@@ -27,8 +27,6 @@ import org.sonar.api.config.PropertyFieldDefinition; | |||
import org.sonar.api.server.ws.Request; | |||
import org.sonar.api.server.ws.Response; | |||
import org.sonar.api.server.ws.WebService; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.component.ComponentDto; | |||
@@ -39,8 +37,9 @@ import org.sonarqube.ws.Settings.ListDefinitionsWsResponse; | |||
import org.sonarqube.ws.client.setting.ListDefinitionsRequest; | |||
import static com.google.common.base.Strings.emptyToNull; | |||
import static org.sonar.api.web.UserRole.USER; | |||
import static org.sonar.core.util.Protobuf.setNullable; | |||
import static org.sonar.server.setting.ws.SettingsWsComponentParameter.addComponentParameter; | |||
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; | |||
import static org.sonar.server.ws.WsUtils.writeProtobuf; | |||
import static org.sonarqube.ws.client.setting.SettingsWsParameters.ACTION_LIST_DEFINITIONS; | |||
import static org.sonarqube.ws.client.setting.SettingsWsParameters.PARAM_COMPONENT; | |||
@@ -51,27 +50,34 @@ public class ListDefinitionsAction implements SettingsWsAction { | |||
private final ComponentFinder componentFinder; | |||
private final UserSession userSession; | |||
private final PropertyDefinitions propertyDefinitions; | |||
private final SettingsPermissionPredicates settingsPermissionPredicates; | |||
public ListDefinitionsAction(DbClient dbClient, ComponentFinder componentFinder, UserSession userSession, PropertyDefinitions propertyDefinitions) { | |||
public ListDefinitionsAction(DbClient dbClient, ComponentFinder componentFinder, UserSession userSession, PropertyDefinitions propertyDefinitions, | |||
SettingsPermissionPredicates settingsPermissionPredicates) { | |||
this.dbClient = dbClient; | |||
this.componentFinder = componentFinder; | |||
this.userSession = userSession; | |||
this.propertyDefinitions = propertyDefinitions; | |||
this.settingsPermissionPredicates = settingsPermissionPredicates; | |||
} | |||
@Override | |||
public void define(WebService.NewController context) { | |||
WebService.NewAction action = context.createAction(ACTION_LIST_DEFINITIONS) | |||
.setDescription("List settings definitions.<br>" + | |||
"Requires one of the following permissions: " + | |||
"<ul>" + | |||
"<li>'Administer System'</li>" + | |||
"<li>'Administer' rights on the specified component</li>" + | |||
"</ul>") | |||
"Requires 'Browse' permission when a component is specified<br/>", | |||
"To access licensed settings, authentication is required<br/>" + | |||
"To access secured settings, one of the following permissions is required: " + | |||
"<ul>" + | |||
"<li>'Administer System'</li>" + | |||
"<li>'Administer' rights on the specified component</li>" + | |||
"</ul>") | |||
.setResponseExample(getClass().getResource("list_definitions-example.json")) | |||
.setSince("6.1") | |||
.setSince("6.3") | |||
.setHandler(this); | |||
addComponentParameter(action); | |||
action.createParam(PARAM_COMPONENT) | |||
.setDescription("Component key") | |||
.setExampleValue(KEY_PROJECT_EXAMPLE_001); | |||
} | |||
@Override | |||
@@ -81,11 +87,12 @@ public class ListDefinitionsAction implements SettingsWsAction { | |||
private ListDefinitionsWsResponse doHandle(Request request) { | |||
ListDefinitionsRequest wsRequest = toWsRequest(request); | |||
Optional<String> qualifier = getQualifier(wsRequest); | |||
Optional<ComponentDto> component = loadComponent(wsRequest); | |||
Optional<String> qualifier = getQualifier(component); | |||
ListDefinitionsWsResponse.Builder wsResponse = ListDefinitionsWsResponse.newBuilder(); | |||
propertyDefinitions.getAll().stream() | |||
