mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
Browse Source

SONAR-7242 Remove "Execute Preview Analysis" permission

tags/5.4-M12
Julien Lancelot 8 years ago
parent
0d6a493f0d
commit
320223012b
35 changed files with 174 additions and 158 deletions
Split View Show Diff Stats
  1. 1
    1
      it/it-tests/src/test/java/it/analysis/IssuesModeTest.java
  2. 20
    13
      it/it-tests/src/test/java/it/authorisation/ExecuteAnalysisPermissionTest.java
  3. 0
    2
      it/it-tests/src/test/java/it/authorisation/LocalAuthenticationTest.java
  4. 10
    9
      server/sonar-server/src/main/java/org/sonar/server/batch/GlobalAction.java
  5. 4
    4
      server/sonar-server/src/main/java/org/sonar/server/batch/IssuesAction.java
  6. 8
    9
      server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java
  7. 1
    2
      server/sonar-server/src/main/java/org/sonar/server/batch/UsersAction.java
  8. 0
    7
      server/sonar-server/src/main/resources/org/sonar/server/permission/ws/search_global_permissions-example.json
  9. 0
    1
      server/sonar-server/src/main/resources/org/sonar/server/user/ws/current-example.json
  10. 19
    7
      server/sonar-server/src/test/java/org/sonar/server/batch/GlobalActionTest.java
  11. 50
    39
      server/sonar-server/src/test/java/org/sonar/server/batch/IssuesActionTest.java
  12. 14
    15
      server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderMediumTest.java
  13. 14
    2
      server/sonar-server/src/test/java/org/sonar/server/batch/UsersActionTest.java
  14. 2
    2
      server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java
  15. 1
    1
      server/sonar-server/src/test/java/org/sonar/server/issue/filter/IssueFilterServiceTest.java
  16. 1
    1
      server/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeTest.java
  17. 1
    8
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java
  18. 2
    2
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateUsersActionTest.java
  19. 2
    2
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java
  20. 1
    1
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java
  21. 2
    2
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
  22. 1
    1
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java
  23. 2
    2
      server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java
  24. 7
    0
      server/sonar-server/src/test/resources/org/sonar/server/batch/GlobalActionTest/not_return_secured_settings_without_scan_but_being_logged.json
  25. 0
    7
      server/sonar-web/test/json/permissions/global-permissions.json
  26. 0
    1
      server/sonar-web/test/json/quality-profiles/user-admin.json
  27. 1
    2
      server/sonar-web/test/json/quality-profiles/user.json
  28. 0
    3
      sonar-core/src/main/resources/org/sonar/l10n/core.properties
  29. 1
    2
      sonar-db/src/main/java/org/sonar/core/permission/GlobalPermissions.java
  30. 2
    3
      sonar-db/src/main/resources/org/sonar/db/version/rows-h2.sql
  31. 3
    3
      sonar-db/src/test/java/org/sonar/db/user/RoleDaoTest.java
  32. 1
    1
      sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId-result.xml
  33. 1
    1
      sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId.xml
  34. 1
    1
      sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions-result.xml
  35. 1
    1
      sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions.xml

+ 1
- 1
it/it-tests/src/test/java/it/analysis/IssuesModeTest.java View File

@@ -363,7 +363,7 @@ public class IssuesModeTest {
client.issueClient().assign(issue.key(), "julien");

// Issues
runner = configureRunnerIssues("shared/xoo-sample", null);
runner = configureRunnerIssues("shared/xoo-sample", null, "sonar.login", "julien", "sonar.password", "password");
BuildResult result = orchestrator.executeBuild(runner);

JSONObject obj = ItUtils.getJSONReport(result);

+ 20
- 13
it/it-tests/src/test/java/it/authorisation/ExecuteAnalysisPermissionTest.java View File

@@ -42,6 +42,7 @@ public class ExecuteAnalysisPermissionTest {
public static Orchestrator orchestrator = Category1Suite.ORCHESTRATOR;

private final static String USER_LOGIN = "scanperm";
private final static String USER_PASSWORD = "thewhite";
private final static String PROJECT_KEY = "sample";

private static SonarClient adminClient;
@@ -50,34 +51,33 @@ public class ExecuteAnalysisPermissionTest {
public void setUp() {
orchestrator.resetData();
adminClient = orchestrator.getServer().adminWsClient();
adminClient.userClient().create(UserParameters.create().login(USER_LOGIN).name(USER_LOGIN).password("thewhite").passwordConfirmation("thewhite"));
adminClient.userClient().create(UserParameters.create().login(USER_LOGIN).name(USER_LOGIN).password(USER_PASSWORD).passwordConfirmation(USER_PASSWORD));
orchestrator.getServer().provisionProject(PROJECT_KEY, "Sample");
}

@After
public void tearDown() {
addGlobalPermission("anyone", "scan");
addGlobalPermission("anyone", "dryRunScan");
adminClient.userClient().deactivate(USER_LOGIN);
}

@Test
public void should_fail_if_no_scan_permission() throws Exception {
runProjectAnalysis(orchestrator, "shared/xoo-sample");
public void should_fail_if_logged_but_no_scan_permission() throws Exception {
executeLoggedAnalysis();

removeGlobalPermission("anyone", "scan");
try {
runProjectAnalysis(orchestrator, "shared/xoo-sample");
// Execute logged analysis, but without the "Execute Anaylsis" permission
executeLoggedAnalysis();
fail();
} catch (BuildFailureException e) {
assertThat(e.getResult().getLogs()).contains(
"You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. Please contact your SonarQube administrator.");
}

