From 83e47cf30c12fe6aa02ea14669f139e6530b48fb Mon Sep 17 00:00:00 2001 From: Teryk Bellahsene Date: Tue, 1 Dec 2015 10:38:29 +0100 Subject: [PATCH] SONAR-7034 WS ce/task works for users with the 'Execute Analysis' permission --- .../server/computation/ws/TaskAction.java | 8 ++- .../server/computation/ws/TaskActionTest.java | 54 ++++++++++++------- 2 files changed, 41 insertions(+), 21 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java index e36a9a671a1..18ebb59aaa5 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java @@ -23,7 +23,7 @@ import com.google.common.base.Optional; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; -import org.sonar.api.web.UserRole; +import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.util.Uuids; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -67,7 +67,11 @@ public class TaskAction implements CeWsAction { @Override public void handle(Request wsRequest, Response wsResponse) throws Exception { - userSession.checkGlobalPermission(UserRole.ADMIN); + if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) + // WS can be used at the end of an analysis to implement a build breaker + && !userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION)) { + userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + } String taskUuid = wsRequest.mandatoryParam(PARAM_TASK_UUID); DbSession dbSession = dbClient.openSession(false); diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java index 0768dd0c99f..a67dcbd65df 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java @@ -24,8 +24,9 @@ import java.io.File; import org.junit.Before; import org.junit.Rule; import org.junit.Test; +import org.junit.rules.ExpectedException; import org.sonar.api.utils.System2; -import org.sonar.api.web.UserRole; +import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.util.Protobuf; import org.sonar.db.DbTester; import org.sonar.db.ce.CeActivityDto; @@ -35,41 +36,41 @@ import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; import org.sonar.server.computation.log.CeLogging; import org.sonar.server.computation.log.LogFileRef; +import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; -import org.sonarqube.ws.MediaTypes; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.TestResponse; import org.sonar.server.ws.WsActionTester; -import org.sonar.test.JsonAssert; +import org.sonarqube.ws.MediaTypes; import org.sonarqube.ws.WsCe; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Matchers.any; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import static org.sonar.test.JsonAssert.assertJson; public class TaskActionTest { - @Rule public UserSessionRule userSession = UserSessionRule.standalone(); - + @Rule + public ExpectedException expectedException = ExpectedException.none(); @Rule public DbTester dbTester = DbTester.create(System2.INSTANCE); CeLogging ceLogging = mock(CeLogging.class); TaskFormatter formatter = new TaskFormatter(dbTester.getDbClient(), ceLogging, System2.INSTANCE); TaskAction underTest = new TaskAction(dbTester.getDbClient(), formatter, userSession); - WsActionTester tester = new WsActionTester(underTest); + WsActionTester ws = new WsActionTester(underTest); @Before public void setUp() { when(ceLogging.getFile(any(LogFileRef.class))).thenReturn(Optional.absent()); + userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); } @Test public void task_is_in_queue() throws Exception { - userSession.setGlobalPermissions(UserRole.ADMIN); - ComponentDto project = ComponentTesting.newProjectDto().setUuid("PROJECT_1").setName("Project One").setKey("P1"); dbTester.getDbClient().componentDao().insert(dbTester.getSession(), project); @@ -82,7 +83,7 @@ public class TaskActionTest { dbTester.getDbClient().ceQueueDao().insert(dbTester.getSession(), queueDto); dbTester.commit(); - TestResponse wsResponse = tester.newRequest() + TestResponse wsResponse = ws.newRequest() .setMediaType(MediaTypes.PROTOBUF) .setParam("id", "TASK_1") .execute(); @@ -100,8 +101,6 @@ public class TaskActionTest { @Test public void task_is_archived() throws Exception { - userSession.setGlobalPermissions(UserRole.ADMIN); - ComponentDto project = ComponentTesting.newProjectDto().setUuid("PROJECT_1").setName("Project One").setKey("P1"); dbTester.getDbClient().componentDao().insert(dbTester.getSession(), project); @@ -115,7 +114,7 @@ public class TaskActionTest { dbTester.getDbClient().ceActivityDao().insert(dbTester.getSession(), activityDto); dbTester.commit(); - TestResponse wsResponse = tester.newRequest() + TestResponse wsResponse = ws.newRequest() .setMediaType(MediaTypes.PROTOBUF) .setParam("id", "TASK_1") .execute(); @@ -130,17 +129,35 @@ public class TaskActionTest { assertThat(taskResponse.getTask().getLogs()).isFalse(); } - @Test(expected = NotFoundException.class) + @Test public void task_not_found() throws Exception { - userSession.setGlobalPermissions(UserRole.ADMIN); + expectedException.expect(NotFoundException.class); - tester.newRequest() + ws.newRequest() .setParam("id", "DOES_NOT_EXIST") .execute(); } @Test - public void support_json_response() { + public void fail_if_not_admin_nor_scan_permission() { + expectedException.expect(ForbiddenException.class); + userSession.setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION); + CeQueueDto queueDto = new CeQueueDto(); + queueDto.setTaskType("fake"); + queueDto.setUuid("TASK_1"); + queueDto.setStatus(CeQueueDto.Status.PENDING); + dbTester.getDbClient().ceQueueDao().insert(dbTester.getSession(), queueDto); + dbTester.commit(); + + ws.newRequest() + .setMediaType(MediaTypes.PROTOBUF) + .setParam("id", "TASK_1") + .execute(); + } + + @Test + public void support_json_response_with_scan_permissions() { + userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); CeQueueDto queueDto = new CeQueueDto(); queueDto.setTaskType("fake"); queueDto.setUuid("TASK_1"); @@ -148,12 +165,11 @@ public class TaskActionTest { dbTester.getDbClient().ceQueueDao().insert(dbTester.getSession(), queueDto); dbTester.commit(); - userSession.setGlobalPermissions(UserRole.ADMIN); - TestResponse wsResponse = tester.newRequest() + TestResponse wsResponse = ws.newRequest() .setMediaType(MediaTypes.JSON) .setParam("id", "TASK_1") .execute(); - JsonAssert.assertJson(wsResponse.getInput()).isSimilarTo("{\"task\":{}}"); + assertJson(wsResponse.getInput()).isSimilarTo("{\"task\":{}}"); } } -- 2.39.5