From d5f2c202c03e01ca640dae227a3bff74d9b657f1 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Sun, 19 Feb 2017 15:35:26 +0100 Subject: [PATCH] Support new enum OrganizationPermission in UserSession --- .../java/org/sonar/ce/user/CeUserSession.java | 23 ++++++++ .../computation/queue/ReportSubmitter.java | 4 +- .../permission/OrganizationPermission.java | 53 +++++++++++++++++++ .../permission/PermissionTemplateService.java | 11 ++-- .../server/user/AbstractUserSession.java | 30 +++++++++-- .../org/sonar/server/user/DoPrivileged.java | 3 +- .../sonar/server/user/ServerUserSession.java | 19 ++++--- .../server/user/ThreadLocalUserSession.java | 24 +++++++++ .../org/sonar/server/user/UserSession.java | 25 +++++++-- .../queue/ReportSubmitterTest.java | 8 ++- .../PermissionTemplateServiceTest.java | 29 ++++------ .../tester/AbstractMockUserSession.java | 7 +-- .../sonar/server/tester/UserSessionRule.java | 23 ++++++++ .../server/user/TestUserSessionFactory.java | 3 +- 14 files changed, 210 insertions(+), 52 deletions(-) create mode 100644 server/sonar-server/src/main/java/org/sonar/server/permission/OrganizationPermission.java diff --git a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java index a73959432ac..9ef58ff8d96 100644 --- a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java +++ b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java @@ -21,7 +21,9 @@ package org.sonar.ce.user; import java.util.Collection; import org.sonar.db.component.ComponentDto; +import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; /** @@ -68,16 +70,37 @@ public class CeUserSession implements UserSession { public UserSession checkLoggedIn() { throw notImplemented(); } + + @Override + public boolean hasPermission(OrganizationPermission permission, String organizationUuid) { + throw notImplemented(); + } + + @Override + public UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { + throw notImplemented(); + } + @Override public boolean hasOrganizationPermission(String organizationUuid, String permission) { throw notImplemented(); } + @Override + public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { + throw notImplemented(); + } + @Override public UserSession checkOrganizationPermission(String organizationUuid, String permission) { throw notImplemented(); } + @Override + public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { + throw notImplemented(); + } + @Override public UserSession checkComponentPermission(String projectPermission, ComponentDto component) { throw notImplemented(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java index 3617da10db1..d0a4679963b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java @@ -110,8 +110,8 @@ public class ReportSubmitter { userSession.checkOrganizationPermission(organizationUuid, PROVISIONING); Integer userId = userSession.getUserId(); - boolean wouldCurrentUserHaveScanPermission = permissionTemplateService.wouldUserHavePermissionWithDefaultTemplate( - dbSession, organizationUuid, userId, SCAN_EXECUTION, projectBranch, projectKey, Qualifiers.PROJECT); + boolean wouldCurrentUserHaveScanPermission = permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate( + dbSession, organizationUuid, userId, projectBranch, projectKey, Qualifiers.PROJECT); if (!wouldCurrentUserHaveScanPermission) { throw insufficientPrivilegesException(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/OrganizationPermission.java b/server/sonar-server/src/main/java/org/sonar/server/permission/OrganizationPermission.java new file mode 100644 index 00000000000..37aaf0df6c0 --- /dev/null +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/OrganizationPermission.java @@ -0,0 +1,53 @@ +/* + * SonarQube + * Copyright (C) 2009-2017 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.permission; + +public enum OrganizationPermission { + + ADMINISTER("admin"), + ADMINISTER_QUALITY_GATES("gateadmin"), + ADMINISTER_QUALITY_PROFILES("profileadmin"), + PROVISION_PROJECTS("provisioning"), + SCAN("scan"); + + private final String key; + + OrganizationPermission(String key) { + this.key = key; + } + + public String getKey() { + return key; + } + + @Override + public String toString() { + return key; + } + + public static OrganizationPermission fromKey(String key) { + for (OrganizationPermission p : values()) { + if (p.getKey().equals(key)) { + return p; + } + } + throw