aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJulien HENRY <julien.henry@sonarsource.com>2013-07-03 14:49:39 +0200
committerJulien HENRY <julien.henry@sonarsource.com>2013-07-03 15:08:06 +0200
commit5ccbb39d22b649cf47b0082b1b198783596b417e (patch)
treeb58770fb8e1882c4108d0bfe4462d068edc56a00
parentbd9e609162e5c0420a7ac7c2d7c06580020db59d (diff)
downloadsonarqube-5ccbb39d22b649cf47b0082b1b198783596b417e.tar.gz
sonarqube-5ccbb39d22b649cf47b0082b1b198783596b417e.zip
Refator permissions to share same constants between Ruby and Java
Diffstat
-rw-r--r--sonar-core/src/main/java/org/sonar/core/user/Permission.java64
-rw-r--r--sonar-core/src/main/java/org/sonar/core/user/Permissions.java36
-rw-r--r--sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java18
-rw-r--r--sonar-server/src/main/java/org/sonar/server/issue/IssueFilterService.java22
-rw-r--r--sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java34
-rw-r--r--sonar-server/src/main/java/org/sonar/server/permission/PermissionChangeQuery.java27
-rw-r--r--sonar-server/src/main/java/org/sonar/server/user/DefaultUserService.java7
-rw-r--r--sonar-server/src/main/java/org/sonar/server/user/UserSession.java30
-rw-r--r--sonar-server/src/main/webapp/WEB-INF/app/controllers/batch_bootstrap_controller.rb8
-rw-r--r--sonar-server/src/main/webapp/WEB-INF/app/views/roles/global.html.erb14
-rw-r--r--sonar-server/src/main/webapp/WEB-INF/db/migrate/414_add_scan_and_dry_run_permissions.rb4
-rw-r--r--sonar-server/src/main/webapp/WEB-INF/lib/need_authorization.rb7
-rw-r--r--sonar-server/src/test/java/org/sonar/server/issue/IssueFilterServiceTest.java36
-rw-r--r--sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java70
-rw-r--r--sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java58
-rw-r--r--sonar-server/src/test/java/org/sonar/server/user/DefaultUserServiceTest.java30
-rw-r--r--sonar-server/src/test/java/org/sonar/server/user/MockUserSession.java7
-rw-r--r--sonar-server/src/test/java/org/sonar/server/user/MockUserSessionTest.java2
-rw-r--r--sonar-server/src/test/java/org/sonar/server/user/UserSessionTest.java17
19 files changed, 293 insertions, 198 deletions
diff --git a/sonar-core/src/main/java/org/sonar/core/user/Permission.java b/sonar-core/src/main/java/org/sonar/core/user/Permission.java
new file mode 100644
index 00000000000..be5fb50a755
--- /dev/null
+++ b/sonar-core/src/main/java/org/sonar/core/user/Permission.java
@@ -0,0 +1,64 @@
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.core.user;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ *
+ * Holds the constants representing the various global permissions that can be assigned to users & groups
+ *
+ * @since 3.7
+ */
+public class Permission {
+
+ public static final Permission SYSTEM_ADMIN = new Permission("admin");
+ public static final Permission QUALITY_PROFILE_ADMIN = new Permission("profileadmin");
+ public static final Permission DASHBOARD_SHARING = new Permission("shareDashboard");
+ public static final Permission SCAN_EXECUTION = new Permission("scan");
+ public static final Permission DRY_RUN_EXECUTION = new Permission("dryRunScan");
+
+ private final String key;
+ // Use linked hash map to preserve order
+ private static Map<String, Permission> allGlobal = new LinkedHashMap<String, Permission>();
+
+ static {
+ allGlobal.put(SYSTEM_ADMIN.key, SYSTEM_ADMIN);
+ allGlobal.put(QUALITY_PROFILE_ADMIN.key, QUALITY_PROFILE_ADMIN);
+ allGlobal.put(DASHBOARD_SHARING.key, DASHBOARD_SHARING);
+ allGlobal.put(SCAN_EXECUTION.key, SCAN_EXECUTION);
+ allGlobal.put(DRY_RUN_EXECUTION.key, DRY_RUN_EXECUTION);
+ }
+
+ private Permission(String key) {
+ this.key = key;
+ }
+
+ public String key() {
+ return key;
+ }
+
+ public static Map<String, Permission> allGlobal() {
+ return allGlobal;
+ }
+
+}
diff --git a/sonar-core/src/main/java/org/sonar/core/user/Permissions.java b/sonar-core/src/main/java/org/sonar/core/user/Permissions.java
deleted file mode 100644
index db6ad9d6e09..00000000000
--- a/sonar-core/src/main/java/org/sonar/core/user/Permissions.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2013 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.core.user;
-
-/**
- *
- * Holds the constants representing the various permissions that can be assigned to users & groups
- *
- * @since 3.7
- */
-public interface Permissions {
-
- String SYSTEM_ADMIN = "admin";
- String QUALITY_PROFILE_ADMIN = "profileadmin";
- String DASHBOARD_SHARING = "shareDashboard";
- String SCAN_EXECUTION = "scan";
- String DRY_RUN_EXECUTION = "dryRunScan";
-}
diff --git a/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java b/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java
index 33eae64cf56..582616cc5a6 100644
--- a/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java
+++ b/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java
@@ -34,8 +34,8 @@ public class RoleDaoTest extends AbstractDaoTestCase {
RoleDao dao = new RoleDao(getMyBatis());
- assertThat(dao.selectUserPermissions("admin_user")).containsOnly(Permissions.SYSTEM_ADMIN, Permissions.QUALITY_PROFILE_ADMIN);
- assertThat(dao.selectUserPermissions("profile_admin_user")).containsOnly(Permissions.QUALITY_PROFILE_ADMIN);
+ assertThat(dao.selectUserPermissions("admin_user")).containsOnly(Permission.SYSTEM_ADMIN.key(), Permission.QUALITY_PROFILE_ADMIN.key());
+ assertThat(dao.selectUserPermissions("profile_admin_user")).containsOnly(Permission.QUALITY_PROFILE_ADMIN.key());
}
@Test
@@ -44,18 +44,18 @@ public class RoleDaoTest extends AbstractDaoTestCase {
RoleDao dao = new RoleDao(getMyBatis());
- assertThat(dao.selectGroupPermissions("sonar-administrators")).containsOnly(Permissions.SYSTEM_ADMIN, Permissions.QUALITY_PROFILE_ADMIN,
- Permissions.DASHBOARD_SHARING, Permissions.DRY_RUN_EXECUTION, Permissions.SCAN_EXECUTION);
- assertThat(dao.selectGroupPermissions("sonar-users")).containsOnly(Permissions.DASHBOARD_SHARING, Permissions.DRY_RUN_EXECUTION,
- Permissions.SCAN_EXECUTION);
- assertThat(dao.selectGroupPermissions(DefaultGroups.ANYONE)).containsOnly(Permissions.DRY_RUN_EXECUTION, Permissions.SCAN_EXECUTION);
+ assertThat(dao.selectGroupPermissions("sonar-administrators")).containsOnly(Permission.SYSTEM_ADMIN.key(), Permission.QUALITY_PROFILE_ADMIN.key(),
+ Permission.DASHBOARD_SHARING.key(), Permission.DRY_RUN_EXECUTION.key(), Permission.SCAN_EXECUTION.key());
+ assertThat(dao.selectGroupPermissions("sonar-users")).containsOnly(Permission.DASHBOARD_SHARING.key(), Permission.DRY_RUN_EXECUTION.key(),
+ Permission.SCAN_EXECUTION.key());
+ assertThat(dao.selectGroupPermissions(DefaultGroups.ANYONE)).containsOnly(Permission.DRY_RUN_EXECUTION.key(), Permission.SCAN_EXECUTION.key());
}
@Test
public void should_delete_user_global_permission() throws Exception {
setupData("userPermissions");
- UserRoleDto userRoleToDelete = new UserRoleDto().setUserId(200L).setRole(Permissions.QUALITY_PROFILE_ADMIN);
+ UserRoleDto userRoleToDelete = new UserRoleDto().setUserId(200L).setRole(Permission.QUALITY_PROFILE_ADMIN.key());
RoleDao dao = new RoleDao(getMyBatis());
