From bd8c009b98b373b4916ea586becabf5ae989f64a Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Sun, 29 Jan 2017 17:08:59 +0100 Subject: [PATCH] SONAR-8716 Add methods in UserSession with ComponentDto parameters. The new methods hasComponentPermission(String,ComponentDto) and checkComponentPermission(String,ComponentDto) will help to drop the same methods with key/uuid String parameters. --- .../java/org/sonar/ce/user/CeUserSession.java | 12 +++++++++++ .../server/user/AbstractUserSession.java | 14 +++++++++++++ .../org/sonar/server/user/DoPrivileged.java | 6 ++++++ .../server/user/ThreadLocalUserSession.java | 13 ++++++++++++ .../org/sonar/server/user/UserSession.java | 21 +++++++++++++++++-- .../tester/AbstractMockUserSession.java | 6 ++++++ .../sonar/server/tester/UserSessionRule.java | 13 ++++++++++++ 7 files changed, 83 insertions(+), 2 deletions(-) diff --git a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java index 39f6f821fa4..0e15807fe29 100644 --- a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java +++ b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java @@ -19,8 +19,10 @@ */ package org.sonar.ce.user; +import java.util.Collection; import java.util.List; import java.util.Set; +import org.sonar.db.component.ComponentDto; import org.sonar.db.user.GroupDto; import org.sonar.server.user.UserSession; @@ -104,6 +106,11 @@ public class CeUserSession implements UserSession { return notImplemented(); } + @Override + public UserSession checkComponentPermission(String projectPermission, ComponentDto component) { + return notImplemented(); + } + @Override public UserSession checkComponentPermission(String projectPermission, String componentKey) { return notImplemented(); @@ -114,6 +121,11 @@ public class CeUserSession implements UserSession { return notImplemented(); } + @Override + public boolean hasComponentPermission(String permission, ComponentDto component) { + return notImplementedBooleanMethod(); + } + @Override public boolean hasComponentPermission(String permission, String componentKey) { return notImplementedBooleanMethod(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java index a61b44710e1..76335c8b83d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java @@ -19,6 +19,7 @@ */ package org.sonar.server.user; +import org.sonar.db.component.ComponentDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; @@ -71,6 +72,19 @@ public abstract class AbstractUserSession implements UserSession { return isRoot() || globalPermissions().contains(globalPermission); } + @Override + public boolean hasComponentPermission(String permission, ComponentDto component) { + return hasComponentUuidPermission(permission, component.projectUuid()); + } + + @Override + public UserSession checkComponentPermission(String projectPermission, ComponentDto component) { + if (!hasComponentPermission(projectPermission, component)) { + throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); + } + return this; + } + @Override public UserSession checkComponentPermission(String projectPermission, String componentKey) { if (!hasComponentPermission(projectPermission, componentKey)) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java index 3d08fc487e5..d5242f0af6b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java @@ -26,6 +26,7 @@ import java.util.Set; import org.sonar.api.security.DefaultGroups; import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.user.GroupDto; +import org.sonar.db.component.ComponentDto; /** * Allow code to be executed with the highest privileges possible, as if executed by a {@link GlobalPermissions#SYSTEM_ADMIN} account. @@ -118,6 +119,11 @@ public final class DoPrivileged { return Collections.emptyList(); } + @Override + public boolean hasComponentPermission(String permission, ComponentDto component) { + return true; + } + @Override public boolean hasComponentPermission(String permission, String componentKey) { return true; diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java index db21fb6b49b..9692239f592 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java @@ -19,9 +19,11 @@ */ package org.sonar.server.user; +import java.util.Collection; import java.util.List; import java.util.Set; import javax.annotation.CheckForNull; +import org.sonar.db.component.ComponentDto; import org.sonar.db.user.GroupDto; import org.sonar.server.exceptions.UnauthorizedException; @@ -118,6 +120,12 @@ public class ThreadLocalUserSession implements UserSession { return get().globalPermissions(); } + @Override + public UserSession checkComponentPermission(String projectPermission, ComponentDto component) { + get().checkComponentPermission(projectPermission, component); + return this; + } + @Override public UserSession checkComponentPermission(String projectPermission, String componentKey) { get().checkComponentPermission(projectPermission, componentKey); @@ -130,6 +138,11 @@ public class ThreadLocalUserSession implements UserSession { return this; } + @Override + public boolean