.filter(definition -> qualifier.isPresent() ? definition.qualifiers().contains(qualifier.get()) : definition.global()) | |||
.filter(settingsPermissionPredicates.isDefinitionVisible(component)) | |||
.forEach(definition -> addDefinition(definition, wsResponse)); | |||
return wsResponse.build(); | |||
} | |||
@@ -96,30 +103,19 @@ public class ListDefinitionsAction implements SettingsWsAction { | |||
.build(); | |||
} | |||
private Optional<String> getQualifier(ListDefinitionsRequest wsRequest) { | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { | |||
Optional<ComponentDto> component = getComponent(dbSession, wsRequest); | |||
checkAdminPermission(component); | |||
return component.isPresent() ? Optional.of(component.get().qualifier()) : Optional.empty(); | |||
} finally { | |||
dbClient.closeSession(dbSession); | |||
} | |||
} | |||
private Optional<ComponentDto> getComponent(DbSession dbSession, ListDefinitionsRequest wsRequest) { | |||
String componentKey = wsRequest.getComponent(); | |||
if (componentKey == null) { | |||
return Optional.empty(); | |||
} | |||
return Optional.of(componentFinder.getByKey(dbSession, componentKey)); | |||
private static Optional<String> getQualifier(Optional<ComponentDto> component) { | |||
return component.isPresent() ? Optional.of(component.get().qualifier()) : Optional.empty(); | |||
} | |||
private void checkAdminPermission(Optional<ComponentDto> component) { | |||
if (component.isPresent()) { | |||
userSession.checkComponentUuidPermission(UserRole.ADMIN, component.get().uuid()); | |||
} else { | |||
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
private Optional<ComponentDto> loadComponent(ListDefinitionsRequest valuesRequest) { | |||
try (DbSession dbSession = dbClient.openSession(false)) { | |||
String componentKey = valuesRequest.getComponent(); | |||
if (componentKey == null) { | |||
return Optional.empty(); | |||
} | |||
ComponentDto component = componentFinder.getByKey(dbSession, componentKey); | |||
userSession.checkComponentUuidPermission(USER, component.projectUuid()); | |||
return Optional.of(component); | |||
} | |||
} | |||
@@ -41,7 +41,7 @@ import org.sonar.server.user.UserSession; | |||
import org.sonarqube.ws.client.setting.ResetRequest; | |||
import static java.util.Collections.emptyList; | |||
import static org.sonar.server.setting.ws.SettingsWsComponentParameter.addComponentParameter; | |||
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; | |||
import static org.sonarqube.ws.client.setting.SettingsWsParameters.ACTION_RESET; | |||
import static org.sonarqube.ws.client.setting.SettingsWsParameters.PARAM_COMPONENT; | |||
import static org.sonarqube.ws.client.setting.SettingsWsParameters.PARAM_KEYS; | |||
@@ -82,7 +82,9 @@ public class ResetAction implements SettingsWsAction { | |||
.setDescription("Setting keys") | |||
.setExampleValue("sonar.links.scm,sonar.debt.hoursInDay") | |||
.setRequired(true); | |||
addComponentParameter(action); | |||
action.createParam(PARAM_COMPONENT) | |||
.setDescription("Component key") | |||
.setExampleValue(KEY_PROJECT_EXAMPLE_001); | |||
} | |||
@Override |
@@ -58,7 +58,7 @@ import org.sonar.server.setting.ws.SettingValidations.SettingData; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonarqube.ws.client.setting.SetRequest; | |||
import static org.sonar.server.setting.ws.SettingsWsComponentParameter.addComponentParameter; | |||
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; | |||
import static org.sonar.server.ws.WsUtils.checkRequest; | |||
import static org.sonarqube.ws.client.setting.SettingsWsParameters.ACTION_SET; | |||
import static org.sonarqube.ws.client.setting.SettingsWsParameters.PARAM_COMPONENT; | |||
