mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27477 Commits
59 Branches
Tree: c1caffa9fb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c1caffa9fb'
${ noResults }
sonarqube/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java

UserPermissionChanger.java 5.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2018 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.permission;

  21. 

  22. import java.util.List;

  23. import java.util.Optional;

  24. import org.sonar.db.DbClient;

  25. import org.sonar.db.DbSession;

  26. import org.sonar.db.permission.UserPermissionDto;

  27. 

  28. import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;

  29. import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;

  30. import static org.sonar.server.permission.PermissionChange.Operation.ADD;

  31. import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;

  32. import static org.sonar.server.ws.WsUtils.checkRequest;

  33. 

  34. /**

  35.  * Adds and removes user permissions. Both global and project scopes are supported.

  36.  */

  37. public class UserPermissionChanger {

  38. 

  39.   private final DbClient dbClient;

  40. 

  41.   public UserPermissionChanger(DbClient dbClient) {

  42.     this.dbClient = dbClient;

  43.   }

  44. 

  45.   public boolean apply(DbSession dbSession, UserPermissionChange change) {

  46.     ensureConsistencyWithVisibility(change);

  47.     if (isImplicitlyAlreadyDone(change)) {

  48.       return false;

  49.     }

  50.     switch (change.getOperation()) {

  51.       case ADD:

  52.         return addPermission(dbSession, change);

  53.       case REMOVE:

  54.         return removePermission(dbSession, change);

  55.       default:

  56.         throw new UnsupportedOperationException("Unsupported permission change: " + change.getOperation());

  57.     }

  58.   }

  59. 

  60.   private static boolean isImplicitlyAlreadyDone(UserPermissionChange change) {

  61.     return change.getProjectId()

  62.       .map(projectId -> isImplicitlyAlreadyDone(projectId, change))

  63.       .orElse(false);

  64.   }

  65. 

  66.   private static boolean isImplicitlyAlreadyDone(ProjectId projectId, UserPermissionChange change) {

  67.     return isAttemptToAddPublicPermissionToPublicComponent(change, projectId);

  68.   }

  69. 

  70.   private static boolean isAttemptToAddPublicPermissionToPublicComponent(UserPermissionChange change, ProjectId projectId) {

  71.     return !projectId.isPrivate()

  72.       && change.getOperation() == ADD

  73.       && PUBLIC_PERMISSIONS.contains(change.getPermission());

  74.   }

  75. 

  76.   private static void ensureConsistencyWithVisibility(UserPermissionChange change) {

  77.     change.getProjectId()

  78.       .ifPresent(projectId -> checkRequest(

  79.         !isAttemptToRemovePublicPermissionFromPublicComponent(change, projectId),

  80.         "Permission %s can't be removed from a public component", change.getPermission()));

  81.   }

  82. 

  83.   private static boolean isAttemptToRemovePublicPermissionFromPublicComponent(UserPermissionChange change, ProjectId projectId) {

  84.     return !projectId.isPrivate()

  85.       && change.getOperation() == REMOVE

  86.       && PUBLIC_PERMISSIONS.contains(change.getPermission());

  87.   }

  88. 

  89.   private boolean addPermission(DbSession dbSession, UserPermissionChange change) {

  90.     if (loadExistingPermissions(dbSession, change).contains(change.getPermission())) {

  91.       return false;

  92.     }

  93.     UserPermissionDto dto = new UserPermissionDto(change.getOrganizationUuid(), change.getPermission(), change.getUserId().getId(), change.getNullableProjectId());

  94.     dbClient.userPermissionDao().insert(dbSession, dto);

  95.     return true;

  96.   }

  97. 

  98.   private boolean removePermission(DbSession dbSession, UserPermissionChange change) {

  99.     if (!loadExistingPermissions(dbSession, change).contains(change.getPermission())) {

  100.       return false;

  101.     }

  102.     checkOtherAdminsExist(dbSession, change);

  103.     Optional<ProjectId> projectId = change.getProjectId();

  104.     if (projectId.isPresent()) {

  105.       dbClient.userPermissionDao().deleteProjectPermission(dbSession, change.getUserId().getId(), change.getPermission(), projectId.get().getId());

  106.     } else {

  107.       dbClient.userPermissionDao().deleteGlobalPermission(dbSession, change.getUserId().getId(), change.getPermission(), change.getOrganizationUuid());

  108.     }

  109.     return true;

  110.   }

  111. 

  112.   private List<String> loadExistingPermissions(DbSession dbSession, UserPermissionChange change) {

  113.     Optional<ProjectId> projectId = change.getProjectId();

  114.     if (projectId.isPresent()) {

  115.       return dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession,

  116.         change.getUserId().getId(),

  117.         projectId.get().getId());

  118.     }

  119.     return dbClient.userPermissionDao().selectGlobalPermissionsOfUser(dbSession,

  120.       change.getUserId().getId(),

  121.       change.getOrganizationUuid());

  122.   }

  123. 

  124.   private void checkOtherAdminsExist(DbSession dbSession, UserPermissionChange change) {

  125.     if (SYSTEM_ADMIN.equals(change.getPermission()) && !change.getProjectId().isPresent()) {

  126.       int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUserPermission(dbSession,

  127.         change.getOrganizationUuid(), change.getPermission(), change.getUserId().getId());

  128.       checkRequest(remaining > 0, "Last user with permission '%s'. Permission cannot be removed.", SYSTEM_ADMIN);

  129.     }

  130.   }

  131. }