.newProjectDto(); - when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); + String componentKey = FILE_KEY; + when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey)); + when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER)); - session.checkProjectUuidPermission(UserRole.USER, project.uuid()); + assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue(); + assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse(); + assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse(); } - @Test(expected = ForbiddenException.class) - public void check_project_uuid_permission_ko() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); + @Test + public void has_component_uuid_permission_with_only_global_permission() { + UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); - ComponentDto project = ComponentTesting.newProjectDto(); - when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); + String componentUuid = FILE_UUID; + when(resourceDao.selectResource(componentUuid)).thenReturn(new ResourceDto().setUuid(componentUuid).setProjectUuid(PROJECT_UUID)); + when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER)); - session.checkProjectUuidPermission(UserRole.USER, "another project"); + assertThat(session.hasComponentUuidPermission(UserRole.USER, componentUuid)).isTrue(); + assertThat(session.hasComponentUuidPermission(UserRole.CODEVIEWER, componentUuid)).isFalse(); + assertThat(session.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)).isFalse(); } @Test - public void has_component_permission() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); + public void check_component_key_permission_ok() { + UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); - String componentKey = "com.foo:Bar:BarFile.xoo"; - when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey)); - when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(componentKey)); + when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey(PROJECT_KEY)); + when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_KEY)); - assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue(); - assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse(); - assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse(); + session.checkComponentPermission(UserRole.USER, FILE_KEY); } @Test - public void check_component_key_permission_ok() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); + public void check_component_key_permission_with_only_global_permission_ok() { + UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); - when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(new ResourceDto().setKey("com.foo:Bar")); - when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); + when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey(PROJECT_KEY)); + when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER)); - session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo"); + session.checkComponentPermission(UserRole.USER, FILE_KEY); } @Test(expected = ForbiddenException.class) public void check_component_key_permission_ko() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); + UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); - when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(new ResourceDto().setKey("com.foo:Bar2")); - when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); + when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey("com.foo:Bar2")); + when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_KEY)); - session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo"); + session.checkComponentPermission(UserRole.USER, FILE_KEY); } @Test public void check_component_uuid_permission_ok() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); + UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); ComponentDto project = ComponentTesting.newProjectDto(); ComponentDto file = ComponentTesting.newFileDto(project, "file-uuid"); @@ -178,10 +177,9 @@ public class ServerUserSessionTest { @Test(expected = ForbiddenException.class) public void check_component_uuid_permission_ko() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); + UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); ComponentDto project = ComponentTesting.newProjectDto(); - ComponentDto file = ComponentTesting.newFileDto(project, "file-uuid"); when(resourceDao.selectResource("file-uuid")).thenReturn(new ResourceDto().setProjectUuid(project.uuid())); when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); @@ -190,16 +188,16 @@ public class ServerUserSessionTest { @Test(expected = ForbiddenException.class) public void check_component_key_permission_when_project_not_found() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); + UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); - when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(null); + when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(null); - session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo"); + session.checkComponentPermission(UserRole.USER, FILE_KEY); } @Test(expected = ForbiddenException.class) public void check_component_dto_permission_ko() { - UserSession session = newServerUserSession().setLogin("marius").setUserId(1); + UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); ComponentDto project = ComponentTesting.newProjectDto(); when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); -- 2.39.5