@@ -32,8 +32,8 @@ import org.sonar.db.metric.MetricDto; | |||
import org.sonar.db.property.PropertiesDao; | |||
import org.sonar.db.property.PropertyDto; | |||
import org.sonar.server.exceptions.ForbiddenException; | |||
import org.sonarqube.ws.MediaTypes; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonarqube.ws.MediaTypes; | |||
public class GlobalAction implements BatchWsAction { | |||
@@ -59,8 +59,8 @@ public class GlobalAction implements BatchWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION); | |||
boolean hasPreviewPerm = userSession.hasGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION); | |||
boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
if (!hasPreviewPerm && !hasScanPerm) { | |||
throw new ForbiddenException(Messages.NO_PERMISSION); | |||
} |
@@ -37,8 +37,8 @@ import org.sonar.db.component.ComponentDto; | |||
import org.sonar.server.component.ComponentFinder; | |||
import org.sonar.server.issue.index.IssueDoc; | |||
import org.sonar.server.issue.index.IssueIndex; | |||
import org.sonarqube.ws.MediaTypes; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonarqube.ws.MediaTypes; | |||
import static com.google.common.collect.Maps.newHashMap; | |||
@@ -76,7 +76,7 @@ public class IssuesAction implements BatchWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
final String moduleKey = request.mandatoryParam(PARAM_KEY); | |||
response.stream().setMediaType(MediaTypes.PROTOBUF); |
@@ -56,7 +56,7 @@ public class ProjectDataLoader { | |||
} | |||
public ProjectRepositories load(ProjectDataQuery query) { | |||
boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION); | |||
boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION); | |||
checkPermission(query.isIssuesMode()); | |||
DbSession session = dbClient.openSession(false); | |||
@@ -66,7 +66,7 @@ public class ProjectDataLoader { | |||
"Project or module with key '%s' is not found", query.getModuleKey()); | |||
// Scan permission is enough to analyze all projects but preview permission is limited to projects user can access | |||
if (query.isIssuesMode() && !userSession.hasProjectPermissionByUuid(UserRole.USER, module.projectUuid())) { | |||
if (query.isIssuesMode() && !userSession.hasComponentUuidPermission(UserRole.USER, module.projectUuid())) { | |||
throw new ForbiddenException("You're not authorized to access to project '" + module.name() + "', please contact your SonarQube administrator."); | |||
} | |||
@@ -181,8 +181,8 @@ public class ProjectDataLoader { | |||
} | |||
private void checkPermission(boolean preview) { | |||
boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION); | |||
boolean hasPreviewPerm = userSession.hasGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION); | |||
boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
if (!hasPreviewPerm && !hasScanPerm) { | |||
throw new ForbiddenException(Messages.NO_PERMISSION); | |||
} |
@@ -28,10 +28,10 @@ import org.sonar.api.server.ws.Response; | |||
import org.sonar.api.server.ws.WebService; | |||
import org.sonar.batch.protocol.input.BatchInput; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonarqube.ws.MediaTypes; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonar.server.user.index.UserDoc; | |||
import org.sonar.server.user.index.UserIndex; | |||
import org.sonarqube.ws.MediaTypes; | |||
public class UsersAction implements BatchWsAction { | |||
@@ -63,7 +63,7 @@ public class UsersAction implements BatchWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
List<String> logins = request.mandatoryParamAsStrings(PARAM_LOGINS); | |||
response.stream().setMediaType(MediaTypes.PROTOBUF); |
@@ -109,7 +109,7 @@ public class ComponentService { | |||
DbSession session = dbClient.openSession(false); | |||
try { | |||
ComponentDto projectOrModule = getByKey(session, projectOrModuleKey); | |||
userSession.checkProjectUuidPermission(UserRole.ADMIN, projectOrModule.projectUuid()); | |||
userSession.checkComponentUuidPermission(UserRole.ADMIN, projectOrModule.projectUuid()); | |||
dbClient.resourceKeyUpdaterDao().updateKey(projectOrModule.getId(), newKey); | |||
session.commit(); | |||
@@ -123,7 +123,7 @@ public class ComponentService { | |||
DbSession session = dbClient.openSession(false); | |||
try { | |||
ComponentDto project = getByKey(projectKey); | |||
userSession.checkProjectUuidPermission(UserRole.ADMIN, project.projectUuid()); | |||
userSession.checkComponentUuidPermission(UserRole.ADMIN, project.projectUuid()); | |||
return dbClient.resourceKeyUpdaterDao().checkModuleKeysBeforeRenaming(project.getId(), stringToReplace, replacementString); | |||
} finally { | |||
session.close(); | |||
@@ -135,7 +135,7 @@ public class ComponentService { | |||
DbSession session = dbClient.openSession(true); | |||
try { | |||
ComponentDto project = getByKey(session, projectKey); | |||
userSession.checkProjectUuidPermission(UserRole.ADMIN, project.projectUuid()); | |||
userSession.checkComponentUuidPermission(UserRole.ADMIN, project.projectUuid()); | |||
dbClient.resourceKeyUpdaterDao().bulkUpdateKey(session, project.getId(), stringToReplace, replacementString); | |||
session.commit(); | |||
} finally { | |||
@@ -144,7 +144,7 @@ public class ComponentService { | |||
} | |||
public ComponentDto create(NewComponent newComponent) { | |||
userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); | |||
userSession.checkPermission(GlobalPermissions.PROVISIONING); | |||
DbSession session = dbClient.openSession(false); | |||
try { | |||
@@ -155,7 +155,7 @@ public class ComponentService { | |||
} | |||
public ComponentDto create(DbSession session, NewComponent newComponent) { | |||
userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); | |||
userSession.checkPermission(GlobalPermissions.PROVISIONING); | |||
checkKeyFormat(newComponent.qualifier(), newComponent.key()); | |||
ComponentDto project = createProject(session, newComponent); | |||
removeDuplicatedProjects(session, project.getKey()); |
@@ -100,7 +100,7 @@ public class SearchAction implements ComponentsWsAction { | |||
} | |||
private SearchWsResponse doHandle(SearchWsRequest request) { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
List<String> qualifiers = request.getQualifiers(); | |||
validateQualifiers(qualifiers); |
@@ -97,7 +97,7 @@ public class SearchViewComponentsAction implements RequestHandler { | |||
DbSession session = dbClient.openSession(false); | |||
try { | |||
ComponentDto componentDto = componentFinder.getByUuid(session, componentUuid); | |||
userSession.checkProjectUuidPermission(UserRole.USER, componentDto.projectUuid()); | |||
userSession.checkComponentUuidPermission(UserRole.USER, componentDto.projectUuid()); | |||
Set<Long> projectIds = newLinkedHashSet(dbClient.componentIndexDao().selectProjectIdsFromQueryAndViewOrSubViewUuid(session, query, componentDto.uuid())); | |||
Collection<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(session, projectIds, userSession.getUserId(), UserRole.USER); |
@@ -143,9 +143,9 @@ public class ShowAction implements ComponentsWsAction { | |||
private ComponentDto getComponentByUuidOrKey(DbSession dbSession, ShowWsRequest request) { | |||
ComponentDto component = componentFinder.getByUuidOrKey(dbSession, request.getId(), request.getKey(), ParamNames.ID_AND_KEY); | |||
String projectUuid = firstNonNull(component.projectUuid(), component.uuid()); | |||
if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) && | |||
!userSession.hasProjectPermissionByUuid(UserRole.ADMIN, projectUuid) && | |||
!userSession.hasProjectPermissionByUuid(UserRole.USER, projectUuid)) { | |||
if (!userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) && | |||
!userSession.hasComponentUuidPermission(UserRole.ADMIN, projectUuid) && | |||
!userSession.hasComponentUuidPermission(UserRole.USER, projectUuid)) { | |||
throw insufficientPrivilegesException(); | |||
} | |||
return component; |
@@ -164,9 +164,9 @@ public class TreeAction implements ComponentsWsAction { | |||
private void checkPermissions(ComponentDto baseComponent) { | |||
String projectUuid = firstNonNull(baseComponent.projectUuid(), baseComponent.uuid()); | |||
if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) && | |||
!userSession.hasProjectPermissionByUuid(UserRole.ADMIN, projectUuid) && | |||
!userSession.hasProjectPermissionByUuid(UserRole.USER, projectUuid)) { | |||
if (!userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) && | |||
!userSession.hasComponentUuidPermission(UserRole.ADMIN, projectUuid) && | |||
!userSession.hasComponentUuidPermission(UserRole.USER, projectUuid)) { | |||
throw insufficientPrivilegesException(); | |||
} | |||
} |
@@ -55,7 +55,7 @@ public class ReportSubmitter { | |||
} | |||
public CeTask submit(String projectKey, @Nullable String projectBranch, @Nullable String projectName, InputStream reportInput) { | |||
userSession.checkGlobalPermission(GlobalPermissions.SCAN_EXECUTION); | |||
userSession.checkPermission(GlobalPermissions.SCAN_EXECUTION); | |||
String effectiveProjectKey = ComponentKeys.createKey(projectKey, projectBranch); | |||
ComponentDto project = componentService.getNullableByKey(effectiveProjectKey); |
@@ -173,7 +173,7 @@ public class ActivityAction implements CeWsAction { | |||
throw new ForbiddenException("Requires administration permission"); | |||
} | |||
} else { | |||
userSession.checkGlobalPermission(UserRole.ADMIN); | |||
userSession.checkPermission(UserRole.ADMIN); | |||
} | |||
} | |||
@@ -189,6 +189,6 @@ public class ActivityAction implements CeWsAction { | |||
} | |||
public static boolean isAllowedOnComponentUuid(UserSession userSession, String componentUuid) { | |||
return userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid); | |||
return userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid); | |||
} | |||
} |
@@ -57,7 +57,7 @@ public class CancelAction implements CeWsAction { | |||
@Override | |||
public void handle(Request wsRequest, Response wsResponse) { | |||
userSession.checkGlobalPermission(UserRole.ADMIN); | |||
userSession.checkPermission(UserRole.ADMIN); | |||
String taskId = wsRequest.mandatoryParam(PARAM_TASK_ID); | |||
queue.cancel(taskId); | |||
wsResponse.noContent(); |
@@ -48,7 +48,7 @@ public class CancelAllAction implements CeWsAction { | |||
@Override | |||
public void handle(Request wsRequest, Response wsResponse) { | |||
userSession.checkGlobalPermission(UserRole.ADMIN); | |||
userSession.checkPermission(UserRole.ADMIN); | |||
queue.cancelAll(); | |||
wsResponse.noContent(); | |||
} |
@@ -35,8 +35,8 @@ import org.sonar.db.ce.CeQueueDto; | |||
import org.sonar.server.computation.log.CeLogging; | |||
import org.sonar.server.computation.log.LogFileRef; | |||
import org.sonar.server.exceptions.NotFoundException; | |||
import org.sonarqube.ws.MediaTypes; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonarqube.ws.MediaTypes; | |||
