From 4d159788f0d56b73d178e686be74a903d71ea2fd Mon Sep 17 00:00:00 2001 From: Eric Hartmann Date: Tue, 18 Sep 2018 17:32:50 +0200 Subject: [PATCH] SONAR-11271 Introduce two new rights APPLICATION_CREATOR to allow creation of Applications PORTFOLIO_CREATOR to allow creation of Portfolios --- .gradletasknamecache | 0 .../core/permission/ProjectPermissions.java | 17 +--- .../permission/ProjectPermissionsTest.java | 38 -------- .../db/permission/AuthorizationDaoTest.java | 6 +- .../template/PermissionTemplateTesting.java | 6 +- .../java/org/sonar/server/l18n/I18nRule.java | 4 + .../permission/GroupPermissionChange.java | 4 +- .../permission/GroupPermissionChanger.java | 7 +- .../server/permission/PermissionChange.java | 5 +- .../server/permission/PermissionsHelper.java | 58 +++++++++++ .../permission/UserPermissionChange.java | 4 +- .../server/permission/ws/AddGroupAction.java | 32 ++++--- .../server/permission/ws/AddUserAction.java | 33 ++++--- .../server/permission/ws/GroupsAction.java | 21 ++-- .../permission/ws/PermissionsWsModule.java | 6 +- .../permission/ws/RemoveGroupAction.java | 32 ++++--- .../permission/ws/RemoveUserAction.java | 31 +++--- ...stValidator.java => RequestValidator.java} | 34 +++---- .../ws/SearchGlobalPermissionsAction.java | 11 +-- .../ws/SearchProjectPermissionsAction.java | 30 +++--- .../server/permission/ws/UsersAction.java | 31 +++--- ...rametersBuilder.java => WsParameters.java} | 95 ++++++++----------- .../ws/template/AddGroupToTemplateAction.java | 17 ++-- .../AddProjectCreatorToTemplateAction.java | 25 ++--- .../ws/template/AddUserToTemplateAction.java | 19 ++-- .../ws/template/ApplyTemplateAction.java | 16 ++-- .../ws/template/BulkApplyTemplateAction.java | 11 +-- .../ws/template/CreateTemplateAction.java | 24 ++--- .../ws/template/DeleteTemplateAction.java | 15 ++- .../RemoveGroupFromTemplateAction.java | 17 ++-- ...emoveProjectCreatorFromTemplateAction.java | 25 ++--- .../RemoveUserFromTemplateAction.java | 25 ++--- .../ws/template/SearchTemplatesAction.java | 32 +++---- .../ws/template/SetDefaultTemplateAction.java | 13 ++- .../ws/template/TemplateGroupsAction.java | 25 ++--- .../ws/template/TemplateUsersAction.java | 25 ++--- .../ws/template/UpdateTemplateAction.java | 19 ++-- .../startup/RegisterPermissionTemplates.java | 2 + .../GroupPermissionChangerTest.java | 83 +++++++++------- .../PermissionTemplateServiceTest.java | 38 ++++---- .../permission/UserPermissionChangerTest.java | 56 ++++++----- .../permission/ws/AddGroupActionTest.java | 9 +- .../permission/ws/AddUserActionTest.java | 6 +- .../permission/ws/BasePermissionWsTest.java | 7 +- .../permission/ws/GroupsActionTest.java | 6 +- .../ws/PermissionsWsModuleTest.java | 2 +- .../permission/ws/PermissionsWsTest.java | 41 +++++--- .../permission/ws/RemoveGroupActionTest.java | 11 ++- .../permission/ws/RemoveUserActionTest.java | 6 +- .../SearchProjectPermissionsActionTest.java | 6 +- .../server/permission/ws/UsersActionTest.java | 7 +- .../AddGroupToTemplateActionTest.java | 28 +++--- ...AddProjectCreatorToTemplateActionTest.java | 8 +- .../template/AddUserToTemplateActionTest.java | 7 +- .../ws/template/ApplyTemplateActionTest.java | 8 +- .../template/BulkApplyTemplateActionTest.java | 3 + .../ws/template/DeleteTemplateActionTest.java | 8 +- .../RemoveGroupFromTemplateActionTest.java | 29 +++--- ...eProjectCreatorFromTemplateActionTest.java | 8 +- .../RemoveUserFromTemplateActionTest.java | 32 ++++--- .../template/SearchTemplatesActionTest.java | 12 ++- .../ws/template/TemplateGroupsActionTest.java | 8 +- .../ws/template/TemplateUsersActionTest.java | 8 +- .../ws/UpdateVisibilityActionTest.java | 26 +++-- .../RegisterPermissionTemplatesTest.java | 42 +++++++- .../resources/org/sonar/l10n/core.properties | 4 + .../sonar/api/resources/ResourceTypes.java | 4 + .../main/java/org/sonar/api/web/UserRole.java | 6 ++ .../api/resources/ResourceTypesTest.java | 7 ++ 69 files changed, 774 insertions(+), 567 deletions(-) create mode 100644 .gradletasknamecache delete mode 100644 server/sonar-db-dao/src/test/java/org/sonar/core/permission/ProjectPermissionsTest.java create mode 100644 server/sonar-server/src/main/java/org/sonar/server/permission/PermissionsHelper.java rename server/sonar-server/src/main/java/org/sonar/server/permission/ws/{PermissionRequestValidator.java => RequestValidator.java} (77%) rename server/sonar-server/src/main/java/org/sonar/server/permission/ws/{PermissionsWsParametersBuilder.java => WsParameters.java} (64%) diff --git a/.gradletasknamecache b/.gradletasknamecache new file mode 100644 index 00000000000..e69de29bb2d diff --git a/server/sonar-db-dao/src/main/java/org/sonar/core/permission/ProjectPermissions.java b/server/sonar-db-dao/src/main/java/org/sonar/core/permission/ProjectPermissions.java index f797d699e00..8382de07fc8 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/core/permission/ProjectPermissions.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/core/permission/ProjectPermissions.java @@ -19,10 +19,7 @@ */ package org.sonar.core.permission; -import com.google.common.base.Joiner; -import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; -import java.util.List; import java.util.Set; import org.sonar.api.web.UserRole; @@ -34,16 +31,6 @@ public final class ProjectPermissions { * Permissions which are implicitly available for any user, any group and to group "AnyOne" on public components. */ public static final Set PUBLIC_PERMISSIONS = ImmutableSet.of(UserRole.USER, UserRole.CODEVIEWER); - - /** - * All the component permissions values - */ - public static final List ALL = ImmutableList.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, - GlobalPermissions.SCAN_EXECUTION, UserRole.USER); - - public static final String ALL_ON_ONE_LINE = Joiner.on(", ").join(ProjectPermissions.ALL); - - private ProjectPermissions() { - // static constants only - } + public static final Set ALL_PERMISSIONS = ImmutableSet.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, + GlobalPermissions.SCAN_EXECUTION, UserRole.USER, UserRole.APPLICATION_CREATOR, UserRole.PORTFOLIO_CREATOR); } diff --git a/server/sonar-db-dao/src/test/java/org/sonar/core/permission/ProjectPermissionsTest.java b/server/sonar-db-dao/src/test/java/org/sonar/core/permission/ProjectPermissionsTest.java deleted file mode 100644 index d78726c74b2..00000000000 --- a/server/sonar-db-dao/src/test/java/org/sonar/core/permission/ProjectPermissionsTest.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2018 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.core.permission; - -import org.junit.Test; -import org.sonar.api.web.UserRole; - -import static org.assertj.core.api.Assertions.assertThat; - -public class ProjectPermissionsTest { - - @Test - public void all_permissions() { - assertThat(ProjectPermissions.ALL).containsExactly(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION, UserRole.USER); - } - - @Test - public void all_permissions_as_string() { - assertThat(ProjectPermissions.ALL_ON_ONE_LINE).isEqualTo("admin, codeviewer, issueadmin, securityhotspotadmin, scan, user"); - } -} diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java index 5b50a28f9bb..ccc4963362e 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java @@ -372,7 +372,7 @@ public class AuthorizationDaoTest { @Test public void keepAuthorizedProjectIds_returns_empty_for_user_and_any_permission_on_private_project_without_any_permission_in_DB() { - ProjectPermissions.ALL + ProjectPermissions.ALL_PERMISSIONS .forEach(perm -> { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, user.getId(), perm)) .isEmpty(); @@ -383,7 +383,7 @@ public class AuthorizationDaoTest { @Test public void keepAuthorizedProjectIds_returns_empty_for_group_AnyOne_and_any_permission_on_private_project_without_any_permission_in_DB() { - ProjectPermissions.ALL + ProjectPermissions.ALL_PERMISSIONS .forEach(perm -> { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, null, perm)) .isEmpty(); @@ -621,7 +621,7 @@ public class AuthorizationDaoTest { public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_users_and_any_permission_on_private_project_without_any_permission_in_DB() { ComponentDto project = db.components().insertPrivateProject(organization); - ProjectPermissions.ALL + ProjectPermissions.ALL_PERMISSIONS .forEach(perm -> { assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserIds, perm, project.getId())) .isEmpty(); diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/PermissionTemplateTesting.java b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/PermissionTemplateTesting.java index 0ed620d31b9..36d47f8ecc8 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/PermissionTemplateTesting.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/PermissionTemplateTesting.java @@ -40,21 +40,21 @@ public class PermissionTemplateTesting { public static PermissionTemplateUserDto newPermissionTemplateUserDto() { return new PermissionTemplateUserDto() - .setPermission(ProjectPermissions.ALL.get(RandomUtils.nextInt(ProjectPermissions.ALL.size()))) + .setPermission(ProjectPermissions.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(ProjectPermissions.ALL_PERMISSIONS.size())]) .setCreatedAt(new Date()) .setUpdatedAt(new Date()); } public static PermissionTemplateGroupDto newPermissionTemplateGroupDto() { return new PermissionTemplateGroupDto() - .setPermission(ProjectPermissions.ALL.get(RandomUtils.nextInt(ProjectPermissions.ALL.size()))) + .setPermission(ProjectPermissions.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(ProjectPermissions.ALL_PERMISSIONS.size())]) .setCreatedAt(new Date()) .setUpdatedAt(new Date()); } public static PermissionTemplateCharacteristicDto newPermissionTemplateCharacteristicDto() { return new PermissionTemplateCharacteristicDto() - .setPermission(ProjectPermissions.ALL.get(RandomUtils.nextInt(ProjectPermissions.ALL.size()))) + .setPermission(ProjectPermissions.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(ProjectPermissions.ALL_PERMISSIONS.size())]) .setWithProjectCreator(RandomUtils.nextBoolean()) .setCreatedAt(System.currentTimeMillis()) .setUpdatedAt(System.currentTimeMillis()); diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/l18n/I18nRule.java b/server/sonar-server-common/src/test/java/org/sonar/server/l18n/I18nRule.java index a68c4d51c4d..1babf89be0b 100644 --- a/server/sonar-server-common/src/test/java/org/sonar/server/l18n/I18nRule.java +++ b/server/sonar-server-common/src/test/java/org/sonar/server/l18n/I18nRule.java @@ -62,6 +62,10 @@ public class I18nRule implements TestRule, I18n { "False Positive / Won't Fix or changing an Issue's severity. (Users will also need \"Browse\" permission)"); put("projects_role.securityhotspotadmin", "Administer Security Hotspots"); put("projects_role.securityhotspotadmin.desc", "Detect a Vulnerability from a \"Security Hotspot\". Reject, clear, accept, reopen a \"Security Hotspot\" (users also need \"Browse\" permissions)."); + put("projects_role.applicationcreator", "Create Applications"); + put("projects_role.applicationcreator.desc", "Allow to create applications for non system administrator."); + put("projects_role.portfoliocreator", "Create Portfolios"); + put("projects_role.portfoliocreator.desc", "Allow to create portfolios for non system administrator."); put("projects_role.user", "Browse"); put("projects_role.user.desc", "Ability to access a project, browse its measures, and create/edit issues for it."); put("projects_role.codeviewer", "See Source Code"); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChange.java b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChange.java index c2d8b41ea35..e9d44b76218 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChange.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChange.java @@ -26,9 +26,9 @@ public class GroupPermissionChange extends PermissionChange { private final GroupIdOrAnyone groupId; - public GroupPermissionChange(Operation operation, String permission, @Nullable ProjectId projectId, + public GroupPermissionChange(PermissionsHelper permissionsHelper, Operation operation, String permission, @Nullable ProjectId projectId, GroupIdOrAnyone groupId) { - super(operation, groupId.getOrganizationUuid(), permission, projectId); + super(permissionsHelper, operation, groupId.getOrganizationUuid(), permission, projectId); this.groupId = groupId; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java index 93441a56c97..f041c763ec8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java @@ -25,19 +25,22 @@ import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.permission.GroupPermissionDto; +import org.sonar.server.permission.ws.PermissionWsSupport; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.permission.PermissionChange.Operation.ADD; import static org.sonar.server.permission.PermissionChange.Operation.REMOVE; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateNotAnyoneAndAdminPermission; +import static org.sonar.server.permission.ws.RequestValidator.validateNotAnyoneAndAdminPermission; import static org.sonar.server.ws.WsUtils.checkRequest; public class GroupPermissionChanger { private final DbClient dbClient; + private final PermissionWsSupport wsSupport; - public GroupPermissionChanger(DbClient dbClient) { + public GroupPermissionChanger(DbClient dbClient, PermissionWsSupport wsSupport) { this.dbClient = dbClient; + this.wsSupport = wsSupport; } public boolean apply(DbSession dbSession, GroupPermissionChange change) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionChange.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionChange.java index 300840e22a6..3292d6bec08 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionChange.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionChange.java @@ -23,7 +23,6 @@ import java.util.Optional; import javax.annotation.CheckForNull; import javax.annotation.Nullable; import org.sonar.core.permission.GlobalPermissions; -import org.sonar.core.permission.ProjectPermissions; import static java.util.Objects.requireNonNull; import static org.sonar.server.ws.WsUtils.checkRequest; @@ -39,7 +38,7 @@ public abstract class PermissionChange { private final String permission; private final ProjectId projectId; - public PermissionChange(Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId) { + public PermissionChange(PermissionsHelper permissionsHelper, Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId) { this.operation = requireNonNull(operation); this.organizationUuid = requireNonNull(organizationUuid); this.permission = requireNonNull(permission); @@ -47,7 +46,7 @@ public abstract class PermissionChange { if (projectId == null) { checkRequest(GlobalPermissions.ALL.contains(permission), "Invalid global permission '%s'. Valid values are %s", permission, GlobalPermissions.ALL); } else { - checkRequest(ProjectPermissions.ALL.contains(permission), "Invalid project permission '%s'. Valid values are %s", permission, ProjectPermissions.ALL); + checkRequest(permissionsHelper.allPermissions().contains(permission), "Invalid project permission '%s'. Valid values are %s", permission, permissionsHelper.allPermissions()); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionsHelper.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionsHelper.java new file mode 100644 index 00000000000..4ad0a369d57 --- /dev/null +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionsHelper.java @@ -0,0 +1,58 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +package org.sonar.server.permission; + +import com.google.common.base.Joiner; +import com.google.common.collect.ImmutableSet; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Set; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; +import org.sonar.api.web.UserRole; +import org.sonar.core.permission.GlobalPermissions; + +public class PermissionsHelper { + + private final Set allPermissions; + private final String allOnOneLine; + + public PermissionsHelper(ResourceTypes resourceTypes) { + ArrayList permissions = new ArrayList<>(Arrays.asList(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, + GlobalPermissions.SCAN_EXECUTION, UserRole.USER)); + if (resourceTypes.isQualifierPresent(Qualifiers.VIEW)) { + permissions.add(UserRole.PORTFOLIO_CREATOR); + } + if (resourceTypes.isQualifierPresent(Qualifiers.APP)) { + permissions.add(UserRole.APPLICATION_CREATOR); + } + allPermissions = ImmutableSet.copyOf(permissions); + allOnOneLine = Joiner.on(", ").join(this.allPermissions); + } + + public Set allPermissions() { + return allPermissions; + } + + public String allOnOneLine() { + return allOnOneLine; + } +} diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChange.java b/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChange.java index b4b3213764c..0704b0acb55 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChange.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChange.java @@ -27,9 +27,9 @@ public class UserPermissionChange extends PermissionChange { private final UserId userId; - public UserPermissionChange(Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId, + public UserPermissionChange(PermissionsHelper permissionsHelper, Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId, UserId userId) { - super(operation, organizationUuid, permission, projectId); + super(permissionsHelper, operation, organizationUuid, permission, projectId); this.userId = requireNonNull(userId); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java index 2d782017a1c..2bef39de729 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java @@ -28,17 +28,13 @@ import org.sonar.db.DbSession; import org.sonar.server.permission.GroupPermissionChange; import org.sonar.server.permission.PermissionChange; import org.sonar.server.permission.PermissionUpdater; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ProjectId; import org.sonar.server.user.UserSession; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static java.util.Arrays.asList; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; public class AddGroupAction implements PermissionsWsAction { @@ -48,13 +44,18 @@ public class AddGroupAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; private final PermissionUpdater permissionUpdater; - private final PermissionWsSupport support; + private final PermissionWsSupport wsSupport; + private final WsParameters wsParameters; + private final PermissionsHelper permissionsHelper; - public AddGroupAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport support) { + public AddGroupAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport, + WsParameters wsParameters, PermissionsHelper permissionsHelper) { this.dbClient = dbClient; this.userSession = userSession; this.permissionUpdater = permissionUpdater; - this.support = support; + this.wsSupport = wsSupport; + this.wsParameters = wsParameters; + this.permissionsHelper = permissionsHelper; } @Override @@ -72,22 +73,23 @@ public class AddGroupAction implements PermissionsWsAction { .setPost(true) .setHandler(this); - createPermissionParameter(action); - createOrganizationParameter(action).setSince("6.2"); - createGroupNameParameter(action); - createGroupIdParameter(action); - createProjectParameters(action); + wsParameters.createPermissionParameter(action); + WsParameters.createOrganizationParameter(action).setSince("6.2"); + WsParameters.createGroupNameParameter(action); + WsParameters.createGroupIdParameter(action); + wsParameters.createProjectParameters(action); } @Override public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { - GroupIdOrAnyone group = support.findGroup(dbSession, request); - Optional projectId = support.findProjectId(dbSession, request); + GroupIdOrAnyone group = wsSupport.findGroup(dbSession, request); + Optional projectId = wsSupport.findProjectId(dbSession, request); checkProjectAdmin(userSession, group.getOrganizationUuid(), projectId); PermissionChange change = new GroupPermissionChange( + permissionsHelper, PermissionChange.Operation.ADD, request.mandatoryParam(PARAM_PERMISSION), projectId.orElse(null), diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java index ffc927024c1..e17af158c7c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java @@ -30,6 +30,7 @@ import org.sonar.db.organization.OrganizationDto; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.permission.PermissionChange; import org.sonar.server.permission.PermissionUpdater; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ProjectId; import org.sonar.server.permission.UserId; import org.sonar.server.permission.UserPermissionChange; @@ -38,10 +39,6 @@ import org.sonar.server.user.UserSession; import static com.google.common.base.Preconditions.checkArgument; import static java.util.Collections.singletonList; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createUserLoginParameter; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; @@ -55,13 +52,18 @@ public class AddUserAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; private final PermissionUpdater permissionUpdater; - private final PermissionWsSupport support; + private final PermissionWsSupport wsSupport; + private final WsParameters wsParameters; + private final PermissionsHelper permissionsHelper; - public AddUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport support) { + public AddUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport, WsParameters wsParameters, + PermissionsHelper permissionsHelper) { this.dbClient = dbClient; this.userSession = userSession; this.permissionUpdater = permissionUpdater; - this.support = support; + this.wsSupport = wsSupport; + this.wsParameters = wsParameters; + this.permissionsHelper = permissionsHelper; } @Override @@ -78,10 +80,10 @@ public class AddUserAction implements PermissionsWsAction { .setPost(true) .setHandler(this); - createPermissionParameter(action); - createUserLoginParameter(action); - createProjectParameters(action); - createOrganizationParameter(action) + wsParameters.createPermissionParameter(action); + WsParameters.createUserLoginParameter(action); + wsParameters.createProjectParameters(action); + WsParameters.createOrganizationParameter(action) .setSince("6.2") .setDescription("Key of organization, cannot be used at the same time with %s and %s", PARAM_PROJECT_ID, PARAM_PROJECT_KEY); } @@ -89,20 +91,21 @@ public class AddUserAction implements PermissionsWsAction { @Override public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { - UserId user = support.findUser(dbSession, request.mandatoryParam(PARAM_USER_LOGIN)); - Optional project = support.findProject(dbSession, request); + UserId user = wsSupport.findUser(dbSession, request.mandatoryParam(PARAM_USER_LOGIN)); + Optional project = wsSupport.findProject(dbSession, request); String organizationKey = request.param(PARAM_ORGANIZATION); checkArgument(!project.isPresent() || organizationKey == null, "Organization must not be set when project is set."); OrganizationDto org = project .map(dto -> dbClient.organizationDao().selectByUuid(dbSession, dto.getOrganizationUuid())) - .orElseGet(() -> Optional.ofNullable(support.findOrganization(dbSession, organizationKey))) + .orElseGet(() -> Optional.ofNullable(wsSupport.findOrganization(dbSession, organizationKey))) .orElseThrow(() -> new NotFoundException(String.format("Organization with key '%s' not found", organizationKey))); - support.checkMembership(dbSession, org, user); + wsSupport.checkMembership(dbSession, org, user); Optional projectId = project.map(ProjectId::new); checkProjectAdmin(userSession, org.getUuid(), projectId); PermissionChange change = new UserPermissionChange( + permissionsHelper, PermissionChange.Operation.ADD, org.getUuid(), request.mandatoryParam(PARAM_PERMISSION), diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java index 911b2c6dcad..6e63ac677ed 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java @@ -50,9 +50,6 @@ import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -60,12 +57,14 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_P public class GroupsAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; - private final PermissionWsSupport support; + private final PermissionWsSupport wsSupport; + private final WsParameters wsParameters; - public GroupsAction(DbClient dbClient, UserSession userSession, PermissionWsSupport support) { + public GroupsAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, WsParameters wsParameters) { this.dbClient = dbClient; this.userSession = userSession; - this.support = support; + this.wsSupport = wsSupport; + this.wsParameters = wsParameters; } @Override @@ -91,16 +90,16 @@ public class GroupsAction implements PermissionsWsAction { .setDescription("Limit search to group names that contain the supplied string.") .setMinimumLength(SEARCH_QUERY_MIN_LENGTH); - createOrganizationParameter(action).setSince("6.2"); - createPermissionParameter(action).setRequired(false); - createProjectParameters(action); + WsParameters.createOrganizationParameter(action).setSince("6.2"); + wsParameters.createPermissionParameter(action).setRequired(false); + wsParameters.createProjectParameters(action); } @Override public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { - OrganizationDto org = support.findOrganization(dbSession, request.param(PARAM_ORGANIZATION)); - Optional projectId = support.findProjectId(dbSession, request); + OrganizationDto org = wsSupport.findOrganization(dbSession, request.param(PARAM_ORGANIZATION)); + Optional projectId = wsSupport.findProjectId(dbSession, request); checkProjectAdmin(userSession, org.getUuid(), projectId); PermissionQuery query = buildPermissionQuery(request, org, projectId); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsModule.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsModule.java index 0a71103a313..9f3aec84c24 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsModule.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsModule.java @@ -20,6 +20,7 @@ package org.sonar.server.permission.ws; import org.sonar.core.platform.Module; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ws.template.AddGroupToTemplateAction; import org.sonar.server.permission.ws.template.AddProjectCreatorToTemplateAction; import org.sonar.server.permission.ws.template.AddUserToTemplateAction; @@ -66,6 +67,9 @@ public class PermissionsWsModule extends Module { TemplateGroupsAction.class, BulkApplyTemplateAction.class, // utility classes - PermissionWsSupport.class); + PermissionWsSupport.class, + PermissionsHelper.class, + WsParameters.class, + RequestValidator.class); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java index 6b01b99cab9..4b1bb6d8c5f 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java @@ -28,17 +28,13 @@ import org.sonar.db.DbSession; import org.sonar.server.permission.GroupPermissionChange; import org.sonar.server.permission.PermissionChange; import org.sonar.server.permission.PermissionUpdater; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ProjectId; import org.sonar.server.user.UserSession; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static java.util.Arrays.asList; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; public class RemoveGroupAction implements PermissionsWsAction { @@ -48,13 +44,18 @@ public class RemoveGroupAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; private final PermissionUpdater permissionUpdater; - private final PermissionWsSupport support; + private final PermissionWsSupport wsSupport; + private final WsParameters wsParameters; + private final PermissionsHelper permissionsHelper; - public RemoveGroupAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport support) { + public RemoveGroupAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport, + WsParameters wsParameters, PermissionsHelper permissionsHelper) { this.dbClient = dbClient; this.userSession = userSession; this.permissionUpdater = permissionUpdater; - this.support = support; + this.wsSupport = wsSupport; + this.wsParameters = wsParameters; + this.permissionsHelper = permissionsHelper; } @Override @@ -72,22 +73,23 @@ public class RemoveGroupAction implements PermissionsWsAction { .setPost(true) .setHandler(this); - createPermissionParameter(action); - createOrganizationParameter(action).setSince("6.2"); - createGroupNameParameter(action); - createGroupIdParameter(action); - createProjectParameters(action); + wsParameters.createPermissionParameter(action); + WsParameters.createOrganizationParameter(action).setSince("6.2"); + WsParameters.createGroupNameParameter(action); + WsParameters.createGroupIdParameter(action); + wsParameters.createProjectParameters(action); } @Override public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { - GroupIdOrAnyone group = support.findGroup(dbSession, request); - Optional projectId = support.findProjectId(dbSession, request); + GroupIdOrAnyone group = wsSupport.findGroup(dbSession, request); + Optional projectId = wsSupport.findProjectId(dbSession, request); checkProjectAdmin(userSession, group.getOrganizationUuid(), projectId); PermissionChange change = new GroupPermissionChange( + permissionsHelper, PermissionChange.Operation.REMOVE, request.mandatoryParam(PARAM_PERMISSION), projectId.orElse(null), diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java index 89d6fbe935f..b5404e17830 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java @@ -28,6 +28,7 @@ import org.sonar.db.DbSession; import org.sonar.db.organization.OrganizationDto; import org.sonar.server.permission.PermissionChange; import org.sonar.server.permission.PermissionUpdater; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ProjectId; import org.sonar.server.permission.UserId; import org.sonar.server.permission.UserPermissionChange; @@ -35,10 +36,6 @@ import org.sonar.server.user.UserSession; import static java.util.Collections.singletonList; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createUserLoginParameter; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_USER_LOGIN; @@ -50,13 +47,18 @@ public class RemoveUserAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; private final PermissionUpdater permissionUpdater; - private final PermissionWsSupport support; + private final PermissionWsSupport wsSupport; + private final WsParameters wsParameters; + private final PermissionsHelper permissionsHelper; - public RemoveUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport support) { + public RemoveUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport, + WsParameters wsParameters, PermissionsHelper permissionsHelper) { this.dbClient = dbClient; this.userSession = userSession; this.permissionUpdater = permissionUpdater; - this.support = support; + this.wsSupport = wsSupport; + this.wsParameters = wsParameters; + this.permissionsHelper = permissionsHelper; } @Override @@ -73,22 +75,23 @@ public class RemoveUserAction implements PermissionsWsAction { .setPost(true) .setHandler(this); - createPermissionParameter(action); - createUserLoginParameter(action); - createProjectParameters(action); - createOrganizationParameter(action).setSince("6.2"); + wsParameters.createPermissionParameter(action); + WsParameters.createUserLoginParameter(action); + wsParameters.createProjectParameters(action); + WsParameters.createOrganizationParameter(action).setSince("6.2"); } @Override public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { - UserId user = support.findUser(dbSession, request.mandatoryParam(PARAM_USER_LOGIN)); - Optional projectId = support.findProjectId(dbSession, request); - OrganizationDto org = support.findOrganization(dbSession, request.param(PARAM_ORGANIZATION)); + UserId user = wsSupport.findUser(dbSession, request.mandatoryParam(PARAM_USER_LOGIN)); + Optional projectId = wsSupport.findProjectId(dbSession, request); + OrganizationDto org = wsSupport.findOrganization(dbSession, request.param(PARAM_ORGANIZATION)); checkProjectAdmin(userSession, org.getUuid(), projectId); PermissionChange change = new UserPermissionChange( + permissionsHelper, PermissionChange.Operation.REMOVE, org.getUuid(), request.mandatoryParam(PARAM_PERMISSION), diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionRequestValidator.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RequestValidator.java similarity index 77% rename from server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionRequestValidator.java rename to server/sonar-server/src/main/java/org/sonar/server/permission/ws/RequestValidator.java index edcaa1b53a7..ea08ebd8a71 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionRequestValidator.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RequestValidator.java @@ -17,19 +17,21 @@ * along with this program; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + package org.sonar.server.permission.ws; -import com.google.common.collect.FluentIterable; import java.util.Set; import java.util.regex.Pattern; import java.util.regex.PatternSyntaxException; +import java.util.stream.Collectors; import javax.annotation.Nullable; import org.sonar.api.resources.ResourceType; import org.sonar.api.resources.ResourceTypes; import org.sonar.core.permission.GlobalPermissions; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.server.exceptions.BadRequestException; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; +import org.sonar.server.ws.WsUtils; import static com.google.common.base.Strings.isNullOrEmpty; import static java.lang.String.format; @@ -39,17 +41,20 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_P import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY_PATTERN; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_QUALIFIER; -public class PermissionRequestValidator { +public class RequestValidator { public static final String MSG_TEMPLATE_WITH_SAME_NAME = "A template with the name '%s' already exists (case insensitive)."; - public static final String MSG_TEMPLATE_NAME_NOT_BLANK = "The template name must not be blank"; + private static final String MSG_TEMPLATE_NAME_NOT_BLANK = "The template name must not be blank"; + + private PermissionsHelper permissionsHelper; - private PermissionRequestValidator() { - // static methods only + public RequestValidator(PermissionsHelper permissionsHelper) { + this.permissionsHelper = permissionsHelper; } - public static String validateProjectPermission(String permission) { - checkRequest(ProjectPermissions.ALL.contains(permission), - format("The '%s' parameter for project permissions must be one of %s. '%s' was passed.", PARAM_PERMISSION, ProjectPermissions.ALL_ON_ONE_LINE, permission)); + public String validateProjectPermission(String permission) { + WsUtils.checkRequest(permissionsHelper.allPermissions().contains(permission), + String.format("The '%s' parameter for project permissions must be one of %s. '%s' was passed.", PARAM_PERMISSION, + permissionsHelper.allOnOneLine(), permission)); return permission; } @@ -67,18 +72,13 @@ public class PermissionRequestValidator { checkRequest(!isBlank(name), MSG_TEMPLATE_NAME_NOT_BLANK); } - public static void validateQualifier(String qualifier, Set rootQualifiers) { - checkRequest(rootQualifiers.contains(qualifier), - format("The '%s' parameter must be one of %s. '%s' was passed.", PARAM_QUALIFIER, rootQualifiers, qualifier)); - } - public static void validateQualifier(@Nullable String qualifier, ResourceTypes resourceTypes) { if (qualifier == null) { return; } - Set rootQualifiers = FluentIterable.from(resourceTypes.getRoots()) - .transform(ResourceType::getQualifier) - .toSet(); + Set rootQualifiers = resourceTypes.getRoots().stream() + .map(ResourceType::getQualifier) + .collect(Collectors.toSet()); checkRequest(rootQualifiers.contains(qualifier), format("The '%s' parameter must be one of %s. '%s' was passed.", PARAM_QUALIFIER, rootQualifiers, qualifier)); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java index 397d125c091..be54259c0a7 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java @@ -34,7 +34,6 @@ import org.sonarqube.ws.Permissions.Permission; import org.sonarqube.ws.Permissions.WsSearchGlobalPermissionsResponse; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.Permissions.Permission.newBuilder; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; @@ -48,13 +47,13 @@ public class SearchGlobalPermissionsAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; private final I18n i18n; - private final PermissionWsSupport support; + private final PermissionWsSupport wsSupport; - public SearchGlobalPermissionsAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport support) { + public SearchGlobalPermissionsAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport wsSupport) { this.dbClient = dbClient; this.userSession = userSession; this.i18n = i18n; - this.support = support; + this.wsSupport = wsSupport; } @Override @@ -67,13 +66,13 @@ public class SearchGlobalPermissionsAction implements PermissionsWsAction { .setDeprecatedSince("6.5") .setHandler(this); - createOrganizationParameter(action).setSince("6.2"); + WsParameters.createOrganizationParameter(action).setSince("6.2"); } @Override public void handle(Request wsRequest, Response wsResponse) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { - OrganizationDto org = support.findOrganization(dbSession, wsRequest.param(PARAM_ORGANIZATION)); + OrganizationDto org = wsSupport.findOrganization(dbSession, wsRequest.param(PARAM_ORGANIZATION)); checkGlobalAdmin(userSession, org.getUuid()); WsSearchGlobalPermissionsResponse response = buildResponse(dbSession, org); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java index 9df36d9ea3c..bda991702f4 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java @@ -19,14 +19,15 @@ */ package org.sonar.server.permission.ws; -import java.util.List; -import java.util.Locale; -import java.util.Optional; - import com.google.common.collect.Collections2; import com.google.common.collect.Lists; import com.google.common.collect.Table; import com.google.common.collect.TreeBasedTable; +import java.util.List; +import java.util.Locale; +import java.util.Optional; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import org.sonar.api.i18n.I18n; import org.sonar.api.resources.ResourceType; import org.sonar.api.resources.ResourceTypes; @@ -35,13 +36,13 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.utils.Paging; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentQuery; import org.sonar.db.permission.CountPerProjectPermission; import org.sonar.server.permission.PermissionPrivilegeChecker; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ProjectId; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Common; @@ -49,17 +50,12 @@ import org.sonarqube.ws.Permissions.Permission; import org.sonarqube.ws.Permissions.SearchProjectPermissionsWsResponse; import org.sonarqube.ws.Permissions.SearchProjectPermissionsWsResponse.Project; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - import static java.util.Collections.singletonList; import static org.sonar.api.utils.Paging.forPageIndex; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateQualifier; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; import static org.sonar.server.permission.ws.ProjectWsRef.newOptionalWsProjectRef; import static org.sonar.server.permission.ws.SearchProjectPermissionsData.newBuilder; -import static org.sonar.server.ws.WsParameterBuilder.createRootQualifierParameter; import static org.sonar.server.ws.WsParameterBuilder.QualifierParameterContext.newQualifierParameterContext; +import static org.sonar.server.ws.WsParameterBuilder.createRootQualifierParameter; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY; @@ -75,15 +71,19 @@ public class SearchProjectPermissionsAction implements PermissionsWsAction { private final ResourceTypes resourceTypes; private final PermissionWsSupport wsSupport; private final String[] rootQualifiers; + private final WsParameters wsParameters; + private final PermissionsHelper permissionsHelper; public SearchProjectPermissionsAction(DbClient dbClient, UserSession userSession, I18n i18n, ResourceTypes resourceTypes, - PermissionWsSupport wsSupport) { + PermissionWsSupport wsSupport, WsParameters wsParameters, PermissionsHelper permissionsHelper) { this.dbClient = dbClient; this.userSession = userSession; this.i18n = i18n; this.resourceTypes = resourceTypes; this.wsSupport = wsSupport; this.rootQualifiers = Collections2.transform(resourceTypes.getRoots(), ResourceType::getQualifier).toArray(new String[resourceTypes.getRoots().size()]); + this.wsParameters = wsParameters; + this.permissionsHelper = permissionsHelper; } @Override @@ -107,7 +107,7 @@ public class SearchProjectPermissionsAction implements PermissionsWsAction { "
  • project keys that are exactly the same as the supplied string
    • " + "") .setExampleValue("apac"); - createProjectParameters(action); + wsParameters.createProjectParameters(action); createRootQualifierParameter(action, newQualifierParameterContext(i18n, resourceTypes)) .setSince("5.3"); } @@ -121,7 +121,7 @@ public class SearchProjectPermissionsAction implements PermissionsWsAction { private SearchProjectPermissionsWsResponse doHandle(SearchProjectPermissionsRequest request) { try (DbSession dbSession = dbClient.openSession(false)) { checkAuthorized(dbSession, request); - validateQualifier(request.getQualifier(), resourceTypes); + RequestValidator.validateQualifier(request.getQualifier(), resourceTypes); SearchProjectPermissionsData data = load(dbSession, request); return buildResponse(data); } @@ -170,7 +170,7 @@ public class SearchProjectPermissionsAction implements PermissionsWsAction { response.addProjects(rootComponentBuilder); } - for (String permissionKey : ProjectPermissions.ALL) { + for (String permissionKey : permissionsHelper.allPermissions()) { response.addPermissions( permissionResponse .clear() diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java index ee2c676e8f4..8decca73a3c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java @@ -50,11 +50,6 @@ import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateGlobalPermission; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -63,14 +58,18 @@ public class UsersAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; - private final PermissionWsSupport support; + private final PermissionWsSupport wsSupport; private final AvatarResolver avatarResolver; + private final RequestValidator requestValidator; + private final WsParameters wsParameters; - public UsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport support, AvatarResolver avatarResolver) { + public UsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, AvatarResolver avatarResolver, RequestValidator requestValidator, WsParameters wsParameters) { this.dbClient = dbClient; this.userSession = userSession; - this.support = support; + this.wsSupport = wsSupport; this.avatarResolver = avatarResolver; + this.requestValidator = requestValidator; + this.wsParameters = wsParameters; } @Override @@ -97,16 +96,16 @@ public class UsersAction implements PermissionsWsAction { .setDescription("Limit search to user names that contain the supplied string.
    ") .setExampleValue("eri"); - createOrganizationParameter(action).setSince("6.2"); - createPermissionParameter(action).setRequired(false); - createProjectParameters(action); + WsParameters.createOrganizationParameter(action).setSince("6.2"); + wsParameters.createPermissionParameter(action).setRequired(false); + wsParameters.createProjectParameters(action); } @Override public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { - OrganizationDto org = support.findOrganization(dbSession, request.param(PARAM_ORGANIZATION)); - Optional projectId = support.findProjectId(dbSession, request); + OrganizationDto org = wsSupport.findOrganization(dbSession, request.param(PARAM_ORGANIZATION)); + Optional projectId = wsSupport.findProjectId(dbSession, request); checkProjectAdmin(userSession, org.getUuid(), projectId); PermissionQuery query = buildPermissionQuery(request, org, projectId); @@ -119,7 +118,7 @@ public class UsersAction implements PermissionsWsAction { } } - private static PermissionQuery buildPermissionQuery(Request request, OrganizationDto organization, Optional project) { + private PermissionQuery buildPermissionQuery(Request request, OrganizationDto organization, Optional project) { String textQuery = request.param(Param.TEXT_QUERY); String permission = request.param(PARAM_PERMISSION); PermissionQuery.Builder permissionQuery = PermissionQuery.builder() @@ -131,9 +130,9 @@ public class UsersAction implements PermissionsWsAction { project.ifPresent(projectId -> permissionQuery.setComponentUuid(projectId.getUuid())); if (permission != null) { if (project.isPresent()) { - validateProjectPermission(permission); + requestValidator.validateProjectPermission(permission); } else { - validateGlobalPermission(permission); + RequestValidator.validateGlobalPermission(permission); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsParametersBuilder.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/WsParameters.java similarity index 64% rename from server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsParametersBuilder.java rename to server/sonar-server/src/main/java/org/sonar/server/permission/ws/WsParameters.java index 773d5bb40a7..8c730622d20 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsParametersBuilder.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/WsParameters.java @@ -17,15 +17,14 @@ * along with this program; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + package org.sonar.server.permission.ws; -import org.sonar.api.server.ws.WebService.NewAction; -import org.sonar.api.server.ws.WebService.NewParam; +import org.sonar.api.server.ws.WebService; import org.sonar.core.permission.GlobalPermissions; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.core.util.Uuids; +import org.sonar.server.permission.PermissionsHelper; -import static java.lang.String.format; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_DESCRIPTION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID; @@ -40,116 +39,106 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_T import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_USER_LOGIN; -public class PermissionsWsParametersBuilder { - - private static final String PERMISSION_PARAM_DESCRIPTION = format("Permission" + - "
      " + - "
    • Possible values for global permissions: %s
      • " + - "
    • Possible values for project permissions %s
      • " + - "
    ", - GlobalPermissions.ALL_ON_ONE_LINE, - ProjectPermissions.ALL_ON_ONE_LINE); - public static final String PROJECT_PERMISSION_PARAM_DESCRIPTION = format("Permission" + - "
      " + - "
    • Possible values for project permissions %s
      • " + - "
    ", - ProjectPermissions.ALL_ON_ONE_LINE); - - private PermissionsWsParametersBuilder() { - // static methods only - } - - public static NewParam createPermissionParameter(NewAction action) { +public class WsParameters { + private PermissionsHelper permissionsHelper; + private final String permissionParamDescription; + private final String projectPermissionParamDescription; + + public WsParameters(PermissionsHelper permissionsHelper) { + this.permissionsHelper = permissionsHelper; + permissionParamDescription = String.format("Permission" + + "
      " + + "
    • Possible values for global permissions: %s
      • " + + "
    • Possible values for project permissions %s
      • " + + "
    ", + GlobalPermissions.ALL_ON_ONE_LINE, + permissionsHelper.allOnOneLine()); + projectPermissionParamDescription = String.format("Permission" + + "
      " + + "
    • Possible values for project permissions %s
      • " + + "
