mirrors
/
sonarqube
peilaus alkaen https://github.com/SonarSource/sonarqube.git
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Ongelmat 0 Julkaisut 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30152 Commitit
59 Branchit
Puu: 7de02f77f4
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '7de02f77f4'
${ noResults }
sonarqube/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java

UserSession.java 8.0KB
Raaka Blame Historia

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2020 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.user;

  21. 

  22. import java.util.Arrays;

  23. import java.util.Collection;

  24. import java.util.List;

  25. import java.util.Objects;

  26. import java.util.Optional;

  27. import javax.annotation.CheckForNull;

  28. import javax.annotation.concurrent.Immutable;

  29. import org.sonar.db.component.ComponentDto;

  30. import org.sonar.db.permission.OrganizationPermission;

  31. import org.sonar.db.project.ProjectDto;

  32. import org.sonar.db.user.GroupDto;

  33. 

  34. import static java.util.Objects.requireNonNull;

  35. 

  36. public interface UserSession {

  37. 

  38.   /**

  39.    * Login of the authenticated user. Returns {@code null}

  40.    * if {@link #isLoggedIn()} is {@code false}.

  41.    */

  42.   @CheckForNull

  43.   String getLogin();

  44. 

  45.   /**

  46.    * Uuid of the authenticated user. Returns {@code null}

  47.    * if {@link #isLoggedIn()} is {@code false}.

  48.    */

  49.   @CheckForNull

  50.   String getUuid();

  51. 

  52.   /**

  53.    * Name of the authenticated user. Returns {@code null}

  54.    * if {@link #isLoggedIn()} is {@code false}.

  55.    */

  56.   @CheckForNull

  57.   String getName();

  58. 

  59.   /**

  60.    * The groups that the logged-in user is member of. An empty

  61.    * collection is returned if {@link #isLoggedIn()} is {@code false}.

  62.    */

  63.   Collection<GroupDto> getGroups();

  64. 

  65.   /**

  66.    * This enum supports by name only the few providers for which specific code exists.

  67.    */

  68.   enum IdentityProvider {

  69.     SONARQUBE("sonarqube"), GITHUB("github"), BITBUCKETCLOUD("bitbucket"), OTHER("other");

  70. 

  71.     String key;

  72. 

  73.     IdentityProvider(String key) {

  74.       this.key = key;

  75.     }

  76. 

  77.     public String getKey() {

  78.       return key;

  79.     }

  80. 

  81.     public static IdentityProvider getFromKey(String key) {

  82.       return Arrays.stream(IdentityProvider.values())

  83.         .filter(i -> i.getKey().equals(key))

  84.         .findAny()

  85.         .orElse(OTHER);

  86.     }

  87.   }

  88. 

  89.   /**

  90.    * @return empty if user is anonymous

  91.    */

  92.   Optional<IdentityProvider> getIdentityProvider();

  93. 

  94.   @Immutable final class ExternalIdentity {

  95.     private final String id;

  96.     private final String login;

  97. 

  98.     public ExternalIdentity(String id, String login) {

  99.       this.id = requireNonNull(id, "id can't be null");

  100.       this.login = requireNonNull(login, "login can't be null");

  101.     }

  102. 

  103.     public String getId() {

  104.       return id;

  105.     }

  106. 

  107.     public String getLogin() {

  108.       return login;

  109.     }

  110. 

  111.     @Override

  112.     public String toString() {

  113.       return "ExternalIdentity{" +

  114.         "id='" + id + '\'' +

  115.         ", login='" + login + '\'' +

  116.         '}';

  117.     }

  118. 

  119.     @Override

  120.     public boolean equals(Object o) {

  121.       if (this == o) {

  122.         return true;

  123.       }

  124.       if (o == null || getClass() != o.getClass()) {

  125.         return false;

  126.       }

  127.       ExternalIdentity that = (ExternalIdentity) o;

  128.       return Objects.equals(id, that.id) && Objects.equals(login, that.login);

  129.     }

  130. 

  131.     @Override

  132.     public int hashCode() {

  133.       return Objects.hash(id, login);

  134.     }

  135.   }

  136. 

  137.   /**

  138.    * @return empty if {@link #getIdentityProvider()} returns empty or {@link IdentityProvider#SONARQUBE}

  139.    */

  140.   Optional<ExternalIdentity> getExternalIdentity();

  141. 

  142.   /**

  143.    * Whether the user is logged-in or anonymous.

  144.    */

  145.   boolean isLoggedIn();

  146. 

