From 456f46662f89717382a910f192df1f44cd8b8fd4 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Sun, 19 Feb 2017 15:35:37 +0100 Subject: [PATCH] Use the methods UserSession accepting OrganizationPermission param --- .../java/org/sonar/ce/user/CeUserSession.java | 4 +- .../sonar/server/batch/ProjectDataLoader.java | 3 +- .../org/sonar/server/ce/ws/TaskAction.java | 6 +-- .../computation/queue/ReportSubmitter.java | 14 +++--- .../server/organization/ws/DeleteAction.java | 4 +- .../organization/ws/EnableSupportAction.java | 4 +- .../ws/SearchMyOrganizationsAction.java | 5 +- .../server/organization/ws/UpdateAction.java | 4 +- .../PermissionPrivilegeChecker.java | 5 +- .../server/project/ws/BulkDeleteAction.java | 4 +- .../sonar/server/project/ws/CreateAction.java | 4 +- .../sonar/server/project/ws/DeleteAction.java | 4 +- .../sonar/server/project/ws/GhostsAction.java | 4 +- .../server/project/ws/ProvisionedAction.java | 4 +- .../sonar/server/project/ws/SearchAction.java | 4 +- .../server/qualitygate/QualityGates.java | 4 +- .../server/qualitygate/ws/AppAction.java | 4 +- .../server/qualitygate/ws/CreateAction.java | 4 +- .../qualitygate/ws/CreateConditionAction.java | 4 +- .../server/qualitygate/ws/SelectAction.java | 4 +- .../qualitygate/ws/UpdateConditionAction.java | 4 +- .../QProfileProjectOperations.java | 4 +- .../qualityprofile/QProfileService.java | 5 +- .../qualityprofile/ws/QProfileWsSupport.java | 5 +- .../org/sonar/server/rule/ws/AppAction.java | 5 +- .../sonar/server/rule/ws/RuleWsSupport.java | 5 +- .../server/setting/ws/SettingsWsSupport.java | 11 +++-- .../sonar/server/ui/ws/ComponentAction.java | 16 +++---- .../server/ui/ws/OrganizationAction.java | 11 ++--- .../server/user/AbstractUserSession.java | 17 +++---- .../org/sonar/server/user/DoPrivileged.java | 3 +- .../sonar/server/user/ServerUserSession.java | 3 +- .../server/user/ThreadLocalUserSession.java | 22 ++++----- .../org/sonar/server/user/UserSession.java | 1 - .../sonar/server/user/ws/CurrentAction.java | 9 ++-- .../server/user/ws/DeactivateAction.java | 7 +-- .../server/usergroups/ws/AddUserAction.java | 4 +- .../server/usergroups/ws/CreateAction.java | 4 +- .../server/usergroups/ws/DeleteAction.java | 6 +-- .../usergroups/ws/RemoveUserAction.java | 6 +-- .../server/usergroups/ws/SearchAction.java | 4 +- .../server/usergroups/ws/UpdateAction.java | 4 +- .../server/usergroups/ws/UsersAction.java | 4 +- .../server/batch/ProjectDataLoaderTest.java | 3 +- .../sonar/server/ce/ws/TaskActionTest.java | 5 +- .../queue/ReportSubmitterTest.java | 11 +++-- .../organization/ws/DeleteActionTest.java | 4 +- .../ws/EnableSupportActionTest.java | 5 +- .../organization/ws/UpdateActionTest.java | 6 +-- .../permission/ws/AddGroupActionTest.java | 3 +- .../permission/ws/BasePermissionWsTest.java | 6 +-- ...AddProjectCreatorToTemplateActionTest.java | 3 +- .../template/AddUserToTemplateActionTest.java | 4 +- .../ws/template/ApplyTemplateActionTest.java | 4 +- .../ws/template/CreateTemplateActionTest.java | 4 +- .../ws/template/DeleteTemplateActionTest.java | 4 +- .../RemoveGroupFromTemplateActionTest.java | 4 +- .../template/SearchTemplatesActionTest.java | 6 +-- .../ws/template/TemplateUsersActionTest.java | 4 +- .../ws/template/UpdateTemplateActionTest.java | 4 +- .../project/ws/BulkDeleteActionTest.java | 6 +-- .../server/project/ws/CreateActionTest.java | 12 ++--- .../server/project/ws/DeleteActionTest.java | 6 +-- .../server/project/ws/GhostsActionTest.java | 35 +++++++------- .../project/ws/ProvisionedActionTest.java | 47 ++++++++++--------- .../server/project/ws/SearchActionTest.java | 34 +++++++------- .../server/qualitygate/ws/AppActionTest.java | 4 +- .../qualitygate/ws/CreateActionTest.java | 7 ++- .../ws/CreateConditionActionTest.java | 7 ++- .../qualitygate/ws/DeselectActionTest.java | 4 +- .../qualitygate/ws/SelectActionTest.java | 4 +- .../ws/UpdateConditionActionTest.java | 7 ++- .../QProfileServiceMediumTest.java | 4 +- .../ws/AddProjectActionTest.java | 4 +- .../ws/ChangeParentActionMediumTest.java | 4 +- .../qualityprofile/ws/CopyActionTest.java | 4 +- .../qualityprofile/ws/CreateActionTest.java | 4 +- .../qualityprofile/ws/DeleteActionTest.java | 4 +- .../qualityprofile/ws/RenameActionTest.java | 4 +- .../qualityprofile/ws/RestoreActionTest.java | 4 +- .../ws/RestoreBuiltInActionTest.java | 4 +- .../ws/SetDefaultActionTest.java | 4 +- .../server/rule/RegisterRulesMediumTest.java | 4 +- .../sonar/server/rule/ws/AppActionTest.java | 4 +- .../server/rule/ws/DeleteActionTest.java | 4 +- .../server/rule/ws/ShowActionMediumTest.java | 4 +- .../rule/ws/UpdateActionMediumTest.java | 4 +- .../setting/ws/ListDefinitionsActionTest.java | 8 ++-- .../server/setting/ws/ValuesActionTest.java | 7 +-- .../tester/AbstractMockUserSession.java | 23 ++++----- .../sonar/server/tester/UserSessionRule.java | 40 ++++++++-------- .../server/ui/ws/ComponentActionTest.java | 12 ++--- .../server/ui/ws/OrganizationActionTest.java | 15 +++--- .../server/user/ServerUserSessionTest.java | 43 +++++++++-------- .../server/user/ws/CurrentActionTest.java | 10 ++-- .../usergroups/ws/AddUserActionTest.java | 4 +- .../usergroups/ws/CreateActionTest.java | 4 +- .../usergroups/ws/DeleteActionTest.java | 4 +- .../usergroups/ws/RemoveUserActionTest.java | 3 +- .../usergroups/ws/SearchActionTest.java | 6 +-- .../usergroups/ws/UpdateActionTest.java | 4 +- .../server/usergroups/ws/UsersActionTest.java | 4 +- 102 files changed, 380 insertions(+), 373 deletions(-) diff --git a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java index 9ef58ff8d96..9a045b346dd 100644 --- a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java +++ b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java @@ -87,12 +87,12 @@ public class CeUserSession implements UserSession { } @Override - public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { + public UserSession checkOrganizationPermission(String organizationUuid, String permission) { throw notImplemented(); } @Override - public UserSession checkOrganizationPermission(String organizationUuid, String permission) { + public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { throw notImplemented(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java index fab76d2bb55..5b2b8ce604c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java +++ b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java @@ -38,6 +38,7 @@ import org.sonar.scanner.protocol.input.FileData; import org.sonar.scanner.protocol.input.ProjectRepositories; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static com.google.common.collect.Lists.newArrayList; @@ -68,7 +69,7 @@ public class ProjectDataLoader { } boolean hasScanPerm = userSession.hasComponentPermission(SCAN_EXECUTION, module) || - userSession.hasOrganizationPermission(module.getOrganizationUuid(), SCAN_EXECUTION); + userSession.hasPermission(OrganizationPermission.SCAN, module.getOrganizationUuid()); boolean hasBrowsePerm = userSession.hasComponentPermission(USER, module); checkPermission(query.isIssuesMode(), hasScanPerm, hasBrowsePerm); diff --git a/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java b/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java index b59b991a7fa..aa52c814cf5 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java @@ -38,12 +38,12 @@ import org.sonar.db.DbSession; import org.sonar.db.ce.CeActivityDto; import org.sonar.db.ce.CeQueueDto; import org.sonar.db.component.ComponentDto; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonar.server.ws.WsUtils; import org.sonarqube.ws.WsCe; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -118,8 +118,8 @@ public class TaskAction implements CeWsAction { private void checkPermission(Optional component) { if (component.isPresent()) { String orgUuid = component.get().getOrganizationUuid(); - if (!userSession.hasOrganizationPermission(orgUuid, SYSTEM_ADMIN) && - !userSession.hasOrganizationPermission(orgUuid, SCAN_EXECUTION) && + if (!userSession.hasPermission(OrganizationPermission.ADMINISTER, orgUuid) && + !userSession.hasPermission(OrganizationPermission.SCAN, orgUuid) && !userSession.hasComponentPermission(SCAN_EXECUTION, component.get())) { throw insufficientPrivilegesException(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java index d0a4679963b..7febecaf5d4 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java @@ -37,12 +37,12 @@ import org.sonar.db.organization.OrganizationDto; import org.sonar.server.component.ComponentUpdater; import org.sonar.server.component.NewComponent; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.permission.PermissionTemplateService; import org.sonar.server.user.UserSession; import static com.google.common.base.Preconditions.checkArgument; import static java.lang.String.format; -import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.server.component.NewComponent.newComponentBuilder; import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; @@ -75,7 +75,7 @@ public class ReportSubmitter { OrganizationDto organizationDto = getOrganizationDtoOrFail(dbSession, organizationKey); Optional opt = dbClient.componentDao().selectByKey(dbSession, effectiveProjectKey); ensureOrganizationIsConsistent(opt, organizationDto); - ComponentDto project = opt.or(() -> createProject(dbSession, organizationDto.getUuid(), projectKey, projectBranch, projectName)); + ComponentDto project = opt.or(() -> createProject(dbSession, organizationDto, projectKey, projectBranch, projectName)); checkScanPermission(project); return submitReport(dbSession, reportInput, project); } @@ -88,7 +88,7 @@ public class ReportSubmitter { // That means that dropping the permission on the project does not have any effects // if user has still the permission on the organization if (!userSession.hasComponentPermission(SCAN_EXECUTION, project) && - !userSession.hasOrganizationPermission(project.getOrganizationUuid(), SCAN_EXECUTION)) { + !userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid())) { throw insufficientPrivilegesException(); } } @@ -106,18 +106,18 @@ public class ReportSubmitter { } } - private ComponentDto createProject(DbSession dbSession, String organizationUuid, String projectKey, @Nullable String projectBranch, @Nullable String projectName) { - userSession.checkOrganizationPermission(organizationUuid, PROVISIONING); + private ComponentDto createProject(DbSession dbSession, OrganizationDto organization, String projectKey, @Nullable String projectBranch, @Nullable String projectName) { + userSession.checkPermission(OrganizationPermission.PROVISION_PROJECTS, organization); Integer userId = userSession.getUserId(); boolean wouldCurrentUserHaveScanPermission = permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate( - dbSession, organizationUuid, userId, projectBranch, projectKey, Qualifiers.PROJECT); + dbSession, organization.getUuid(), userId, projectBranch, projectKey, Qualifiers.PROJECT); if (!wouldCurrentUserHaveScanPermission) { throw insufficientPrivilegesException(); } NewComponent newProject = newComponentBuilder() - .setOrganizationUuid(organizationUuid) + .setOrganizationUuid(organization.getUuid()) .setKey(projectKey) .setName(StringUtils.defaultIfBlank(projectName, projectKey)) .setBranch(projectBranch) diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/DeleteAction.java index 5fea4d45964..65a4f3a7098 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/DeleteAction.java @@ -34,8 +34,8 @@ import org.sonar.server.organization.OrganizationFlags; import org.sonar.server.user.UserSession; import static com.google.common.base.Preconditions.checkArgument; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_KEY; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; public class DeleteAction implements OrganizationsAction { @@ -90,7 +90,7 @@ public class DeleteAction implements OrganizationsAction { if (organizationDto.isGuarded()) { userSession.checkIsSystemAdministrator(); } else { - userSession.checkOrganizationPermission(organizationDto.getUuid(), SYSTEM_ADMIN); + userSession.checkPermission(ADMINISTER, organizationDto); } deleteProjects(dbSession, organizationDto.getUuid()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/EnableSupportAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/EnableSupportAction.java index 60427f8cb93..ec596176b79 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/EnableSupportAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/EnableSupportAction.java @@ -26,10 +26,10 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.organization.OrganizationFlags; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static java.util.Objects.requireNonNull; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; public class EnableSupportAction implements OrganizationsAction { private static final String ACTION = "enable_support"; @@ -73,7 +73,7 @@ public class EnableSupportAction implements OrganizationsAction { } private void verifySystemAdministrator() { - userSession.checkLoggedIn().checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(OrganizationPermission.ADMINISTER, defaultOrganizationProvider.get().getUuid()); } private boolean isSupportDisabled(DbSession dbSession) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchMyOrganizationsAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchMyOrganizationsAction.java index 52bbc0440a7..128a4f9010b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchMyOrganizationsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchMyOrganizationsAction.java @@ -25,10 +25,9 @@ import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.text.JsonWriter; import org.sonar.db.DbClient; import org.sonar.db.DbSession; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; - public class SearchMyOrganizationsAction implements OrganizationsAction { private static final String ACTION = "search_my_organizations"; @@ -62,7 +61,7 @@ public class SearchMyOrganizationsAction implements OrganizationsAction { JsonWriter jsonWriter = response.newJsonWriter()) { jsonWriter.beginObject(); jsonWriter.name("organizations").beginArray(); - dbClient.organizationDao().selectByPermission(dbSession, userSession.getUserId(), SYSTEM_ADMIN) + dbClient.organizationDao().selectByPermission(dbSession, userSession.getUserId(), OrganizationPermission.ADMINISTER.getKey()) .forEach(dto -> jsonWriter.value(dto.getKey())); jsonWriter.endArray(); jsonWriter.endObject(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/UpdateAction.java index ac51fe383fc..4ec8e70b7e2 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/UpdateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/UpdateAction.java @@ -34,12 +34,12 @@ import org.sonar.server.user.UserSession; import org.sonarqube.ws.Organizations; import static java.lang.String.format; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_AVATAR_URL; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_DESCRIPTION; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_KEY; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_NAME; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_URL; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.ws.WsUtils.writeProtobuf; public class UpdateAction implements OrganizationsAction { @@ -93,7 +93,7 @@ public class UpdateAction implements OrganizationsAction { OrganizationDto dto = getDto(dbSession, key); - userSession.checkOrganizationPermission(dto.getUuid(), SYSTEM_ADMIN); + userSession.checkPermission(ADMINISTER, dto); dto.setName(updateRequest.getName().or(dto::getName)) .setDescription(updateRequest.getDescription().or(dto::getDescription)) diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java index bce14f0dd9b..6c152c60f07 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java @@ -23,7 +23,6 @@ import