    ", + permissionsHelper.allOnOneLine()); + } + + public WebService.NewParam createPermissionParameter(WebService.NewAction action) { return action.createParam(PARAM_PERMISSION) - .setDescription(PERMISSION_PARAM_DESCRIPTION) + .setDescription(permissionParamDescription) .setRequired(true); } - public static NewParam createProjectPermissionParameter(NewAction action, boolean required) { + public WebService.NewParam createProjectPermissionParameter(WebService.NewAction action, boolean required) { return action.createParam(PARAM_PERMISSION) - .setDescription(PROJECT_PERMISSION_PARAM_DESCRIPTION) - .setPossibleValues(ProjectPermissions.ALL) + .setDescription(projectPermissionParamDescription) + .setPossibleValues(permissionsHelper.allPermissions()) .setRequired(required); } - public static NewParam createProjectPermissionParameter(NewAction action) { + public WebService.NewParam createProjectPermissionParameter(WebService.NewAction action) { return createProjectPermissionParameter(action, true); } - public static void createGroupNameParameter(NewAction action) { + public static void createGroupNameParameter(WebService.NewAction action) { action.createParam(PARAM_GROUP_NAME) .setDescription("Group name or 'anyone' (case insensitive)") .setExampleValue("sonar-administrators"); } - public static NewParam createOrganizationParameter(NewAction action) { + public static WebService.NewParam createOrganizationParameter(WebService.NewAction action) { return action.createParam(PARAM_ORGANIZATION) .setDescription("Key of organization, used when group name is set") .setExampleValue("my-org") .setInternal(true); } - public static void createGroupIdParameter(NewAction action) { + public static void createGroupIdParameter(WebService.NewAction action) { action.createParam(PARAM_GROUP_ID) .setDescription("Group id") .setExampleValue("42"); } - public static void createProjectParameters(NewAction action) { - createProjectIdParameter(action); - createProjectKeyParameter(action); - } - - private static void createProjectIdParameter(NewAction action) { + public void createProjectParameters(WebService.NewAction action) { action.createParam(PARAM_PROJECT_ID) .setDescription("Project id") .setExampleValue("ce4c03d6-430f-40a9-b777-ad877c00aa4d"); + createProjectKeyParameter(action); } - private static void createProjectKeyParameter(NewAction action) { + private static void createProjectKeyParameter(WebService.NewAction action) { action.createParam(PARAM_PROJECT_KEY) .setDescription("Project key") .setExampleValue(KEY_PROJECT_EXAMPLE_001); } - public static void createUserLoginParameter(NewAction action) { + public static void createUserLoginParameter(WebService.NewAction action) { action.createParam(PARAM_USER_LOGIN) .setRequired(true) .setDescription("User login") .setExampleValue("g.hopper"); } - public static void createTemplateParameters(NewAction action) { - createTemplateIdParameter(action); - createOrganizationParameter(action); - createTemplateNameParameter(action); - } - - private static void createTemplateIdParameter(NewAction action) { + public static void createTemplateParameters(WebService.NewAction action) { action.createParam(PARAM_TEMPLATE_ID) .setDescription("Template id") .setExampleValue(Uuids.UUID_EXAMPLE_01); - } - - private static void createTemplateNameParameter(NewAction action) { + createOrganizationParameter(action); action.createParam(PARAM_TEMPLATE_NAME) .setDescription("Template name") .setExampleValue("Default Permission Template for Projects"); } - public static void createTemplateProjectKeyPatternParameter(NewAction action) { + public static void createTemplateProjectKeyPatternParameter(WebService.NewAction action) { action.createParam(PARAM_PROJECT_KEY_PATTERN) .setDescription("Project key pattern. Must be a valid Java regular expression") .setExampleValue(".*\\.finance\\..*"); } - public static void createTemplateDescriptionParameter(NewAction action) { + public static void createTemplateDescriptionParameter(WebService.NewAction action) { action.createParam(PARAM_DESCRIPTION) .setDescription("Description") .setExampleValue("Permissions for all projects related to the financial service"); } - public static void createIdParameter(NewAction action) { + public static void createIdParameter(WebService.NewAction action) { action.createParam(PARAM_ID) .setRequired(true) .setDescription("Id") diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java index 45f8b1161a8..74b4dc90375 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java @@ -27,16 +27,13 @@ import org.sonar.db.DbSession; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static java.lang.String.format; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.permission.ws.template.WsTemplateRef.fromRequest; import static org.sonar.server.ws.WsUtils.checkRequest; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -45,11 +42,13 @@ public class AddGroupToTemplateAction implements PermissionsWsAction { private final DbClient dbClient; private final PermissionWsSupport support; private final UserSession userSession; + private final WsParameters wsParameters; - public AddGroupToTemplateAction(DbClient dbClient, PermissionWsSupport support, UserSession userSession) { + public AddGroupToTemplateAction(DbClient dbClient, PermissionWsSupport support, UserSession userSession, WsParameters wsParameters) { this.dbClient = dbClient; this.support = support; this.userSession = userSession; + this.wsParameters = wsParameters; } @Override @@ -63,10 +62,10 @@ public class AddGroupToTemplateAction implements PermissionsWsAction { "Requires the following permission: 'Administer System'.") .setHandler(this); - createTemplateParameters(action); - createProjectPermissionParameter(action); - createGroupIdParameter(action); - createGroupNameParameter(action); + WsParameters.createTemplateParameters(action); + wsParameters.createProjectPermissionParameter(action); + WsParameters.createGroupIdParameter(action); + WsParameters.createGroupNameParameter(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java index 17c40d4bfb6..59d68421bf1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java @@ -20,6 +20,8 @@ package org.sonar.server.permission.ws.template; import java.util.Optional; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -30,16 +32,12 @@ import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.RequestValidator; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - import static java.util.Objects.requireNonNull; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; @@ -50,22 +48,27 @@ public class AddProjectCreatorToTemplateAction implements PermissionsWsAction { private final PermissionWsSupport wsSupport; private final UserSession userSession; private final System2 system; + private final RequestValidator requestValidator; + private final WsParameters wsParameters; - public AddProjectCreatorToTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system) { + public AddProjectCreatorToTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system, RequestValidator requestValidator, + WsParameters wsParameters) { this.dbClient = dbClient; this.wsSupport = wsSupport; this.userSession = userSession; this.system = system; + this.requestValidator = requestValidator; + this.wsParameters = wsParameters; } - private static AddProjectCreatorToTemplateRequest toWsRequest(Request request) { + private AddProjectCreatorToTemplateRequest toWsRequest(Request request) { AddProjectCreatorToTemplateRequest wsRequest = AddProjectCreatorToTemplateRequest.builder() .setPermission(request.mandatoryParam(PARAM_PERMISSION)) .setTemplateId(request.param(PARAM_TEMPLATE_ID)) .setOrganization(request.param(PARAM_ORGANIZATION)) .setTemplateName(request.param(PARAM_TEMPLATE_NAME)) .build(); - validateProjectPermission(wsRequest.getPermission()); + requestValidator.validateProjectPermission(wsRequest.getPermission()); return wsRequest; } @@ -78,8 +81,8 @@ public class AddProjectCreatorToTemplateAction implements PermissionsWsAction { .setPost(true) .setHandler(this); - createTemplateParameters(action); - createProjectPermissionParameter(action); + WsParameters.createTemplateParameters(action); + wsParameters.createProjectPermissionParameter(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java index 082a1c2e1dc..56fc8134918 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java @@ -20,6 +20,8 @@ package org.sonar.server.permission.ws.template; import java.util.List; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -31,16 +33,11 @@ import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.UserId; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - import static java.util.Objects.requireNonNull; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createUserLoginParameter; import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -52,11 +49,13 @@ public class AddUserToTemplateAction implements PermissionsWsAction { private final DbClient dbClient; private final PermissionWsSupport wsSupport; private final UserSession userSession; + private final WsParameters wsParameters; - public AddUserToTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession) { + public AddUserToTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, WsParameters wsParameters) { this.dbClient = dbClient; this.wsSupport = wsSupport; this.userSession = userSession; + this.wsParameters = wsParameters; } private static AddUserToTemplateRequest toAddUserToTemplateWsRequest(Request request) { @@ -78,9 +77,9 @@ public class AddUserToTemplateAction implements PermissionsWsAction { "Requires the following permission: 'Administer System'.") .setHandler(this); - createTemplateParameters(action); - createProjectPermissionParameter(action); - createUserLoginParameter(action); + WsParameters.createTemplateParameters(action); + wsParameters.createProjectPermissionParameter(action); + WsParameters.createUserLoginParameter(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java index 70ced889c16..f313eb2eaac 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java @@ -20,6 +20,8 @@ package org.sonar.server.permission.ws.template; import java.util.Collections; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -30,14 +32,10 @@ import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.PermissionTemplateService; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.permission.ws.ProjectWsRef.newWsProjectRef; import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; @@ -51,13 +49,15 @@ public class ApplyTemplateAction implements PermissionsWsAction { private final UserSession userSession; private final PermissionTemplateService permissionTemplateService; private final PermissionWsSupport wsSupport; + private final WsParameters wsParameters; public ApplyTemplateAction(DbClient dbClient, UserSession userSession, PermissionTemplateService permissionTemplateService, - PermissionWsSupport wsSupport) { + PermissionWsSupport wsSupport, WsParameters wsParameters) { this.dbClient = dbClient; this.userSession = userSession; this.permissionTemplateService = permissionTemplateService; this.wsSupport = wsSupport; + this.wsParameters = wsParameters; } private static ApplyTemplateRequest toApplyTemplateWsRequest(Request request) { @@ -80,8 +80,8 @@ public class ApplyTemplateAction implements PermissionsWsAction { .setSince("5.2") .setHandler(this); - createTemplateParameters(action); - createProjectParameters(action); + WsParameters.createTemplateParameters(action); + wsParameters.createProjectParameters(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/BulkApplyTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/BulkApplyTemplateAction.java index a86482a8a9a..c1ff60a7077 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/BulkApplyTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/BulkApplyTemplateAction.java @@ -22,6 +22,8 @@ package org.sonar.server.permission.ws.template; import java.util.Collection; import java.util.HashSet; import java.util.List; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import org.sonar.api.i18n.I18n; import org.sonar.api.resources.Qualifiers; import org.sonar.api.resources.ResourceTypes; @@ -39,19 +41,16 @@ import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.PermissionTemplateService; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.project.Visibility; import org.sonar.server.user.UserSession; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - +import static java.lang.String.format; import static java.util.Collections.singleton; import static java.util.Objects.requireNonNull; -import static java.lang.String.format; import static org.sonar.api.utils.DateUtils.parseDateOrDateTime; import static org.sonar.core.util.Protobuf.setNullable; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_002; @@ -108,7 +107,7 @@ public class BulkApplyTemplateAction implements PermissionsWsAction { .setDefaultValue(Qualifiers.PROJECT) .setDeprecatedKey(PARAM_QUALIFIER, "6.6"); - createTemplateParameters(action); + WsParameters.createTemplateParameters(action); action .createParam(PARAM_PROJECTS) diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java index a54ecf681c8..969ef2066f3 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java @@ -20,6 +20,8 @@ package org.sonar.server.permission.ws.template; import java.util.Date; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -31,22 +33,16 @@ import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.RequestValidator; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Permissions.CreateTemplateWsResponse; import org.sonarqube.ws.Permissions.PermissionTemplate; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - import static java.lang.String.format; import static java.util.Objects.requireNonNull; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionRequestValidator.MSG_TEMPLATE_WITH_SAME_NAME; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPattern; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateTemplateNameFormat; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateDescriptionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateProjectKeyPatternParameter; +import static org.sonar.server.permission.ws.RequestValidator.MSG_TEMPLATE_WITH_SAME_NAME; import static org.sonar.server.permission.ws.template.PermissionTemplateDtoToPermissionTemplateResponse.toPermissionTemplateResponse; import static org.sonar.server.ws.WsUtils.checkRequest; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -96,9 +92,9 @@ public class CreateTemplateAction implements PermissionsWsAction { .setDescription("Name") .setExampleValue("Financial Service Permissions"); - createTemplateProjectKeyPatternParameter(action); - createTemplateDescriptionParameter(action); - createOrganizationParameter(action).setSince("6.2"); + WsParameters.createTemplateProjectKeyPatternParameter(action); + WsParameters.createTemplateDescriptionParameter(action); + WsParameters.createOrganizationParameter(action).setSince("6.2"); } @Override @@ -113,7 +109,7 @@ public class CreateTemplateAction implements PermissionsWsAction { checkGlobalAdmin(userSession, org.getUuid()); validateTemplateNameForCreation(dbSession, org, request.getName()); - validateProjectPattern(request.getProjectKeyPattern()); + RequestValidator.validateProjectPattern(request.getProjectKeyPattern()); PermissionTemplateDto permissionTemplate = insertTemplate(dbSession, org, request); @@ -122,7 +118,7 @@ public class CreateTemplateAction implements PermissionsWsAction { } private void validateTemplateNameForCreation(DbSession dbSession, OrganizationDto org, String name) { - validateTemplateNameFormat(name); + RequestValidator.validateTemplateNameFormat(name); PermissionTemplateDto permissionTemplateWithSameName = dbClient.permissionTemplateDao() .selectByName(dbSession, org.getUuid(), name); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/DeleteTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/DeleteTemplateAction.java index 5d6d7bb60b2..ad29f651964 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/DeleteTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/DeleteTemplateAction.java @@ -19,6 +19,8 @@ */ package org.sonar.server.permission.ws.template; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -28,13 +30,10 @@ import org.sonar.db.organization.DefaultTemplates; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef; import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; import static org.sonar.server.ws.WsUtils.checkRequest; @@ -45,13 +44,13 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_T public class DeleteTemplateAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; - private final PermissionWsSupport finder; + private final PermissionWsSupport wsSupport; private final DefaultTemplatesResolver defaultTemplatesResolver; public DeleteTemplateAction(DbClient dbClient, UserSession userSession, PermissionWsSupport support, DefaultTemplatesResolver defaultTemplatesResolver) { this.dbClient = dbClient; this.userSession = userSession; - this.finder = support; + this.wsSupport = support; this.defaultTemplatesResolver = defaultTemplatesResolver; } @@ -71,7 +70,7 @@ public class DeleteTemplateAction implements PermissionsWsAction { .setPost(true) .setHandler(this); - createTemplateParameters(action); + WsParameters.createTemplateParameters(action); } @Override @@ -83,7 +82,7 @@ public class DeleteTemplateAction implements PermissionsWsAction { private void doHandle(DeleteTemplateRequest request) { try (DbSession dbSession = dbClient.openSession(false)) { - PermissionTemplateDto template = finder.findTemplate(dbSession, newTemplateRef( + PermissionTemplateDto template = wsSupport.findTemplate(dbSession, newTemplateRef( request.getTemplateId(), request.getOrganization(), request.getTemplateName())); checkGlobalAdmin(userSession, template.getOrganizationUuid()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java index c30cf416286..be83365bfb9 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java @@ -27,26 +27,25 @@ import org.sonar.db.DbSession; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static com.google.common.base.Preconditions.checkArgument; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; public class RemoveGroupFromTemplateAction implements PermissionsWsAction { private final DbClient dbClient; private final PermissionWsSupport wsSupport; private final UserSession userSession; + private final WsParameters wsParameters; - public RemoveGroupFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession) { + public RemoveGroupFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, WsParameters wsParameters) { this.dbClient = dbClient; this.wsSupport = wsSupport; this.userSession = userSession; + this.wsParameters = wsParameters; } @Override @@ -60,10 +59,10 @@ public class RemoveGroupFromTemplateAction implements PermissionsWsAction { "Requires the following permission: 'Administer System'.") .setHandler(this); - createTemplateParameters(action); - createProjectPermissionParameter(action); - createGroupIdParameter(action); - createGroupNameParameter(action); + WsParameters.createTemplateParameters(action); + wsParameters.createProjectPermissionParameter(action); + WsParameters.createGroupIdParameter(action); + WsParameters.createGroupNameParameter(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java index 22f09b66d98..630966d414e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java @@ -19,6 +19,8 @@ */ package org.sonar.server.permission.ws.template; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -30,16 +32,12 @@ import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.RequestValidator; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - import static java.util.Objects.requireNonNull; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; @@ -50,22 +48,27 @@ public class RemoveProjectCreatorFromTemplateAction implements PermissionsWsActi private final PermissionWsSupport wsSupport; private final UserSession userSession; private final System2 system; + private final RequestValidator requestValidator; + private final WsParameters wsParameters; - public RemoveProjectCreatorFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system) { + public RemoveProjectCreatorFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system, + RequestValidator requestValidator, WsParameters wsParameters) { this.dbClient = dbClient; this.wsSupport = wsSupport; this.userSession = userSession; this.system = system; + this.requestValidator = requestValidator; + this.wsParameters = wsParameters; } - private static RemoveProjectCreatorFromTemplateRequest toWsRequest(Request request) { + private RemoveProjectCreatorFromTemplateRequest toWsRequest(Request request) { RemoveProjectCreatorFromTemplateRequest wsRequest = RemoveProjectCreatorFromTemplateRequest.builder() .setPermission(request.mandatoryParam(PARAM_PERMISSION)) .setTemplateId(request.param(PARAM_TEMPLATE_ID)) .setOrganization(request.param(PARAM_ORGANIZATION)) .setTemplateName(request.param(PARAM_TEMPLATE_NAME)) .build(); - validateProjectPermission(wsRequest.getPermission()); + requestValidator.validateProjectPermission(wsRequest.getPermission()); return wsRequest; } @@ -78,8 +81,8 @@ public class RemoveProjectCreatorFromTemplateAction implements PermissionsWsActi .setPost(true) .setHandler(this); - createTemplateParameters(action); - createProjectPermissionParameter(action); + WsParameters.createTemplateParameters(action); + wsParameters.createProjectPermissionParameter(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java index 586fe9777c5..8004f97815a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java @@ -19,6 +19,8 @@ */ package org.sonar.server.permission.ws.template; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -28,17 +30,12 @@ import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.UserId; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.RequestValidator; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - import static java.util.Objects.requireNonNull; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createUserLoginParameter; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; @@ -49,11 +46,15 @@ public class RemoveUserFromTemplateAction implements PermissionsWsAction { private final DbClient dbClient; private final PermissionWsSupport wsSupport; private final UserSession userSession; + private final RequestValidator requestValidator; + private final WsParameters wsParameters; - public RemoveUserFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession) { + public RemoveUserFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, RequestValidator requestValidator, WsParameters wsParameters) { this.dbClient = dbClient; this.wsSupport = wsSupport; this.userSession = userSession; + this.requestValidator = requestValidator; + this.wsParameters = wsParameters; } private static RemoveUserFromTemplateRequest toRemoveUserFromTemplateWsRequest(Request request) { @@ -75,9 +76,9 @@ public class RemoveUserFromTemplateAction implements PermissionsWsAction { "Requires the following permission: 'Administer System'.") .setHandler(this); - createTemplateParameters(action); - createProjectPermissionParameter(action); - createUserLoginParameter(action); + WsParameters.createTemplateParameters(action); + wsParameters.createProjectPermissionParameter(action); + WsParameters.createUserLoginParameter(action); } @Override @@ -91,7 +92,7 @@ public class RemoveUserFromTemplateAction implements PermissionsWsAction { String userLogin = request.getLogin(); try (DbSession dbSession = dbClient.openSession(false)) { - validateProjectPermission(permission); + requestValidator.validateProjectPermission(permission); PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef( request.getTemplateId(), request.getOrganization(), request.getTemplateName())); checkGlobalAdmin(userSession, template.getOrganizationUuid()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java index 446988ccfa4..a1e0f1e0795 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java @@ -19,19 +19,19 @@ */ package org.sonar.server.permission.ws.template; -import java.util.List; -import java.util.Locale; - import com.google.common.collect.Lists; import com.google.common.collect.Table; import com.google.common.collect.TreeBasedTable; +import java.util.List; +import java.util.Locale; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import org.sonar.api.i18n.I18n; import org.sonar.api.resources.Qualifiers; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.server.ws.WebService.Param; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.organization.DefaultTemplates; @@ -39,8 +39,10 @@ import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.template.CountByTemplateAndPermissionDto; import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto; import org.sonar.db.permission.template.PermissionTemplateDto; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Permissions; import org.sonarqube.ws.Permissions.Permission; @@ -48,13 +50,9 @@ import org.sonarqube.ws.Permissions.PermissionTemplate; import org.sonarqube.ws.Permissions.SearchTemplatesWsResponse; import org.sonarqube.ws.Permissions.SearchTemplatesWsResponse.TemplateIdQualifier; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - import static org.sonar.api.utils.DateUtils.formatDateTime; import static org.sonar.core.util.Protobuf.setNullable; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; import static org.sonar.server.permission.ws.template.SearchTemplatesData.builder; import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -67,15 +65,17 @@ public class SearchTemplatesAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; private final I18n i18n; - private final PermissionWsSupport support; + private final PermissionWsSupport wsSupport; private final DefaultTemplatesResolver defaultTemplatesResolver; + private final PermissionsHelper permissionsHelper; - public SearchTemplatesAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport support, DefaultTemplatesResolver defaultTemplatesResolver) { + public SearchTemplatesAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport wsSupport, DefaultTemplatesResolver defaultTemplatesResolver, PermissionsHelper permissionsHelper) { this.dbClient = dbClient; this.userSession = userSession; this.i18n = i18n; - this.support = support; + this.wsSupport = wsSupport; this.defaultTemplatesResolver = defaultTemplatesResolver; + this.permissionsHelper = permissionsHelper; } @Override @@ -88,13 +88,13 @@ public class SearchTemplatesAction implements PermissionsWsAction { .addSearchQuery("defau", "permission template names") .setHandler(this); - createOrganizationParameter(action).setSince("6.2"); + WsParameters.createOrganizationParameter(action).setSince("6.2"); } @Override public void handle(Request wsRequest, Response wsResponse) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { - OrganizationDto org = support.findOrganization(dbSession, wsRequest.param(PARAM_ORGANIZATION)); + OrganizationDto org = wsSupport.findOrganization(dbSession, wsRequest.param(PARAM_ORGANIZATION)); SearchTemplatesRequest request = new SearchTemplatesRequest() .setOrganizationUuid(org.getUuid()) .setQuery(wsRequest.param(Param.TEXT_QUERY)); @@ -121,7 +121,7 @@ public class SearchTemplatesAction implements PermissionsWsAction { .setTemplateId(viewDefaultTemplate))); } - private static void buildTemplatesResponse(Permissions.SearchTemplatesWsResponse.Builder response, SearchTemplatesData data) { + private void buildTemplatesResponse(Permissions.SearchTemplatesWsResponse.Builder response, SearchTemplatesData data) { Permission.Builder permissionResponse = Permission.newBuilder(); PermissionTemplate.Builder templateBuilder = PermissionTemplate.newBuilder(); @@ -134,7 +134,7 @@ public class SearchTemplatesAction implements PermissionsWsAction { .setUpdatedAt(formatDateTime(templateDto.getUpdatedAt())); setNullable(templateDto.getKeyPattern(), templateBuilder::setProjectKeyPattern); setNullable(templateDto.getDescription(), templateBuilder::setDescription); - for (String permission : ProjectPermissions.ALL) { + for (String permission : permissionsHelper.allPermissions()) { templateBuilder.addPermissions( permissionResponse .clear() @@ -159,7 +159,7 @@ public class SearchTemplatesAction implements PermissionsWsAction { private void buildPermissionsResponse(SearchTemplatesWsResponse.Builder response) { Permission.Builder permissionResponse = Permission.newBuilder(); - for (String permissionKey : ProjectPermissions.ALL) { + for (String permissionKey : permissionsHelper.allPermissions()) { response.addPermissions( permissionResponse .clear() diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SetDefaultTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SetDefaultTemplateAction.java index 48500f8370b..ae6d4cd3ba6 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SetDefaultTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SetDefaultTemplateAction.java @@ -19,6 +19,8 @@ */ package org.sonar.server.permission.ws.template; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; import org.sonar.api.i18n.I18n; import org.sonar.api.resources.Qualifiers; import org.sonar.api.resources.ResourceTypes; @@ -32,14 +34,11 @@ import org.sonar.db.organization.OrganizationDao; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.RequestValidator; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; -import javax.annotation.CheckForNull; -import javax.annotation.Nullable; - import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateQualifier; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef; import static org.sonar.server.ws.WsParameterBuilder.QualifierParameterContext.newQualifierParameterContext; import static org.sonar.server.ws.WsParameterBuilder.createDefaultTemplateQualifierParameter; @@ -82,7 +81,7 @@ public class SetDefaultTemplateAction implements PermissionsWsAction { .setSince("5.2") .setHandler(this); - createTemplateParameters(action); + WsParameters.createTemplateParameters(action); createDefaultTemplateQualifierParameter(action, newQualifierParameterContext(i18n, resourceTypes)) .setDefaultValue(Qualifiers.PROJECT); } @@ -98,7 +97,7 @@ public class SetDefaultTemplateAction implements PermissionsWsAction { String qualifier = request.getQualifier(); PermissionTemplateDto template = findTemplate(dbSession, request); checkGlobalAdmin(userSession, template.getOrganizationUuid()); - validateQualifier(qualifier, resourceTypes); + RequestValidator.validateQualifier(qualifier, resourceTypes); setDefaultTemplateUuid(dbSession, template, qualifier); dbSession.commit(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java index 7d8d6dee7c6..c2d106faa75 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java @@ -37,6 +37,8 @@ import org.sonar.db.permission.template.PermissionTemplateGroupDto; import org.sonar.db.user.GroupDto; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.RequestValidator; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Permissions; @@ -48,21 +50,22 @@ import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; public class TemplateGroupsAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; - private final PermissionWsSupport support; + private final PermissionWsSupport wsSupport; + private final RequestValidator requestValidator; + private final WsParameters wsParameters; - public TemplateGroupsAction(DbClient dbClient, UserSession userSession, PermissionWsSupport support) { + public TemplateGroupsAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, RequestValidator requestValidator, WsParameters wsParameters) { this.dbClient = dbClient; this.userSession = userSession; - this.support = support; + this.wsSupport = wsSupport; + this.requestValidator = requestValidator; + this.wsParameters = wsParameters; } @Override @@ -83,15 +86,15 @@ public class TemplateGroupsAction implements PermissionsWsAction { "When this parameter is not set, only group having at least one permission are returned.") .setExampleValue("eri"); - createProjectPermissionParameter(action, false); - createTemplateParameters(action); + wsParameters.createProjectPermissionParameter(action, false); + WsParameters.createTemplateParameters(action); } @Override public void handle(Request wsRequest, Response wsResponse) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { WsTemplateRef templateRef = WsTemplateRef.fromRequest(wsRequest); - PermissionTemplateDto template = support.findTemplate(dbSession, templateRef); + PermissionTemplateDto template = wsSupport.findTemplate(dbSession, templateRef); checkGlobalAdmin(userSession, template.getOrganizationUuid()); PermissionQuery query = buildPermissionQuery(wsRequest, template); @@ -104,12 +107,12 @@ public class TemplateGroupsAction implements PermissionsWsAction { } } - private static PermissionQuery buildPermissionQuery(Request request, PermissionTemplateDto template) { + private PermissionQuery buildPermissionQuery(Request request, PermissionTemplateDto template) { String textQuery = request.param(TEXT_QUERY); String permission = request.param(PARAM_PERMISSION); PermissionQuery.Builder permissionQuery = PermissionQuery.builder() .setOrganizationUuid(template.getOrganizationUuid()) - .setPermission(permission != null ? validateProjectPermission(permission) : null) + .setPermission(permission != null ? requestValidator.validateProjectPermission(permission) : null) .setPageIndex(request.mandatoryParamAsInt(PAGE)) .setPageSize(request.mandatoryParamAsInt(PAGE_SIZE)) .setSearchQuery(textQuery); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java index 47d2bf25aaf..88544a0fd12 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java @@ -38,6 +38,8 @@ import org.sonar.db.user.UserDto; import org.sonar.server.issue.ws.AvatarResolver; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.RequestValidator; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Permissions; import org.sonarqube.ws.Permissions.UsersWsResponse; @@ -51,9 +53,6 @@ import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -61,14 +60,18 @@ public class TemplateUsersAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; - private final PermissionWsSupport support; + private final PermissionWsSupport wsSupport; private final AvatarResolver avatarResolver; + private final RequestValidator requestValidator; + private final WsParameters wsParameters; - public TemplateUsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport support, AvatarResolver avatarResolver) { + public TemplateUsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, AvatarResolver avatarResolver, RequestValidator requestValidator, WsParameters wsParameters) { this.dbClient = dbClient; this.userSession = userSession; - this.support = support; + this.wsSupport = wsSupport; this.avatarResolver = avatarResolver; + this.requestValidator = requestValidator; + this.wsParameters = wsParameters; } @Override @@ -89,15 +92,15 @@ public class TemplateUsersAction implements PermissionsWsAction { .setDescription("Limit search to user names that contain the supplied string.