new IllegalArgumentException("Unsupported permission: " + key); + } +} diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java index a8c51c35f53..297c79dd270 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java @@ -69,10 +69,11 @@ public class PermissionTemplateService { this.defaultTemplatesResolver = defaultTemplatesResolver; } - public boolean wouldUserHavePermissionWithDefaultTemplate(DbSession dbSession, - String organizationUuid, @Nullable Integer userId, String globalPermission, @Nullable String branch, String projectKey, - String qualifier) { - if (userSession.hasOrganizationPermission(organizationUuid, globalPermission)) { + public boolean wouldUserHaveScanPermissionWithDefaultTemplate(DbSession dbSession, + String organizationUuid, @Nullable Integer userId, + @Nullable String branch, String projectKey, + String qualifier) { + if (userSession.hasPermission(OrganizationPermission.SCAN, organizationUuid)) { return true; } @@ -84,7 +85,7 @@ public class PermissionTemplateService { } List potentialPermissions = dbClient.permissionTemplateDao().selectPotentialPermissionsByUserIdAndTemplateId(dbSession, userId, template.getId()); - return potentialPermissions.contains(globalPermission); + return potentialPermissions.contains(OrganizationPermission.SCAN.getKey()); } /** diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java index 6b445cdfec4..afd2ee8b80c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java @@ -21,8 +21,10 @@ package org.sonar.server.user; import java.util.Optional; import org.sonar.db.component.ComponentDto; +import org.sonar.db.organization.OrganizationDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; +import org.sonar.server.permission.OrganizationPermission; public abstract class AbstractUserSession implements UserSession { private static final String INSUFFICIENT_PRIVILEGES_MESSAGE = "Insufficient privileges"; @@ -39,19 +41,39 @@ public abstract class AbstractUserSession implements UserSession { @Override public final boolean hasOrganizationPermission(String organizationUuid, String permission) { - return isRoot() || hasOrganizationPermissionImpl(organizationUuid, permission); + return hasPermission(OrganizationPermission.fromKey(permission), organizationUuid); } - protected abstract boolean hasOrganizationPermissionImpl(String organizationUuid, String permission); + @Override + public final boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { + return hasPermission(permission, organization.getUuid()); + } @Override - public final UserSession checkOrganizationPermission(String organizationUuid, String permission) { - if (!hasOrganizationPermission(organizationUuid, permission)) { + public final boolean hasPermission(OrganizationPermission permission, String organizationUuid) { + return isRoot() || hasPermissionImpl(permission, organizationUuid); + } + + @Override + public final UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { + return checkPermission(permission, organization.getUuid()); + } + + @Override + public final UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { + if (!hasPermission(permission, organizationUuid)) { throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); } return this; } + @Override + public final UserSession checkOrganizationPermission(String organizationUuid, String permission) { + return checkPermission(OrganizationPermission.fromKey(permission), organizationUuid); + } + + protected abstract boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid); + @Override public final boolean hasComponentPermission(String permission, ComponentDto component) { return isRoot() || hasProjectUuidPermission(permission, component.projectUuid()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java index f485c6e95f9..ab3f94a7636 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java @@ -24,6 +24,7 @@ import java.util.Collections; import java.util.Optional; import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.user.GroupDto; +import org.sonar.server.permission.OrganizationPermission; /** * Allow code to be executed with the highest privileges possible, as if executed by a {@link GlobalPermissions#SYSTEM_ADMIN} account. @@ -97,7 +98,7 @@ public final class DoPrivileged { } @Override - protected boolean hasOrganizationPermissionImpl(String organizationUuid, String permission) { + protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { return true; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java index 5804d580704..262e5c72996 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java @@ -30,6 +30,7 @@ import java.util.Set; import javax.annotation.CheckForNull; import javax.annotation.Nullable; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.core.util.stream.Collectors; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -37,6 +38,7 @@ import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.organization.OrganizationFlags; +import org.sonar.server.permission.OrganizationPermission; import static com.google.common.collect.Maps.newHashMap; @@ -52,7 +54,7 @@ public class ServerUserSession extends AbstractUserSession { private final Supplier> groups = Suppliers.memoize(this::loadGroups); private final Supplier isSystemAdministratorSupplier = Suppliers.memoize(this::loadIsSystemAdministrator); private final Map projectUuidByComponentUuid = newHashMap(); - private Map> permissionsByOrganizationUuid; + private Map> permissionsByOrganizationUuid; private Map> permissionsByProjectUuid; ServerUserSession(DbClient dbClient, OrganizationFlags organizationFlags, @@ -106,21 +108,26 @@ public class ServerUserSession extends AbstractUserSession { } @Override - protected boolean hasOrganizationPermissionImpl(String organizationUuid, String permission) { + protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { if (permissionsByOrganizationUuid == null) { permissionsByOrganizationUuid = new HashMap<>(); } - Set permissions = permissionsByOrganizationUuid.computeIfAbsent(organizationUuid, this::loadOrganizationPermissions); + Set permissions = permissionsByOrganizationUuid.computeIfAbsent(organizationUuid, this::loadOrganizationPermissions); return permissions.contains(permission); } - private Set loadOrganizationPermissions(String organizationUuid) { + private Set loadOrganizationPermissions(String organizationUuid) { + Set permissionKeys; try (DbSession dbSession = dbClient.openSession(false)) { if (userDto != null && userDto.getId() != null) { - return dbClient.authorizationDao().selectOrganizationPermissions(dbSession, organizationUuid, userDto.getId()); + permissionKeys = dbClient.authorizationDao().selectOrganizationPermissions(dbSession, organizationUuid, userDto.getId()); + } else { + permissionKeys = dbClient.authorizationDao().selectOrganizationPermissionsOfAnonymous(dbSession, organizationUuid); } - return dbClient.authorizationDao().selectOrganizationPermissionsOfAnonymous(dbSession, organizationUuid); } + return permissionKeys.stream() + .map(OrganizationPermission::fromKey) + .collect(Collectors.toSet(permissionKeys.size())); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java index 66de0e4c960..6fce68f3f6f 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java @@ -22,8 +22,10 @@ package org.sonar.server.user; import java.util.Collection; import javax.annotation.CheckForNull; import org.sonar.db.component.ComponentDto; +import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.server.exceptions.UnauthorizedException; +import org.sonar.server.permission.OrganizationPermission; /** * Part of the current HTTP session @@ -91,6 +93,17 @@ public class ThreadLocalUserSession implements UserSession { return this; } + @Override + public boolean hasPermission(OrganizationPermission permission, String organizationUuid) { + return get().hasPermission(permission, organizationUuid); + } + + @Override + public UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { + get().checkPermission(permission, organizationUuid); + return this; + } + @Override public UserSession checkComponentPermission(String projectPermission, ComponentDto component) { get().checkComponentPermission(projectPermission, component); @@ -130,8 +143,19 @@ public class ThreadLocalUserSession implements UserSession { return this; } + @Override + public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { + get().checkPermission(permission, organization); + return this; + } + @Override public boolean hasOrganizationPermission(String organizationUuid, String permission) { return get().hasOrganizationPermission(organizationUuid, permission); } + + @Override + public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { + return get().hasPermission(permission, organization); + } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java