import static java.lang.String.format; | |||
@@ -74,7 +74,7 @@ public class LogsAction implements CeWsAction { | |||
@Override | |||
public void handle(Request wsRequest, Response wsResponse) throws Exception { | |||
userSession.checkGlobalPermission(UserRole.ADMIN); | |||
userSession.checkPermission(UserRole.ADMIN); | |||
String taskUuid = wsRequest.mandatoryParam(PARAM_TASK_UUID); | |||
LogFileRef ref = loadLogRef(taskUuid); |
@@ -72,11 +72,11 @@ public class QueueAction implements CeWsAction { | |||
List<CeQueueDto> dtos; | |||
if (componentUuid == null) { | |||
// no filters | |||
userSession.checkGlobalPermission(UserRole.ADMIN); | |||
userSession.checkPermission(UserRole.ADMIN); | |||
dtos = dbClient.ceQueueDao().selectAllInAscOrder(dbSession); | |||
} else { | |||
// filter by component | |||
if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) { | |||
if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) { | |||
dtos = dbClient.ceQueueDao().selectByComponentUuid(dbSession, componentUuid); | |||
} else { | |||
throw new ForbiddenException("Requires system administration permission"); |
@@ -71,7 +71,7 @@ public class TaskAction implements CeWsAction { | |||
@Override | |||
public void handle(Request wsRequest, Response wsResponse) throws Exception { | |||
userSession.checkAnyGlobalPermissions(AUTHORIZED_PERMISSIONS); | |||
userSession.checkAnyPermissions(AUTHORIZED_PERMISSIONS); | |||
String taskUuid = wsRequest.mandatoryParam(PARAM_TASK_UUID); | |||
DbSession dbSession = dbClient.openSession(false); |
@@ -43,8 +43,8 @@ import org.sonar.api.utils.log.Loggers; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.MyBatis; | |||
import org.sonar.db.rule.RuleDto; | |||
import org.sonar.db.debt.CharacteristicDto; | |||
import org.sonar.db.rule.RuleDto; | |||
import org.sonar.server.db.DbClient; | |||
import org.sonar.server.debt.DebtModelXMLExporter.DebtModel; | |||
import org.sonar.server.debt.DebtModelXMLExporter.RuleDebt; | |||
@@ -391,7 +391,7 @@ public class DebtModelBackup { | |||
} | |||
private void checkPermission() { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
} | |||
private static class RuleDtoMatchLanguage implements Predicate<RuleDto> { |
@@ -32,8 +32,8 @@ import org.sonar.api.utils.System2; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.MyBatis; | |||
import org.sonar.db.rule.RuleDto; | |||
import org.sonar.db.debt.CharacteristicDto; | |||
import org.sonar.db.rule.RuleDto; | |||
import org.sonar.server.db.DbClient; | |||
import org.sonar.server.debt.DebtPredicates.CharacteristicDtoMatchKey; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
@@ -250,7 +250,7 @@ public class DebtModelOperations { | |||
} | |||
private void checkPermission() { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
} | |||
private static DebtCharacteristic toCharacteristic(CharacteristicDto dto) { |
@@ -93,7 +93,7 @@ public class ActionService { | |||
} | |||
availableActions.add("plan"); | |||
String projectUuid = issue.projectUuid(); | |||
if (projectUuid != null && userSession.hasProjectPermissionByUuid(ISSUE_ADMIN, projectUuid)) { | |||
if (projectUuid != null && userSession.hasComponentUuidPermission(ISSUE_ADMIN, projectUuid)) { | |||
availableActions.add("set_severity"); | |||
} | |||
} |
@@ -49,12 +49,12 @@ import org.sonar.db.issue.IssueFilterDto; | |||
import org.sonar.server.es.SearchOptions; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.issue.actionplan.ActionPlanService; | |||
import org.sonarqube.ws.client.issue.IssueFilterParameters; | |||
import org.sonar.server.issue.filter.IssueFilterService; | |||
import org.sonar.server.search.QueryContext; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonar.server.util.RubyUtils; | |||
import org.sonar.server.util.Validation; | |||
import org.sonarqube.ws.client.issue.IssueFilterParameters; | |||
/** | |||
* Used through ruby code <pre>Internal.issues</pre> | |||
@@ -565,7 +565,7 @@ public class InternalRubyIssueService { | |||
} | |||
public boolean isUserIssueAdmin(String projectUuid) { | |||
return userSession.hasProjectPermissionByUuid(UserRole.ISSUE_ADMIN, projectUuid); | |||
return userSession.hasComponentUuidPermission(UserRole.ISSUE_ADMIN, projectUuid); | |||
} | |||
private enum MatchIssueFilterParameters implements Predicate<Map.Entry<String, Object>> { |
@@ -341,7 +341,7 @@ public class IssueQueryService { | |||
private void addViewsOrSubViews(IssueQuery.Builder builder, Collection<String> componentUuids, String uniqueQualifier) { | |||
List<String> filteredViewUuids = newArrayList(); | |||
for (String viewUuid : componentUuids) { | |||
if ((Qualifiers.VIEW.equals(uniqueQualifier) && userSession.hasProjectPermissionByUuid(UserRole.USER, viewUuid)) | |||
if ((Qualifiers.VIEW.equals(uniqueQualifier) && userSession.hasComponentUuidPermission(UserRole.USER, viewUuid)) | |||
|| (Qualifiers.SUBVIEW.equals(uniqueQualifier) && userSession.hasComponentUuidPermission(UserRole.USER, viewUuid))) { | |||
filteredViewUuids.add(viewUuid); | |||
} |
@@ -136,7 +136,7 @@ public class IssueService { | |||
for (Transition transition : outTransitions) { | |||
String projectUuid = issue.projectUuid(); | |||
if (userSession.isLoggedIn() && StringUtils.isBlank(transition.requiredProjectPermission()) || | |||
(projectUuid != null && userSession.hasProjectPermissionByUuid(transition.requiredProjectPermission(), projectUuid))) { | |||
(projectUuid != null && userSession.hasComponentUuidPermission(transition.requiredProjectPermission(), projectUuid))) { | |||
allowedTransitions.add(transition); | |||
} | |||
} | |||
@@ -166,7 +166,7 @@ public class IssueService { | |||
for (Transition transition : outTransitions) { | |||
String projectKey = defaultIssue.projectKey(); | |||
if (transition.key().equals(transitionKey) && StringUtils.isNotBlank(transition.requiredProjectPermission()) && projectKey != null) { | |||
userSession.checkProjectPermission(transition.requiredProjectPermission(), projectKey); | |||
userSession.checkComponentPermission(transition.requiredProjectPermission(), projectKey); | |||
} | |||
} | |||
} | |||
@@ -226,7 +226,7 @@ public class IssueService { | |||
DbSession session = dbClient.openSession(false); | |||
try { | |||
DefaultIssue issue = getByKeyForUpdate(session, issueKey).toDefaultIssue(); | |||
userSession.checkProjectPermission(UserRole.ISSUE_ADMIN, issue.projectKey()); | |||
userSession.checkComponentPermission(UserRole.ISSUE_ADMIN, issue.projectKey()); | |||
IssueChangeContext context = IssueChangeContext.createUser(new Date(), userSession.getLogin()); | |||
if (issueUpdater.setManualSeverity(issue, severity, context)) { | |||
@@ -250,7 +250,7 @@ public class IssueService { | |||
ComponentDto component = componentOptional.get(); | |||
ComponentDto project = dbClient.componentDao().selectOrFailByUuid(dbSession, component.projectUuid()); | |||
userSession.checkProjectPermission(UserRole.USER, project.getKey()); | |||
userSession.checkComponentPermission(UserRole.USER, project.getKey()); | |||
if (!ruleKey.isManual()) { | |||
throw new IllegalArgumentException("Issues can be created only on rules marked as 'manual': " + ruleKey); | |||
} |
@@ -52,7 +52,7 @@ public class SetSeverityAction extends Action { | |||
} | |||
private boolean isCurrentUserIssueAdmin(String projectKey) { | |||
return userSession.hasProjectPermission(UserRole.ISSUE_ADMIN, projectKey); | |||
return userSession.hasComponentPermission(UserRole.ISSUE_ADMIN, projectKey); | |||
} | |||
@Override |
@@ -69,7 +69,7 @@ public class TransitionAction extends Action { | |||
public boolean apply(Transition input) { | |||
return input.key().equals(transition) && | |||
(StringUtils.isBlank(input.requiredProjectPermission()) || | |||
userSession.hasProjectPermission(input.requiredProjectPermission(), defaultIssue.projectKey())); | |||
userSession.hasComponentPermission(input.requiredProjectPermission(), defaultIssue.projectKey())); | |||
} | |||
}, null) != null; | |||
} |
@@ -34,6 +34,7 @@ import org.sonar.core.issue.DefaultActionPlan; | |||
import org.sonar.core.issue.DefaultIssue; | |||
import org.sonar.core.issue.IssueChangeContext; | |||
import org.sonar.core.issue.IssueUpdater; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.component.ResourceDao; | |||
import org.sonar.db.component.ResourceDto; | |||
@@ -43,7 +44,6 @@ import org.sonar.db.issue.ActionPlanDto; | |||
import org.sonar.db.issue.ActionPlanStatsDao; | |||
import org.sonar.db.issue.ActionPlanStatsDto; | |||
import org.sonar.db.issue.IssueDto; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.server.exceptions.NotFoundException; | |||
import org.sonar.server.issue.IssueStorage; | |||
import org.sonar.server.user.UserSession; | |||
@@ -188,11 +188,11 @@ public class ActionPlanService { | |||
} | |||
private static void checkUserCanAccessProject(String projectKey, UserSession userSession) { | |||
userSession.checkProjectPermission(UserRole.USER, projectKey); | |||
userSession.checkComponentPermission(UserRole.USER, projectKey); | |||
} | |||
private static void checkUserIsProjectAdministrator(String projectKey, UserSession userSession) { | |||
userSession.checkProjectPermission(UserRole.ADMIN, projectKey); | |||
userSession.checkComponentPermission(UserRole.ADMIN, projectKey); | |||
} | |||
private enum ToActionPlanStats implements Function<ActionPlanStatsDto, ActionPlanStats> { |
@@ -59,7 +59,7 @@ class IssueFilterJsonWriter { | |||
private static boolean canModifyFilter(UserSession userSession, IssueFilterDto filter) { | |||
return userSession.isLoggedIn() && | |||
(StringUtils.equals(filter.getUserLogin(), userSession.getLogin()) || userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)); | |||
(StringUtils.equals(filter.getUserLogin(), userSession.getLogin()) || userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)); | |||
} | |||
} |
@@ -95,10 +95,10 @@ public class CustomMeasureValidator { | |||
} | |||
public static void checkPermissions(UserSession userSession, ComponentDto component) { | |||
if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
return; | |||
} | |||
userSession.checkLoggedIn().checkProjectUuidPermission(UserRole.ADMIN, component.projectUuid()); | |||
userSession.checkLoggedIn().checkComponentUuidPermission(UserRole.ADMIN, component.projectUuid()); | |||
} | |||
} |
@@ -76,11 +76,11 @@ public class DeleteAction implements CustomMeasuresWsAction { | |||
} | |||
private void checkPermissions(DbSession dbSession, CustomMeasureDto customMeasure) { | |||
if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
return; | |||
} | |||
ComponentDto component = dbClient.componentDao().selectOrFailByUuid(dbSession, customMeasure.getComponentUuid()); | |||
userSession.checkLoggedIn().checkProjectUuidPermission(UserRole.ADMIN, component.projectUuid()); | |||
