spegling av
https://github.com/SonarSource/sonarqube.git
synced 2024-08-13 02:10:35 +02:00
SONAR-7174 Check scan perm per project in qgate project status WS
This commit is contained in:
förälder
bd62851006
incheckning
7e6178a467
@ -31,16 +31,18 @@ import org.sonar.api.measures.CoreMetrics;
|
||||
import org.sonar.api.server.ws.Request;
|
||||
import org.sonar.api.server.ws.Response;
|
||||
import org.sonar.api.server.ws.WebService;
|
||||
import org.sonar.core.permission.GlobalPermissions;
|
||||
import org.sonar.db.DbClient;
|
||||
import org.sonar.db.DbSession;
|
||||
import org.sonar.db.component.ComponentDto;
|
||||
import org.sonar.db.component.SnapshotDto;
|
||||
import org.sonar.db.measure.MeasureDto;
|
||||
import org.sonar.server.user.UserSession;
|
||||
import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse;
|
||||
import org.sonarqube.ws.client.qualitygate.ProjectStatusWsRequest;
|
||||
|
||||
import static com.google.common.collect.Sets.newHashSet;
|
||||
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
|
||||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
|
||||
import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
|
||||
import static org.sonar.server.ws.WsUtils.checkFound;
|
||||
import static org.sonar.server.ws.WsUtils.writeProtobuf;
|
||||
|
||||
@ -49,7 +51,7 @@ public class ProjectStatusAction implements QGateWsAction {
|
||||
.join(Lists.transform(Arrays.asList(ProjectStatusWsResponse.Status.values()), new Function<ProjectStatusWsResponse.Status, String>() {
|
||||
@Nonnull
|
||||
@Override
|
||||
public String apply(ProjectStatusWsResponse.Status input) {
|
||||
public String apply(@Nonnull ProjectStatusWsResponse.Status input) {
|
||||
return input.toString();
|
||||
}
|
||||
}));
|
||||
@ -86,12 +88,12 @@ public class ProjectStatusAction implements QGateWsAction {
|
||||
}
|
||||
|
||||
private ProjectStatusWsResponse doHandle(ProjectStatusWsRequest request) {
|
||||
checkScanOrAdminPermission();
|
||||
|
||||
DbSession dbSession = dbClient.openSession(false);
|
||||
try {
|
||||
String snapshotId = request.getAnalysisId();
|
||||
SnapshotDto snapshotDto = getSnapshot(dbSession, snapshotId);
|
||||
ComponentDto projectDto = dbClient.componentDao().selectOrFailById(dbSession, snapshotDto.getComponentId());
|
||||
checkPermission(projectDto.uuid());
|
||||
String measureData = getQualityGateDetailsMeasureData(dbSession, snapshotDto);
|
||||
|
||||
return ProjectStatusWsResponse.newBuilder()
|
||||
@ -133,7 +135,10 @@ public class ProjectStatusAction implements QGateWsAction {
|
||||
.setAnalysisId(request.mandatoryParam("analysisId"));
|
||||
}
|
||||
|
||||
private void checkScanOrAdminPermission() {
|
||||
userSession.checkAnyPermissions(newHashSet(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.SYSTEM_ADMIN));
|
||||
private void checkPermission(String projectUuid) {
|
||||
if (!userSession.hasPermission(SYSTEM_ADMIN)
|
||||
&& !userSession.hasComponentUuidPermission(SCAN_EXECUTION, projectUuid)) {
|
||||
throw insufficientPrivilegesException();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,7 +29,6 @@ import org.junit.experimental.categories.Category;
|
||||
import org.junit.rules.ExpectedException;
|
||||
import org.sonar.api.measures.CoreMetrics;
|
||||
import org.sonar.api.utils.System2;
|
||||
import org.sonar.core.permission.GlobalPermissions;
|
||||
import org.sonar.db.DbClient;
|
||||
import org.sonar.db.DbSession;
|
||||
import org.sonar.db.DbTester;
|
||||
@ -47,6 +46,9 @@ import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse;
|
||||
import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse.Status;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
|
||||
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
|
||||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
|
||||
import static org.sonar.db.component.ComponentTesting.newProjectDto;
|
||||
import static org.sonar.db.component.SnapshotTesting.newSnapshotForProject;
|
||||