    " + "When this parameter is not set, only users having at least one permission are returned.") .setExampleValue("eri"); - createProjectPermissionParameter(action).setRequired(false); - createTemplateParameters(action); + wsParameters.createProjectPermissionParameter(action).setRequired(false); + WsParameters.createTemplateParameters(action); } @Override public void handle(Request wsRequest, Response wsResponse) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { WsTemplateRef templateRef = WsTemplateRef.fromRequest(wsRequest); - PermissionTemplateDto template = support.findTemplate(dbSession, templateRef); + PermissionTemplateDto template = wsSupport.findTemplate(dbSession, templateRef); checkGlobalAdmin(userSession, template.getOrganizationUuid()); PermissionQuery query = buildQuery(wsRequest, template); @@ -111,13 +114,13 @@ public class TemplateUsersAction implements PermissionsWsAction { } } - private static PermissionQuery buildQuery(Request wsRequest, PermissionTemplateDto template) { + private PermissionQuery buildQuery(Request wsRequest, PermissionTemplateDto template) { String textQuery = wsRequest.param(TEXT_QUERY); String permission = wsRequest.param(PARAM_PERMISSION); PermissionQuery.Builder query = PermissionQuery.builder() .setOrganizationUuid(template.getOrganizationUuid()) .setTemplate(template.getUuid()) - .setPermission(permission != null ? validateProjectPermission(permission) : null) + .setPermission(permission != null ? requestValidator.validateProjectPermission(permission) : null) .setPageIndex(wsRequest.mandatoryParamAsInt(PAGE)) .setPageSize(wsRequest.mandatoryParamAsInt(PAGE_SIZE)) .setSearchQuery(textQuery); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/UpdateTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/UpdateTemplateAction.java index abe88d8405a..459b9179048 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/UpdateTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/UpdateTemplateAction.java @@ -31,6 +31,8 @@ import org.sonar.db.DbSession; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; +import org.sonar.server.permission.ws.RequestValidator; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Permissions.PermissionTemplate; import org.sonarqube.ws.Permissions.UpdateTemplateWsResponse; @@ -39,12 +41,7 @@ import static com.google.common.base.MoreObjects.firstNonNull; import static java.lang.String.format; import static java.util.Objects.requireNonNull; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; -import static org.sonar.server.permission.ws.PermissionRequestValidator.MSG_TEMPLATE_WITH_SAME_NAME; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPattern; -import static org.sonar.server.permission.ws.PermissionRequestValidator.validateTemplateNameFormat; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createIdParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateDescriptionParameter; -import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateProjectKeyPatternParameter; +import static org.sonar.server.permission.ws.RequestValidator.MSG_TEMPLATE_WITH_SAME_NAME; import static org.sonar.server.permission.ws.template.PermissionTemplateDtoToPermissionTemplateResponse.toPermissionTemplateResponse; import static org.sonar.server.ws.WsUtils.checkRequest; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -89,14 +86,14 @@ public class UpdateTemplateAction implements PermissionsWsAction { .setPost(true) .setHandler(this); - createIdParameter(action); + WsParameters.createIdParameter(action); action.createParam(PARAM_NAME) .setDescription("Name") .setExampleValue("Financial Service Permissions"); - createTemplateProjectKeyPatternParameter(action); - createTemplateDescriptionParameter(action); + WsParameters.createTemplateProjectKeyPatternParameter(action); + WsParameters.createTemplateDescriptionParameter(action); } @Override @@ -125,7 +122,7 @@ public class UpdateTemplateAction implements PermissionsWsAction { private void validateTemplate(DbSession dbSession, PermissionTemplateDto templateToUpdate) { validateTemplateNameForUpdate(dbSession, templateToUpdate.getOrganizationUuid(), templateToUpdate.getName(), templateToUpdate.getId()); - validateProjectPattern(templateToUpdate.getKeyPattern()); + RequestValidator.validateProjectPattern(templateToUpdate.getKeyPattern()); } private PermissionTemplateDto getAndBuildTemplateToUpdate(DbSession dbSession, String uuid, @Nullable String newName, @Nullable String newDescription, @@ -144,7 +141,7 @@ public class UpdateTemplateAction implements PermissionsWsAction { } private void validateTemplateNameForUpdate(DbSession dbSession, String organizationUuid, String name, long id) { - validateTemplateNameFormat(name); + RequestValidator.validateTemplateNameFormat(name); PermissionTemplateDto permissionTemplateWithSameName = dbClient.permissionTemplateDao().selectByName(dbSession, organizationUuid, name); checkRequest(permissionTemplateWithSameName == null || permissionTemplateWithSameName.getId() == id, diff --git a/server/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java b/server/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java index 045eda15b6e..042720ab282 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java +++ b/server/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java @@ -95,6 +95,8 @@ public class RegisterPermissionTemplates { insertGroupPermission(dbSession, template, UserRole.ADMIN, admins.get()); insertGroupPermission(dbSession, template, UserRole.ISSUE_ADMIN, admins.get()); insertGroupPermission(dbSession, template, UserRole.SECURITYHOTSPOT_ADMIN, admins.get()); + insertGroupPermission(dbSession, template, UserRole.APPLICATION_CREATOR, admins.get()); + insertGroupPermission(dbSession, template, UserRole.PORTFOLIO_CREATOR, admins.get()); } else { LOG.error("Cannot setup default permission for group: " + DefaultGroups.ADMINISTRATORS); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java index 54ae041674c..022d7bbae66 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java @@ -19,23 +19,33 @@ */ package org.sonar.server.permission; +import java.util.StringJoiner; +import org.apache.commons.lang.StringUtils; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.utils.System2; import org.sonar.api.web.UserRole; import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.GroupPermissionDto; import org.sonar.db.permission.OrganizationPermission; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; +import org.sonar.server.component.ComponentFinder; import org.sonar.server.exceptions.BadRequestException; +import org.sonar.server.organization.TestDefaultOrganizationProvider; +import org.sonar.server.permission.ws.PermissionWsSupport; +import org.sonar.server.usergroups.DefaultGroupFinder; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; +import org.sonar.server.usergroups.ws.GroupWsSupport; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.fail; @@ -50,7 +60,12 @@ public class GroupPermissionChangerTest { @Rule public ExpectedException expectedException = ExpectedException.none(); - private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient()); + private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); + private GroupWsSupport groupWsSupport = new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider, new DefaultGroupFinder(db.getDbClient())); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes); + private PermissionWsSupport wsSupport = new PermissionWsSupport(db.getDbClient(), new ComponentFinder(db.getDbClient(), resourceTypes), groupWsSupport); + private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient(), wsSupport); private OrganizationDto org; private GroupDto group; private ComponentDto privateProject; @@ -68,7 +83,7 @@ public class GroupPermissionChangerTest { public void apply_adds_organization_permission_to_group() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN); } @@ -77,7 +92,7 @@ public class GroupPermissionChangerTest { public void apply_adds_organization_permission_to_group_AnyOne() { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); assertThat(db.users().selectAnyonePermissions(org, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN); } @@ -85,10 +100,10 @@ public class GroupPermissionChangerTest { @Test public void apply_fails_with_BadRequestException_when_adding_any_permission_to_group_AnyOne_on_private_project() { GroupIdOrAnyone anyOneGroupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> { try { - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), anyOneGroupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), anyOneGroupId)); fail("a BadRequestException should have been thrown"); } catch (BadRequestException e) { assertThat(e).hasMessage("No permission can be granted to Anyone on a private component"); @@ -98,13 +113,13 @@ public class GroupPermissionChangerTest { @Test public void apply_has_no_effect_when_removing_any_permission_to_group_AnyOne_on_private_project() { - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(this::unsafeInsertProjectPermissionOnAnyone); GroupIdOrAnyone anyOneGroupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> { - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, perm, new ProjectId(privateProject), anyOneGroupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, perm, new ProjectId(privateProject), anyOneGroupId)); assertThat(db.users().selectAnyonePermissions(org, privateProject)).contains(perm); }); @@ -138,7 +153,7 @@ public class GroupPermissionChangerTest { private void applyAddsPermissionToGroupOnPrivateProject(String permission) { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId)); assertThat(db.users().selectGroupPermissions(group, null)).isEmpty(); assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(permission); @@ -173,7 +188,7 @@ public class GroupPermissionChangerTest { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertProjectPermissionOnGroup(group, permission, privateProject); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId)); assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(permission); } @@ -182,7 +197,7 @@ public class GroupPermissionChangerTest { public void apply_has_no_effect_when_adding_USER_permission_to_group_AnyOne_on_a_public_project() { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.USER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.USER, new ProjectId(publicProject), groupId)); assertThat(db.users().selectAnyonePermissions(org, publicProject)).isEmpty(); } @@ -191,7 +206,7 @@ public class GroupPermissionChangerTest { public void apply_has_no_effect_when_adding_CODEVIEWER_permission_to_group_AnyOne_on_a_public_project() { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId)); assertThat(db.users().selectAnyonePermissions(org, publicProject)).isEmpty(); } @@ -203,14 +218,14 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("It is not possible to add the 'admin' permission to group 'Anyone'"); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.ADMIN, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.ADMIN, new ProjectId(publicProject), groupId)); } @Test public void apply_adds_permission_ISSUE_ADMIN_to_group_AnyOne_on_a_public_project() { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.ISSUE_ADMIN, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.ISSUE_ADMIN, new ProjectId(publicProject), groupId)); assertThat(db.users().selectAnyonePermissions(org, publicProject)).containsOnly(UserRole.ISSUE_ADMIN); } @@ -219,7 +234,7 @@ public class GroupPermissionChangerTest { public void apply_adds_permission_SCAN_EXECUTION_to_group_AnyOne_on_a_public_project() { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.SCAN_EXECUTION, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.SCAN_EXECUTION, new ProjectId(publicProject), groupId)); assertThat(db.users().selectAnyonePermissions(org, publicProject)).containsOnly(GlobalPermissions.SCAN_EXECUTION); } @@ -231,7 +246,7 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission user can't be removed from a public component"); - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId)); } @Test @@ -241,7 +256,7 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission codeviewer can't be removed from a public component"); - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId)); } @Test @@ -263,7 +278,7 @@ public class GroupPermissionChangerTest { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); db.users().insertProjectPermissionOnAnyone(permission, publicProject); - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, permission, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, permission, new ProjectId(publicProject), groupId)); assertThat(db.users().selectAnyonePermissions(org, publicProject)).isEmpty(); } @@ -275,7 +290,7 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission user can't be removed from a public component"); - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId)); } @Test @@ -285,7 +300,7 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission codeviewer can't be removed from a public component"); - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId)); } @Test @@ -293,7 +308,7 @@ public class GroupPermissionChangerTest { OrganizationDto defaultOrganization = db.getDefaultOrganization(); GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(defaultOrganization.getUuid()); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); assertThat(db.users().selectGroupPermissions(group, null)).isEmpty(); assertThat(db.users().selectAnyonePermissions(defaultOrganization, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN); @@ -304,7 +319,7 @@ public class GroupPermissionChangerTest { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupId)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey()); } @@ -318,10 +333,11 @@ public class GroupPermissionChangerTest { .filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm)) .forEach(perm -> { try { - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), groupId)); fail("a BadRequestException should have been thrown for permission " + perm); } catch (BadRequestException e) { - assertThat(e).hasMessage("Invalid project permission '" + perm + "'. Valid values are [admin, codeviewer, issueadmin, securityhotspotadmin, scan, user]"); + assertThat(e).hasMessage("Invalid project permission '" + perm + + "'. Valid values are [" + StringUtils.join(permissionsHelper.allPermissions(), ", ") + "]"); } }); } @@ -335,10 +351,11 @@ public class GroupPermissionChangerTest { .filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm)) .forEach(perm -> { try { - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, perm, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, perm, new ProjectId(publicProject), groupId)); fail("a BadRequestException should have been thrown for permission " + perm); } catch (BadRequestException e) { - assertThat(e).hasMessage("Invalid project permission '" + perm + "'. Valid values are [admin, codeviewer, issueadmin, securityhotspotadmin, scan, user]"); + assertThat(e).hasMessage("Invalid project permission '" + perm + + "'. Valid values are [" + StringUtils.join(permissionsHelper.allPermissions(), ", ") + "]"); } }); } @@ -347,12 +364,12 @@ public class GroupPermissionChangerTest { public void fail_to_add_project_permission_but_SCAN_and_ADMIN_on_global_group() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .stream() .filter(perm -> !GlobalPermissions.SCAN_EXECUTION.equals(perm) && !OrganizationPermission.ADMINISTER.getKey().equals(perm)) .forEach(permission -> { try { - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, null, groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, permission, null, groupId)); fail("a BadRequestException should have been thrown for permission " + permission); } catch (BadRequestException e) { assertThat(e).hasMessage("Invalid global permission '" + permission + "'. Valid values are [admin, profileadmin, gateadmin, scan, provisioning]"); @@ -366,7 +383,7 @@ public class GroupPermissionChangerTest { db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); db.users().insertPermissionOnGroup(group, PROVISION_PROJECTS); - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupId)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(PROVISION_PROJECTS.getKey()); } @@ -378,7 +395,7 @@ public class GroupPermissionChangerTest { db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, privateProject); db.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, privateProject); - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey()); assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(UserRole.CODEVIEWER); @@ -388,7 +405,7 @@ public class GroupPermissionChangerTest { public void do_not_fail_if_removing_a_permission_that_does_not_exist() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId)); assertThat(db.users().selectGroupPermissions(group, null)).isEmpty(); assertThat(db.users().selectGroupPermissions(group, privateProject)).isEmpty(); @@ -402,7 +419,7 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed."); - underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId)); + underTest.apply(db.getSession(), new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId)); } @Test @@ -412,7 +429,7 @@ public class GroupPermissionChangerTest { UserDto admin = db.users().insertUser(); db.users().insertPermissionOnUser(org, admin, ADMINISTER); - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId)); + apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId)); assertThat(db.users().selectGroupPermissions(group, null)).isEmpty(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java index 9c55b543b39..7f97e0393b2 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java @@ -25,6 +25,7 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.utils.internal.AlwaysIncreasingSystem2; import org.sonar.api.web.UserRole; import org.sonar.core.permission.GlobalPermissions; @@ -32,6 +33,7 @@ import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.DbSession; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.template.PermissionTemplateDbTester; import org.sonar.db.permission.template.PermissionTemplateDto; @@ -57,6 +59,8 @@ public class PermissionTemplateServiceTest { @Rule public DefaultTemplatesResolverRule defaultTemplatesResolver = DefaultTemplatesResolverRule.withGovernance(); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes); private UserSessionRule userSession = UserSessionRule.standalone(); private PermissionTemplateDbTester templateDb = dbTester.permissionTemplates(); private DbSession session = dbTester.getSession(); @@ -95,7 +99,7 @@ public class PermissionTemplateServiceTest { OrganizationDto organization = dbTester.organizations().insert(); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm)); dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1"); @@ -110,7 +114,7 @@ public class PermissionTemplateServiceTest { OrganizationDto organization = dbTester.organizations().insert(); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm)); dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -127,14 +131,14 @@ public class PermissionTemplateServiceTest { ComponentDto privateProject = dbTester.components().insertPrivateProject(organization); GroupDto group = dbTester.users().insertGroup(organization); PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm)); dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1"); underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject)); assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject)) - .