userSession.checkLoggedIn().checkComponentUuidPermission(UserRole.ADMIN, component.projectUuid()); | |||
} | |||
} |
@@ -98,7 +98,7 @@ public class CreateAction implements MetricsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
String key = request.mandatoryParam(PARAM_KEY); | |||
DbSession dbSession = dbClient.openSession(false); |
@@ -26,10 +26,10 @@ import javax.annotation.Nonnull; | |||
import org.sonar.api.server.ws.Request; | |||
import org.sonar.api.server.ws.Response; | |||
import org.sonar.api.server.ws.WebService; | |||
import org.sonar.db.metric.MetricDto; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.MyBatis; | |||
import org.sonar.db.metric.MetricDto; | |||
import org.sonar.server.db.DbClient; | |||
import org.sonar.server.ruby.RubyBridge; | |||
import org.sonar.server.user.UserSession; | |||
@@ -69,7 +69,7 @@ public class DeleteAction implements MetricsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { | |||
List<Integer> ids = loadIds(dbSession, request); |
@@ -100,7 +100,7 @@ public class UpdateAction implements MetricsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
int id = request.mandatoryParamAsInt(PARAM_ID); | |||
DbSession dbSession = dbClient.openSession(false); |
@@ -34,20 +34,20 @@ public class PermissionPrivilegeChecker { | |||
public static void checkGlobalAdminUser(UserSession userSession) { | |||
userSession | |||
.checkLoggedIn() | |||
.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
} | |||
public static void checkProjectAdminUserByComponentKey(UserSession userSession, @Nullable String componentKey) { | |||
userSession.checkLoggedIn(); | |||
if (componentKey == null || !userSession.hasProjectPermission(UserRole.ADMIN, componentKey)) { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
if (componentKey == null || !userSession.hasComponentPermission(UserRole.ADMIN, componentKey)) { | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
} | |||
} | |||
public static void checkProjectAdminUserByComponentUuid(UserSession userSession, @Nullable String componentUuid) { | |||
userSession.checkLoggedIn(); | |||
if (componentUuid == null || !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, componentUuid)) { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
if (componentUuid == null || !userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) { | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
} | |||
} | |||
@@ -72,7 +72,7 @@ public class PermissionService { | |||
if (provisioned == null) { | |||
checkProjectAdminUserByComponentKey(userSession, componentKey); | |||
} else { | |||
userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); | |||
userSession.checkPermission(GlobalPermissions.PROVISIONING); | |||
} | |||
permissionRepository.applyDefaultPermissionTemplate(session, component); | |||
session.commit(); |
@@ -59,7 +59,7 @@ public class ChangeLogLevelAction implements SystemWsAction { | |||
@Override | |||
public void handle(Request wsRequest, Response wsResponse) { | |||
userSession.checkGlobalPermission(UserRole.ADMIN); | |||
userSession.checkPermission(UserRole.ADMIN); | |||
LoggerLevel level = LoggerLevel.valueOf(wsRequest.mandatoryParam(PARAM_LEVEL)); | |||
db.enableSqlLogging(level.equals(LoggerLevel.TRACE)); | |||
logging.changeLevel(level); |
@@ -19,6 +19,7 @@ | |||
*/ | |||
package org.sonar.server.platform.ws; | |||
import java.util.Map; | |||
import org.sonar.api.server.ws.Request; | |||
import org.sonar.api.server.ws.Response; | |||
import org.sonar.api.server.ws.WebService; | |||
@@ -27,8 +28,6 @@ import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.server.platform.monitoring.Monitor; | |||
import org.sonar.server.user.UserSession; | |||
import java.util.Map; | |||
/** | |||
* Implementation of the {@code info} action for the System WebService. | |||
*/ | |||
@@ -55,7 +54,7 @@ public class InfoAction implements SystemWsAction { | |||
@Override | |||
public void handle(Request request, Response response) { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
JsonWriter json = response.newJsonWriter(); | |||
writeJson(json); | |||
json.close(); |
@@ -26,8 +26,8 @@ import org.sonar.api.server.ws.Response; | |||
import org.sonar.api.server.ws.WebService; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.server.platform.ServerLogging; | |||
import org.sonarqube.ws.MediaTypes; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonarqube.ws.MediaTypes; | |||
public class LogsAction implements SystemWsAction { | |||
@@ -50,7 +50,7 @@ public class LogsAction implements SystemWsAction { | |||
@Override | |||
public void handle(Request wsRequest, Response wsResponse) throws Exception { | |||
userSession.checkGlobalPermission(UserRole.ADMIN); | |||
userSession.checkPermission(UserRole.ADMIN); | |||
wsResponse.stream().setMediaType(MediaTypes.TXT); | |||
File file = serverLogging.getCurrentLogFile(); | |||
if (file.exists()) { |
@@ -52,7 +52,7 @@ public class CancelAllAction implements PluginsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
pluginDownloader.cancelDownloads(); | |||
pluginRepository.cancelUninstalls(); |
@@ -72,7 +72,7 @@ public class InstallAction implements PluginsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
String key = request.mandatoryParam(PARAM_KEY); | |||
PluginUpdate pluginUpdate = findAvailablePluginByKey(key); | |||
pluginDownloader.download(key, pluginUpdate.getRelease().getVersion()); |
@@ -59,7 +59,7 @@ public class UninstallAction implements PluginsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
String key = request.mandatoryParam(PARAM_KEY); | |||
ensurePluginIsInstalled(key); | |||
pluginRepository.uninstall(key); |
@@ -73,7 +73,7 @@ public class UpdateAction implements PluginsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
String key = request.mandatoryParam(PARAM_KEY); | |||
PluginUpdate pluginUpdate = findPluginUpdateByKey(key); | |||
pluginDownloader.download(key, pluginUpdate.getRelease().getVersion()); |
@@ -70,7 +70,7 @@ public class BulkDeleteAction implements ProjectsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkGlobalPermission(UserRole.ADMIN); | |||
userSession.checkPermission(UserRole.ADMIN); | |||
List<String> uuids = request.paramAsStrings(PARAM_IDS); | |||
List<String> keys = request.paramAsStrings(PARAM_KEYS); | |||
@@ -93,16 +93,16 @@ public class DeleteAction implements ProjectsWsAction { | |||
private void checkPermissions(@Nullable String uuid, @Nullable String key) { | |||
if (missPermissionsBasedOnUuid(uuid) || missPermissionsBasedOnKey(key)) { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
} | |||
} | |||
private boolean missPermissionsBasedOnKey(@Nullable String key) { | |||
return key != null && !userSession.hasProjectPermission(UserRole.ADMIN, key) && !userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
return key != null && !userSession.hasComponentPermission(UserRole.ADMIN, key) && !userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
} | |||
private boolean missPermissionsBasedOnUuid(@Nullable String uuid) { | |||
return uuid != null && !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, uuid) && !userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
return uuid != null && !userSession.hasComponentUuidPermission(UserRole.ADMIN, uuid) && !userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
} | |||
} |
@@ -67,7 +67,7 @@ public class GhostsAction implements ProjectsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkGlobalPermission(UserRole.ADMIN); | |||
userSession.checkPermission(UserRole.ADMIN); | |||
DbSession dbSession = dbClient.openSession(false); | |||
SearchOptions searchOptions = new SearchOptions() | |||
.setPage(request.mandatoryParamAsInt(Param.PAGE), |
@@ -67,7 +67,7 @@ public class ProvisionedAction implements ProjectsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); | |||
userSession.checkPermission(GlobalPermissions.PROVISIONING); | |||
SearchOptions options = new SearchOptions().setPage( | |||
request.mandatoryParamAsInt(Param.PAGE), | |||
request.mandatoryParamAsInt(Param.PAGE_SIZE) |
@@ -361,12 +361,12 @@ public class QualityGates { | |||
} | |||
private void checkPermission() { | |||
userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
} | |||
private void checkPermission(Long projectId, DbSession session) { | |||
ComponentDto project = componentDao.selectOrFailById(session, projectId); | |||
if (!userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, project.key())) { | |||
if (!userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasComponentPermission(UserRole.ADMIN, project.key())) { | |||
throw new ForbiddenException("Insufficient privileges"); | |||
} | |||
} |
@@ -134,6 +134,6 @@ public class ProjectStatusAction implements QGateWsAction { | |||
} | |||
private void checkScanOrAdminPermission() { | |||
userSession.checkAnyGlobalPermissions(newHashSet(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.SYSTEM_ADMIN)); | |||
userSession.checkAnyPermissions(newHashSet(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.SYSTEM_ADMIN)); | |||
} | |||
} |
@@ -122,11 +122,11 @@ public class QProfileProjectOperations { | |||
} | |||
private static void checkPermission(UserSession userSession) { | |||
userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
} | |||
private static void checkPermission(UserSession userSession, String projectKey) { | |||
if (!userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, projectKey)) { | |||
if (!userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasComponentPermission(UserRole.ADMIN, projectKey)) { | |||
throw new ForbiddenException("Insufficient privileges"); | |||
} | |||
} |
@@ -26,10 +26,8 @@ import java.io.Writer; | |||
import java.util.Collection; | |||
import java.util.List; | |||
import java.util.Map; | |||
import javax.annotation.CheckForNull; | |||
import javax.annotation.Nullable; | |||
import org.elasticsearch.action.search.SearchResponse; | |||
import org.elasticsearch.search.SearchHit; | |||
import org.sonar.api.server.ServerSide; | |||
@@ -211,7 +209,7 @@ public class QProfileService { | |||
private void verifyAdminPermission() { | |||
userSession.checkLoggedIn(); | |||
userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
} | |||
public Result<QProfileActivity> searchActivities(QProfileActivityQuery query, SearchOptions options) { |
@@ -26,8 +26,8 @@ import org.sonar.api.server.ws.Response; | |||
import org.sonar.api.server.ws.WebService.NewAction; | |||
import org.sonar.api.server.ws.WebService.NewController; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.server.qualityprofile.QProfileFactory; | |||
import org.sonar.server.qualityprofile.RuleActivator; | |||
import org.sonar.server.user.UserSession; | |||
@@ -80,7 +80,7 @@ public class ChangeParentAction implements QProfileWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
