From af3451f9ecff3ca871919405a495d5719587bb87 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Mon, 27 Nov 2017 10:27:33 +0100 Subject: [PATCH] SONAR-10088 Prevent creating condition on built-in quality gate --- .../qualitygate/ws/CreateConditionAction.java | 15 ++++----------- .../ws/CreateConditionActionTest.java | 17 +++++++++++++++-- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java index 268af34e763..3264a945b93 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java @@ -24,13 +24,10 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.db.DbClient; import org.sonar.db.DbSession; -import org.sonar.db.permission.OrganizationPermission; import org.sonar.db.qualitygate.QualityGateConditionDto; import org.sonar.db.qualitygate.QualityGateDto; -import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.qualitygate.QualityGateConditionsUpdater; import org.sonar.server.qualitygate.QualityGateFinder; -import org.sonar.server.user.UserSession; import org.sonarqube.ws.Qualitygates.CreateConditionResponse; import static org.sonar.core.util.Protobuf.setNullable; @@ -46,19 +43,16 @@ import static org.sonar.server.qualitygate.ws.QualityGatesWsParameters.PARAM_WAR public class CreateConditionAction implements QualityGatesWsAction { - private final UserSession userSession; private final DbClient dbClient; private final QualityGateConditionsUpdater qualityGateConditionsUpdater; - private final DefaultOrganizationProvider defaultOrganizationProvider; private final QualityGateFinder qualityGateFinder; + private final QualityGatesWsSupport wsSupport; - public CreateConditionAction(UserSession userSession, DbClient dbClient, QualityGateConditionsUpdater qualityGateConditionsUpdater, - DefaultOrganizationProvider defaultOrganizationProvider, QualityGateFinder qualityGateFinder) { - this.userSession = userSession; + public CreateConditionAction(DbClient dbClient, QualityGateConditionsUpdater qualityGateConditionsUpdater, QualityGateFinder qualityGateFinder, QualityGatesWsSupport wsSupport) { this.dbClient = dbClient; this.qualityGateConditionsUpdater = qualityGateConditionsUpdater; - this.defaultOrganizationProvider = defaultOrganizationProvider; this.qualityGateFinder = qualityGateFinder; + this.wsSupport = wsSupport; } @Override @@ -82,8 +76,6 @@ public class CreateConditionAction implements QualityGatesWsAction { @Override public void handle(Request request, Response response) { - userSession.checkPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, defaultOrganizationProvider.get().getUuid()); - int gateId = request.mandatoryParamAsInt(PARAM_GATE_ID); String metric = request.mandatoryParam(PARAM_METRIC); String operator = request.mandatoryParam(PARAM_OPERATOR); @@ -93,6 +85,7 @@ public class CreateConditionAction implements QualityGatesWsAction { try (DbSession dbSession = dbClient.openSession(false)) { QualityGateDto qualityGate = qualityGateFinder.getById(dbSession, gateId); + wsSupport.checkCanEdit(qualityGate); QualityGateConditionDto condition = qualityGateConditionsUpdater.createCondition(dbSession, qualityGate, metric, operator, warning, error, period); CreateConditionResponse.Builder createConditionResponse = CreateConditionResponse.newBuilder() .setId(condition.getId()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java index b455ba4af88..ff4fa1d48d6 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java @@ -41,6 +41,7 @@ import org.sonar.server.ws.TestRequest; import org.sonar.server.ws.WsActionTester; import org.sonarqube.ws.Qualitygates.CreateConditionResponse; +import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.tuple; import static org.sonar.api.measures.Metric.ValueType.INT; @@ -66,8 +67,8 @@ public class CreateConditionActionTest { private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); private DbClient dbClient = db.getDbClient(); private DbSession dbSession = db.getSession(); - private CreateConditionAction underTest = new CreateConditionAction(userSession, dbClient, new QualityGateConditionsUpdater(dbClient), defaultOrganizationProvider, - new QualityGateFinder(dbClient)); + private CreateConditionAction underTest = new CreateConditionAction(dbClient, new QualityGateConditionsUpdater(dbClient), + new QualityGateFinder(dbClient), new QualityGatesWsSupport(dbClient, userSession, defaultOrganizationProvider)); private WsActionTester ws = new WsActionTester(underTest); @@ -104,6 +105,18 @@ public class CreateConditionActionTest { assertCondition(qualityGate, metric, "LT", null, "90", 1); } + @Test + public void fail_to_update_built_in_quality_gate() { + logInAsQualityGateAdmin(); + QualityGateDto qualityGate = db.qualityGates().insertQualityGate(qg -> qg.setBuiltIn(true)); + MetricDto metric = insertMetric(); + + expectedException.expect(IllegalArgumentException.class); + expectedException.expectMessage(format("Operation forbidden for built-in Quality Gate '%s'", qualityGate.getName())); + + executeRequest(qualityGate.getId(), metric.getKey(), "LT", null, "90", 1); + } + @Test public void test_response() throws Exception { logInAsQualityGateAdmin(); -- 2.39.5