mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27477 Commits
59 Branches
Tree: c1caffa9fb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c1caffa9fb'
${ noResults }
sonarqube/server/sonar-server/src/main/java/org/sonar/server/project/ws/UpdateVisibilityAction.java

UpdateVisibilityAction.java 8.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2018 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.project.ws;

  21. 

  22. import com.google.common.collect.ImmutableSet;

  23. import java.util.Set;

  24. import org.sonar.api.resources.Qualifiers;

  25. import org.sonar.api.server.ws.Request;

  26. import org.sonar.api.server.ws.Response;

  27. import org.sonar.api.server.ws.WebService;

  28. import org.sonar.api.web.UserRole;

  29. import org.sonar.db.DbClient;

  30. import org.sonar.db.DbSession;

  31. import org.sonar.db.component.BranchMapper;

  32. import org.sonar.db.component.ComponentDto;

  33. import org.sonar.db.component.ComponentMapper;

  34. import org.sonar.db.organization.OrganizationDto;

  35. import org.sonar.db.permission.GroupPermissionDto;

  36. import org.sonar.db.permission.UserPermissionDto;

  37. import org.sonar.server.component.ComponentFinder;

  38. import org.sonar.server.es.ProjectIndexer;

  39. import org.sonar.server.es.ProjectIndexers;

  40. import org.sonar.server.project.Visibility;

  41. import org.sonar.server.user.UserSession;

  42. import org.sonarqube.ws.client.project.ProjectsWsParameters;

  43. 

  44. import static java.lang.String.format;

  45. import static java.util.Collections.singletonList;

  46. import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;

  47. import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;

  48. import static org.sonar.server.ws.WsUtils.checkRequest;

  49. import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_PROJECT;

  50. import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_VISIBILITY;

  51. 

  52. public class UpdateVisibilityAction implements ProjectsWsAction {

  53.   private static final Set<String> AUTHORIZED_QUALIFIERS = ImmutableSet.of(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP);

  54. 

  55.   private final DbClient dbClient;

  56.   private final ComponentFinder componentFinder;

  57.   private final UserSession userSession;

  58.   private final ProjectIndexers projectIndexers;

  59.   private final ProjectsWsSupport projectsWsSupport;

  60. 

  61.   public UpdateVisibilityAction(DbClient dbClient, ComponentFinder componentFinder, UserSession userSession,

  62.     ProjectIndexers projectIndexers, ProjectsWsSupport projectsWsSupport) {

  63.     this.dbClient = dbClient;

  64.     this.componentFinder = componentFinder;

  65.     this.userSession = userSession;

  66.     this.projectIndexers = projectIndexers;

  67.     this.projectsWsSupport = projectsWsSupport;

  68.   }

  69. 

  70.   public void define(WebService.NewController context) {

  71.     WebService.NewAction action = context.createAction(ProjectsWsParameters.ACTION_UPDATE_VISIBILITY)

  72.       .setDescription("Updates visibility of a project.<br>" +

  73.         "Requires 'Project administer' permission on the specified project")

  74.       .setSince("6.4")

  75.       .setPost(true)

  76.       .setHandler(this);

  77. 

  78.     action.createParam(PARAM_PROJECT)

  79.       .setDescription("Project key")

  80.       .setExampleValue(KEY_PROJECT_EXAMPLE_001)

  81.       .setRequired(true);

  82. 

  83.     action.createParam(PARAM_VISIBILITY)

  84.       .setDescription("New visibility")

  85.       .setPossibleValues(Visibility.getLabels())

  86.       .setRequired(true);

  87.   }

  88. 

  89.   @Override

  90.   public void handle(Request request, Response response) throws Exception {

  91.     userSession.checkLoggedIn();

  92. 

  93.     String projectKey = request.mandatoryParam(PARAM_PROJECT);

  94.     boolean changeToPrivate = Visibility.isPrivate(request.mandatoryParam(PARAM_VISIBILITY));

  95. 

  96.     try (DbSession dbSession = dbClient.openSession(false)) {

  97.       ComponentDto component = componentFinder.getByKey(dbSession, projectKey);

  98.       checkRequest(component.isRootProject() && AUTHORIZED_QUALIFIERS.contains(component.qualifier()), "Component must be a project, a portfolio or an application");

  99.       userSession.checkComponentPermission(UserRole.ADMIN, component);

  100.       checkRequest(noPendingTask(dbSession, component), "Component visibility can't be changed as long as it has background task(s) pending or in progress");

  101. 