DbSession session = dbClient.openSession(false); | |||
try { |
@@ -66,7 +66,7 @@ public class CopyAction implements QProfileWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
String newName = request.mandatoryParam(PARAM_PROFILE_NAME); | |||
String profileKey = request.mandatoryParam(PARAM_PROFILE_KEY); |
@@ -34,12 +34,12 @@ import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.qualityprofile.QualityProfileDto; | |||
import org.sonar.server.component.ws.LanguageParamUtils; | |||
import org.sonarqube.ws.MediaTypes; | |||
import org.sonar.server.qualityprofile.QProfileExporters; | |||
import org.sonar.server.qualityprofile.QProfileFactory; | |||
import org.sonar.server.qualityprofile.QProfileName; | |||
import org.sonar.server.qualityprofile.QProfileResult; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonarqube.ws.MediaTypes; | |||
public class CreateAction implements QProfileWsAction { | |||
@@ -100,7 +100,7 @@ public class CreateAction implements QProfileWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
String name = request.mandatoryParam(PARAM_PROFILE_NAME); | |||
String language = request.mandatoryParam(PARAM_LANGUAGE); |
@@ -25,8 +25,8 @@ import org.sonar.api.server.ws.Response; | |||
import org.sonar.api.server.ws.WebService.NewAction; | |||
import org.sonar.api.server.ws.WebService.NewController; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.server.qualityprofile.QProfileFactory; | |||
import org.sonar.server.user.UserSession; | |||
@@ -59,7 +59,7 @@ public class DeleteAction implements QProfileWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn(); | |||
userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
DbSession session = dbClient.openSession(false); |
@@ -72,7 +72,7 @@ public class OldRestoreAction implements WsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
InputStream backup = request.paramAsInputStream(PARAM_BACKUP); | |||
InputStreamReader reader = null; | |||
@@ -61,7 +61,7 @@ public class RenameAction implements QProfileWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
String newName = request.mandatoryParam(PARAM_PROFILE_NAME); | |||
String profileKey = request.mandatoryParam(PARAM_PROFILE_KEY); |
@@ -20,6 +20,9 @@ | |||
package org.sonar.server.qualityprofile.ws; | |||
import com.google.common.base.Preconditions; | |||
import java.io.InputStream; | |||
import java.io.InputStreamReader; | |||
import java.nio.charset.StandardCharsets; | |||
import org.apache.commons.io.IOUtils; | |||
import org.sonar.api.resources.Language; | |||
import org.sonar.api.resources.Languages; | |||
@@ -33,10 +36,6 @@ import org.sonar.server.qualityprofile.BulkChangeResult; | |||
import org.sonar.server.qualityprofile.QProfileBackuper; | |||
import org.sonar.server.user.UserSession; | |||
import java.io.InputStream; | |||
import java.io.InputStreamReader; | |||
import java.nio.charset.StandardCharsets; | |||
public class RestoreAction implements QProfileWsAction { | |||
private static final String PARAM_BACKUP = "backup"; | |||
@@ -66,7 +65,7 @@ public class RestoreAction implements QProfileWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
InputStream backup = request.paramAsInputStream(PARAM_BACKUP); | |||
InputStreamReader reader = null; | |||
@@ -79,7 +79,7 @@ public class SetDefaultAction implements QProfileWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
String language = request.param(PARAM_LANGUAGE); | |||
String profileName = request.param(PARAM_PROFILE_NAME); |
@@ -30,8 +30,8 @@ import org.sonar.api.server.debt.internal.DefaultDebtRemediationFunction; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.MyBatis; | |||
import org.sonar.db.rule.RuleDto; | |||
import org.sonar.db.debt.CharacteristicDto; | |||
import org.sonar.db.rule.RuleDto; | |||
import org.sonar.server.db.DbClient; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.exceptions.NotFoundException; | |||
@@ -152,7 +152,7 @@ public class RuleOperations { | |||
private static void checkPermission(UserSession userSession) { | |||
userSession.checkLoggedIn(); | |||
userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
} | |||
public static class RuleChange { |
@@ -22,12 +22,10 @@ package org.sonar.server.rule; | |||
import java.util.Collection; | |||
import java.util.List; | |||
import java.util.Set; | |||
import javax.annotation.CheckForNull; | |||
import javax.annotation.Nullable; | |||
import org.sonar.api.server.ServerSide; | |||
import org.sonar.api.rule.RuleKey; | |||
import org.sonar.api.server.ServerSide; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.server.exceptions.NotFoundException; | |||
import org.sonar.server.rule.index.RuleIndex; | |||
@@ -115,6 +113,6 @@ public class RuleService { | |||
private void checkPermission() { | |||
userSession.checkLoggedIn(); | |||
userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
} | |||
} |
@@ -91,7 +91,7 @@ public class AppAction implements RulesWsAction { | |||
} | |||
private void addPermissions(JsonWriter json) { | |||
json.prop("canWrite", userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)); | |||
json.prop("canWrite", userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)); | |||
} | |||
private void addProfiles(JsonWriter json) { |
@@ -70,7 +70,7 @@ public class HashAction implements SourcesWsAction { | |||
try { | |||
final String componentKey = request.mandatoryParam("key"); | |||
final ComponentDto component = componentFinder.getByKey(session, componentKey); | |||
userSession.checkProjectUuidPermission(UserRole.USER, component.projectUuid()); | |||
userSession.checkComponentUuidPermission(UserRole.USER, component.projectUuid()); | |||
response.stream().setMediaType("text/plain"); | |||
OutputStreamWriter writer = new OutputStreamWriter(response.stream().output(), StandardCharsets.UTF_8); |
@@ -115,7 +115,7 @@ public class LinesAction implements SourcesWsAction { | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { | |||
ComponentDto file = componentFinder.getByUuidOrKey(dbSession, request.param(PARAM_UUID), request.param(PARAM_KEY), UUID_AND_KEY); | |||
userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
int from = request.mandatoryParamAsInt(PARAM_FROM); | |||
int to = Objects.firstNonNull(request.paramAsInt(PARAM_TO), Integer.MAX_VALUE); |
@@ -70,7 +70,7 @@ public class RawAction implements SourcesWsAction { | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { | |||
ComponentDto file = componentFinder.getByKey(dbSession, fileKey); | |||
userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
Optional<Iterable<String>> lines = sourceService.getLinesAsRawText(dbSession, file.uuid(), 1, Integer.MAX_VALUE); | |||
response.stream().setMediaType("text/plain"); |
@@ -104,7 +104,7 @@ public class ScmAction implements SourcesWsAction { | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { | |||
ComponentDto file = componentFinder.getByKey(dbSession, fileKey); | |||
userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
Optional<Iterable<DbFileSources.Line>> sourceLines = sourceService.getLines(dbSession, file.uuid(), from, to); | |||
if (!sourceLines.isPresent()) { | |||
throw new NotFoundException(String.format("File '%s' has no sources", fileKey)); |
@@ -89,7 +89,7 @@ public class ShowAction implements SourcesWsAction { | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { | |||
ComponentDto file = componentFinder.getByKey(dbSession, fileKey); | |||
userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
Optional<Iterable<String>> linesHtml = sourceService.getLinesAsHtml(dbSession, file.uuid(), from, to); | |||
if (linesHtml.isPresent()) { |
@@ -22,14 +22,14 @@ package org.sonar.server.test; | |||
import com.google.common.collect.Maps; | |||
import java.util.Map; | |||
import javax.annotation.CheckForNull; | |||
import org.sonar.api.server.ServerSide; | |||
import org.sonar.api.measures.CoreMetrics; | |||
import org.sonar.api.server.ServerSide; | |||
import org.sonar.api.utils.KeyValueFormat; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.db.measure.MeasureDto; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.MyBatis; | |||
import org.sonar.db.measure.MeasureDao; | |||
import org.sonar.db.measure.MeasureDto; | |||
import org.sonar.server.user.UserSession; | |||
@ServerSide |
@@ -236,6 +236,6 @@ public class ListAction implements TestsWsAction { | |||
private void checkComponentUuidPermission(DbSession dbSession, String componentUuid) { | |||
ComponentDto component = dbClient.componentDao().selectOrFailByUuid(dbSession, componentUuid); | |||
userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, component.projectUuid()); | |||
userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, component.projectUuid()); | |||
} | |||
} |
@@ -278,7 +278,7 @@ public class ViewProxy<V extends View> implements Comparable<ViewProxy> { | |||
public boolean isUserAuthorized() { | |||
boolean authorized = userRoles.length == 0; | |||
for (String userRole : getUserRoles()) { | |||
authorized |= userSession.hasGlobalPermission(userRole); | |||
authorized |= userSession.hasPermission(userRole); | |||
} | |||
return authorized; | |||
} | |||
@@ -286,7 +286,7 @@ public class ViewProxy<V extends View> implements Comparable<ViewProxy> { | |||
public boolean isUserAuthorized(ComponentDto component) { | |||
boolean authorized = userRoles.length == 0; | |||
for (String userRole : getUserRoles()) { | |||
authorized |= userSession.hasProjectPermissionByUuid(userRole, component.uuid()); | |||
authorized |= userSession.hasComponentUuidPermission(userRole, component.uuid()); | |||
} | |||
return authorized; | |||
} |
@@ -112,7 +112,7 @@ public class ComponentNavigationAction implements NavigationWsAction { | |||
try { | |||
ComponentDto component = componentFinder.getByKey(session, componentKey); | |||
userSession.checkProjectUuidPermission(UserRole.USER, component.projectUuid()); | |||
userSession.checkComponentUuidPermission(UserRole.USER, component.projectUuid()); | |||
SnapshotDto snapshot = dbClient.snapshotDao().selectLastSnapshotByComponentId(session, component.getId()); | |||
@@ -120,7 +120,7 @@ public class ComponentNavigationAction implements NavigationWsAction { | |||
json.beginObject(); | |||
writeComponent(json, session, component, snapshot, userSession); | |||
if (userSession.hasProjectPermissionByUuid(UserRole.ADMIN, component.projectUuid()) || userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)) { | |||
if (userSession.hasComponentUuidPermission(UserRole.ADMIN, component.projectUuid()) || userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)) { | |||
writeConfiguration(json, component, userSession); | |||
} | |||
@@ -210,7 +210,7 @@ public class ComponentNavigationAction implements NavigationWsAction { | |||
} | |||
private void writeConfiguration(JsonWriter json, ComponentDto component, UserSession userSession) { | |||