java.util.Optional; import org.sonar.api.web.UserRole; import org.sonar.server.user.UserSession; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; public class PermissionPrivilegeChecker { @@ -34,7 +33,7 @@ public class PermissionPrivilegeChecker { public static void checkGlobalAdmin(UserSession userSession, String organizationUuid) { userSession .checkLoggedIn() - .checkOrganizationPermission(organizationUuid, SYSTEM_ADMIN); + .checkPermission(OrganizationPermission.ADMINISTER, organizationUuid); } /** @@ -45,7 +44,7 @@ public class PermissionPrivilegeChecker { public static void checkProjectAdmin(UserSession userSession, String organizationUuid, Optional projectId) { userSession.checkLoggedIn(); - if (userSession.hasOrganizationPermission(organizationUuid, SYSTEM_ADMIN)) { + if (userSession.hasPermission(OrganizationPermission.ADMINISTER, organizationUuid)) { return; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java index e8d367668f4..65f33bac311 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java @@ -25,7 +25,6 @@ import javax.annotation.Nullable; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -33,6 +32,7 @@ import org.sonar.db.organization.OrganizationDto; import org.sonar.server.component.ComponentCleanerService; import org.sonar.server.user.UserSession; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; public class BulkDeleteAction implements ProjectsWsAction { @@ -104,7 +104,7 @@ public class BulkDeleteAction implements ProjectsWsAction { return Optional.empty(); } OrganizationDto org = support.getOrganization(dbSession, orgKey); - userSession.checkOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(ADMINISTER, org); return Optional.of(org); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/CreateAction.java index 18337852195..641c3e544b5 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/CreateAction.java @@ -35,8 +35,8 @@ import org.sonarqube.ws.client.project.CreateRequest; import static java.util.Optional.ofNullable; import static org.sonar.api.resources.Qualifiers.PROJECT; -import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; import static org.sonar.server.component.NewComponent.newComponentBuilder; +import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS; import static org.sonar.server.project.ws.ProjectsWsSupport.PARAM_ORGANIZATION; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -109,7 +109,7 @@ public class CreateAction implements ProjectsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = support.getOrganization(dbSession, ofNullable(request.getOrganization()) .orElseGet(defaultOrganizationProvider.get()::getKey)); - userSession.checkOrganizationPermission(organization.getUuid(), PROVISIONING); + userSession.checkPermission(PROVISION_PROJECTS, organization); ComponentDto componentDto = componentUpdater.create(dbSession, newComponentBuilder() .setOrganizationUuid(organization.getUuid()) diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java index 9af482443a2..4174ccb637d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java @@ -23,12 +23,12 @@ import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; import org.sonar.server.component.ComponentCleanerService; import org.sonar.server.component.ComponentFinder; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static org.sonar.server.component.ComponentFinder.ParamNames.PROJECT_ID_AND_PROJECT; @@ -92,7 +92,7 @@ public class DeleteAction implements ProjectsWsAction { private void checkPermission(ComponentDto project) { if (!userSession.hasComponentPermission(UserRole.ADMIN, project)) { - userSession.checkOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER, project.getOrganizationUuid()); } } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java index 3378d587852..372972e0778 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java @@ -29,7 +29,6 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.utils.text.JsonWriter; -import org.sonar.api.web.UserRole; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -40,6 +39,7 @@ import org.sonar.server.user.UserSession; import static com.google.common.collect.Sets.newHashSet; import static org.sonar.server.es.SearchOptions.MAX_LIMIT; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; public class GhostsAction implements ProjectsWsAction { @@ -89,7 +89,7 @@ public class GhostsAction implements ProjectsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = getOrganization(dbSession, request); - userSession.checkOrganizationPermission(organization.getUuid(), UserRole.ADMIN); + userSession.checkPermission(ADMINISTER, organization); long nbOfProjects = dbClient.componentDao().countGhostProjects(dbSession, organization.getUuid(), query); List projects = dbClient.componentDao().selectGhostProjects(dbSession, organization.getUuid(), query, diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java index 0c307091781..dd37366e6c8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java @@ -30,7 +30,6 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.utils.text.JsonWriter; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -41,6 +40,7 @@ import org.sonar.server.user.UserSession; import static com.google.common.collect.Sets.newHashSet; import static org.sonar.server.es.SearchOptions.MAX_LIMIT; +import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS; import static org.sonar.server.project.ws.ProjectsWsSupport.PARAM_ORGANIZATION; public class ProvisionedAction implements ProjectsWsAction { @@ -90,7 +90,7 @@ public class ProvisionedAction implements ProjectsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = support.getOrganization(dbSession, request.getParam(PARAM_ORGANIZATION).or(defaultOrganizationProvider.get()::getKey)); - userSession.checkOrganizationPermission(organization.getUuid(), GlobalPermissions.PROVISIONING); + userSession.checkPermission(PROVISION_PROJECTS, organization); RowBounds rowBounds = new RowBounds(options.getOffset(), options.getLimit()); List projects = dbClient.componentDao().selectProvisioned(dbSession, organization.getUuid(), query, QUALIFIERS_FILTER, rowBounds); diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchAction.java index 3ca4f103486..72b4889dd48 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchAction.java @@ -31,6 +31,7 @@ import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentQuery; import org.sonar.db.organization.OrganizationDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsProjects.SearchWsResponse; import org.sonarqube.ws.client.project.SearchWsRequest; @@ -39,7 +40,6 @@ import static com.google.common.base.Preconditions.checkArgument; import static java.util.Optional.ofNullable; import static org.sonar.api.resources.Qualifiers.PROJECT; import static org.sonar.api.resources.Qualifiers.VIEW; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.WsProjects.SearchWsResponse.Component; import static org.sonarqube.ws.WsProjects.SearchWsResponse.newBuilder; @@ -98,7 +98,7 @@ public class SearchAction implements ProjectsWsAction { private SearchWsResponse doHandle(SearchWsRequest request) { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = support.getOrganization(dbSession, ofNullable(request.getOrganization()).orElseGet(defaultOrganizationProvider.get()::getKey)); - userSession.checkOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER, organization); ComponentQuery query = buildQuery(request); Paging paging = buildPaging(dbSession, request, organization, query); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java index f260216f69c..ebec7083a15 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java @@ -41,10 +41,10 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.Errors; import org.sonar.server.exceptions.Message; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonar.server.util.Validation; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; /** @@ -248,7 +248,7 @@ public class QualityGates { } private void checkProjectAdmin(ComponentDto project) { - if (!userSession.hasOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN) + if (!userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, project.getOrganizationUuid()) && !userSession.hasComponentPermission(UserRole.ADMIN, project)) { throw insufficientPrivilegesException(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java index 4a066f11b2f..dbcc50aee0a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java @@ -28,12 +28,12 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.metric.MetricDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsQualityGates.AppWsResponse.Metric; import static org.sonar.api.measures.CoreMetrics.ALERT_STATUS_KEY; import static org.sonar.api.measures.Metric.ValueType.RATING; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.server.qualitygate.ValidRatingMetrics.isCoreRatingMetric; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.WsQualityGates.AppWsResponse; @@ -63,7 +63,7 @@ public class AppAction implements QualityGatesWsAction { @Override public void handle(Request request, Response response) { writeProtobuf(AppWsResponse.newBuilder() - .setEdit(userSession.hasOrganizationPermission(defaultOrganizationProvider.get().getUuid(), QUALITY_GATE_ADMIN)) + .setEdit(userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, defaultOrganizationProvider.get().getUuid())) .addAllMetrics(loadMetrics() .stream() .map(AppAction::toMetric) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateAction.java index 05d28321462..5ebe970af8b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateAction.java @@ -22,11 +22,11 @@ package org.sonar.server.qualitygate.ws; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualitygate.QualityGateDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.qualitygate.QualityGateUpdater; import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsQualityGates.CreateWsResponse; @@ -66,7 +66,7 @@ public class CreateAction implements QualityGatesWsAction { @Override public void handle(Request request, Response response) { - userSession.checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_GATE_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, defaultOrganizationProvider.get().getUuid()); try (DbSession dbSession = dbClient.openSession(false)) { QualityGateDto newQualityGate = qualityGateUpdater.create(dbSession, request.mandatoryParam(PARAM_NAME)); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java index c5fdba691f4..b1a00da2365 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java @@ -26,12 +26,12 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualitygate.QualityGateConditionDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.qualitygate.QualityGateConditionsUpdater; import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsQualityGates.CreateConditionWsResponse; import org.sonarqube.ws.client.qualitygate.CreateConditionRequest; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.core.util.Protobuf.setNullable; import static org.sonar.server.qualitygate.ws.QualityGatesWs.addConditionParams; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -77,7 +77,7 @@ public class CreateConditionAction implements QualityGatesWsAction { @Override public void handle(Request request, Response response) { - userSession.checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), QUALITY_GATE_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, defaultOrganizationProvider.get().getUuid()); try (DbSession dbSession = dbClient.openSession(false)) { writeProtobuf(doHandle(toWsRequest(request), dbSession), request, response); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java index f08093f5c51..5f4f6c777dc 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java @@ -25,7 +25,6 @@ import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.util.Uuids; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -33,6 +32,7 @@ import org.sonar.db.component.ComponentDto; import org.sonar.db.property.PropertyDto; import org.sonar.server.component.ComponentFinder; import org.sonar.server.component.ComponentFinder.ParamNames; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.qualitygate.SelectWsRequest; @@ -115,7 +115,7 @@ public class SelectAction implements QualityGatesWsAction { ComponentDto project = selectProjectById(dbSession, projectId) .or(() -> componentFinder.getByUuidOrKey(dbSession, projectId, projectKey, ParamNames.PROJECT_ID_AND_KEY)); - if (!userSession.hasOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.QUALITY_GATE_ADMIN) && + if (!userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, project.getOrganizationUuid()) && !userSession.hasComponentPermission(UserRole.ADMIN, project)) { throw insufficientPrivilegesException(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java index eefeb8f334c..7768ef5eea5 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java @@ -31,8 +31,8 @@ import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsQualityGates.UpdateConditionWsResponse; import org.sonarqube.ws.client.qualitygate.UpdateConditionRequest; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.core.util.Protobuf.setNullable; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonar.server.qualitygate.ws.QualityGatesWs.addConditionParams; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.ACTION_UPDATE_CONDITION; @@ -77,7 +77,7 @@ public class UpdateConditionAction implements QualityGatesWsAction { @Override public void handle(Request request, Response response) { - userSession.checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), QUALITY_GATE_ADMIN); + userSession.checkPermission(ADMINISTER_QUALITY_GATES, defaultOrganizationProvider.get().getUuid()); try (DbSession dbSession = dbClient.openSession(false)) { writeProtobuf(doHandle(toWsRequest(request), dbSession), request, response); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java index 83597a76e62..c372563b0e2 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java @@ -21,12 +21,12 @@ package org.sonar.server.qualityprofile; import org.sonar.api.server.ServerSide; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; import org.sonar.db.qualityprofile.QualityProfileDto; import org.sonar.server.exceptions.ForbiddenException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonar.server.ws.WsUtils; @@ -78,7 +78,7 @@ public class QProfileProjectOperations { } private void checkAdminOnProject(ComponentDto project) { - if (!userSession.hasOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN) && + if (!userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_PROFILES, project.getOrganizationUuid()) && !userSession.hasComponentPermission(UserRole.ADMIN, project)) { throw new ForbiddenException("Insufficient privileges"); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java index 998ae3f9549..bd46ecbfc28 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java @@ -23,7 +23,6 @@ import java.io.Writer; import java.util.List; import javax.annotation.Nullable; import org.sonar.api.server.ServerSide; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualityprofile.ActiveRuleKey; @@ -32,6 +31,8 @@ import org.sonar.server.qualityprofile.index.ActiveRuleIndexer; import org.sonar.server.rule.index.RuleQuery; import org.sonar.server.user.UserSession; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; + @ServerSide public class QProfileService { @@ -96,6 +97,6 @@ public class QProfileService { private void verifyAdminPermission() { userSession .checkLoggedIn() - .checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .checkPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileWsSupport.java index 371ec76a1c2..e4d940f8e55 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileWsSupport.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileWsSupport.java @@ -20,10 +20,11 @@ package org.sonar.server.qualityprofile.ws; import org.sonar.api.server.ServerSide; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.user.UserSession; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; + @ServerSide public class QProfileWsSupport { @@ -38,6 +39,6 @@ public class QProfileWsSupport { public void checkQProfileAdminPermission() { userSession .checkLoggedIn() - .checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .checkPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java index 0f2bbb0a79b..5f5be8c1759 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java @@ -32,10 +32,9 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualityprofile.QualityProfileDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; - public class AppAction implements RulesWsAction { private final Languages languages; @@ -78,7 +77,7 @@ public class AppAction implements RulesWsAction { } private void addPermissions(JsonWriter json) { - boolean canWrite = userSession.hasOrganizationPermission(defaultOrganizationProvider.get().getUuid(), QUALITY_PROFILE_ADMIN); + boolean canWrite = userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); json.prop("canWrite", canWrite); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java index 4de9d4fb915..7c84bc528bc 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java @@ -20,10 +20,11 @@ package org.sonar.server.rule.ws; import org.sonar.api.server.ServerSide; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.user.UserSession; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; + @ServerSide public class RuleWsSupport { private final UserSession userSession; @@ -37,6 +38,6 @@ public class RuleWsSupport { public void checkQProfileAdminPermission() { userSession .checkLoggedIn() - .checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .checkPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java index cbd71108547..4ae159af80e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java +++ b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java @@ -26,6 +26,7 @@ import org.sonar.api.config.PropertyDefinition; import org.sonar.api.server.ServerSide; import org.sonar.db.component.ComponentDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static org.sonar.api.PropertyType.LICENSE; @@ -57,11 +58,11 @@ public class SettingsWsSupport { } boolean isVisible(String key, @Nullable PropertyDefinition definition, Optional component) { - return hasPermission(SCAN_EXECUTION, component) || (verifySecuredSetting(key, definition, component) && (verifyLicenseSetting(key, definition))); + return hasPermission(OrganizationPermission.SCAN, SCAN_EXECUTION, component) || (verifySecuredSetting(key, definition, component) && (verifyLicenseSetting(key, definition))); } private boolean verifySecuredSetting(String key, @Nullable PropertyDefinition definition, Optional component) { - return isLicense(key, definition) || (!key.endsWith(DOT_SECURED) || hasPermission(ADMIN, component)); + return isLicense(key, definition) || (!key.endsWith(DOT_SECURED) || hasPermission(OrganizationPermission.ADMINISTER, ADMIN, component)); } private boolean verifyLicenseSetting(String key, @Nullable PropertyDefinition definition) { @@ -72,12 +73,12 @@ public class SettingsWsSupport { return key.endsWith(LICENSE_SUFFIX) || key.endsWith(LICENSE_HASH_SUFFIX) || (definition != null && definition.type() == LICENSE); } - private boolean hasPermission(String projectOrOrgPermission, Optional component) { - if (userSession.hasOrganizationPermission(defaultOrganizationProvider.get().getUuid(), projectOrOrgPermission)) { + private boolean hasPermission(OrganizationPermission orgPermission, String projectPermission, Optional component) { + if (userSession.hasPermission(orgPermission, defaultOrganizationProvider.get().getUuid())) { return true; } return component - .map(c -> userSession.hasComponentPermission(projectOrOrgPermission, c)) + .map(c -> userSession.hasComponentPermission(projectPermission, c)) .orElse(false); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java index dd8839b82d5..f69cb16ec7c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java @@ -50,6 +50,7 @@ import org.sonar.db.property.PropertyDto; import org.sonar.db.property.PropertyQuery; import org.sonar.db.qualitygate.QualityGateDto; import org.sonar.server.component.ComponentFinder; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.qualitygate.QualityGateFinder; import org.sonar.server.qualityprofile.QPMeasureData; import org.sonar.server.qualityprofile.QualityProfile; @@ -59,9 +60,8 @@ import org.sonar.server.user.UserSession; import static org.sonar.api.measures.CoreMetrics.QUALITY_PROFILES_KEY; import static org.sonar.api.web.UserRole.ADMIN; import static org.sonar.api.web.UserRole.USER; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; @@ -142,8 +142,8 @@ public class ComponentAction implements NavigationWsAction { writeProfiles(json, session, component); writeQualityGate(json, session, component); if (userSession.hasComponentPermission(ADMIN, component) || - userSession.hasOrganizationPermission(org.getUuid(), QUALITY_PROFILE_ADMIN) || - userSession.hasOrganizationPermission(org.getUuid(), QUALITY_GATE_ADMIN)) { + userSession.hasPermission(ADMINISTER_QUALITY_PROFILES, org) || + userSession.hasPermission(ADMINISTER_QUALITY_GATES, org)) { writeConfiguration(json, component); } writeBreadCrumbs(json, session, component); @@ -229,9 +229,9 @@ public class ComponentAction implements NavigationWsAction { private void writeConfigPageAccess(JsonWriter json, boolean isProjectAdmin, ComponentDto component) { boolean isProject = Qualifiers.PROJECT.equals(component.qualifier()); boolean showManualMeasures = isProjectAdmin && !Qualifiers.DIRECTORY.equals(component.qualifier()); - boolean isQualityProfileAdmin = userSession.hasOrganizationPermission(component.getOrganizationUuid(), QUALITY_PROFILE_ADMIN); - boolean isQualityGateAdmin = userSession.hasOrganizationPermission(component.getOrganizationUuid(), QUALITY_GATE_ADMIN); - boolean isOrganizationAdmin = userSession.hasOrganizationPermission(component.getOrganizationUuid(), SYSTEM_ADMIN); + boolean isQualityProfileAdmin = userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_PROFILES, component.getOrganizationUuid()); + boolean isQualityGateAdmin = userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, component.getOrganizationUuid()); + boolean isOrganizationAdmin = userSession.hasPermission(OrganizationPermission.ADMINISTER, component.getOrganizationUuid()); json.prop("showSettings", isProjectAdmin && componentTypeHasProperty(component, PROPERTY_CONFIGURABLE)); json.prop("showQualityProfiles", isProject && (isProjectAdmin || isQualityProfileAdmin)); diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java index 2b66b7b9eb3..83e3a1d113d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java @@ -23,14 +23,13 @@ import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.text.JsonWriter; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.organization.OrganizationDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; public class OrganizationAction implements NavigationWsAction { @@ -80,13 +79,13 @@ public class OrganizationAction implements NavigationWsAction { } private void writeOrganization(JsonWriter json, OrganizationDto organization) { - String organizationUuid = organization.getUuid(); json.name("organization") .beginObject() - .prop("canAdmin", userSession.hasOrganizationPermission(organizationUuid, SYSTEM_ADMIN)) - .prop("canProvisionProjects", userSession.hasOrganizationPermission(organizationUuid, GlobalPermissions.PROVISIONING)) - .prop("canDelete", organization.isGuarded() ? userSession.isSystemAdministrator() : userSession.hasOrganizationPermission(organizationUuid, SYSTEM_ADMIN)) + .prop("canAdmin", userSession.hasPermission(OrganizationPermission.ADMINISTER, organization)) + .prop("canProvisionProjects", userSession.hasPermission(OrganizationPermission.PROVISION_PROJECTS, organization)) + .prop("canDelete", organization.isGuarded() ? userSession.isSystemAdministrator() : userSession.hasPermission(OrganizationPermission.ADMINISTER, organization)) .prop("isDefault", organization.getKey().equals(defaultOrganizationProvider.get().getKey())) .endObject(); + } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java index afd2ee8b80c..51ab7daccfb 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java @@ -39,11 +39,6 @@ public abstract class AbstractUserSession implements UserSession { return this; } - @Override - public final boolean hasOrganizationPermission(String organizationUuid, String permission) { - return hasPermission(OrganizationPermission.fromKey(permission), organizationUuid); - } - @Override public final boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { return hasPermission(permission, organization.getUuid()); @@ -67,12 +62,18 @@ public abstract class AbstractUserSession implements UserSession { return this; } + protected abstract boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid); + @Override - public final UserSession checkOrganizationPermission(String organizationUuid, String permission) { - return checkPermission(OrganizationPermission.fromKey(permission), organizationUuid); + public final boolean hasOrganizationPermission(String organizationUuid, String permission) { + return hasPermission(OrganizationPermission.fromKey(permission), organizationUuid); } - protected abstract boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid); + @Override + public final UserSession checkOrganizationPermission(String organizationUuid, String permission) { + checkPermission(OrganizationPermission.fromKey(permission), organizationUuid); + return this; + } @Override public final boolean hasComponentPermission(String permission, ComponentDto component) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java index ab3f94a7636..ca665e9ac39 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java @@ -22,12 +22,11 @@ package org.sonar.server.user; import java.util.Collection; import java.util.Collections; import java.util.Optional; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.user.GroupDto; import org.sonar.server.permission.OrganizationPermission; /** - * Allow code to be executed with the highest privileges possible, as if executed by a {@link GlobalPermissions#SYSTEM_ADMIN} account. + * Allow code to be executed with the highest privileges possible, as if executed by a {@link OrganizationPermission#ADMINISTER} account. * @since 4.3 */ public final class DoPrivileged { diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java index 262e5c72996..5baea280a71 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java @@ -29,7 +29,6 @@ import java.util.Optional; import java.util.Set; import javax.annotation.CheckForNull; import javax.annotation.Nullable; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.util.stream.Collectors; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -177,7 +176,7 @@ public class ServerUserSession extends AbstractUserSession { try (DbSession dbSession = dbClient.openSession(false)) { if (!organizationFlags.isEnabled(dbSession)) { String uuidOfDefaultOrg = defaultOrganizationProvider.get().getUuid(); - return hasOrganizationPermission(uuidOfDefaultOrg, GlobalPermissions.SYSTEM_ADMIN); + return hasPermission(OrganizationPermission.ADMINISTER, uuidOfDefaultOrg); } // organization feature is enabled -> requires to be root return false; diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java index 6fce68f3f6f..63ab326985b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java @@ -104,6 +104,17 @@ public class ThreadLocalUserSession implements UserSession { return this; } + @Override + public boolean hasOrganizationPermission(String organizationUuid, String permission) { + return get().hasOrganizationPermission(organizationUuid, permission); + } + + @Override + public UserSession checkOrganizationPermission(String organizationUuid, String permission) { + get().checkOrganizationPermission(organizationUuid, permission); + return this; + } + @Override public UserSession checkComponentPermission(String projectPermission, ComponentDto component) { get().checkComponentPermission(projectPermission, component); @@ -137,23 +148,12 @@ public class ThreadLocalUserSession implements UserSession { return get().hasComponentUuidPermission(permission, componentUuid); } - @Override - public UserSession checkOrganizationPermission(String organizationUuid, String permission) { - get().checkOrganizationPermission(organizationUuid, permission); - return this; - } - @Override public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { get().checkPermission(permission, organization); return this; } - @Override - public boolean hasOrganizationPermission(String organizationUuid, String permission) { - return get().hasOrganizationPermission(organizationUuid, permission); - } - @Override public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { return get().hasPermission(permission, organization); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java index 163185312dc..bf8c0053d79 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java @@ -113,7 +113,6 @@ public interface UserSession { * component does not exist. * * If the permission is not granted, then the organization permission is _not_ checked. - * There's _no_ automatic fallback on {@link #hasOrganizationPermission(String, String)}. * * @param component non-null component. * @param permission project permission as defined by {@link org.sonar.core.permission.ProjectPermissions} diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java index 8e17b2ebd5d..70a1a425a4c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java @@ -19,17 +19,18 @@ */ package org.sonar.server.user.ws; +import java.util.Arrays; import java.util.Collection; import java.util.Optional; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService.NewController; import org.sonar.api.utils.text.JsonWriter; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static com.google.common.base.Strings.isNullOrEmpty; @@ -140,9 +141,9 @@ public class CurrentAction implements UsersWsAction { json.name("global").beginArray(); String defaultOrganizationUuid = defaultOrganizationProvider.get().getUuid(); - GlobalPermissions.ALL.stream() - .filter(permission -> userSession.hasOrganizationPermission(defaultOrganizationUuid, permission)) - .forEach(json::value); + Arrays.stream(OrganizationPermission.values()) + .filter(permission -> userSession.hasPermission(permission, defaultOrganizationUuid)) + .forEach(permission -> json.value(permission.getKey())); json.endArray(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java index 1dfbb350a72..00e4d9639b5 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java @@ -35,12 +35,12 @@ import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonar.server.user.index.UserIndexer; import static java.lang.String.format; import static java.util.Collections.singletonList; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.ws.WsUtils.checkFound; import static org.sonar.server.ws.WsUtils.checkRequest; @@ -135,10 +135,11 @@ public class DeactivateAction implements UsersWsAction { private List selectOrganizationsWithNoMoreAdministrators(DbSession dbSession, UserDto user) { Set organizationUuids = dbClient.authorizationDao().selectOrganizationUuidsOfUserWithGlobalPermission( - dbSession, user.getId(), SYSTEM_ADMIN); + dbSession, user.getId(), OrganizationPermission.ADMINISTER.getKey()); List problematicOrganizations = new ArrayList<>(); for (String organizationUuid : organizationUuids) { - int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, organizationUuid, SYSTEM_ADMIN, user.getId()); + int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, + organizationUuid, OrganizationPermission.ADMINISTER.getKey(), user.getId()); if (remaining == 0) { problematicOrganizations.add(organizationUuid); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java index ab5f8a6203e..bf354cda4e3 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java @@ -23,7 +23,6 @@ import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService.NewAction; import org.sonar.api.server.ws.WebService.NewController; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; @@ -31,6 +30,7 @@ import org.sonar.db.user.UserGroupDto; import org.sonar.server.user.UserSession; import static java.lang.String.format; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_LOGIN; @@ -69,7 +69,7 @@ public class AddUserAction implements UserGroupsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { GroupId groupId = support.findGroup(dbSession, request); - userSession.checkLoggedIn().checkOrganizationPermission(groupId.getOrganizationUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(ADMINISTER, groupId.getOrganizationUuid()); String login = request.mandatoryParam(PARAM_LOGIN); UserDto user = dbClient.userDao().selectActiveUserByLogin(dbSession, login); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java index e67b71596b2..63b21e2323f 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java @@ -24,7 +24,6 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService.NewAction; import org.sonar.api.server.ws.WebService.NewController; import org.sonar.api.user.UserGroupValidation; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.organization.OrganizationDto; @@ -33,6 +32,7 @@ import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsUserGroups; import static org.sonar.api.user.UserGroupValidation.GROUP_NAME_MAX_LENGTH; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.DESCRIPTION_MAX_LENGTH; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_DESCRIPTION; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; @@ -84,7 +84,7 @@ public class CreateAction implements UserGroupsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = support.findOrganizationByKey(dbSession, request.param(PARAM_ORGANIZATION_KEY)); - userSession.checkOrganizationPermission(organization.