@@ -122,7 +122,9 @@ public class SetAction implements SettingsWsAction { | |||
.setDescription("Setting field values. To set several values, the parameter must be called once for each value.") | |||
.setExampleValue(PARAM_FIELD_VALUES + "={\"firstField\":\"first value\", \"secondField\":\"second value\", \"thirdField\":\"third value\"}"); | |||
addComponentParameter(action); | |||
action.createParam(PARAM_COMPONENT) | |||
.setDescription("Component key") | |||
.setExampleValue(KEY_PROJECT_EXAMPLE_001); | |||
} | |||
@Override |
@@ -0,0 +1,64 @@ | |||
/* | |||
* SonarQube | |||
* Copyright (C) 2009-2016 SonarSource SA | |||
* mailto:contact AT sonarsource DOT com | |||
* | |||
* This program is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.setting.ws; | |||
import java.util.Optional; | |||
import java.util.function.Predicate; | |||
import org.sonar.api.config.PropertyDefinition; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.server.user.UserSession; | |||
import static org.sonar.api.web.UserRole.ADMIN; | |||
public class SettingsPermissionPredicates { | |||
private static final String SECURED_SUFFIX = ".secured"; | |||
static final String LICENSE_SUFFIX = ".license.secured"; | |||
static final String LICENSE_HASH_SUFFIX = ".licenseHash.secured"; | |||
private final UserSession userSession; | |||
public SettingsPermissionPredicates(UserSession userSession) { | |||
this.userSession = userSession; | |||
} | |||
Predicate<Setting> isSettingVisible(Optional<ComponentDto> component) { | |||
return setting -> isVisible(setting.getKey(), component); | |||
} | |||
Predicate<PropertyDefinition> isDefinitionVisible(Optional<ComponentDto> component) { | |||
return propertyDefinition -> isVisible(propertyDefinition.key(), component); | |||
} | |||
boolean isVisible(String settingKey, Optional<ComponentDto> component) { | |||
return !settingKey.endsWith(SECURED_SUFFIX) | |||
|| hasAdminPermission(component) | |||
|| (isLicenseRelated(settingKey) && userSession.isLoggedIn()); | |||
} | |||
private boolean hasAdminPermission(Optional<ComponentDto> component) { | |||
return component.isPresent() ? userSession.hasComponentUuidPermission(ADMIN, component.get().uuid()) : userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
} | |||
private static boolean isLicenseRelated(String settingKey) { | |||
return settingKey.endsWith(LICENSE_SUFFIX) || settingKey.endsWith(LICENSE_HASH_SUFFIX); | |||
} | |||
} |
@@ -1,39 +0,0 @@ | |||
/* | |||
* SonarQube | |||
* Copyright (C) 2009-2016 SonarSource SA | |||
* mailto:contact AT sonarsource DOT com | |||
* | |||
* This program is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.setting.ws; | |||
import org.sonar.api.server.ws.WebService; | |||
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; | |||
import static org.sonarqube.ws.client.setting.SettingsWsParameters.PARAM_COMPONENT; | |||
class SettingsWsComponentParameter { | |||
private SettingsWsComponentParameter() { | |||
// Only static methods | |||
} | |||
static void addComponentParameter(WebService.NewAction action) { | |||
action.createParam(PARAM_COMPONENT) | |||
.setDescription("Component key") | |||
.setExampleValue(KEY_PROJECT_EXAMPLE_001); | |||
} | |||
} |
@@ -27,7 +27,7 @@ public class SettingsWsModule extends Module { | |||
add( | |||
SettingsWs.class, | |||
SetAction.class, | |||
SettingsWsComponentParameter.class, | |||
SettingsPermissionPredicates.class, | |||
ListDefinitionsAction.class, | |||
ValuesAction.class, | |||
SettingsFinder.class, |
@@ -30,7 +30,6 @@ import java.util.Objects; | |||
import java.util.Optional; | |||
import java.util.Set; | |||
import java.util.function.Function; | |||
import java.util.function.Predicate; | |||