index 243821ed0fe..163185312dc 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java @@ -22,7 +22,9 @@ package org.sonar.server.user; import java.util.Collection; import javax.annotation.CheckForNull; import org.sonar.db.component.ComponentDto; +import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; +import org.sonar.server.permission.OrganizationPermission; public interface UserSession { @@ -76,16 +78,29 @@ public interface UserSession { * * Always returns {@code true} if {@link #isRoot()} is {@code true}, even if * organization does not exist. - * - * @param organizationUuid non-null UUID of organization. - * @param permission global permission as defined by {@link org.sonar.core.permission.GlobalPermissions} */ - boolean hasOrganizationPermission(String organizationUuid, String permission); + boolean hasPermission(OrganizationPermission permission, OrganizationDto organization); + + boolean hasPermission(OrganizationPermission permission, String organizationUuid); /** - * Ensures that {@link #hasOrganizationPermission(String,String)} is {@code true}, + * Ensures that {@link #hasPermission(OrganizationPermission, OrganizationDto)} is {@code true}, * otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. */ + UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization); + + UserSession checkPermission(OrganizationPermission permission, String organizationUuid); + + /** + * @deprecated use #hasPermission(OrganizationPermission, String) + */ + @Deprecated + boolean hasOrganizationPermission(String organizationUuid, String permission); + + /** + * @deprecated #checkPermission(OrganizationPermission, String) + */ + @Deprecated UserSession checkOrganizationPermission(String organizationUuid, String permission); /** diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java index bc781583e29..4c3155aa7d2 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java @@ -142,7 +142,7 @@ public class ReportSubmitterTest { mockSuccessfulPrepareSubmitCall(); ComponentDto createdProject = newProjectDto(organization, PROJECT_UUID).setKey(PROJECT_KEY); when(componentUpdater.create(any(DbSession.class), any(NewComponent.class), eq(null))).thenReturn(createdProject); - when(permissionTemplateService.wouldUserHavePermissionWithDefaultTemplate(any(DbSession.class), eq(organization.getUuid()), anyInt(), eq(SCAN_EXECUTION), anyString(), + when(permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(DbSession.class), eq(organization.getUuid()), anyInt(), anyString(), eq(PROJECT_KEY), eq(Qualifiers.PROJECT))) .thenReturn(true); when(permissionTemplateService.hasDefaultTemplateWithPermissionOnProjectCreator(any(DbSession.class), eq(organization.getUuid()), any(ComponentDto.class))).thenReturn(true); @@ -170,11 +170,10 @@ public class ReportSubmitterTest { .addProjectUuidPermissions(SCAN_EXECUTION, PROJECT_UUID) .addOrganizationPermission(db.getDefaultOrganization(), PROVISIONING); - mockSuccessfulPrepareSubmitCall(); ComponentDto createdProject = newProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setKey(PROJECT_KEY); when(componentUpdater.create(any(DbSession.class), any(NewComponent.class), eq(null))).thenReturn(createdProject); - when(permissionTemplateService.wouldUserHavePermissionWithDefaultTemplate(any(DbSession.class), eq(defaultOrganizationUuid), anyInt(), eq(SCAN_EXECUTION), anyString(), + when(permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(DbSession.class), eq(defaultOrganizationUuid), anyInt(), anyString(), eq(PROJECT_KEY), eq(Qualifiers.PROJECT))) .thenReturn(true); when(permissionTemplateService.hasDefaultTemplateWithPermissionOnProjectCreator(any(DbSession.class), eq(defaultOrganizationUuid), any(ComponentDto.class))).thenReturn(false); @@ -193,7 +192,7 @@ public class ReportSubmitterTest { mockSuccessfulPrepareSubmitCall(); ComponentDto project = newProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setKey(PROJECT_KEY); when(componentUpdater.create(any(DbSession.class), any(NewComponent.class), eq(null))).thenReturn(project); - when(permissionTemplateService.wouldUserHavePermissionWithDefaultTemplate(any(DbSession.class), eq(defaultOrganizationUuid), anyInt(), eq(SCAN_EXECUTION), anyString(), + when(permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(DbSession.class), eq(defaultOrganizationUuid), anyInt(), anyString(), eq(PROJECT_KEY), eq(Qualifiers.PROJECT))) .thenReturn(true); @@ -257,7 +256,6 @@ public class ReportSubmitterTest { String branchName = "branchFoo"; ComponentDto branchProject = db.components().insertProject(p -> p.setKey(mainProject.getKey() + ":" + branchName)); - thrown.expect(ForbiddenException.class); underTest.submit(defaultOrganizationKey, mainProject.key(), branchName, PROJECT_NAME, IOUtils.toInputStream("{binary}")); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java index 8878364935d..c6052c3eec0 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java @@ -24,8 +24,6 @@ import javax.annotation.Nullable; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; -import org.sonar.api.config.MapSettings; -import org.sonar.api.config.Settings; import org.sonar.api.resources.Qualifiers; import org.sonar.api.utils.internal.AlwaysIncreasingSystem2; import org.sonar.api.web.UserRole; @@ -58,7 +56,6 @@ public class PermissionTemplateServiceTest { private UserSessionRule userSession = UserSessionRule.standalone(); private PermissionTemplateDbTester templateDb = dbTester.permissionTemplates(); private DbSession session = dbTester.getSession(); - private Settings settings = new MapSettings(); private PermissionIndexer permissionIndexer = mock(PermissionIndexer.class); private PermissionTemplateService underTest = new PermissionTemplateService(dbTester.getDbClient(), permissionIndexer, userSession, defaultTemplatesResolver); @@ -107,7 +104,7 @@ public class PermissionTemplateServiceTest { } @Test - public void would_user_have_permission_with_default_permission_template() { + public void would_user_have_scan_permission_with_default_permission_template() { OrganizationDto organization = dbTester.organizations().insert(); UserDto user = dbTester.users().insertUser(); GroupDto group = dbTester.users().insertGroup(organization); @@ -120,37 +117,29 @@ public class PermissionTemplateServiceTest { templateDb.addGroupToTemplate(template.getId(), null, UserRole.ISSUE_ADMIN); // authenticated user - checkWouldUserHavePermission(organization, user.getId(), UserRole.ADMIN, false); - checkWouldUserHavePermission(organization, user.getId(), SCAN_EXECUTION, true); - checkWouldUserHavePermission(organization, user.getId(), UserRole.USER, true); - checkWouldUserHavePermission(organization, user.getId(), UserRole.CODEVIEWER, true); - checkWouldUserHavePermission(organization, user.getId(), UserRole.ISSUE_ADMIN, true); + checkWouldUserHaveScanPermission(organization, user.getId(), true); // anonymous user - checkWouldUserHavePermission(organization, null, UserRole.ADMIN, false); - checkWouldUserHavePermission(organization, null, SCAN_EXECUTION, false); - checkWouldUserHavePermission(organization, null, UserRole.USER, false); - checkWouldUserHavePermission(organization, null, UserRole.CODEVIEWER, false); - checkWouldUserHavePermission(organization, null, UserRole.ISSUE_ADMIN, true); + checkWouldUserHaveScanPermission(organization, null, false); } @Test - public void would_user_have_permission_with_unknown_default_permission_template() { + public void would_user_have_scan_permission_with_unknown_default_permission_template() { dbTester.organizations().setDefaultTemplates(dbTester.getDefaultOrganization(), "UNKNOWN_TEMPLATE_UUID", null); - checkWouldUserHavePermission(dbTester.getDefaultOrganization(), null, UserRole.ADMIN, false); + checkWouldUserHaveScanPermission(dbTester.getDefaultOrganization(), null, false); } @Test - public void would_user_have_permission_with_empty_template() { + public void would_user_have_scann_permission_with_empty_template() { PermissionTemplateDto template = templateDb.insertTemplate(dbTester.getDefaultOrganization()); dbTester.organizations().setDefaultTemplates(template, null); - checkWouldUserHavePermission(dbTester.getDefaultOrganization(), null, UserRole.ADMIN, false); + checkWouldUserHaveScanPermission(dbTester.getDefaultOrganization(), null, false); } - private void checkWouldUserHavePermission(OrganizationDto organization, @Nullable Integer userId, String permission, boolean expectedResult) { - assertThat(underTest.wouldUserHavePermissionWithDefaultTemplate(session, organization.getUuid(), userId, permission, null, "PROJECT_KEY", Qualifiers.PROJECT)) + private void checkWouldUserHaveScanPermission(OrganizationDto organization, @Nullable Integer userId, boolean