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(ADMINISTER, organization); GroupDto group = new GroupDto() .setOrganizationUuid(organization.getUuid()) .setName(request.mandatoryParam(PARAM_GROUP_NAME)) diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java index 1a5ab10e85b..8df8b811ab1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java @@ -30,11 +30,11 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.GroupDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static com.google.common.base.Preconditions.checkArgument; import static java.lang.String.format; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.defineGroupWsParameters; @@ -74,7 +74,7 @@ public class DeleteAction implements UserGroupsWsAction { public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { GroupId groupId = support.findGroup(dbSession, request); - userSession.checkOrganizationPermission(groupId.getOrganizationUuid(), SYSTEM_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER, groupId.getOrganizationUuid()); checkNotTryingToDeleteDefaultGroup(dbSession, groupId); checkNotTryingToDeleteLastAdminGroup(dbSession, groupId); @@ -105,7 +105,7 @@ public class DeleteAction implements UserGroupsWsAction { private void checkNotTryingToDeleteLastAdminGroup(DbSession dbSession, GroupId group) { int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroup(dbSession, - group.getOrganizationUuid(), SYSTEM_ADMIN, group.getId()); + group.getOrganizationUuid(), OrganizationPermission.ADMINISTER.getKey(), group.getId()); checkArgument(remaining > 0, "The last system admin group cannot be deleted"); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java index dc0e2b5da57..2a2f6286a44 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java @@ -27,10 +27,10 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static java.lang.String.format; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_LOGIN; @@ -71,7 +71,7 @@ public class RemoveUserAction implements UserGroupsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { GroupId group = support.findGroup(dbSession, request); - userSession.checkOrganizationPermission(group.getOrganizationUuid(), SYSTEM_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER, group.getOrganizationUuid()); String login = request.mandatoryParam(PARAM_LOGIN); UserDto user = getUser(dbSession, login); @@ -90,7 +90,7 @@ public class RemoveUserAction implements UserGroupsWsAction { */ private void ensureLastAdminIsNotRemoved(DbSession dbSession, GroupId group, UserDto user) { int remainingAdmins = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroupMember(dbSession, - group.getOrganizationUuid(), SYSTEM_ADMIN, group.getId(), user.getId()); + group.getOrganizationUuid(), OrganizationPermission.ADMINISTER.getKey(), group.getId(), user.getId()); if (remainingAdmins == 0) { throw new BadRequestException("The last administrator user cannot be removed"); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java index 061951dff3c..a027f606c7d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java @@ -39,8 +39,8 @@ import org.sonar.server.es.SearchOptions; import org.sonar.server.user.UserSession; import static org.apache.commons.lang.StringUtils.defaultIfBlank; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.es.SearchOptions.MAX_LIMIT; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_ORGANIZATION_KEY; public class SearchAction implements UserGroupsWsAction { @@ -92,7 +92,7 @@ public class SearchAction implements UserGroupsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = groupWsSupport.findOrganizationByKey(dbSession, request.param(PARAM_ORGANIZATION_KEY)); - userSession.checkLoggedIn().checkOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(ADMINISTER, organization); int limit = dbClient.groupDao().countByQuery(dbSession, organization.getUuid(), query); List groups = dbClient.groupDao().selectByQuery(dbSession, organization.getUuid(), query, options.getOffset(), pageSize); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java index 4b0ba22e96c..90105ddf23b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java @@ -26,7 +26,6 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService.NewAction; import org.sonar.api.server.ws.WebService.NewController; import org.sonar.api.user.UserGroupValidation; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.organization.OrganizationDto; @@ -40,6 +39,7 @@ import org.sonarqube.ws.WsUserGroups; import static org.sonar.api.CoreProperties.CORE_DEFAULT_GROUP; import static org.sonar.api.user.UserGroupValidation.GROUP_NAME_MAX_LENGTH; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.DESCRIPTION_MAX_LENGTH; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_DESCRIPTION; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; @@ -100,7 +100,7 @@ public class UpdateAction implements UserGroupsWsAction { checkFound(group, "Could not find a user group with id '%s'.", groupId); Optional org = dbClient.organizationDao().selectByUuid(dbSession, group.getOrganizationUuid()); checkFoundWithOptional(org, "Could not find organization with id '%s'.", group.getOrganizationUuid()); - userSession.checkOrganizationPermission(org.get().getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(ADMINISTER, org.get()); boolean changed = false; String newName = request.param(PARAM_GROUP_NAME); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java index 85bb5af7a7e..2f10a7db4fc 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java @@ -33,10 +33,10 @@ import org.sonar.db.DbSession; import org.sonar.db.user.GroupMembershipQuery; import org.sonar.db.user.UserMembershipDto; import org.sonar.db.user.UserMembershipQuery; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static org.sonar.api.utils.Paging.forPageIndex; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.usergroups.ws.GroupWsSupport.defineGroupWsParameters; public class UsersAction implements UserGroupsWsAction { @@ -79,7 +79,7 @@ public class UsersAction implements UserGroupsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { GroupId group = support.findGroup(dbSession, request); - userSession.checkOrganizationPermission(group.getOrganizationUuid(), SYSTEM_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER, group.getOrganizationUuid()); UserMembershipQuery query = UserMembershipQuery.builder() .groupId(group.getId()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderTest.java b/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderTest.java index 634f9a8af8c..93e15fc2ffc 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderTest.java @@ -42,6 +42,7 @@ import org.sonar.server.tester.UserSessionRule; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.fail; +import static org.sonar.server.permission.OrganizationPermission.SCAN; public class ProjectDataLoaderTest { @Rule @@ -171,7 +172,7 @@ public class ProjectDataLoaderTest { @Test public void scan_permission_on_organization_is_enough_even_without_scan_permission_on_project() { ComponentDto project = dbTester.components().insertProject(); - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.SCAN_EXECUTION); + userSession.logIn().addPermission(SCAN, project.getOrganizationUuid()); userSession.logIn().addProjectUuidPermissions(UserRole.USER, project.uuid()); ProjectRepositories repositories = underTest.load(ProjectDataQuery.create().setModuleKey(project.key()).setIssuesMode(true)); diff --git a/server/sonar-server/src/test/java/org/sonar/server/ce/ws/TaskActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/ce/ws/TaskActionTest.java index 44d02902e1e..f54cbd1d236 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/ce/ws/TaskActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/ce/ws/TaskActionTest.java @@ -43,6 +43,7 @@ import org.sonarqube.ws.WsCe; import static java.util.Collections.singleton; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonarqube.ws.MediaTypes.PROTOBUF; public class TaskActionTest { @@ -249,7 +250,7 @@ public class TaskActionTest { @Test public void get_project_queue_task_with_scan_permission_on_organization_but_not_on_project() { - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.SCAN_EXECUTION); + userSession.logIn().addPermission(SCAN, project.getOrganizationUuid()); CeQueueDto task = createAndPersistQueueTask(project); call(task.getUuid()); @@ -293,7 +294,7 @@ public class TaskActionTest { @Test public void get_project_archived_task_with_scan_permission_on_organization_but_not_on_project() { - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.SCAN_EXECUTION); + userSession.logIn().addPermission(SCAN, project.getOrganizationUuid()); CeActivityDto task = createAndPersistArchivedTask(project); call(task.getUuid()); diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java index 4c3155aa7d2..413908fa1fb 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java @@ -55,9 +55,10 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyZeroInteractions; import static org.mockito.Mockito.when; -import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.db.component.ComponentTesting.newProjectDto; +import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS; +import static org.sonar.server.permission.OrganizationPermission.SCAN; public class ReportSubmitterTest { @@ -137,7 +138,7 @@ public class ReportSubmitterTest { OrganizationDto organization = db.organizations().insert(); userSession .addProjectUuidPermissions(SCAN_EXECUTION, PROJECT_UUID) - .addOrganizationPermission(organization, PROVISIONING); + .addPermission(PROVISION_PROJECTS, organization); mockSuccessfulPrepareSubmitCall(); ComponentDto createdProject = newProjectDto(organization, PROJECT_UUID).setKey(PROJECT_KEY); @@ -168,7 +169,7 @@ public class ReportSubmitterTest { public void no_favorite_when_no_project_creator_permission_on_permission_template() { userSession .addProjectUuidPermissions(SCAN_EXECUTION, PROJECT_UUID) - .addOrganizationPermission(db.getDefaultOrganization(), PROVISIONING); + .addPermission(PROVISION_PROJECTS, db.getDefaultOrganization()); mockSuccessfulPrepareSubmitCall(); ComponentDto createdProject = newProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setKey(PROJECT_KEY); @@ -187,7 +188,7 @@ public class ReportSubmitterTest { public void submit_a_report_on_new_project_with_scan_permission_on_organization() { userSession .addProjectUuidPermissions(SCAN_EXECUTION, PROJECT_UUID) - .addOrganizationPermission(db.getDefaultOrganization(), PROVISIONING); + .addPermission(PROVISION_PROJECTS, db.getDefaultOrganization()); mockSuccessfulPrepareSubmitCall(); ComponentDto project = newProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setKey(PROJECT_KEY); @@ -205,7 +206,7 @@ public class ReportSubmitterTest { public void user_with_scan_permission_on_organization_is_allowed_to_submit_a_report_on_existing_project() { OrganizationDto org = db.organizations().insert(); ComponentDto project = db.components().insertProject(org); - userSession.addOrganizationPermission(org, SCAN_EXECUTION); + userSession.addPermission(SCAN, org); mockSuccessfulPrepareSubmitCall(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/DeleteActionTest.java index c33983050d4..ff023924f06 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/DeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/DeleteActionTest.java @@ -49,8 +49,8 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Matchers.any; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_KEY; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class DeleteActionTest { @@ -295,6 +295,6 @@ public class DeleteActionTest { } private void logInAsAdministrator(OrganizationDto organization) { - userSession.logIn().addOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, organization); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/EnableSupportActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/EnableSupportActionTest.java index 6f03cc442e1..72c1e5e8824 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/EnableSupportActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/EnableSupportActionTest.java @@ -29,7 +29,6 @@ import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.organization.DefaultOrganizationProvider; -import org.sonar.server.organization.OrganizationValidationImpl; import org.sonar.server.organization.OrganizationFlags; import org.sonar.server.organization.OrganizationFlagsImpl; import org.sonar.server.organization.TestDefaultOrganizationProvider; @@ -38,7 +37,7 @@ import org.sonar.server.ws.TestResponse; import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class EnableSupportActionTest { @@ -114,7 +113,7 @@ public class EnableSupportActionTest { } private void logInAsSystemAdministrator(String login) { - userSession.logIn(login).addOrganizationPermission(db.getDefaultOrganization().getUuid(), SYSTEM_ADMIN); + userSession.logIn(login).addPermission(ADMINISTER, db.getDefaultOrganization()); } private void call() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/UpdateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/UpdateActionTest.java index 08dc07629bb..ef8682c20fa 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/UpdateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/UpdateActionTest.java @@ -41,10 +41,10 @@ import org.sonarqube.ws.Organizations; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.organization.ws.OrganizationsWsTestSupport.STRING_257_CHARS_LONG; import static org.sonar.server.organization.ws.OrganizationsWsTestSupport.STRING_65_CHARS_LONG; import static