mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
Browse Source

SONAR-10323 Fix WS not checking SCAN global permission

tags/7.5
Eric Hartmann 6 years ago
parent
9d3f2aa4fb
commit
9d33d9fa1a
2 changed files with 8 additions and 3 deletions
Split View Show Diff Stats
  1. 3
    1
      server/sonar-server/src/main/java/org/sonar/server/branch/ws/ListAction.java
  2. 5
    2
      server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java

+ 3
- 1
server/sonar-server/src/main/java/org/sonar/server/branch/ws/ListAction.java View File

@@ -39,6 +39,7 @@ import org.sonar.db.component.BranchType;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.SnapshotDto;
import org.sonar.db.measure.LiveMeasureDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.server.component.ComponentFinder;
import org.sonar.server.issue.index.BranchStatistics;
import org.sonar.server.issue.index.IssueIndex;
@@ -163,7 +164,8 @@ public class ListAction implements BranchWsAction {

private void checkPermission(ComponentDto component) {
if (!userSession.hasComponentPermission(UserRole.USER, component) &&
!userSession.hasComponentPermission(SCAN_EXECUTION, component)) {
!userSession.hasComponentPermission(SCAN_EXECUTION, component) &&
!userSession.hasPermission(OrganizationPermission.SCAN, component.getOrganizationUuid())) {
throw insufficientPrivilegesException();
}
}

+ 5
- 2
server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java View File

@@ -39,6 +39,7 @@ import org.sonar.api.server.ws.WebService;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.server.component.ComponentFinder;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Settings;
@@ -154,8 +155,10 @@ public class ValuesAction implements SettingsWsAction {
return Optional.empty();
}
ComponentDto component = componentFinder.getByKeyAndOptionalBranch(dbSession, componentKey, valuesRequest.getBranch());
if (!userSession.hasComponentPermission(USER, component) && !userSession.hasComponentPermission(SCAN_EXECUTION, component)) {
throw insufficientPrivilegesException();
if (!userSession.hasComponentPermission(USER, component) &&
!userSession.hasComponentPermission(SCAN_EXECUTION, component) &&
!userSession.hasPermission(OrganizationPermission.SCAN, component.getOrganizationUuid())) {
throw insufficientPrivilegesException();
}
return Optional.of(component);
}

Write Preview
Loading…
Cancel
Save