expectedResult) { + assertThat(underTest.wouldUserHaveScanPermissionWithDefaultTemplate(session, organization.getUuid(), userId, null, "PROJECT_KEY", Qualifiers.PROJECT)) .isEqualTo(expectedResult); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java b/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java index 20e4b2ef9bf..2371ce51a85 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java @@ -23,6 +23,7 @@ import com.google.common.collect.HashMultimap; import java.util.List; import java.util.Map; import java.util.Optional; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.AbstractUserSession; import static com.google.common.collect.Lists.newArrayList; @@ -31,7 +32,7 @@ import static com.google.common.collect.Maps.newHashMap; public abstract class AbstractMockUserSession extends AbstractUserSession { private final Class clazz; private HashMultimap projectUuidByPermission = HashMultimap.create(); - private HashMultimap permissionsByOrganizationUuid = HashMultimap.create(); + private final HashMultimap permissionsByOrganizationUuid = HashMultimap.create(); private Map projectUuidByComponentUuid = newHashMap(); private List projectPermissionsCheckedByUuid = newArrayList(); private boolean systemAdministrator = false; @@ -56,7 +57,7 @@ public abstract class AbstractMockUserSession } @Override - protected boolean hasOrganizationPermissionImpl(String organizationUuid, String permission) { + protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { return permissionsByOrganizationUuid.get(organizationUuid).contains(permission); } @@ -71,7 +72,7 @@ public abstract class AbstractMockUserSession } public T addOrganizationPermission(String organizationUuid, String permission) { - permissionsByOrganizationUuid.put(organizationUuid, permission); + permissionsByOrganizationUuid.put(organizationUuid, OrganizationPermission.fromKey(permission)); return clazz.cast(this); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java index 13e76f9bdab..9411379652f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java @@ -30,6 +30,7 @@ import org.sonar.db.component.ComponentDto; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.ThreadLocalUserSession; import org.sonar.server.user.UserSession; @@ -291,11 +292,27 @@ public class UserSessionRule implements TestRule, UserSession { return this; } + @Override + public boolean hasPermission(OrganizationPermission permission, String organizationUuid) { + return currentUserSession.hasPermission(permission, organizationUuid); + } + + @Override + public UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { + currentUserSession.checkPermission(permission, organizationUuid); + return this; + } + @Override public boolean hasOrganizationPermission(String organizationUuid, String permission) { return currentUserSession.hasOrganizationPermission(organizationUuid, permission); } + @Override + public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { + return currentUserSession.hasPermission(permission, organization); + } + @Override public UserSession checkComponentPermission(String projectPermission, ComponentDto component) { currentUserSession.checkComponentPermission(projectPermission, component); @@ -324,4 +341,10 @@ public class UserSessionRule implements TestRule, UserSession { currentUserSession.checkOrganizationPermission(organizationUuid, permission); return this; } + + @Override + public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { + currentUserSession.checkPermission(permission, organization); + return this; + } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/TestUserSessionFactory.java b/server/sonar-server/src/test/java/org/sonar/server/user/TestUserSessionFactory.java index fe05f3dd5de..07617b7112d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/TestUserSessionFactory.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/TestUserSessionFactory.java @@ -24,6 +24,7 @@ import java.util.Optional; import javax.annotation.Nullable; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; +import org.sonar.server.permission.OrganizationPermission; import static java.util.Objects.requireNonNull; @@ -91,7 +92,7 @@ public class TestUserSessionFactory implements UserSessionFactory { } @Override - protected boolean hasOrganizationPermissionImpl(String organizationUuid, String permission) { + protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { throw notImplemented(); } -- 2.39.5