From d625a4618bc5554db3f7e1296a88f89610610d0a Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Mon, 28 Sep 2015 10:03:51 +0200 Subject: [PATCH] SONAR-6851 apply default permissions to new provisioned projects --- .../org/sonar/server/computation/ReportSubmitter.java | 6 +++++- .../org/sonar/server/permission/PermissionService.java | 8 ++++++-- .../sonar/server/computation/ReportSubmitterTest.java | 9 +++++++-- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/ReportSubmitter.java b/server/sonar-server/src/main/java/org/sonar/server/computation/ReportSubmitter.java index bae1073871c..0a564abb0cd 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/ReportSubmitter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/ReportSubmitter.java @@ -30,6 +30,7 @@ import org.sonar.db.ce.CeTaskTypes; import org.sonar.db.component.ComponentDto; import org.sonar.server.component.ComponentService; import org.sonar.server.component.NewComponent; +import org.sonar.server.permission.PermissionService; import org.sonar.server.user.UserSession; @ServerSide @@ -39,13 +40,15 @@ public class ReportSubmitter { private final UserSession userSession; private final ReportFiles reportFiles; private final ComponentService componentService; + private final PermissionService permissionService; public ReportSubmitter(CeQueue queue, UserSession userSession, ReportFiles reportFiles, - ComponentService componentService) { + ComponentService componentService, PermissionService permissionService) { this.queue = queue; this.userSession = userSession; this.reportFiles = reportFiles; this.componentService = componentService; + this.permissionService = permissionService; } public CeTask submit(String projectKey, @Nullable String projectBranch, @Nullable String projectName, InputStream reportInput) { @@ -60,6 +63,7 @@ public class ReportSubmitter { newProject.setQualifier(Qualifiers.PROJECT); // no need to verify the permission "provisioning" as it's already handled by componentService project = componentService.create(newProject); + permissionService.applyDefaultPermissionTemplate(project.getKey()); } // the report file must be saved before submitting the task diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java index 4849b402f01..ba3fca56e4e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java @@ -143,9 +143,10 @@ public class PermissionService { } } + /** + * Important - this method checks caller permissions + */ public void applyDefaultPermissionTemplate(final String componentKey) { - userSession.checkLoggedIn(); - DbSession session = dbClient.openSession(false); try { ComponentDto component = componentFinder.getByKey(session, componentKey); @@ -172,6 +173,9 @@ public class PermissionService { applyPermissionTemplate(query); } + /** + * Important - this method checks caller permissions + */ public void applyPermissionTemplate(ApplyPermissionTemplateQuery query) { DbSession dbSession = dbClient.openSession(false); try { diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/ReportSubmitterTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/ReportSubmitterTest.java index 4151a532fb1..6abbf2a15ae 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/computation/ReportSubmitterTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/computation/ReportSubmitterTest.java @@ -29,12 +29,14 @@ import org.sonar.db.ce.CeTaskTypes; import org.sonar.db.component.ComponentDto; import org.sonar.server.component.ComponentService; import org.sonar.server.component.NewComponent; +import org.sonar.server.permission.PermissionService; import org.sonar.server.tester.UserSessionRule; import static org.mockito.Matchers.any; import static org.mockito.Matchers.argThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.verifyZeroInteractions; import static org.mockito.Mockito.when; public class ReportSubmitterTest { @@ -45,7 +47,8 @@ public class ReportSubmitterTest { CeQueue queue = mock(CeQueueImpl.class); ReportFiles reportFiles = mock(ReportFiles.class); ComponentService componentService = mock(ComponentService.class); - ReportSubmitter underTest = new ReportSubmitter(queue, userSession, reportFiles, componentService); + PermissionService permissionService = mock(PermissionService.class); + ReportSubmitter underTest = new ReportSubmitter(queue, userSession, reportFiles, componentService, permissionService); @Test public void submit_a_report_on_existing_project() { @@ -55,6 +58,7 @@ public class ReportSubmitterTest { underTest.submit("MY_PROJECT", null, "My Project", IOUtils.toInputStream("{binary}")); + verifyZeroInteractions(permissionService); verify(queue).submit(argThat(new TypeSafeMatcher() { @Override protected boolean matchesSafely(CeTaskSubmit submit) { @@ -74,10 +78,11 @@ public class ReportSubmitterTest { when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder("TASK_1")); userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.PROVISIONING); when(componentService.getNullableByKey("MY_PROJECT")).thenReturn(null); - when(componentService.create(any(NewComponent.class))).thenReturn(new ComponentDto().setUuid("P1")); + when(componentService.create(any(NewComponent.class))).thenReturn(new ComponentDto().setUuid("P1").setKey("MY_PROJECT")); underTest.submit("MY_PROJECT", null, "My Project", IOUtils.toInputStream("{binary}")); + verify(permissionService).applyDefaultPermissionTemplate("MY_PROJECT"); verify(queue).submit(argThat(new TypeSafeMatcher() { @Override protected boolean matchesSafely(CeTaskSubmit submit) { -- 2.39.5