import java.util.stream.Collectors; | |||
import java.util.stream.Stream; | |||
import org.sonar.api.config.PropertyDefinition; | |||
@@ -38,7 +37,6 @@ import org.sonar.api.config.PropertyDefinitions; | |||
import org.sonar.api.server.ws.Request; | |||
import org.sonar.api.server.ws.Response; | |||
import org.sonar.api.server.ws.WebService; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.component.ComponentDto; | |||
@@ -55,9 +53,10 @@ import static org.sonar.api.CoreProperties.PERMANENT_SERVER_ID; | |||
import static org.sonar.api.CoreProperties.SERVER_STARTTIME; | |||
import static org.sonar.api.PropertyType.LICENSE; | |||
import static org.sonar.api.PropertyType.PROPERTY_SET; | |||
import static org.sonar.api.web.UserRole.ADMIN; | |||
import static org.sonar.api.web.UserRole.USER; | |||
import static org.sonar.server.setting.ws.SettingsWsComponentParameter.addComponentParameter; | |||
import static org.sonar.server.setting.ws.SettingsPermissionPredicates.LICENSE_HASH_SUFFIX; | |||
import static org.sonar.server.setting.ws.SettingsPermissionPredicates.LICENSE_SUFFIX; | |||
import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; | |||
import static org.sonar.server.ws.WsUtils.writeProtobuf; | |||
import static org.sonarqube.ws.client.setting.SettingsWsParameters.ACTION_VALUES; | |||
import static org.sonarqube.ws.client.setting.SettingsWsParameters.PARAM_COMPONENT; | |||
@@ -68,10 +67,6 @@ public class ValuesAction implements SettingsWsAction { | |||
private static final Splitter COMMA_SPLITTER = Splitter.on(","); | |||
private static final String COMMA_ENCODED_VALUE = "%2C"; | |||
private static final String SECURED_SUFFIX = ".secured"; | |||
private static final String LICENSE_SUFFIX = ".license.secured"; | |||
private static final String LICENSE_HASH_SUFFIX = ".licenseHash.secured"; | |||
private static final Set<String> ADDITIONAL_KEYS = ImmutableSet.of(PERMANENT_SERVER_ID, SERVER_STARTTIME); | |||
private final DbClient dbClient; | |||
@@ -79,13 +74,16 @@ public class ValuesAction implements SettingsWsAction { | |||
private final UserSession userSession; | |||
private final PropertyDefinitions propertyDefinitions; | |||
private final SettingsFinder settingsFinder; | |||
private final SettingsPermissionPredicates settingsPermissionPredicates; | |||
public ValuesAction(DbClient dbClient, ComponentFinder componentFinder, UserSession userSession, PropertyDefinitions propertyDefinitions, SettingsFinder settingsFinder) { | |||
public ValuesAction(DbClient dbClient, ComponentFinder componentFinder, UserSession userSession, PropertyDefinitions propertyDefinitions, SettingsFinder settingsFinder, | |||
SettingsPermissionPredicates settingsPermissionPredicates) { | |||
this.dbClient = dbClient; | |||
this.componentFinder = componentFinder; | |||
this.userSession = userSession; | |||
this.propertyDefinitions = propertyDefinitions; | |||
this.settingsFinder = settingsFinder; | |||
this.settingsPermissionPredicates = settingsPermissionPredicates; | |||
} | |||
@Override | |||
@@ -101,9 +99,11 @@ public class ValuesAction implements SettingsWsAction { | |||
"<li>'Administer' rights on the specified component</li>" + | |||
"</ul>") | |||
.setResponseExample(getClass().getResource("values-example.json")) | |||
.setSince("6.1") | |||
.setSince("6.3") | |||
.setHandler(this); | |||
addComponentParameter(action); | |||
action.createParam(PARAM_COMPONENT) | |||
.setDescription("Component key") | |||
.setExampleValue(KEY_PROJECT_EXAMPLE_001); | |||
action.createParam(PARAM_KEYS) | |||
.setDescription("List of setting keys") | |||
.setExampleValue("sonar.technicalDebt.hoursInDay,sonar.dbcleaner.cleanDirectory"); | |||
