From aae7c1ef772005a79b9398d3abfe9d0c1c81ceaa Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Lievremont Date: Mon, 23 Sep 2013 18:23:21 +0200 Subject: [PATCH] SONAR-3871 Create permission for provisioning - initial commit for backup --- .../resources/org/sonar/l10n/core.properties | 2 + .../core/permission/GlobalPermissions.java | 5 +- .../core/persistence/DatabaseVersion.java | 2 +- .../org/sonar/core/persistence/rows-h2.sql | 4 +- .../controllers/api/permissions_controller.rb | 8 ++-- .../441_add_provisioning_permission.rb | 48 +++++++++++++++++++ .../InternalPermissionServiceTest.java | 2 +- .../permission/PermissionChangeQueryTest.java | 2 +- 8 files changed, 63 insertions(+), 10 deletions(-) create mode 100644 sonar-server/src/main/webapp/WEB-INF/db/migrate/441_add_provisioning_permission.rb diff --git a/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties b/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties index f577d071d12..cd432ffc10c 100644 --- a/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties +++ b/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties @@ -2253,6 +2253,8 @@ global_permissions.scan.desc=Ability to execute analyses, and to get all setting global_permissions.dryRunScan=Execute Local Analysis (Dry Run) global_permissions.dryRunScan.desc=Ability to execute local (dry run) analyses without pushing the results to the server, and to get all settings required to perform a local analysis. This permission does not include the ability to access secured settings such as the scm account password, the jira account password, and so on.
\ This permission is required to execute a local analysis in Eclipse or via the Issues Report plugin. +global_permissions.provisioning=Provision Resources +global_permissions.provisioning.desc=Ability to initialize project structure before first analysis. #------------------------------------------------------------------------------ # diff --git a/sonar-core/src/main/java/org/sonar/core/permission/GlobalPermissions.java b/sonar-core/src/main/java/org/sonar/core/permission/GlobalPermissions.java index 1757220c330..6e1e052bdc6 100644 --- a/sonar-core/src/main/java/org/sonar/core/permission/GlobalPermissions.java +++ b/sonar-core/src/main/java/org/sonar/core/permission/GlobalPermissions.java @@ -35,10 +35,11 @@ public final class GlobalPermissions { public static final String DASHBOARD_SHARING = "shareDashboard"; public static final String SCAN_EXECUTION = "scan"; public static final String DRY_RUN_EXECUTION = "dryRunScan"; + public static final String PROVISIONING = "provisioning"; /** - * All the global permissions values, ordered from {@link #SYSTEM_ADMIN} to {@link #DRY_RUN_EXECUTION}. + * All the global permissions values, ordered from {@link #SYSTEM_ADMIN} to {@link #PROVISIONING}. */ - public static final List ALL = ImmutableList.of(SYSTEM_ADMIN, QUALITY_PROFILE_ADMIN, DASHBOARD_SHARING, SCAN_EXECUTION, DRY_RUN_EXECUTION); + public static final List ALL = ImmutableList.of(SYSTEM_ADMIN, QUALITY_PROFILE_ADMIN, DASHBOARD_SHARING, SCAN_EXECUTION, DRY_RUN_EXECUTION, PROVISIONING); } diff --git a/sonar-core/src/main/java/org/sonar/core/persistence/DatabaseVersion.java b/sonar-core/src/main/java/org/sonar/core/persistence/DatabaseVersion.java index 4e02ccede27..e49c6615aed 100644 --- a/sonar-core/src/main/java/org/sonar/core/persistence/DatabaseVersion.java +++ b/sonar-core/src/main/java/org/sonar/core/persistence/DatabaseVersion.java @@ -33,7 +33,7 @@ import java.util.List; */ public class DatabaseVersion implements BatchComponent, ServerComponent { - public static final int LAST_VERSION = 440; + public static final int LAST_VERSION = 441; public static enum Status { UP_TO_DATE, REQUIRES_UPGRADE, REQUIRES_DOWNGRADE, FRESH_INSTALL diff --git a/sonar-core/src/main/resources/org/sonar/core/persistence/rows-h2.sql b/sonar-core/src/main/resources/org/sonar/core/persistence/rows-h2.sql index 512a3f6ed21..2ee8f0fd611 100644 --- a/sonar-core/src/main/resources/org/sonar/core/persistence/rows-h2.sql +++ b/sonar-core/src/main/resources/org/sonar/core/persistence/rows-h2.sql @@ -9,7 +9,8 @@ INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (2, 1, null, 'pr INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (3, 1, null, 'shareDashboard'); INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (4, null, null, 'scan'); INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (5, null, null, 'dryRunScan'); -ALTER TABLE GROUP_ROLES ALTER COLUMN ID RESTART WITH 6; +INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (6, 1, null, 'provisioning'); +ALTER TABLE GROUP_ROLES ALTER COLUMN ID RESTART WITH 7; INSERT INTO GROUPS_USERS(USER_ID, GROUP_ID) VALUES (1, 1); INSERT INTO GROUPS_USERS(USER_ID, GROUP_ID) VALUES (1, 2); @@ -177,6 +178,7 @@ INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('431'); INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('432'); INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('433'); INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('440'); +INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('441'); INSERT INTO USERS(ID, LOGIN, NAME, EMAIL, CRYPTED_PASSWORD, SALT, CREATED_AT, UPDATED_AT, REMEMBER_TOKEN, REMEMBER_TOKEN_EXPIRES_AT) VALUES (1, 'admin', 'Administrator', '', 'a373a0e667abb2604c1fd571eb4ad47fe8cc0878', '48bc4b0d93179b5103fd3885ea9119498e9d161b', '2011-09-26 22:27:48.0', '2011-09-26 22:27:48.0', null, null); ALTER TABLE USERS ALTER COLUMN ID RESTART WITH 2; diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/permissions_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/permissions_controller.rb index 67b1da0dd99..2a951916a28 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/permissions_controller.