dao.deleteUserRole(userRoleToDelete);
@@ -67,7 +67,7 @@ public class RoleDaoTest extends AbstractDaoTestCase {
public void should_delete_group_global_permission() throws Exception {
setupData("groupPermissions");
- GroupRoleDto groupRoleToDelete = new GroupRoleDto().setGroupId(100L).setRole(Permissions.QUALITY_PROFILE_ADMIN);
+ GroupRoleDto groupRoleToDelete = new GroupRoleDto().setGroupId(100L).setRole(Permission.QUALITY_PROFILE_ADMIN.key());
RoleDao dao = new RoleDao(getMyBatis());
dao.deleteGroupRole(groupRoleToDelete);
diff --git a/sonar-server/src/main/java/org/sonar/server/issue/IssueFilterService.java b/sonar-server/src/main/java/org/sonar/server/issue/IssueFilterService.java
index 5db8808b18a..d44359a58cf 100644
--- a/sonar-server/src/main/java/org/sonar/server/issue/IssueFilterService.java
+++ b/sonar-server/src/main/java/org/sonar/server/issue/IssueFilterService.java
@@ -35,7 +35,7 @@ import org.sonar.core.issue.db.IssueFilterDto;
import org.sonar.core.issue.db.IssueFilterFavouriteDao;
import org.sonar.core.issue.db.IssueFilterFavouriteDto;
import org.sonar.core.user.AuthorizationDao;
-import org.sonar.core.user.Permissions;
+import org.sonar.core.user.Permission;
import org.sonar.server.user.UserSession;
import javax.annotation.CheckForNull;
@@ -57,7 +57,7 @@ public class IssueFilterService implements ServerComponent {
private final IssueFilterSerializer serializer;
public IssueFilterService(IssueFilterDao filterDao, IssueFilterFavouriteDao favouriteDao, IssueFinder finder, AuthorizationDao authorizationDao,
- IssueFilterSerializer serializer) {
+ IssueFilterSerializer serializer) {
this.filterDao = filterDao;
this.favouriteDao = favouriteDao;
this.finder = finder;
@@ -97,7 +97,7 @@ public class IssueFilterService implements ServerComponent {
String login = getLoggedLogin(userSession);
IssueFilterDto existingFilterDto = findIssueFilterDto(issueFilter.id(), login);
verifyCurrentUserCanModifyFilter(existingFilterDto.toIssueFilter(), login);
- if(!existingFilterDto.getUserLogin().equals(issueFilter.user())) {
+ if (!existingFilterDto.getUserLogin().equals(issueFilter.user())) {
verifyCurrentUserCanChangeFilterOwnership(login);
}
validateFilter(issueFilter);
@@ -106,7 +106,7 @@ public class IssueFilterService implements ServerComponent {
return issueFilter;
}
- private void deleteOtherFavoriteFiltersIfFilterBecomeUnshared(IssueFilterDto existingFilterDto, DefaultIssueFilter issueFilter){
+ private void deleteOtherFavoriteFiltersIfFilterBecomeUnshared(IssueFilterDto existingFilterDto, DefaultIssueFilter issueFilter) {
if (existingFilterDto.isShared() && !issueFilter.shared()) {
for (IssueFilterFavouriteDto favouriteDto : selectFavouriteFilters(existingFilterDto.getId())) {
if (!favouriteDto.getUserLogin().equals(issueFilter.user())) {
@@ -217,7 +217,7 @@ public class IssueFilterService implements ServerComponent {
}
private void verifyCurrentUserCanChangeFilterOwnership(String user) {
- if(!isAdmin(user)) {
+ if (!isAdmin(user)) {
// TODO throw unauthorized
throw new IllegalStateException("User is not authorized to change the owner of this filter");
}
@@ -252,16 +252,16 @@ public class IssueFilterService implements ServerComponent {
return favouriteDao.selectByFilterId(filterId);
}
- private List<IssueFilterDto> selectUserIssueFilters(String user){
+ private List<IssueFilterDto> selectUserIssueFilters(String user) {
return filterDao.selectByUser(user);
}
- private List<IssueFilterDto> selectSharedFilters(){
+ private List<IssueFilterDto> selectSharedFilters() {
return filterDao.selectSharedFilters();
}
@CheckForNull
- private IssueFilterDto findFilterWithSameName(List<IssueFilterDto> dtos, final String name){
+ private IssueFilterDto findFilterWithSameName(List<IssueFilterDto> dtos, final String name) {
return Iterables.find(dtos, new Predicate<IssueFilterDto>() {
@Override
public boolean apply(IssueFilterDto input) {
@@ -272,8 +272,8 @@ public class IssueFilterService implements ServerComponent {
private void addFavouriteIssueFilter(Long issueFilterId, String user) {
IssueFilterFavouriteDto issueFilterFavouriteDto = new IssueFilterFavouriteDto()
- .setIssueFilterId(issueFilterId)
- .setUserLogin(user);
+ .setIssueFilterId(issueFilterId)
+ .setUserLogin(user);
favouriteDao.insert(issueFilterFavouriteDto);
}
@@ -302,7 +302,7 @@ public class IssueFilterService implements ServerComponent {
}
private boolean isAdmin(String user) {
- return authorizationDao.selectGlobalPermissions(user).contains(Permissions.SYSTEM_ADMIN);
+ return authorizationDao.selectGlobalPermissions(user).contains(Permission.SYSTEM_ADMIN.key());
}
private IssueFilterResult createIssueFilterResult(IssueQueryResult issueQueryResult, IssueQuery issueQuery) {
diff --git a/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java b/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java
index e2973b61a47..7fca7e17a37 100644
--- a/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java
+++ b/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java
@@ -24,8 +24,11 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonar.api.ServerComponent;
import org.sonar.api.security.DefaultGroups;
-import org.sonar.core.user.*;
-import org.sonar.server.exceptions.BadRequestException;
+import org.sonar.core.user.GroupRoleDto;
+import org.sonar.core.user.Permission;
+import org.sonar.core.user.RoleDao;
+import org.sonar.core.user.UserDao;
+import org.sonar.core.user.UserRoleDto;
import org.sonar.server.user.UserSession;
import java.util.List;
@@ -58,19 +61,14 @@ public class InternalPermissionService implements ServerComponent {
}
private void changePermission(String permissionChange, Map<String, Object> params) {
- UserSession.get().checkPermission(Permissions.SYSTEM_ADMIN);
+ UserSession.get().checkGlobalPermission(Permission.SYSTEM_ADMIN);
PermissionChangeQuery permissionChangeQuery = PermissionChangeQuery.buildFromParams(params);
- if(permissionChangeQuery.isValid()) {
- applyPermissionChange(permissionChange, permissionChangeQuery);
- } else {
- String errorMsg = String.format("Request '%s permission %s' is invalid", permissionChange, permissionChangeQuery.getRole());
- LOG.error(errorMsg);
- throw new IllegalArgumentException(errorMsg);
- }
+ permissionChangeQuery.validate();
+ applyPermissionChange(permissionChange, permissionChangeQuery);
}
private void applyPermissionChange(String operation, PermissionChangeQuery permissionChangeQuery) {
- if(permissionChangeQuery.targetsUser()) {
+ if (permissionChangeQuery.targetsUser()) {
applyUserPermissionChange(operation, permissionChangeQuery);
} else {
applyGroupPermissionChange(operation, permissionChangeQuery);
@@ -79,13 +77,13 @@ public class InternalPermissionService implements ServerComponent {
private void applyGroupPermissionChange(String operation, PermissionChangeQuery permissionChangeQuery) {
List<String> existingPermissions = roleDao.selectGroupPermissions(permissionChangeQuery.getGroup());
- if(shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.getRole())) {
+ if (shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.getRole())) {