org.sonar.server.organization.ws.OrganizationsWsTestSupport.setParam; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class UpdateActionTest { private static final String SOME_KEY = "key"; @@ -375,7 +375,7 @@ public class UpdateActionTest { assertThat(newDto.getUpdatedAt()).isEqualTo(updateAt); } - private void logInAsAdministrator(OrganizationDto organizationDto) { - userSession.logIn().addOrganizationPermission(organizationDto.getUuid(), SYSTEM_ADMIN); + private void logInAsAdministrator(OrganizationDto organization) { + userSession.logIn().addPermission(ADMINISTER, organization); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java index f93bdf80f9f..3a6ac2f9230 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java @@ -36,6 +36,7 @@ import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.component.ComponentTesting.newView; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; @@ -268,7 +269,7 @@ public class AddGroupActionTest extends BasePermissionWsTest { public void adding_global_permission_fails_if_not_administrator_of_organization() throws Exception { GroupDto group = db.users().insertGroup(db.getDefaultOrganization(), "sonar-administrators"); // user is administrator of another organization - userSession.logIn().addOrganizationPermission("anotherOrg", SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, "anotherOrg"); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java index 7cfa45aad6b..877c19ecbc4 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java @@ -41,8 +41,8 @@ import org.sonar.server.ws.TestRequest; import org.sonar.server.ws.WsActionTester; import static org.mockito.Mockito.mock; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public abstract class BasePermissionWsTest { @@ -87,9 +87,9 @@ public abstract class BasePermissionWsTest { } protected void loginAsAdmin(OrganizationDto org, OrganizationDto... otherOrgs) { - userSession.logIn().addOrganizationPermission(org.getUuid(), SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); for (OrganizationDto otherOrg : otherOrgs) { - userSession.addOrganizationPermission(otherOrg.getUuid(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, otherOrg); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java index c2f50ead44a..88319738ed3 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java @@ -34,6 +34,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.spy; import static org.mockito.Mockito.when; import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; @@ -116,7 +117,7 @@ public class AddProjectCreatorToTemplateActionTest extends BasePermissionWsTest< @Test public void fail_if_not_admin_of_default_organization() throws Exception { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization().getUuid(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java index 426b836685e..d0a4cb36226 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java @@ -36,7 +36,7 @@ import org.sonar.server.ws.TestRequest; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.web.UserRole.CODEVIEWER; import static org.sonar.api.web.UserRole.ISSUE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_USER_LOGIN; @@ -100,7 +100,7 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest consumer) throws Exception { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java index 63ce8f422bf..5016f1ab155 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java @@ -37,7 +37,7 @@ import org.sonar.server.ws.TestRequest; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.security.DefaultGroups.ANYONE; import static org.sonar.api.web.UserRole.CODEVIEWER; -import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -120,7 +120,7 @@ public class RemoveGroupFromTemplateActionTest extends BasePermissionWsTest { @@ -73,7 +73,7 @@ public class SearchTemplatesActionTest extends BasePermissionWsTest dto.setKey("ghost-key-" + count)); } - userSessionRule.logIn().addOrganizationPermission(organization, SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, organization); TestResponse result = underTest.newRequest() .setParam("organization", organization.getKey()) @@ -138,7 +137,7 @@ public class GhostsActionTest { public void ghost_projects_with_chosen_fields() throws Exception { OrganizationDto organization = db.organizations().insert(); insertGhostProject(organization); - userSessionRule.logIn().addOrganizationPermission(organization, SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, organization); TestResponse result = underTest.newRequest() .setParam("organization", organization.getKey()) @@ -158,7 +157,7 @@ public class GhostsActionTest { insertGhostProject(organization, dto -> dto.setName("ghost-name-11")); insertGhostProject(organization, dto -> dto.setName("ghost-name-20")); - userSessionRule.logIn().addOrganizationPermission(organization, SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, organization); TestResponse result = underTest.newRequest() .setParam("organization", organization.getKey()) @@ -175,7 +174,7 @@ public class GhostsActionTest { OrganizationDto organization = db.organizations().insert(); insertGhostProject(organization, dto -> dto.setKey("ghost-key-1")); - userSessionRule.logIn().addOrganizationPermission(organization, SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, organization); TestResponse result = underTest.newRequest() .setParam("organization", organization.getKey()) @@ -188,15 +187,15 @@ public class GhostsActionTest { @Test public void ghost_projects_base_on_json_example() throws Exception { - OrganizationDto organizationDto = db.organizations().insert(); - ComponentDto hBaseProject = ComponentTesting.newProjectDto(organizationDto, "ce4c03d6-430f-40a9-b777-ad877c00aa4d") + OrganizationDto organization = db.organizations().insert(); + ComponentDto hBaseProject = ComponentTesting.newProjectDto(organization, "ce4c03d6-430f-40a9-b777-ad877c00aa4d") .setKey("org.apache.hbas:hbase") .setName("HBase") .setCreatedAt(DateUtils.parseDateTime("2015-03-04T23:03:44+0100")); dbClient.componentDao().insert(db.getSession(), hBaseProject); dbClient.snapshotDao().insert(db.getSession(), SnapshotTesting.newAnalysis(hBaseProject) .setStatus(STATUS_UNPROCESSED)); - ComponentDto roslynProject = ComponentTesting.newProjectDto(organizationDto, "c526ef20-131b-4486-9357-063fa64b5079") + ComponentDto roslynProject = ComponentTesting.newProjectDto(organization, "c526ef20-131b-4486-9357-063fa64b5079") .setKey("com.microsoft.roslyn:roslyn") .setName("Roslyn") .setCreatedAt(DateUtils.parseDateTime("2013-03-04T23:03:44+0100")); @@ -204,22 +203,22 @@ public class GhostsActionTest { dbClient.snapshotDao().insert(db.getSession(), SnapshotTesting.newAnalysis(roslynProject) .setStatus(STATUS_UNPROCESSED)); db.getSession().commit(); - userSessionRule.logIn().addOrganizationPermission(organizationDto, SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, organization); TestResponse result = underTest.newRequest() - .setParam("organization", organizationDto.getKey()) + .setParam("organization", organization.getKey()) .execute(); assertJson(result.getInput()) .isSimilarTo(Resources.getResource(getClass(), "projects-example-ghosts.json")); } - @Test(expected = ForbiddenException.class) - public void fail_if_does_not_have_sufficient_rights() throws Exception { - userSessionRule.logIn() - .addOrganizationPermission(db.getDefaultOrganization(), UserRole.USER) - .addOrganizationPermission(db.getDefaultOrganization(), UserRole.ISSUE_ADMIN) - .addOrganizationPermission(db.getDefaultOrganization(), UserRole.CODEVIEWER); + @Test + public void throws_ForbiddenException_if_not_administrator_of_organization() throws Exception { + userSessionRule.logIn(); + + expectedException.expect(ForbiddenException.class); + expectedException.expectMessage("Insufficient privileges"); underTest.newRequest().execute(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/ProvisionedActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/ProvisionedActionTest.java index dc85c23db3c..62bdff5caa1 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/ProvisionedActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/ProvisionedActionTest.java @@ -28,7 +28,6 @@ import org.sonar.api.server.ws.WebService; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.utils.DateUtils; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; @@ -44,6 +43,8 @@ import org.sonar.server.ws.TestResponse; import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonar.test.JsonAssert.assertJson; public class ProvisionedActionTest { @@ -80,14 +81,14 @@ public class ProvisionedActionTest { @Test public void all_provisioned_projects_without_analyzed_projects() throws Exception { - OrganizationDto organizationDto = db.organizations().insert(); - ComponentDto analyzedProject = ComponentTesting.newProjectDto(organizationDto, "analyzed-uuid-1"); - db.components().insertComponents(newProvisionedProject(organizationDto, "1"), newProvisionedProject(organizationDto, "2"), analyzedProject); + OrganizationDto org = db.organizations().insert(); + ComponentDto analyzedProject = ComponentTesting.newProjectDto(org, "analyzed-uuid-1"); + db.components().insertComponents(newProvisionedProject(org, "1"), newProvisionedProject(org, "2"), analyzedProject); db.components().insertSnapshot(SnapshotTesting.newAnalysis(analyzedProject)); - userSessionRule.logIn().addOrganizationPermission(organizationDto, GlobalPermissions.PROVISIONING); + userSessionRule.logIn().addPermission(PROVISION_PROJECTS, org); TestResponse result = underTest.newRequest() - .setParam(PARAM_ORGANIZATION, organizationDto.getKey()) + .setParam(PARAM_ORGANIZATION, org.getKey()) .execute(); String json = result.getInput(); @@ -111,14 +112,14 @@ public class ProvisionedActionTest { @Test public void provisioned_projects_with_correct_pagination() throws Exception { - OrganizationDto organizationDto = db.organizations().insert(); + OrganizationDto org = db.organizations().insert(); for (int i = 1; i <= 10; i++) { - db.components().insertComponent(newProvisionedProject(organizationDto, String.valueOf(i))); + db.components().insertComponent(newProvisionedProject(org, String.valueOf(i))); } - userSessionRule.logIn().addOrganizationPermission(organizationDto, GlobalPermissions.PROVISIONING); + userSessionRule.logIn().addPermission(PROVISION_PROJECTS, org); TestRequest request = underTest.newRequest() - .setParam(PARAM_ORGANIZATION, organizationDto.getKey()) + .setParam(PARAM_ORGANIZATION, org.getKey()) .setParam(Param.PAGE, "3") .setParam(Param.PAGE_SIZE, "4"); @@ -131,7 +132,7 @@ public class ProvisionedActionTest { public void provisioned_projects_with_desired_fields() throws Exception { OrganizationDto organization = db.organizations().insert(); db.components().insertComponent(newProvisionedProject(organization, "1")); - userSessionRule.logIn().addOrganizationPermission(organization, GlobalPermissions.PROVISIONING); + userSessionRule.logIn().addPermission(PROVISION_PROJECTS, organization); String jsonOutput = underTest.newRequest() .setParam(PARAM_ORGANIZATION, organization.getKey()) @@ -145,12 +146,12 @@ public class ProvisionedActionTest { @Test public void provisioned_projects_with_query() throws Exception { - OrganizationDto organization = db.organizations().insert(); - db.components().insertComponents(newProvisionedProject(organization, "1"), newProvisionedProject(organization, "2")); - userSessionRule.logIn().addOrganizationPermission(organization, GlobalPermissions.PROVISIONING); + OrganizationDto org = db.organizations().insert(); + db.components().insertComponents(newProvisionedProject(org, "1"), newProvisionedProject(org, "2")); + userSessionRule.logIn().addPermission(PROVISION_PROJECTS, org); String jsonOutput = underTest.newRequest() - .setParam(PARAM_ORGANIZATION, organization.getKey()) + .setParam(PARAM_ORGANIZATION, org.getKey()) .setParam(Param.TEXT_QUERY, "PROVISIONED-name-2") .execute().getInput(); @@ -161,20 +162,20 @@ public class ProvisionedActionTest { @Test public void provisioned_projects_as_defined_in_the_example() throws Exception { - OrganizationDto organizationDto = db.organizations().insert(); - ComponentDto hBaseProject = ComponentTesting.newProjectDto(organizationDto, "ce4c03d6-430f-40a9-b777-ad877c00aa4d") + OrganizationDto org = db.organizations().insert(); + ComponentDto hBaseProject = ComponentTesting.newProjectDto(org, "ce4c03d6-430f-40a9-b777-ad877c00aa4d") .setKey("org.apache.hbas:hbase") .setName("HBase") .setCreatedAt(DateUtils.parseDateTime("2015-03-04T23:03:44+0100")); - ComponentDto roslynProject = ComponentTesting.newProjectDto(organizationDto, "c526ef20-131b-4486-9357-063fa64b5079") + ComponentDto roslynProject = ComponentTesting.newProjectDto(org, "c526ef20-131b-4486-9357-063fa64b5079") .setKey("com.microsoft.roslyn:roslyn") .setName("Roslyn") .setCreatedAt(DateUtils.parseDateTime("2013-03-04T23:03:44+0100")); db.components().insertComponents(hBaseProject, roslynProject); - userSessionRule.logIn().addOrganizationPermission(organizationDto.getUuid(), GlobalPermissions.PROVISIONING); + userSessionRule.logIn().addPermission(PROVISION_PROJECTS, org); TestResponse result = underTest.newRequest() - .setParam(PARAM_ORGANIZATION, organizationDto.getKey()) + .setParam(PARAM_ORGANIZATION, org.getKey()) .execute(); assertJson(result.getInput()) @@ -183,9 +184,9 @@ public class ProvisionedActionTest { @Test public void fail_when_not_enough_privileges() throws Exception { - OrganizationDto organizationDto = db.organizations().insert(); - db.components().insertComponent(newProvisionedProject(organizationDto, "1")); - userSessionRule.logIn().addOrganizationPermission(organizationDto.getUuid(), GlobalPermissions.SCAN_EXECUTION); + OrganizationDto organization = db.organizations().insert(); + db.components().insertComponent(newProvisionedProject(organization, "1")); + userSessionRule.logIn().addPermission(SCAN, organization); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java index 1aa03aa609f..8fe65742135 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java @@ -52,14 +52,14 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.server.ws.WebService.Param.PAGE; import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE; import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.core.util.Protobuf.setNullable; import static org.sonar.db.component.ComponentTesting.newDirectory; import static org.sonar.db.component.ComponentTesting.newFileDto; import static org.sonar.db.component.ComponentTesting.newModuleDto; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.component.ComponentTesting.newView; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.test.JsonAssert.assertJson; import static org.sonarqube.ws.MediaTypes.PROTOBUF; import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_ORGANIZATION; @@ -85,7 +85,7 @@ public class SearchActionTest { @Test public void search_by_key_query() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); db.components().insertComponents( newProjectDto(db.getDefaultOrganization()).setKey("project-_%-key"), newProjectDto(db.getDefaultOrganization()).setKey("project-key-without-escaped-characters")); @@ -97,7 +97,7 @@ public class SearchActionTest { @Test public void search_projects_when_no_qualifier_set() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); db.components().insertComponents( newProjectDto(db.getDefaultOrganization()).setKey(PROJECT_KEY_1), newView(db.getDefaultOrganization())); @@ -109,7 +109,7 @@ public class SearchActionTest { @Test public void search_projects() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); ComponentDto project = newProjectDto(db.getDefaultOrganization()).setKey(PROJECT_KEY_1); ComponentDto module = newModuleDto(project); ComponentDto directory = newDirectory(module, "dir"); @@ -126,7 +126,7 @@ public class