Browse Source
SONAR-7174 Check global or project permission for every project permission check
tags/5.4-M5
Julien Lancelot
8 years ago
97 changed files with 306 additions and 423 deletions
+ 3
- 3
server/sonar-server/src/main/java/org/sonar/server/batch/GlobalAction.java
View File
| @@ -32,8 +32,8 @@ import org.sonar.db.metric.MetricDto; | |||
| import org.sonar.db.property.PropertiesDao; | |||
| import org.sonar.db.property.PropertyDto; | |||
| import org.sonar.server.exceptions.ForbiddenException; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| import org.sonar.server.user.UserSession; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| public class GlobalAction implements BatchWsAction { | |||
| @@ -59,8 +59,8 @@ public class GlobalAction implements BatchWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION); | |||
| boolean hasPreviewPerm = userSession.hasGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
| boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION); | |||
| boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
| if (!hasPreviewPerm && !hasScanPerm) { | |||
| throw new ForbiddenException(Messages.NO_PERMISSION); | |||
| } | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/batch/IssuesAction.java
View File
| @@ -37,8 +37,8 @@ import org.sonar.db.component.ComponentDto; | |||
| import org.sonar.server.component.ComponentFinder; | |||
| import org.sonar.server.issue.index.IssueDoc; | |||
| import org.sonar.server.issue.index.IssueIndex; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| import org.sonar.server.user.UserSession; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| import static com.google.common.collect.Maps.newHashMap; | |||
| @@ -76,7 +76,7 @@ public class IssuesAction implements BatchWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
| userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
| final String moduleKey = request.mandatoryParam(PARAM_KEY); | |||
| response.stream().setMediaType(MediaTypes.PROTOBUF); | |||
+ 4
- 4
server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java
View File
| @@ -56,7 +56,7 @@ public class ProjectDataLoader { | |||
| } | |||
| public ProjectRepositories load(ProjectDataQuery query) { | |||
| boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION); | |||
| boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION); | |||
| checkPermission(query.isIssuesMode()); | |||
| DbSession session = dbClient.openSession(false); | |||
| @@ -66,7 +66,7 @@ public class ProjectDataLoader { | |||
| "Project or module with key '%s' is not found", query.getModuleKey()); | |||
| // Scan permission is enough to analyze all projects but preview permission is limited to projects user can access | |||
| if (query.isIssuesMode() && !userSession.hasProjectPermissionByUuid(UserRole.USER, module.projectUuid())) { | |||
| if (query.isIssuesMode() && !userSession.hasComponentUuidPermission(UserRole.USER, module.projectUuid())) { | |||
| throw new ForbiddenException("You're not authorized to access to project '" + module.name() + "', please contact your SonarQube administrator."); | |||
| } | |||
| @@ -181,8 +181,8 @@ public class ProjectDataLoader { | |||
| } | |||
| private void checkPermission(boolean preview) { | |||
| boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION); | |||
| boolean hasPreviewPerm = userSession.hasGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
| boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION); | |||
| boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
| if (!hasPreviewPerm && !hasScanPerm) { | |||
| throw new ForbiddenException(Messages.NO_PERMISSION); | |||
| } | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/batch/UsersAction.java
View File
| @@ -28,10 +28,10 @@ import org.sonar.api.server.ws.Response; | |||
| import org.sonar.api.server.ws.WebService; | |||
| import org.sonar.batch.protocol.input.BatchInput; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| import org.sonar.server.user.UserSession; | |||
| import org.sonar.server.user.index.UserDoc; | |||
| import org.sonar.server.user.index.UserIndex; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| public class UsersAction implements BatchWsAction { | |||
| @@ -63,7 +63,7 @@ public class UsersAction implements BatchWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
| userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION); | |||
| List<String> logins = request.mandatoryParamAsStrings(PARAM_LOGINS); | |||
| response.stream().setMediaType(MediaTypes.PROTOBUF); | |||
+ 5
- 5
server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java
View File
| @@ -109,7 +109,7 @@ public class ComponentService { | |||
| DbSession session = dbClient.openSession(false); | |||
| try { | |||
| ComponentDto projectOrModule = getByKey(session, projectOrModuleKey); | |||
| userSession.checkProjectUuidPermission(UserRole.ADMIN, projectOrModule.projectUuid()); | |||
| userSession.checkComponentUuidPermission(UserRole.ADMIN, projectOrModule.projectUuid()); | |||
| dbClient.resourceKeyUpdaterDao().updateKey(projectOrModule.getId(), newKey); | |||
| session.commit(); | |||
| @@ -123,7 +123,7 @@ public class ComponentService { | |||
| DbSession session = dbClient.openSession(false); | |||
| try { | |||
| ComponentDto project = getByKey(projectKey); | |||
| userSession.checkProjectUuidPermission(UserRole.ADMIN, project.projectUuid()); | |||
| userSession.checkComponentUuidPermission(UserRole.ADMIN, project.projectUuid()); | |||
| return dbClient.resourceKeyUpdaterDao().checkModuleKeysBeforeRenaming(project.getId(), stringToReplace, replacementString); | |||
| } finally { | |||
| session.close(); | |||
| @@ -135,7 +135,7 @@ public class ComponentService { | |||
| DbSession session = dbClient.openSession(true); | |||
| try { | |||
| ComponentDto project = getByKey(session, projectKey); | |||
| userSession.checkProjectUuidPermission(UserRole.ADMIN, project.projectUuid()); | |||
| userSession.checkComponentUuidPermission(UserRole.ADMIN, project.projectUuid()); | |||
| dbClient.resourceKeyUpdaterDao().bulkUpdateKey(session, project.getId(), stringToReplace, replacementString); | |||
| session.commit(); | |||
| } finally { | |||
| @@ -144,7 +144,7 @@ public class ComponentService { | |||
| } | |||
| public ComponentDto create(NewComponent newComponent) { | |||
| userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); | |||
| userSession.checkPermission(GlobalPermissions.PROVISIONING); | |||
| DbSession session = dbClient.openSession(false); | |||
| try { | |||
| @@ -155,7 +155,7 @@ public class ComponentService { | |||
| } | |||
| public ComponentDto create(DbSession session, NewComponent newComponent) { | |||
| userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); | |||
| userSession.checkPermission(GlobalPermissions.PROVISIONING); | |||
| checkKeyFormat(newComponent.qualifier(), newComponent.key()); | |||
| ComponentDto project = createProject(session, newComponent); | |||
| removeDuplicatedProjects(session, project.getKey()); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchAction.java
View File
| @@ -100,7 +100,7 @@ public class SearchAction implements ComponentsWsAction { | |||
| } | |||
| private SearchWsResponse doHandle(SearchWsRequest request) { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| List<String> qualifiers = request.getQualifiers(); | |||
| validateQualifiers(qualifiers); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchViewComponentsAction.java
View File
| @@ -97,7 +97,7 @@ public class SearchViewComponentsAction implements RequestHandler { | |||
| DbSession session = dbClient.openSession(false); | |||
| try { | |||
| ComponentDto componentDto = componentFinder.getByUuid(session, componentUuid); | |||
| userSession.checkProjectUuidPermission(UserRole.USER, componentDto.projectUuid()); | |||
| userSession.checkComponentUuidPermission(UserRole.USER, componentDto.projectUuid()); | |||
| Set<Long> projectIds = newLinkedHashSet(dbClient.componentIndexDao().selectProjectIdsFromQueryAndViewOrSubViewUuid(session, query, componentDto.uuid())); | |||
| Collection<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(session, projectIds, userSession.getUserId(), UserRole.USER); | |||
+ 3
- 3
server/sonar-server/src/main/java/org/sonar/server/component/ws/ShowAction.java
View File
| @@ -143,9 +143,9 @@ public class ShowAction implements ComponentsWsAction { | |||
| private ComponentDto getComponentByUuidOrKey(DbSession dbSession, ShowWsRequest request) { | |||
| ComponentDto component = componentFinder.getByUuidOrKey(dbSession, request.getId(), request.getKey(), ParamNames.ID_AND_KEY); | |||
| String projectUuid = firstNonNull(component.projectUuid(), component.uuid()); | |||
| if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) && | |||
| !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, projectUuid) && | |||
| !userSession.hasProjectPermissionByUuid(UserRole.USER, projectUuid)) { | |||
| if (!userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) && | |||
| !userSession.hasComponentUuidPermission(UserRole.ADMIN, projectUuid) && | |||
| !userSession.hasComponentUuidPermission(UserRole.USER, projectUuid)) { | |||
| throw insufficientPrivilegesException(); | |||
| } | |||
| return component; | |||
+ 3
- 3
server/sonar-server/src/main/java/org/sonar/server/component/ws/TreeAction.java
View File
| @@ -164,9 +164,9 @@ public class TreeAction implements ComponentsWsAction { | |||
| private void checkPermissions(ComponentDto baseComponent) { | |||
| String projectUuid = firstNonNull(baseComponent.projectUuid(), baseComponent.uuid()); | |||
| if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) && | |||
| !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, projectUuid) && | |||
| !userSession.hasProjectPermissionByUuid(UserRole.USER, projectUuid)) { | |||
| if (!userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) && | |||
| !userSession.hasComponentUuidPermission(UserRole.ADMIN, projectUuid) && | |||
| !userSession.hasComponentUuidPermission(UserRole.USER, projectUuid)) { | |||
| throw insufficientPrivilegesException(); | |||
| } | |||
| } | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/computation/queue/report/ReportSubmitter.java
View File
| @@ -55,7 +55,7 @@ public class ReportSubmitter { | |||
| } | |||
| public CeTask submit(String projectKey, @Nullable String projectBranch, @Nullable String projectName, InputStream reportInput) { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SCAN_EXECUTION); | |||
| userSession.checkPermission(GlobalPermissions.SCAN_EXECUTION); | |||
| String effectiveProjectKey = ComponentKeys.createKey(projectKey, projectBranch); | |||
| ComponentDto project = componentService.getNullableByKey(effectiveProjectKey); | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/computation/ws/ActivityAction.java
View File
| @@ -173,7 +173,7 @@ public class ActivityAction implements CeWsAction { | |||
| throw new ForbiddenException("Requires administration permission"); | |||
| } | |||
| } else { | |||
| userSession.checkGlobalPermission(UserRole.ADMIN); | |||
| userSession.checkPermission(UserRole.ADMIN); | |||
| } | |||
| } | |||
| @@ -189,6 +189,6 @@ public class ActivityAction implements CeWsAction { | |||
| } | |||
| public static boolean isAllowedOnComponentUuid(UserSession userSession, String componentUuid) { | |||
| return userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid); | |||
| return userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid); | |||
| } | |||
| } | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/computation/ws/CancelAction.java
View File
| @@ -57,7 +57,7 @@ public class CancelAction implements CeWsAction { | |||
| @Override | |||
| public void handle(Request wsRequest, Response wsResponse) { | |||
| userSession.checkGlobalPermission(UserRole.ADMIN); | |||
| userSession.checkPermission(UserRole.ADMIN); | |||
| String taskId = wsRequest.mandatoryParam(PARAM_TASK_ID); | |||
| queue.cancel(taskId); | |||
| wsResponse.noContent(); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/computation/ws/CancelAllAction.java
View File
| @@ -48,7 +48,7 @@ public class CancelAllAction implements CeWsAction { | |||
| @Override | |||
| public void handle(Request wsRequest, Response wsResponse) { | |||
| userSession.checkGlobalPermission(UserRole.ADMIN); | |||
| userSession.checkPermission(UserRole.ADMIN); | |||
| queue.cancelAll(); | |||
| wsResponse.noContent(); | |||
| } | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/computation/ws/LogsAction.java