LOG.info("Skipping permission change '{} {}' for group {} as it matches the current permission scheme",
- new String[]{operation, permissionChangeQuery.getRole(), permissionChangeQuery.getGroup()});
+ new String[] {operation, permissionChangeQuery.getRole(), permissionChangeQuery.getGroup()});
} else {
Long targetedGroup = getTargetedGroup(permissionChangeQuery.getGroup());
GroupRoleDto groupRole = new GroupRoleDto().setRole(permissionChangeQuery.getRole()).setGroupId(targetedGroup);
- if(ADD.equals(operation)) {
+ if (ADD.equals(operation)) {
roleDao.insertGroupRole(groupRole);
} else {
roleDao.deleteGroupRole(groupRole);
@@ -95,13 +93,13 @@ public class InternalPermissionService implements ServerComponent {
private void applyUserPermissionChange(String operation, PermissionChangeQuery permissionChangeQuery) {
List<String> existingPermissions = roleDao.selectUserPermissions(permissionChangeQuery.getUser());
- if(shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.getRole())) {
+ if (shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.getRole())) {
LOG.info("Skipping permission change '{} {}' for user {} as it matches the current permission scheme",
- new String[]{operation, permissionChangeQuery.getRole(), permissionChangeQuery.getUser()});
+ new String[] {operation, permissionChangeQuery.getRole(), permissionChangeQuery.getUser()});
} else {
Long targetedUser = getTargetedUser(permissionChangeQuery.getUser());
UserRoleDto userRole = new UserRoleDto().setRole(permissionChangeQuery.getRole()).setUserId(targetedUser);
- if(ADD.equals(operation)) {
+ if (ADD.equals(operation)) {
roleDao.insertUserRole(userRole);
} else {
roleDao.deleteUserRole(userRole);
@@ -114,7 +112,7 @@ public class InternalPermissionService implements ServerComponent {
}
private Long getTargetedGroup(String group) {
- if(DefaultGroups.isAnyone(group)) {
+ if (DefaultGroups.isAnyone(group)) {
return null;
}
return userDao.selectGroupByName(group).getId();
diff --git a/sonar-server/src/main/java/org/sonar/server/permission/PermissionChangeQuery.java b/sonar-server/src/main/java/org/sonar/server/permission/PermissionChangeQuery.java
index d9ffc2cdf88..cc9175229fb 100644
--- a/sonar-server/src/main/java/org/sonar/server/permission/PermissionChangeQuery.java
+++ b/sonar-server/src/main/java/org/sonar/server/permission/PermissionChangeQuery.java
@@ -21,7 +21,7 @@
package org.sonar.server.permission;
import org.apache.commons.lang.StringUtils;
-import org.sonar.core.user.Permissions;
+import org.sonar.core.user.Permission;
import java.util.Map;
@@ -42,11 +42,22 @@ public class PermissionChangeQuery {
}
public static PermissionChangeQuery buildFromParams(Map<String, Object> params) {
- return new PermissionChangeQuery((String)params.get(USER_KEY), (String)params.get(GROUP_KEY), (String)params.get(ROLE_KEY));
+ return new PermissionChangeQuery((String) params.get(USER_KEY), (String) params.get(GROUP_KEY), (String) params.get(ROLE_KEY));
}
- public boolean isValid() {
- return StringUtils.isNotBlank(role) && isValidPermissionReference(role) && (StringUtils.isNotBlank(user) ^ StringUtils.isNotBlank(group));
+ public void validate() {
+ if (StringUtils.isBlank(role)) {
+ throw new IllegalArgumentException("Missing role parameter");
+ }
+ if (StringUtils.isBlank(user) && StringUtils.isBlank(group)) {
+ throw new IllegalArgumentException("Missing user or group parameter");
+ }
+ if (StringUtils.isNotBlank(user) && StringUtils.isNotBlank(group)) {
+ throw new IllegalArgumentException("Only one of user or group parameter should be provided");
+ }
+ if (!Permission.allGlobal().keySet().contains(role)) {
+ throw new IllegalArgumentException("Invalid role key " + role);
+ }
}
public boolean targetsUser() {
@@ -64,12 +75,4 @@ public class PermissionChangeQuery {
public String getRole() {
return role;
}
-
- private boolean isValidPermissionReference(String role) {
- return Permissions.SYSTEM_ADMIN.equals(role)
- || Permissions.QUALITY_PROFILE_ADMIN.equals(role)
- || Permissions.DASHBOARD_SHARING.equals(role)
- || Permissions.SCAN_EXECUTION.equals(role)
- || Permissions.DRY_RUN_EXECUTION.equals(role);
- }
}
diff --git a/sonar-server/src/main/java/org/sonar/server/user/DefaultUserService.java b/sonar-server/src/main/java/org/sonar/server/user/DefaultUserService.java
index fa34039c69d..b807e92952f 100644
--- a/sonar-server/src/main/java/org/sonar/server/user/DefaultUserService.java
+++ b/sonar-server/src/main/java/org/sonar/server/user/DefaultUserService.java
@@ -25,12 +25,13 @@ import org.sonar.api.user.RubyUserService;
import org.sonar.api.user.User;
import org.sonar.api.user.UserFinder;
import org.sonar.api.user.UserQuery;
-import org.sonar.api.web.UserRole;
+import org.sonar.core.user.Permission;
import org.sonar.core.user.UserDao;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.util.RubyUtils;
import javax.annotation.CheckForNull;
+
import java.util.List;
import java.util.Map;
@@ -61,7 +62,7 @@ public class DefaultUserService implements RubyUserService {
builder.includeDeactivated();
}
builder.logins(RubyUtils.toStrings(params.get("logins")));
- builder.searchText((String)params.get("s"));
+ builder.searchText((String) params.get("s"));
return builder.build();
}
@@ -70,7 +71,7 @@ public class DefaultUserService implements RubyUserService {
throw new BadRequestException("Login is missing");
}
UserSession userSession = UserSession.get();
- userSession.checkPermission(/* TODO replaced with permission constant */UserRole.ADMIN);
+ userSession.checkGlobalPermission(Permission.SYSTEM_ADMIN);
if (Objects.equal(userSession.login(), login)) {
throw new BadRequestException("Self-deactivation is not possible");
}
diff --git a/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
index 81509c4346e..f0e67d36e3a 100644
--- a/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
+++ b/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
@@ -21,7 +21,10 @@ package org.sonar.server.user;
import com.google.common.base.Objects;
import com.google.common.base.Strings;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.sonar.core.user.AuthorizationDao;
+import org.sonar.core.user.Permission;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.platform.Platform;
@@ -29,6 +32,7 @@ import org.sonar.server.platform.Platform;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
+import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
@@ -39,11 +43,12 @@ public class UserSession {
private static final ThreadLocal<UserSession> THREAD_LOCAL = new ThreadLocal<UserSession>();
public static final UserSession ANONYMOUS = new UserSession();
+ private static final Logger LOG = LoggerFactory.getLogger(UserSession.class);
private Integer userId;
private String login;
private Locale locale = Locale.ENGLISH;
- List<String> permissions = null;
+ List<Permission> permissions = null;
UserSession() {
}
@@ -91,8 +96,8 @@ public class UserSession {
/**
* Ensures that user implies the specified permission. If not a {@link org.sonar.server.exceptions.ForbiddenException} is thrown.