boolean isAdmin = userSession.hasProjectPermissionByUuid(UserRole.ADMIN, component.projectUuid()); | |||
boolean isAdmin = userSession.hasComponentUuidPermission(UserRole.ADMIN, component.projectUuid()); | |||
Locale locale = userSession.locale(); | |||
json.name("configuration").beginObject(); |
@@ -63,11 +63,11 @@ public class SettingsNavigationAction implements NavigationWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
boolean isAdmin = userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
boolean isAdmin = userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
JsonWriter json = response.newJsonWriter().beginObject(); | |||
json.prop("showUpdateCenter", isAdmin && settings.getBoolean(UpdateCenterClient.ACTIVATION_PROPERTY)); | |||
json.prop("showProvisioning", userSession.hasGlobalPermission(GlobalPermissions.PROVISIONING)); | |||
json.prop("showProvisioning", userSession.hasPermission(GlobalPermissions.PROVISIONING)); | |||
json.name("extensions").beginArray(); | |||
if (isAdmin) { |
@@ -130,20 +130,15 @@ public abstract class AbstractUserSession<T extends AbstractUserSession> impleme | |||
} | |||
@Override | |||
public UserSession checkGlobalPermission(String globalPermission) { | |||
return checkGlobalPermission(globalPermission, null); | |||
} | |||
@Override | |||
public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) { | |||
if (!hasGlobalPermission(globalPermission)) { | |||
throw new ForbiddenException(errorMessage != null ? errorMessage : INSUFFICIENT_PRIVILEGES_MESSAGE); | |||
public UserSession checkPermission(String globalPermission) { | |||
if (!hasPermission(globalPermission)) { | |||
throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); | |||
} | |||
return this; | |||
} | |||
@Override | |||
public UserSession checkAnyGlobalPermissions(Collection<String> globalPermissionsToTest) { | |||
public UserSession checkAnyPermissions(Collection<String> globalPermissionsToTest) { | |||
List<String> userGlobalPermissions = globalPermissions(); | |||
for (String userGlobalPermission : userGlobalPermissions) { | |||
if (globalPermissionsToTest.contains(userGlobalPermission)) { | |||
@@ -155,26 +150,10 @@ public abstract class AbstractUserSession<T extends AbstractUserSession> impleme | |||
} | |||
@Override | |||
public boolean hasGlobalPermission(String globalPermission) { | |||
public boolean hasPermission(String globalPermission) { | |||
return globalPermissions().contains(globalPermission); | |||
} | |||
@Override | |||
public UserSession checkProjectPermission(String projectPermission, String projectKey) { | |||
if (!hasProjectPermission(projectPermission, projectKey)) { | |||
throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); | |||
} | |||
return this; | |||
} | |||
@Override | |||
public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) { | |||
if (!hasProjectPermissionByUuid(projectPermission, projectUuid)) { | |||
throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); | |||
} | |||
return this; | |||
} | |||
@Override | |||
public UserSession checkComponentPermission(String projectPermission, String componentKey) { | |||
if (!hasComponentPermission(projectPermission, componentKey)) { |
@@ -34,16 +34,6 @@ public final class AnonymousUserSession extends AbstractUserSession<AnonymousUse | |||
return Collections.emptyList(); | |||
} | |||
@Override | |||
public boolean hasProjectPermission(String permission, String projectKey) { | |||
return false; | |||
} | |||
@Override | |||
public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
return false; | |||
} | |||
@Override | |||
public boolean hasComponentPermission(String permission, String componentKey) { | |||
return false; |
@@ -21,6 +21,9 @@ package org.sonar.server.user; | |||
import com.google.common.base.Objects; | |||
import com.google.common.base.Strings; | |||
import java.util.List; | |||
import java.util.Map; | |||
import javax.annotation.CheckForNull; | |||
import org.sonar.api.user.RubyUserService; | |||
import org.sonar.api.user.User; | |||
import org.sonar.api.user.UserFinder; | |||
@@ -31,11 +34,6 @@ import org.sonar.server.user.index.UserDoc; | |||
import org.sonar.server.user.index.UserIndex; | |||
import org.sonar.server.util.RubyUtils; | |||
import javax.annotation.CheckForNull; | |||
import java.util.List; | |||
import java.util.Map; | |||
public class DefaultUserService implements RubyUserService { | |||
private final UserIndex userIndex; | |||
@@ -110,7 +108,7 @@ public class DefaultUserService implements RubyUserService { | |||
if (Strings.isNullOrEmpty(login)) { | |||
throw new BadRequestException("Login is missing"); | |||
} | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
if (Objects.equal(userSession.getLogin(), login)) { | |||
throw new BadRequestException("Self-deactivation is not possible"); | |||
} |
@@ -21,9 +21,8 @@ package org.sonar.server.user; | |||
import java.util.Collections; | |||
import java.util.List; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import java.util.Locale; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
/** | |||
* Allow code to be executed with the highest privileges possible, as if executed by a {@link GlobalPermissions#SYSTEM_ADMIN} account. | |||
@@ -72,7 +71,7 @@ public final class DoPrivileged { | |||
} | |||
@Override | |||
public boolean hasGlobalPermission(String globalPermission) { | |||
public boolean hasPermission(String globalPermission) { | |||
return true; | |||
} | |||
@@ -81,16 +80,6 @@ public final class DoPrivileged { | |||
return Collections.emptyList(); | |||
} | |||
@Override | |||
public boolean hasProjectPermission(String permission, String projectKey) { | |||
return true; | |||
} | |||
@Override | |||
public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
return true; | |||
} | |||
@Override | |||
public boolean hasComponentPermission(String permission, String componentKey) { | |||
return true; |
@@ -24,9 +24,6 @@ import java.util.Collection; | |||
import java.util.List; | |||
import java.util.Map; | |||
import org.sonar.api.security.DefaultGroups; | |||
import org.sonar.api.utils.log.Logger; | |||
import org.sonar.api.utils.log.Loggers; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.component.ResourceDao; | |||
import org.sonar.db.component.ResourceDto; | |||
import org.sonar.db.user.AuthorizationDao; | |||
@@ -38,9 +35,7 @@ import static com.google.common.collect.Sets.newHashSet; | |||
* Part of the current HTTP session | |||
*/ | |||
public class ServerUserSession extends AbstractUserSession<ServerUserSession> | |||
implements UserSession { | |||
private static final Logger LOG = Loggers.get(ServerUserSession.class); | |||
implements UserSession { | |||
private Map<String, String> projectKeyByComponentKey = newHashMap(); | |||
@@ -63,18 +58,13 @@ public class ServerUserSession extends AbstractUserSession<ServerUserSession> | |||
List<String> permissionKeys = authorizationDao.selectGlobalPermissions(login); | |||
globalPermissions = new ArrayList<>(); | |||
for (String permissionKey : permissionKeys) { | |||
if (!GlobalPermissions.ALL.contains(permissionKey)) { | |||
LOG.warn("Ignoring unknown permission {} for user {}", permissionKey, login); | |||
} else { | |||
globalPermissions.add(permissionKey); | |||
} | |||
globalPermissions.add(permissionKey); | |||
} | |||
} | |||
return globalPermissions; | |||
} | |||
@Override | |||
public boolean hasProjectPermission(String permission, String projectKey) { | |||
private boolean hasProjectPermission(String permission, String projectKey) { | |||
if (!projectPermissionsCheckedByKey.contains(permission)) { | |||
Collection<String> projectKeys = authorizationDao.selectAuthorizedRootProjectsKeys(userId, permission); | |||
for (String key : projectKeys) { | |||
@@ -85,8 +75,8 @@ public class ServerUserSession extends AbstractUserSession<ServerUserSession> | |||
return projectKeyByPermission.get(permission).contains(projectKey); | |||
} | |||
@Override | |||
public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
// To keep private | |||
private boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
if (!projectPermissionsCheckedByUuid.contains(permission)) { | |||
Collection<String> projectUuids = authorizationDao.selectAuthorizedRootProjectsUuids(userId, permission); | |||
addProjectPermission(permission, projectUuids); | |||
@@ -103,6 +93,10 @@ public class ServerUserSession extends AbstractUserSession<ServerUserSession> | |||
@Override | |||
public boolean hasComponentPermission(String permission, String componentKey) { | |||
if (hasPermission(permission)) { | |||
return true; | |||
} | |||
String projectKey = projectKeyByComponentKey.get(componentKey); | |||
if (projectKey == null) { | |||
ResourceDto project = resourceDao.getRootProjectByComponentKey(componentKey); | |||
@@ -121,6 +115,10 @@ public class ServerUserSession extends AbstractUserSession<ServerUserSession> | |||
@Override | |||
public boolean hasComponentUuidPermission(String permission, String componentUuid) { | |||
if (hasPermission(permission)) { | |||
return true; | |||
} | |||
String projectUuid = projectUuidByComponentUuid.get(componentUuid); | |||
if (projectUuid == null) { | |||
ResourceDto project = resourceDao.selectResource(componentUuid); |
@@ -25,7 +25,6 @@ import java.util.List; | |||
import java.util.Locale; | |||
import java.util.Set; | |||
import javax.annotation.CheckForNull; | |||
import javax.annotation.Nullable; | |||
/** | |||
* Part of the current HTTP session | |||
@@ -89,23 +88,18 @@ public class ThreadLocalUserSession implements UserSession { | |||
} | |||
@Override | |||
public UserSession checkGlobalPermission(String globalPermission) { | |||
return get().checkGlobalPermission(globalPermission); | |||
public UserSession checkPermission(String globalPermission) { | |||
return get().checkPermission(globalPermission); | |||
} | |||
@Override | |||
public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) { | |||
return get().checkGlobalPermission(globalPermission, errorMessage); | |||
public UserSession checkAnyPermissions(Collection<String> globalPermissions) { | |||
return get().checkAnyPermissions(globalPermissions); | |||
} | |||
@Override | |||
public UserSession checkAnyGlobalPermissions(Collection<String> globalPermissions) { | |||
return get().checkAnyGlobalPermissions(globalPermissions); | |||
} | |||
@Override | |||
public boolean hasGlobalPermission(String globalPermission) { | |||
return get().hasGlobalPermission(globalPermission); | |||
public boolean hasPermission(String globalPermission) { | |||
return get().hasPermission(globalPermission); | |||
} | |||
@Override | |||
@@ -113,26 +107,6 @@ public class ThreadLocalUserSession implements UserSession { | |||
return get().globalPermissions(); | |||
} | |||
@Override | |||