@@ -171,24 +171,10 @@ public class ValuesAction implements SettingsWsAction { | |||
settings.addAll(settingsFinder.loadGlobalSettings(dbSession, keys)); | |||
component.ifPresent(componentDto -> settings.addAll(settingsFinder.loadComponentSettings(dbSession, keys, componentDto).values())); | |||
return settings.stream() | |||
.filter(isVisible(component)) | |||
.filter(settingsPermissionPredicates.isSettingVisible(component)) | |||
.collect(Collectors.toList()); | |||
} | |||
private Predicate<Setting> isVisible(Optional<ComponentDto> component) { | |||
return setting -> !setting.getKey().endsWith(SECURED_SUFFIX) | |||
|| hasAdminPermission(component) | |||
|| (isLicenseRelated(setting) && userSession.isLoggedIn()); | |||
} | |||
private boolean hasAdminPermission(Optional<ComponentDto> component) { | |||
return component.isPresent() ? userSession.hasComponentUuidPermission(ADMIN, component.get().uuid()) : userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
} | |||
private static boolean isLicenseRelated(Setting setting) { | |||
return setting.getKey().endsWith(LICENSE_SUFFIX) || setting.getKey().endsWith(LICENSE_HASH_SUFFIX); | |||
} | |||
private List<Setting> loadDefaultSettings(Set<String> keys) { | |||
return propertyDefinitions.getAll().stream() | |||
.filter(definition -> keys.contains(definition.key())) |
@@ -33,7 +33,6 @@ import org.sonar.api.config.PropertyDefinitions; | |||
import org.sonar.api.config.PropertyFieldDefinition; | |||
import org.sonar.api.server.ws.WebService; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.component.ComponentDbTester; | |||
@@ -53,6 +52,7 @@ import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.api.resources.Qualifiers.MODULE; | |||
import static org.sonar.api.resources.Qualifiers.PROJECT; | |||
import static org.sonar.api.web.UserRole.ADMIN; | |||
import static org.sonar.api.web.UserRole.CODEVIEWER; | |||
import static org.sonar.api.web.UserRole.USER; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.component.ComponentTesting.newProjectDto; | |||
@@ -87,7 +87,8 @@ public class ListDefinitionsActionTest { | |||
PropertyDefinitions propertyDefinitions = new PropertyDefinitions(); | |||
WsActionTester ws = new WsActionTester(new ListDefinitionsAction(dbClient, new ComponentFinder(dbClient), userSession, propertyDefinitions)); | |||
WsActionTester ws = new WsActionTester( | |||
new ListDefinitionsAction(dbClient, new ComponentFinder(dbClient), userSession, propertyDefinitions, new SettingsPermissionPredicates(userSession))); | |||
@Before | |||
public void setUp() throws Exception { | |||
@@ -96,7 +97,7 @@ public class ListDefinitionsActionTest { | |||
@Test | |||
public void return_settings_definitions() { | |||
setUserAsSystemAdmin(); | |||
setAuthenticatedUser(); | |||
propertyDefinitions.addComponent(PropertyDefinition | |||
.builder("foo") | |||
.name("Foo") | |||
@@ -124,7 +125,7 @@ public class ListDefinitionsActionTest { | |||
@Test | |||
public void return_settings_definitions_with_minimum_fields() { | |||
setUserAsSystemAdmin(); | |||
setAuthenticatedUser(); | |||
propertyDefinitions.addComponent(PropertyDefinition | |||
.builder("foo") | |||
.build()); | |||
@@ -147,7 +148,7 @@ public class ListDefinitionsActionTest { | |||
@Test | |||
public void return_settings_definitions_with_deprecated_key() { | |||
setUserAsSystemAdmin(); | |||
setAuthenticatedUser(); | |||
propertyDefinitions.addComponent(PropertyDefinition | |||
.builder("foo") | |||
.name("Foo") | |||
@@ -165,7 +166,7 @@ public class ListDefinitionsActionTest { | |||
@Test | |||
public void return_default_category() throws Exception { | |||
setUserAsSystemAdmin(); | |||
setAuthenticatedUser(); | |||
