mirror of
https://github.com/SonarSource/sonarqube.git
synced 2024-08-13 02:10:35 +02:00
SONAR-7174 Check scan perm per project in qgate project status WS
This commit is contained in:
parent
bd62851006
commit
7e6178a467
@ -31,16 +31,18 @@ import org.sonar.api.measures.CoreMetrics;
|
|||||||
import org.sonar.api.server.ws.Request;
|
import org.sonar.api.server.ws.Request;
|
||||||
import org.sonar.api.server.ws.Response;
|
import org.sonar.api.server.ws.Response;
|
||||||
import org.sonar.api.server.ws.WebService;
|
import org.sonar.api.server.ws.WebService;
|
||||||
import org.sonar.core.permission.GlobalPermissions;
|
|
||||||
import org.sonar.db.DbClient;
|
import org.sonar.db.DbClient;
|
||||||
import org.sonar.db.DbSession;
|
import org.sonar.db.DbSession;
|
||||||
|
import org.sonar.db.component.ComponentDto;
|
||||||
import org.sonar.db.component.SnapshotDto;
|
import org.sonar.db.component.SnapshotDto;
|
||||||
import org.sonar.db.measure.MeasureDto;
|
import org.sonar.db.measure.MeasureDto;
|
||||||
import org.sonar.server.user.UserSession;
|
import org.sonar.server.user.UserSession;
|
||||||
import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse;
|
import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse;
|
||||||
import org.sonarqube.ws.client.qualitygate.ProjectStatusWsRequest;
|
import org.sonarqube.ws.client.qualitygate.ProjectStatusWsRequest;
|
||||||
|
|
||||||
import static com.google.common.collect.Sets.newHashSet;
|
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
|
||||||
|
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
|
||||||
|
import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
|
||||||
import static org.sonar.server.ws.WsUtils.checkFound;
|
import static org.sonar.server.ws.WsUtils.checkFound;
|
||||||
import static org.sonar.server.ws.WsUtils.writeProtobuf;
|
import static org.sonar.server.ws.WsUtils.writeProtobuf;
|
||||||
|
|
||||||
@ -49,7 +51,7 @@ public class ProjectStatusAction implements QGateWsAction {
|
|||||||
.join(Lists.transform(Arrays.asList(ProjectStatusWsResponse.Status.values()), new Function<ProjectStatusWsResponse.Status, String>() {
|
.join(Lists.transform(Arrays.asList(ProjectStatusWsResponse.Status.values()), new Function<ProjectStatusWsResponse.Status, String>() {
|
||||||
@Nonnull
|
@Nonnull
|
||||||
@Override
|
@Override
|
||||||
public String apply(ProjectStatusWsResponse.Status input) {
|
public String apply(@Nonnull ProjectStatusWsResponse.Status input) {
|
||||||
return input.toString();
|
return input.toString();
|
||||||
}
|
}
|
||||||
}));
|
}));
|
||||||
@ -86,12 +88,12 @@ public class ProjectStatusAction implements QGateWsAction {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private ProjectStatusWsResponse doHandle(ProjectStatusWsRequest request) {
|
private ProjectStatusWsResponse doHandle(ProjectStatusWsRequest request) {
|
||||||
checkScanOrAdminPermission();
|
|
||||||
|
|
||||||
DbSession dbSession = dbClient.openSession(false);
|
DbSession dbSession = dbClient.openSession(false);
|
||||||
try {
|
try {
|
||||||
String snapshotId = request.getAnalysisId();
|
String snapshotId = request.getAnalysisId();
|
||||||
SnapshotDto snapshotDto = getSnapshot(dbSession, snapshotId);
|
SnapshotDto snapshotDto = getSnapshot(dbSession, snapshotId);
|
||||||
|
ComponentDto projectDto = dbClient.componentDao().selectOrFailById(dbSession, snapshotDto.getComponentId());
|
||||||
|
checkPermission(projectDto.uuid());
|
||||||
String measureData = getQualityGateDetailsMeasureData(dbSession, snapshotDto);
|
String measureData = getQualityGateDetailsMeasureData(dbSession, snapshotDto);
|
||||||
|
|
||||||
return ProjectStatusWsResponse.newBuilder()
|
return ProjectStatusWsResponse.newBuilder()
|
||||||
@ -133,7 +135,10 @@ public class ProjectStatusAction implements QGateWsAction {
|
|||||||
.setAnalysisId(request.mandatoryParam("analysisId"));
|
.setAnalysisId(request.mandatoryParam("analysisId"));
|
||||||
}
|
}
|
||||||
|
|
||||||
private void checkScanOrAdminPermission() {
|
private void checkPermission(String projectUuid) {
|
||||||
userSession.checkAnyPermissions(newHashSet(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.SYSTEM_ADMIN));
|
if (!userSession.hasPermission(SYSTEM_ADMIN)
|
||||||
|
&& !userSession.hasComponentUuidPermission(SCAN_EXECUTION, projectUuid)) {
|
||||||
|
throw insufficientPrivilegesException();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -29,7 +29,6 @@ import org.junit.experimental.categories.Category;
|
|||||||
import org.junit.rules.ExpectedException;
|
import org.junit.rules.ExpectedException;
|
||||||
import org.sonar.api.measures.CoreMetrics;
|
import org.sonar.api.measures.CoreMetrics;
|
||||||
import org.sonar.api.utils.System2;
|
import org.sonar.api.utils.System2;
|
||||||
import org.sonar.core.permission.GlobalPermissions;
|
|
||||||
import org.sonar.db.DbClient;
|
import org.sonar.db.DbClient;
|
||||||
import org.sonar.db.DbSession;
|
import org.sonar.db.DbSession;
|
||||||
import org.sonar.db.DbTester;
|
import org.sonar.db.DbTester;
|
||||||
@ -47,6 +46,9 @@ import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse;
|
|||||||
import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse.Status;
|
import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse.Status;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
|
||||||
|
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
|
||||||
|
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
|
||||||
import static org.sonar.db.component.ComponentTesting.newProjectDto;
|
import static org.sonar.db.component.ComponentTesting.newProjectDto;