public UserSession checkProjectPermission(String projectPermission, String projectKey) { | |||
return get().checkProjectPermission(projectPermission, projectKey); | |||
} | |||
@Override | |||
public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) { | |||
return get().checkProjectUuidPermission(projectPermission, projectUuid); | |||
} | |||
@Override | |||
public boolean hasProjectPermission(String permission, String projectKey) { | |||
return get().hasProjectPermission(permission, projectKey); | |||
} | |||
@Override | |||
public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
return get().hasProjectPermissionByUuid(permission, projectUuid); | |||
} | |||
@Override | |||
public UserSession checkComponentPermission(String projectPermission, String componentKey) { | |||
return get().checkComponentPermission(projectPermission, componentKey); |
@@ -24,7 +24,6 @@ import java.util.List; | |||
import java.util.Locale; | |||
import java.util.Set; | |||
import javax.annotation.CheckForNull; | |||
import javax.annotation.Nullable; | |||
public interface UserSession { | |||
@CheckForNull | |||
@@ -50,64 +49,48 @@ public interface UserSession { | |||
/** | |||
* Ensures that user implies the specified global permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
*/ | |||
UserSession checkGlobalPermission(String globalPermission); | |||
/** | |||
* Ensures that user implies the specified global permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException} with | |||
* the specified error message. | |||
*/ | |||
UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage); | |||
UserSession checkPermission(String globalPermission); | |||
/** | |||
* Ensures that user implies any of the specified global permissions, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException} with | |||
* the specified error message. | |||
*/ | |||
UserSession checkAnyGlobalPermissions(Collection<String> globalPermissions); | |||
UserSession checkAnyPermissions(Collection<String> globalPermissions); | |||
/** | |||
* Does the user have the given permission ? | |||
*/ | |||
boolean hasGlobalPermission(String globalPermission); | |||
boolean hasPermission(String globalPermission); | |||
List<String> globalPermissions(); | |||
/** | |||
* Ensures that user implies the specified project permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
*/ | |||
UserSession checkProjectPermission(String projectPermission, String projectKey); | |||
/** | |||
* Ensures that user implies the specified project permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
*/ | |||
UserSession checkProjectUuidPermission(String projectPermission, String projectUuid); | |||
/** | |||
* Does the user have the given project permission ? | |||
*/ | |||
boolean hasProjectPermission(String permission, String projectKey); | |||
/** | |||
* Does the user have the given project permission ? | |||
*/ | |||
boolean hasProjectPermissionByUuid(String permission, String projectUuid); | |||
/** | |||
* Ensures that user implies the specified project permission on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
* Ensures that user implies the specified permission globally or on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
* If the component doesn't exist and the user hasn't the global permission, throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
*/ | |||
UserSession checkComponentPermission(String projectPermission, String componentKey); | |||
/** | |||
* Ensures that user implies the specified component permission on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
* Ensures that user implies the specified component permission globally or on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
* If the component doesn't exist and the user hasn't the global permission, throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
*/ | |||
UserSession checkComponentUuidPermission(String permission, String componentUuid); | |||
/** | |||
* Does the user have the given project permission for a component key ? | |||
* Does the user have the given permission for a component key ? | |||
* | |||
* First, check if the user has the global permission (even if the component doesn't exist) | |||
* If not, check is the user has the permission on the project of the component | |||
* If the component doesn't exist, return false | |||
*/ | |||
boolean hasComponentPermission(String permission, String componentKey); | |||
/** | |||
* Does the user have the given project permission for a component uuid ? | |||
* First, check if the user has the global permission (even if the component doesn't exist) | |||
* If not, check is the user has the permission on the project of the component | |||
* If the component doesn't exist, return false | |||
*/ | |||
boolean hasComponentUuidPermission(String permission, String componentUuid); | |||
} |
@@ -76,7 +76,7 @@ public class ChangePasswordAction implements UsersWsAction { | |||
String previousPassword = request.mandatoryParam(PARAM_PREVIOUS_PASSWORD); | |||
userUpdater.checkCurrentPassword(login, previousPassword); | |||
} else { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
} | |||
String password = request.mandatoryParam(PARAM_PASSWORD); |
@@ -91,7 +91,7 @@ public class CreateAction implements UsersWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
String login = request.mandatoryParam(PARAM_LOGIN); | |||
String password = request.mandatoryParam(PARAM_PASSWORD); |
@@ -28,9 +28,9 @@ import org.sonar.api.server.ws.WebService; | |||
import org.sonar.api.server.ws.WebService.NewAction; | |||
import org.sonar.api.utils.text.JsonWriter; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.MyBatis; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonar.server.user.UserUpdater; | |||
@@ -71,7 +71,7 @@ public class DeactivateAction implements UsersWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
String login = request.mandatoryParam(PARAM_LOGIN); | |||
if (login.equals(userSession.getLogin())) { |
@@ -78,7 +78,7 @@ public class GroupsAction implements UsersWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
String login = request.mandatoryParam(PARAM_LOGIN); | |||
int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); |
@@ -27,9 +27,9 @@ import org.sonar.api.server.ws.Response; | |||
import org.sonar.api.server.ws.WebService; | |||
import org.sonar.api.utils.text.JsonWriter; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.MyBatis; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.server.user.UpdateUser; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonar.server.user.UserUpdater; | |||
@@ -89,7 +89,7 @@ public class UpdateAction implements UsersWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
String login = request.mandatoryParam(PARAM_LOGIN); | |||
UpdateUser updateUser = UpdateUser.create(login); |
@@ -76,7 +76,7 @@ public class UserJsonWriter { | |||
} | |||
private void writeGroupsIfNeeded(JsonWriter json, Collection<String> groups, @Nullable Collection<String> fields) { | |||
if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
json.name(FIELD_GROUPS).beginArray(); | |||
for (String groupName : groups) { | |||
json.value(groupName); |
@@ -68,7 +68,7 @@ public class AddUserAction implements UserGroupsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); | |||
String login = request.mandatoryParam(PARAM_LOGIN); |
@@ -70,7 +70,7 @@ public class CreateAction implements UserGroupsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
String name = request.mandatoryParam(PARAM_NAME); | |||
String description = request.param(PARAM_DESCRIPTION); |
@@ -67,7 +67,7 @@ public class DeleteAction implements UserGroupsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
WsGroupRef groupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); | |||
@@ -68,7 +68,7 @@ public class RemoveUserAction implements UserGroupsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); | |||
String login = request.mandatoryParam(PARAM_LOGIN); |
@@ -77,7 +77,7 @@ public class UpdateAction implements UserGroupsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
Long groupId = request.mandatoryParamAsLong(PARAM_ID); | |||
String name = request.param(PARAM_NAME); |
@@ -73,7 +73,7 @@ public class UsersAction implements UserGroupsWsAction { | |||
@Override | |||
public void handle(Request request, Response response) throws Exception { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); | |||
int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); |
@@ -85,7 +85,7 @@ public class GenerateAction implements UserTokensWsAction { | |||
} | |||
private WsUserTokens.GenerateWsResponse doHandle(GenerateWsRequest request) { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { |
@@ -68,7 +68,7 @@ public class RevokeAction implements UserTokensWsAction { | |||
} | |||
private void doHandle(RevokeWsRequest request) { | |||
userSession.checkLoggedIn().checkGlobalPermission(SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(SYSTEM_ADMIN); | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { |
@@ -70,7 +70,7 @@ public class SearchAction implements UserTokensWsAction { | |||
} | |||
private SearchWsResponse doHandle(SearchWsRequest request) { | |||
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { |
@@ -25,12 +25,12 @@ import org.junit.Before; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.sonar.api.issue.Issue; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.core.issue.DefaultIssue; | |||
import org.sonar.core.issue.IssueChangeContext; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.core.issue.IssueUpdater; | |||
import org.sonar.server.tester.UserSessionRule; | |||
import org.sonar.server.tester.AnonymousMockUserSession; | |||
import org.sonar.server.tester.UserSessionRule; | |||
import org.sonar.server.user.UserSession; | |||
import static com.google.common.collect.Maps.newHashMap; | |||
@@ -89,14 +89,14 @@ public class SetSeverityActionTest { | |||
@Test | |||
public void should_support_only_unresolved_issues() { | |||
when(userSessionMock.hasProjectPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); | |||
when(userSessionMock.hasComponentPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); | |||
assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(null))).isTrue(); | |||
assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(Issue.RESOLUTION_FIXED))).isFalse(); | |||
} | |||
@Test | |||
public void should_support_only_issues_with_issue_admin_permission() { | |||
when(userSessionMock.hasProjectPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); | |||
when(userSessionMock.hasComponentPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); | |||
assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(null))).isTrue(); | |||
assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar2").setResolution(null))).isFalse(); | |||
} |
