From c06b99f33c929967c8b063f0683e71d5ee9bdc85 Mon Sep 17 00:00:00 2001 From: Teryk Bellahsene Date: Tue, 31 May 2016 16:49:27 +0200 Subject: [PATCH] SONAR-7681 WS api/ce/activity requires administer permissions when searching with a task id --- .../sonar/server/ce/ws/ActivityAction.java | 3 +- .../server/ce/ws/ActivityActionTest.java | 51 +++++++++++++++---- 2 files changed, 44 insertions(+), 10 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/ce/ws/ActivityAction.java b/server/sonar-server/src/main/java/org/sonar/server/ce/ws/ActivityAction.java index 8ab38f7c912..2a40aa7308b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ce/ws/ActivityAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ce/ws/ActivityAction.java @@ -166,9 +166,10 @@ public class ActivityAction implements CeWsAction { // if a task searched by uuid is found all other parameters are ignored Optional taskSearchedById = searchTaskByUuid(dbSession, request); if (taskSearchedById.isPresent()) { + userSession.checkComponentUuidPermission(UserRole.ADMIN, taskSearchedById.get().getComponentId()); return buildResponse( singletonList(taskSearchedById.get()), - Collections.emptyList(), + Collections.emptyList(), request.getPageSize()); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/ce/ws/ActivityActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/ce/ws/ActivityActionTest.java index da181306d87..5e05f81cf69 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/ce/ws/ActivityActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/ce/ws/ActivityActionTest.java @@ -65,8 +65,10 @@ import static org.sonar.api.utils.DateUtils.formatDateTime; import static org.sonar.db.component.ComponentTesting.newDeveloper; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.component.ComponentTesting.newView; +import static org.sonarqube.ws.client.ce.CeWsParameters.PARAM_COMPONENT_ID; import static org.sonarqube.ws.client.ce.CeWsParameters.PARAM_COMPONENT_QUERY; import static org.sonarqube.ws.client.ce.CeWsParameters.PARAM_STATUS; +import static org.sonarqube.ws.client.ce.CeWsParameters.PARAM_TYPE; public class ActivityActionTest { @@ -92,7 +94,7 @@ public class ActivityActionTest { @Test public void get_all_past_activity() { - userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); + globalAdmin(); insertActivity("T1", "PROJECT_1", CeActivityDto.Status.SUCCESS); insertActivity("T2", "PROJECT_2", CeActivityDto.Status.FAILED); @@ -115,7 +117,7 @@ public class ActivityActionTest { @Test public void filter_by_status() { - userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); + globalAdmin(); insertActivity("T1", "PROJECT_1", CeActivityDto.Status.SUCCESS); insertActivity("T2", "PROJECT_2", CeActivityDto.Status.FAILED); insertQueue("T3", "PROJECT_1", CeQueueDto.Status.IN_PROGRESS); @@ -130,7 +132,7 @@ public class ActivityActionTest { @Test public void filter_by_max_executed_at_exclude() { - userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); + globalAdmin(); insertActivity("T1", "PROJECT_1", CeActivityDto.Status.SUCCESS); insertActivity("T2", "PROJECT_2", CeActivityDto.Status.FAILED); insertQueue("T3", "PROJECT_1", CeQueueDto.Status.IN_PROGRESS); @@ -144,7 +146,7 @@ public class ActivityActionTest { @Test public void filter_by_max_executed_at_include_day_filled() { - userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); + globalAdmin(); insertActivity("T1", "PROJECT_1", CeActivityDto.Status.SUCCESS); String today = formatDate(new Date(EXECUTED_AT)); System.out.println(EXECUTED_AT + " - " + today); @@ -157,7 +159,7 @@ public class ActivityActionTest { @Test public void filter_on_current_activities() { - userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); + globalAdmin(); // T2 