// Remove Anyone from dryrun permission
removeGlobalPermission("anyone", "dryRunScan");
try {
runProjectAnalysis(orchestrator, "shared/xoo-sample");
// Execute anonymous analysis
executeAnonymousAnalysis();;
fail();
} catch (BuildFailureException e) {
assertThat(e.getResult().getLogs()).contains(
@@ -88,22 +88,21 @@ public class ExecuteAnalysisPermissionTest {
@Test
public void no_need_for_browse_permission_to_scan() throws Exception {
// Do a first analysis, no error
runProjectAnalysis(orchestrator, "shared/xoo-sample");
executeAnonymousAnalysis();

// Remove browse permission for groups Anyone on the project
removeProjectPermission("anyone", "sample", "user");

// still no error
runProjectAnalysis(orchestrator, "shared/xoo-sample");
executeAnonymousAnalysis();
}

@Test
public void execute_analysis_permission_only_on_project() throws Exception {
public void execute_analysis_with_scan_permission_only_on_project() throws Exception {
removeGlobalPermission("anyone", "scan");
addProjectPermission("anyone", PROJECT_KEY, "scan");
addGlobalPermission("anyone", "dryRunScan");

runProjectAnalysis(orchestrator, "shared/xoo-sample");
executeLoggedAnalysis();
}

private static void addProjectPermission(String groupName, String projectKey, String permission) {
@@ -131,4 +130,12 @@ public class ExecuteAnalysisPermissionTest {
"groupName", groupName,
"permission", permission);
}

private static void executeLoggedAnalysis(){
runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", USER_PASSWORD);
}

private static void executeAnonymousAnalysis(){
runProjectAnalysis(orchestrator, "shared/xoo-sample");
}
}

+ 0
- 2
it/it-tests/src/test/java/it/authorisation/LocalAuthenticationTest.java View File

@@ -70,7 +70,6 @@ public class LocalAuthenticationTest {

adminWsClient = newAdminWsClient(ORCHESTRATOR);
userTokensWsClient = adminWsClient.userTokens();
removeGroupPermission("anyone", "dryRunScan");
removeGroupPermission("anyone", "scan");

createUser(LOGIN, "123456");
@@ -81,7 +80,6 @@ public class LocalAuthenticationTest {
@AfterClass
public static void deleteData() {
deactivateUser(LOGIN);
addGroupPermission("anyone", "dryRunScan");
addGroupPermission("anyone", "scan");
}


+ 10
- 9
server/sonar-server/src/main/java/org/sonar/server/batch/GlobalAction.java View File

@@ -24,7 +24,6 @@ import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.batch.protocol.input.GlobalRepositories;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
@@ -35,6 +34,8 @@ import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.MediaTypes;

import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;

public class GlobalAction implements BatchWsAction {

private final DbClient dbClient;
@@ -59,9 +60,9 @@ public class GlobalAction implements BatchWsAction {

@Override
public void handle(Request request, Response response) throws Exception {
boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION);
boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION);
if (!hasPreviewPerm && !hasScanPerm) {
boolean hasScanPerm = userSession.hasPermission(SCAN_EXECUTION);
boolean isLogged = userSession.isLoggedIn();
if (!isLogged && !hasScanPerm) {
throw new ForbiddenException(Messages.NO_PERMISSION);
}

@@ -69,7 +70,7 @@ public class GlobalAction implements BatchWsAction {
try {
GlobalRepositories ref = new GlobalRepositories();
addMetrics(ref, session);
addSettings(ref, hasScanPerm, hasPreviewPerm, session);
addSettings(ref, hasScanPerm, isLogged, session);

response.stream().setMediaType(MediaTypes.JSON);
IOUtils.write(ref.toJson(), response.stream().output());
@@ -94,19 +95,19 @@ public class GlobalAction implements BatchWsAction {
}
}

private void addSettings(GlobalRepositories ref, boolean hasScanPerm, boolean hasPreviewPerm, DbSession session) {
private void addSettings(GlobalRepositories ref, boolean hasScanPerm, boolean isLogged, DbSession session) {
for (PropertyDto propertyDto : propertiesDao.selectGlobalProperties(session)) {
String key = propertyDto.getKey();
String value = propertyDto.getValue();

if (isPropertyAllowed(key, hasScanPerm, hasPreviewPerm)) {
if (isPropertyAllowed(key, hasScanPerm, isLogged)) {
ref.addGlobalSetting(key, value);
}
}
}

private static boolean isPropertyAllowed(String key, boolean hasScanPerm, boolean hasPreviewPerm) {
return !key.contains(".secured") || hasScanPerm || (key.contains(".license") && hasPreviewPerm);
private static boolean isPropertyAllowed(String key, boolean hasScanPerm, boolean isLogged) {
return !key.contains(".secured") || hasScanPerm || (key.contains(".license") && isLogged);
}

}

+ 4
- 4
server/sonar-server/src/main/java/org/sonar/server/batch/IssuesAction.java View File

@@ -29,7 +29,6 @@ import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.batch.protocol.input.BatchInput;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
@@ -41,6 +40,7 @@ import org.sonar.server.user.UserSession;
import org.sonarqube.ws.MediaTypes;

import static com.google.common.collect.Maps.newHashMap;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;

public class IssuesAction implements BatchWsAction {
@@ -77,13 +77,13 @@ public class IssuesAction implements BatchWsAction {

@Override
public void handle(Request request, Response response) throws Exception {
userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION);
final String moduleKey = request.mandatoryParam(PARAM_KEY);
String componentKey = request.mandatoryParam(PARAM_KEY);
userSession.checkComponentPermission(USER, componentKey);

response.stream().setMediaType(MediaTypes.PROTOBUF);
DbSession session = dbClient.openSession(false);
try {
ComponentDto component = componentFinder.getByKey(session, moduleKey);
ComponentDto component = componentFinder.getByKey(session, componentKey);
Map<String, String> keysByUUid = keysByUUid(session, component);