import static org.sonar.db.measure.MeasureTesting.newMeasureDto;
|
||||
@ -73,11 +75,12 @@ public class ProjectStatusActionTest {
|
||||
dbSession = db.getSession();
|
||||
|
||||
ws = new WsActionTester(new ProjectStatusAction(dbClient, userSession));
|
||||
userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void json_example() throws IOException {
|
||||
userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
|
||||
|
||||
ComponentDto project = newProjectDto("project-uuid");
|
||||
dbClient.componentDao().insert(dbSession, project);
|
||||
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project)
|
||||
@ -106,6 +109,8 @@ public class ProjectStatusActionTest {
|
||||
|
||||
@Test
|
||||
public void fail_if_no_snapshot_id_found() {
|
||||
userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
|
||||
|
||||
expectedException.expect(NotFoundException.class);
|
||||
expectedException.expectMessage("Analysis with id 'task-uuid' is not found");
|
||||
|
||||
@ -114,6 +119,8 @@ public class ProjectStatusActionTest {
|
||||
|
||||
@Test
|
||||
public void return_undefined_status_if_measure_is_not_found() {
|
||||
userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
|
||||
|
||||
ComponentDto project = newProjectDto("project-uuid");
|
||||
dbClient.componentDao().insert(dbSession, project);
|
||||
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||
@ -127,7 +134,8 @@ public class ProjectStatusActionTest {
|
||||
|
||||
@Test
|
||||
public void return_undefined_status_if_measure_data_is_not_well_formatted() {
|
||||
userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
|
||||
userSession.login("john").setGlobalPermissions(SCAN_EXECUTION);
|
||||
|
||||
ComponentDto project = newProjectDto("project-uuid");
|
||||
dbClient.componentDao().insert(dbSession, project);
|
||||
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||
@ -146,10 +154,51 @@ public class ProjectStatusActionTest {
|
||||
|
||||
@Test
|
||||
public void fail_if_insufficient_privileges() {
|
||||
userSession.setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
|
||||
expectedException.expect(ForbiddenException.class);
|
||||
userSession.login("john").setGlobalPermissions(PREVIEW_EXECUTION);
|
||||
|
||||
newRequest(ANALYSIS_ID);
|
||||
ComponentDto project = newProjectDto("project-uuid");
|
||||
dbClient.componentDao().insert(dbSession, project);
|
||||
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||
dbSession.commit();
|
||||
|
||||
expectedException.expect(ForbiddenException.class);
|
||||
newRequest(snapshot.getId().toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void not_fail_with_system_admin_permission() {
|
||||
userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
|
||||
|
||||
ComponentDto project = newProjectDto("project-uuid");
|
||||
dbClient.componentDao().insert(dbSession, project);
|
||||
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||
dbSession.commit();
|
||||
|
||||
newRequest(snapshot.getId().toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void not_fail_with_global_scan_permission() {
|
||||
userSession.login("john").setGlobalPermissions(SCAN_EXECUTION);
|
||||
|
||||
ComponentDto project = newProjectDto("project-uuid");
|
||||
dbClient.componentDao().insert(dbSession, project);
|
||||
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||
dbSession.commit();
|
||||
|
||||
newRequest(snapshot.getId().toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void not_fail_with_project_scan_permission() {
|
||||
ComponentDto project = newProjectDto("project-uuid");
|
||||
dbClient.componentDao().insert(dbSession, project);
|
||||
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||
dbSession.commit();
|
||||
|
||||
userSession.login("john").addProjectUuidPermissions(SCAN_EXECUTION, project.uuid());
|
||||
|
||||
newRequest(snapshot.getId().toString());
|
||||
}
|
||||
|
||||
private ProjectStatusWsResponse newRequest(String taskId) {
|
||||
|
Laddar…
Referens i nytt ärende
Block a user