From cce9942fa4484c4bba79bf276c98a67943149f13 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Mon, 9 Jan 2017 16:20:32 +0100 Subject: [PATCH] SONAR-8236 Return secured settings when not authenticated but with scan permission --- .../ws/SettingsPermissionPredicates.java | 3 +- .../setting/ws/ListDefinitionsActionTest.java | 15 +++++++++ .../server/setting/ws/ValuesActionTest.java | 33 +++++++++++++++---- 3 files changed, 44 insertions(+), 7 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsPermissionPredicates.java b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsPermissionPredicates.java index ef4482efb6b..3319c49809f 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsPermissionPredicates.java +++ b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsPermissionPredicates.java @@ -29,6 +29,7 @@ import org.sonar.server.user.UserSession; import static org.sonar.api.PropertyType.LICENSE; import static org.sonar.api.web.UserRole.ADMIN; +import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; public class SettingsPermissionPredicates { @@ -52,7 +53,7 @@ public class SettingsPermissionPredicates { } boolean isVisible(String key, @Nullable PropertyDefinition definition, Optional component) { - return verifySecuredSetting(key, definition, component) && (verifyLicenseSetting(key, definition)); + return userSession.hasPermission(SCAN_EXECUTION) || (verifySecuredSetting(key, definition, component) && (verifyLicenseSetting(key, definition))); } private boolean verifySecuredSetting(String key, @Nullable PropertyDefinition definition, Optional component) { diff --git a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java index 077d9f09e58..ff77a301e52 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java @@ -54,6 +54,7 @@ import static org.sonar.api.resources.Qualifiers.PROJECT; import static org.sonar.api.web.UserRole.ADMIN; import static org.sonar.api.web.UserRole.CODEVIEWER; import static org.sonar.api.web.UserRole.USER; +import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonarqube.ws.MediaTypes.JSON; @@ -341,6 +342,20 @@ public class ListDefinitionsActionTest { assertThat(result.getDefinitionsList()).extracting(Settings.Definition::getKey).containsOnly("foo", "plugin.license.secured", "commercial.plugin"); } + @Test + public void return_secured_settings_when_not_authenticated_but_with_scan_permission() throws Exception { + userSession.setGlobalPermissions(SCAN_EXECUTION); + propertyDefinitions.addComponents(asList( + PropertyDefinition.builder("foo").build(), + PropertyDefinition.builder("secret.secured").build(), + PropertyDefinition.builder("plugin.license.secured").type(PropertyType.LICENSE).build(), + PropertyDefinition.builder("commercial.plugin").type(PropertyType.LICENSE).build())); + + ListDefinitionsWsResponse result = executeRequest(); + + assertThat(result.getDefinitionsList()).extracting(Settings.Definition::getKey).containsOnly("foo", "secret.secured", "plugin.license.secured", "commercial.plugin"); + } + @Test public void return_secured_and_license_settings_when_system_admin() throws Exception { setUserAsSystemAdmin(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java index 1207a090542..aa2136297a8 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java @@ -56,6 +56,7 @@ import static org.sonar.api.PropertyType.LICENSE; import static org.sonar.api.web.UserRole.ADMIN; import static org.sonar.api.web.UserRole.CODEVIEWER; import static org.sonar.api.web.UserRole.USER; +import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newModuleDto; import static org.sonar.db.component.ComponentTesting.newProjectDto; @@ -465,7 +466,7 @@ public class ValuesActionTest { newGlobalPropertyDto().setKey("commercial.plugin").setValue("ABCD"), newGlobalPropertyDto().setKey("plugin.license.secured").setValue("ABCD")); - ValuesWsResponse result = executeRequestForGlobalProperties("foo", "secret.secured", "commercial.plugin", "plugin.license.secured"); + ValuesWsResponse result = executeRequestForGlobalProperties(); assertThat(result.getSettingsList()).extracting(Settings.Setting::getKey).containsOnly("foo"); } @@ -482,7 +483,7 @@ public class ValuesActionTest { .build()); propertyDb.insertPropertySet("foo", null, ImmutableMap.of("key", "key1", "plugin.license.secured", "ABCD", "secret.secured", "123456")); - ValuesWsResponse result = executeRequestForGlobalProperties("foo"); + ValuesWsResponse result = executeRequestForGlobalProperties(); assertFieldValues(result.getSettings(0), ImmutableMap.of("key", "key1")); } @@ -502,11 +503,31 @@ public class ValuesActionTest { newGlobalPropertyDto().setKey("plugin.license.secured").setValue("ABCD"), newGlobalPropertyDto().setKey("plugin.licenseHash.secured").setValue("987654321")); - ValuesWsResponse result = executeRequestForGlobalProperties("foo", "secret.secured", "commercial.plugin", "plugin.license.secured", "plugin.licenseHash.secured"); + ValuesWsResponse result = executeRequestForGlobalProperties(); assertThat(result.getSettingsList()).extracting(Settings.Setting::getKey).containsOnly("foo", "commercial.plugin", "plugin.license.secured", "plugin.licenseHash.secured"); } + @Test + public void return_secured_settings_when_not_authenticated_but_with_scan_permission() throws Exception { + userSession.setGlobalPermissions(SCAN_EXECUTION); + definitions.addComponents(asList( + PropertyDefinition.builder("foo").build(), + PropertyDefinition.builder("secret.secured").build(), + PropertyDefinition.builder("commercial.plugin").type(LICENSE).build(), + PropertyDefinition.builder("plugin.license.secured").type(LICENSE).build())); + propertyDb.insertProperties( + newGlobalPropertyDto().setKey("foo").setValue("one"), + newGlobalPropertyDto().setKey("secret.secured").setValue("password"), + newGlobalPropertyDto().setKey("commercial.plugin").setValue("ABCD"), + newGlobalPropertyDto().setKey("plugin.license.secured").setValue("ABCD"), + newGlobalPropertyDto().setKey("plugin.licenseHash.secured").setValue("987654321")); + + ValuesWsResponse result = executeRequestForGlobalProperties(); + + assertThat(result.getSettingsList()).extracting(Settings.Setting::getKey).containsOnly("foo", "secret.secured", "commercial.plugin", "plugin.license.secured", "plugin.licenseHash.secured"); + } + @Test public void return_secured_and_license_settings_when_system_admin() throws Exception { setUserAsSystemAdmin(); @@ -520,7 +541,7 @@ public class ValuesActionTest { newGlobalPropertyDto().setKey("plugin.license.secured").setValue("ABCD"), newGlobalPropertyDto().setKey("plugin.licenseHash.secured").setValue("987654321")); - ValuesWsResponse result = executeRequestForGlobalProperties("foo", "secret.secured", "plugin.license.secured", "plugin.licenseHash.secured"); + ValuesWsResponse result = executeRequestForGlobalProperties(); assertThat(result.getSettingsList()).extracting(Settings.Setting::getKey).containsOnly("foo", "secret.secured", "plugin.license.secured", "plugin.licenseHash.secured"); } @@ -538,7 +559,7 @@ public class ValuesActionTest { newComponentPropertyDto(project).setKey("plugin.license.secured").setValue("ABCD"), newComponentPropertyDto(project).setKey("plugin.licenseHash.secured").setValue("987654321")); - ValuesWsResponse result = executeRequestForProjectProperties("foo", "secret.secured", "plugin.license.secured", "plugin.licenseHash.secured"); + ValuesWsResponse result = executeRequestForProjectProperties(); assertThat(result.getSettingsList()).extracting(Settings.Setting::getKey).containsOnly("foo", "secret.secured", "plugin.license.secured", "plugin.licenseHash.secured"); } @@ -556,7 +577,7 @@ public class ValuesActionTest { .build()); propertyDb.insertPropertySet("foo", null, ImmutableMap.of("key", "key1", "plugin.license.secured", "ABCD", "secret.secured", "123456")); - ValuesWsResponse result = executeRequestForGlobalProperties("foo"); + ValuesWsResponse result = executeRequestForGlobalProperties(); assertFieldValues(result.getSettings(0), ImmutableMap.of("key", "key1", "plugin.license.secured", "ABCD", "secret.secured", "123456")); } -- 2.39.5