BatchInput.ServerIssue.Builder issueBuilder = BatchInput.ServerIssue.newBuilder();

+ 8
- 9
server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java View File

@@ -27,7 +27,6 @@ import java.util.Date;
import java.util.List;
import java.util.Map;
import org.sonar.api.server.ServerSide;
import org.sonar.api.web.UserRole;
import org.sonar.batch.protocol.input.FileData;
import org.sonar.batch.protocol.input.ProjectRepositories;
import org.sonar.db.DbClient;
@@ -41,7 +40,7 @@ import org.sonar.server.user.UserSession;

import static com.google.common.collect.Lists.newArrayList;
import static com.google.common.collect.Maps.newHashMap;
import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.server.ws.WsUtils.checkFoundWithOptional;

@@ -64,11 +63,11 @@ public class ProjectDataLoader {
"Project or module with key '%s' is not found", query.getModuleKey());

boolean hasScanPerm = userSession.hasComponentUuidPermission(SCAN_EXECUTION, module.projectUuid());
boolean hasPreviewPerm = userSession.hasPermission(PREVIEW_EXECUTION);
checkPermission(query.isIssuesMode(), hasScanPerm, hasPreviewPerm);
boolean hasBrowsePerm = userSession.hasComponentUuidPermission(USER, module.projectUuid());
checkPermission(query.isIssuesMode(), hasScanPerm, hasBrowsePerm);

// Scan permission is enough to analyze all projects but preview permission is limited to projects user can access
if (query.isIssuesMode() && !userSession.hasComponentUuidPermission(UserRole.USER, module.projectUuid())) {
// Scan permission is enough to analyze all projects but browse permission is limited to projects user can access
if (query.isIssuesMode() && !userSession.hasComponentUuidPermission(USER, module.projectUuid())) {
throw new ForbiddenException("You're not authorized to access to project '" + module.name() + "', please contact your SonarQube administrator.");
}

@@ -182,15 +181,15 @@ public class ProjectDataLoader {
}
}

private static void checkPermission(boolean preview, boolean hasScanPerm, boolean hasPreviewPerm) {
if (!hasPreviewPerm && !hasScanPerm) {
private static void checkPermission(boolean preview, boolean hasScanPerm, boolean hasBrowsePerm) {
if (!hasBrowsePerm && !hasScanPerm) {
throw new ForbiddenException(Messages.NO_PERMISSION);
}
if (!preview && !hasScanPerm) {
throw new ForbiddenException("You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. " +
"Please contact your SonarQube administrator.");
}
if (preview && !hasPreviewPerm) {
if (preview && !hasBrowsePerm) {
throw new ForbiddenException("You're not authorized to execute a preview analysis. Please contact your SonarQube administrator.");
}
}

+ 1
- 2
server/sonar-server/src/main/java/org/sonar/server/batch/UsersAction.java View File

@@ -27,7 +27,6 @@ import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.batch.protocol.input.BatchInput;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.server.user.UserSession;
import org.sonar.server.user.index.UserDoc;
import org.sonar.server.user.index.UserIndex;
@@ -63,7 +62,7 @@ public class UsersAction implements BatchWsAction {

@Override
public void handle(Request request, Response response) throws Exception {
userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION);
userSession.checkLoggedIn();
List<String> logins = request.mandatoryParamAsStrings(PARAM_LOGINS);

response.stream().setMediaType(MediaTypes.PROTOBUF);

+ 0
- 7
server/sonar-server/src/main/resources/org/sonar/server/permission/ws/search_global_permissions-example.json View File

@@ -35,13 +35,6 @@
"usersCount": 0,
"groupsCount": 2
},
{
"key": "dryRunScan",
"name": "Execute Preview Analysis",
"description": "Ability to execute preview analysis (results are not pushed to the server). This permission does not include the ability to access secured settings such as the scm account password, the jira account password, and so on. This permission is required to execute preview analysis in Eclipse or via the Issues Report plugin.",
"usersCount": 2,
"groupsCount": 0
},
{
"key": "provisioning",
"name": "Provision Projects",

+ 0
- 1
server/sonar-server/src/main/resources/org/sonar/server/user/ws/current-example.json View File

@@ -17,7 +17,6 @@
"gateadmin",
"shareDashboard",
"scan",
"dryRunScan",
"provisioning"
]
}

+ 19
- 7
server/sonar-server/src/test/java/org/sonar/server/batch/GlobalActionTest.java View File

@@ -26,7 +26,6 @@ import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.metric.MetricDao;
@@ -40,6 +39,7 @@ import org.sonar.server.ws.WsTester;
import static com.google.common.collect.Lists.newArrayList;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;

@RunWith(MockitoJUnitRunner.class)
public class GlobalActionTest {
@@ -70,7 +70,7 @@ public class GlobalActionTest {

@Test
public void return_metrics() throws Exception {
userSessionRule.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.PREVIEW_EXECUTION);
userSessionRule.setGlobalPermissions(SCAN_EXECUTION);

when(metricDao.selectEnabled(session)).thenReturn(newArrayList(
new MetricDto().setId(1).setKey("coverage").setDescription("Coverage by unit tests").setValueType("PERCENT").setQualitative(true)
@@ -83,7 +83,7 @@ public class GlobalActionTest {

@Test
public void return_global_settings() throws Exception {
userSessionRule.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.PREVIEW_EXECUTION);
userSessionRule.setGlobalPermissions(SCAN_EXECUTION);

when(propertiesDao.selectGlobalProperties(session)).thenReturn(newArrayList(
new PropertyDto().setKey("foo").setValue("bar"),
@@ -96,12 +96,24 @@ public class GlobalActionTest {
}

