@@ -49,7 +49,7 @@ public class OAuth2ContextFactory { | |||
private final OAuth2AuthenticationParameters oAuthParameters; | |||
public OAuth2ContextFactory(ThreadLocalUserSession threadLocalUserSession, UserRegistrar userRegistrar, Server server, | |||
OAuthCsrfVerifier csrfVerifier, JwtHttpHandler jwtHttpHandler, UserSessionFactory userSessionFactory, OAuth2AuthenticationParameters oAuthParameters) { | |||
OAuthCsrfVerifier csrfVerifier, JwtHttpHandler jwtHttpHandler, UserSessionFactory userSessionFactory, OAuth2AuthenticationParameters oAuthParameters) { | |||
this.threadLocalUserSession = threadLocalUserSession; | |||
this.userRegistrar = userRegistrar; | |||
this.server = server; |
@@ -22,12 +22,14 @@ package org.sonar.server.authentication; | |||
import javax.servlet.http.HttpServletRequest; | |||
import javax.servlet.http.HttpServletResponse; | |||
import org.sonar.api.server.ServerSide; | |||
import org.sonar.server.authentication.event.AuthenticationException; | |||
import org.sonar.server.user.UserSession; | |||
@ServerSide | |||
public interface RequestAuthenticator { | |||
UserSession authenticate(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException; | |||
/** | |||
* @throws org.sonar.server.authentication.event.AuthenticationException if user is not authenticated | |||
*/ | |||
UserSession authenticate(HttpServletRequest request, HttpServletResponse response); | |||
} |
@@ -55,18 +55,18 @@ public class GroupPermissionChanger { | |||
} | |||
} | |||
private boolean isImplicitlyAlreadyDone(GroupPermissionChange change) { | |||
private static boolean isImplicitlyAlreadyDone(GroupPermissionChange change) { | |||
return change.getProjectId() | |||
.map(projectId -> isImplicitlyAlreadyDone(projectId, change)) | |||
.orElse(false); | |||
} | |||
private boolean isImplicitlyAlreadyDone(ProjectId projectId, GroupPermissionChange change) { | |||
private static boolean isImplicitlyAlreadyDone(ProjectId projectId, GroupPermissionChange change) { | |||
return isAttemptToAddPublicPermissionToPublicComponent(change, projectId) | |||
|| isAttemptToRemovePermissionFromAnyoneOnPrivateComponent(change, projectId); | |||
} | |||
private boolean isAttemptToAddPublicPermissionToPublicComponent(GroupPermissionChange change, ProjectId projectId) { | |||
private static boolean isAttemptToAddPublicPermissionToPublicComponent(GroupPermissionChange change, ProjectId projectId) { | |||
return !projectId.isPrivate() | |||
&& change.getOperation() == ADD | |||
&& PUBLIC_PERMISSIONS.contains(change.getPermission()); | |||
@@ -78,7 +78,7 @@ public class GroupPermissionChanger { | |||
&& change.getGroupIdOrAnyone().isAnyone(); | |||
} | |||
private void ensureConsistencyWithVisibility(GroupPermissionChange change) { | |||
private static void ensureConsistencyWithVisibility(GroupPermissionChange change) { | |||
change.getProjectId() | |||
.ifPresent(projectId -> { | |||
checkRequest( | |||
@@ -96,7 +96,7 @@ public class GroupPermissionChanger { | |||
&& change.getGroupIdOrAnyone().isAnyone(); | |||
} | |||
private boolean isAttemptToRemovePublicPermissionFromPublicComponent(GroupPermissionChange change, ProjectId projectId) { | |||
private static boolean isAttemptToRemovePublicPermissionFromPublicComponent(GroupPermissionChange change, ProjectId projectId) { | |||
return !projectId.isPrivate() | |||
&& change.getOperation() == REMOVE | |||
&& PUBLIC_PERMISSIONS.contains(change.getPermission()); |
@@ -60,15 +60,13 @@ public class PermissionTemplateService { | |||
private final ProjectIndexers projectIndexers; | |||
private final UserSession userSession; | |||
private final DefaultTemplatesResolver defaultTemplatesResolver; | |||
private final PermissionService permissionService; | |||
public PermissionTemplateService(DbClient dbClient, ProjectIndexers projectIndexers, UserSession userSession, | |||
DefaultTemplatesResolver defaultTemplatesResolver, PermissionService permissionService) { | |||
DefaultTemplatesResolver defaultTemplatesResolver) { | |||
this.dbClient = dbClient; | |||
this.projectIndexers = projectIndexers; | |||
this.userSession = userSession; | |||
this.defaultTemplatesResolver = defaultTemplatesResolver; | |||