@@ -88,10 +88,11 @@ public class ActionPlanServiceTest { | |||
@Mock | |||
IssueStorage issueStorage; | |||
String projectKey = "org.sonar.Sample"; | |||
static final String PROJECT_KEY = "org.sonar.Sample"; | |||
static final String PROJECT_UUID = "ABCD"; | |||
UserSession projectAdministratorUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.ADMIN, projectKey); | |||
UserSession projectUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.USER, projectKey); | |||
UserSession projectAdministratorUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.ADMIN, PROJECT_KEY); | |||
UserSession projectUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.USER, PROJECT_KEY); | |||
UserSession unauthorizedUserSession = new MockUserSession("nicolas").setName("Nicolas"); | |||
private ActionPlanService actionPlanService; | |||
@@ -105,7 +106,7 @@ public class ActionPlanServiceTest { | |||
@Test | |||
public void create() { | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setUuid(PROJECT_UUID).setId(1l)); | |||
ActionPlan actionPlan = DefaultActionPlan.create("Long term"); | |||
actionPlanService.create(actionPlan, projectAdministratorUserSession); | |||
@@ -114,7 +115,7 @@ public class ActionPlanServiceTest { | |||
@Test | |||
public void create_required_admin_role() { | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
ActionPlan actionPlan = DefaultActionPlan.create("Long term"); | |||
try { | |||
@@ -128,8 +129,8 @@ public class ActionPlanServiceTest { | |||
@Test | |||
public void set_status() { | |||
when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
ActionPlan result = actionPlanService.setStatus("ABCD", "CLOSED", projectAdministratorUserSession); | |||
verify(actionPlanDao).update(any(ActionPlanDto.class)); | |||
@@ -140,7 +141,7 @@ public class ActionPlanServiceTest { | |||
@Test | |||
public void update() { | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
ActionPlan actionPlan = DefaultActionPlan.create("Long term"); | |||
actionPlanService.update(actionPlan, projectAdministratorUserSession); | |||
@@ -149,16 +150,16 @@ public class ActionPlanServiceTest { | |||
@Test | |||
public void delete() { | |||
when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
actionPlanService.delete("ABCD", projectAdministratorUserSession); | |||
verify(actionPlanDao).delete("ABCD"); | |||
} | |||
@Test | |||
public void unplan_all_linked_issues_when_deleting_an_action_plan() { | |||
when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
IssueDto issueDto = new IssueDto().setId(100L).setStatus(Issue.STATUS_OPEN).setRuleKey("squid", "s100").setIssueCreationDate(new Date()); | |||
when(issueDao.selectByActionPlan(session, "ABCD")).thenReturn(newArrayList(issueDto)); | |||
@@ -173,8 +174,8 @@ public class ActionPlanServiceTest { | |||
@Test | |||
public void find_by_key() { | |||
when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
ActionPlan result = actionPlanService.findByKey("ABCD", projectUserSession); | |||
assertThat(result).isNotNull(); | |||
@@ -197,20 +198,20 @@ public class ActionPlanServiceTest { | |||
@Test | |||
public void find_open_by_project_key() { | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
when(actionPlanDao.selectOpenByProjectId(1l)).thenReturn(newArrayList(new ActionPlanDto().setKey("ABCD"))); | |||
Collection<ActionPlan> results = actionPlanService.findOpenByProjectKey(projectKey, projectUserSession); | |||
Collection<ActionPlan> results = actionPlanService.findOpenByProjectKey(PROJECT_KEY, projectUserSession); | |||
assertThat(results).hasSize(1); | |||
assertThat(results.iterator().next().key()).isEqualTo("ABCD"); | |||
} | |||
@Test | |||
public void find_open_by_project_key_required_user_role() { | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
when(actionPlanDao.selectOpenByProjectId(1l)).thenReturn(newArrayList(new ActionPlanDto().setKey("ABCD"))); | |||
try { | |||
actionPlanService.findOpenByProjectKey(projectKey, unauthorizedUserSession); | |||
actionPlanService.findOpenByProjectKey(PROJECT_KEY, unauthorizedUserSession); | |||
fail(); | |||
} catch (Exception e) { | |||
assertThat(e).isInstanceOf(ForbiddenException.class); | |||
@@ -226,10 +227,10 @@ public class ActionPlanServiceTest { | |||
@Test | |||
public void find_action_plan_stats() { | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setId(1L).setKey(projectKey)); | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setId(1L).setKey(PROJECT_KEY)); | |||
when(actionPlanStatsDao.selectByProjectId(1L)).thenReturn(newArrayList(new ActionPlanStatsDto())); | |||
Collection<ActionPlanStats> results = actionPlanService.findActionPlanStats(projectKey, projectUserSession); | |||
Collection<ActionPlanStats> results = actionPlanService.findActionPlanStats(PROJECT_KEY, projectUserSession); | |||
assertThat(results).hasSize(1); | |||
} | |||
@@ -237,7 +238,7 @@ public class ActionPlanServiceTest { | |||
public void throw_exception_if_project_not_found_when_find_open_action_plan_stats() { | |||
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(null); | |||
actionPlanService.findActionPlanStats(projectKey, projectUserSession); | |||
actionPlanService.findActionPlanStats(PROJECT_KEY, projectUserSession); | |||
} | |||
} |
@@ -99,12 +99,18 @@ public class MockUserSession extends AbstractUserSession<MockUserSession> implem | |||
public MockUserSession addProjectPermissions(String projectPermission, String... projectKeys) { | |||
this.projectPermissionsCheckedByKey.add(projectPermission); | |||
this.projectKeyByPermission.putAll(projectPermission, newArrayList(projectKeys)); | |||
for (String projectKey : projectKeys) { | |||
this.projectKeyByComponentKey.put(projectKey, projectKey); | |||
} | |||
return this; | |||
} | |||
public MockUserSession addProjectUuidPermissions(String projectPermission, String... projectUuids) { | |||
this.projectPermissionsCheckedByUuid.add(projectPermission); | |||
this.projectUuidByPermission.putAll(projectPermission, newArrayList(projectUuids)); | |||
for (String projectUuid : projectUuids) { | |||
this.projectUuidByComponentUuid.put(projectUuid, projectUuid); | |||
} | |||
return this; | |||
} | |||
@@ -129,25 +135,23 @@ public class MockUserSession extends AbstractUserSession<MockUserSession> implem | |||
return globalPermissions; | |||
} | |||
@Override | |||
public boolean hasProjectPermission(String permission, String projectKey) { | |||
return projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey); | |||
} | |||
@Override | |||
public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
return projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid); | |||
} | |||
@Override | |||
public boolean hasComponentPermission(String permission, String componentKey) { | |||
String projectKey = projectKeyByComponentKey.get(componentKey); | |||
return projectKey != null && hasProjectPermission(permission, projectKey); | |||
} | |||
private boolean hasProjectPermission(String permission, String projectKey) { | |||
return hasPermission(permission) || (projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey)); | |||
} | |||
@Override | |||
public boolean hasComponentUuidPermission(String permission, String componentUuid) { | |||
String projectUuid = projectUuidByComponentUuid.get(componentUuid); | |||
return projectUuid != null && hasProjectPermissionByUuid(permission, projectUuid); | |||
} | |||
private boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
return hasPermission(permission) || (projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid)); | |||
} | |||
} |
@@ -221,16 +221,6 @@ public class UserSessionRule implements TestRule, UserSession { | |||
return currentUserSession.globalPermissions(); | |||
} | |||
@Override | |||
public boolean hasProjectPermission(String permission, String projectKey) { | |||
return currentUserSession.hasProjectPermission(permission, projectKey); | |||
} | |||
@Override | |||
public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
return currentUserSession.hasProjectPermissionByUuid(permission, projectUuid); | |||
} | |||
@Override | |||
public boolean hasComponentPermission(String permission, String componentKey) { | |||
return currentUserSession.hasComponentPermission(permission, componentKey); | |||
@@ -280,33 +270,18 @@ public class UserSessionRule implements TestRule, UserSession { | |||
} | |||
@Override | |||
public UserSession checkGlobalPermission(String globalPermission) { | |||
return currentUserSession.checkGlobalPermission(globalPermission); | |||
} | |||
@Override | |||
public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) { | |||
return currentUserSession.checkGlobalPermission(globalPermission, errorMessage); | |||
} | |||
@Override | |||
public UserSession checkAnyGlobalPermissions(Collection<String> globalPermissions) { | |||
return currentUserSession.checkAnyGlobalPermissions(globalPermissions); | |||
} | |||
@Override | |||
public boolean hasGlobalPermission(String globalPermission) { | |||
return currentUserSession.hasGlobalPermission(globalPermission); | |||
public UserSession checkPermission(String globalPermission) { | |||
return currentUserSession.checkPermission(globalPermission); | |||
} | |||
@Override | |||
public UserSession checkProjectPermission(String projectPermission, String projectKey) { | |||
return currentUserSession.checkProjectPermission(projectPermission, projectKey); | |||
public UserSession checkAnyPermissions(Collection<String> globalPermissions) { | |||
return currentUserSession.checkAnyPermissions(globalPermissions); | |||
} | |||
@Override | |||
public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) { | |||
return currentUserSession.checkProjectUuidPermission(projectPermission, projectUuid); | |||
public boolean hasPermission(String globalPermission) { | |||
return currentUserSession.hasPermission(globalPermission); | |||
} | |||
@Override |
@@ -46,8 +46,8 @@ public class DoPrivilegedTest { | |||
// verify the session used inside Privileged task | |||
assertThat(catcher.userSession.isLoggedIn()).isFalse(); | |||
assertThat(catcher.userSession.hasGlobalPermission("any permission")).isTrue(); | |||
assertThat(catcher.userSession.hasProjectPermission("any permission", "any project")).isTrue(); | |||
assertThat(catcher.userSession.hasPermission("any permission")).isTrue(); | |||
assertThat(catcher.userSession.hasComponentPermission("any permission", "any project")).isTrue(); | |||
// verify session in place after task is done | |||
assertThat(threadLocalUserSession.get()).isSameAs(session); | |||
@@ -72,8 +72,8 @@ public class DoPrivilegedTest { | |||
// verify the session used inside Privileged task | |||
assertThat(catcher.userSession.isLoggedIn()).isFalse(); | |||
assertThat(catcher.userSession.hasGlobalPermission("any permission")).isTrue(); | |||
