From d08db62051ec8a9b09e2c3cf8176ff038e7c02f5 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Fri, 24 Jan 2014 16:22:29 +0100 Subject: [PATCH] SourcesShowWS : Check user has the code viewer role on the asks component --- .../org/sonar/server/platform/Platform.java | 2 + .../sonar/server/source/SourceService.java | 47 ++++++++++++++ .../source/ws/SourcesShowWsHandler.java | 10 +-- .../server/source/SourceServiceTest.java | 64 +++++++++++++++++++ .../source/ws/SourcesShowWsHandlerTest.java | 8 +-- 5 files changed, 122 insertions(+), 9 deletions(-) create mode 100644 sonar-server/src/main/java/org/sonar/server/source/SourceService.java create mode 100644 sonar-server/src/test/java/org/sonar/server/source/SourceServiceTest.java diff --git a/sonar-server/src/main/java/org/sonar/server/platform/Platform.java b/sonar-server/src/main/java/org/sonar/server/platform/Platform.java index 5f7b9af5e49..c11aa773ccf 100644 --- a/sonar-server/src/main/java/org/sonar/server/platform/Platform.java +++ b/sonar-server/src/main/java/org/sonar/server/platform/Platform.java @@ -100,6 +100,7 @@ import org.sonar.server.rule.*; import org.sonar.server.rule.ws.RuleShowWsHandler; import org.sonar.server.rule.ws.RuleTagsWs; import org.sonar.server.rule.ws.RulesWs; +import org.sonar.server.source.SourceService; import org.sonar.server.source.ws.SourcesShowWsHandler; import org.sonar.server.source.ws.SourcesWs; import org.sonar.server.startup.*; @@ -369,6 +370,7 @@ public final class Platform { // source servicesContainer.addSingleton(HtmlSourceDecorator.class); + servicesContainer.addSingleton(SourceService.class); servicesContainer.addSingleton(SourcesWs.class); servicesContainer.addSingleton(SourcesShowWsHandler.class); diff --git a/sonar-server/src/main/java/org/sonar/server/source/SourceService.java b/sonar-server/src/main/java/org/sonar/server/source/SourceService.java new file mode 100644 index 00000000000..061917472ca --- /dev/null +++ b/sonar-server/src/main/java/org/sonar/server/source/SourceService.java @@ -0,0 +1,47 @@ +/* + * SonarQube, open source software quality management tool. + * Copyright (C) 2008-2013 SonarSource + * mailto:contact AT sonarsource DOT com + * + * SonarQube is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * SonarQube is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +package org.sonar.server.source; + +import org.sonar.api.ServerComponent; +import org.sonar.api.web.UserRole; +import org.sonar.core.resource.ResourceDao; +import org.sonar.core.resource.ResourceDto; +import org.sonar.core.source.HtmlSourceDecorator; +import org.sonar.server.user.UserSession; + +import java.util.List; + +public class SourceService implements ServerComponent { + + private final HtmlSourceDecorator sourceDecorator; + private final ResourceDao resourceDao; + + public SourceService(HtmlSourceDecorator sourceDecorator, ResourceDao resourceDao) { + this.sourceDecorator = sourceDecorator; + this.resourceDao = resourceDao; + } + + public List sourcesFromComponent(String componentKey){ + ResourceDto project = resourceDao.getRootProjectByComponentKey(componentKey); + UserSession.get().checkProjectPermission(UserRole.CODEVIEWER, project.getKey()); + return sourceDecorator.getDecoratedSourceAsHtml(componentKey); + } +} diff --git a/sonar-server/src/main/java/org/sonar/server/source/ws/SourcesShowWsHandler.java b/sonar-server/src/main/java/org/sonar/server/source/ws/SourcesShowWsHandler.java index 470f35e1d11..3a52deb82cc 100644 --- a/sonar-server/src/main/java/org/sonar/server/source/ws/SourcesShowWsHandler.java +++ b/sonar-server/src/main/java/org/sonar/server/source/ws/SourcesShowWsHandler.java @@ -24,23 +24,23 @@ import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.RequestHandler; import org.sonar.api.server.ws.Response; import org.sonar.api.utils.text.JsonWriter; -import org.sonar.core.source.HtmlSourceDecorator; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.source.SourceService; import