*/
- public UserSession checkPermission(String permission) {
- if (!hasPermission(permission)) {
+ public UserSession checkGlobalPermission(Permission permission) {
+ if (!hasGlobalPermission(permission)) {
throw new ForbiddenException();
}
return this;
@@ -101,13 +106,23 @@ public class UserSession {
/**
* Does the user have the given permission ?
*/
- public boolean hasPermission(String permission) {
- return permissions().contains(permission);
+ public boolean hasGlobalPermission(Permission permission) {
+ return globalPermissions().contains(permission);
}
- List<String> permissions() {
+ List<Permission> globalPermissions() {
if (permissions == null) {
- permissions = authorizationDao().selectGlobalPermissions(login);
+ List<String> permissionKeys = authorizationDao().selectGlobalPermissions(login);
+ permissions = new ArrayList<Permission>();
+ for (String permissionKey : permissionKeys) {
+ Permission perm = Permission.allGlobal().get(permissionKey);
+ if (perm == null) {
+ LOG.warn("Ignoring unknow permission {} for user {}", permissionKey, login);
+ }
+ else {
+ permissions.add(perm);
+ }
+ }
}
return permissions;
}
@@ -132,4 +147,3 @@ public class UserSession {
return THREAD_LOCAL.get() != null;
}
}
-
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/batch_bootstrap_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/batch_bootstrap_controller.rb
index 77b709dec77..d5bbe8aa0ae 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/batch_bootstrap_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/batch_bootstrap_controller.rb
@@ -26,7 +26,7 @@ class BatchBootstrapController < Api::ApiController
# GET /batch_bootstrap/db?project=<key or id>
def db
- has_dryrun_role = has_role?(:dryRunScan)
+ has_dryrun_role = has_role?(Java::OrgSonarCoreUser::Permission::DRY_RUN_EXECUTION)
return render_unauthorized("You're not authorized to execute a dry run analysis. Please contact your SonarQube administrator.") if !has_dryrun_role
project = load_project()
return render_unauthorized("You're not authorized to access to project '" + project.name + "', please contact your SonarQube administrator") if project && !has_role?(:user, project)
@@ -38,8 +38,8 @@ class BatchBootstrapController < Api::ApiController
# GET /batch_bootstrap/properties?[project=<key or id>][&dryRun=true|false]
def properties
dryRun = params[:dryRun].present? && params[:dryRun] == "true"
- has_dryrun_role = has_role?(:dryRunScan)
- has_scan_role = has_role?(:scan)
+ has_dryrun_role = has_role?(Java::OrgSonarCoreUser::Permission::DRY_RUN_EXECUTION)
+ has_scan_role = has_role?(Java::OrgSonarCoreUser::Permission::SCAN_EXECUTION)
return render_unauthorized("You're not authorized to execute any SonarQube analysis. Please contact your SonarQube administrator.") if (!has_dryrun_role && !has_scan_role)
return render_unauthorized("You're only authorized to execute a local (dry run) SonarQube analysis without pushing the results to the SonarQube server. Please contact your SonarQube administrator.") if (!dryRun && !has_scan_role)
@@ -49,7 +49,7 @@ class BatchBootstrapController < Api::ApiController
# project properties
root_project = load_project()
- return render_unauthorized("You're not authorized to access to project '" + root_project.name + "', please contact your SonarQube administrator") if root_project && !has_role?(:scan) && !has_role?(:user, root_project)
+ return render_unauthorized("You're not authorized to access to project '" + root_project.name + "', please contact your SonarQube administrator") if root_project && !has_scan_role && !has_role?(:user, root_project)
if root_project
# bottom-up projects
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/global.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/global.html.erb
index 13d24888669..b21cb27ef4d 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/global.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/global.html.erb
@@ -9,18 +9,18 @@
</tr>
</thead>
<tbody>
- <% ['admin', 'profileadmin', 'shareDashboard', 'scan', 'dryRunScan'].each do |global_permission| %>
+ <% Java::OrgSonarCoreUser::Permission::allGlobal.keySet.each do |global_permission_key| %>
<tr class="<%= cycle('even', 'odd', :name => 'global_permission') -%>" >
<td valign="top">
- <b><%= message('global_permissions.' + global_permission) -%></b><br/>
- <span class="small gray"><%= message('global_permissions.' + global_permission + '.desc') -%></span></td>
+ <b><%= message('global_permissions.' + global_permission_key) -%></b><br/>
+ <span class="small gray"><%= message('global_permissions.' + global_permission_key + '.desc') -%></span></td>
<td valign="top" style="word-break:break-all;width:30%;">
- <span><%= users(global_permission).map(&:name).join(', ') -%></span>
- (<%= link_to "select", {:action => 'edit_users', :role => global_permission, :redirect => 'global'}, :class => 'link-action', :id => "select-users-#{global_permission}" -%>)
+ <span><%= users(global_permission_key).map(&:name).join(', ') -%></span>
+ (<%= link_to "select", {:action => 'edit_users', :role => global_permission_key, :redirect => 'global'}, :class => 'link-action', :id => "select-users-#{global_permission_key}" -%>)
</td>
<td valign="top" style="word-break:break-all;width:30%;">
- <span><%= groups(global_permission).map{|g| group_name(g)}.join(', ') %></span>
- (<%= link_to "select", {:action => 'edit_groups', :role => global_permission, :redirect => 'global'}, :class => 'link-action', :id => "select-groups-#{global_permission}" -%>)
+ <span><%= groups(global_permission_key).map{|g| group_name(g)}.join(', ') %></span>
+ (<%= link_to "select", {:action => 'edit_groups', :role => global_permission_key, :redirect => 'global'}, :class => 'link-action', :id => "select-groups-#{global_permission_key}" -%>)
</td>
</tr>
<% end %>
diff --git a/sonar-server/src/main/webapp/WEB-INF/db/migrate/414_add_scan_and_dry_run_permissions.rb b/sonar-server/src/main/webapp/WEB-INF/db/migrate/414_add_scan_and_dry_run_permissions.rb
index cd00678468f..a11a15f72a3 100644
--- a/sonar-server/src/main/webapp/WEB-INF/db/migrate/414_add_scan_and_dry_run_permissions.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/db/migrate/414_add_scan_and_dry_run_permissions.rb