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/permissions_controller.rb @@ -28,7 +28,7 @@ class Api::PermissionsController < Api::ApiController # # -- Mandatory parameters # 'permission' is the key of the permission to add. - # For global permissions, available values are : admin, profileadmin, shareDashboard, scan, dryRunScan. + # For global permissions, available values are : admin, profileadmin, shareDashboard, scan, dryRunScan, provisioning. # For component permissions, available values are : user, codeviewer, admin. # 'user' is the user identifier (login) # OR @@ -45,7 +45,7 @@ class Api::PermissionsController < Api::ApiController # Requests that attempt to add an already configured permission will be silently ignored # # since 3.7 - # 'component' parameter has been added in 4.0 + # 'component' parameter and 'provisioning' permission have been added in 4.0 # def add verify_post_request @@ -64,7 +64,7 @@ class Api::PermissionsController < Api::ApiController # # -- Mandatory parameters # 'permission' is the key of the permission to add. - # For global permissions, available values are : admin, profileadmin, shareDashboard, scan, dryRunScan. + # For global permissions, available values are : admin, profileadmin, shareDashboard, scan, dryRunScan, provisioning. # For component permissions, available values are : user, codeviewer, admin. # 'user' is the user identifier (login) # OR @@ -81,7 +81,7 @@ class Api::PermissionsController < Api::ApiController # Requests that attempt to remove a non-existing permission will be silently ignored # # since 3.7 - # 'component' parameter has been added in 4.0 + # 'component' parameter and 'provisioning' permission have been added in 4.0 # def remove verify_post_request diff --git a/sonar-server/src/main/webapp/WEB-INF/db/migrate/441_add_provisioning_permission.rb b/sonar-server/src/main/webapp/WEB-INF/db/migrate/441_add_provisioning_permission.rb new file mode 100644 index 00000000000..de2a19767e2 --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/db/migrate/441_add_provisioning_permission.rb @@ -0,0 +1,48 @@ +# +# Sonar, entreprise quality control tool. +# Copyright (C) 2008-2013 SonarSource +# mailto:contact AT sonarsource DOT com +# +# SonarQube is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 3 of the License, or (at your option) any later version. +# +# SonarQube is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# + +# +# Sonar 4.0 +# SONAR-3871 +# + +class AddProvisioningPermission < ActiveRecord::Migration + + class GroupRole < ActiveRecord::Base + end + + class UserRole < ActiveRecord::Base + end + + def self.up + group_roles=GroupRole.find(:all, :conditions => {:role => 'admin', :resource_id => nil}) + groups = group_roles.map { |ur| ur.group_id } + groups.each do |group_id| + GroupRole.create(:group_id => group_id, :role => 'provisioning', :resource_id => nil) + end + + user_roles=UserRole.find(:all, :conditions => {:role => 'admin', :resource_id => nil}) + users = user_roles.map { |ur| ur.user_id } + users.each do |user_id| + UserRole.create(:user_id => user_id, :role=> 'provisioning', :resource_id => nil) + end + end + +end diff --git a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java index 91f544809c2..da64f32a759 100644 --- a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java +++ b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java @@ -78,7 +78,7 @@ public class InternalPermissionServiceTest { public void return_global_permissions() { assertThat(service.globalPermissions()).containsOnly( GlobalPermissions.SYSTEM_ADMIN, GlobalPermissions.QUALITY_PROFILE_ADMIN, GlobalPermissions.DASHBOARD_SHARING, - GlobalPermissions.DRY_RUN_EXECUTION, GlobalPermissions.SCAN_EXECUTION); + GlobalPermissions.DRY_RUN_EXECUTION, GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.PROVISIONING); } @Test diff --git a/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java b/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java index 191cd6d26f7..864ea24db2a 100644 --- a/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java +++ b/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java @@ -119,7 +119,7 @@ public class PermissionChangeQueryTest { PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(inconsistentParams); thrown.expect(BadRequestException.class); - thrown.expectMessage("Invalid global permission key invalid. Valid values are [admin, profileadmin, shareDashboard, scan, dryRunScan]"); + thrown.expectMessage("Invalid global permission key invalid. Valid values are [admin, profileadmin, shareDashboard, scan, dryRunScan, provisioning]"); query.validate(); } -- 2.39.5