View File
| @@ -35,8 +35,8 @@ import org.sonar.db.ce.CeQueueDto; | |||
| import org.sonar.server.computation.log.CeLogging; | |||
| import org.sonar.server.computation.log.LogFileRef; | |||
| import org.sonar.server.exceptions.NotFoundException; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| import org.sonar.server.user.UserSession; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| import static java.lang.String.format; | |||
| @@ -74,7 +74,7 @@ public class LogsAction implements CeWsAction { | |||
| @Override | |||
| public void handle(Request wsRequest, Response wsResponse) throws Exception { | |||
| userSession.checkGlobalPermission(UserRole.ADMIN); | |||
| userSession.checkPermission(UserRole.ADMIN); | |||
| String taskUuid = wsRequest.mandatoryParam(PARAM_TASK_UUID); | |||
| LogFileRef ref = loadLogRef(taskUuid); | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/computation/ws/QueueAction.java
View File
| @@ -72,11 +72,11 @@ public class QueueAction implements CeWsAction { | |||
| List<CeQueueDto> dtos; | |||
| if (componentUuid == null) { | |||
| // no filters | |||
| userSession.checkGlobalPermission(UserRole.ADMIN); | |||
| userSession.checkPermission(UserRole.ADMIN); | |||
| dtos = dbClient.ceQueueDao().selectAllInAscOrder(dbSession); | |||
| } else { | |||
| // filter by component | |||
| if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) { | |||
| if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) { | |||
| dtos = dbClient.ceQueueDao().selectByComponentUuid(dbSession, componentUuid); | |||
| } else { | |||
| throw new ForbiddenException("Requires system administration permission"); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/computation/ws/TaskAction.java
View File
| @@ -71,7 +71,7 @@ public class TaskAction implements CeWsAction { | |||
| @Override | |||
| public void handle(Request wsRequest, Response wsResponse) throws Exception { | |||
| userSession.checkAnyGlobalPermissions(AUTHORIZED_PERMISSIONS); | |||
| userSession.checkAnyPermissions(AUTHORIZED_PERMISSIONS); | |||
| String taskUuid = wsRequest.mandatoryParam(PARAM_TASK_UUID); | |||
| DbSession dbSession = dbClient.openSession(false); | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelBackup.java
View File
| @@ -43,8 +43,8 @@ import org.sonar.api.utils.log.Loggers; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.db.MyBatis; | |||
| import org.sonar.db.rule.RuleDto; | |||
| import org.sonar.db.debt.CharacteristicDto; | |||
| import org.sonar.db.rule.RuleDto; | |||
| import org.sonar.server.db.DbClient; | |||
| import org.sonar.server.debt.DebtModelXMLExporter.DebtModel; | |||
| import org.sonar.server.debt.DebtModelXMLExporter.RuleDebt; | |||
| @@ -391,7 +391,7 @@ public class DebtModelBackup { | |||
| } | |||
| private void checkPermission() { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| } | |||
| private static class RuleDtoMatchLanguage implements Predicate<RuleDto> { | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelOperations.java
View File
| @@ -32,8 +32,8 @@ import org.sonar.api.utils.System2; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.db.MyBatis; | |||
| import org.sonar.db.rule.RuleDto; | |||
| import org.sonar.db.debt.CharacteristicDto; | |||
| import org.sonar.db.rule.RuleDto; | |||
| import org.sonar.server.db.DbClient; | |||
| import org.sonar.server.debt.DebtPredicates.CharacteristicDtoMatchKey; | |||
| import org.sonar.server.exceptions.BadRequestException; | |||
| @@ -250,7 +250,7 @@ public class DebtModelOperations { | |||
| } | |||
| private void checkPermission() { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| } | |||
| private static DebtCharacteristic toCharacteristic(CharacteristicDto dto) { | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/issue/ActionService.java
View File
| @@ -93,7 +93,7 @@ public class ActionService { | |||
| } | |||
| availableActions.add("plan"); | |||
| String projectUuid = issue.projectUuid(); | |||
| if (projectUuid != null && userSession.hasProjectPermissionByUuid(ISSUE_ADMIN, projectUuid)) { | |||
| if (projectUuid != null && userSession.hasComponentUuidPermission(ISSUE_ADMIN, projectUuid)) { | |||
| availableActions.add("set_severity"); | |||
| } | |||
| } | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/issue/InternalRubyIssueService.java
View File
| @@ -49,12 +49,12 @@ import org.sonar.db.issue.IssueFilterDto; | |||
| import org.sonar.server.es.SearchOptions; | |||
| import org.sonar.server.exceptions.BadRequestException; | |||
| import org.sonar.server.issue.actionplan.ActionPlanService; | |||
| import org.sonarqube.ws.client.issue.IssueFilterParameters; | |||
| import org.sonar.server.issue.filter.IssueFilterService; | |||
| import org.sonar.server.search.QueryContext; | |||
| import org.sonar.server.user.UserSession; | |||
| import org.sonar.server.util.RubyUtils; | |||
| import org.sonar.server.util.Validation; | |||
| import org.sonarqube.ws.client.issue.IssueFilterParameters; | |||
| /** | |||
| * Used through ruby code <pre>Internal.issues</pre> | |||
| @@ -565,7 +565,7 @@ public class InternalRubyIssueService { | |||
| } | |||
| public boolean isUserIssueAdmin(String projectUuid) { | |||
| return userSession.hasProjectPermissionByUuid(UserRole.ISSUE_ADMIN, projectUuid); | |||
| return userSession.hasComponentUuidPermission(UserRole.ISSUE_ADMIN, projectUuid); | |||
| } | |||
| private enum MatchIssueFilterParameters implements Predicate<Map.Entry<String, Object>> { | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/issue/IssueQueryService.java
View File
| @@ -341,7 +341,7 @@ public class IssueQueryService { | |||
| private void addViewsOrSubViews(IssueQuery.Builder builder, Collection<String> componentUuids, String uniqueQualifier) { | |||
| List<String> filteredViewUuids = newArrayList(); | |||
| for (String viewUuid : componentUuids) { | |||
| if ((Qualifiers.VIEW.equals(uniqueQualifier) && userSession.hasProjectPermissionByUuid(UserRole.USER, viewUuid)) | |||
| if ((Qualifiers.VIEW.equals(uniqueQualifier) && userSession.hasComponentUuidPermission(UserRole.USER, viewUuid)) | |||
| || (Qualifiers.SUBVIEW.equals(uniqueQualifier) && userSession.hasComponentUuidPermission(UserRole.USER, viewUuid))) { | |||
| filteredViewUuids.add(viewUuid); | |||
| } | |||
+ 4
- 4
server/sonar-server/src/main/java/org/sonar/server/issue/IssueService.java
View File
| @@ -136,7 +136,7 @@ public class IssueService { | |||
| for (Transition transition : outTransitions) { | |||
| String projectUuid = issue.projectUuid(); | |||
| if (userSession.isLoggedIn() && StringUtils.isBlank(transition.requiredProjectPermission()) || | |||
| (projectUuid != null && userSession.hasProjectPermissionByUuid(transition.requiredProjectPermission(), projectUuid))) { | |||
| (projectUuid != null && userSession.hasComponentUuidPermission(transition.requiredProjectPermission(), projectUuid))) { | |||
| allowedTransitions.add(transition); | |||
| } | |||
| } | |||
| @@ -166,7 +166,7 @@ public class IssueService { | |||
| for (Transition transition : outTransitions) { | |||
| String projectKey = defaultIssue.projectKey(); | |||
| if (transition.key().equals(transitionKey) && StringUtils.isNotBlank(transition.requiredProjectPermission()) && projectKey != null) { | |||
| userSession.checkProjectPermission(transition.requiredProjectPermission(), projectKey); | |||
| userSession.checkComponentPermission(transition.requiredProjectPermission(), projectKey); | |||
| } | |||
| } | |||
| } | |||
| @@ -226,7 +226,7 @@ public class IssueService { | |||
| DbSession session = dbClient.openSession(false); | |||
| try { | |||
| DefaultIssue issue = getByKeyForUpdate(session, issueKey).toDefaultIssue(); | |||
| userSession.checkProjectPermission(UserRole.ISSUE_ADMIN, issue.projectKey()); | |||
| userSession.checkComponentPermission(UserRole.ISSUE_ADMIN, issue.projectKey()); | |||
| IssueChangeContext context = IssueChangeContext.createUser(new Date(), userSession.getLogin()); | |||
| if (issueUpdater.setManualSeverity(issue, severity, context)) { | |||
| @@ -250,7 +250,7 @@ public class IssueService { | |||
| ComponentDto component = componentOptional.get(); | |||
| ComponentDto project = dbClient.componentDao().selectOrFailByUuid(dbSession, component.projectUuid()); | |||
| userSession.checkProjectPermission(UserRole.USER, project.getKey()); | |||
| userSession.checkComponentPermission(UserRole.USER, project.getKey()); | |||
| if (!ruleKey.isManual()) { | |||
| throw new IllegalArgumentException("Issues can be created only on rules marked as 'manual': " + ruleKey); | |||
| } | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/issue/SetSeverityAction.java
View File
| @@ -52,7 +52,7 @@ public class SetSeverityAction extends Action { | |||
| } | |||
| private boolean isCurrentUserIssueAdmin(String projectKey) { | |||
| return userSession.hasProjectPermission(UserRole.ISSUE_ADMIN, projectKey); | |||
| return userSession.hasComponentPermission(UserRole.ISSUE_ADMIN, projectKey); | |||
| } | |||
| @Override | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/issue/TransitionAction.java
View File
| @@ -69,7 +69,7 @@ public class TransitionAction extends Action { | |||
| public boolean apply(Transition input) { | |||
| return input.key().equals(transition) && | |||
| (StringUtils.isBlank(input.requiredProjectPermission()) || | |||
| userSession.hasProjectPermission(input.requiredProjectPermission(), defaultIssue.projectKey())); | |||
| userSession.hasComponentPermission(input.requiredProjectPermission(), defaultIssue.projectKey())); | |||
| } | |||
| }, null) != null; | |||
| } | |||
+ 3
- 3
server/sonar-server/src/main/java/org/sonar/server/issue/actionplan/ActionPlanService.java
View File
| @@ -34,6 +34,7 @@ import org.sonar.core.issue.DefaultActionPlan; | |||
| import org.sonar.core.issue.DefaultIssue; | |||
| import org.sonar.core.issue.IssueChangeContext; | |||
| import org.sonar.core.issue.IssueUpdater; | |||
| import org.sonar.db.DbClient; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.db.component.ResourceDao; | |||
| import org.sonar.db.component.ResourceDto; | |||
| @@ -43,7 +44,6 @@ import org.sonar.db.issue.ActionPlanDto; | |||
| import org.sonar.db.issue.ActionPlanStatsDao; | |||
| import org.sonar.db.issue.ActionPlanStatsDto; | |||
| import org.sonar.db.issue.IssueDto; | |||
| import org.sonar.db.DbClient; | |||
| import org.sonar.server.exceptions.NotFoundException; | |||
| import org.sonar.server.issue.IssueStorage; | |||
| import org.sonar.server.user.UserSession; | |||
| @@ -188,11 +188,11 @@ public class ActionPlanService { | |||
| } | |||
| private static void checkUserCanAccessProject(String projectKey, UserSession userSession) { | |||
| userSession.checkProjectPermission(UserRole.USER, projectKey); | |||
| userSession.checkComponentPermission(UserRole.USER, projectKey); | |||
| } | |||
| private static void checkUserIsProjectAdministrator(String projectKey, UserSession userSession) { | |||
| userSession.checkProjectPermission(UserRole.ADMIN, projectKey); | |||
| userSession.checkComponentPermission(UserRole.ADMIN, projectKey); | |||
| } | |||
| private enum ToActionPlanStats implements Function<ActionPlanStatsDto, ActionPlanStats> { | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/issue/filter/IssueFilterJsonWriter.java
View File
| @@ -59,7 +59,7 @@ class IssueFilterJsonWriter { | |||
| private static boolean canModifyFilter(UserSession userSession, IssueFilterDto filter) { | |||
| return userSession.isLoggedIn() && | |||
| (StringUtils.equals(filter.getUserLogin(), userSession.getLogin()) || userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)); | |||
| (StringUtils.equals(filter.getUserLogin(), userSession.getLogin()) || userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)); | |||
| } | |||
| } | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/CustomMeasureValidator.java
View File
| @@ -95,10 +95,10 @@ public class CustomMeasureValidator { | |||
| } | |||
| public static void checkPermissions(UserSession userSession, ComponentDto component) { | |||
| if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
| if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
| return; | |||
| } | |||
| userSession.checkLoggedIn().checkProjectUuidPermission(UserRole.ADMIN, component.projectUuid()); | |||
| userSession.checkLoggedIn().checkComponentUuidPermission(UserRole.ADMIN, component.projectUuid()); | |||
| } | |||
| } | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/DeleteAction.java
View File
