mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34603 Commits
59 Branches
Tree: c62e96c158
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c62e96c158'
${ noResults }
sonarqube/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java

AbstractUserSession.java 8.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2023 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.user;

  21. 

  22. import java.util.Collection;

  23. import java.util.List;

  24. import java.util.Optional;

  25. import java.util.Set;

  26. import javax.annotation.CheckForNull;

  27. import javax.annotation.Nullable;

  28. import org.sonar.api.web.UserRole;

  29. import org.sonar.db.component.ComponentDto;

  30. import org.sonar.db.entity.EntityDto;

  31. import org.sonar.db.permission.GlobalPermission;

  32. import org.sonar.db.user.UserDto;

  33. import org.sonar.server.exceptions.ForbiddenException;

  34. import org.sonar.server.exceptions.UnauthorizedException;

  35. 

  36. import static org.sonar.api.resources.Qualifiers.APP;

  37. import static org.sonar.server.user.UserSession.IdentityProvider.SONARQUBE;

  38. 

  39. public abstract class AbstractUserSession implements UserSession {

  40.   private static final Set<String> PUBLIC_PERMISSIONS = Set.of(UserRole.USER, UserRole.CODEVIEWER);

  41.   private static final String INSUFFICIENT_PRIVILEGES_MESSAGE = "Insufficient privileges";

  42.   private static final String AUTHENTICATION_IS_REQUIRED_MESSAGE = "Authentication is required";

  43. 

  44.   protected static Identity computeIdentity(UserDto userDto) {

  45.     IdentityProvider identityProvider = IdentityProvider.getFromKey(userDto.getExternalIdentityProvider());

  46.     ExternalIdentity externalIdentity = identityProvider == SONARQUBE ? null : externalIdentityOf(userDto);

  47.     return new Identity(identityProvider, externalIdentity);

  48.   }

  49. 

  50.   private static ExternalIdentity externalIdentityOf(UserDto userDto) {

  51.     String externalId = userDto.getExternalId();

  52.     String externalLogin = userDto.getExternalLogin();

  53.     return new ExternalIdentity(externalId, externalLogin);

  54.   }

  55. 

  56.   protected static final class Identity {

  57.     private final IdentityProvider identityProvider;

  58.     private final ExternalIdentity externalIdentity;

  59. 

  60.     private Identity(IdentityProvider identityProvider, @Nullable ExternalIdentity externalIdentity) {

  61.       this.identityProvider = identityProvider;

  62.       this.externalIdentity = externalIdentity;

  63.     }

  64. 

  65.     public IdentityProvider getIdentityProvider() {

  66.       return identityProvider;

  67.     }

  68. 

  69.     @CheckForNull

  70.     public ExternalIdentity getExternalIdentity() {

  71.       return externalIdentity;

  72.     }

  73.   }

  74. 

  75.   @Override

  76.   @CheckForNull

  77.   public Long getLastSonarlintConnectionDate() {

  78.     return null;

  79.   }

  80. 

  81.   @Override

  82.   public final boolean hasPermission(GlobalPermission permission) {

  83.     return hasPermissionImpl(permission);

  84.   }

  85. 

  86.   protected abstract boolean hasPermissionImpl(GlobalPermission permission);

  87. 

  88.   @Override

  89.   public boolean hasComponentPermission(String permission, ComponentDto component) {

  90.     Optional<String> projectUuid1 = componentUuidToEntityUuid(component.uuid());

  91. 

  92.     return projectUuid1

  93.       .map(projectUuid -> hasEntityUuidPermission(permission, projectUuid))

  94.       .orElse(false);

  95.   }

  96. 

  97.   @Override

  98.   public final boolean hasEntityPermission(String permission, EntityDto entity) {

  99.     return hasEntityUuidPermission(permission, entity.getAuthUuid());

  100.   }

  101. 

  102.   @Override

  103.   public final boolean hasEntityPermission(String permission, String entityUuid) {

  104.     return hasEntityUuidPermission(permission, entityUuid);

  105.   }

  106. 

  107.   @Override

  108.   public final boolean hasChildProjectsPermission(String permission, ComponentDto component) {

  109.     return componentUuidToEntityUuid(component.uuid())

  110.       .map(applicationUuid -> hasChildProjectsPermission(permission, applicationUuid)).orElse(false);

  111.   }

  112. 

  113.   @Override

  114.   public final boolean hasChildProjectsPermission(String permission, EntityDto application) {

  115.     return hasChildProjectsPermission(permission, application.getUuid());

  116.   }

  117. 