@@ -34,11 +34,11 @@ class AddScanAndDryRunPermissions < ActiveRecord::Migration
def self.up
# -- Role scan --
# Anyone
- GroupRole.create(:group_id => nil, :role => 'scan', :resource_id => nil)
+ GroupRole.create(:group_id => nil, :role => Java::OrgSonarCoreUser::Permission::SCAN_EXECUTION.key, :resource_id => nil)
# -- Role dryRunScan --
# Anyone
- GroupRole.create(:group_id => nil, :role => 'dryRunScan', :resource_id => nil)
+ GroupRole.create(:group_id => nil, :role => Java::OrgSonarCoreUser::Permission::DRY_RUN_EXECUTION.key, :resource_id => nil)
end
end
diff --git a/sonar-server/src/main/webapp/WEB-INF/lib/need_authorization.rb b/sonar-server/src/main/webapp/WEB-INF/lib/need_authorization.rb
index bd4d7cee724..78ce1114ffd 100644
--- a/sonar-server/src/main/webapp/WEB-INF/lib/need_authorization.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/lib/need_authorization.rb
@@ -57,10 +57,11 @@ module NeedAuthorization
# has_role?(:admin, [30,45,7]) checks if the user is administrator of the projects 30, 40 and 7. It returns an array of 3 booleans.
#
def has_role?(role, objects=nil)
+ role = role.key if role.java_kind_of?(Java::OrgSonarCoreUser::Permission)
+ role = role.to_s
if objects.nil?
- role_symbol=role.to_sym
- if role_symbol==:admin || role_symbol==:profileadmin || role_symbol==:shareDashboard || role_symbol==:scan || role_symbol==:dryRunScan
- AuthorizerFactory.authorizer.has_role?(self, role_symbol)
+ if Java::OrgSonarCoreUser::Permission::allGlobal.keySet.include?(role)
+ AuthorizerFactory.authorizer.has_role?(self, role.to_sym)
else
# There's no concept of global users or global codeviewers.
# Someone is considered as user if
diff --git a/sonar-server/src/test/java/org/sonar/server/issue/IssueFilterServiceTest.java b/sonar-server/src/test/java/org/sonar/server/issue/IssueFilterServiceTest.java
index 6350e37a414..256b7871a03 100644
--- a/sonar-server/src/test/java/org/sonar/server/issue/IssueFilterServiceTest.java
+++ b/sonar-server/src/test/java/org/sonar/server/issue/IssueFilterServiceTest.java
@@ -37,7 +37,7 @@ import org.sonar.core.issue.db.IssueFilterDto;
import org.sonar.core.issue.db.IssueFilterFavouriteDao;
import org.sonar.core.issue.db.IssueFilterFavouriteDto;
import org.sonar.core.user.AuthorizationDao;
-import org.sonar.core.user.Permissions;
+import org.sonar.core.user.Permission;
import org.sonar.server.user.MockUserSession;
import org.sonar.server.user.UserSession;
@@ -50,7 +50,15 @@ import static com.google.common.collect.Maps.newHashMap;
import static org.fest.assertions.Assertions.assertThat;
import static org.fest.assertions.Fail.fail;
import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.*;
+import static org.mockito.Matchers.anyLong;
+import static org.mockito.Matchers.anyMap;
+import static org.mockito.Matchers.argThat;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
public class IssueFilterServiceTest {
@@ -213,7 +221,7 @@ public class IssueFilterServiceTest {
@Test
public void should_not_save_shared_filter_if_name_already_used_by_shared_filter() {
- when(issueFilterDao.selectByUser(eq("john"))).thenReturn(Collections.<IssueFilterDto>emptyList());
+ when(issueFilterDao.selectByUser(eq("john"))).thenReturn(Collections.<IssueFilterDto> emptyList());
when(issueFilterDao.selectSharedFilters()).thenReturn(newArrayList(new IssueFilterDto().setId(1L).setName("My Issue").setUserLogin("henry").setShared(true)));
DefaultIssueFilter issueFilter = new DefaultIssueFilter().setName("My Issue").setShared(true);
try {
@@ -264,7 +272,7 @@ public class IssueFilterServiceTest {
@Test
public void should_update_other_shared_filter_if_admin() {
- when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(UserRole.ADMIN));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setUserLogin("arthur").setShared(true));
DefaultIssueFilter result = service.update(new DefaultIssueFilter().setId(1L).setName("My New Filter"), userSession);
@@ -335,7 +343,7 @@ public class IssueFilterServiceTest {
IssueFilterDto sharedFilter = new IssueFilterDto().setId(1L).setName("My filter").setUserLogin("former.owner").setShared(true);
IssueFilterDto expectedDto = new IssueFilterDto().setName("My filter").setUserLogin("new.owner").setShared(true);
- when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(Permissions.SYSTEM_ADMIN));
+ when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
when(issueFilterDao.selectById(1L)).thenReturn(sharedFilter);
when(issueFilterDao.selectSharedFilters()).thenReturn(Lists.newArrayList(sharedFilter));
@@ -350,7 +358,7 @@ public class IssueFilterServiceTest {
String currentUser = "dave.loper";
IssueFilterDto sharedFilter = new IssueFilterDto().setId(1L).setName("My filter").setUserLogin(currentUser).setShared(true);
- when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(Permissions.DRY_RUN_EXECUTION));
+ when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(Permission.DRY_RUN_EXECUTION.key()));
when(issueFilterDao.selectById(1L)).thenReturn(sharedFilter);
try {
@@ -399,7 +407,7 @@ public class IssueFilterServiceTest {
@Test
public void should_delete_shared_filter_if_user_is_admin() {
- when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(UserRole.ADMIN));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("arthur").setShared(true));
service.delete(1L, userSession);
@@ -409,7 +417,7 @@ public class IssueFilterServiceTest {
@Test
public void should_not_delete_not_shared_filter_if_user_is_admin() {
- when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(UserRole.ADMIN));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("arthur").setShared(false));
try {
@@ -482,9 +490,9 @@ public class IssueFilterServiceTest {
@Test
public void should_find_shared_issue_filter() {
when(issueFilterDao.selectSharedFilters()).thenReturn(newArrayList(
- new IssueFilterDto().setId(1L).setName("My Issue").setUserLogin("john").setShared(true),
- new IssueFilterDto().setId(2L).setName("Project Issues").setUserLogin("arthur").setShared(true)
- ));
+ new IssueFilterDto().setId(1L).setName("My Issue").setUserLogin("john").setShared(true),
+ new IssueFilterDto().setId(2L).setName("Project Issues").setUserLogin("arthur").setShared(true)
+ ));
List<DefaultIssueFilter> results = service.findSharedFiltersWithoutUserFilters(userSession);