is the current activity (the most recent one) insertActivity("T1", "PROJECT_1", CeActivityDto.Status.SUCCESS); insertActivity("T2", "PROJECT_1", CeActivityDto.Status.FAILED); @@ -173,7 +175,7 @@ public class ActivityActionTest { @Test public void limit_results() { - userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); + globalAdmin(); insertActivity("T1", "PROJECT_1", CeActivityDto.Status.SUCCESS); insertActivity("T2", "PROJECT_2", CeActivityDto.Status.FAILED); insertQueue("T3", "PROJECT_1", CeQueueDto.Status.IN_PROGRESS); @@ -221,7 +223,7 @@ public class ActivityActionTest { componentDb.insertProjectAndSnapshot(eclipse); dbTester.commit(); componentDb.indexComponents(struts.getId(), zookeeper.getId(), eclipse.getId()); - userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); + globalAdmin(); insertActivity("T1", "P1", CeActivityDto.Status.SUCCESS); insertActivity("T2", "P2", CeActivityDto.Status.SUCCESS); insertActivity("T3", "P3", CeActivityDto.Status.SUCCESS); @@ -238,7 +240,7 @@ public class ActivityActionTest { componentDb.insertDeveloperAndSnapshot(developer); componentDb.insertViewAndSnapshot(apacheView); componentDb.indexComponents(developer.getId(), apacheView.getId()); - userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); + globalAdmin(); insertActivity("T1", "D1", CeActivityDto.Status.SUCCESS); insertActivity("T2", "V1", CeActivityDto.Status.SUCCESS); @@ -249,6 +251,7 @@ public class ActivityActionTest { @Test public void search_task_id_in_queue_ignoring_other_parameters() throws IOException { + globalAdmin(); insertQueue("T1", "PROJECT_1", CeQueueDto.Status.IN_PROGRESS); ActivityResponse result = call( @@ -262,6 +265,7 @@ public class ActivityActionTest { @Test public void search_task_id_in_activity() { + globalAdmin(); insertActivity("T1", "PROJECT_1", CeActivityDto.Status.SUCCESS); ActivityResponse result = call(ws.newRequest().setParam(Param.TEXT_QUERY, "T1")); @@ -270,6 +274,31 @@ public class ActivityActionTest { assertThat(result.getTasks(0).getId()).isEqualTo("T1"); } + @Test + public void search_task_id_as_project_admin() { + insertActivity("T1", "PROJECT_1", CeActivityDto.Status.SUCCESS); + userSession.login().addProjectUuidPermissions(UserRole.ADMIN, "PROJECT_1"); + + ActivityResponse result = call(ws.newRequest().setParam(Param.TEXT_QUERY, "T1")); + + assertThat(result.getTasksCount()).isEqualTo(1); + assertThat(result.getTasks(0).getId()).isEqualTo("T1"); + } + + @Test + public void search_task_by_component_uuid() { + insertQueue("T1", "PROJECT_1", CeQueueDto.Status.IN_PROGRESS); + insertActivity("T1", "PROJECT_1", CeActivityDto.Status.SUCCESS); + globalAdmin(); + + ActivityResponse result = call(ws.newRequest() + .setParam(PARAM_COMPONENT_ID, "PROJECT_1") + .setParam(PARAM_TYPE, CeTaskTypes.REPORT) + .setParam(PARAM_STATUS, "SUCCESS,FAILED,CANCELED,IN_PROGRESS,PENDING")); + + assertThat(result.getTasksCount()).isEqualTo(2); + } + @Test public void fail_if_both_filters_on_component_id_and_name() { expectedException.expect(BadRequestException.class); @@ -304,7 +333,7 @@ public class ActivityActionTest { @Test public void support_json_response() { - userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); + globalAdmin(); TestResponse wsResponse = ws.newRequest() .setMediaType(MediaTypes.JSON) .execute(); @@ -312,6 +341,10 @@ public class ActivityActionTest { JsonAssert.assertJson(wsResponse.getInput()).isSimilarTo("{\"tasks\":[]}"); } + private void globalAdmin() { + userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); + } + private CeQueueDto insertQueue(String taskUuid, String componentUuid, CeQueueDto.Status status) { CeQueueDto queueDto = new CeQueueDto(); queueDto.setTaskType(CeTaskTypes.REPORT); -- 2.39.5