@Test
public void return_only_license_settings_without_scan_but_with_preview_permission() throws Exception {
userSessionRule.setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
public void does_not_return_secured_settings_without_scan_permission_but_being_logged() throws Exception {
userSessionRule.login("john");

when(propertiesDao.selectGlobalProperties(session)).thenReturn(newArrayList(
new PropertyDto().setKey("foo").setValue("bar"),
new PropertyDto().setKey("foo.secured").setValue("1234")
));

WsTester.TestRequest request = tester.newGetRequest("batch", "global");
request.execute().assertJson(getClass(), "not_return_secured_settings_without_scan_but_being_logged.json");
}

@Test
public void return_license_settings_without_scan_permission_but_being_logged() throws Exception {
userSessionRule.login("john");

when(propertiesDao.selectGlobalProperties(session)).thenReturn(newArrayList(
new PropertyDto().setKey("foo").setValue("bar"),
new PropertyDto().setKey("foo.secured").setValue("1234"),
new PropertyDto().setKey("foo.license.secured").setValue("5678")
));

@@ -110,7 +122,7 @@ public class GlobalActionTest {
}

@Test
public void access_forbidden_without_scan_and_preview_permission() throws Exception {
public void access_forbidden_without_preview_permission_and_not_logged() throws Exception {
userSessionRule.setGlobalPermissions();

when(propertiesDao.selectGlobalProperties(session)).thenReturn(newArrayList(

+ 50
- 39
server/sonar-server/src/test/java/org/sonar/server/batch/IssuesActionTest.java View File

@@ -27,17 +27,18 @@ import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.ExpectedException;
import org.sonar.api.config.Settings;
import org.sonar.api.platform.Server;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
import org.sonar.batch.protocol.Constants.Severity;
import org.sonar.batch.protocol.input.BatchInput.ServerIssue;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.server.component.ComponentFinder;
import org.sonar.db.component.ComponentTesting;
import org.sonar.server.component.ComponentFinder;
import org.sonar.server.es.EsTester;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.issue.IssueTesting;
@@ -58,9 +59,17 @@ import static org.mockito.Mockito.mock;
@Category(DbTests.class)
public class IssuesActionTest {

private final static String PROJECT_KEY = "struts";
private final static String MODULE_KEY = "struts-core";
private final static String FILE_KEY = "Action.java";
final static String PROJECT_KEY = "struts";
static final String PROJECT_UUID = "ABCD";

final static String MODULE_KEY = "struts-core";
static final String MODULE_UUID = "BCDE";

final static String FILE_KEY = "Action.java";
static final String FILE_UUID = "CDEF";

@Rule
public ExpectedException thrown = ExpectedException.none();

@Rule
public DbTester db = DbTester.create(System2.INSTANCE);
@@ -94,9 +103,9 @@ public class IssuesActionTest {

@Test
public void return_minimal_fields() throws Exception {
ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY);
ComponentDto file = ComponentTesting.newFileDto(module, "CDEF").setKey(FILE_KEY).setPath(null);
ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY);
ComponentDto file = ComponentTesting.newFileDto(module, FILE_UUID).setKey(FILE_KEY).setPath(null);
db.getDbClient().componentDao().insert(db.getSession(), project, module, file);
db.getSession().commit();

@@ -111,8 +120,7 @@ public class IssuesActionTest {
.setChecksum(null)
.setAssignee(null));

userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);

addBrowsePermissionOnComponent(PROJECT_KEY);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);

ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
@@ -133,9 +141,9 @@ public class IssuesActionTest {

@Test
public void issues_from_project() throws Exception {
ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY);
ComponentDto file = ComponentTesting.newFileDto(module, "CDEF").setKey(FILE_KEY).setPath("src/org/struts/Action.java");
ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY);
ComponentDto file = ComponentTesting.newFileDto(module, FILE_UUID).setKey(FILE_KEY).setPath("src/org/struts/Action.java");
db.getDbClient().componentDao().insert(db.getSession(), project, module, file);
db.getSession().commit();

@@ -150,8 +158,7 @@ public class IssuesActionTest {
.setChecksum("123456")
.setAssignee("john"));

userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);

addBrowsePermissionOnComponent(PROJECT_KEY);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);

ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
@@ -172,9 +179,9 @@ public class IssuesActionTest {

@Test
public void issues_from_module() throws Exception {
ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY);
ComponentDto file = ComponentTesting.newFileDto(module, "CDEF").setKey(FILE_KEY).setPath("src/org/struts/Action.java");
ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY);
ComponentDto file = ComponentTesting.newFileDto(module, FILE_UUID).setKey(FILE_KEY).setPath("src/org/struts/Action.java");
db.getDbClient().componentDao().insert(db.getSession(), project, module, file);
db.getSession().commit();

@@ -189,9 +196,9 @@ public class IssuesActionTest {
.setChecksum("123456")
.setAssignee("john"));

userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
addBrowsePermissionOnComponent(PROJECT_KEY);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);

WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", MODULE_KEY);
ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
assertThat(serverIssue.getKey()).isEqualTo("EFGH");
assertThat(serverIssue.getModuleKey()).isEqualTo(MODULE_KEY);
@@ -210,9 +217,9 @@ public class IssuesActionTest {

@Test
public void issues_from_file() throws Exception {
ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY);
ComponentDto file = ComponentTesting.newFileDto(module, "CDEF").setKey(FILE_KEY).setPath("src/org/struts/Action.java");
ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY);
ComponentDto file = ComponentTesting.newFileDto(module, FILE_UUID).setKey(FILE_KEY).setPath("src/org/struts/Action.java");
db.getDbClient().componentDao().insert(db.getSession(), project, module, file);
db.getSession().commit();