this.permissionService = permissionService; | |||
} | |||
public boolean wouldUserHaveScanPermissionWithDefaultTemplate(DbSession dbSession, | |||
@@ -170,7 +168,7 @@ public class PermissionTemplateService { | |||
} | |||
} | |||
private boolean permissionValidForProject(ComponentDto project, String permission) { | |||
private static boolean permissionValidForProject(ComponentDto project, String permission) { | |||
return project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission); | |||
} | |||
@@ -57,30 +57,30 @@ public class UserPermissionChanger { | |||
} | |||
} | |||
private boolean isImplicitlyAlreadyDone(UserPermissionChange change) { | |||
private static boolean isImplicitlyAlreadyDone(UserPermissionChange change) { | |||
return change.getProjectId() | |||
.map(projectId -> isImplicitlyAlreadyDone(projectId, change)) | |||
.orElse(false); | |||
} | |||
private boolean isImplicitlyAlreadyDone(ProjectId projectId, UserPermissionChange change) { | |||
private static boolean isImplicitlyAlreadyDone(ProjectId projectId, UserPermissionChange change) { | |||
return isAttemptToAddPublicPermissionToPublicComponent(change, projectId); | |||
} | |||
private boolean isAttemptToAddPublicPermissionToPublicComponent(UserPermissionChange change, ProjectId projectId) { | |||
private static boolean isAttemptToAddPublicPermissionToPublicComponent(UserPermissionChange change, ProjectId projectId) { | |||
return !projectId.isPrivate() | |||
&& change.getOperation() == ADD | |||
&& PUBLIC_PERMISSIONS.contains(change.getPermission()); | |||
} | |||
private void ensureConsistencyWithVisibility(UserPermissionChange change) { | |||
private static void ensureConsistencyWithVisibility(UserPermissionChange change) { | |||
change.getProjectId() | |||
.ifPresent(projectId -> checkRequest( | |||
!isAttemptToRemovePublicPermissionFromPublicComponent(change, projectId), | |||
"Permission %s can't be removed from a public component", change.getPermission())); | |||
} | |||
private boolean isAttemptToRemovePublicPermissionFromPublicComponent(UserPermissionChange change, ProjectId projectId) { | |||
private static boolean isAttemptToRemovePublicPermissionFromPublicComponent(UserPermissionChange change, ProjectId projectId) { | |||
return !projectId.isPrivate() | |||
&& change.getOperation() == REMOVE | |||
&& PUBLIC_PERMISSIONS.contains(change.getPermission()); |
@@ -37,7 +37,6 @@ import org.sonar.db.permission.UserPermissionDto; | |||
import org.sonar.server.component.ComponentFinder; | |||
import org.sonar.server.es.ProjectIndexer; | |||
import org.sonar.server.es.ProjectIndexers; | |||
import org.sonar.server.permission.PermissionService; | |||
import org.sonar.server.project.Visibility; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonarqube.ws.client.project.ProjectsWsParameters; | |||
@@ -58,16 +57,14 @@ public class UpdateVisibilityAction implements ProjectsWsAction { | |||
private final UserSession userSession; | |||
private final ProjectIndexers projectIndexers; | |||
private final ProjectsWsSupport projectsWsSupport; | |||
private final PermissionService permissionService; | |||
public UpdateVisibilityAction(DbClient dbClient, ComponentFinder componentFinder, UserSession userSession, | |||
ProjectIndexers projectIndexers, ProjectsWsSupport projectsWsSupport, PermissionService permissionService) { | |||
ProjectIndexers projectIndexers, ProjectsWsSupport projectsWsSupport) { | |||
this.dbClient = dbClient; | |||
this.componentFinder = componentFinder; | |||
this.userSession = userSession; | |||
this.projectIndexers = projectIndexers; | |||
this.projectsWsSupport = projectsWsSupport; | |||
this.permissionService = permissionService; | |||
} | |||
public void define(WebService.NewController context) { |
@@ -66,7 +66,7 @@ public class PermissionTemplateServiceTest { | |||
private DbSession session = dbTester.getSession(); | |||
private ProjectIndexers projectIndexers = new TestProjectIndexers(); | |||
private PermissionTemplateService underTest = new PermissionTemplateService(dbTester.getDbClient(), projectIndexers, userSession, defaultTemplatesResolver, permissionService); | |||