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION); + .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION); } @Test @@ -143,7 +147,7 @@ public class PermissionTemplateServiceTest { GroupDto group = dbTester.users().insertGroup(organization); ComponentDto privateProject = dbTester.components().insertPrivateProject(organization); PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm)); dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -151,7 +155,7 @@ public class PermissionTemplateServiceTest { underTest.applyDefault(session, organization.getUuid(), privateProject, null); assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject)) - .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION); + .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION); } @Test @@ -160,7 +164,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); GroupDto group = dbTester.users().insertGroup(organization); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm)); dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1"); @@ -176,7 +180,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); GroupDto group = dbTester.users().insertGroup(organization); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm)); dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -193,7 +197,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); UserDto user = dbTester.users().insertUser(); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm)); dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1"); @@ -209,7 +213,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); UserDto user = dbTester.users().insertUser(); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm)); dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -226,14 +230,14 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto privateProject = dbTester.components().insertPrivateProject(organization); UserDto user = dbTester.users().insertUser(); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm)); dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1"); underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject)); assertThat(selectProjectPermissionsOfUser(user, privateProject)) - .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION); + .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION); } @Test @@ -242,7 +246,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto privateProject = dbTester.components().insertPrivateProject(organization); UserDto user = dbTester.users().insertUser(); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm)); dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -250,7 +254,7 @@ public class PermissionTemplateServiceTest { underTest.applyDefault(session, organization.getUuid(), privateProject, null); assertThat(selectProjectPermissionsOfUser(user, privateProject)) - .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION); + .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION); } @Test @@ -259,7 +263,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); UserDto user = dbTester.users().insertUser(); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm)); dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -276,7 +280,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto privateProject = dbTester.components().insertPrivateProject(organization); UserDto user = dbTester.users().insertUser(); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm)); dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -284,7 +288,7 @@ public class PermissionTemplateServiceTest { underTest.applyDefault(session, organization.getUuid(), privateProject, user.getId()); assertThat(selectProjectPermissionsOfUser(user, privateProject)) - .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION); + .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java index 0bdff5b6434..7b086f94c62 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java @@ -19,14 +19,18 @@ */ package org.sonar.server.permission; +import org.apache.commons.lang.StringUtils; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.utils.System2; import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.OrganizationPermission; import org.sonar.db.user.GroupDto; @@ -54,6 +58,8 @@ public class UserPermissionChangerTest { @Rule public ExpectedException expectedException = ExpectedException.none(); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP); + private PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes); private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient()); private OrganizationDto org1; private OrganizationDto org2; @@ -76,7 +82,7 @@ public class UserPermissionChangerTest { public void apply_adds_any_organization_permission_to_user() { OrganizationPermission.all() .forEach(perm -> { - UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), perm.getKey(), null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), perm.getKey(), null, UserId.from(user1)); apply(change); @@ -94,7 +100,7 @@ public class UserPermissionChangerTest { OrganizationPermission.all() .forEach(perm -> { - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), perm.getKey(), null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), perm.getKey(), null, UserId.from(user1)); apply(change); @@ -104,7 +110,7 @@ public class UserPermissionChangerTest { @Test public void apply_has_no_effect_when_adding_permission_USER_on_a_public_project() { - UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1)); apply(change); @@ -113,7 +119,7 @@ public class UserPermissionChangerTest { @Test public void apply_has_no_effect_when_adding_permission_CODEVIEWER_on_a_public_project() { - UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1)); apply(change); @@ -136,7 +142,7 @@ public class UserPermissionChangerTest { } private void applyAddsPermissionOnAPublicProject(String permission) { - UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1)); apply(change); @@ -145,7 +151,7 @@ public class UserPermissionChangerTest { @Test public void apply_fails_with_BadRequestException_when_removing_permission_USER_from_a_public_project() { - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1)); expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission user can't be removed from a public component"); @@ -155,7 +161,7 @@ public class UserPermissionChangerTest { @Test public void apply_fails_with_BadRequestException_when_removing_permission_CODEVIEWER_from_a_public_project() { - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1)); expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission codeviewer can't be removed from a public component"); @@ -180,7 +186,7 @@ public class UserPermissionChangerTest { private void applyRemovesPermissionFromPublicProject(String permission) { db.users().insertProjectPermissionOnUser(user1, permission, publicProject); - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1)); apply(change); @@ -189,9 +195,9 @@ public class UserPermissionChangerTest { @Test public void apply_adds_any_permission_to_a_private_project() { - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(permission -> { - UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1)); apply(change); @@ -201,12 +207,12 @@ public class UserPermissionChangerTest { @Test public void apply_removes_any_permission_from_a_private_project() { - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(permission -> db.users().insertProjectPermissionOnUser(user1, permission, privateProject)); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(permission -> { - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1)); apply(change); @@ -216,7 +222,7 @@ public class UserPermissionChangerTest { @Test public void add_global_permission_to_user() { - UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), SCAN_EXECUTION, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), SCAN_EXECUTION, null, UserId.from(user1)); apply(change); @@ -229,7 +235,7 @@ public class UserPermissionChangerTest { @Test public void add_project_permission_to_user() { - UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); @@ -242,7 +248,7 @@ public class UserPermissionChangerTest { public void do_nothing_when_adding_global_permission_that_already_exists() { db.users().insertPermissionOnUser(org1, user1, ADMINISTER_QUALITY_GATES); - UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(ADMINISTER_QUALITY_GATES); @@ -251,9 +257,9 @@ public class UserPermissionChangerTest { @Test public void fail_to_add_global_permission_on_project() { expectedException.expect(BadRequestException.class); - expectedException.expectMessage("Invalid project permission 'gateadmin'. Valid values are [admin, codeviewer, issueadmin, securityhotspotadmin, scan, user]"); + expectedException.expectMessage("Invalid project permission 'gateadmin'. Valid values are [" + StringUtils.join(permissionsHelper.allPermissions(), ", ") + "]"); - UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), QUALITY_GATE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); apply(change); } @@ -262,7 +268,7 @@ public class UserPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Invalid global permission 'issueadmin'. Valid values are [admin, profileadmin, gateadmin, scan, provisioning]"); - UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), ISSUE_ADMIN, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), ISSUE_ADMIN, null, UserId.from(user1)); apply(change); } @@ -274,7 +280,7 @@ public class UserPermissionChangerTest { db.users().insertPermissionOnUser(org1, user2, QUALITY_GATE_ADMIN); db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, privateProject); - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN); @@ -292,7 +298,7 @@ public class UserPermissionChangerTest { db.users().insertProjectPermissionOnUser(user2, ISSUE_ADMIN, privateProject); db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, project2); - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); apply(change); assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(USER); @@ -302,7 +308,7 @@ public class UserPermissionChangerTest { @Test public void do_not_fail_if_removing_a_global_permission_that_does_not_exist() { - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); @@ -310,7 +316,7 @@ public class UserPermissionChangerTest { @Test public void do_not_fail_if_removing_a_project_permission_that_does_not_exist() { - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); apply(change); assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).isEmpty(); @@ -323,7 +329,7 @@ public class UserPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Last user with permission 'admin'. Permission cannot be removed."); - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), SYSTEM_ADMIN, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), SYSTEM_ADMIN, null, UserId.from(user1)); underTest.apply(db.getSession(), change); } @@ -334,7 +340,7 @@ public class UserPermissionChangerTest { db.users().insertMember(admins, user2); db.users().insertPermissionOnGroup(admins, ADMINISTER); - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1)); underTest.apply(db.getSession(), change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java index 26858d89fa9..b0963b6c77c 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java @@ -21,7 +21,6 @@ package org.sonar.server.permission.ws; import org.junit.Test; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; import org.sonar.db.organization.OrganizationDto; @@ -30,6 +29,7 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.ServerException; +import org.sonar.server.permission.PermissionsHelper; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; @@ -58,9 +58,12 @@ public class AddGroupActionTest extends BasePermissionWsTest { private static final String A_PROJECT_UUID = "project-uuid"; private static final String A_PROJECT_KEY = "project-key"; + private PermissionsHelper permissionsHelper = newPermissionsHelper(); + private WsParameters wsParameters = new WsParameters(permissionsHelper); + @Override protected AddGroupAction buildWsAction() { - return new AddGroupAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport()); + return new AddGroupAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionsHelper); } @Test @@ -368,7 +371,7 @@ public class AddGroupActionTest extends BasePermissionWsTest { ComponentDto project = db.components().insertPrivateProject(); userSession.logIn().addProjectPermission(UserRole.ADMIN, project); - ProjectPermissions.ALL + newPermissionsHelper().allPermissions() .forEach(permission -> { try { newRequest() diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java index 7545c0d22ba..4bb128a930f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java @@ -30,6 +30,7 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.ServerException; +import org.sonar.server.permission.PermissionsHelper; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; @@ -54,6 +55,9 @@ public class AddUserActionTest extends BasePermissionWsTest { private UserDto user; + private PermissionsHelper permissionsHelper = newPermissionsHelper(); + private WsParameters wsParameters = new WsParameters(permissionsHelper); + @Before public void setUp() { user = db.users().insertUser("ray.bradbury"); @@ -62,7 +66,7 @@ public class AddUserActionTest extends BasePermissionWsTest { @Override protected AddUserAction buildWsAction() { - return new AddUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport()); + return new AddUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionsHelper); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java index 2df0afdbeba..b8e5fccdcef 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java @@ -35,6 +35,7 @@ import org.sonar.server.es.ProjectIndexersImpl; import org.sonar.server.organization.TestDefaultOrganizationProvider; import org.sonar.server.permission.GroupPermissionChanger; import org.sonar.server.permission.PermissionUpdater; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.UserPermissionChanger; import org.sonar.server.permission.index.FooIndexDefinition; import org.sonar.server.permission.index.PermissionIndexer; @@ -82,11 +83,15 @@ public abstract class BasePermissionWsTest { return new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP); } + protected PermissionsHelper newPermissionsHelper() { + return new PermissionsHelper(newRootResourceTypes()); + } + protected PermissionUpdater newPermissionUpdater() { return new PermissionUpdater( new ProjectIndexersImpl(new PermissionIndexer(db.getDbClient(), es.client())), new UserPermissionChanger(db.getDbClient()), - new GroupPermissionChanger(db.getDbClient())); + new GroupPermissionChanger(db.getDbClient(), newPermissionWsSupport())); } protected TestRequest newRequest() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java index ba8b0f0d7f6..b228dd99fec 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java @@ -30,6 +30,7 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; +import org.sonar.server.permission.PermissionsHelper; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; @@ -54,12 +55,15 @@ public class GroupsActionTest extends BasePermissionWsTest { private GroupDto group2; private GroupDto group3; + private PermissionsHelper permissionsHelper = newPermissionsHelper(); + private WsParameters wsParameters = new WsParameters(permissionsHelper); + @Override protected GroupsAction buildWsAction() { return new GroupsAction( db.getDbClient(), userSession, - newPermissionWsSupport()); + newPermissionWsSupport(), wsParameters); } @Before diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsModuleTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsModuleTest.java index 3b1a91aa5cf..9897b1a9032 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsModuleTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsModuleTest.java @@ -30,6 +30,6 @@ public class PermissionsWsModuleTest { public void verify_count_of_added_components() { ComponentContainer container = new ComponentContainer(); new PermissionsWsModule().configure(container); - assertThat(container.size()).isEqualTo(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER + 25); + assertThat(container.size()).isEqualTo(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER + 28); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsTest.java index bbaa19e2084..22db720d301 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsTest.java @@ -19,34 +19,45 @@ */ package org.sonar.server.permission.ws; -import org.junit.Before; +import org.junit.Rule; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; import org.sonar.api.server.ws.WebService; -import org.sonar.db.DbClient; +import org.sonar.db.DbTester; +import org.sonar.db.component.ResourceTypesRule; +import org.sonar.server.component.ComponentFinder; import org.sonar.server.issue.ws.AvatarResolverImpl; +import org.sonar.server.organization.TestDefaultOrganizationProvider; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ws.template.TemplateGroupsAction; import org.sonar.server.permission.ws.template.TemplateUsersAction; -import org.sonar.server.user.UserSession; +import org.sonar.server.tester.UserSessionRule; +import org.sonar.server.usergroups.DefaultGroupFinder; +import