From 71624bb5617ab6ffb67de3f07757b33cc8ebb83d Mon Sep 17 00:00:00 2001 From: Stas Vilchik Date: Tue, 12 Jul 2016 15:04:47 +0200 Subject: [PATCH] SONAR-7753 allow system admins to access project permissions page --- .../server/ui/ws/ComponentNavigationAction.java | 5 ++++- .../ui/ws/ComponentNavigationActionTest.java | 14 ++++++++++++++ server/sonar-web/src/main/js/api/ce.js | 6 +++--- .../app/controllers/project_roles_controller.rb | 2 +- 4 files changed, 22 insertions(+), 5 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentNavigationAction.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentNavigationAction.java index 3d42c845fc5..a3ea8cdc170 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentNavigationAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentNavigationAction.java @@ -52,6 +52,7 @@ import org.sonar.db.property.PropertyDto; import org.sonar.db.property.PropertyQuery; import org.sonar.server.ce.ws.ActivityAction; import org.sonar.server.component.ComponentFinder; +import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.ui.ViewProxy; import org.sonar.server.ui.Views; import org.sonar.server.user.UserSession; @@ -114,7 +115,9 @@ public class ComponentNavigationAction implements NavigationWsAction { try { ComponentDto component = componentFinder.getByKey(session, componentKey); - userSession.checkComponentUuidPermission(UserRole.USER, component.projectUuid()); + if (!(userSession.hasComponentUuidPermission(UserRole.USER, component.projectUuid()) || userSession.hasComponentUuidPermission(UserRole.ADMIN, component.projectUuid()))) { + throw new ForbiddenException("Insufficient privileges"); + } Optional analysis = dbClient.snapshotDao().selectLastAnalysisByRootComponentUuid(session, component.projectUuid()); diff --git a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentNavigationActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentNavigationActionTest.java index f7c5ecfcf6c..94de7d1cea7 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentNavigationActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentNavigationActionTest.java @@ -364,6 +364,20 @@ public class ComponentNavigationActionTest { wsTester.newGetRequest("api/navigation", "component").setParam("componentKey", "palap:src/main/xoo/Source.xoo").execute().assertJson(getClass(), "breadcrumbs.json"); } + @Test + public void work_with_only_system_admin() throws Exception { + ComponentDto project = ComponentTesting.newProjectDto("abcd") + .setKey("polop").setName("Polop").setLanguage("xoo"); + dbClient.componentDao().insert(dbTester.getSession(), project); + dbClient.snapshotDao().insert(dbTester.getSession(), SnapshotTesting.newAnalysis(project)); + dbTester.getSession().commit(); + + userSessionRule.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); + + WsTester wsTester = newdWsTester(createViews()); + wsTester.newGetRequest("api/navigation", "component").setParam("componentKey", "polop").execute(); + } + private WsTester newdWsTester(View... views) { return new WsTester(new NavigationWs(new ComponentNavigationAction(dbClient, new Views(userSessionRule, views), i18n, resourceTypes, userSessionRule, new ComponentFinder(dbClient)))); diff --git a/server/sonar-web/src/main/js/api/ce.js b/server/sonar-web/src/main/js/api/ce.js index f7ec5e042ba..9eb33301774 100644 --- a/server/sonar-web/src/main/js/api/ce.js +++ b/server/sonar-web/src/main/js/api/ce.js @@ -18,7 +18,7 @@ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ import $ from 'jquery'; -import { getJSON, post } from '../helpers/request.js'; +import { getJSON, post } from '../helpers/request'; export function getQueue (data) { const url = window.baseUrl + '/api/ce/queue'; @@ -58,9 +58,9 @@ export function cancelAllTasks () { } export function getTasksForComponent (componentId) { - const url = window.baseUrl + '/api/ce/component'; + const url = '/api/ce/component'; const data = { componentId }; - return new Promise(resolve => $.get(url, data).done(resolve)); + return getJSON(url, data); } export function getTypes () { diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/project_roles_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/project_roles_controller.rb index 2dab45040b0..179f5b85fd7 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/project_roles_controller.rb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/project_roles_controller.rb @@ -24,7 +24,7 @@ class ProjectRolesController < ApplicationController def index @project = Project.by_key(params[:id]) - access_denied unless is_admin?(@project) + access_denied unless is_admin? || is_admin?(@project) end end -- 2.39.5