  147.   /**

  148.    * Whether the user has root privileges. If {@code true}, then user automatically

  149.    * benefits from all the permissions on all organizations and projects.

  150.    */

  151.   boolean isRoot();

  152. 

  153.   /**

  154.    * Ensures that {@link #isRoot()} returns {@code true} otherwise throws a

  155.    * {@link org.sonar.server.exceptions.ForbiddenException}.

  156.    */

  157.   UserSession checkIsRoot();

  158. 

  159.   /**

  160.    * Ensures that user is logged in otherwise throws {@link org.sonar.server.exceptions.UnauthorizedException}.

  161.    */

  162.   UserSession checkLoggedIn();

  163. 

  164.   /**

  165.    * Returns {@code true} if the permission is granted on the organization, otherwise {@code false}.

  166.    *

  167.    * If the organization does not exist, then returns {@code false}.

  168.    *

  169.    * Always returns {@code true} if {@link #isRoot()} is {@code true}, even if

  170.    * organization does not exist.

  171.    */

  172.   boolean hasPermission(OrganizationPermission permission);

  173. 

  174.   /**

  175.    * Ensures that {@link #hasPermission(OrganizationPermission)} is {@code true},

  176.    * otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.

  177.    */

  178.   UserSession checkPermission(OrganizationPermission permission);

  179. 

  180.   /**

  181.    * Returns {@code true} if the permission is granted to user on the component,

  182.    * otherwise {@code false}.

  183.    *

  184.    * If the component does not exist, then returns {@code false}.

  185.    *

  186.    * Always returns {@code true} if {@link #isRoot()} is {@code true}, even if

  187.    * component does not exist.

  188.    *

  189.    * If the permission is not granted, then the organization permission is _not_ checked.

  190.    *

  191.    * @param component non-null component.

  192.    * @param permission project permission as defined by {@link org.sonar.server.permission.PermissionService}

  193.    */

  194.   boolean hasComponentPermission(String permission, ComponentDto component);

  195. 

  196.   boolean hasProjectPermission(String permission, ProjectDto project);

  197. 

  198.   /**

  199.    * Using {@link #hasComponentPermission(String, ComponentDto)} is recommended

  200.    * because it does not have to load project if the referenced component

  201.    * is not a project.

  202.    *

  203.    * @deprecated use {@link #hasComponentPermission(String, ComponentDto)} instead

  204.    */

  205.   @Deprecated

  206.   boolean hasComponentUuidPermission(String permission, String componentUuid);

  207. 

  208.   /**

  209.    * Return the subset of specified components which the user has granted permission.

  210.    * An empty list is returned if input is empty or if no components are allowed to be

  211.    * accessed.

  212.    * If the input is ordered, then the returned components are in the same order.

  213.    * The duplicated components are returned duplicated too.

  214.    */

  215.   List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components);

  216. 

  217.   List<ProjectDto> keepAuthorizedProjects(String permission, Collection<ProjectDto> projects);

  218. 

  219.   /**

  220.    * Ensures that {@link #hasComponentPermission(String, ComponentDto)} is {@code true},

  221.    * otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.

  222.    */

  223.   UserSession checkComponentPermission(String projectPermission, ComponentDto component);

  224. 

  225.   /**

  226.    * Ensures that {@link #hasProjectPermission(String, ProjectDto)} is {@code true},

  227.    * otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.

  228.    */

  229.   UserSession checkProjectPermission(String projectPermission, ProjectDto project);

  230. 

  231.   /**

  232.    * Ensures that {@link #hasComponentUuidPermission(String, String)} is {@code true},

  233.    * otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.

  234.    *

  235.    * @deprecated use {@link #checkComponentPermission(String, ComponentDto)} instead

  236.    */

  237.   @Deprecated

  238.   UserSession checkComponentUuidPermission(String permission, String componentUuid);

  239. 

  240.   /**

  241.    * Whether user can administrate system, for example for using cross-organizations services

  242.    * like update center, system info or management of users.

  243.    *

  244.    * Returns {@code true} if:

  245.    * <ul>

  246.    *   <li>{@link #isRoot()} is {@code true}</li>

  247.    *   <li>organization feature is disabled and user is administrator of the (single) default organization</li>

  248.    * </ul>

  249.    */

  250.   boolean isSystemAdministrator();

  251. 

  252.   /**

  253.    * Ensures that {@link #isSystemAdministrator()} is {@code true},

  254.    * otherwise throws {@link org.sonar.server.exceptions.ForbiddenException}.

  255.    */

  256.   UserSession checkIsSystemAdministrator();

  257. }