org.sonar.server.usergroups.ws.GroupWsSupport; import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.Mockito.mock; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; public class PermissionsWsTest { - WsTester ws; + @Rule + public DbTester db = DbTester.create(); + @Rule + public UserSessionRule userSession = UserSessionRule.standalone(); - @Before - public void setUp() { - DbClient dbClient = mock(DbClient.class); - UserSession userSession = mock(UserSession.class); - PermissionWsSupport permissionWsSupport = mock(PermissionWsSupport.class); + private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); + private final ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private final PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes); + private final GroupWsSupport groupWsSupport = new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider, new DefaultGroupFinder(db.getDbClient())); + private final PermissionWsSupport wsSupport = new PermissionWsSupport(db.getDbClient(), new ComponentFinder(db.getDbClient(), resourceTypes), groupWsSupport); - ws = new WsTester(new PermissionsWs( - new TemplateUsersAction(dbClient, userSession, permissionWsSupport, new AvatarResolverImpl()), - new TemplateGroupsAction(dbClient, userSession, permissionWsSupport))); - } + private WsParameters wsParameters = new WsParameters(permissionsHelper); + private RequestValidator requestValidator = new RequestValidator(permissionsHelper); + + private WsTester underTest = new WsTester(new PermissionsWs( + new TemplateUsersAction(db.getDbClient(), userSession, wsSupport, new AvatarResolverImpl(), requestValidator, wsParameters), + new TemplateGroupsAction(db.getDbClient(), userSession, wsSupport, requestValidator, wsParameters))); @Test public void define_controller() { @@ -79,6 +90,6 @@ public class PermissionsWsTest { } private WebService.Controller controller() { - return ws.controller("api/permissions"); + return underTest.controller("api/permissions"); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java index 69631be07d9..0ee36f8d137 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java @@ -22,7 +22,6 @@ package org.sonar.server.permission.ws; import org.junit.Before; import org.junit.Test; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; import org.sonar.db.organization.OrganizationDto; @@ -31,6 +30,7 @@ import org.sonar.db.user.GroupDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.permission.PermissionsHelper; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; @@ -57,6 +57,9 @@ public class RemoveGroupActionTest extends BasePermissionWsTest unsafeInsertProjectPermissionOnAnyone(perm, project)); userSession.logIn().addProjectPermission(UserRole.ADMIN, project); - ProjectPermissions.ALL + newPermissionsHelper().allPermissions() .forEach(permission -> { newRequest() .setParam(PARAM_GROUP_NAME, "anyone") diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java index 481b72cceff..bec9804fd76 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java @@ -30,6 +30,7 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.ServerException; +import org.sonar.server.permission.PermissionsHelper; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; @@ -63,6 +64,9 @@ public class RemoveUserActionTest extends BasePermissionWsTest private UserDto user; + private PermissionsHelper permissionsHelper = newPermissionsHelper(); + private WsParameters wsParameters = new WsParameters(permissionsHelper); + @Before public void setUp() { user = db.users().insertUser(A_LOGIN); @@ -70,7 +74,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest @Override protected RemoveUserAction buildWsAction() { - return new RemoveUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport()); + return new RemoveUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionsHelper); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java index c1ddcd1ff76..8259e7fd312 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java @@ -34,6 +34,7 @@ import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.l18n.I18nRule; +import org.sonar.server.permission.PermissionsHelper; import org.sonarqube.ws.Permissions; import static java.lang.String.format; @@ -55,6 +56,9 @@ public class SearchProjectPermissionsActionTest extends BasePermissionWsTest { + private PermissionsHelper permissionsHelper = newPermissionsHelper(); + private WsParameters wsParameters = new WsParameters(permissionsHelper); + private RequestValidator requestValidator = new RequestValidator(permissionsHelper); + @Override protected UsersAction buildWsAction() { - return new UsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl()); + return new UsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl(), requestValidator, wsParameters); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java index cdb9cccf868..5185255230a 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java @@ -31,7 +31,9 @@ import org.sonar.db.user.GroupDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ws.BasePermissionWsTest; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.ws.TestRequest; import static org.assertj.core.api.Assertions.assertThat; @@ -49,10 +51,12 @@ public class AddGroupToTemplateActionTest extends BasePermissionWsTest { + private PermissionsHelper permissionsHelper = newPermissionsHelper(); + private WsParameters wsParameters = new WsParameters(permissionsHelper); + private RequestValidator requestValidator = new RequestValidator(permissionsHelper); @Override protected TemplateGroupsAction buildWsAction() { - return new TemplateGroupsAction(db.getDbClient(), userSession, newPermissionWsSupport()); + return new TemplateGroupsAction(db.getDbClient(), userSession, newPermissionWsSupport(), requestValidator, wsParameters); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java index 49bba7b5e00..d125d768dd7 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java @@ -31,7 +31,10 @@ import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.issue.ws.AvatarResolverImpl; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ws.BasePermissionWsTest; +import org.sonar.server.permission.ws.RequestValidator; +import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.ws.TestRequest; import org.sonarqube.ws.Permissions; @@ -49,10 +52,13 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_T import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; public class TemplateUsersActionTest extends BasePermissionWsTest { + private PermissionsHelper permissionsHelper = newPermissionsHelper(); + private WsParameters wsParameters = new WsParameters(permissionsHelper); + private RequestValidator requestValidator = new RequestValidator(permissionsHelper); @Override protected TemplateUsersAction buildWsAction() { - return new TemplateUsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl()); + return new TemplateUsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl(), requestValidator, wsParameters); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java index 3f6296abe4c..eb9bcd3d92e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java @@ -27,10 +27,11 @@ import java.util.stream.Stream; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.core.util.stream.MoreCollectors; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -39,6 +40,7 @@ import org.sonar.db.ce.CeQueueDto; import org.sonar.db.component.BranchDto; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.GroupPermissionDto; import org.sonar.db.permission.OrganizationPermission; @@ -56,6 +58,7 @@ import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.organization.BillingValidations; import org.sonar.server.organization.BillingValidationsProxy; import org.sonar.server.organization.TestDefaultOrganizationProvider; +import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.index.FooIndexDefinition; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.TestRequest; @@ -77,10 +80,15 @@ public class UpdateVisibilityActionTest { private static final String PARAM_PROJECT = "project"; private static final String PUBLIC = "public"; private static final String PRIVATE = "private"; + + private static final ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP); + private static final PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes); + private static final Set ORGANIZATION_PERMISSIONS_NAME_SET = stream(OrganizationPermission.values()).map(OrganizationPermission::getKey) .collect(MoreCollectors.toSet(OrganizationPermission.values().length)); - private static final Set PROJECT_PERMISSIONS_BUT_USER_AND_CODEVIEWER = ProjectPermissions.ALL.stream() - .filter(perm -> !perm.equals(UserRole.USER) && !perm.equals(UserRole.CODEVIEWER)).collect(MoreCollectors.toSet(ProjectPermissions.ALL.size() - 2)); + private static final Set PROJECT_PERMISSIONS_BUT_USER_AND_CODEVIEWER = permissionsHelper.allPermissions().stream() + .filter(perm -> !perm.equals(UserRole.USER) && !perm.equals(UserRole.CODEVIEWER)) + .collect(MoreCollectors.toSet(permissionsHelper.allPermissions().size() - 2)); @Rule public DbTester dbTester = DbTester.create(System2.INSTANCE); @@ -636,7 +644,7 @@ public class UpdateVisibilityActionTest { dbTester.users().insertPermissionOnGroup(group, organizationPermission); dbTester.users().insertPermissionOnUser(organization, user, organizationPermission); }); - ProjectPermissions.ALL + permissionsHelper.allPermissions() .forEach(permission -> { unsafeInsertProjectPermissionOnAnyone(component, permission); unsafeInsertProjectPermissionOnGroup(component, group, permission); @@ -680,9 +688,9 @@ public class UpdateVisibilityActionTest { assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), null, component.getId())) .isEmpty(); assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), group.getId(), component.getId())) - .containsAll(ProjectPermissions.ALL); + .containsAll(permissionsHelper.allPermissions()); assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession, user.getId(), component.getId())) - .containsAll(ProjectPermissions.ALL); + .containsAll(permissionsHelper.allPermissions()); } private void verifyHasAllPermissionsButProjectPermissionsUserAndBrowse(ComponentDto component, UserDto user, GroupDto group) { @@ -714,11 +722,11 @@ public class UpdateVisibilityActionTest { assertThat(dbClient.userPermissionDao().selectGlobalPermissionsOfUser(dbSession, user.getId(), component.getOrganizationUuid())) .containsAll(ORGANIZATION_PERMISSIONS_NAME_SET); assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), null, component.getId())) - .containsAll(ProjectPermissions.ALL); + .containsAll(permissionsHelper.allPermissions()); assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), group.getId(), component.getId())) - .containsAll(ProjectPermissions.ALL); + .containsAll(permissionsHelper.allPermissions()); assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession, user.getId(), component.getId())) - .containsAll(ProjectPermissions.ALL); + .containsAll(permissionsHelper.allPermissions()); } private void insertPendingTask(ComponentDto project) { diff --git a/server/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java b/server/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java index 31acf69393d..b2cdae82140 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java @@ -25,11 +25,14 @@ import java.util.Optional; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.security.DefaultGroups; import org.sonar.api.utils.System2; import org.sonar.api.utils.log.LogTester; import org.sonar.api.utils.log.LoggerLevel; import org.sonar.api.web.UserRole; +import org.sonar.api.web.page.Page; import org.sonar.db.DbTester; import org.sonar.db.organization.DefaultTemplates; import org.sonar.db.permission.template.PermissionTemplateDto; @@ -39,6 +42,9 @@ import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.organization.TestDefaultOrganizationProvider; import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; public class RegisterPermissionTemplatesTest { @@ -52,6 +58,7 @@ public class RegisterPermissionTemplatesTest { public ExpectedException expectedException = ExpectedException.none(); private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); + private ResourceTypes resourceTypes = mock(ResourceTypes.class); private RegisterPermissionTemplates underTest = new RegisterPermissionTemplates(db.getDbClient(), defaultOrganizationProvider); @Test @@ -73,20 +80,51 @@ public class RegisterPermissionTemplatesTest { } @Test - public void insert_default_permission_template_if_fresh_install() { + public void insert_default_permission_template_if_fresh_install_without_governance() { GroupDto defaultGroup = createAndSetDefaultGroup(); db.users().insertGroup(db.getDefaultOrganization(), DefaultGroups.ADMINISTRATORS); + when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(false); + when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(false); underTest.start(); PermissionTemplateDto defaultTemplate = selectTemplate(); assertThat(defaultTemplate.getName()).isEqualTo("Default template"); List groupPermissions = selectGroupPermissions(defaultTemplate); - assertThat(groupPermissions).hasSize(5); + assertThat(groupPermissions).hasSize(7); expectGroupPermission(groupPermissions, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS); expectGroupPermission(groupPermissions, UserRole.ISSUE_ADMIN, DefaultGroups.ADMINISTRATORS); expectGroupPermission(groupPermissions, UserRole.SECURITYHOTSPOT_ADMIN, DefaultGroups.ADMINISTRATORS); + expectGroupPermission(groupPermissions, UserRole.APPLICATION_CREATOR, DefaultGroups.ADMINISTRATORS); + expectGroupPermission(groupPermissions, UserRole.PORTFOLIO_CREATOR, DefaultGroups.ADMINISTRATORS); + expectGroupPermission(groupPermissions, UserRole.CODEVIEWER, defaultGroup.getName()); + expectGroupPermission(groupPermissions, UserRole.USER, defaultGroup.getName()); + + verifyDefaultTemplates(); + + assertThat(logTester.logs(LoggerLevel.ERROR)).isEmpty(); + } + + @Test + public void insert_default_permission_template_if_fresh_install_with_governance() { + GroupDto defaultGroup = createAndSetDefaultGroup(); + db.users().insertGroup(db.getDefaultOrganization(), DefaultGroups.ADMINISTRATORS); + + when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(true); + when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(true); + underTest.start(); + + PermissionTemplateDto defaultTemplate = selectTemplate(); + assertThat(defaultTemplate.getName()).isEqualTo("Default template"); + + List groupPermissions = selectGroupPermissions(defaultTemplate); + assertThat(groupPermissions).hasSize(7); + expectGroupPermission(groupPermissions, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS); + expectGroupPermission(groupPermissions, UserRole.ISSUE_ADMIN, DefaultGroups.ADMINISTRATORS); + expectGroupPermission(groupPermissions, UserRole.SECURITYHOTSPOT_ADMIN, DefaultGroups.ADMINISTRATORS); + expectGroupPermission(groupPermissions, UserRole.APPLICATION_CREATOR, DefaultGroups.ADMINISTRATORS); + expectGroupPermission(groupPermissions, UserRole.PORTFOLIO_CREATOR, DefaultGroups.ADMINISTRATORS); expectGroupPermission(groupPermissions, UserRole.CODEVIEWER, defaultGroup.getName()); expectGroupPermission(groupPermissions, UserRole.USER, defaultGroup.getName()); diff --git a/sonar-core/src/main/resources/org/sonar/l10n/core.properties b/sonar-core/src/main/resources/org/sonar/l10n/core.properties index 66508b5d588..33b0b0fb66c 100644 --- a/sonar-core/src/main/resources/org/sonar/l10n/core.properties +++ b/sonar-core/src/main/resources/org/sonar/l10n/core.properties @@ -2095,6 +2095,10 @@ projects_role.are_you_sure_to_turn_project_to_public.warning.VW=Everybody will b projects_role.are_you_sure_to_turn_project_to_public.APP=Are you sure you want to turn your application to public? projects_role.are_you_sure_to_turn_project_to_public.warning.APP=Everybody will be able to browse it. projects_role.public_projects_warning=This permission is always granted by default to everybody (anonymous and authenticated users) for public projects. Therefore, the selection made on this page will be applied to private projects only. +projects_role.applicationcreator=Create Applications +projects_role.applicationcreator.desc=Allow to create applications for non system administrator. +projects_role.portfoliocreator=Create Portfolios +projects_role.portfoliocreator.desc=Allow to create portfolios for non system administrator. diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/resources/ResourceTypes.java b/sonar-plugin-api/src/main/java/org/sonar/api/resources/ResourceTypes.java index a0fa602aeda..1eef6e13205 100644 --- a/sonar-plugin-api/src/main/java/org/sonar/api/resources/ResourceTypes.java +++ b/sonar-plugin-api/src/main/java/org/sonar/api/resources/ResourceTypes.java @@ -81,6 +81,10 @@ public class ResourceTypes { return rootTypes; } + public boolean isQualifierPresent(String qualifier) { + return typeByQualifier.get(qualifier) != null; + } + public List getLeavesQualifiers(String qualifier) { ResourceTypeTree tree = getTree(qualifier); if (tree != null) { diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/web/UserRole.java b/sonar-plugin-api/src/main/java/org/sonar/api/web/UserRole.java index 196218cdc51..fe372fa23c3 100644 --- a/sonar-plugin-api/src/main/java/org/sonar/api/web/UserRole.java +++ b/sonar-plugin-api/src/main/java/org/sonar/api/web/UserRole.java @@ -47,6 +47,12 @@ public @interface UserRole { */ String SECURITYHOTSPOT_ADMIN = "securityhotspotadmin"; + /** + * @since 7.4 + */ + String APPLICATION_CREATOR = "applicationcreator"; + String PORTFOLIO_CREATOR = "portfoliocreator"; + String[] value() default {}; } diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/resources/ResourceTypesTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/resources/ResourceTypesTest.java index 8eb691a3111..f1ab7695a98 100644 --- a/sonar-plugin-api/src/test/java/org/sonar/api/resources/ResourceTypesTest.java +++ b/sonar-plugin-api/src/test/java/org/sonar/api/resources/ResourceTypesTest.java @@ -88,6 +88,13 @@ public class ResourceTypesTest { new ResourceTypes(new ResourceTypeTree[] {tree1, tree2}); } + @Test + public void isQualifierPresent() { + assertThat(types.isQualifierPresent(Qualifiers.APP)).isTrue(); + assertThat(types.isQualifierPresent(Qualifiers.VIEW)).isTrue(); + assertThat(types.isQualifierPresent("XXXX")).isFalse(); + } + static Collection qualifiers(Collection types) { return Collections2.transform(types, ResourceType::getQualifier); } -- 2.39.5