SONAR-9739 add UserSession#checkIsRoot

author: Sébastien Lesaint <sebastien.lesaint@sonarsource.com> 2017-08-23 09:06:08 +0200
committer: Sébastien Lesaint <sebastien.lesaint@sonarsource.com> 2017-09-13 15:50:46 +0200
commit: b97f21885c0402db6fa922b3b8e8f160fdaef59c (patch)
tree: 9056f51af492a7cbaeec7b68f73a5dc82583136c
parent: bf412423f3ed4e1a5cc164f8c6c09571009e02d0 (diff)
download: sonarqube-b97f21885c0402db6fa922b3b8e8f160fdaef59c.tar.gz
sonarqube-b97f21885c0402db6fa922b3b8e8f160fdaef59c.zip
6 files changed, 45 insertions, 0 deletions
diff --git a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java
index 36d4c8c2928..fcdbfb6f260 100644
--- a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java
+++ b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java
@@ -68,6 +68,11 @@ public class CeUserSession implements UserSession {
   }
 
   @Override
+  public UserSession checkIsRoot() {
+    throw notImplemented();
+  }
+
+  @Override
   public UserSession checkLoggedIn() {
     throw notImplemented();
   }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java
index 5012cd3b96b..47c5ea88abe 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java
@@ -39,6 +39,14 @@ public abstract class AbstractUserSession implements UserSession {
   private static final String AUTHENTICATION_IS_REQUIRED_MESSAGE = "Authentication is required";
 
   @Override
+  public UserSession checkIsRoot() {
+    if (!isRoot()) {
+      throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);
+    }
+    return this;
+  }
+
+  @Override
   public final UserSession checkLoggedIn() {
     if (!isLoggedIn()) {
       throw new UnauthorizedException(AUTHENTICATION_IS_REQUIRED_MESSAGE);
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
index d27f4b02381..3fafcaf44fc 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
@@ -84,6 +84,11 @@ public class ThreadLocalUserSession implements UserSession {
   }
 
   @Override
+  public UserSession checkIsRoot() {
+    return get().checkIsRoot();
+  }
+
+  @Override
   public boolean isRoot() {
     return get().isRoot();
   }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
index 23b16f560a2..6ed0c42c657 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
@@ -68,6 +68,12 @@ public interface UserSession {
   boolean isRoot();
 
   /**
+   * Ensures that {@link #isRoot()} returns {@code true} otherwise throws a
+   * {@link org.sonar.server.exceptions.ForbiddenException}.
+   */
+  UserSession checkIsRoot();
+
+  /**
    * Ensures that user is logged in otherwise throws {@link org.sonar.server.exceptions.UnauthorizedException}.
    */
   UserSession checkLoggedIn();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
index 12a892587db..508bed2249f 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
@@ -273,6 +273,11 @@ public class UserSessionRule implements TestRule, UserSession {
   }
 
   @Override
+  public UserSession checkIsRoot() {
+    return currentUserSession.checkIsRoot();
+  }
+
+  @Override
   public UserSession checkLoggedIn() {
     currentUserSession.checkLoggedIn();
     return this;
diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
index b4fff65d1c7..d19500ea2e4 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
@@ -139,6 +139,22 @@ public class ServerUserSessionTest {
   }
 
   @Test
+  public void checkIsRoot_throws_IPFE_if_flag_root_is_false_on_UserDto() {
+    UserSession underTest = newUserSession(NON_ROOT_USER_DTO);
+
+    expectInsufficientPrivilegesForbiddenException();
+
+    underTest.checkIsRoot();
+  }
+
+  @Test
+  public void checkIsRoot_does_not_fail_if_flag_root_is_true_on_UserDto() {
+    UserSession underTest = newUserSession(ROOT_USER_DTO);
+
+    assertThat(underTest.checkIsRoot()).isSameAs(underTest);
+  }
+
+  @Test
   public void hasComponentUuidPermission_returns_true_when_flag_root_is_true_on_UserDto_no_matter_if_user_has_project_permission_for_given_uuid() {
     UserSession underTest = newUserSession(ROOT_USER_DTO);
author	Sébastien Lesaint <sebastien.lesaint@sonarsource.com>	2017-08-23 09:06:08 +0200
committer	Sébastien Lesaint <sebastien.lesaint@sonarsource.com>	2017-09-13 15:50:46 +0200
commit	b97f21885c0402db6fa922b3b8e8f160fdaef59c (patch)
tree	9056f51af492a7cbaeec7b68f73a5dc82583136c
parent	bf412423f3ed4e1a5cc164f8c6c09571009e02d0 (diff)
download	sonarqube-b97f21885c0402db6fa922b3b8e8f160fdaef59c.tar.gz sonarqube-b97f21885c0402db6fa922b3b8e8f160fdaef59c.zip