assertThat(catcher.userSession.hasProjectPermission("any permission", "any project")).isTrue(); | |||
assertThat(catcher.userSession.hasPermission("any permission")).isTrue(); | |||
assertThat(catcher.userSession.hasComponentPermission("any permission", "any project")).isTrue(); | |||
} | |||
} | |||
@@ -22,12 +22,12 @@ package org.sonar.server.user; | |||
import java.util.Arrays; | |||
import org.junit.Test; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.component.ComponentTesting; | |||
import org.sonar.db.component.ResourceDao; | |||
import org.sonar.db.component.ResourceDto; | |||
import org.sonar.db.user.AuthorizationDao; | |||
import org.sonar.db.component.ComponentTesting; | |||
import org.sonar.server.exceptions.ForbiddenException; | |||
import static com.google.common.collect.Lists.newArrayList; | |||
@@ -36,6 +36,12 @@ import static org.mockito.Mockito.mock; | |||
import static org.mockito.Mockito.when; | |||
public class ServerUserSessionTest { | |||
static final String LOGIN = "marius"; | |||
static final String PROJECT_KEY = "com.foo:Bar"; | |||
static final String PROJECT_UUID = "ABCD"; | |||
static final String FILE_KEY = "com.foo:Bar:BarFile.xoo"; | |||
static final String FILE_UUID = "BCDE"; | |||
AuthorizationDao authorizationDao = mock(AuthorizationDao.class); | |||
ResourceDao resourceDao = mock(ResourceDao.class); | |||
@@ -48,125 +54,118 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void has_global_permission() { | |||
UserSession session = newServerUserSession().setLogin("marius"); | |||
UserSession session = newServerUserSession().setLogin(LOGIN); | |||
when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
assertThat(session.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)).isTrue(); | |||
assertThat(session.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)).isTrue(); | |||
assertThat(session.hasGlobalPermission(GlobalPermissions.DASHBOARD_SHARING)).isFalse(); | |||
assertThat(session.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)).isTrue(); | |||
assertThat(session.hasPermission(GlobalPermissions.SYSTEM_ADMIN)).isTrue(); | |||
assertThat(session.hasPermission(GlobalPermissions.DASHBOARD_SHARING)).isFalse(); | |||
} | |||
@Test | |||
public void check_global_Permission_ok() { | |||
UserSession session = newServerUserSession().setLogin("marius"); | |||
UserSession session = newServerUserSession().setLogin(LOGIN); | |||
when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
session.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
session.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
} | |||
@Test(expected = ForbiddenException.class) | |||
public void check_global_Permission_ko() { | |||
UserSession session = newServerUserSession().setLogin("marius"); | |||
UserSession session = newServerUserSession().setLogin(LOGIN); | |||
when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
session.checkGlobalPermission(GlobalPermissions.DASHBOARD_SHARING); | |||
session.checkPermission(GlobalPermissions.DASHBOARD_SHARING); | |||
} | |||
@Test | |||
public void has_project_permission() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); | |||
assertThat(session.hasProjectPermission(UserRole.USER, "com.foo:Bar")).isTrue(); | |||
assertThat(session.hasProjectPermission(UserRole.CODEVIEWER, "com.foo:Bar")).isFalse(); | |||
assertThat(session.hasProjectPermission(UserRole.ADMIN, "com.foo:Bar")).isFalse(); | |||
} | |||
public void has_component_permission() { | |||
UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
@Test | |||
public void has_project_permission_by_uuid() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList("ABCD")); | |||
String componentKey = FILE_KEY; | |||
when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey)); | |||
when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(componentKey)); | |||
assertThat(session.hasProjectPermissionByUuid(UserRole.USER, "ABCD")).isTrue(); | |||
assertThat(session.hasProjectPermissionByUuid(UserRole.CODEVIEWER, "ABCD")).isFalse(); | |||
assertThat(session.hasProjectPermissionByUuid(UserRole.ADMIN, "ABCD")).isFalse(); | |||
assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue(); | |||
assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse(); | |||
assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse(); | |||
} | |||
@Test | |||
public void check_project_permission_ok() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); | |||
public void has_component_uuid_permission() { | |||
UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
session.checkProjectPermission(UserRole.USER, "com.foo:Bar"); | |||
} | |||
@Test(expected = ForbiddenException.class) | |||
public void check_project_permission_ko() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar2")); | |||
String componentUuid = FILE_UUID; | |||
when(resourceDao.selectResource(componentUuid)).thenReturn(new ResourceDto().setUuid(componentUuid).setProjectUuid(PROJECT_UUID)); | |||
when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_UUID)); | |||
session.checkProjectPermission(UserRole.USER, "com.foo:Bar"); | |||
assertThat(session.hasComponentUuidPermission(UserRole.USER, componentUuid)).isTrue(); | |||
assertThat(session.hasComponentUuidPermission(UserRole.CODEVIEWER, componentUuid)).isFalse(); | |||
assertThat(session.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)).isFalse(); | |||
} | |||
@Test | |||
public void check_project_uuid_permission_ok() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
public void has_component_permission_with_only_global_permission() { | |||
UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
ComponentDto project = ComponentTesting.newProjectDto(); | |||
when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); | |||
String componentKey = FILE_KEY; | |||
when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey)); | |||
when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER)); | |||
session.checkProjectUuidPermission(UserRole.USER, project.uuid()); | |||
assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue(); | |||
assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse(); | |||
assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse(); | |||
} | |||
@Test(expected = ForbiddenException.class) | |||
public void check_project_uuid_permission_ko() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
@Test | |||
public void has_component_uuid_permission_with_only_global_permission() { | |||
UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
ComponentDto project = ComponentTesting.newProjectDto(); | |||
when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); | |||
String componentUuid = FILE_UUID; | |||
when(resourceDao.selectResource(componentUuid)).thenReturn(new ResourceDto().setUuid(componentUuid).setProjectUuid(PROJECT_UUID)); | |||
when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER)); | |||
session.checkProjectUuidPermission(UserRole.USER, "another project"); | |||
assertThat(session.hasComponentUuidPermission(UserRole.USER, componentUuid)).isTrue(); | |||
assertThat(session.hasComponentUuidPermission(UserRole.CODEVIEWER, componentUuid)).isFalse(); | |||
assertThat(session.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)).isFalse(); | |||
} | |||
@Test | |||
public void has_component_permission() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
public void check_component_key_permission_ok() { | |||
UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
String componentKey = "com.foo:Bar:BarFile.xoo"; | |||
when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey)); | |||
when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(componentKey)); | |||
when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey(PROJECT_KEY)); | |||
when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_KEY)); | |||
assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue(); | |||
assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse(); | |||
assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse(); | |||
session.checkComponentPermission(UserRole.USER, FILE_KEY); | |||
} | |||
@Test | |||
public void check_component_key_permission_ok() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
public void check_component_key_permission_with_only_global_permission_ok() { | |||
UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(new ResourceDto().setKey("com.foo:Bar")); | |||
when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); | |||
when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey(PROJECT_KEY)); | |||
when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER)); | |||
session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo"); | |||
session.checkComponentPermission(UserRole.USER, FILE_KEY); | |||
} | |||
@Test(expected = ForbiddenException.class) | |||
public void check_component_key_permission_ko() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(new ResourceDto().setKey("com.foo:Bar2")); | |||
when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); | |||
when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey("com.foo:Bar2")); | |||
when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_KEY)); | |||
session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo"); | |||
session.checkComponentPermission(UserRole.USER, FILE_KEY); | |||
} | |||
@Test | |||
public void check_component_uuid_permission_ok() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
ComponentDto project = ComponentTesting.newProjectDto(); | |||
ComponentDto file = ComponentTesting.newFileDto(project, "file-uuid"); | |||
@@ -178,10 +177,9 @@ public class ServerUserSessionTest { | |||
@Test(expected = ForbiddenException.class) | |||
public void check_component_uuid_permission_ko() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
ComponentDto project = ComponentTesting.newProjectDto(); | |||
ComponentDto file = ComponentTesting.newFileDto(project, "file-uuid"); | |||
when(resourceDao.selectResource("file-uuid")).thenReturn(new ResourceDto().setProjectUuid(project.uuid())); | |||
when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); | |||
@@ -190,16 +188,16 @@ public class ServerUserSessionTest { | |||
@Test(expected = ForbiddenException.class) | |||
public void check_component_key_permission_when_project_not_found() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(null); | |||
when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(null); | |||
session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo"); | |||
session.checkComponentPermission(UserRole.USER, FILE_KEY); | |||
} | |||
@Test(expected = ForbiddenException.class) | |||
public void check_component_dto_permission_ko() { | |||
UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
ComponentDto project = ComponentTesting.newProjectDto(); | |||
when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); |