private PermissionTemplateService underTest = new PermissionTemplateService(dbTester.getDbClient(), projectIndexers, userSession, defaultTemplatesResolver); | |||
@Test | |||
public void apply_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() { |
@@ -24,11 +24,8 @@ import javax.annotation.Nullable; | |||
import org.junit.Before; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.sonar.api.resources.Qualifiers; | |||
import org.sonar.api.resources.ResourceTypes; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.component.ResourceTypesRule; | |||
import org.sonar.db.permission.PermissionQuery; | |||
import org.sonar.db.permission.template.PermissionTemplateDto; | |||
import org.sonar.db.user.GroupDto; | |||
@@ -37,8 +34,6 @@ import org.sonar.server.es.TestProjectIndexers; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.exceptions.ForbiddenException; | |||
import org.sonar.server.exceptions.NotFoundException; | |||
import org.sonar.server.permission.PermissionService; | |||
import org.sonar.server.permission.PermissionServiceImpl; | |||
import org.sonar.server.permission.PermissionTemplateService; | |||
import org.sonar.server.permission.ws.BasePermissionWsTest; | |||
import org.sonar.server.ws.TestRequest; | |||
@@ -63,11 +58,8 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA | |||
private PermissionTemplateDto template1; | |||
private PermissionTemplateDto template2; | |||
private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); | |||
private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); | |||
private PermissionTemplateService permissionTemplateService = new PermissionTemplateService(db.getDbClient(), | |||
new TestProjectIndexers(), userSession, defaultTemplatesResolver, permissionService); | |||
new TestProjectIndexers(), userSession, defaultTemplatesResolver); | |||
@Override | |||
protected ApplyTemplateAction buildWsAction() { | |||
@@ -104,7 +96,7 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA | |||
} | |||
@Test | |||
public void apply_template_with_project_uuid() throws Exception { | |||
public void apply_template_with_project_uuid() { | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
newRequest(template1.getUuid(), project.uuid(), null); | |||
@@ -125,7 +117,7 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA | |||
} | |||
@Test | |||
public void apply_template_with_project_key() throws Exception { | |||
public void apply_template_with_project_key() { | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
newRequest(template1.getUuid(), null, project.getDbKey()); | |||
@@ -134,7 +126,7 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA | |||
} | |||
@Test | |||
public void fail_when_unknown_template() throws Exception { | |||
public void fail_when_unknown_template() { | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
expectedException.expect(NotFoundException.class); | |||
@@ -144,7 +136,7 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA | |||
} | |||
@Test | |||
public void fail_when_unknown_project_uuid() throws Exception { | |||
public void fail_when_unknown_project_uuid() { | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
expectedException.expect(NotFoundException.class); | |||
@@ -154,7 +146,7 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA | |||
} | |||
@Test | |||
public void fail_when_unknown_project_key() throws Exception { | |||
public void fail_when_unknown_project_key() { | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
expectedException.expect(NotFoundException.class); | |||
@@ -164,7 +156,7 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA | |||
} | |||
@Test | |||
public void fail_when_template_is_not_provided() throws Exception { | |||
public void fail_when_template_is_not_provided() { | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
expectedException.expect(BadRequestException.class); | |||
@@ -173,7 +165,7 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA | |||
} | |||
@Test | |||
public void fail_when_project_uuid_and_key_not_provided() throws Exception { | |||
public void fail_when_project_uuid_and_key_not_provided() { | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