SearchActionTest { @Test public void search_views() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); db.components().insertComponents( newProjectDto(db.getDefaultOrganization()).setKey(PROJECT_KEY_1), newView(db.getDefaultOrganization()).setKey("view1")); @@ -138,7 +138,7 @@ public class SearchActionTest { @Test public void search_projects_and_views() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); db.components().insertComponents( newProjectDto(db.getDefaultOrganization()).setKey(PROJECT_KEY_1), newView(db.getDefaultOrganization()).setKey("view1")); @@ -150,7 +150,7 @@ public class SearchActionTest { @Test public void search_on_default_organization_when_no_organization_set() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); OrganizationDto otherOrganization = db.organizations().insert(); db.components().insertComponents( newProjectDto(db.getDefaultOrganization()).setKey(PROJECT_KEY_1), @@ -166,7 +166,7 @@ public class SearchActionTest { public void search_for_projects_on_given_organization() throws IOException { OrganizationDto organization1 = db.organizations().insert(); OrganizationDto organization2 = db.organizations().insert(); - userSession.addOrganizationPermission(organization1, SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, organization1); ComponentDto project1 = newProjectDto(organization1); ComponentDto project2 = newProjectDto(organization1); ComponentDto project3 = newProjectDto(organization2); @@ -179,7 +179,7 @@ public class SearchActionTest { @Test public void result_is_paginated() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); List componentDtoList = new ArrayList<>(); for (int i = 1; i <= 9; i++) { componentDtoList.add(newProjectDto(db.getDefaultOrganization(), "project-uuid-" + i).setKey("project-key-" + i).setName("Project Name " + i)); @@ -193,7 +193,7 @@ public class SearchActionTest { @Test public void fail_when_not_system_admin() throws Exception { - userSession.addOrganizationPermission(db.getDefaultOrganization(), QUALITY_PROFILE_ADMIN); + userSession.addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization()); expectedException.expect(ForbiddenException.class); call(SearchWsRequest.builder().build()); @@ -208,7 +208,7 @@ public class SearchActionTest { @Test public void fail_on_invalid_qualifier() throws Exception { - userSession.addOrganizationPermission(db.getDefaultOrganization(), QUALITY_PROFILE_ADMIN); + userSession.addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization()); expectedException.expect(IllegalArgumentException.class); expectedException.expectMessage("Value of parameter 'qualifiers' (BRC) must be one of: [TRK, VW]"); @@ -256,15 +256,15 @@ public class SearchActionTest { @Test public void verify_response_example() throws URISyntaxException, IOException { - OrganizationDto organizationDto = db.organizations().insertForKey("my-org-1"); - userSession.addOrganizationPermission(organizationDto, SYSTEM_ADMIN); + OrganizationDto organization = db.organizations().insertForKey("my-org-1"); + userSession.addPermission(ADMINISTER, organization); db.components().insertComponents( - newProjectDto(organizationDto, "project-uuid-1").setName("Project Name 1").setKey("project-key-1"), - newProjectDto(organizationDto, "project-uuid-2").setName("Project Name 1").setKey("project-key-2")); + newProjectDto(organization, "project-uuid-1").setName("Project Name 1").setKey("project-key-1"), + newProjectDto(organization, "project-uuid-2").setName("Project Name 1").setKey("project-key-2")); String response = ws.newRequest() .setMediaType(MediaTypes.JSON) - .setParam(PARAM_ORGANIZATION, organizationDto.getKey()) + .setParam(PARAM_ORGANIZATION, organization.getKey()) .execute().getInput(); assertJson(response).isSimilarTo(ws.getDef().responseExampleAsString()); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java index 083ac36bf40..e20120cf37d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java @@ -43,8 +43,8 @@ import static org.sonar.api.measures.Metric.ValueType.DISTRIB; import static org.sonar.api.measures.Metric.ValueType.INT; import static org.sonar.api.measures.Metric.ValueType.RATING; import static org.sonar.api.measures.Metric.ValueType.WORK_DUR; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.db.metric.MetricTesting.newMetricDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonar.test.JsonAssert.assertJson; import static org.sonarqube.ws.MediaTypes.JSON; @@ -173,7 +173,7 @@ public class AppActionTest { @Test public void return_edit_to_true_when_quality_gate_permission() throws Exception { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); AppWsResponse response = executeRequest(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateActionTest.java index 0c546cc9deb..d64bba04fc1 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateActionTest.java @@ -25,7 +25,6 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -41,7 +40,7 @@ import org.sonarqube.ws.MediaTypes; import org.sonarqube.ws.WsQualityGates.CreateWsResponse; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; public class CreateActionTest { @@ -88,7 +87,7 @@ public class CreateActionTest { // as long as organizations don't support Quality gates, the global permission // is defined on the default organization OrganizationDto org = db.organizations().insert(); - userSession.logIn().addOrganizationPermission(org, GlobalPermissions.QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, org); expectedException.expect(ForbiddenException.class); expectedException.expectMessage("Insufficient privileges"); @@ -118,7 +117,7 @@ public class CreateActionTest { } private void logInAsQualityGateAdmin() { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization().getUuid(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java index c1f2de41ab1..2161ca4056d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java @@ -29,7 +29,6 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -48,9 +47,9 @@ import org.sonarqube.ws.MediaTypes; import org.sonarqube.ws.WsQualityGates.CreateConditionWsResponse; import static org.assertj.core.api.Java6Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.db.metric.MetricTesting.newMetricDto; import static org.sonar.server.computation.task.projectanalysis.metric.Metric.MetricType.PERCENT; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_ERROR; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_GATE_ID; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_METRIC; @@ -132,7 +131,7 @@ public class CreateConditionActionTest { // as long as organizations don't support Quality gates, the global permission // is defined on the default organization OrganizationDto org = db.organizations().insert(); - userSession.logIn().addOrganizationPermission(org, GlobalPermissions.QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, org); expectedException.expect(ForbiddenException.class); expectedException.expectMessage("Insufficient privileges"); @@ -205,6 +204,6 @@ public class CreateConditionActionTest { } private void logInAsQualityGateAdmin() { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java index 4b6df910f96..2e841707d30 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java @@ -41,7 +41,7 @@ import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.server.qualitygate.QualityGates.SONAR_QUALITYGATE_PROPERTY; public class DeselectActionTest { @@ -173,7 +173,7 @@ public class DeselectActionTest { public void fail_when_not_quality_gates_admin() throws Exception { String gateId = String.valueOf(gate.getId()); - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), QUALITY_PROFILE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, project.getOrganizationUuid()); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java index eccbc6af3a2..158eb1d261d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java @@ -37,7 +37,7 @@ import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonar.server.qualitygate.QualityGates.SONAR_QUALITYGATE_PROPERTY; public class SelectActionTest { @@ -109,7 +109,7 @@ public class SelectActionTest { @Test public void gate_administrator_can_associate_a_gate_to_a_project() throws Exception { - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, project.getOrganizationUuid()); String gateId = String.valueOf(gate.getId()); callByKey(gateId, project.getKey()); diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java index 85b05684e82..1b961f033b9 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java @@ -29,7 +29,6 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -48,9 +47,9 @@ import org.sonarqube.ws.MediaTypes; import org.sonarqube.ws.WsQualityGates.CreateConditionWsResponse; import static org.assertj.core.api.Java6Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.db.metric.MetricTesting.newMetricDto; import static org.sonar.server.computation.task.projectanalysis.metric.Metric.MetricType.PERCENT; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_ERROR; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_ID; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_METRIC; @@ -140,7 +139,7 @@ public class UpdateConditionActionTest { // as long as organizations don't support Quality gates, the global permission // is defined on the default organization OrganizationDto org = db.organizations().insert(); - userSession.logIn().addOrganizationPermission(org, GlobalPermissions.QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, org); expectedException.expect(ForbiddenException.class); expectedException.expectMessage("Insufficient privileges"); @@ -213,7 +212,7 @@ public class UpdateConditionActionTest { } private void logInAsQualityGateAdmin() { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/QProfileServiceMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/QProfileServiceMediumTest.java index 80035a363c8..19bc21cc4c4 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/QProfileServiceMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/QProfileServiceMediumTest.java @@ -36,7 +36,6 @@ import org.sonar.api.rule.RuleStatus; import org.sonar.api.rules.Rule; import org.sonar.api.rules.RulePriority; import org.sonar.api.utils.ValidationMessages; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.rule.RuleDto; @@ -54,6 +53,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.db.rule.RuleTesting.newXooX1; import static org.sonar.db.rule.RuleTesting.newXooX2; import static org.sonar.db.rule.RuleTesting.newXooX3; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.server.qualityprofile.QProfileTesting.XOO_P1_KEY; import static org.sonar.server.qualityprofile.QProfileTesting.XOO_P2_KEY; @@ -226,6 +226,6 @@ public class QProfileServiceMediumTest { } private void logInAsQProfileAdministrator() { - userSessionRule.logIn().addOrganizationPermission(tester.get(DefaultOrganizationProvider.class).get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, tester.get(DefaultOrganizationProvider.class).get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java index ab22b08a54a..ee89b268100 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java @@ -41,7 +41,7 @@ import org.sonar.server.ws.TestRequest; import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.server.qualityprofile.QProfileTesting.newQProfileDto; public class AddProjectActionTest { @@ -121,7 +121,7 @@ public class AddProjectActionTest { } private void setUserAsQualityProfileAdmin() { - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), QUALITY_PROFILE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, project.getOrganizationUuid()); } private void executeRequest(ComponentDto project, QualityProfileDto qualityProfile) { diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionMediumTest.java index bde959af4ef..6a24e8a33d7 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionMediumTest.java @@ -28,7 +28,6 @@ import org.junit.Test; import org.sonar.api.rule.RuleKey; import org.sonar.api.rule.RuleStatus; import org.sonar.api.rule.Severity; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualityprofile.ActiveRuleDto; @@ -51,6 +50,7 @@ import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class ChangeParentActionMediumTest { @@ -76,7 +76,7 @@ public class ChangeParentActionMediumTest { ruleIndexer = tester.get(RuleIndexer.class); activeRuleIndexer = tester.get(ActiveRuleIndexer.class); ruleIndex = tester.get(RuleIndex.class); - userSessionRule.logIn().addOrganizationPermission(tester.get(DefaultOrganizationProvider.class).get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, tester.get(DefaultOrganizationProvider.class).get().getUuid()); } @After diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CopyActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CopyActionTest.java index d0ab85d9746..c7a09d79f81 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CopyActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CopyActionTest.java @@ -26,7 +26,6 @@ import org.junit.rules.ExpectedException; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.runners.MockitoJUnitRunner; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.qualityprofile.QualityProfileDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; @@ -40,6 +39,7 @@ import org.sonar.server.ws.WsTester; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; @RunWith(MockitoJUnitRunner.class) public class CopyActionTest { @@ -153,6 +153,6 @@ public class CopyActionTest { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java index 97a0e9ff8af..ece09436339 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java @@ -33,7 +33,6 @@ import org.sonar.api.profiles.RulesProfile; import org.sonar.api.rules.RulePriority; import org.sonar.api.utils.System2; import org.sonar.api.utils.ValidationMessages; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -63,6 +62,7 @@ import org.sonarqube.ws.MediaTypes; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.sonar.server.language.LanguageTesting.newLanguages; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonarqube.ws.QualityProfiles.CreateWsResponse; import static org.sonarqube.ws.QualityProfiles.CreateWsResponse.QualityProfile; import static org.sonarqube.ws.QualityProfiles.CreateWsResponse.parseFrom; @@ -246,6 +246,6 @@ public class CreateActionTest { private void logInAsQProfileAdministrator() { userSession .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeleteActionTest.java index c1161ba66c8..08ef309c931 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeleteActionTest.java @@ -27,7 +27,6 @@ import org.junit.rules.ExpectedException; import org.sonar.api.resources.Language; import org.sonar.api.resources.Languages; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -48,6 +47,7 @@ import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class DeleteActionTest { @@ -190,6 +190,6 @@ public class DeleteActionTest { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RenameActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RenameActionTest.java index 51144c10a46..474c8702340 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RenameActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RenameActionTest.java @@ -24,7 +24,6 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.qualityprofile.QualityProfileDto; @@ -40,6 +39,7 @@ import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class RenameActionTest { @@ -164,6 +164,6 @@ public class RenameActionTest { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreActionTest.java index 940b488dc4b..06d6ff09d8c 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreActionTest.java @@ -27,7 +27,6 @@ import org.junit.rules.ExpectedException; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.runners.MockitoJUnitRunner; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.qualityprofile.QualityProfileDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; @@ -45,6 +44,7 @@ import static org.mockito.Matchers.