| @@ -76,11 +76,11 @@ public class DeleteAction implements CustomMeasuresWsAction { | |||
| } | |||
| private void checkPermissions(DbSession dbSession, CustomMeasureDto customMeasure) { | |||
| if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
| if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
| return; | |||
| } | |||
| ComponentDto component = dbClient.componentDao().selectOrFailByUuid(dbSession, customMeasure.getComponentUuid()); | |||
| userSession.checkLoggedIn().checkProjectUuidPermission(UserRole.ADMIN, component.projectUuid()); | |||
| userSession.checkLoggedIn().checkComponentUuidPermission(UserRole.ADMIN, component.projectUuid()); | |||
| } | |||
| } | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/metric/ws/CreateAction.java
View File
| @@ -98,7 +98,7 @@ public class CreateAction implements MetricsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| String key = request.mandatoryParam(PARAM_KEY); | |||
| DbSession dbSession = dbClient.openSession(false); | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/metric/ws/DeleteAction.java
View File
| @@ -26,10 +26,10 @@ import javax.annotation.Nonnull; | |||
| import org.sonar.api.server.ws.Request; | |||
| import org.sonar.api.server.ws.Response; | |||
| import org.sonar.api.server.ws.WebService; | |||
| import org.sonar.db.metric.MetricDto; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.db.MyBatis; | |||
| import org.sonar.db.metric.MetricDto; | |||
| import org.sonar.server.db.DbClient; | |||
| import org.sonar.server.ruby.RubyBridge; | |||
| import org.sonar.server.user.UserSession; | |||
| @@ -69,7 +69,7 @@ public class DeleteAction implements MetricsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| DbSession dbSession = dbClient.openSession(false); | |||
| try { | |||
| List<Integer> ids = loadIds(dbSession, request); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/metric/ws/UpdateAction.java
View File
| @@ -100,7 +100,7 @@ public class UpdateAction implements MetricsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| int id = request.mandatoryParamAsInt(PARAM_ID); | |||
| DbSession dbSession = dbClient.openSession(false); | |||
+ 5
- 5
server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java
View File
| @@ -34,20 +34,20 @@ public class PermissionPrivilegeChecker { | |||
| public static void checkGlobalAdminUser(UserSession userSession) { | |||
| userSession | |||
| .checkLoggedIn() | |||
| .checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| .checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| } | |||
| public static void checkProjectAdminUserByComponentKey(UserSession userSession, @Nullable String componentKey) { | |||
| userSession.checkLoggedIn(); | |||
| if (componentKey == null || !userSession.hasProjectPermission(UserRole.ADMIN, componentKey)) { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| if (componentKey == null || !userSession.hasComponentPermission(UserRole.ADMIN, componentKey)) { | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| } | |||
| } | |||
| public static void checkProjectAdminUserByComponentUuid(UserSession userSession, @Nullable String componentUuid) { | |||
| userSession.checkLoggedIn(); | |||
| if (componentUuid == null || !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, componentUuid)) { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| if (componentUuid == null || !userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) { | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| } | |||
| } | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java
View File
| @@ -72,7 +72,7 @@ public class PermissionService { | |||
| if (provisioned == null) { | |||
| checkProjectAdminUserByComponentKey(userSession, componentKey); | |||
| } else { | |||
| userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); | |||
| userSession.checkPermission(GlobalPermissions.PROVISIONING); | |||
| } | |||
| permissionRepository.applyDefaultPermissionTemplate(session, component); | |||
| session.commit(); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/platform/ws/ChangeLogLevelAction.java
View File
| @@ -59,7 +59,7 @@ public class ChangeLogLevelAction implements SystemWsAction { | |||
| @Override | |||
| public void handle(Request wsRequest, Response wsResponse) { | |||
| userSession.checkGlobalPermission(UserRole.ADMIN); | |||
| userSession.checkPermission(UserRole.ADMIN); | |||
| LoggerLevel level = LoggerLevel.valueOf(wsRequest.mandatoryParam(PARAM_LEVEL)); | |||
| db.enableSqlLogging(level.equals(LoggerLevel.TRACE)); | |||
| logging.changeLevel(level); | |||
+ 2
- 3
server/sonar-server/src/main/java/org/sonar/server/platform/ws/InfoAction.java
View File
| @@ -19,6 +19,7 @@ | |||
| */ | |||
| package org.sonar.server.platform.ws; | |||
| import java.util.Map; | |||
| import org.sonar.api.server.ws.Request; | |||
| import org.sonar.api.server.ws.Response; | |||
| import org.sonar.api.server.ws.WebService; | |||
| @@ -27,8 +28,6 @@ import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.server.platform.monitoring.Monitor; | |||
| import org.sonar.server.user.UserSession; | |||
| import java.util.Map; | |||
| /** | |||
| * Implementation of the {@code info} action for the System WebService. | |||
| */ | |||
| @@ -55,7 +54,7 @@ public class InfoAction implements SystemWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| JsonWriter json = response.newJsonWriter(); | |||
| writeJson(json); | |||
| json.close(); | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/platform/ws/LogsAction.java
View File
| @@ -26,8 +26,8 @@ import org.sonar.api.server.ws.Response; | |||
| import org.sonar.api.server.ws.WebService; | |||
| import org.sonar.api.web.UserRole; | |||
| import org.sonar.server.platform.ServerLogging; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| import org.sonar.server.user.UserSession; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| public class LogsAction implements SystemWsAction { | |||
| @@ -50,7 +50,7 @@ public class LogsAction implements SystemWsAction { | |||
| @Override | |||
| public void handle(Request wsRequest, Response wsResponse) throws Exception { | |||
| userSession.checkGlobalPermission(UserRole.ADMIN); | |||
| userSession.checkPermission(UserRole.ADMIN); | |||
| wsResponse.stream().setMediaType(MediaTypes.TXT); | |||
| File file = serverLogging.getCurrentLogFile(); | |||
| if (file.exists()) { | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/plugins/ws/CancelAllAction.java
View File
| @@ -52,7 +52,7 @@ public class CancelAllAction implements PluginsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| pluginDownloader.cancelDownloads(); | |||
| pluginRepository.cancelUninstalls(); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/plugins/ws/InstallAction.java
View File
| @@ -72,7 +72,7 @@ public class InstallAction implements PluginsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| String key = request.mandatoryParam(PARAM_KEY); | |||
| PluginUpdate pluginUpdate = findAvailablePluginByKey(key); | |||
| pluginDownloader.download(key, pluginUpdate.getRelease().getVersion()); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/plugins/ws/UninstallAction.java
View File
| @@ -59,7 +59,7 @@ public class UninstallAction implements PluginsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| String key = request.mandatoryParam(PARAM_KEY); | |||
| ensurePluginIsInstalled(key); | |||
| pluginRepository.uninstall(key); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/plugins/ws/UpdateAction.java
View File
| @@ -73,7 +73,7 @@ public class UpdateAction implements PluginsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| String key = request.mandatoryParam(PARAM_KEY); | |||
| PluginUpdate pluginUpdate = findPluginUpdateByKey(key); | |||
| pluginDownloader.download(key, pluginUpdate.getRelease().getVersion()); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java
View File
| @@ -70,7 +70,7 @@ public class BulkDeleteAction implements ProjectsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkGlobalPermission(UserRole.ADMIN); | |||
| userSession.checkPermission(UserRole.ADMIN); | |||
| List<String> uuids = request.paramAsStrings(PARAM_IDS); | |||
| List<String> keys = request.paramAsStrings(PARAM_KEYS); | |||
+ 3
- 3
server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java
View File
| @@ -93,16 +93,16 @@ public class DeleteAction implements ProjectsWsAction { | |||
| private void checkPermissions(@Nullable String uuid, @Nullable String key) { | |||
| if (missPermissionsBasedOnUuid(uuid) || missPermissionsBasedOnKey(key)) { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| } | |||
| } | |||
| private boolean missPermissionsBasedOnKey(@Nullable String key) { | |||
| return key != null && !userSession.hasProjectPermission(UserRole.ADMIN, key) && !userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| return key != null && !userSession.hasComponentPermission(UserRole.ADMIN, key) && !userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| } | |||
| private boolean missPermissionsBasedOnUuid(@Nullable String uuid) { | |||
| return uuid != null && !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, uuid) && !userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| return uuid != null && !userSession.hasComponentUuidPermission(UserRole.ADMIN, uuid) && !userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| } | |||
| } | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java
View File
| @@ -67,7 +67,7 @@ public class GhostsAction implements ProjectsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkGlobalPermission(UserRole.ADMIN); | |||
| userSession.checkPermission(UserRole.ADMIN); | |||
| DbSession dbSession = dbClient.openSession(false); | |||
| SearchOptions searchOptions = new SearchOptions() | |||
| .setPage(request.mandatoryParamAsInt(Param.PAGE), | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java
View File
| @@ -67,7 +67,7 @@ public class ProvisionedAction implements ProjectsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING); | |||
| userSession.checkPermission(GlobalPermissions.PROVISIONING); | |||
| SearchOptions options = new SearchOptions().setPage( | |||
| request.mandatoryParamAsInt(Param.PAGE), | |||
| request.mandatoryParamAsInt(Param.PAGE_SIZE) | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java
View File
| @@ -361,12 +361,12 @@ public class QualityGates { | |||
| } | |||
| private void checkPermission() { | |||
| userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| } | |||
| private void checkPermission(Long projectId, DbSession session) { | |||
| ComponentDto project = componentDao.selectOrFailById(session, projectId); | |||
| if (!userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, project.key())) { | |||
| if (!userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasComponentPermission(UserRole.ADMIN, project.key())) { | |||
| throw new ForbiddenException("Insufficient privileges"); | |||
| } | |||
| } | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/ProjectStatusAction.java
View File
| @@ -134,6 +134,6 @@ public class ProjectStatusAction implements QGateWsAction { | |||
| } | |||
| private void checkScanOrAdminPermission() { | |||
| userSession.checkAnyGlobalPermissions(newHashSet(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.SYSTEM_ADMIN)); | |||
| userSession.checkAnyPermissions(newHashSet(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.SYSTEM_ADMIN)); | |||
| } | |||
| } | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java
View File
| @@ -122,11 +122,11 @@ public class QProfileProjectOperations { | |||
| } | |||
| private static void checkPermission(UserSession userSession) { | |||
| userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| } | |||
| private static void checkPermission(UserSession userSession, String projectKey) { | |||
| if (!userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, projectKey)) { | |||
| if (!userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasComponentPermission(UserRole.ADMIN, projectKey)) { | |||
| throw new ForbiddenException("Insufficient privileges"); | |||
| } | |||
| } | |||
+ 1
- 3
server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java
View File
| @@ -26,10 +26,8 @@ import java.io.Writer; | |||
| import java.util.Collection; | |||
| import java.util.List; | |||
| import java.util.Map; | |||
| import javax.annotation.CheckForNull; | |||
| import javax.annotation.Nullable; | |||
| import org.elasticsearch.action.search.SearchResponse; | |||
