From d6d5e58a17417d83686495c45de6465b38647765 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Fri, 14 Oct 2016 10:01:30 +0200 Subject: [PATCH] SONAR-8134 support of orgs in PermissionPrivilegeChecker --- .../PermissionPrivilegeChecker.java | 21 ++++++++++++++++++- .../server/permission/ws/AddGroupAction.java | 4 ++-- .../server/permission/ws/AddUserAction.java | 4 ++-- .../server/permission/ws/GroupsAction.java | 4 ++-- .../permission/ws/RemoveGroupAction.java | 4 ++-- .../permission/ws/RemoveUserAction.java | 4 ++-- .../ws/SearchProjectPermissionsAction.java | 6 +++--- .../server/permission/ws/UsersAction.java | 4 ++-- 8 files changed, 35 insertions(+), 16 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java index f470a7c590c..b46d31f8399 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java @@ -43,7 +43,26 @@ public class PermissionPrivilegeChecker { } } - public static void checkAdministrationPermission(UserSession userSession, Optional projectId) { + /** + * Checks that user is administrator of the specified project, or of the specified organization if project is not + * defined. + * @throws org.sonar.server.exceptions.ForbiddenException if user is not administrator + */ + public static void checkProjectAdmin(UserSession userSession, String organizationUuid, Optional projectId) { + userSession.checkLoggedIn(); + if (!projectId.isPresent() || !userSession.hasComponentUuidPermission(UserRole.ADMIN, projectId.get().getUuid())) { + userSession.checkOrganizationPermission(organizationUuid, GlobalPermissions.SYSTEM_ADMIN); + } + } + + /** + * Checks that user is administrator of the specified project, or of system if project is not + * defined. + * @throws org.sonar.server.exceptions.ForbiddenException if user is not administrator + * @deprecated does not support organizations. Replaced by {@link #checkProjectAdmin(UserSession, String, Optional)} + */ + @Deprecated + public static void checkProjectAdmin(UserSession userSession, Optional projectId) { userSession.checkLoggedIn(); if (!projectId.isPresent() || !userSession.hasComponentUuidPermission(UserRole.ADMIN, projectId.get().getUuid())) { userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java index faec9a17056..8fe71b5e4d3 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java @@ -33,7 +33,7 @@ import org.sonar.server.user.UserSession; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static java.util.Arrays.asList; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkAdministratorOfProjectOrOrganization; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; @@ -79,7 +79,7 @@ public class AddGroupAction implements PermissionsWsAction { GroupIdOrAnyone group = support.findGroup(dbSession, request); Optional projectId = support.findProject(dbSession, request); - checkAdministratorOfProjectOrOrganization(userSession, group.getOrganizationUuid(), projectId); + checkProjectAdmin(userSession, group.getOrganizationUuid(), projectId); PermissionChange change = new GroupPermissionChange( PermissionChange.Operation.ADD, diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java index d6155c7b5a4..08325de06da 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java @@ -34,7 +34,7 @@ import org.sonar.server.permission.UserPermissionChange; import org.sonar.server.user.UserSession; import static java.util.Arrays.asList; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkAdministratorOfProjectOrOrganization; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; @@ -82,7 +82,7 @@ public class AddUserAction implements PermissionsWsAction { Optional projectId = support.findProject(dbSession, request); OrganizationDto org = support.findOrganization(dbSession, request.param(PARAM_ORGANIZATION_KEY)); - checkAdministratorOfProjectOrOrganization(userSession, org.getUuid(), projectId); + checkProjectAdmin(userSession, org.getUuid(), projectId); PermissionChange change = new UserPermissionChange( PermissionChange.Operation.ADD, diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java index 1b6862a34b3..49a8715ec50 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java @@ -46,7 +46,7 @@ import static java.util.Collections.emptyList; import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkAdministrationPermission; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -87,7 +87,7 @@ public class GroupsAction implements PermissionsWsAction { public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { Optional projectId = support.findProject(dbSession, request); - checkAdministrationPermission(userSession, projectId); + checkProjectAdmin(userSession, projectId); PermissionQuery query = buildPermissionQuery(request, projectId); // TODO validatePermission(groupsRequest.getPermission(), wsProjectRef); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java index aab58038738..89e52894966 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java @@ -33,7 +33,7 @@ import org.sonar.server.user.UserSession; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static java.util.Arrays.asList; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkAdministrationPermission; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; @@ -79,7 +79,7 @@ public class RemoveGroupAction implements PermissionsWsAction { GroupIdOrAnyone group = support.findGroup(dbSession, request); Optional projectId = support.findProject(dbSession, request); - checkAdministrationPermission(userSession, projectId); + checkProjectAdmin(userSession, projectId); PermissionChange change = new GroupPermissionChange( PermissionChange.Operation.REMOVE, diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java index 69b11ec718b..e931111f633 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java @@ -34,7 +34,7 @@ import org.sonar.server.permission.UserPermissionChange; import org.sonar.server.user.UserSession; import static java.util.Arrays.asList; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkAdministrationPermission; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; @@ -82,7 +82,7 @@ public class RemoveUserAction implements PermissionsWsAction { Optional projectId = support.findProject(dbSession, request); OrganizationDto org = support.findOrganization(dbSession, request.param(PARAM_ORGANIZATION_KEY)); - checkAdministrationPermission(userSession, projectId); + checkProjectAdmin(userSession, projectId); PermissionChange change = new UserPermissionChange( PermissionChange.Operation.REMOVE, diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java index 31177960f81..c6c5522be11 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java @@ -40,7 +40,7 @@ import org.sonarqube.ws.WsPermissions.SearchProjectPermissionsWsResponse; import org.sonarqube.ws.WsPermissions.SearchProjectPermissionsWsResponse.Project; import org.sonarqube.ws.client.permission.SearchProjectPermissionsWsRequest; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkAdministrationPermission; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateQualifier; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; import static org.sonar.server.permission.ws.ProjectWsRef.newOptionalWsProjectRef; @@ -63,7 +63,7 @@ public class SearchProjectPermissionsAction implements PermissionsWsAction { private final PermissionWsSupport wsSupport; public SearchProjectPermissionsAction(DbClient dbClient, UserSession userSession, I18n i18n, ResourceTypes resourceTypes, - SearchProjectPermissionsDataLoader dataLoader, PermissionWsSupport wsSupport) { + SearchProjectPermissionsDataLoader dataLoader, PermissionWsSupport wsSupport) { this.dbClient = dbClient; this.userSession = userSession; this.i18n = i18n; @@ -126,7 +126,7 @@ public class SearchProjectPermissionsAction implements PermissionsWsAction { } else { projectId = Optional.empty(); } - checkAdministrationPermission(userSession, projectId); + checkProjectAdmin(userSession, projectId); } private SearchProjectPermissionsWsResponse buildResponse(SearchProjectPermissionsData data) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java index 635e5937aff..56da7853fdd 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java @@ -44,7 +44,7 @@ import static java.util.Collections.emptyList; import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkAdministrationPermission; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateGlobalPermission; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter; @@ -90,7 +90,7 @@ public class UsersAction implements PermissionsWsAction { public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { Optional projectId = support.findProject(dbSession, request); - checkAdministrationPermission(userSession, projectId); + checkProjectAdmin(userSession, projectId); PermissionQuery query = buildPermissionQuery(request, projectId); List users = findUsers(dbSession, query); -- 2.39.5