From b39678967f1043bc16e0cfff7143e8186fccfd94 Mon Sep 17 00:00:00 2001
From: Simon Brandhof <simon.brandhof@sonarsource.com>
Date: Thu, 2 Feb 2017 12:12:06 +0100
Subject: [PATCH] SONAR-8716 fix check of permissions in api/ui/component

---
 .../java/org/sonar/server/ui/ws/ComponentAction.java     | 9 ++++-----
 .../java/org/sonar/server/ui/ws/ComponentActionTest.java | 6 +++---
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java
index e658d3207e5..1dbf7b6e139 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java
@@ -49,7 +49,6 @@ import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.property.PropertyDto;
 import org.sonar.db.property.PropertyQuery;
 import org.sonar.db.qualitygate.QualityGateDto;
-import org.sonar.server.ce.ws.ActivityAction;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.qualitygate.QualityGateFinder;
@@ -132,15 +131,15 @@ public class ComponentAction implements NavigationWsAction {
       if (!(userSession.hasComponentPermission(USER, component) || userSession.hasComponentPermission(ADMIN, component))) {
         throw new ForbiddenException("Insufficient privileges");
       }
-      OrganizationDto organizationDto = componentFinder.getOrganization(session, component);
+      OrganizationDto org = componentFinder.getOrganization(session, component);
       Optional<SnapshotDto> analysis = dbClient.snapshotDao().selectLastAnalysisByRootComponentUuid(session, component.projectUuid());
 
       JsonWriter json = response.newJsonWriter();
       json.beginObject();
-      writeComponent(json, session, component, organizationDto, analysis.orElse(null));
+      writeComponent(json, session, component, org, analysis.orElse(null));
       writeProfiles(json, session, component);
       writeQualityGate(json, session, component);
-      if (userSession.hasComponentPermission(ADMIN, component) || userSession.hasPermission(QUALITY_PROFILE_ADMIN)) {
+      if (userSession.hasComponentPermission(ADMIN, component) || userSession.hasOrganizationPermission(org.getUuid(), QUALITY_PROFILE_ADMIN)) {
         writeConfiguration(json, component);
       }
       writeBreadCrumbs(json, session, component);
@@ -235,7 +234,7 @@ public class ComponentAction implements NavigationWsAction {
     json.prop("showPermissions", isAdmin && componentTypeHasProperty(component, PROPERTY_HAS_ROLE_POLICY));
     json.prop("showHistory", isAdmin && componentTypeHasProperty(component, PROPERTY_MODIFIABLE_HISTORY));
     json.prop("showUpdateKey", isAdmin && componentTypeHasProperty(component, PROPERTY_UPDATABLE_KEY));
-    json.prop("showBackgroundTasks", ActivityAction.isAllowedOnComponentUuid(userSession, component.uuid()));
+    json.prop("showBackgroundTasks", isAdmin);
   }
 
   private boolean componentTypeHasProperty(ComponentDto component, String resourceTypeProperty) {
diff --git a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java
index 9e770214847..454dc82acda 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java
@@ -309,9 +309,9 @@ public class ComponentActionTest {
   public void return_configuration_for_quality_profile_admin() throws Exception {
     init();
     componentDbTester.insertComponent(project);
-    userSessionRule.anonymous()
-      .addProjectUuidPermissions(UserRole.USER, "abcd")
-      .setGlobalPermissions(QUALITY_PROFILE_ADMIN);
+    userSessionRule.login()
+      .addProjectUuidPermissions(UserRole.USER, project.uuid())
+      .addOrganizationPermission(project.getOrganizationUuid(), QUALITY_PROFILE_ADMIN);
 
     executeAndVerify(project.key(), "return_configuration_for_quality_profile_admin.json");
   }
-- 
2.39.5