| import org.elasticsearch.search.SearchHit; | |||
| import org.sonar.api.server.ServerSide; | |||
| @@ -211,7 +209,7 @@ public class QProfileService { | |||
| private void verifyAdminPermission() { | |||
| userSession.checkLoggedIn(); | |||
| userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| } | |||
| public Result<QProfileActivity> searchActivities(QProfileActivityQuery query, SearchOptions options) { | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ChangeParentAction.java
View File
| @@ -26,8 +26,8 @@ import org.sonar.api.server.ws.Response; | |||
| import org.sonar.api.server.ws.WebService.NewAction; | |||
| import org.sonar.api.server.ws.WebService.NewController; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.db.DbClient; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.server.qualityprofile.QProfileFactory; | |||
| import org.sonar.server.qualityprofile.RuleActivator; | |||
| import org.sonar.server.user.UserSession; | |||
| @@ -80,7 +80,7 @@ public class ChangeParentAction implements QProfileWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| DbSession session = dbClient.openSession(false); | |||
| try { | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CopyAction.java
View File
| @@ -66,7 +66,7 @@ public class CopyAction implements QProfileWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| String newName = request.mandatoryParam(PARAM_PROFILE_NAME); | |||
| String profileKey = request.mandatoryParam(PARAM_PROFILE_KEY); | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/CreateAction.java
View File
| @@ -34,12 +34,12 @@ import org.sonar.db.DbClient; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.db.qualityprofile.QualityProfileDto; | |||
| import org.sonar.server.component.ws.LanguageParamUtils; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| import org.sonar.server.qualityprofile.QProfileExporters; | |||
| import org.sonar.server.qualityprofile.QProfileFactory; | |||
| import org.sonar.server.qualityprofile.QProfileName; | |||
| import org.sonar.server.qualityprofile.QProfileResult; | |||
| import org.sonar.server.user.UserSession; | |||
| import org.sonarqube.ws.MediaTypes; | |||
| public class CreateAction implements QProfileWsAction { | |||
| @@ -100,7 +100,7 @@ public class CreateAction implements QProfileWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| String name = request.mandatoryParam(PARAM_PROFILE_NAME); | |||
| String language = request.mandatoryParam(PARAM_LANGUAGE); | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeleteAction.java
View File
| @@ -25,8 +25,8 @@ import org.sonar.api.server.ws.Response; | |||
| import org.sonar.api.server.ws.WebService.NewAction; | |||
| import org.sonar.api.server.ws.WebService.NewController; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.db.DbClient; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.server.qualityprofile.QProfileFactory; | |||
| import org.sonar.server.user.UserSession; | |||
| @@ -59,7 +59,7 @@ public class DeleteAction implements QProfileWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn(); | |||
| userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| DbSession session = dbClient.openSession(false); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/OldRestoreAction.java
View File
| @@ -72,7 +72,7 @@ public class OldRestoreAction implements WsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| InputStream backup = request.paramAsInputStream(PARAM_BACKUP); | |||
| InputStreamReader reader = null; | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RenameAction.java
View File
| @@ -61,7 +61,7 @@ public class RenameAction implements QProfileWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| String newName = request.mandatoryParam(PARAM_PROFILE_NAME); | |||
| String profileKey = request.mandatoryParam(PARAM_PROFILE_KEY); | |||
+ 4
- 5
server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RestoreAction.java
View File
| @@ -20,6 +20,9 @@ | |||
| package org.sonar.server.qualityprofile.ws; | |||
| import com.google.common.base.Preconditions; | |||
| import java.io.InputStream; | |||
| import java.io.InputStreamReader; | |||
| import java.nio.charset.StandardCharsets; | |||
| import org.apache.commons.io.IOUtils; | |||
| import org.sonar.api.resources.Language; | |||
| import org.sonar.api.resources.Languages; | |||
| @@ -33,10 +36,6 @@ import org.sonar.server.qualityprofile.BulkChangeResult; | |||
| import org.sonar.server.qualityprofile.QProfileBackuper; | |||
| import org.sonar.server.user.UserSession; | |||
| import java.io.InputStream; | |||
| import java.io.InputStreamReader; | |||
| import java.nio.charset.StandardCharsets; | |||
| public class RestoreAction implements QProfileWsAction { | |||
| private static final String PARAM_BACKUP = "backup"; | |||
| @@ -66,7 +65,7 @@ public class RestoreAction implements QProfileWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| InputStream backup = request.paramAsInputStream(PARAM_BACKUP); | |||
| InputStreamReader reader = null; | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/SetDefaultAction.java
View File
| @@ -79,7 +79,7 @@ public class SetDefaultAction implements QProfileWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| String language = request.param(PARAM_LANGUAGE); | |||
| String profileName = request.param(PARAM_PROFILE_NAME); | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/rule/RuleOperations.java
View File
| @@ -30,8 +30,8 @@ import org.sonar.api.server.debt.internal.DefaultDebtRemediationFunction; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.db.MyBatis; | |||
| import org.sonar.db.rule.RuleDto; | |||
| import org.sonar.db.debt.CharacteristicDto; | |||
| import org.sonar.db.rule.RuleDto; | |||
| import org.sonar.server.db.DbClient; | |||
| import org.sonar.server.exceptions.BadRequestException; | |||
| import org.sonar.server.exceptions.NotFoundException; | |||
| @@ -152,7 +152,7 @@ public class RuleOperations { | |||
| private static void checkPermission(UserSession userSession) { | |||
| userSession.checkLoggedIn(); | |||
| userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| } | |||
| public static class RuleChange { | |||
+ 2
- 4
server/sonar-server/src/main/java/org/sonar/server/rule/RuleService.java
View File
| @@ -22,12 +22,10 @@ package org.sonar.server.rule; | |||
| import java.util.Collection; | |||
| import java.util.List; | |||
| import java.util.Set; | |||
| import javax.annotation.CheckForNull; | |||
| import javax.annotation.Nullable; | |||
| import org.sonar.api.server.ServerSide; | |||
| import org.sonar.api.rule.RuleKey; | |||
| import org.sonar.api.server.ServerSide; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.server.exceptions.NotFoundException; | |||
| import org.sonar.server.rule.index.RuleIndex; | |||
| @@ -115,6 +113,6 @@ public class RuleService { | |||
| private void checkPermission() { | |||
| userSession.checkLoggedIn(); | |||
| userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| } | |||
| } | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java
View File
| @@ -91,7 +91,7 @@ public class AppAction implements RulesWsAction { | |||
| } | |||
| private void addPermissions(JsonWriter json) { | |||
| json.prop("canWrite", userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)); | |||
| json.prop("canWrite", userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)); | |||
| } | |||
| private void addProfiles(JsonWriter json) { | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/source/ws/HashAction.java
View File
| @@ -70,7 +70,7 @@ public class HashAction implements SourcesWsAction { | |||
| try { | |||
| final String componentKey = request.mandatoryParam("key"); | |||
| final ComponentDto component = componentFinder.getByKey(session, componentKey); | |||
| userSession.checkProjectUuidPermission(UserRole.USER, component.projectUuid()); | |||
| userSession.checkComponentUuidPermission(UserRole.USER, component.projectUuid()); | |||
| response.stream().setMediaType("text/plain"); | |||
| OutputStreamWriter writer = new OutputStreamWriter(response.stream().output(), StandardCharsets.UTF_8); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/source/ws/LinesAction.java
View File
| @@ -115,7 +115,7 @@ public class LinesAction implements SourcesWsAction { | |||
| DbSession dbSession = dbClient.openSession(false); | |||
| try { | |||
| ComponentDto file = componentFinder.getByUuidOrKey(dbSession, request.param(PARAM_UUID), request.param(PARAM_KEY), UUID_AND_KEY); | |||
| userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
| userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
| int from = request.mandatoryParamAsInt(PARAM_FROM); | |||
| int to = Objects.firstNonNull(request.paramAsInt(PARAM_TO), Integer.MAX_VALUE); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/source/ws/RawAction.java
View File
| @@ -70,7 +70,7 @@ public class RawAction implements SourcesWsAction { | |||
| DbSession dbSession = dbClient.openSession(false); | |||
| try { | |||
| ComponentDto file = componentFinder.getByKey(dbSession, fileKey); | |||
| userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
| userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
| Optional<Iterable<String>> lines = sourceService.getLinesAsRawText(dbSession, file.uuid(), 1, Integer.MAX_VALUE); | |||
| response.stream().setMediaType("text/plain"); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/source/ws/ScmAction.java
View File
| @@ -104,7 +104,7 @@ public class ScmAction implements SourcesWsAction { | |||
| DbSession dbSession = dbClient.openSession(false); | |||
| try { | |||
| ComponentDto file = componentFinder.getByKey(dbSession, fileKey); | |||
| userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
| userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
| Optional<Iterable<DbFileSources.Line>> sourceLines = sourceService.getLines(dbSession, file.uuid(), from, to); | |||
| if (!sourceLines.isPresent()) { | |||
| throw new NotFoundException(String.format("File '%s' has no sources", fileKey)); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/source/ws/ShowAction.java
View File
| @@ -89,7 +89,7 @@ public class ShowAction implements SourcesWsAction { | |||
| DbSession dbSession = dbClient.openSession(false); | |||
| try { | |||
| ComponentDto file = componentFinder.getByKey(dbSession, fileKey); | |||
| userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
| userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid()); | |||
| Optional<Iterable<String>> linesHtml = sourceService.getLinesAsHtml(dbSession, file.uuid(), from, to); | |||
| if (linesHtml.isPresent()) { | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/test/CoverageService.java
View File
| @@ -22,14 +22,14 @@ package org.sonar.server.test; | |||
| import com.google.common.collect.Maps; | |||
| import java.util.Map; | |||
| import javax.annotation.CheckForNull; | |||
| import org.sonar.api.server.ServerSide; | |||
| import org.sonar.api.measures.CoreMetrics; | |||
| import org.sonar.api.server.ServerSide; | |||
| import org.sonar.api.utils.KeyValueFormat; | |||
| import org.sonar.api.web.UserRole; | |||
| import org.sonar.db.measure.MeasureDto; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.db.MyBatis; | |||
| import org.sonar.db.measure.MeasureDao; | |||
| import org.sonar.db.measure.MeasureDto; | |||
| import org.sonar.server.user.UserSession; | |||
| @ServerSide | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/test/ws/ListAction.java
View File
| @@ -236,6 +236,6 @@ public class ListAction implements TestsWsAction { | |||
| private void checkComponentUuidPermission(DbSession dbSession, String componentUuid) { | |||
| ComponentDto component = dbClient.componentDao().selectOrFailByUuid(dbSession, componentUuid); | |||
| userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, component.projectUuid()); | |||
| userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, component.projectUuid()); | |||
| } | |||
| } | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/ui/ViewProxy.java
View File
| @@ -278,7 +278,7 @@ public class ViewProxy<V extends View> implements Comparable<ViewProxy> { | |||
| public boolean isUserAuthorized() { | |||
| boolean authorized = userRoles.length == 0; | |||
| for (String userRole : getUserRoles()) { | |||
| authorized |= userSession.hasGlobalPermission(userRole); | |||
| authorized |= userSession.hasPermission(userRole); | |||
| } | |||
| return authorized; | |||
| } | |||
| @@ -286,7 +286,7 @@ public class ViewProxy<V extends View> implements Comparable<ViewProxy> { | |||