  118.   @Override

  119.   public final boolean hasPortfolioChildProjectsPermission(String permission, ComponentDto portfolio) {

  120.     return hasPortfolioChildProjectsPermission(permission, portfolio.uuid());

  121.   }

  122. 

  123.   @Override

  124.   public boolean hasComponentUuidPermission(String permission, String componentUuid) {

  125.     Optional<String> entityUuid = componentUuidToEntityUuid(componentUuid);

  126.     return entityUuid

  127.       .map(s -> hasEntityUuidPermission(permission, s))

  128.       .orElse(false);

  129.   }

  130. 

  131.   protected abstract Optional<String> componentUuidToEntityUuid(String componentUuid);

  132. 

  133.   protected abstract boolean hasEntityUuidPermission(String permission, String entityUuid);

  134. 

  135.   protected abstract boolean hasChildProjectsPermission(String permission, String applicationUuid);

  136. 

  137.   protected abstract boolean hasPortfolioChildProjectsPermission(String permission, String portfolioUuid);

  138. 

  139.   @Override

  140.   public final List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components) {

  141.     return doKeepAuthorizedComponents(permission, components);

  142.   }

  143. 

  144.   @Override

  145.   public  <T extends EntityDto>  List<T> keepAuthorizedEntities(String permission, Collection<T> projects) {

  146.     return doKeepAuthorizedEntities(permission, projects);

  147.   }

  148. 

  149.   /**

  150.    * Naive implementation, to be overridden if needed

  151.    */

  152.   protected  <T extends EntityDto> List<T> doKeepAuthorizedEntities(String permission, Collection<T> entities) {

  153.     boolean allowPublicComponent = PUBLIC_PERMISSIONS.contains(permission);

  154.     return entities.stream()

  155.       .filter(c -> (allowPublicComponent && !c.isPrivate()) || hasEntityPermission(permission, c.getUuid()))

  156.       .toList();

  157.   }

  158. 

  159.   /**

  160.    * Naive implementation, to be overridden if needed

  161.    */

  162.   protected List<ComponentDto> doKeepAuthorizedComponents(String permission, Collection<ComponentDto> components) {

  163.     boolean allowPublicComponent = PUBLIC_PERMISSIONS.contains(permission);

  164.     return components.stream()

  165.       .filter(c -> (allowPublicComponent && !c.isPrivate()) || hasComponentPermission(permission, c))

  166.       .toList();

  167.   }

  168. 

  169.   @Override

  170.   public final UserSession checkLoggedIn() {

  171.     if (!isLoggedIn()) {

  172.       throw new UnauthorizedException(AUTHENTICATION_IS_REQUIRED_MESSAGE);

  173.     }

  174.     return this;

  175.   }

  176. 

  177.   @Override

  178.   public final UserSession checkPermission(GlobalPermission permission) {

  179.     if (!hasPermission(permission)) {

  180.       throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);

  181.     }

  182.     return this;

  183.   }

  184. 

  185.   @Override

  186.   public final UserSession checkComponentPermission(String projectPermission, ComponentDto component) {

  187.     if (!hasComponentPermission(projectPermission, component)) {

  188.       throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);

  189.     }

  190.     return this;

  191.   }

  192. 

  193.   @Override

  194.   public UserSession checkEntityPermission(String projectPermission, EntityDto entity) {

  195.     if (hasEntityPermission(projectPermission, entity)) {

  196.       return this;

  197.     }

  198. 

  199.     throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);

  200.   }

  201. 

  202.   @Override

  203.   public UserSession checkChildProjectsPermission(String projectPermission, ComponentDto component) {

  204.     if (!APP.equals(component.qualifier()) || hasChildProjectsPermission(projectPermission, component)) {

  205.       return this;

  206.     }

  207. 

  208.     throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);

  209.   }

  210. 

  211.   @Override

  212.   public UserSession checkChildProjectsPermission(String projectPermission, EntityDto application) {

  213.     if (!APP.equals(application.getQualifier()) || hasChildProjectsPermission(projectPermission, application)) {

  214.       return this;

  215.     }

  216. 

  217.     throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);

  218.   }

  219. 

  220.   @Override

  221.   public final UserSession checkComponentUuidPermission(String permission, String componentUuid) {

  222.     if (!hasComponentUuidPermission(permission, componentUuid)) {

  223.       throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);

  224.     }

  225.     return this;

  226.   }

  227. 

  228.   public static ForbiddenException insufficientPrivilegesException() {

  229.     return new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);

  230.   }

  231. 

  232.   @Override

  233.   public final UserSession checkIsSystemAdministrator() {

  234.     if (!isSystemAdministrator()) {

  235.       throw insufficientPrivilegesException();

  236.     }

  237.     return this;

  238.   }

  239. }