assertThat(results).hasSize(1);
@@ -516,7 +524,7 @@ public class IssueFilterServiceTest {
public void should_add_favourite_issue_filter_id() {
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("john").setData("componentRoots=struts"));
// The filter is not in the favorite list --> add to favorite
- when(issueFilterFavouriteDao.selectByFilterId(1L)).thenReturn(Collections.<IssueFilterFavouriteDto>emptyList());
+ when(issueFilterFavouriteDao.selectByFilterId(1L)).thenReturn(Collections.<IssueFilterFavouriteDto> emptyList());
ArgumentCaptor<IssueFilterFavouriteDto> issueFilterFavouriteDtoCaptor = ArgumentCaptor.forClass(IssueFilterFavouriteDto.class);
service.toggleFavouriteIssueFilter(1L, userSession);
@@ -531,7 +539,7 @@ public class IssueFilterServiceTest {
public void should_add_favourite_on_shared_filter() {
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("arthur").setShared(true));
// The filter is not in the favorite list --> add to favorite
- when(issueFilterFavouriteDao.selectByFilterId(1L)).thenReturn(Collections.<IssueFilterFavouriteDto>emptyList());
+ when(issueFilterFavouriteDao.selectByFilterId(1L)).thenReturn(Collections.<IssueFilterFavouriteDto> emptyList());
ArgumentCaptor<IssueFilterFavouriteDto> issueFilterFavouriteDtoCaptor = ArgumentCaptor.forClass(IssueFilterFavouriteDto.class);
service.toggleFavouriteIssueFilter(1L, userSession);
@@ -599,7 +607,7 @@ public class IssueFilterServiceTest {
@Override
public boolean matches(Object o) {
- if(o != null && o instanceof IssueFilterDto) {
+ if (o != null && o instanceof IssueFilterDto) {
IssueFilterDto otherFilter = (IssueFilterDto) o;
return ObjectUtils.equals(referenceFilter.isShared(), otherFilter.isShared())
&& ObjectUtils.equals(referenceFilter.getUserLogin(), otherFilter.getUserLogin())
diff --git a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java
index 633ff89b982..c0a2434b78f 100644
--- a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java
+++ b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java
@@ -30,14 +30,24 @@ import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.security.DefaultGroups;
-import org.sonar.core.user.*;
+import org.sonar.core.user.GroupDto;
+import org.sonar.core.user.GroupRoleDto;
+import org.sonar.core.user.Permission;
+import org.sonar.core.user.RoleDao;
+import org.sonar.core.user.UserDao;
+import org.sonar.core.user.UserDto;
+import org.sonar.core.user.UserRoleDto;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.user.MockUserSession;
import java.util.Map;
+import static org.mockito.Matchers.any;
import static org.mockito.Matchers.argThat;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import static org.sonar.server.permission.InternalPermissionServiceTest.MatchesGroupRole.matchesRole;
import static org.sonar.server.permission.InternalPermissionServiceTest.MatchesUserRole.matchesRole;
@@ -53,7 +63,7 @@ public class InternalPermissionServiceTest {
@Before
public void setUpCommonStubbing() {
- MockUserSession.set().setLogin("admin").setPermissions(Permissions.SYSTEM_ADMIN);
+ MockUserSession.set().setLogin("admin").setPermissions(Permission.SYSTEM_ADMIN);
UserDto targetedUser = new UserDto().setId(2L).setLogin("user").setActive(true);
GroupDto targetedGroup = new GroupDto().setId(2L).setName("group");
@@ -69,9 +79,9 @@ public class InternalPermissionServiceTest {
@Test
public void should_add_user_permission() throws Exception {
- params = buildParams("user", null, Permissions.DASHBOARD_SHARING);
- setUpUserPermissions("user", Permissions.QUALITY_PROFILE_ADMIN);
- UserRoleDto roleToInsert = new UserRoleDto().setUserId(2L).setRole(Permissions.DASHBOARD_SHARING);
+ params = buildParams("user", null, Permission.DASHBOARD_SHARING);
+ setUpUserPermissions("user", Permission.QUALITY_PROFILE_ADMIN.key());
+ UserRoleDto roleToInsert = new UserRoleDto().setUserId(2L).setRole(Permission.DASHBOARD_SHARING.key());
service.addPermission(params);
@@ -80,9 +90,9 @@ public class InternalPermissionServiceTest {
@Test
public void should_remove_user_permission() throws Exception {
- params = buildParams("user", null, Permissions.QUALITY_PROFILE_ADMIN);
- setUpUserPermissions("user", Permissions.QUALITY_PROFILE_ADMIN);
- UserRoleDto roleToRemove = new UserRoleDto().setUserId(2L).setRole(Permissions.QUALITY_PROFILE_ADMIN);
+ params = buildParams("user", null, Permission.QUALITY_PROFILE_ADMIN);
+ setUpUserPermissions("user", Permission.QUALITY_PROFILE_ADMIN.key());
+ UserRoleDto roleToRemove = new UserRoleDto().setUserId(2L).setRole(Permission.QUALITY_PROFILE_ADMIN.key());
service.removePermission(params);
@@ -91,9 +101,9 @@ public class InternalPermissionServiceTest {
@Test
public void should_add_group_permission() throws Exception {
- params = buildParams(null, "group", Permissions.DASHBOARD_SHARING);
- setUpGroupPermissions("group", Permissions.QUALITY_PROFILE_ADMIN);
- GroupRoleDto roleToInsert = new GroupRoleDto().setGroupId(2L).setRole(Permissions.DASHBOARD_SHARING);
+ params = buildParams(null, "group", Permission.DASHBOARD_SHARING);
+ setUpGroupPermissions("group", Permission.QUALITY_PROFILE_ADMIN.key());
+ GroupRoleDto roleToInsert = new GroupRoleDto().setGroupId(2L).setRole(Permission.DASHBOARD_SHARING.key());
service.addPermission(params);
@@ -102,9 +112,9 @@ public class InternalPermissionServiceTest {
@Test
public void should_remove_group_permission() throws Exception {
- params = buildParams(null, "group", Permissions.QUALITY_PROFILE_ADMIN);
- setUpGroupPermissions("group", Permissions.QUALITY_PROFILE_ADMIN);
- GroupRoleDto roleToRemove = new GroupRoleDto().setGroupId(2L).setRole(Permissions.QUALITY_PROFILE_ADMIN);
+ params = buildParams(null, "group", Permission.QUALITY_PROFILE_ADMIN);
+ setUpGroupPermissions("group", Permission.QUALITY_PROFILE_ADMIN.key());
+ GroupRoleDto roleToRemove = new GroupRoleDto().setGroupId(2L).setRole(Permission.QUALITY_PROFILE_ADMIN.key());
service.removePermission(params);
@@ -113,8 +123,8 @@ public class InternalPermissionServiceTest {
@Test
public void should_skip_redundant_permission_change() throws Exception {
- params = buildParams("user", null, Permissions.QUALITY_PROFILE_ADMIN);
- setUpUserPermissions("user", Permissions.QUALITY_PROFILE_ADMIN);
