From a5f32281f451e315b5de2e1db1cfe34727fd550b Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Wed, 5 Jun 2013 08:37:46 +0200 Subject: [PATCH] SONAR-3755 to list transitions available on an issue, user role on the issue project is needed --- .../org/sonar/server/issue/InternalRubyIssueService.java | 4 ++-- .../src/main/java/org/sonar/server/issue/IssueService.java | 7 ++++--- .../java/org/sonar/server/issue/ActionPlanServiceTest.java | 7 +++++++ .../test/java/org/sonar/server/issue/IssueServiceTest.java | 7 +++++-- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java b/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java index 87533a774ab..321506a0528 100644 --- a/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java +++ b/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java @@ -81,11 +81,11 @@ public class InternalRubyIssueService implements ServerComponent { } public List listTransitions(String issueKey) { - return issueService.listTransitions(issueKey); + return issueService.listTransitions(issueKey, UserSession.get()); } public List listTransitions(Issue issue) { - return issueService.listTransitions(issue); + return issueService.listTransitions(issue, UserSession.get()); } public List listStatus() { diff --git a/sonar-server/src/main/java/org/sonar/server/issue/IssueService.java b/sonar-server/src/main/java/org/sonar/server/issue/IssueService.java index 8d694dd2b2a..f6a9e846b0a 100644 --- a/sonar-server/src/main/java/org/sonar/server/issue/IssueService.java +++ b/sonar-server/src/main/java/org/sonar/server/issue/IssueService.java @@ -92,17 +92,18 @@ public class IssueService implements ServerComponent { *

* Never return null, but return an empty list if the issue does not exist. */ - public List listTransitions(String issueKey) { - return listTransitions(loadIssue(issueKey).first()); + public List listTransitions(String issueKey, UserSession userSession) { + return listTransitions(loadIssue(issueKey).first(), userSession); } /** * Never return null, but an empty list if the issue does not exist. */ - public List listTransitions(@Nullable Issue issue) { + public List listTransitions(@Nullable Issue issue, UserSession userSession) { if (issue == null) { return Collections.emptyList(); } + checkAuthorization(userSession, issue, UserRole.USER); return workflow.outTransitions(issue); } diff --git a/sonar-server/src/test/java/org/sonar/server/issue/ActionPlanServiceTest.java b/sonar-server/src/test/java/org/sonar/server/issue/ActionPlanServiceTest.java index fdf586dbd6b..05028775774 100644 --- a/sonar-server/src/test/java/org/sonar/server/issue/ActionPlanServiceTest.java +++ b/sonar-server/src/test/java/org/sonar/server/issue/ActionPlanServiceTest.java @@ -69,6 +69,7 @@ public class ActionPlanServiceTest { actionPlanService.create(actionPlan, userSession); verify(actionPlanDao).save(any(ActionPlanDto.class)); + verify(authorizationDao).isAuthorizedComponentId(anyLong(), anyInt(), eq(UserRole.ADMIN)); } @Test @@ -112,6 +113,7 @@ public class ActionPlanServiceTest { assertThat(result).isNotNull(); assertThat(result.status()).isEqualTo("CLOSED"); + verify(authorizationDao).isAuthorizedComponentId(anyLong(), anyInt(), eq(UserRole.ADMIN)); } @Test @@ -121,6 +123,7 @@ public class ActionPlanServiceTest { actionPlanService.update(actionPlan, userSession); verify(actionPlanDao).update(any(ActionPlanDto.class)); + verify(authorizationDao).isAuthorizedComponentId(anyLong(), anyInt(), eq(UserRole.ADMIN)); } @Test @@ -129,6 +132,7 @@ public class ActionPlanServiceTest { when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey("org.sonar.Sample").setId(1l)); actionPlanService.delete("ABCD", userSession); verify(actionPlanDao).delete("ABCD"); + verify(authorizationDao).isAuthorizedComponentId(anyLong(), anyInt(), eq(UserRole.ADMIN)); } @Test @@ -139,6 +143,7 @@ public class ActionPlanServiceTest { ActionPlan result = actionPlanService.findByKey("ABCD", userSession); assertThat(result).isNotNull(); assertThat(result.key()).isEqualTo("ABCD"); + verify(authorizationDao).isAuthorizedComponentId(anyLong(), anyInt(), eq(UserRole.USER)); } @Test @@ -162,6 +167,7 @@ public class ActionPlanServiceTest { Collection results = actionPlanService.findOpenByProjectKey("org.sonar.Sample", userSession); assertThat(results).hasSize(1); assertThat(results.iterator().next().key()).isEqualTo("ABCD"); + verify(authorizationDao).isAuthorizedComponentId(anyLong(), anyInt(), eq(UserRole.USER)); } @Test @@ -193,6 +199,7 @@ public class ActionPlanServiceTest { Collection results = actionPlanService.findActionPlanStats("org.sonar.Sample", userSession); assertThat(results).hasSize(1); + verify(authorizationDao).isAuthorizedComponentId(anyLong(), anyInt(), eq(UserRole.USER)); } @Test(expected = IllegalArgumentException.class) diff --git a/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceTest.java b/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceTest.java index 0f640f2f286..584c217ad06 100644 --- a/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceTest.java +++ b/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceTest.java @@ -118,20 +118,23 @@ public class IssueServiceTest { @Test public void should_list_transitions() { + grantAccess(); List transitions = newArrayList(transition); when(workflow.outTransitions(issue)).thenReturn(transitions); - List result = issueService.listTransitions("ABCD"); + List result = issueService.listTransitions("ABCD", userSession); assertThat(result).hasSize(1); assertThat(result.get(0)).isEqualTo(transition); + verify(authorizationDao).isAuthorizedComponentId(anyLong(), anyInt(), eq(UserRole.USER)); } @Test public void should_return_no_transition() { + grantAccess(); when(issueQueryResult.first()).thenReturn(null); when(issueQueryResult.issues()).thenReturn(newArrayList((Issue) new DefaultIssue())); - assertThat(issueService.listTransitions("ABCD")).isEmpty(); + assertThat(issueService.listTransitions("ABCD", userSession)).isEmpty(); verifyZeroInteractions(workflow); } -- 2.39.5