expectedException.expect(BadRequestException.class); | |||
@@ -183,7 +175,7 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA | |||
} | |||
@Test | |||
public void fail_when_not_admin_of_organization() throws Exception { | |||
public void fail_when_not_admin_of_organization() { | |||
userSession.logIn().addPermission(ADMINISTER, "otherOrg"); | |||
expectedException.expect(ForbiddenException.class); |
@@ -25,12 +25,10 @@ import org.apache.commons.lang.StringUtils; | |||
import org.junit.Before; | |||
import org.junit.Test; | |||
import org.sonar.api.resources.Qualifiers; | |||
import org.sonar.api.resources.ResourceTypes; | |||
import org.sonar.api.server.ws.WebService.Param; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.component.ComponentTesting; | |||
import org.sonar.db.component.ResourceTypesRule; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.PermissionQuery; | |||
import org.sonar.db.permission.template.PermissionTemplateDto; | |||
@@ -41,8 +39,6 @@ import org.sonar.server.es.TestProjectIndexers; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.exceptions.NotFoundException; | |||
import org.sonar.server.l18n.I18nRule; | |||
import org.sonar.server.permission.PermissionService; | |||
import org.sonar.server.permission.PermissionServiceImpl; | |||
import org.sonar.server.permission.PermissionTemplateService; | |||
import org.sonar.server.permission.ws.BasePermissionWsTest; | |||
@@ -65,9 +61,6 @@ public class BulkApplyTemplateActionTest extends BasePermissionWsTest<BulkApplyT | |||
@org.junit.Rule | |||
public DefaultTemplatesResolverRule defaultTemplatesResolver = DefaultTemplatesResolverRule.withoutGovernance(); | |||
private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); | |||
private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); | |||
private UserDto user1; | |||
private UserDto user2; | |||
private GroupDto group1; | |||
@@ -80,7 +73,7 @@ public class BulkApplyTemplateActionTest extends BasePermissionWsTest<BulkApplyT | |||
@Override | |||
protected BulkApplyTemplateAction buildWsAction() { | |||
PermissionTemplateService permissionTemplateService = new PermissionTemplateService(db.getDbClient(), | |||
projectIndexers, userSession, defaultTemplatesResolver, permissionService); | |||
projectIndexers, userSession, defaultTemplatesResolver); | |||
return new BulkApplyTemplateAction(db.getDbClient(), userSession, permissionTemplateService, newPermissionWsSupport(), new I18nRule(), newRootResourceTypes()); | |||
} | |||
@@ -106,7 +106,7 @@ public class UpdateVisibilityActionTest { | |||
private BillingValidationsProxy billingValidations = mock(BillingValidationsProxy.class); | |||
private ProjectsWsSupport wsSupport = new ProjectsWsSupport(dbClient, TestDefaultOrganizationProvider.from(dbTester), billingValidations); | |||
private UpdateVisibilityAction underTest = new UpdateVisibilityAction(dbClient, TestComponentFinder.from(dbTester), userSessionRule, projectIndexers, wsSupport, permissionService); | |||
private UpdateVisibilityAction underTest = new UpdateVisibilityAction(dbClient, TestComponentFinder.from(dbTester), userSessionRule, projectIndexers, wsSupport); | |||
private WsActionTester ws = new WsActionTester(underTest); | |||
private final Random random = new Random(); |
@@ -34,6 +34,11 @@ import java.util.Set; | |||
@Retention(RetentionPolicy.RUNTIME) | |||
@Target(ElementType.TYPE) | |||
public @interface UserRole { | |||
/** | |||
* Permissions which are implicitly available for any user, any group and to group "AnyOne" on public components. | |||
* @since 7.5 | |||
*/ | |||
Set<String> PUBLIC_PERMISSIONS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(UserRole.USER, UserRole.CODEVIEWER))); | |||
/** | |||
* @deprecated use the constant USER since 1.12. | |||
@@ -58,10 +63,4 @@ public @interface UserRole { | |||
String[] value() default {}; | |||
/** | |||
* Permissions which are implicitly available for any user, any group and to group "AnyOne" on public components. | |||
* @since 7.5 | |||
*/ | |||
Set<String> PUBLIC_PERMISSIONS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(UserRole.USER, UserRole.CODEVIEWER))); | |||
} |