  102.       if (changeToPrivate != component.isPrivate()) {

  103.         OrganizationDto organization = dbClient.organizationDao().selectByUuid(dbSession, component.getOrganizationUuid())

  104.           .orElseThrow(() -> new IllegalStateException(format("Could not find organization with uuid '%s' of project '%s'", component.getOrganizationUuid(), projectKey)));

  105.         projectsWsSupport.checkCanUpdateProjectsVisibility(organization, changeToPrivate);

  106.         setPrivateForRootComponentUuid(dbSession, component.uuid(), changeToPrivate);

  107.         if (changeToPrivate) {

  108.           updatePermissionsToPrivate(dbSession, component);

  109.         } else {

  110.           updatePermissionsToPublic(dbSession, component);

  111.         }

  112.         projectIndexers.commitAndIndex(dbSession, singletonList(component), ProjectIndexer.Cause.PERMISSION_CHANGE);

  113.       }

  114. 

  115.       response.noContent();

  116.     }

  117.   }

  118. 

  119.   private void setPrivateForRootComponentUuid(DbSession dbSession, String uuid, boolean isPrivate) {

  120.     dbClient.componentDao().setPrivateForRootComponentUuid(dbSession, uuid, isPrivate);

  121.     ComponentMapper mapper = dbSession.getMapper(ComponentMapper.class);

  122.     dbSession.getMapper(BranchMapper.class).selectByProjectUuid(uuid)

  123.       .stream()

  124.       .filter(branch -> !uuid.equals(branch.getUuid()))

  125.       .forEach(branch -> mapper.setPrivateForRootComponentUuid(branch.getUuid(), isPrivate));

  126.   }

  127. 

  128.   private boolean noPendingTask(DbSession dbSession, ComponentDto rootComponent) {

  129.     // FIXME this is probably broken in case a branch is passed to the WS

  130.     return dbClient.ceQueueDao().selectByMainComponentUuid(dbSession, rootComponent.uuid()).isEmpty();

  131.   }

  132. 

  133.   private void updatePermissionsToPrivate(DbSession dbSession, ComponentDto component) {

  134.     // delete project permissions for group AnyOne

  135.     dbClient.groupPermissionDao().deleteByRootComponentIdAndGroupId(dbSession, component.getId(), null);

  136.     // grant UserRole.CODEVIEWER and UserRole.USER to any group or user with at least one permission on project

  137.     PUBLIC_PERMISSIONS.forEach(permission -> {

  138.       dbClient.groupPermissionDao().selectGroupIdsWithPermissionOnProjectBut(dbSession, component.getId(), permission)

  139.         .forEach(groupId -> insertProjectPermissionOnGroup(dbSession, component, permission, groupId));

  140.       dbClient.userPermissionDao().selectUserIdsWithPermissionOnProjectBut(dbSession, component.getId(), permission)

  141.         .forEach(userId -> insertProjectPermissionOnUser(dbSession, component, permission, userId));

  142.     });

  143.   }

  144. 

  145.   private void insertProjectPermissionOnUser(DbSession dbSession, ComponentDto component, String permission, Integer userId) {

  146.     dbClient.userPermissionDao().insert(dbSession, new UserPermissionDto(component.getOrganizationUuid(), permission, userId, component.getId()));

  147.   }

  148. 

  149.   private void insertProjectPermissionOnGroup(DbSession dbSession, ComponentDto component, String permission, Integer groupId) {

  150.     dbClient.groupPermissionDao().insert(dbSession, new GroupPermissionDto()

  151.       .setOrganizationUuid(component.getOrganizationUuid())

  152.       .setResourceId(component.getId())

  153.       .setGroupId(groupId)

  154.       .setRole(permission));

  155.   }

  156. 

  157.   private void updatePermissionsToPublic(DbSession dbSession, ComponentDto component) {

  158.     PUBLIC_PERMISSIONS.forEach(permission -> {

  159.       // delete project group permission for UserRole.CODEVIEWER and UserRole.USER

  160.       dbClient.groupPermissionDao().deleteByRootComponentIdAndPermission(dbSession, component.getId(), permission);

  161.       // delete project user permission for UserRole.CODEVIEWER and UserRole.USER

  162.       dbClient.userPermissionDao().deleteProjectPermissionOfAnyUser(dbSession, component.getId(), permission);

  163.     });

  164.   }

  165. 

  166. }