@@ -227,9 +234,9 @@ public class IssuesActionTest {
.setChecksum("123456")
.setAssignee("john"));

userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);

addBrowsePermissionOnComponent(FILE_KEY);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", FILE_KEY);

ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
assertThat(serverIssue.getKey()).isEqualTo("EFGH");
assertThat(serverIssue.getModuleKey()).isEqualTo(MODULE_KEY);
@@ -248,8 +255,8 @@ public class IssuesActionTest {

@Test
public void issues_attached_on_module() throws Exception {
ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY);
ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY);
db.getDbClient().componentDao().insert(db.getSession(), project, module);
db.getSession().commit();

@@ -264,9 +271,9 @@ public class IssuesActionTest {
.setChecksum("123456")
.setAssignee("john"));

userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);

addBrowsePermissionOnComponent(MODULE_KEY);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", MODULE_KEY);

ServerIssue previousIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
assertThat(previousIssue.getKey()).isEqualTo("EFGH");
assertThat(previousIssue.getModuleKey()).isEqualTo(MODULE_KEY);
@@ -285,10 +292,10 @@ public class IssuesActionTest {

@Test
public void project_issues_attached_file_on_removed_module() throws Exception {
ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
// File and module are removed
ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY).setEnabled(false);
ComponentDto file = ComponentTesting.newFileDto(module, "CDEF").setKey(FILE_KEY).setPath("src/org/struts/Action.java").setEnabled(false);
ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY).setEnabled(false);
ComponentDto file = ComponentTesting.newFileDto(module, FILE_UUID).setKey(FILE_KEY).setPath("src/org/struts/Action.java").setEnabled(false);
db.getDbClient().componentDao().insert(db.getSession(), project, module, file);
db.getSession().commit();

@@ -303,21 +310,21 @@ public class IssuesActionTest {
.setChecksum("123456")
.setAssignee("john"));

userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);

addBrowsePermissionOnComponent(PROJECT_KEY);
WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);

ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
assertThat(serverIssue.getKey()).isEqualTo("EFGH");
// Module key of removed file should be returned
assertThat(serverIssue.getModuleKey()).isEqualTo(MODULE_KEY);
}

@Test(expected = ForbiddenException.class)
public void fail_without_preview_permission() throws Exception {
userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PROVISIONING);
@Test
public void fail_without_browse_permission_on_file() throws Exception {
addBrowsePermissionOnComponent(PROJECT_KEY);

WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);
request.execute();
thrown.expect(ForbiddenException.class);
tester.newGetRequest("batch", "issues").setParam("key", "Other component key").execute();
}

private void indexIssues(IssueDoc... issues) {
@@ -330,4 +337,8 @@ public class IssuesActionTest {
private void addIssueAuthorization(String projectUuid, @Nullable String group, @Nullable String user) {
issueAuthorizationIndexer.index(newArrayList(new IssueAuthorizationDao.Dto(projectUuid, 1).addGroup(group).addUser(user)));
}

private void addBrowsePermissionOnComponent(String componentKey){
userSessionRule.addComponentPermission(UserRole.USER, PROJECT_KEY, componentKey);
}
}

+ 14
- 15
server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderMediumTest.java View File

@@ -27,6 +27,7 @@ import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.web.UserRole;
import org.sonar.batch.protocol.input.FileData;
import org.sonar.batch.protocol.input.ProjectRepositories;
@@ -47,12 +48,14 @@ import org.sonar.server.tester.UserSessionRule;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.fail;
import static org.sonar.api.utils.DateUtils.formatDateTime;
import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.server.qualityprofile.QProfileTesting.newQProfileDto;

public class ProjectDataLoaderMediumTest {

@Rule
public ExpectedException thrown = ExpectedException.none();

@ClassRule
public static ServerTester tester = new ServerTester().addXoo();

@@ -120,9 +123,9 @@ public class ProjectDataLoaderMediumTest {
}

@Test
public void not_returned_secured_settings_with_only_preview_permission() {
public void not_returned_secured_settings_when_lgged_but_no_scan_permission() {
ComponentDto project = ComponentTesting.newProjectDto();
userSessionRule.login("john").setGlobalPermissions(PREVIEW_EXECUTION).addProjectUuidPermissions(UserRole.USER, project.uuid());
userSessionRule.login("john").addProjectUuidPermissions(UserRole.USER, project.uuid());
tester.get(DbClient.class).componentDao().insert(dbSession, project);
addDefaultProfile();

@@ -442,7 +445,7 @@ public class ProjectDataLoaderMediumTest {
}

@Test
public void fail_if_no_permission() {
public void fail_when_no_browse_permission_and_no_scan_permission() {
userSessionRule.login("john").setGlobalPermissions();

ComponentDto project = ComponentTesting.newProjectDto();
@@ -458,21 +461,17 @@ public class ProjectDataLoaderMediumTest {
}

@Test
public void fail_when_not_preview_and_only_dry_run_permission() {
userSessionRule.login("john").setGlobalPermissions(PREVIEW_EXECUTION);

public void fail_when_not_preview_and_only_browse_permission_without_scan_permission() {
ComponentDto project = ComponentTesting.newProjectDto();
tester.get(DbClient.class).componentDao().insert(dbSession, project);
dbSession.commit();

try {
underTest.load(ProjectDataQuery.create().setModuleKey(project.key()).setIssuesMode(false));
fail();
} catch (Exception e) {
assertThat(e).isInstanceOf(ForbiddenException.class).hasMessage(
"You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. " +
"Please contact your SonarQube administrator.");
}
userSessionRule.login("john").addProjectUuidPermissions(UserRole.USER, project.projectUuid());

thrown.expect(ForbiddenException.class);
thrown.expectMessage("You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. " +
"Please contact your SonarQube administrator.");
underTest.load(ProjectDataQuery.create().setModuleKey(project.key()).setIssuesMode(false));
}

