From 8f414992c8da351ddf033a9319cdb426d5b6ee9b Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Thu, 20 Oct 2016 18:41:38 +0200 Subject: [PATCH] SONAR-8134 do not verify provisioning permission in PermissionService --- .../computation/queue/ReportSubmitter.java | 4 +++- .../server/permission/PermissionService.java | 20 +++++++++++++++++++ .../queue/ReportSubmitterTest.java | 19 ++++++++++-------- 3 files changed, 34 insertions(+), 9 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java index 5780fedd6a0..778913995f4 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java @@ -83,7 +83,9 @@ public class ReportSubmitter { newProject.setQualifier(Qualifiers.PROJECT); // "provisioning" permission is check in ComponentService ComponentDto project = componentService.create(dbSession, newProject); - permissionTemplateService.applyDefaultPermissionTemplate(project.getKey()); + + Integer currentUserId = userSession.getUserId(); + permissionTemplateService.applyDefault(dbSession, project, currentUserId != null ? currentUserId.longValue() : null); return project; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java index 1863027a50b..e060991ed80 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java @@ -67,6 +67,11 @@ public class PermissionService { } } + /** + * @deprecated replaced by {@link #applyDefault(DbSession, ComponentDto, Long)}, which does not + * verify that user is authorized to administrate the component. + */ + @Deprecated public void applyDefaultPermissionTemplate(DbSession session, String componentKey) { ComponentDto component = componentFinder.getByKey(session, componentKey); ResourceDto provisioned = dbClient.resourceDao().selectProvisionedProject(session, componentKey); @@ -106,6 +111,21 @@ public class PermissionService { indexProjectPermissions(dbSession, projects.stream().map(ComponentDto::uuid).collect(Collectors.toList())); } + /** + * Apply the default permission template to component, whatever it already exists (and has permissions) or if it's + * provisioned (and has no permissions yet). + * + * @param dbSession + * @param component + * @param projectCreatorUserId id of the user who creates the project, only if project is provisioned. He will + * benefit from the permissions defined in the template for "project creator". + */ + public void applyDefault(DbSession dbSession, ComponentDto component, @Nullable Long projectCreatorUserId) { + permissionRepository.applyDefaultPermissionTemplate(dbSession, component, projectCreatorUserId); + dbSession.commit(); + indexProjectPermissions(dbSession, asList(component.uuid())); + } + private void indexProjectPermissions(DbSession dbSession, List projectUuids) { permissionIndexer.index(dbSession, projectUuids); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java index 69265ea1655..5544076684e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java @@ -43,6 +43,7 @@ import org.sonar.server.tester.UserSessionRule; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Matchers.any; +import static org.mockito.Matchers.anyLong; import static org.mockito.Matchers.anyString; import static org.mockito.Matchers.argThat; import static org.mockito.Matchers.eq; @@ -67,17 +68,18 @@ public class ReportSubmitterTest { public UserSessionRule userSession = UserSessionRule.standalone(); @Rule - public DbTester dbTester = DbTester.create(System2.INSTANCE); + public DbTester db = DbTester.create(System2.INSTANCE); private CeQueue queue = mock(CeQueueImpl.class); private ComponentService componentService = mock(ComponentService.class); private PermissionService permissionService = mock(PermissionService.class); - private ReportSubmitter underTest = new ReportSubmitter(queue, userSession, componentService, permissionService, dbTester.getDbClient()); + private ReportSubmitter underTest = new ReportSubmitter(queue, userSession, componentService, permissionService, db.getDbClient()); @Test public void submit_a_report_on_existing_project() { userSession.setGlobalPermissions(SCAN_EXECUTION); - ComponentDto project = dbTester.components().insertProject(); + ComponentDto project = db.components().insertProject(); + when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); underTest.submit(project.getKey(), null, project.name(), IOUtils.toInputStream("{binary}")); @@ -103,14 +105,15 @@ public class ReportSubmitterTest { userSession.setGlobalPermissions(SCAN_EXECUTION, PROVISIONING); when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); - when(componentService.create(any(DbSession.class), any(NewComponent.class))).thenReturn(new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY)); + ComponentDto createdProject = new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY); + when(componentService.create(any(DbSession.class), any(NewComponent.class))).thenReturn(createdProject); when(permissionService.wouldCurrentUserHavePermissionWithDefaultTemplate(any(DbSession.class), eq(SCAN_EXECUTION), anyString(), eq(PROJECT_KEY), eq(Qualifiers.PROJECT))) .thenReturn(true); underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}")); verifyReportIsPersisted(TASK_UUID); - verify(permissionService).applyDefaultPermissionTemplate(any(DbSession.class), eq(PROJECT_KEY)); + verify(permissionService).applyDefault(any(DbSession.class), eq(createdProject), anyLong()); verify(queue).submit(argThat(new TypeSafeMatcher() { @Override protected boolean matchesSafely(CeTaskSubmit submit) { @@ -141,7 +144,7 @@ public class ReportSubmitterTest { @Test public void submit_a_report_on_existing_project_with_global_scan_permission() { - ComponentDto project = dbTester.components().insertProject(); + ComponentDto project = db.components().insertProject(); userSession.setGlobalPermissions(SCAN_EXECUTION); when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); @@ -153,7 +156,7 @@ public class ReportSubmitterTest { @Test public void submit_a_report_on_existing_project_with_project_scan_permission() { - ComponentDto project = dbTester.components().insertProject(); + ComponentDto project = db.components().insertProject(); userSession.addProjectUuidPermissions(SCAN_EXECUTION, project.uuid()); when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); @@ -183,7 +186,7 @@ public class ReportSubmitterTest { } private void verifyReportIsPersisted(String taskUuid) { - assertThat(dbTester.selectFirst("select task_uuid from ce_task_input where task_uuid='" + taskUuid + "'")).isNotNull(); + assertThat(db.selectFirst("select task_uuid from ce_task_input where task_uuid='" + taskUuid + "'")).isNotNull(); } } -- 2.39.5