|
||||||
import static org.sonar.db.component.SnapshotTesting.newSnapshotForProject;
|
import static org.sonar.db.component.SnapshotTesting.newSnapshotForProject;
|
||||||
import static org.sonar.db.measure.MeasureTesting.newMeasureDto;
|
import static org.sonar.db.measure.MeasureTesting.newMeasureDto;
|
||||||
@ -73,11 +75,12 @@ public class ProjectStatusActionTest {
|
|||||||
dbSession = db.getSession();
|
dbSession = db.getSession();
|
||||||
|
|
||||||
ws = new WsActionTester(new ProjectStatusAction(dbClient, userSession));
|
ws = new WsActionTester(new ProjectStatusAction(dbClient, userSession));
|
||||||
userSession.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void json_example() throws IOException {
|
public void json_example() throws IOException {
|
||||||
|
userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
|
||||||
|
|
||||||
ComponentDto project = newProjectDto("project-uuid");
|
ComponentDto project = newProjectDto("project-uuid");
|
||||||
dbClient.componentDao().insert(dbSession, project);
|
dbClient.componentDao().insert(dbSession, project);
|
||||||
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project)
|
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project)
|
||||||
@ -106,6 +109,8 @@ public class ProjectStatusActionTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void fail_if_no_snapshot_id_found() {
|
public void fail_if_no_snapshot_id_found() {
|
||||||
|
userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
|
||||||
|
|
||||||
expectedException.expect(NotFoundException.class);
|
expectedException.expect(NotFoundException.class);
|
||||||
expectedException.expectMessage("Analysis with id 'task-uuid' is not found");
|
expectedException.expectMessage("Analysis with id 'task-uuid' is not found");
|
||||||
|
|
||||||
@ -114,6 +119,8 @@ public class ProjectStatusActionTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void return_undefined_status_if_measure_is_not_found() {
|
public void return_undefined_status_if_measure_is_not_found() {
|
||||||
|
userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
|
||||||
|
|
||||||
ComponentDto project = newProjectDto("project-uuid");
|
ComponentDto project = newProjectDto("project-uuid");
|
||||||
dbClient.componentDao().insert(dbSession, project);
|
dbClient.componentDao().insert(dbSession, project);
|
||||||
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||||
@ -127,7 +134,8 @@ public class ProjectStatusActionTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void return_undefined_status_if_measure_data_is_not_well_formatted() {
|
public void return_undefined_status_if_measure_data_is_not_well_formatted() {
|
||||||
userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
|
userSession.login("john").setGlobalPermissions(SCAN_EXECUTION);
|
||||||
|
|
||||||
ComponentDto project = newProjectDto("project-uuid");
|
ComponentDto project = newProjectDto("project-uuid");
|
||||||
dbClient.componentDao().insert(dbSession, project);
|
dbClient.componentDao().insert(dbSession, project);
|
||||||
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||||
@ -146,10 +154,51 @@ public class ProjectStatusActionTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void fail_if_insufficient_privileges() {
|
public void fail_if_insufficient_privileges() {
|
||||||
userSession.setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
|
userSession.login("john").setGlobalPermissions(PREVIEW_EXECUTION);
|
||||||
expectedException.expect(ForbiddenException.class);
|
|
||||||
|
|
||||||
newRequest(ANALYSIS_ID);
|
ComponentDto project = newProjectDto("project-uuid");
|
||||||
|
dbClient.componentDao().insert(dbSession, project);
|
||||||
|
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||||
|
dbSession.commit();
|
||||||
|
|
||||||
|
expectedException.expect(ForbiddenException.class);
|
||||||
|
newRequest(snapshot.getId().toString());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void not_fail_with_system_admin_permission() {
|
||||||
|
userSession.login("john").setGlobalPermissions(SYSTEM_ADMIN);
|
||||||
|
|
||||||
|
ComponentDto project = newProjectDto("project-uuid");
|
||||||
|
dbClient.componentDao().insert(dbSession, project);
|
||||||
|
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||||
|
dbSession.commit();
|
||||||
|
|
||||||
|
newRequest(snapshot.getId().toString());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void not_fail_with_global_scan_permission() {
|
||||||
|
userSession.login("john").setGlobalPermissions(SCAN_EXECUTION);
|
||||||
|
|
||||||
|
ComponentDto project = newProjectDto("project-uuid");
|
||||||
|
dbClient.componentDao().insert(dbSession, project);
|
||||||
|
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||||
|
dbSession.commit();
|
||||||
|
|
||||||
|
newRequest(snapshot.getId().toString());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void not_fail_with_project_scan_permission() {
|
||||||
|
ComponentDto project = newProjectDto("project-uuid");
|
||||||
|
dbClient.componentDao().insert(dbSession, project);
|
||||||
|
SnapshotDto snapshot = dbClient.snapshotDao().insert(dbSession, newSnapshotForProject(project));
|
||||||
|
dbSession.commit();
|
||||||
|
|
||||||
|
userSession.login("john").addProjectUuidPermissions(SCAN_EXECUTION, project.uuid());
|
||||||
|
|
||||||
|
newRequest(snapshot.getId().toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
private ProjectStatusWsResponse newRequest(String taskId) {
|
private ProjectStatusWsResponse newRequest(String taskId) {
|
||||||
|
Loading…
Reference in New Issue
Block a user