@Test

+ 14
- 2
server/sonar-server/src/test/java/org/sonar/server/batch/UsersActionTest.java View File

@@ -26,11 +26,12 @@ import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.config.Settings;
import org.sonar.api.platform.Server;
import org.sonar.batch.protocol.input.BatchInput.User;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.server.es.EsTester;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.user.index.UserDoc;
import org.sonar.server.user.index.UserIndex;
@@ -42,8 +43,12 @@ import static org.mockito.Mockito.mock;

public class UsersActionTest {

@Rule
public ExpectedException thrown = ExpectedException.none();

@ClassRule
public static EsTester es = new EsTester().addDefinitions(new UserIndexDefinition(new Settings()));

@Rule
public UserSessionRule userSessionRule = UserSessionRule.standalone();

@@ -68,7 +73,7 @@ public class UsersActionTest {
es.putDocuments(UserIndexDefinition.INDEX, UserIndexDefinition.TYPE_USER,
new UserDoc().setLogin("ada.lovelace").setName("Ada Lovelace").setActive(false),
new UserDoc().setLogin("grace.hopper").setName("Grace Hopper").setActive(true));
userSessionRule.login("sonarqtech").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
userSessionRule.login("sonarqtech");

WsTester.TestRequest request = tester.newGetRequest("batch", "users").setParam("logins", "ada.lovelace,grace.hopper");

@@ -81,4 +86,11 @@ public class UsersActionTest {
assertThat(users).extracting("login").containsOnly("ada.lovelace", "grace.hopper");
assertThat(users).extracting("name").containsOnly("Ada Lovelace", "Grace Hopper");
}

@Test
public void fail_without_being_logged() throws Exception {
thrown.expect(UnauthorizedException.class);
tester.newGetRequest("batch", "users").setParam("logins", "ada.lovelace,grace.hopper").execute();
}

}

+ 2
- 2
server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java View File

@@ -47,7 +47,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;

@@ -185,7 +185,7 @@ public class TaskActionTest {

@Test
public void fail_on_queue_task_not_linked_on_project_if_not_admin_nor_scan_permission() {
userSession.login("john").setGlobalPermissions(PREVIEW_EXECUTION);
userSession.login("john").setGlobalPermissions(PROVISIONING);

CeQueueDto queueDto = new CeQueueDto();
queueDto.setTaskType("fake");

+ 1
- 1
server/sonar-server/src/test/java/org/sonar/server/issue/filter/IssueFilterServiceTest.java View File

@@ -429,7 +429,7 @@ public class IssueFilterServiceTest {
String currentUser = "dave.loper";
IssueFilterDto sharedFilter = new IssueFilterDto().setId(1L).setName("My filter").setUserLogin(currentUser).setShared(true);

when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(GlobalPermissions.PREVIEW_EXECUTION));
when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(GlobalPermissions.PROVISIONING));
when(issueFilterDao.selectById(1L)).thenReturn(sharedFilter);

try {

+ 1
- 1
server/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeTest.java View File

@@ -117,7 +117,7 @@ public class PermissionChangeTest {
PermissionChange query = PermissionChange.buildFromParams(inconsistentParams);

thrown.expect(BadRequestException.class);
thrown.expectMessage("Invalid global permission key invalid. Valid values are [admin, profileadmin, gateadmin, shareDashboard, scan, dryRunScan, provisioning]");
thrown.expectMessage("Invalid global permission key invalid. Valid values are [admin, profileadmin, gateadmin, shareDashboard, scan, provisioning]");
query.validate();
}


+ 1
- 8
server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java View File

@@ -42,10 +42,9 @@ import org.sonarqube.ws.MediaTypes;
import org.sonarqube.ws.WsPermissions;

import static org.sonar.core.permission.GlobalPermissions.DASHBOARD_SHARING;
import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.test.JsonAssert.assertJson;
@@ -87,8 +86,6 @@ public class SearchGlobalPermissionsActionTest {
insertUserRole(newUserRoleDto(QUALITY_PROFILE_ADMIN, adminUser.getId()));
insertUserRole(newUserRoleDto(QUALITY_GATE_ADMIN, user.getId()));
insertUserRole(newUserRoleDto(QUALITY_GATE_ADMIN, adminUser.getId()));
insertUserRole(newUserRoleDto(PREVIEW_EXECUTION, adminUser.getId()));
insertUserRole(newUserRoleDto(PREVIEW_EXECUTION, user.getId()));

db.getSession().commit();

@@ -135,10 +132,6 @@ public class SearchGlobalPermissionsActionTest {
i18n.put("global_permissions.scan", "Execute Analysis");
i18n.put("global_permissions.scan.desc", "Ability to execute analyses, and to get all settings required to perform the analysis, " +
"even the secured ones like the scm account password, the jira account password, and so on.");
i18n.put("global_permissions.dryRunScan", "Execute Preview Analysis");
i18n.put("global_permissions.dryRunScan.desc", "Ability to execute preview analysis (results are not pushed to the server). " +
"This permission does not include the ability to access secured settings such as the scm account password, the jira account password, and so on. " +
"This permission is required to execute preview analysis in Eclipse or via the Issues Report plugin.");
i18n.put("global_permissions.provisioning", "Provision Projects");
i18n.put("global_permissions.provisioning.desc", "Ability to initialize project structure before first analysis.");
}

