From 4c56e6c287c0ca07dba287a234759c5a32193ba7 Mon Sep 17 00:00:00 2001 From: Teryk Bellahsene Date: Wed, 11 May 2016 16:11:00 +0200 Subject: [PATCH] SONAR-7628 WS api/qualitygates/project_status requires admin or browse permission --- .../measure/ws/ComponentTreeDataLoader.java | 3 +- .../qualitygate/ws/ProjectStatusAction.java | 14 +++++--- .../ws/ProjectStatusActionTest.java | 35 +++++++------------ 3 files changed, 22 insertions(+), 30 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/measure/ws/ComponentTreeDataLoader.java b/server/sonar-server/src/main/java/org/sonar/server/measure/ws/ComponentTreeDataLoader.java index aa82944b8b6..3878a6491ac 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/measure/ws/ComponentTreeDataLoader.java +++ b/server/sonar-server/src/main/java/org/sonar/server/measure/ws/ComponentTreeDataLoader.java @@ -351,8 +351,7 @@ public class ComponentTreeDataLoader { private void checkPermissions(ComponentDto baseComponent) { String projectUuid = firstNonNull(baseComponent.projectUuid(), baseComponent.uuid()); - if (!userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) && - !userSession.hasComponentUuidPermission(UserRole.ADMIN, projectUuid) && + if (!userSession.hasComponentUuidPermission(UserRole.ADMIN, projectUuid) && !userSession.hasComponentUuidPermission(UserRole.USER, projectUuid)) { throw insufficientPrivilegesException(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/ProjectStatusAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/ProjectStatusAction.java index 0278ac0857c..0201259bef8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/ProjectStatusAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/ProjectStatusAction.java @@ -32,6 +32,7 @@ import org.sonar.api.measures.CoreMetrics; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; +import org.sonar.api.web.UserRole; import org.sonar.core.util.Uuids; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -47,8 +48,6 @@ import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse; import org.sonarqube.ws.client.qualitygate.ProjectStatusWsRequest; import static com.google.common.base.Strings.isNullOrEmpty; -import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; import static org.sonar.server.ws.WsUtils.checkFound; import static org.sonar.server.ws.WsUtils.checkRequest; @@ -86,7 +85,12 @@ public class ProjectStatusAction implements QGateWsAction { MSG_ONE_PARAMETER_ONLY + "
" + "The different statuses returned are: %s. The %s status is returned when there is no quality gate associated with the analysis.
" + "Returns an HTTP code 404 if the analysis associated with the task is not found or does not exist.
" + - "Requires 'Administer System' or 'Execute Analysis' permission.", QG_STATUSES_ONE_LINE, ProjectStatusWsResponse.Status.NONE)) + "Requires one of the following permissions:" + + "", QG_STATUSES_ONE_LINE, ProjectStatusWsResponse.Status.NONE)) .setResponseExample(getClass().getResource("project_status-example.json")) .setSince("5.3") .setHandler(this); @@ -193,8 +197,8 @@ public class ProjectStatusAction implements QGateWsAction { } private void checkPermission(String projectUuid) { - if (!userSession.hasPermission(SYSTEM_ADMIN) - && !userSession.hasComponentUuidPermission(SCAN_EXECUTION, projectUuid)) { + if (!userSession.hasComponentUuidPermission(UserRole.ADMIN, projectUuid) && + !userSession.hasComponentUuidPermission(UserRole.USER, projectUuid)) { throw insufficientPrivilegesException(); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java index 8df4871a692..438423722b3 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java @@ -28,6 +28,7 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.measures.CoreMetrics; import org.sonar.api.utils.System2; +import org.sonar.api.web.UserRole; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -47,7 +48,6 @@ import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse.Status; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; -import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.component.SnapshotTesting.newSnapshotForProject; @@ -82,7 +82,7 @@ public class ProjectStatusActionTest { @Test public void json_example() throws IOException { - userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN); + userSession.setGlobalPermissions(SYSTEM_ADMIN); ComponentDto project = componentDb.insertComponent(newProjectDto("project-uuid")); SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project) @@ -111,7 +111,7 @@ public class ProjectStatusActionTest { @Test public void return_status_by_project_id() throws IOException { - userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN); + userSession.setGlobalPermissions(SYSTEM_ADMIN); ComponentDto project = componentDb.insertComponent(newProjectDto("project-uuid")); SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project) @@ -140,7 +140,7 @@ public class ProjectStatusActionTest { @Test public void return_status_by_project_key() throws IOException { - userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN); + userSession.setGlobalPermissions(SYSTEM_ADMIN); ComponentDto project = componentDb.insertComponent(newProjectDto("project-uuid").setKey("project-key")); SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project) @@ -169,7 +169,7 @@ public class ProjectStatusActionTest { @Test public void return_undefined_status_if_measure_is_not_found() { - userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN); + userSession.setGlobalPermissions(SYSTEM_ADMIN); ComponentDto project = componentDb.insertComponent(newProjectDto("project-uuid")); SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project)); @@ -183,7 +183,7 @@ public class ProjectStatusActionTest { @Test public void return_undefined_status_if_snapshot_is_not_found() { - userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN); + userSession.setGlobalPermissions(SYSTEM_ADMIN); componentDb.insertComponent(newProjectDto("project-uuid")); ProjectStatusWsResponse result = callByProjectUuid("project-uuid"); @@ -193,8 +193,8 @@ public class ProjectStatusActionTest { } @Test - public void not_fail_with_system_admin_permission() { - userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN); + public void not_fail_with_project_admin_permission() { + userSession.addProjectUuidPermissions(UserRole.ADMIN, "project-uuid"); ComponentDto project = componentDb.insertComponent(newProjectDto("project-uuid")); SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project)); @@ -204,8 +204,8 @@ public class ProjectStatusActionTest { } @Test - public void not_fail_with_global_scan_permission() { - userSession.login("john").setGlobalPermissions(SCAN_EXECUTION); + public void not_fail_with_browse_permission() { + userSession.addProjectUuidPermissions(UserRole.USER, "project-uuid"); ComponentDto project = componentDb.insertComponent(newProjectDto("project-uuid")); SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project)); @@ -214,20 +214,9 @@ public class ProjectStatusActionTest { call(snapshot.getId().toString()); } - @Test - public void not_fail_with_project_scan_permission() { - ComponentDto project = componentDb.insertComponent(newProjectDto("project-uuid")); - SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project)); - dbSession.commit(); - - userSession.login("john").addProjectUuidPermissions(SCAN_EXECUTION, project.uuid()); - - call(snapshot.getId().toString()); - } - @Test public void fail_if_no_snapshot_id_found() { - userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN); + userSession.setGlobalPermissions(SYSTEM_ADMIN); expectedException.expect(NotFoundException.class); expectedException.expectMessage("Analysis with id 'task-uuid' is not found"); @@ -237,7 +226,7 @@ public class ProjectStatusActionTest { @Test public void fail_if_insufficient_privileges() { - userSession.login("john").setGlobalPermissions(PROVISIONING); + userSession.setGlobalPermissions(PROVISIONING); ComponentDto project = componentDb.insertComponent(newProjectDto("project-uuid")); SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project)); -- 2.39.5