| public boolean isUserAuthorized(ComponentDto component) { | |||
| boolean authorized = userRoles.length == 0; | |||
| for (String userRole : getUserRoles()) { | |||
| authorized |= userSession.hasProjectPermissionByUuid(userRole, component.uuid()); | |||
| authorized |= userSession.hasComponentUuidPermission(userRole, component.uuid()); | |||
| } | |||
| return authorized; | |||
| } | |||
+ 3
- 3
server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentNavigationAction.java
View File
| @@ -112,7 +112,7 @@ public class ComponentNavigationAction implements NavigationWsAction { | |||
| try { | |||
| ComponentDto component = componentFinder.getByKey(session, componentKey); | |||
| userSession.checkProjectUuidPermission(UserRole.USER, component.projectUuid()); | |||
| userSession.checkComponentUuidPermission(UserRole.USER, component.projectUuid()); | |||
| SnapshotDto snapshot = dbClient.snapshotDao().selectLastSnapshotByComponentId(session, component.getId()); | |||
| @@ -120,7 +120,7 @@ public class ComponentNavigationAction implements NavigationWsAction { | |||
| json.beginObject(); | |||
| writeComponent(json, session, component, snapshot, userSession); | |||
| if (userSession.hasProjectPermissionByUuid(UserRole.ADMIN, component.projectUuid()) || userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)) { | |||
| if (userSession.hasComponentUuidPermission(UserRole.ADMIN, component.projectUuid()) || userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)) { | |||
| writeConfiguration(json, component, userSession); | |||
| } | |||
| @@ -210,7 +210,7 @@ public class ComponentNavigationAction implements NavigationWsAction { | |||
| } | |||
| private void writeConfiguration(JsonWriter json, ComponentDto component, UserSession userSession) { | |||
| boolean isAdmin = userSession.hasProjectPermissionByUuid(UserRole.ADMIN, component.projectUuid()); | |||
| boolean isAdmin = userSession.hasComponentUuidPermission(UserRole.ADMIN, component.projectUuid()); | |||
| Locale locale = userSession.locale(); | |||
| json.name("configuration").beginObject(); | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/ui/ws/SettingsNavigationAction.java
View File
| @@ -63,11 +63,11 @@ public class SettingsNavigationAction implements NavigationWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| boolean isAdmin = userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| boolean isAdmin = userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| JsonWriter json = response.newJsonWriter().beginObject(); | |||
| json.prop("showUpdateCenter", isAdmin && settings.getBoolean(UpdateCenterClient.ACTIVATION_PROPERTY)); | |||
| json.prop("showProvisioning", userSession.hasGlobalPermission(GlobalPermissions.PROVISIONING)); | |||
| json.prop("showProvisioning", userSession.hasPermission(GlobalPermissions.PROVISIONING)); | |||
| json.name("extensions").beginArray(); | |||
| if (isAdmin) { | |||
+ 5
- 26
server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java
View File
| @@ -130,20 +130,15 @@ public abstract class AbstractUserSession<T extends AbstractUserSession> impleme | |||
| } | |||
| @Override | |||
| public UserSession checkGlobalPermission(String globalPermission) { | |||
| return checkGlobalPermission(globalPermission, null); | |||
| } | |||
| @Override | |||
| public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) { | |||
| if (!hasGlobalPermission(globalPermission)) { | |||
| throw new ForbiddenException(errorMessage != null ? errorMessage : INSUFFICIENT_PRIVILEGES_MESSAGE); | |||
| public UserSession checkPermission(String globalPermission) { | |||
| if (!hasPermission(globalPermission)) { | |||
| throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); | |||
| } | |||
| return this; | |||
| } | |||
| @Override | |||
| public UserSession checkAnyGlobalPermissions(Collection<String> globalPermissionsToTest) { | |||
| public UserSession checkAnyPermissions(Collection<String> globalPermissionsToTest) { | |||
| List<String> userGlobalPermissions = globalPermissions(); | |||
| for (String userGlobalPermission : userGlobalPermissions) { | |||
| if (globalPermissionsToTest.contains(userGlobalPermission)) { | |||
| @@ -155,26 +150,10 @@ public abstract class AbstractUserSession<T extends AbstractUserSession> impleme | |||
| } | |||
| @Override | |||
| public boolean hasGlobalPermission(String globalPermission) { | |||
| public boolean hasPermission(String globalPermission) { | |||
| return globalPermissions().contains(globalPermission); | |||
| } | |||
| @Override | |||
| public UserSession checkProjectPermission(String projectPermission, String projectKey) { | |||
| if (!hasProjectPermission(projectPermission, projectKey)) { | |||
| throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); | |||
| } | |||
| return this; | |||
| } | |||
| @Override | |||
| public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) { | |||
| if (!hasProjectPermissionByUuid(projectPermission, projectUuid)) { | |||
| throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); | |||
| } | |||
| return this; | |||
| } | |||
| @Override | |||
| public UserSession checkComponentPermission(String projectPermission, String componentKey) { | |||
| if (!hasComponentPermission(projectPermission, componentKey)) { | |||
+ 0
- 10
server/sonar-server/src/main/java/org/sonar/server/user/AnonymousUserSession.java
View File
| @@ -34,16 +34,6 @@ public final class AnonymousUserSession extends AbstractUserSession<AnonymousUse | |||
| return Collections.emptyList(); | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermission(String permission, String projectKey) { | |||
| return false; | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
| return false; | |||
| } | |||
| @Override | |||
| public boolean hasComponentPermission(String permission, String componentKey) { | |||
| return false; | |||
+ 4
- 6
server/sonar-server/src/main/java/org/sonar/server/user/DefaultUserService.java
View File
| @@ -21,6 +21,9 @@ package org.sonar.server.user; | |||
| import com.google.common.base.Objects; | |||
| import com.google.common.base.Strings; | |||
| import java.util.List; | |||
| import java.util.Map; | |||
| import javax.annotation.CheckForNull; | |||
| import org.sonar.api.user.RubyUserService; | |||
| import org.sonar.api.user.User; | |||
| import org.sonar.api.user.UserFinder; | |||
| @@ -31,11 +34,6 @@ import org.sonar.server.user.index.UserDoc; | |||
| import org.sonar.server.user.index.UserIndex; | |||
| import org.sonar.server.util.RubyUtils; | |||
| import javax.annotation.CheckForNull; | |||
| import java.util.List; | |||
| import java.util.Map; | |||
| public class DefaultUserService implements RubyUserService { | |||
| private final UserIndex userIndex; | |||
| @@ -110,7 +108,7 @@ public class DefaultUserService implements RubyUserService { | |||
| if (Strings.isNullOrEmpty(login)) { | |||
| throw new BadRequestException("Login is missing"); | |||
| } | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| if (Objects.equal(userSession.getLogin(), login)) { | |||
| throw new BadRequestException("Self-deactivation is not possible"); | |||
| } | |||
+ 2
- 13
server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java
View File
| @@ -21,9 +21,8 @@ package org.sonar.server.user; | |||
| import java.util.Collections; | |||
| import java.util.List; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import java.util.Locale; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| /** | |||
| * Allow code to be executed with the highest privileges possible, as if executed by a {@link GlobalPermissions#SYSTEM_ADMIN} account. | |||
| @@ -72,7 +71,7 @@ public final class DoPrivileged { | |||
| } | |||
| @Override | |||
| public boolean hasGlobalPermission(String globalPermission) { | |||
| public boolean hasPermission(String globalPermission) { | |||
| return true; | |||
| } | |||
| @@ -81,16 +80,6 @@ public final class DoPrivileged { | |||
| return Collections.emptyList(); | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermission(String permission, String projectKey) { | |||
| return true; | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
| return true; | |||
| } | |||
| @Override | |||
| public boolean hasComponentPermission(String permission, String componentKey) { | |||
| return true; | |||
+ 13
- 15
server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java
View File
| @@ -24,9 +24,6 @@ import java.util.Collection; | |||
| import java.util.List; | |||
| import java.util.Map; | |||
| import org.sonar.api.security.DefaultGroups; | |||
| import org.sonar.api.utils.log.Logger; | |||
| import org.sonar.api.utils.log.Loggers; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.db.component.ResourceDao; | |||
| import org.sonar.db.component.ResourceDto; | |||
| import org.sonar.db.user.AuthorizationDao; | |||
| @@ -38,9 +35,7 @@ import static com.google.common.collect.Sets.newHashSet; | |||
| * Part of the current HTTP session | |||
| */ | |||
| public class ServerUserSession extends AbstractUserSession<ServerUserSession> | |||
| implements UserSession { | |||
| private static final Logger LOG = Loggers.get(ServerUserSession.class); | |||
| implements UserSession { | |||
| private Map<String, String> projectKeyByComponentKey = newHashMap(); | |||
| @@ -63,18 +58,13 @@ public class ServerUserSession extends AbstractUserSession<ServerUserSession> | |||
| List<String> permissionKeys = authorizationDao.selectGlobalPermissions(login); | |||
| globalPermissions = new ArrayList<>(); | |||
| for (String permissionKey : permissionKeys) { | |||
| if (!GlobalPermissions.ALL.contains(permissionKey)) { | |||
| LOG.warn("Ignoring unknown permission {} for user {}", permissionKey, login); | |||
| } else { | |||
| globalPermissions.add(permissionKey); | |||
| } | |||
| globalPermissions.add(permissionKey); | |||
| } | |||
| } | |||
| return globalPermissions; | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermission(String permission, String projectKey) { | |||
| private boolean hasProjectPermission(String permission, String projectKey) { | |||
| if (!projectPermissionsCheckedByKey.contains(permission)) { | |||
| Collection<String> projectKeys = authorizationDao.selectAuthorizedRootProjectsKeys(userId, permission); | |||
| for (String key : projectKeys) { | |||
| @@ -85,8 +75,8 @@ public class ServerUserSession extends AbstractUserSession<ServerUserSession> | |||
| return projectKeyByPermission.get(permission).contains(projectKey); | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
| // To keep private | |||
| private boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
| if (!projectPermissionsCheckedByUuid.contains(permission)) { | |||
| Collection<String> projectUuids = authorizationDao.selectAuthorizedRootProjectsUuids(userId, permission); | |||
| addProjectPermission(permission, projectUuids); | |||
| @@ -103,6 +93,10 @@ public class ServerUserSession extends AbstractUserSession<ServerUserSession> | |||
| @Override | |||
| public boolean hasComponentPermission(String permission, String componentKey) { | |||
| if (hasPermission(permission)) { | |||
| return true; | |||
| } | |||
| String projectKey = projectKeyByComponentKey.get(componentKey); | |||
| if (projectKey == null) { | |||
| ResourceDto project = resourceDao.getRootProjectByComponentKey(componentKey); | |||
| @@ -121,6 +115,10 @@ public class ServerUserSession extends AbstractUserSession<ServerUserSession> | |||
| @Override | |||
| public boolean hasComponentUuidPermission(String permission, String componentUuid) { | |||
| if (hasPermission(permission)) { | |||
| return true; | |||
| } | |||
| String projectUuid = projectUuidByComponentUuid.get(componentUuid); | |||
| if (projectUuid == null) { | |||
| ResourceDto project = resourceDao.selectResource(componentUuid); | |||
+ 6
- 32
server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
View File
| @@ -25,7 +25,6 @@ import java.util.List; | |||
| import java.util.Locale; | |||
| import java.util.Set; | |||
| import javax.annotation.CheckForNull; | |||
| import javax.annotation.Nullable; | |||
| /** | |||
| * Part of the current HTTP session | |||
| @@ -89,23 +88,18 @@ public class ThreadLocalUserSession implements UserSession { | |||
| } | |||
| @Override | |||
| public UserSession checkGlobalPermission(String globalPermission) { | |||
| return get().checkGlobalPermission(globalPermission); | |||
| public UserSession checkPermission(String globalPermission) { | |||
| return get().checkPermission(globalPermission); | |||
