From 52f34d90b5c307c1cb73cc75b9f6ff18f0568405 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Lievremont <jean-baptiste.lievremont@sonarsource.com>
Date: Tue, 12 May 2015 14:18:23 +0200
Subject: [PATCH] Fix issue bulk change modal permission check

---
 .../server/issue/InternalRubyIssueService.java | 18 ++++++++++++------
 .../issue/InternalRubyIssueServiceTest.java    | 17 +++++++++++++----
 .../views/issues/_bulk_change_form.html.erb    |  2 +-
 3 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java b/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java
index 38d3594632d..208eb4ba22c 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java
@@ -26,12 +26,6 @@ import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
 import com.google.common.collect.Maps;
-import java.util.Collection;
-import java.util.Date;
-import java.util.List;
-import java.util.Map;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
 import org.apache.commons.lang.StringUtils;
 import org.sonar.api.ServerSide;
 import org.sonar.api.issue.ActionPlan;
@@ -43,6 +37,7 @@ import org.sonar.api.issue.internal.DefaultIssueComment;
 import org.sonar.api.issue.internal.FieldDiffs;
 import org.sonar.api.rule.RuleKey;
 import org.sonar.api.utils.SonarException;
+import org.sonar.api.web.UserRole;
 import org.sonar.core.issue.ActionPlanStats;
 import org.sonar.core.issue.DefaultActionPlan;
 import org.sonar.core.issue.db.IssueFilterDto;
@@ -60,6 +55,14 @@ import org.sonar.server.user.UserSession;
 import org.sonar.server.util.RubyUtils;
 import org.sonar.server.util.Validation;
 
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
+
+import java.util.Collection;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
 import static com.google.common.collect.Lists.newArrayList;
 
 /**
@@ -660,4 +663,7 @@ public class InternalRubyIssueService {
     return issueService.listTagsForComponent(query, pageSize);
   }
 
+  public boolean isUserIssueAdmin(String projectUuid) {
+    return userSession.hasProjectPermissionByUuid(UserRole.ISSUE_ADMIN, projectUuid);
+  }
 }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/InternalRubyIssueServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/InternalRubyIssueServiceTest.java
index 254395b7584..f63c5f0f72d 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/issue/InternalRubyIssueServiceTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/issue/InternalRubyIssueServiceTest.java
@@ -22,10 +22,6 @@ package org.sonar.server.issue;
 
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Maps;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -36,6 +32,7 @@ import org.sonar.api.issue.action.Action;
 import org.sonar.api.issue.internal.DefaultIssue;
 import org.sonar.api.issue.internal.FieldDiffs;
 import org.sonar.api.user.User;
+import org.sonar.api.web.UserRole;
 import org.sonar.core.issue.DefaultActionPlan;
 import org.sonar.core.issue.db.IssueFilterDto;
 import org.sonar.core.resource.ResourceDao;
@@ -49,6 +46,11 @@ import org.sonar.server.issue.filter.IssueFilterService;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.user.ThreadLocalUserSession;
 
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
 import static com.google.common.collect.Lists.newArrayList;
 import static com.google.common.collect.Maps.newHashMap;
 import static org.assertj.core.api.Assertions.assertThat;
@@ -719,6 +721,13 @@ public class InternalRubyIssueServiceTest {
     assertThat(service.listTagsForComponent(componentUuid, pageSize)).isEqualTo(tags);
   }
 
+  @Test
+  public void is_user_issue_admin() {
+    userSessionRule.addProjectUuidPermissions(UserRole.ISSUE_ADMIN, "bcde");
+    assertThat(service.isUserIssueAdmin("abcd")).isFalse();
+    assertThat(service.isUserIssueAdmin("bcde")).isTrue();
+  }
+
   private void checkBadRequestException(Exception e, String key, Object... params) {
     BadRequestException exception = (BadRequestException) e;
     Message msg = exception.errors().messages().get(0);
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/issues/_bulk_change_form.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/issues/_bulk_change_form.html.erb
index 55f316e41ea..e047918ee81 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/issues/_bulk_change_form.html.erb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/issues/_bulk_change_form.html.erb
@@ -17,7 +17,7 @@
        transitions_by_issues[transition.key] = issues_for_transition
      end
      unresolved_issues += 1 unless issue.resolution()
-     if Java::OrgSonarServerUser::UserSession.get().hasProjectPermissionByUuid('issueadmin', issue.projectUuid)
+     if Internal.issues.isUserIssueAdmin(issue.projectUuid)
        unresolved_issues_user_can_admin += 1 unless issue.resolution()
      end
      at_least_one_issue_is_planned ||= issue.actionPlanKey()
-- 
2.39.5