+ 2
- 2
server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateUsersActionTest.java View File

@@ -56,8 +56,8 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateDto;
import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateUserDto;
import static org.sonarqube.ws.MediaTypes.PROTOBUF;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.MediaTypes.PROTOBUF;
import static org.sonarqube.ws.WsPermissions.UsersWsResponse.parseFrom;

@Category(DbTests.class)
@@ -177,7 +177,7 @@ public class TemplateUsersActionTest {
public void fail_if_not_a_project_permission() throws IOException {
expectedException.expect(BadRequestException.class);

newRequest(GlobalPermissions.PREVIEW_EXECUTION, template1.getUuid())
newRequest(GlobalPermissions.PROVISIONING, template1.getUuid())
.execute();
}


+ 2
- 2
server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java View File

@@ -64,8 +64,8 @@ import static org.sonar.db.user.GroupTesting.newGroupDto;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;

@Category(DbTests.class)
public class AddGroupToTemplateActionTest {
@@ -156,7 +156,7 @@ public class AddGroupToTemplateActionTest {
public void fail_if_not_a_project_permission() {
expectedException.expect(BadRequestException.class);

newRequest(GROUP_NAME, permissionTemplate.getUuid(), GlobalPermissions.PREVIEW_EXECUTION);
newRequest(GROUP_NAME, permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
}

@Test

+ 1
- 1
server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java View File

@@ -125,7 +125,7 @@ public class AddUserToTemplateActionTest {
public void fail_if_not_a_project_permission() {
expectedException.expect(BadRequestException.class);

newRequest(USER_LOGIN, permissionTemplate.getUuid(), GlobalPermissions.PREVIEW_EXECUTION);
newRequest(USER_LOGIN, permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
}

@Test

+ 2
- 2
server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java View File

@@ -61,8 +61,8 @@ import static org.sonar.db.user.GroupTesting.newGroupDto;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;

@Category(DbTests.class)
public class RemoveGroupFromTemplateActionTest {
@@ -159,7 +159,7 @@ public class RemoveGroupFromTemplateActionTest {
public void fail_if_not_a_project_permission() {
expectedException.expect(BadRequestException.class);

newRequest(GROUP_NAME, permissionTemplate.getUuid(), GlobalPermissions.PREVIEW_EXECUTION);
newRequest(GROUP_NAME, permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
}

@Test

+ 1
- 1
server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java View File

@@ -149,7 +149,7 @@ public class RemoveUserFromTemplateActionTest {
public void fail_if_not_a_project_permission() {
expectedException.expect(BadRequestException.class);

newRequest(USER_LOGIN, permissionTemplate.getUuid(), GlobalPermissions.PREVIEW_EXECUTION);
newRequest(USER_LOGIN, permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
}

@Test

+ 2
- 2
server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java View File

@@ -47,7 +47,7 @@ import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse;
import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse.Status;

import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
@@ -235,7 +235,7 @@ public class ProjectStatusActionTest {

@Test
public void fail_if_insufficient_privileges() {
userSession.login("john").setGlobalPermissions(PREVIEW_EXECUTION);
userSession.login("john").setGlobalPermissions(PROVISIONING);

ComponentDto project = newProjectDto("project-uuid");
dbClient.componentDao().insert(dbSession, project);

+ 7
- 0
server/sonar-server/src/test/resources/org/sonar/server/batch/GlobalActionTest/not_return_secured_settings_without_scan_but_being_logged.json View File

@@ -0,0 +1,7 @@
{
"timestamp": 0,
"metrics": [],
"globalSettings": {
"foo" : "bar"
}
}

+ 0
- 7
server/sonar-web/test/json/permissions/global-permissions.json View File

@@ -35,13 +35,6 @@
"usersCount": 0,
"groupsCount": 1
},
{
"key": "dryRunScan",
"name": "Execute Preview Analysis",
"description": "Ability to execute preview analysis (results are not pushed to the server). This permission does not include the ability to access secured settings such as the scm account password, the jira account password, and so on.<br/>This permission is <em>required</em> to execute preview analysis in Eclipse or via the Issues Report plugin.",
"usersCount": 0,
"groupsCount": 1
},
{
"key": "provisioning",
"name": "Provision Projects",

+ 0
- 1
server/sonar-web/test/json/quality-profiles/user-admin.json View File

@@ -5,7 +5,6 @@
"permissions": {
"global": [
"provisioning",
"dryRunScan",
"shareDashboard",
"scan",
"profileadmin",

+ 1
- 2
server/sonar-web/test/json/quality-profiles/user.json View File

@@ -2,8 +2,7 @@
"isLoggedIn": false,
"permissions": {
"global": [
"scan",
"dryRunScan"
"scan"
]
}
}

+ 0
- 3
sonar-core/src/main/resources/org/sonar/l10n/core.properties View File

@@ -2837,9 +2837,6 @@ global_permissions.shareDashboard=Share Dashboards And Filters
global_permissions.shareDashboard.desc=Ability to share dashboards, issue filters and measure filters.
global_permissions.scan=Execute Analysis
global_permissions.scan.desc=Ability to execute analyses, and to get all settings required to perform the analysis, even the secured ones like the scm account password, the jira account password, and so on.
global_permissions.dryRunScan=Execute Preview Analysis
global_permissions.dryRunScan.desc=Ability to execute preview analysis (results are not pushed to the server). This permission does not include the ability to access secured settings such as the scm account password, the jira account password, and so on.<br/>\
This permission is <em>required</em> to execute preview analysis in an IDE or for an Issues Report.
global_permissions.provisioning=Provision Projects
global_permissions.provisioning.desc=Ability to initialize a project so its settings can be configured before the first analysis.