+ params = buildParams("user", null, Permission.QUALITY_PROFILE_ADMIN);
+ setUpUserPermissions("user", Permission.QUALITY_PROFILE_ADMIN.key());
service.addPermission(params);
@@ -124,7 +134,7 @@ public class InternalPermissionServiceTest {
@Test
public void should_fail_on_invalid_request() throws Exception {
throwable.expect(IllegalArgumentException.class);
- params = buildParams("user", "group", Permissions.QUALITY_PROFILE_ADMIN);
+ params = buildParams("user", "group", Permission.QUALITY_PROFILE_ADMIN);
service.addPermission(params);
}
@@ -132,9 +142,9 @@ public class InternalPermissionServiceTest {
@Test
public void should_fail_on_insufficient_rights() throws Exception {
throwable.expect(ForbiddenException.class);
- params = buildParams("user", null, Permissions.QUALITY_PROFILE_ADMIN);
+ params = buildParams("user", null, Permission.QUALITY_PROFILE_ADMIN);
- MockUserSession.set().setLogin("unauthorized").setPermissions(Permissions.QUALITY_PROFILE_ADMIN);
+ MockUserSession.set().setLogin("unauthorized").setPermissions(Permission.QUALITY_PROFILE_ADMIN);
service.addPermission(params);
}
@@ -142,7 +152,7 @@ public class InternalPermissionServiceTest {
@Test
public void should_fail_on_anonymous_access() throws Exception {
throwable.expect(ForbiddenException.class);
- params = buildParams("user", null, Permissions.QUALITY_PROFILE_ADMIN);
+ params = buildParams("user", null, Permission.QUALITY_PROFILE_ADMIN);
MockUserSession.set();
@@ -151,8 +161,8 @@ public class InternalPermissionServiceTest {
@Test
public void should_add_permission_to_anyone_group() throws Exception {
- params = buildParams(null, DefaultGroups.ANYONE, Permissions.QUALITY_PROFILE_ADMIN);
- GroupRoleDto roleToInsert = new GroupRoleDto().setRole(Permissions.QUALITY_PROFILE_ADMIN);
+ params = buildParams(null, DefaultGroups.ANYONE, Permission.QUALITY_PROFILE_ADMIN);
+ GroupRoleDto roleToInsert = new GroupRoleDto().setRole(Permission.QUALITY_PROFILE_ADMIN.key());
service.addPermission(params);
@@ -161,9 +171,9 @@ public class InternalPermissionServiceTest {
@Test
public void should_remove_permission_from_anyone_group() throws Exception {
- params = buildParams(null, DefaultGroups.ANYONE, Permissions.QUALITY_PROFILE_ADMIN);
- setUpGroupPermissions(DefaultGroups.ANYONE, Permissions.QUALITY_PROFILE_ADMIN);
- GroupRoleDto roleToDelete = new GroupRoleDto().setRole(Permissions.QUALITY_PROFILE_ADMIN);
+ params = buildParams(null, DefaultGroups.ANYONE, Permission.QUALITY_PROFILE_ADMIN);
+ setUpGroupPermissions(DefaultGroups.ANYONE, Permission.QUALITY_PROFILE_ADMIN.key());
+ GroupRoleDto roleToDelete = new GroupRoleDto().setRole(Permission.QUALITY_PROFILE_ADMIN.key());
service.removePermission(params);
@@ -184,7 +194,7 @@ public class InternalPermissionServiceTest {
@Override
public boolean matches(Object o) {
- if(o != null && o instanceof UserRoleDto) {
+ if (o != null && o instanceof UserRoleDto) {
UserRoleDto otherDto = (UserRoleDto) o;
return ObjectUtils.equals(referenceDto.getResourceId(), otherDto.getResourceId()) &&
ObjectUtils.equals(referenceDto.getRole(), otherDto.getRole()) &&
@@ -212,7 +222,7 @@ public class InternalPermissionServiceTest {
@Override
public boolean matches(Object o) {
- if(o != null && o instanceof GroupRoleDto) {
+ if (o != null && o instanceof GroupRoleDto) {
GroupRoleDto otherDto = (GroupRoleDto) o;
return ObjectUtils.equals(referenceDto.getResourceId(), otherDto.getResourceId()) &&
ObjectUtils.equals(referenceDto.getRole(), otherDto.getRole()) &&
@@ -226,11 +236,11 @@ public class InternalPermissionServiceTest {
}
}
- private Map<String, Object> buildParams(String login, String group, String role) {
+ private Map<String, Object> buildParams(String login, String group, Permission perm) {
Map<String, Object> params = Maps.newHashMap();
params.put("user", login);
params.put("group", group);
- params.put("permission", role);
+ params.put("permission", perm.key());
return params;
}
diff --git a/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java b/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java
index ff0cd284340..5e4515590a2 100644
--- a/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java
+++ b/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java
@@ -21,30 +21,33 @@
package org.sonar.server.permission;
import com.google.common.collect.Maps;
+import org.junit.Rule;
import org.junit.Test;
-import org.sonar.core.user.Permissions;
+import org.junit.rules.ExpectedException;
+import org.sonar.core.user.Permission;
import java.util.Map;
import static org.fest.assertions.Assertions.assertThat;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
public class PermissionChangeQueryTest {
+ @Rule
+ public ExpectedException thrown = ExpectedException.none();
+
@Test
public void should_populate_from_params() throws Exception {
Map<String, Object> params = Maps.newHashMap();
params.put("user", "my_login");
params.put("group", "my_group");
- params.put("permission", Permissions.SYSTEM_ADMIN);
+ params.put("permission", Permission.SYSTEM_ADMIN.key());
PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(params);
assertThat(query.getUser()).isEqualTo("my_login");
assertThat(query.getGroup()).isEqualTo("my_group");
- assertThat(query.getRole()).isEqualTo(Permissions.SYSTEM_ADMIN);
+ assertThat(query.getRole()).isEqualTo(Permission.SYSTEM_ADMIN.key());
}
@Test
@@ -52,10 +55,10 @@ public class PermissionChangeQueryTest {
Map<String, Object> validUserParams = Maps.newHashMap();
validUserParams.put("user", "my_login");
- validUserParams.put("permission", Permissions.SYSTEM_ADMIN);
+ validUserParams.put("permission", Permission.SYSTEM_ADMIN.key());
PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(validUserParams);
- assertTrue(query.isValid());
+ query.validate();
}
@Test
@@ -63,10 +66,10 @@ public class PermissionChangeQueryTest {
Map<String, Object> validGroupParams = Maps.newHashMap();
validGroupParams.put("group", "my_group");
- validGroupParams.put("permission", Permissions.SYSTEM_ADMIN);
+ validGroupParams.put("permission", Permission.SYSTEM_ADMIN.key());
PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(validGroupParams);
- assertTrue(query.isValid());
+ query.validate();
}
@Test
@@ -75,19 +78,37 @@ public class PermissionChangeQueryTest {