propertyDefinitions.addComponent(PropertyDefinition.builder("foo").build(), "default"); | |||
propertyDefinitions.addComponent(PropertyDefinition.builder("foo").category("").build(), "default"); | |||
@@ -178,7 +179,7 @@ public class ListDefinitionsActionTest { | |||
@Test | |||
public void return_single_select_list_property() throws Exception { | |||
setUserAsSystemAdmin(); | |||
setAuthenticatedUser(); | |||
propertyDefinitions.addComponent(PropertyDefinition | |||
.builder("foo") | |||
.type(PropertyType.SINGLE_SELECT_LIST) | |||
@@ -195,7 +196,7 @@ public class ListDefinitionsActionTest { | |||
@Test | |||
public void return_property_set() throws Exception { | |||
setUserAsSystemAdmin(); | |||
setAuthenticatedUser(); | |||
propertyDefinitions.addComponent(PropertyDefinition | |||
.builder("foo") | |||
.type(PropertyType.PROPERTY_SET) | |||
@@ -225,8 +226,8 @@ public class ListDefinitionsActionTest { | |||
} | |||
@Test | |||
public void return_license_type_property_set() throws Exception { | |||
setUserAsSystemAdmin(); | |||
public void return_license_type_in_property_set() throws Exception { | |||
setAuthenticatedUser(); | |||
propertyDefinitions.addComponent(PropertyDefinition | |||
.builder("foo") | |||
.type(PropertyType.PROPERTY_SET) | |||
@@ -241,7 +242,7 @@ public class ListDefinitionsActionTest { | |||
@Test | |||
public void return_global_settings_definitions() { | |||
setUserAsSystemAdmin(); | |||
setAuthenticatedUser(); | |||
propertyDefinitions.addComponent(PropertyDefinition.builder("foo").build()); | |||
ListDefinitionsWsResponse result = executeRequest(); | |||
@@ -251,7 +252,7 @@ public class ListDefinitionsActionTest { | |||
@Test | |||
public void return_project_settings_def_by_project_key() { | |||
setUserAsProjectAdmin(); | |||
setUserWithBrowsePermissionOnProject(); | |||
propertyDefinitions.addComponent(PropertyDefinition | |||
.builder("foo") | |||
.onQualifiers(PROJECT) | |||
@@ -264,7 +265,7 @@ public class ListDefinitionsActionTest { | |||
@Test | |||
public void return_only_global_properties_when_no_component_parameter() throws Exception { | |||
setUserAsSystemAdmin(); | |||
setUserWithBrowsePermissionOnProject(); | |||
propertyDefinitions.addComponents(asList( | |||
PropertyDefinition.builder("global").build(), | |||
PropertyDefinition.builder("global-and-project").onQualifiers(PROJECT).build(), | |||
@@ -278,7 +279,7 @@ public class ListDefinitionsActionTest { | |||
@Test | |||
public void return_only_properties_available_for_component_qualifier() throws Exception { | |||
setUserAsProjectAdmin(); | |||
setUserWithBrowsePermissionOnProject(); | |||
propertyDefinitions.addComponents(asList( | |||
PropertyDefinition.builder("global").build(), | |||
PropertyDefinition.builder("global-and-project").onQualifiers(PROJECT).build(), | |||
@@ -311,18 +312,59 @@ public class ListDefinitionsActionTest { | |||
} | |||
@Test | |||
public void fail_when_not_system_admin() throws Exception { | |||
userSession.login("not-admin").setGlobalPermissions(GlobalPermissions.QUALITY_GATE_ADMIN); | |||
propertyDefinitions.addComponent(PropertyDefinition.builder("foo").build()); | |||
public void does_not_returned_secured_settings_when_not_authenticated() throws Exception { | |||
propertyDefinitions.addComponents(asList( | |||
PropertyDefinition.builder("foo").build(), | |||
PropertyDefinition.builder("secret.secured").build(), | |||
PropertyDefinition.builder("plugin.license.secured").type(PropertyType.LICENSE).build())); | |||
expectedException.expect(ForbiddenException.class); | |||
ListDefinitionsWsResponse result = executeRequest(); | |||
assertThat(result.getDefinitionsList()).extracting(Settings.Definition::getKey).containsOnly("foo"); | |||