| } | |||
| @Override | |||
| public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) { | |||
| return get().checkGlobalPermission(globalPermission, errorMessage); | |||
| public UserSession checkAnyPermissions(Collection<String> globalPermissions) { | |||
| return get().checkAnyPermissions(globalPermissions); | |||
| } | |||
| @Override | |||
| public UserSession checkAnyGlobalPermissions(Collection<String> globalPermissions) { | |||
| return get().checkAnyGlobalPermissions(globalPermissions); | |||
| } | |||
| @Override | |||
| public boolean hasGlobalPermission(String globalPermission) { | |||
| return get().hasGlobalPermission(globalPermission); | |||
| public boolean hasPermission(String globalPermission) { | |||
| return get().hasPermission(globalPermission); | |||
| } | |||
| @Override | |||
| @@ -113,26 +107,6 @@ public class ThreadLocalUserSession implements UserSession { | |||
| return get().globalPermissions(); | |||
| } | |||
| @Override | |||
| public UserSession checkProjectPermission(String projectPermission, String projectKey) { | |||
| return get().checkProjectPermission(projectPermission, projectKey); | |||
| } | |||
| @Override | |||
| public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) { | |||
| return get().checkProjectUuidPermission(projectPermission, projectUuid); | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermission(String permission, String projectKey) { | |||
| return get().hasProjectPermission(permission, projectKey); | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
| return get().hasProjectPermissionByUuid(permission, projectUuid); | |||
| } | |||
| @Override | |||
| public UserSession checkComponentPermission(String projectPermission, String componentKey) { | |||
| return get().checkComponentPermission(projectPermission, componentKey); | |||
+ 16
- 33
server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
View File
| @@ -24,7 +24,6 @@ import java.util.List; | |||
| import java.util.Locale; | |||
| import java.util.Set; | |||
| import javax.annotation.CheckForNull; | |||
| import javax.annotation.Nullable; | |||
| public interface UserSession { | |||
| @CheckForNull | |||
| @@ -50,64 +49,48 @@ public interface UserSession { | |||
| /** | |||
| * Ensures that user implies the specified global permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
| */ | |||
| UserSession checkGlobalPermission(String globalPermission); | |||
| /** | |||
| * Ensures that user implies the specified global permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException} with | |||
| * the specified error message. | |||
| */ | |||
| UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage); | |||
| UserSession checkPermission(String globalPermission); | |||
| /** | |||
| * Ensures that user implies any of the specified global permissions, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException} with | |||
| * the specified error message. | |||
| */ | |||
| UserSession checkAnyGlobalPermissions(Collection<String> globalPermissions); | |||
| UserSession checkAnyPermissions(Collection<String> globalPermissions); | |||
| /** | |||
| * Does the user have the given permission ? | |||
| */ | |||
| boolean hasGlobalPermission(String globalPermission); | |||
| boolean hasPermission(String globalPermission); | |||
| List<String> globalPermissions(); | |||
| /** | |||
| * Ensures that user implies the specified project permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
| */ | |||
| UserSession checkProjectPermission(String projectPermission, String projectKey); | |||
| /** | |||
| * Ensures that user implies the specified project permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
| */ | |||
| UserSession checkProjectUuidPermission(String projectPermission, String projectUuid); | |||
| /** | |||
| * Does the user have the given project permission ? | |||
| */ | |||
| boolean hasProjectPermission(String permission, String projectKey); | |||
| /** | |||
| * Does the user have the given project permission ? | |||
| */ | |||
| boolean hasProjectPermissionByUuid(String permission, String projectUuid); | |||
| /** | |||
| * Ensures that user implies the specified project permission on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
| * Ensures that user implies the specified permission globally or on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
| * If the component doesn't exist and the user hasn't the global permission, throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
| */ | |||
| UserSession checkComponentPermission(String projectPermission, String componentKey); | |||
| /** | |||
| * Ensures that user implies the specified component permission on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
| * Ensures that user implies the specified component permission globally or on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
| * If the component doesn't exist and the user hasn't the global permission, throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
| */ | |||
| UserSession checkComponentUuidPermission(String permission, String componentUuid); | |||
| /** | |||
| * Does the user have the given project permission for a component key ? | |||
| * Does the user have the given permission for a component key ? | |||
| * | |||
| * First, check if the user has the global permission (even if the component doesn't exist) | |||
| * If not, check is the user has the permission on the project of the component | |||
| * If the component doesn't exist, return false | |||
| */ | |||
| boolean hasComponentPermission(String permission, String componentKey); | |||
| /** | |||
| * Does the user have the given project permission for a component uuid ? | |||
| * First, check if the user has the global permission (even if the component doesn't exist) | |||
| * If not, check is the user has the permission on the project of the component | |||
| * If the component doesn't exist, return false | |||
| */ | |||
| boolean hasComponentUuidPermission(String permission, String componentUuid); | |||
| } | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java
View File
| @@ -76,7 +76,7 @@ public class ChangePasswordAction implements UsersWsAction { | |||
| String previousPassword = request.mandatoryParam(PARAM_PREVIOUS_PASSWORD); | |||
| userUpdater.checkCurrentPassword(login, previousPassword); | |||
| } else { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| } | |||
| String password = request.mandatoryParam(PARAM_PASSWORD); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java
View File
| @@ -91,7 +91,7 @@ public class CreateAction implements UsersWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| String login = request.mandatoryParam(PARAM_LOGIN); | |||
| String password = request.mandatoryParam(PARAM_PASSWORD); | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java
View File
| @@ -28,9 +28,9 @@ import org.sonar.api.server.ws.WebService; | |||
| import org.sonar.api.server.ws.WebService.NewAction; | |||
| import org.sonar.api.utils.text.JsonWriter; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.db.DbClient; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.db.MyBatis; | |||
| import org.sonar.db.DbClient; | |||
| import org.sonar.server.exceptions.BadRequestException; | |||
| import org.sonar.server.user.UserSession; | |||
| import org.sonar.server.user.UserUpdater; | |||
| @@ -71,7 +71,7 @@ public class DeactivateAction implements UsersWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| String login = request.mandatoryParam(PARAM_LOGIN); | |||
| if (login.equals(userSession.getLogin())) { | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/user/ws/GroupsAction.java
View File
| @@ -78,7 +78,7 @@ public class GroupsAction implements UsersWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| String login = request.mandatoryParam(PARAM_LOGIN); | |||
| int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); | |||
+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java
View File
| @@ -27,9 +27,9 @@ import org.sonar.api.server.ws.Response; | |||
| import org.sonar.api.server.ws.WebService; | |||
| import org.sonar.api.utils.text.JsonWriter; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.db.DbClient; | |||
| import org.sonar.db.DbSession; | |||
| import org.sonar.db.MyBatis; | |||
| import org.sonar.db.DbClient; | |||
| import org.sonar.server.user.UpdateUser; | |||
| import org.sonar.server.user.UserSession; | |||
| import org.sonar.server.user.UserUpdater; | |||
| @@ -89,7 +89,7 @@ public class UpdateAction implements UsersWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| String login = request.mandatoryParam(PARAM_LOGIN); | |||
| UpdateUser updateUser = UpdateUser.create(login); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java
View File
| @@ -76,7 +76,7 @@ public class UserJsonWriter { | |||
| } | |||
| private void writeGroupsIfNeeded(JsonWriter json, Collection<String> groups, @Nullable Collection<String> fields) { | |||
| if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
| if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) { | |||
| json.name(FIELD_GROUPS).beginArray(); | |||
| for (String groupName : groups) { | |||
| json.value(groupName); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java
View File
| @@ -68,7 +68,7 @@ public class AddUserAction implements UserGroupsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); | |||
| String login = request.mandatoryParam(PARAM_LOGIN); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java
View File
| @@ -70,7 +70,7 @@ public class CreateAction implements UserGroupsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| String name = request.mandatoryParam(PARAM_NAME); | |||
| String description = request.param(PARAM_DESCRIPTION); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java
View File
| @@ -67,7 +67,7 @@ public class DeleteAction implements UserGroupsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| WsGroupRef groupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java
View File
| @@ -68,7 +68,7 @@ public class RemoveUserAction implements UserGroupsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); | |||
| String login = request.mandatoryParam(PARAM_LOGIN); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java
View File
| @@ -77,7 +77,7 @@ public class UpdateAction implements UserGroupsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| Long groupId = request.mandatoryParamAsLong(PARAM_ID); | |||
| String name = request.param(PARAM_NAME); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java
View File
| @@ -73,7 +73,7 @@ public class UsersAction implements UserGroupsWsAction { | |||
| @Override | |||
| public void handle(Request request, Response response) throws Exception { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request); | |||
| int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/GenerateAction.java
View File
| @@ -85,7 +85,7 @@ public class GenerateAction implements UserTokensWsAction { | |||
| } | |||
| private WsUserTokens.GenerateWsResponse doHandle(GenerateWsRequest request) { | |||
| userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| DbSession dbSession = dbClient.openSession(false); | |||
| try { | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/RevokeAction.java
View File
| @@ -68,7 +68,7 @@ public class RevokeAction implements UserTokensWsAction { | |||
| } | |||
| private void doHandle(RevokeWsRequest request) { | |||
| userSession.checkLoggedIn().checkGlobalPermission(SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(SYSTEM_ADMIN); | |||
| DbSession dbSession = dbClient.openSession(false); | |||
| try { | |||
+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/usertoken/ws/SearchAction.java
View File
| @@ -70,7 +70,7 @@ public class SearchAction implements UserTokensWsAction { | |||
| } | |||
| private SearchWsResponse doHandle(SearchWsRequest request) { | |||
| userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
| DbSession dbSession = dbClient.openSession(false); | |||
| try { | |||
+ 4
- 4
server/sonar-server/src/test/java/org/sonar/server/issue/SetSeverityActionTest.java
View File
| @@ -25,12 +25,12 @@ import org.junit.Before; | |||
| import org.junit.Rule; | |||
| import org.junit.Test; | |||
| import org.sonar.api.issue.Issue; | |||
| import org.sonar.api.web.UserRole; | |||
| import org.sonar.core.issue.DefaultIssue; | |||
| import org.sonar.core.issue.IssueChangeContext; | |||
| import org.sonar.api.web.UserRole; | |||
| import org.sonar.core.issue.IssueUpdater; | |||