+ 1
- 2
sonar-db/src/main/java/org/sonar/core/permission/GlobalPermissions.java View File

@@ -34,14 +34,13 @@ public final class GlobalPermissions {
public static final String QUALITY_GATE_ADMIN = "gateadmin";
public static final String DASHBOARD_SHARING = "shareDashboard";
public static final String SCAN_EXECUTION = "scan";
public static final String PREVIEW_EXECUTION = "dryRunScan";
public static final String PROVISIONING = "provisioning";

/**
* All the global permissions values, ordered from {@link #SYSTEM_ADMIN} to {@link #PROVISIONING}.
*/
public static final List<String> ALL = ImmutableList.of(
SYSTEM_ADMIN, QUALITY_PROFILE_ADMIN, QUALITY_GATE_ADMIN, DASHBOARD_SHARING, SCAN_EXECUTION, PREVIEW_EXECUTION, PROVISIONING);
SYSTEM_ADMIN, QUALITY_PROFILE_ADMIN, QUALITY_GATE_ADMIN, DASHBOARD_SHARING, SCAN_EXECUTION, PROVISIONING);
public static final String ALL_ON_ONE_LINE = Joiner.on(", ").join(GlobalPermissions.ALL);

private GlobalPermissions() {

+ 2
- 3
sonar-db/src/main/resources/org/sonar/db/version/rows-h2.sql View File

@@ -9,9 +9,8 @@ INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (2, 1, null, 'pr
INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (3, 1, null, 'gateadmin');
INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (4, 1, null, 'shareDashboard');
INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (5, null, null, 'scan');
INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (6, null, null, 'dryRunScan');
INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (7, null, null, 'provisioning');
INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (8, 1, null, 'provisioning');
INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (6, null, null, 'provisioning');
INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (7, 1, null, 'provisioning');
ALTER TABLE GROUP_ROLES ALTER COLUMN ID RESTART WITH 9;

INSERT INTO GROUPS_USERS(USER_ID, GROUP_ID) VALUES (1, 1);

+ 3
- 3
sonar-db/src/test/java/org/sonar/db/user/RoleDaoTest.java View File

@@ -64,10 +64,10 @@ public class RoleDaoTest {
GlobalPermissions.QUALITY_PROFILE_ADMIN,
GlobalPermissions.DASHBOARD_SHARING);
assertThat(underTest.selectGroupPermissions(db.getSession(), "sonar-users", null)).containsOnly(GlobalPermissions.DASHBOARD_SHARING);
assertThat(underTest.selectGroupPermissions(db.getSession(), DefaultGroups.ANYONE, null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION,
assertThat(underTest.selectGroupPermissions(db.getSession(), DefaultGroups.ANYONE, null)).containsOnly(GlobalPermissions.PROVISIONING,
GlobalPermissions.SCAN_EXECUTION);
assertThat(underTest.selectGroupPermissions(db.getSession(), "anyone", null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION, GlobalPermissions.SCAN_EXECUTION);
assertThat(underTest.selectGroupPermissions(db.getSession(), "AnYoNe", null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION, GlobalPermissions.SCAN_EXECUTION);
assertThat(underTest.selectGroupPermissions(db.getSession(), "anyone", null)).containsOnly(GlobalPermissions.PROVISIONING, GlobalPermissions.SCAN_EXECUTION);
assertThat(underTest.selectGroupPermissions(db.getSession(), "AnYoNe", null)).containsOnly(GlobalPermissions.PROVISIONING, GlobalPermissions.SCAN_EXECUTION);
}

@Test

+ 1
- 1
sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId-result.xml View File

@@ -6,7 +6,7 @@
<group_roles id="4" group_id="101" role="shareDashboard" resource_id="[null]"/>

<group_roles id="5" group_id="[null]" role="scan" resource_id="[null]"/>
<group_roles id="6" group_id="[null]" role="dryRunScan" resource_id="[null]"/>
<group_roles id="6" group_id="[null]" role="provisioning" resource_id="[null]"/>

<group_roles id="7" group_id="102" role="admin" resource_id="1"/>


+ 1
- 1
sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId.xml View File

@@ -11,7 +11,7 @@
<group_roles id="4" group_id="101" role="shareDashboard" resource_id="[null]"/>

<group_roles id="5" group_id="[null]" role="scan" resource_id="[null]"/>
<group_roles id="6" group_id="[null]" role="dryRunScan" resource_id="[null]"/>
<group_roles id="6" group_id="[null]" role="provisioning" resource_id="[null]"/>

<group_roles id="7" group_id="102" role="admin" resource_id="1"/>


+ 1
- 1
sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions-result.xml View File

@@ -9,7 +9,7 @@

<!-- Group 'anyone' has a NULL group_id -->
<group_roles id="5" group_id="[null]" role="scan" resource_id="[null]"/>
<group_roles id="6" group_id="[null]" role="dryRunScan" resource_id="[null]"/>
<group_roles id="6" group_id="[null]" role="provisioning" resource_id="[null]"/>

<group_roles id="7" group_id="102" role="admin" resource_id="1"/>


+ 1
- 1
sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions.xml View File

@@ -10,7 +10,7 @@

<!-- Group 'anyone' has a NULL group_id -->
<group_roles id="5" group_id="[null]" role="scan" resource_id="[null]"/>
<group_roles id="6" group_id="[null]" role="dryRunScan" resource_id="[null]"/>
<group_roles id="6" group_id="[null]" role="provisioning" resource_id="[null]"/>

<!-- Component permission, it should not be returned with global permissions -->
<group_roles id="7" group_id="102" role="admin" resource_id="1"/>

Write Preview
Loading…
Cancel
Save