} | |||
@Test | |||
public void return_license_settings_when_authenticated_but_not_admin() throws Exception { | |||
setUserWithBrowsePermissionOnProject(); | |||
propertyDefinitions.addComponents(asList( | |||
PropertyDefinition.builder("foo").build(), | |||
PropertyDefinition.builder("secret.secured").build(), | |||
PropertyDefinition.builder("plugin.license.secured").type(PropertyType.LICENSE).build())); | |||
ListDefinitionsWsResponse result = executeRequest(); | |||
executeRequest(); | |||
assertThat(result.getDefinitionsList()).extracting(Settings.Definition::getKey).containsOnly("foo", "plugin.license.secured"); | |||
} | |||
@Test | |||
public void fail_when_not_project_admin() throws Exception { | |||
userSession.login("project-admin").addProjectUuidPermissions(USER, project.uuid()); | |||
public void return_secured_and_license_settings_when_system_admin() throws Exception { | |||
setUserAsSystemAdmin(); | |||
propertyDefinitions.addComponents(asList( | |||
PropertyDefinition.builder("foo").build(), | |||
PropertyDefinition.builder("secret.secured").build(), | |||
PropertyDefinition.builder("plugin.license.secured").type(PropertyType.LICENSE).build())); | |||
ListDefinitionsWsResponse result = executeRequest(); | |||
assertThat(result.getDefinitionsList()).extracting(Settings.Definition::getKey).containsOnly("foo", "secret.secured", "plugin.license.secured"); | |||
} | |||
@Test | |||
public void return_secured_and_license_settings_when_project_admin() throws Exception { | |||
setUserAsProjectAdmin(); | |||
propertyDefinitions.addComponents(asList( | |||
PropertyDefinition.builder("foo").onQualifiers(PROJECT).build(), | |||
PropertyDefinition.builder("secret.secured").onQualifiers(PROJECT).build(), | |||
PropertyDefinition.builder("plugin.license.secured").onQualifiers(PROJECT).type(PropertyType.LICENSE).build())); | |||
ListDefinitionsWsResponse result = executeRequest(project.key()); | |||
assertThat(result.getDefinitionsList()).extracting(Settings.Definition::getKey).containsOnly("foo", "secret.secured", "plugin.license.secured"); | |||
} | |||
@Test | |||
public void fail_when_user_has_not_project_browse_permission() throws Exception { | |||
userSession.login("project-admin").addProjectUuidPermissions(CODEVIEWER, project.uuid()); | |||
propertyDefinitions.addComponent(PropertyDefinition.builder("foo").build()); | |||
expectedException.expect(ForbiddenException.class); | |||
@@ -408,12 +450,22 @@ public class ListDefinitionsActionTest { | |||
} | |||
} | |||
private void setAuthenticatedUser() { | |||
userSession.login("user"); | |||
} | |||
private void setUserWithBrowsePermissionOnProject() { | |||
userSession.login("user").addProjectUuidPermissions(USER, project.uuid()); | |||
} | |||
private void setUserAsSystemAdmin() { | |||
userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN); | |||
} | |||
private void setUserAsProjectAdmin() { | |||
userSession.login("project-admin").addProjectUuidPermissions(ADMIN, project.uuid()); | |||
userSession.login("project-admin") | |||
.addProjectUuidPermissions(ADMIN, project.uuid()) | |||
.addProjectUuidPermissions(USER, project.uuid()); | |||
} | |||
} |
@@ -85,7 +85,8 @@ public class ValuesActionTest { | |||
ComponentDto project; | |||
WsActionTester ws = new WsActionTester(new ValuesAction(dbClient, new ComponentFinder(dbClient), userSession, definitions, settingsFinder)); | |||
WsActionTester ws = new WsActionTester( | |||
new ValuesAction(dbClient, new ComponentFinder(dbClient), userSession, definitions, settingsFinder, new SettingsPermissionPredicates(userSession))); | |||
@Before | |||
public void setUp() throws Exception { |