| import org.sonar.server.tester.UserSessionRule; | |||
| import org.sonar.server.tester.AnonymousMockUserSession; | |||
| import org.sonar.server.tester.UserSessionRule; | |||
| import org.sonar.server.user.UserSession; | |||
| import static com.google.common.collect.Maps.newHashMap; | |||
| @@ -89,14 +89,14 @@ public class SetSeverityActionTest { | |||
| @Test | |||
| public void should_support_only_unresolved_issues() { | |||
| when(userSessionMock.hasProjectPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); | |||
| when(userSessionMock.hasComponentPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); | |||
| assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(null))).isTrue(); | |||
| assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(Issue.RESOLUTION_FIXED))).isFalse(); | |||
| } | |||
| @Test | |||
| public void should_support_only_issues_with_issue_admin_permission() { | |||
| when(userSessionMock.hasProjectPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); | |||
| when(userSessionMock.hasComponentPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true); | |||
| assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(null))).isTrue(); | |||
| assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar2").setResolution(null))).isFalse(); | |||
| } | |||
+ 22
- 21
server/sonar-server/src/test/java/org/sonar/server/issue/actionplan/ActionPlanServiceTest.java
View File
| @@ -88,10 +88,11 @@ public class ActionPlanServiceTest { | |||
| @Mock | |||
| IssueStorage issueStorage; | |||
| String projectKey = "org.sonar.Sample"; | |||
| static final String PROJECT_KEY = "org.sonar.Sample"; | |||
| static final String PROJECT_UUID = "ABCD"; | |||
| UserSession projectAdministratorUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.ADMIN, projectKey); | |||
| UserSession projectUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.USER, projectKey); | |||
| UserSession projectAdministratorUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.ADMIN, PROJECT_KEY); | |||
| UserSession projectUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.USER, PROJECT_KEY); | |||
| UserSession unauthorizedUserSession = new MockUserSession("nicolas").setName("Nicolas"); | |||
| private ActionPlanService actionPlanService; | |||
| @@ -105,7 +106,7 @@ public class ActionPlanServiceTest { | |||
| @Test | |||
| public void create() { | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setUuid(PROJECT_UUID).setId(1l)); | |||
| ActionPlan actionPlan = DefaultActionPlan.create("Long term"); | |||
| actionPlanService.create(actionPlan, projectAdministratorUserSession); | |||
| @@ -114,7 +115,7 @@ public class ActionPlanServiceTest { | |||
| @Test | |||
| public void create_required_admin_role() { | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
| ActionPlan actionPlan = DefaultActionPlan.create("Long term"); | |||
| try { | |||
| @@ -128,8 +129,8 @@ public class ActionPlanServiceTest { | |||
| @Test | |||
| public void set_status() { | |||
| when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
| when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
| ActionPlan result = actionPlanService.setStatus("ABCD", "CLOSED", projectAdministratorUserSession); | |||
| verify(actionPlanDao).update(any(ActionPlanDto.class)); | |||
| @@ -140,7 +141,7 @@ public class ActionPlanServiceTest { | |||
| @Test | |||
| public void update() { | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
| ActionPlan actionPlan = DefaultActionPlan.create("Long term"); | |||
| actionPlanService.update(actionPlan, projectAdministratorUserSession); | |||
| @@ -149,16 +150,16 @@ public class ActionPlanServiceTest { | |||
| @Test | |||
| public void delete() { | |||
| when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
| when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
| actionPlanService.delete("ABCD", projectAdministratorUserSession); | |||
| verify(actionPlanDao).delete("ABCD"); | |||
| } | |||
| @Test | |||
| public void unplan_all_linked_issues_when_deleting_an_action_plan() { | |||
| when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
| when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
| IssueDto issueDto = new IssueDto().setId(100L).setStatus(Issue.STATUS_OPEN).setRuleKey("squid", "s100").setIssueCreationDate(new Date()); | |||
| when(issueDao.selectByActionPlan(session, "ABCD")).thenReturn(newArrayList(issueDto)); | |||
| @@ -173,8 +174,8 @@ public class ActionPlanServiceTest { | |||
| @Test | |||
| public void find_by_key() { | |||
| when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
| when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
| ActionPlan result = actionPlanService.findByKey("ABCD", projectUserSession); | |||
| assertThat(result).isNotNull(); | |||
| @@ -197,20 +198,20 @@ public class ActionPlanServiceTest { | |||
| @Test | |||
| public void find_open_by_project_key() { | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
| when(actionPlanDao.selectOpenByProjectId(1l)).thenReturn(newArrayList(new ActionPlanDto().setKey("ABCD"))); | |||
| Collection<ActionPlan> results = actionPlanService.findOpenByProjectKey(projectKey, projectUserSession); | |||
| Collection<ActionPlan> results = actionPlanService.findOpenByProjectKey(PROJECT_KEY, projectUserSession); | |||
| assertThat(results).hasSize(1); | |||
| assertThat(results.iterator().next().key()).isEqualTo("ABCD"); | |||
| } | |||
| @Test | |||
| public void find_open_by_project_key_required_user_role() { | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l)); | |||
| when(actionPlanDao.selectOpenByProjectId(1l)).thenReturn(newArrayList(new ActionPlanDto().setKey("ABCD"))); | |||
| try { | |||
| actionPlanService.findOpenByProjectKey(projectKey, unauthorizedUserSession); | |||
| actionPlanService.findOpenByProjectKey(PROJECT_KEY, unauthorizedUserSession); | |||
| fail(); | |||
| } catch (Exception e) { | |||
| assertThat(e).isInstanceOf(ForbiddenException.class); | |||
| @@ -226,10 +227,10 @@ public class ActionPlanServiceTest { | |||
| @Test | |||
| public void find_action_plan_stats() { | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setId(1L).setKey(projectKey)); | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setId(1L).setKey(PROJECT_KEY)); | |||
| when(actionPlanStatsDao.selectByProjectId(1L)).thenReturn(newArrayList(new ActionPlanStatsDto())); | |||
| Collection<ActionPlanStats> results = actionPlanService.findActionPlanStats(projectKey, projectUserSession); | |||
| Collection<ActionPlanStats> results = actionPlanService.findActionPlanStats(PROJECT_KEY, projectUserSession); | |||
| assertThat(results).hasSize(1); | |||
| } | |||
| @@ -237,7 +238,7 @@ public class ActionPlanServiceTest { | |||
| public void throw_exception_if_project_not_found_when_find_open_action_plan_stats() { | |||
| when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(null); | |||
| actionPlanService.findActionPlanStats(projectKey, projectUserSession); | |||
| actionPlanService.findActionPlanStats(PROJECT_KEY, projectUserSession); | |||
| } | |||
| } | |||
+ 14
- 10
server/sonar-server/src/test/java/org/sonar/server/tester/MockUserSession.java
View File
| @@ -99,12 +99,18 @@ public class MockUserSession extends AbstractUserSession<MockUserSession> implem | |||
| public MockUserSession addProjectPermissions(String projectPermission, String... projectKeys) { | |||
| this.projectPermissionsCheckedByKey.add(projectPermission); | |||
| this.projectKeyByPermission.putAll(projectPermission, newArrayList(projectKeys)); | |||
| for (String projectKey : projectKeys) { | |||
| this.projectKeyByComponentKey.put(projectKey, projectKey); | |||
| } | |||
| return this; | |||
| } | |||
| public MockUserSession addProjectUuidPermissions(String projectPermission, String... projectUuids) { | |||
| this.projectPermissionsCheckedByUuid.add(projectPermission); | |||
| this.projectUuidByPermission.putAll(projectPermission, newArrayList(projectUuids)); | |||
| for (String projectUuid : projectUuids) { | |||
| this.projectUuidByComponentUuid.put(projectUuid, projectUuid); | |||
| } | |||
| return this; | |||
| } | |||
| @@ -129,25 +135,23 @@ public class MockUserSession extends AbstractUserSession<MockUserSession> implem | |||
| return globalPermissions; | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermission(String permission, String projectKey) { | |||
| return projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey); | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
| return projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid); | |||
| } | |||
| @Override | |||
| public boolean hasComponentPermission(String permission, String componentKey) { | |||
| String projectKey = projectKeyByComponentKey.get(componentKey); | |||
| return projectKey != null && hasProjectPermission(permission, projectKey); | |||
| } | |||
| private boolean hasProjectPermission(String permission, String projectKey) { | |||
| return hasPermission(permission) || (projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey)); | |||
| } | |||
| @Override | |||
| public boolean hasComponentUuidPermission(String permission, String componentUuid) { | |||
| String projectUuid = projectUuidByComponentUuid.get(componentUuid); | |||
| return projectUuid != null && hasProjectPermissionByUuid(permission, projectUuid); | |||
| } | |||
| private boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
| return hasPermission(permission) || (projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid)); | |||
| } | |||
| } | |||
+ 6
- 31
server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
View File
| @@ -221,16 +221,6 @@ public class UserSessionRule implements TestRule, UserSession { | |||
| return currentUserSession.globalPermissions(); | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermission(String permission, String projectKey) { | |||
| return currentUserSession.hasProjectPermission(permission, projectKey); | |||
| } | |||
| @Override | |||
| public boolean hasProjectPermissionByUuid(String permission, String projectUuid) { | |||
| return currentUserSession.hasProjectPermissionByUuid(permission, projectUuid); | |||
| } | |||
| @Override | |||
| public boolean hasComponentPermission(String permission, String componentKey) { | |||
| return currentUserSession.hasComponentPermission(permission, componentKey); | |||
| @@ -280,33 +270,18 @@ public class UserSessionRule implements TestRule, UserSession { | |||
| } | |||
| @Override | |||
| public UserSession checkGlobalPermission(String globalPermission) { | |||
| return currentUserSession.checkGlobalPermission(globalPermission); | |||
| } | |||
| @Override | |||
| public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) { | |||
| return currentUserSession.checkGlobalPermission(globalPermission, errorMessage); | |||
| } | |||
| @Override | |||
| public UserSession checkAnyGlobalPermissions(Collection<String> globalPermissions) { | |||
| return currentUserSession.checkAnyGlobalPermissions(globalPermissions); | |||
| } | |||
| @Override | |||
| public boolean hasGlobalPermission(String globalPermission) { | |||
| return currentUserSession.hasGlobalPermission(globalPermission); | |||
| public UserSession checkPermission(String globalPermission) { | |||
| return currentUserSession.checkPermission(globalPermission); | |||
| } | |||
| @Override | |||
| public UserSession checkProjectPermission(String projectPermission, String projectKey) { | |||
| return currentUserSession.checkProjectPermission(projectPermission, projectKey); | |||
| public UserSession checkAnyPermissions(Collection<String> globalPermissions) { | |||
| return currentUserSession.checkAnyPermissions(globalPermissions); | |||
| } | |||
| @Override | |||
| public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) { | |||
| return currentUserSession.checkProjectUuidPermission(projectPermission, projectUuid); | |||
| public boolean hasPermission(String globalPermission) { | |||
| return currentUserSession.hasPermission(globalPermission); | |||
| } | |||
| @Override | |||
+ 4
- 4
server/sonar-server/src/test/java/org/sonar/server/user/DoPrivilegedTest.java
View File
| @@ -46,8 +46,8 @@ public class DoPrivilegedTest { | |||
| // verify the session used inside Privileged task | |||
| assertThat(catcher.userSession.isLoggedIn()).isFalse(); | |||
| assertThat(catcher.userSession.hasGlobalPermission("any permission")).isTrue(); | |||
| assertThat(catcher.userSession.hasProjectPermission("any permission", "any project")).isTrue(); | |||