hasComponentPermission(String permission, ComponentDto component) { + return get().hasComponentPermission(permission, component); + } + @Override public boolean hasComponentPermission(String permission, String componentKey) { return get().hasComponentPermission(permission, componentKey); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java index bb6b2eb662f..9ccd1d380f4 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java @@ -19,10 +19,12 @@ */ package org.sonar.server.user; +import java.util.Collection; import java.util.List; import java.util.Set; import javax.annotation.CheckForNull; import org.sonar.api.security.DefaultGroups; +import org.sonar.db.component.ComponentDto; import org.sonar.db.user.GroupDto; public interface UserSession { @@ -71,7 +73,7 @@ public interface UserSession { /** * Ensures that permission is granted to user, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. - + * @deprecated in 6.3 because it doesn't support organizations * @see org.sonar.core.permission.GlobalPermissions * @see #checkIsRoot() for system administrators @@ -82,7 +84,7 @@ public interface UserSession { /** * Does the user have the given permission ? - + * @deprecated in 6.3 because if doesn't support organizations * @see org.sonar.core.permission.GlobalPermissions * @see #isRoot() @@ -111,6 +113,15 @@ public interface UserSession { @Deprecated List globalPermissions(); + /** + * Ensures that permission is granted to user, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. + * If the component doesn't exist and the user doesn't have the permission, throws + * a {@link org.sonar.server.exceptions.ForbiddenException}. + * + * @see org.sonar.api.web.UserRole for list of project permissions + */ + UserSession checkComponentPermission(String projectPermission, ComponentDto component); + /** * Ensures that permission is granted to user on the specified component, otherwise throws * a {@link org.sonar.server.exceptions.ForbiddenException}. @@ -126,6 +137,12 @@ public interface UserSession { */ UserSession checkComponentUuidPermission(String permission, String componentUuid); + /** + * Whether the user has the permission on the component. Returns {@code false} + * if the component does not exist in database. + */ + boolean hasComponentPermission(String permission, ComponentDto component); + /** * Does the user have the given permission for a component key ? * diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java b/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java index 56261cd7e3c..6d5fcb00e82 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java @@ -29,6 +29,7 @@ import java.util.Map; import java.util.Set; import javax.annotation.Nullable; import org.sonar.api.security.DefaultGroups; +import org.sonar.db.component.ComponentDto; import org.sonar.server.user.AbstractUserSession; import static com.google.common.collect.Lists.newArrayList; @@ -110,6 +111,11 @@ public abstract class AbstractMockUserSession return globalPermissions; } + @Override + public boolean hasComponentPermission(String permission, ComponentDto component) { + return hasComponentUuidPermission(permission, component.projectUuid()); + } + @Override public boolean hasComponentPermission(String permission, String componentKey) { String projectKey = projectKeyByComponentKey.get(componentKey); diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java index 1798c27d534..d2ebacdd2b0 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java @@ -20,6 +20,7 @@ package org.sonar.server.tester; import com.google.common.base.Preconditions; +import java.util.Collection; import java.util.List; import java.util.Set; import javax.annotation.CheckForNull; @@ -27,6 +28,7 @@ import javax.annotation.Nullable; import org.junit.rules.TestRule; import org.junit.runner.Description; import org.junit.runners.model.Statement; +import org.sonar.db.component.ComponentDto; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; @@ -254,6 +256,11 @@ public class UserSessionRule implements TestRule, UserSession { return currentUserSession.globalPermissions(); } + @Override + public boolean hasComponentPermission(String permission, ComponentDto component) { + return hasComponentUuidPermission(permission, component.projectUuid()); + } + @Override public boolean hasComponentPermission(String permission, String componentKey) { return currentUserSession.hasComponentPermission(permission, componentKey); @@ -330,6 +337,12 @@ public class UserSessionRule implements TestRule, UserSession { return currentUserSession.hasOrganizationPermission(organizationUuid, permission); } + @Override + public UserSession checkComponentPermission(String projectPermission, ComponentDto component) { + currentUserSession.checkComponentPermission(projectPermission, component); + return this; + } + @Override public UserSession checkComponentPermission(String projectPermission, String componentKey) { currentUserSession.checkComponentPermission(projectPermission, componentKey); -- 2.39.5