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; @RunWith(MockitoJUnitRunner.class) public class RestoreActionTest { @@ -115,6 +115,6 @@ public class RestoreActionTest { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreBuiltInActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreBuiltInActionTest.java index 52a7ada60c1..73e8870add5 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreBuiltInActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreBuiltInActionTest.java @@ -23,7 +23,6 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.resources.Languages; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.language.LanguageTesting; @@ -37,6 +36,7 @@ import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class RestoreBuiltInActionTest { @@ -90,6 +90,6 @@ public class RestoreBuiltInActionTest { private void logInAsQProfileAdministrator() { userSession .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/SetDefaultActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/SetDefaultActionTest.java index c362d2b49ab..430cf129ca2 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/SetDefaultActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/SetDefaultActionTest.java @@ -25,7 +25,6 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.qualityprofile.QualityProfileDto; @@ -42,6 +41,7 @@ import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class SetDefaultActionTest { @@ -147,7 +147,7 @@ public class SetDefaultActionTest { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } private void createProfiles() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/RegisterRulesMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/RegisterRulesMediumTest.java index ee464bacec4..9ba2baa50ca 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/RegisterRulesMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/RegisterRulesMediumTest.java @@ -36,7 +36,6 @@ import org.sonar.api.rule.Severity; import org.sonar.api.server.debt.DebtRemediationFunction; import org.sonar.api.server.rule.RuleParamType; import org.sonar.api.server.rule.RulesDefinition; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualityprofile.ActiveRuleDto; @@ -60,6 +59,7 @@ import org.sonar.server.tester.UserSessionRule; import static com.google.common.collect.Sets.newHashSet; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; // TODO remaining tests should be moved to RegisterRulesTest public class RegisterRulesMediumTest { @@ -459,6 +459,6 @@ public class RegisterRulesMediumTest { } private void logInAsQProfileAdministrator() { - userSessionRule.logIn().addOrganizationPermission(TESTER.get(DefaultOrganizationProvider.class).get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, TESTER.get(DefaultOrganizationProvider.class).get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/AppActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/AppActionTest.java index e497dc62924..019f8af0e28 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/AppActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/AppActionTest.java @@ -26,7 +26,6 @@ import org.sonar.api.i18n.I18n; import org.sonar.api.resources.Language; import org.sonar.api.resources.Languages; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbTester; import org.sonar.db.qualityprofile.QualityProfileDto; import org.sonar.db.rule.RuleRepositoryDto; @@ -41,6 +40,7 @@ import static org.mockito.Matchers.anyString; import static org.mockito.Matchers.isA; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class AppActionTest { @@ -59,7 +59,7 @@ public class AppActionTest { AppAction app = new AppAction(languages, db.getDbClient(), i18n, userSessionRule, defaultOrganizationProvider); WsTester tester = new WsTester(new RulesWs(app)); - userSessionRule.addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSessionRule.addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); QualityProfileDto profile1 = QProfileTesting.newXooP1(); QualityProfileDto profile2 = QProfileTesting.newXooP2().setParentKee(QProfileTesting.XOO_P1_KEY); diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/DeleteActionTest.java index a3ac2ce131d..4b690bb3cfd 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/DeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/DeleteActionTest.java @@ -23,7 +23,6 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.rule.RuleKey; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.organization.DefaultOrganizationProvider; @@ -34,6 +33,7 @@ import org.sonar.server.ws.WsTester; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class DeleteActionTest { @@ -77,6 +77,6 @@ public class DeleteActionTest { private void logInAsQProfileAdministrator() { userSession .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/ShowActionMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/ShowActionMediumTest.java index e13c79a9d53..f9f4262e0ca 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/ShowActionMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/ShowActionMediumTest.java @@ -28,7 +28,6 @@ import org.junit.Test; import org.sonar.api.rule.RuleKey; import org.sonar.api.rule.RuleStatus; import org.sonar.api.rules.RuleType; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualityprofile.ActiveRuleDao; @@ -53,6 +52,7 @@ import org.sonar.server.ws.WsTester; import static com.google.common.collect.Sets.newHashSet; import static org.sonar.api.rule.Severity.MINOR; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class ShowActionMediumTest { @@ -61,7 +61,7 @@ public class ShowActionMediumTest { @Rule public UserSessionRule userSessionRule = UserSessionRule.forServerTester(tester).logIn() - .addOrganizationPermission(tester.get(DefaultOrganizationProvider.class).get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, tester.get(DefaultOrganizationProvider.class).get().getUuid()); WsTester wsTester; diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionMediumTest.java index a123a389312..7c720749402 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionMediumTest.java @@ -28,7 +28,6 @@ import org.junit.Test; import org.sonar.api.rule.RuleKey; import org.sonar.api.rule.RuleStatus; import org.sonar.api.rule.Severity; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.rule.RuleDao; @@ -47,6 +46,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.fail; import static org.sonar.api.server.debt.DebtRemediationFunction.Type.LINEAR; import static org.sonar.api.server.debt.DebtRemediationFunction.Type.LINEAR_OFFSET; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.server.rule.ws.UpdateAction.PARAM_REMEDIATION_FN_BASE_EFFORT; import static org.sonar.server.rule.ws.UpdateAction.PARAM_REMEDIATION_FN_GAP_MULTIPLIER; import static org.sonar.server.rule.ws.UpdateAction.PARAM_REMEDIATION_FN_TYPE; @@ -178,6 +178,6 @@ public class UpdateActionMediumTest { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(tester.get(DefaultOrganizationProvider.class).get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, tester.get(DefaultOrganizationProvider.class).get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java index 549b204ff0f..e09bc2aecba 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java @@ -56,9 +56,9 @@ import static org.sonar.api.resources.Qualifiers.PROJECT; import static org.sonar.api.web.UserRole.ADMIN; import static org.sonar.api.web.UserRole.CODEVIEWER; import static org.sonar.api.web.UserRole.USER; -import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newProjectDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonarqube.ws.MediaTypes.JSON; import static org.sonarqube.ws.Settings.Definition.CategoryOneOfCase.CATEGORYONEOF_NOT_SET; import static org.sonarqube.ws.Settings.Definition.DefaultValueOneOfCase.DEFAULTVALUEONEOF_NOT_SET; @@ -345,7 +345,7 @@ public class ListDefinitionsActionTest { @Test public void return_secured_settings_when_not_authenticated_but_with_scan_permission() throws Exception { - userSession.anonymous().addOrganizationPermission(db.getDefaultOrganization(), SCAN_EXECUTION); + userSession.anonymous().addPermission(SCAN, db.getDefaultOrganization()); propertyDefinitions.addComponents(asList( PropertyDefinition.builder("foo").build(), PropertyDefinition.builder("secret.secured").build(), @@ -480,7 +480,7 @@ public class ListDefinitionsActionTest { } private void logInAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org, SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } private void logInAsProjectAdmin() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java index 23aea49481c..373e11be609 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java @@ -67,11 +67,12 @@ import static org.sonar.api.web.UserRole.ADMIN; import static org.sonar.api.web.UserRole.CODEVIEWER; import static org.sonar.api.web.UserRole.USER; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newModuleDto; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.property.PropertyTesting.newComponentPropertyDto; import static org.sonar.db.property.PropertyTesting.newGlobalPropertyDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonarqube.ws.MediaTypes.JSON; import static org.sonarqube.ws.Settings.Setting.ParentValueOneOfCase.PARENTVALUEONEOF_NOT_SET; @@ -550,7 +551,7 @@ public class ValuesActionTest { @Test public void return_global_secured_settings_when_not_authenticated_but_with_scan_permission() throws Exception { - userSession.anonymous().addOrganizationPermission(db.getDefaultOrganization(), SCAN_EXECUTION); + userSession.anonymous().addPermission(SCAN, db.getDefaultOrganization()); definitions.addComponents(asList( PropertyDefinition.builder("foo").build(), PropertyDefinition.builder("secret.secured").build(), @@ -838,7 +839,7 @@ public class ValuesActionTest { } private void logInAsAdmin() { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, db.getDefaultOrganization()); } private void logInAsProjectAdmin() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java b/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java index 2371ce51a85..0fb052da600 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java @@ -41,6 +41,17 @@ public abstract class AbstractMockUserSession this.clazz = clazz; } + public T addPermission(OrganizationPermission permission, String organizationUuid) { + permissionsByOrganizationUuid.put(organizationUuid, permission); + return clazz.cast(this); + } + + @Override + protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { + return permissionsByOrganizationUuid.get(organizationUuid).contains(permission); + } + + public T addProjectUuidPermissions(String projectPermission, String... projectUuids) { this.projectPermissionsCheckedByUuid.add(projectPermission); this.projectUuidByPermission.putAll(projectPermission, newArrayList(projectUuids)); @@ -55,12 +66,7 @@ public abstract class AbstractMockUserSession addProjectUuidPermissions(projectPermission, projectUuid); return clazz.cast(this); } - - @Override - protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { - return permissionsByOrganizationUuid.get(organizationUuid).contains(permission); - } - + @Override protected Optional componentUuidToProjectUuid(String componentUuid) { return Optional.ofNullable(projectUuidByComponentUuid.get(componentUuid)); @@ -71,11 +77,6 @@ public abstract class AbstractMockUserSession return projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid); } - public T addOrganizationPermission(String organizationUuid, String permission) { - permissionsByOrganizationUuid.put(organizationUuid, OrganizationPermission.fromKey(permission)); - return clazz.cast(this); - } - public T setSystemAdministrator(boolean b) { this.systemAdministrator = b; return clazz.cast(this); diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java index 9411379652f..4ba09e9fb30 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java @@ -53,7 +53,7 @@ import static com.google.common.base.Preconditions.checkState; * In both cases, one can define user session behavior which should apply on all tests directly on the property, eg.: * 
  * {@literal @}Rule
- * public UserSessionRule userSessionRule = UserSessionRule.standalone().login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+ * public UserSessionRule userSessionRule = UserSessionRule.standalone().login("admin").setOrganizationPermissions(OrganizationPermissions.SYSTEM_ADMIN);
  *
*

*

@@ -192,13 +192,13 @@ public class UserSessionRule implements TestRule, UserSession { return this; } - public UserSessionRule addOrganizationPermission(String organizationUuid, String permission) { - ensureAbstractMockUserSession().addOrganizationPermission(organizationUuid, permission); + public UserSessionRule addPermission(OrganizationPermission permission, String organizationUuid) { + ensureAbstractMockUserSession().addPermission(permission, organizationUuid); return this; } - public UserSessionRule addOrganizationPermission(OrganizationDto organizationDto, String permission) { - ensureAbstractMockUserSession().addOrganizationPermission(organizationDto.getUuid(), permission); + public UserSessionRule addPermission(OrganizationPermission permission, OrganizationDto organization) { + ensureAbstractMockUserSession().addPermission(permission, organization.getUuid()); return this; } @@ -292,11 +292,22 @@ public class UserSessionRule implements TestRule, UserSession { return this; } + @Override + public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { + return currentUserSession.hasPermission(permission, organization); + } + @Override public boolean hasPermission(OrganizationPermission permission, String organizationUuid) { return currentUserSession.hasPermission(permission, organizationUuid); } + @Override + public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { + currentUserSession.checkPermission(permission, organization); + return this; + } + @Override public UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { currentUserSession.checkPermission(permission, organizationUuid); @@ -305,12 +316,13 @@ public class UserSessionRule implements TestRule, UserSession { @Override public boolean hasOrganizationPermission(String organizationUuid, String permission) { - return currentUserSession.hasOrganizationPermission(organizationUuid, permission); + return currentUserSession.hasPermission(OrganizationPermission.fromKey(permission), organizationUuid); } @Override - public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { - return currentUserSession.hasPermission(permission, organization); + public UserSession checkOrganizationPermission(String organizationUuid, String permission) { + currentUserSession.checkPermission(OrganizationPermission.fromKey(permission), organizationUuid); + return this; } @Override @@ -335,16 +347,4 @@ public class UserSessionRule implements TestRule, UserSession { currentUserSession.checkIsSystemAdministrator(); return this; } - - @Override - public UserSession checkOrganizationPermission(String organizationUuid, String permission) { - currentUserSession.checkOrganizationPermission(organizationUuid, permission); - return this; - } - - @Override - public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { - currentUserSession.checkPermission(permission, organization); - return this; - } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java index 0a293bc8974..053145fea5e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java @@ -35,7 +35,6 @@ import org.sonar.api.web.page.Page; import org.sonar.api.web.page.Page.Qualifier; import org.sonar.api.web.page.PageDefinition; import org.sonar.core.component.DefaultResourceTypes; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.platform.PluginRepository; import