java.util.List; public class SourcesShowWsHandler implements RequestHandler { - private final HtmlSourceDecorator sourceDecorator; + private final SourceService sourceService; - public SourcesShowWsHandler(HtmlSourceDecorator sourceDecorator) { - this.sourceDecorator = sourceDecorator; + public SourcesShowWsHandler(SourceService sourceService) { + this.sourceService = sourceService; } @Override public void handle(Request request, Response response) { String componentKey = request.requiredParam("key"); - List sourceHtml = sourceDecorator.getDecoratedSourceAsHtml(componentKey); + List sourceHtml = sourceService.sourcesFromComponent(componentKey); if (sourceHtml == null) { throw new NotFoundException("Source code not found for : " + componentKey); } diff --git a/sonar-server/src/test/java/org/sonar/server/source/SourceServiceTest.java b/sonar-server/src/test/java/org/sonar/server/source/SourceServiceTest.java new file mode 100644 index 00000000000..ba489c1ba61 --- /dev/null +++ b/sonar-server/src/test/java/org/sonar/server/source/SourceServiceTest.java @@ -0,0 +1,64 @@ +/* + * SonarQube, open source software quality management tool. + * Copyright (C) 2008-2013 SonarSource + * mailto:contact AT sonarsource DOT com + * + * SonarQube is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * SonarQube is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +package org.sonar.server.source; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.runners.MockitoJUnitRunner; +import org.sonar.api.web.UserRole; +import org.sonar.core.resource.ResourceDao; +import org.sonar.core.resource.ResourceDto; +import org.sonar.core.source.HtmlSourceDecorator; +import org.sonar.server.user.MockUserSession; + +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +@RunWith(MockitoJUnitRunner.class) +public class SourceServiceTest { + + @Mock + HtmlSourceDecorator sourceDecorator; + + @Mock + ResourceDao resourceDao; + + SourceService service; + + @Before + public void setUp() throws Exception { + service = new SourceService(sourceDecorator, resourceDao); + } + + @Test + public void sources_from_component() throws Exception { + String projectKey = "org.sonar.sample"; + String componentKey = "org.sonar.sample:Sample"; + MockUserSession.set().addProjectPermissions(UserRole.CODEVIEWER, projectKey); + when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(projectKey)); + + service.sourcesFromComponent(componentKey); + + verify(sourceDecorator).getDecoratedSourceAsHtml(componentKey); + } +} diff --git a/sonar-server/src/test/java/org/sonar/server/source/ws/SourcesShowWsHandlerTest.java b/sonar-server/src/test/java/org/sonar/server/source/ws/SourcesShowWsHandlerTest.java index d2e36e87d42..ceb81b8fe5e 100644 --- a/sonar-server/src/test/java/org/sonar/server/source/ws/SourcesShowWsHandlerTest.java +++ b/sonar-server/src/test/java/org/sonar/server/source/ws/SourcesShowWsHandlerTest.java @@ -26,7 +26,7 @@ import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.runners.MockitoJUnitRunner; import org.sonar.api.server.ws.WsTester; -import org.sonar.core.source.HtmlSourceDecorator; +import org.sonar.server.source.SourceService; import static com.google.common.collect.Lists.newArrayList; import static org.mockito.Mockito.when; @@ -35,19 +35,19 @@ import static org.mockito.Mockito.when; public class SourcesShowWsHandlerTest { @Mock - HtmlSourceDecorator sourceDecorator; + SourceService sourceService; WsTester tester; @Before public void setUp() throws Exception { - tester = new WsTester(new SourcesWs(new SourcesShowWsHandler(sourceDecorator))); + tester = new WsTester(new SourcesWs(new SourcesShowWsHandler(sourceService))); } @Test public void show_source() throws Exception { String componentKey = "org.apache.struts:struts:Dispatcher"; - when(sourceDecorator.getDecoratedSourceAsHtml(componentKey)).thenReturn(newArrayList( + when(sourceService.sourcesFromComponent(componentKey)).thenReturn(newArrayList( "/*", " * Header", " */", -- 2.39.5