| assertThat(catcher.userSession.hasPermission("any permission")).isTrue(); | |||
| assertThat(catcher.userSession.hasComponentPermission("any permission", "any project")).isTrue(); | |||
| // verify session in place after task is done | |||
| assertThat(threadLocalUserSession.get()).isSameAs(session); | |||
| @@ -72,8 +72,8 @@ public class DoPrivilegedTest { | |||
| // verify the session used inside Privileged task | |||
| assertThat(catcher.userSession.isLoggedIn()).isFalse(); | |||
| assertThat(catcher.userSession.hasGlobalPermission("any permission")).isTrue(); | |||
| assertThat(catcher.userSession.hasProjectPermission("any permission", "any project")).isTrue(); | |||
| assertThat(catcher.userSession.hasPermission("any permission")).isTrue(); | |||
| assertThat(catcher.userSession.hasComponentPermission("any permission", "any project")).isTrue(); | |||
| } | |||
| } | |||
+ 72
- 74
server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
View File
| @@ -22,12 +22,12 @@ package org.sonar.server.user; | |||
| import java.util.Arrays; | |||
| import org.junit.Test; | |||
| import org.sonar.api.web.UserRole; | |||
| import org.sonar.db.component.ComponentDto; | |||
| import org.sonar.core.permission.GlobalPermissions; | |||
| import org.sonar.db.component.ComponentDto; | |||
| import org.sonar.db.component.ComponentTesting; | |||
| import org.sonar.db.component.ResourceDao; | |||
| import org.sonar.db.component.ResourceDto; | |||
| import org.sonar.db.user.AuthorizationDao; | |||
| import org.sonar.db.component.ComponentTesting; | |||
| import org.sonar.server.exceptions.ForbiddenException; | |||
| import static com.google.common.collect.Lists.newArrayList; | |||
| @@ -36,6 +36,12 @@ import static org.mockito.Mockito.mock; | |||
| import static org.mockito.Mockito.when; | |||
| public class ServerUserSessionTest { | |||
| static final String LOGIN = "marius"; | |||
| static final String PROJECT_KEY = "com.foo:Bar"; | |||
| static final String PROJECT_UUID = "ABCD"; | |||
| static final String FILE_KEY = "com.foo:Bar:BarFile.xoo"; | |||
| static final String FILE_UUID = "BCDE"; | |||
| AuthorizationDao authorizationDao = mock(AuthorizationDao.class); | |||
| ResourceDao resourceDao = mock(ResourceDao.class); | |||
| @@ -48,125 +54,118 @@ public class ServerUserSessionTest { | |||
| @Test | |||
| public void has_global_permission() { | |||
| UserSession session = newServerUserSession().setLogin("marius"); | |||
| UserSession session = newServerUserSession().setLogin(LOGIN); | |||
| when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
| when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
| assertThat(session.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)).isTrue(); | |||
| assertThat(session.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)).isTrue(); | |||
| assertThat(session.hasGlobalPermission(GlobalPermissions.DASHBOARD_SHARING)).isFalse(); | |||
| assertThat(session.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)).isTrue(); | |||
| assertThat(session.hasPermission(GlobalPermissions.SYSTEM_ADMIN)).isTrue(); | |||
| assertThat(session.hasPermission(GlobalPermissions.DASHBOARD_SHARING)).isFalse(); | |||
| } | |||
| @Test | |||
| public void check_global_Permission_ok() { | |||
| UserSession session = newServerUserSession().setLogin("marius"); | |||
| UserSession session = newServerUserSession().setLogin(LOGIN); | |||
| when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
| when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
| session.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| session.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN); | |||
| } | |||
| @Test(expected = ForbiddenException.class) | |||
| public void check_global_Permission_ko() { | |||
| UserSession session = newServerUserSession().setLogin("marius"); | |||
| UserSession session = newServerUserSession().setLogin(LOGIN); | |||
| when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
| when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin")); | |||
| session.checkGlobalPermission(GlobalPermissions.DASHBOARD_SHARING); | |||
| session.checkPermission(GlobalPermissions.DASHBOARD_SHARING); | |||
| } | |||
| @Test | |||
| public void has_project_permission() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); | |||
| assertThat(session.hasProjectPermission(UserRole.USER, "com.foo:Bar")).isTrue(); | |||
| assertThat(session.hasProjectPermission(UserRole.CODEVIEWER, "com.foo:Bar")).isFalse(); | |||
| assertThat(session.hasProjectPermission(UserRole.ADMIN, "com.foo:Bar")).isFalse(); | |||
| } | |||
| public void has_component_permission() { | |||
| UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
| @Test | |||
| public void has_project_permission_by_uuid() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList("ABCD")); | |||
| String componentKey = FILE_KEY; | |||
| when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey)); | |||
| when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(componentKey)); | |||
| assertThat(session.hasProjectPermissionByUuid(UserRole.USER, "ABCD")).isTrue(); | |||
| assertThat(session.hasProjectPermissionByUuid(UserRole.CODEVIEWER, "ABCD")).isFalse(); | |||
| assertThat(session.hasProjectPermissionByUuid(UserRole.ADMIN, "ABCD")).isFalse(); | |||
| assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue(); | |||
| assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse(); | |||
| assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse(); | |||
| } | |||
| @Test | |||
| public void check_project_permission_ok() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); | |||
| public void has_component_uuid_permission() { | |||
| UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
| session.checkProjectPermission(UserRole.USER, "com.foo:Bar"); | |||
| } | |||
| @Test(expected = ForbiddenException.class) | |||
| public void check_project_permission_ko() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar2")); | |||
| String componentUuid = FILE_UUID; | |||
| when(resourceDao.selectResource(componentUuid)).thenReturn(new ResourceDto().setUuid(componentUuid).setProjectUuid(PROJECT_UUID)); | |||
| when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_UUID)); | |||
| session.checkProjectPermission(UserRole.USER, "com.foo:Bar"); | |||
| assertThat(session.hasComponentUuidPermission(UserRole.USER, componentUuid)).isTrue(); | |||
| assertThat(session.hasComponentUuidPermission(UserRole.CODEVIEWER, componentUuid)).isFalse(); | |||
| assertThat(session.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)).isFalse(); | |||
| } | |||
| @Test | |||
| public void check_project_uuid_permission_ok() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| public void has_component_permission_with_only_global_permission() { | |||
| UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
| ComponentDto project = ComponentTesting.newProjectDto(); | |||
| when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); | |||
| String componentKey = FILE_KEY; | |||
| when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey)); | |||
| when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER)); | |||
| session.checkProjectUuidPermission(UserRole.USER, project.uuid()); | |||
| assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue(); | |||
| assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse(); | |||
| assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse(); | |||
| } | |||
| @Test(expected = ForbiddenException.class) | |||
| public void check_project_uuid_permission_ko() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| @Test | |||
| public void has_component_uuid_permission_with_only_global_permission() { | |||
| UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
| ComponentDto project = ComponentTesting.newProjectDto(); | |||
| when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); | |||
| String componentUuid = FILE_UUID; | |||
| when(resourceDao.selectResource(componentUuid)).thenReturn(new ResourceDto().setUuid(componentUuid).setProjectUuid(PROJECT_UUID)); | |||
| when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER)); | |||
| session.checkProjectUuidPermission(UserRole.USER, "another project"); | |||
| assertThat(session.hasComponentUuidPermission(UserRole.USER, componentUuid)).isTrue(); | |||
| assertThat(session.hasComponentUuidPermission(UserRole.CODEVIEWER, componentUuid)).isFalse(); | |||
| assertThat(session.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)).isFalse(); | |||
| } | |||
| @Test | |||
| public void has_component_permission() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| public void check_component_key_permission_ok() { | |||
| UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
| String componentKey = "com.foo:Bar:BarFile.xoo"; | |||
| when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey)); | |||
| when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(componentKey)); | |||
| when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey(PROJECT_KEY)); | |||
| when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_KEY)); | |||
| assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue(); | |||
| assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse(); | |||
| assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse(); | |||
| session.checkComponentPermission(UserRole.USER, FILE_KEY); | |||
| } | |||
| @Test | |||
| public void check_component_key_permission_ok() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| public void check_component_key_permission_with_only_global_permission_ok() { | |||
| UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
| when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(new ResourceDto().setKey("com.foo:Bar")); | |||
| when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); | |||
| when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey(PROJECT_KEY)); | |||
| when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER)); | |||
| session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo"); | |||
| session.checkComponentPermission(UserRole.USER, FILE_KEY); | |||
| } | |||
| @Test(expected = ForbiddenException.class) | |||
| public void check_component_key_permission_ko() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
| when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(new ResourceDto().setKey("com.foo:Bar2")); | |||
| when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar")); | |||
| when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey("com.foo:Bar2")); | |||
| when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_KEY)); | |||
| session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo"); | |||
| session.checkComponentPermission(UserRole.USER, FILE_KEY); | |||
| } | |||
| @Test | |||
| public void check_component_uuid_permission_ok() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
| ComponentDto project = ComponentTesting.newProjectDto(); | |||
| ComponentDto file = ComponentTesting.newFileDto(project, "file-uuid"); | |||
| @@ -178,10 +177,9 @@ public class ServerUserSessionTest { | |||
| @Test(expected = ForbiddenException.class) | |||
| public void check_component_uuid_permission_ko() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
| ComponentDto project = ComponentTesting.newProjectDto(); | |||
| ComponentDto file = ComponentTesting.newFileDto(project, "file-uuid"); | |||
| when(resourceDao.selectResource("file-uuid")).thenReturn(new ResourceDto().setProjectUuid(project.uuid())); | |||
| when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); | |||
| @@ -190,16 +188,16 @@ public class ServerUserSessionTest { | |||
| @Test(expected = ForbiddenException.class) | |||
| public void check_component_key_permission_when_project_not_found() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
| when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(null); | |||
| when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(null); | |||
| session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo"); | |||
| session.checkComponentPermission(UserRole.USER, FILE_KEY); | |||
| } | |||
| @Test(expected = ForbiddenException.class) | |||
| public void check_component_dto_permission_ko() { | |||
| UserSession session = newServerUserSession().setLogin("marius").setUserId(1); | |||
| UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1); | |||
| ComponentDto project = ComponentTesting.newProjectDto(); | |||
| when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(project.uuid())); | |||
Loading…