org.sonar.db.DbClient; import org.sonar.db.DbTester; @@ -52,6 +51,7 @@ import org.sonar.db.user.UserDto; import org.sonar.server.component.ComponentFinder; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.qualitygate.QualityGateFinder; import org.sonar.server.qualityprofile.QPMeasureData; import org.sonar.server.qualityprofile.QualityProfile; @@ -65,8 +65,6 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; import static org.sonar.api.measures.CoreMetrics.QUALITY_PROFILES_KEY; import static org.sonar.api.web.page.Page.Scope.COMPONENT; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; import static org.sonar.db.component.ComponentTesting.newDirectory; import static org.sonar.db.component.ComponentTesting.newFileDto; import static org.sonar.db.component.ComponentTesting.newModuleDto; @@ -74,6 +72,8 @@ import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.component.SnapshotTesting.newAnalysis; import static org.sonar.db.measure.MeasureTesting.newMeasureDto; import static org.sonar.db.metric.MetricTesting.newMetricDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.test.JsonAssert.assertJson; public class ComponentActionTest { @@ -312,7 +312,7 @@ public class ComponentActionTest { componentDbTester.insertComponent(project); userSessionRule.logIn() .addProjectUuidPermissions(UserRole.USER, project.uuid()) - .addOrganizationPermission(project.getOrganizationUuid(), QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, project.getOrganizationUuid()); executeAndVerify(project.key(), "return_configuration_for_quality_profile_admin.json"); } @@ -323,7 +323,7 @@ public class ComponentActionTest { componentDbTester.insertComponent(project); userSessionRule.logIn() .addProjectUuidPermissions(UserRole.USER, project.uuid()) - .addOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN); + .addPermission(ADMINISTER_QUALITY_GATES, project.getOrganizationUuid()); executeAndVerify(project.key(), "return_configuration_for_quality_gate_admin.json"); } @@ -389,7 +389,7 @@ public class ComponentActionTest { userSessionRule.logIn() .addProjectUuidPermissions(UserRole.ADMIN, project.uuid()) - .addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + .addPermission(OrganizationPermission.ADMINISTER, org); assertJson(execute(project.key())).isSimilarTo("{\"configuration\": {\"canApplyPermissionTemplate\": true}}"); userSessionRule.logIn() diff --git a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java index 46174db1ace..625825e3ac7 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java @@ -36,7 +36,8 @@ import org.sonar.server.ws.TestResponse; import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS; import static org.sonar.test.JsonAssert.assertJson; public class OrganizationActionTest { @@ -79,8 +80,8 @@ public class OrganizationActionTest { public void verify_example() { OrganizationDto organization = dbTester.organizations().insert(dto -> dto.setGuarded(true)); userSession.logIn() - .addOrganizationPermission(organization, "admin") - .addOrganizationPermission(organization, "provisioning"); + .addPermission(ADMINISTER, organization) + .addPermission(PROVISION_PROJECTS, organization); TestResponse response = executeRequest(organization); @@ -107,7 +108,7 @@ public class OrganizationActionTest { @Test public void returns_admin_and_canDelete_true_when_user_logged_in_and_admin_and_key_is_the_default_organization() { OrganizationDto defaultOrganization = dbTester.getDefaultOrganization(); - userSession.logIn().addOrganizationPermission(defaultOrganization.getUuid(), "admin"); + userSession.logIn().addPermission(ADMINISTER, defaultOrganization); TestResponse response = executeRequest(defaultOrganization); @@ -135,7 +136,7 @@ public class OrganizationActionTest { @Test public void returns_admin_and_canDelete_true_when_user_logged_in_and_admin_and_key_is_not_the_default_organization() { OrganizationDto organization = dbTester.organizations().insert(); - userSession.logIn().addOrganizationPermission(organization.getUuid(), "admin"); + userSession.logIn().addPermission(ADMINISTER, organization); TestResponse response = executeRequest(organization); @@ -145,7 +146,7 @@ public class OrganizationActionTest { @Test public void returns_admin_and_canDelete_false_when_user_logged_in_and_admin_and_key_is_guarded_organization() { OrganizationDto organization = dbTester.organizations().insert(dto -> dto.setGuarded(true)); - userSession.logIn().addOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, organization); TestResponse response = executeRequest(organization); @@ -167,7 +168,7 @@ public class OrganizationActionTest { // user can provision projects in org2 but not in org1 OrganizationDto org1 = dbTester.organizations().insert(); OrganizationDto org2 = dbTester.organizations().insert(); - userSession.logIn().addOrganizationPermission(org2, "provisioning"); + userSession.logIn().addPermission(PROVISION_PROJECTS, org2); verifyResponse(executeRequest(org1), false, false, false); verifyResponse(executeRequest(org2), false, true, false); diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java index bad1581b20d..76c53edde48 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java @@ -36,6 +36,7 @@ import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.organization.TestDefaultOrganizationProvider; import org.sonar.server.organization.TestOrganizationFlags; +import org.sonar.server.permission.OrganizationPermission; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; @@ -88,7 +89,6 @@ public class ServerUserSessionTest { assertThat(session.isLoggedIn()).isFalse(); } - @Test public void getGroups_is_empty_on_anonymous() { assertThat(newAnonymousSession().getGroups()).isEmpty(); @@ -174,7 +174,7 @@ public class ServerUserSessionTest { expectInsufficientPrivilegesForbiddenException(); - newUserSession(NON_ROOT_USER_DTO).checkOrganizationPermission(org.getUuid(), PROVISIONING); + newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); } @Test @@ -183,72 +183,72 @@ public class ServerUserSessionTest { db.users().insertUser(NON_ROOT_USER_DTO); db.users().insertPermissionOnUser(org, NON_ROOT_USER_DTO, PROVISIONING); - newUserSession(NON_ROOT_USER_DTO).checkOrganizationPermission(org.getUuid(), PROVISIONING); + newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); } @Test public void checkOrganizationPermission_succeeds_when_user_is_root() { OrganizationDto org = db.organizations().insert(); - newUserSession(ROOT_USER_DTO).checkOrganizationPermission(org.getUuid(), PROVISIONING); + newUserSession(ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); } @Test - public void test_hasOrganizationPermission_for_logged_in_user() { + public void test_hasPermission_on_organization_for_logged_in_user() { OrganizationDto org = db.organizations().insert(); ComponentDto project = db.components().insertProject(org); db.users().insertPermissionOnUser(org, userDto, PROVISIONING); db.users().insertProjectPermissionOnUser(userDto, UserRole.ADMIN, project); UserSession session = newUserSession(userDto); - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); - assertThat(session.hasOrganizationPermission(org.getUuid(), SYSTEM_ADMIN)).isFalse(); - assertThat(session.hasOrganizationPermission("another-org", PROVISIONING)).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse(); } @Test - public void test_hasOrganizationPermission_for_anonymous_user() { + public void test_hasPermission_on_organization_for_anonymous_user() { OrganizationDto org = db.organizations().insert(); db.users().insertPermissionOnAnyone(org, PROVISIONING); UserSession session = newAnonymousSession(); - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); - assertThat(session.hasOrganizationPermission(org.getUuid(), SYSTEM_ADMIN)).isFalse(); - assertThat(session.hasOrganizationPermission("another-org", PROVISIONING)).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse(); } @Test - public void hasOrganizationPermission_keeps_cache_of_permissions_of_logged_in_user() { + public void hasPermission_on_organization_keeps_cache_of_permissions_of_logged_in_user() { OrganizationDto org = db.organizations().insert(); db.users().insertPermissionOnUser(org, userDto, PROVISIONING); UserSession session = newUserSession(userDto); // feed the cache - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); // change permissions without updating the cache db.users().deletePermissionFromUser(org, userDto, PROVISIONING); db.users().insertPermissionOnUser(org, userDto, SCAN_EXECUTION); - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); - assertThat(session.hasOrganizationPermission(org.getUuid(), SYSTEM_ADMIN)).isFalse(); - assertThat(session.hasOrganizationPermission(org.getUuid(), SCAN_EXECUTION)).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse(); } @Test - public void hasOrganizationPermission_keeps_cache_of_permissions_of_anonymous_user() { + public void hasPermission_on_organization_keeps_cache_of_permissions_of_anonymous_user() { OrganizationDto org = db.organizations().insert(); db.users().insertPermissionOnAnyone(org, PROVISIONING); UserSession session = newAnonymousSession(); // feed the cache - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); // change permissions without updating the cache db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION); - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); - assertThat(session.hasOrganizationPermission(org.getUuid(), SCAN_EXECUTION)).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse(); } @Test @@ -318,7 +318,6 @@ public class ServerUserSessionTest { assertThat(session.hasComponentPermission(UserRole.ADMIN, project)).isFalse(); } - @Test public void isSystemAdministrator_returns_true_if_org_feature_is_enabled_and_user_is_root() { organizationFlags.setEnabled(true); diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java index 77995b48187..1a823ff4919 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java @@ -23,7 +23,6 @@ import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.user.GroupDto; @@ -37,6 +36,9 @@ import org.sonar.server.ws.WsActionTester; import static com.google.common.collect.Lists.newArrayList; import static org.sonar.db.user.GroupTesting.newGroupDto; import static org.sonar.db.user.UserTesting.newUserDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonar.test.JsonAssert.assertJson; public class CurrentActionTest { @@ -60,11 +62,11 @@ public class CurrentActionTest { // permissions on default organization userSessionRule - .addOrganizationPermission(db.getDefaultOrganization(), GlobalPermissions.SCAN_EXECUTION) - .addOrganizationPermission(db.getDefaultOrganization(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(SCAN, db.getDefaultOrganization()) + .addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization()); // permissions on other organizations are ignored - userSessionRule.addOrganizationPermission(db.organizations().insert(), GlobalPermissions.SYSTEM_ADMIN); + userSessionRule.addPermission(ADMINISTER, db.organizations().insert()); UserDto obiwan = db.users().insertUser( newUserDto("obiwan.kenobi", "Obiwan Kenobi", "obiwan.kenobi@starwars.com") diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java index 95bb208352a..b8a7f962c4f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java @@ -39,7 +39,7 @@ import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_LOGIN; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_ORGANIZATION_KEY; @@ -230,7 +230,7 @@ public class AddUserActionTest { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org.getUuid(), SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } private GroupWsSupport newGroupWsSupport() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/CreateActionTest.java index adc34488d56..ee0e3354861 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/CreateActionTest.java @@ -25,7 +25,6 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; @@ -37,6 +36,7 @@ import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class CreateActionTest { @@ -219,7 +219,7 @@ public class CreateActionTest { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } private GroupWsSupport newGroupWsSupport() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java index bdfd129a8eb..32c61a476ff 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java @@ -28,7 +28,6 @@ import org.sonar.api.config.MapSettings; import org.sonar.api.config.Settings; import org.sonar.api.utils.internal.AlwaysIncreasingSystem2; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDbTester; import org.sonar.db.component.ComponentDto; @@ -45,6 +44,7 @@ import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_ORGANIZATION_KEY; @@ -290,7 +290,7 @@ public class DeleteActionTest { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } private WsTester.TestRequest newRequest() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java index 1bd98d38376..5463bed8a70 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java @@ -37,6 +37,7 @@ import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_LOGIN; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_ORGANIZATION_KEY; @@ -225,7 +226,7 @@ public class RemoveUserActionTest { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn("admin").addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn("admin").addPermission(ADMINISTER, org); } private UserDto insertAnAdministratorInDefaultOrganization() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java index 4ef669b469d..27c329e546b 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java @@ -36,8 +36,8 @@ import org.sonar.server.ws.WsTester; import static org.apache.commons.lang.StringUtils.capitalize; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.user.GroupTesting.newGroupDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class SearchActionTest { @@ -159,7 +159,7 @@ public class SearchActionTest { // the group in default org is not returned db.users().insertGroup(db.getDefaultOrganization(), "users"); loginAsDefaultOrgAdmin(); - userSession.addOrganizationPermission(org.getUuid(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, org); newRequest() .setParam("organization", org.getKey()) @@ -191,7 +191,7 @@ public class SearchActionTest { } private void loginAsDefaultOrgAdmin() { - userSession.logIn("user").addOrganizationPermission(db.getDefaultOrganization().getUuid(), SYSTEM_ADMIN); + userSession.logIn("user").addPermission(ADMINISTER, db.getDefaultOrganization()); } private GroupWsSupport newGroupWsSupport() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java index 72316db5bc1..ee2de184ab5 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java @@ -25,7 +25,6 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbSession; import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; @@ -45,6 +44,7 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.never; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class UpdateActionTest { @@ -292,6 +292,6 @@ public class UpdateActionTest { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UsersActionTest.java index b867cf1b6ec..5a0b33b6951 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UsersActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UsersActionTest.java @@ -26,7 +26,6 @@ import org.junit.rules.ExpectedException; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.server.ws.WebService.SelectionMode; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; @@ -40,6 +39,7 @@ import org.sonar.server.ws.WsTester.TestRequest; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.db.user.UserTesting.newUserDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; public class UsersActionTest { @@ -273,6 +273,6 @@ public class UsersActionTest { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } } -- 2.39.5