Map<String, Object> inconsistentParams = Maps.newHashMap();
inconsistentParams.put("user", "my_login");
inconsistentParams.put("group", "my_group");
- inconsistentParams.put("permission", Permissions.SYSTEM_ADMIN);
+ inconsistentParams.put("permission", Permission.SYSTEM_ADMIN.key());
PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(inconsistentParams);
- assertFalse(query.isValid());
+
+ thrown.expect(IllegalArgumentException.class);
+ thrown.expectMessage("Only one of user or group parameter should be provided");
+ query.validate();
}
@Test
- public void should_detect_missing_parameters() throws Exception {
- Map<String, Object> validGroupParams = Maps.newHashMap();
- validGroupParams.put("permission", "admin");
+ public void should_detect_missing_user_or_group() throws Exception {
+ Map<String, Object> inconsistentParams = Maps.newHashMap();
+ inconsistentParams.put("permission", "admin");
- PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(validGroupParams);
- assertFalse(query.isValid());
+ PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(inconsistentParams);
+
+ thrown.expect(IllegalArgumentException.class);
+ thrown.expectMessage("Missing user or group parameter");
+ query.validate();
+ }
+
+ @Test
+ public void should_detect_missing_permission() throws Exception {
+ Map<String, Object> inconsistentParams = Maps.newHashMap();
+ inconsistentParams.put("user", "my_login");
+
+ PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(inconsistentParams);
+
+ thrown.expect(IllegalArgumentException.class);
+ thrown.expectMessage("Missing role parameter");
+ query.validate();
}
@Test
@@ -97,6 +118,9 @@ public class PermissionChangeQueryTest {
inconsistentParams.put("permission", "invalid_role");
PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(inconsistentParams);
- assertFalse(query.isValid());
+
+ thrown.expect(IllegalArgumentException.class);
+ thrown.expectMessage("Invalid role key invalid_role");
+ query.validate();
}
}
diff --git a/sonar-server/src/test/java/org/sonar/server/user/DefaultUserServiceTest.java b/sonar-server/src/test/java/org/sonar/server/user/DefaultUserServiceTest.java
index 37d4545c1c3..194de223491 100644
--- a/sonar-server/src/test/java/org/sonar/server/user/DefaultUserServiceTest.java
+++ b/sonar-server/src/test/java/org/sonar/server/user/DefaultUserServiceTest.java
@@ -27,7 +27,7 @@ import org.junit.rules.ExpectedException;
import org.mockito.ArgumentMatcher;
import org.sonar.api.user.UserFinder;
import org.sonar.api.user.UserQuery;
-import org.sonar.api.web.UserRole;
+import org.sonar.core.user.Permission;
import org.sonar.core.user.UserDao;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
@@ -35,7 +35,11 @@ import org.sonar.server.exceptions.ForbiddenException;
import static org.fest.assertions.Assertions.assertThat;
import static org.fest.assertions.Fail.fail;
import static org.mockito.Matchers.argThat;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
public class DefaultUserServiceTest {
@@ -48,11 +52,11 @@ public class DefaultUserServiceTest {
@Test
public void parse_query() throws Exception {
- service.find(ImmutableMap.<String, Object>of(
- "logins", "simon,loic",
- "includeDeactivated", "true",
- "s", "sim"
- ));
+ service.find(ImmutableMap.<String, Object> of(
+ "logins", "simon,loic",
+ "includeDeactivated", "true",
+ "s", "sim"
+ ));
verify(finder, times(1)).find(argThat(new ArgumentMatcher<UserQuery>() {
@Override
@@ -67,13 +71,13 @@ public class DefaultUserServiceTest {
@Test
public void test_empty_query() throws Exception {
- service.find(Maps.<String, Object>newHashMap());
+ service.find(Maps.<String, Object> newHashMap());
verify(finder, times(1)).find(argThat(new ArgumentMatcher<UserQuery>() {
@Override
public boolean matches(Object o) {
UserQuery query = (UserQuery) o;
- return !query.includeDeactivated() && query.logins() == null && query.searchText()==null;
+ return !query.includeDeactivated() && query.logins() == null && query.searchText() == null;
}
}));
}
@@ -81,7 +85,7 @@ public class DefaultUserServiceTest {
@Test
public void self_deactivation_is_not_possible() throws Exception {
try {
- MockUserSession.set().setLogin("simon").setPermissions(UserRole.ADMIN);
+ MockUserSession.set().setLogin("simon").setPermissions(Permission.SYSTEM_ADMIN);
service.deactivate("simon");
fail();
} catch (BadRequestException e) {
@@ -93,7 +97,7 @@ public class DefaultUserServiceTest {
@Test
public void user_deactivation_requires_admin_permission() throws Exception {
try {
- MockUserSession.set().setLogin("simon").setPermissions(UserRole.USER);
+ MockUserSession.set().setLogin("simon").setPermissions(Permission.QUALITY_PROFILE_ADMIN);
service.deactivate("julien");
fail();
} catch (ForbiddenException e) {
@@ -103,14 +107,14 @@ public class DefaultUserServiceTest {
@Test
public void deactivate_user() throws Exception {
- MockUserSession.set().setLogin("simon").setPermissions(UserRole.ADMIN);
+ MockUserSession.set().setLogin("simon").setPermissions(Permission.SYSTEM_ADMIN);
service.deactivate("julien");
verify(dao).deactivateUserByLogin("julien");
}
@Test
public void fail_to_deactivate_when_blank_login() throws Exception {
- MockUserSession.set().setLogin("simon").setPermissions(UserRole.ADMIN);
+ MockUserSession.set().setLogin("simon").setPermissions(Permission.SYSTEM_ADMIN);
try {
service.deactivate("");
fail();
diff --git a/sonar-server/src/test/java/org/sonar/server/user/MockUserSession.java b/sonar-server/src/test/java/org/sonar/server/user/MockUserSession.java
index 91f3a42bf36..d7dd2de8cbd 100644
--- a/sonar-server/src/test/java/org/sonar/server/user/MockUserSession.java
+++ b/sonar-server/src/test/java/org/sonar/server/user/MockUserSession.java
@@ -19,7 +19,10 @@
*/
package org.sonar.server.user;
+import org.sonar.core.user.Permission;
+
import javax.annotation.Nullable;
+
import java.util.Arrays;
import java.util.Collections;
import java.util.Locale;
@@ -55,8 +58,8 @@ public class MockUserSession extends UserSession {
return this;
}
- public MockUserSession setPermissions(String... s) {
- permissions = Arrays.asList(s);
+ public MockUserSession setPermissions(Permission... perm) {
+ permissions = Arrays.asList(perm);
return this;
}
}
diff --git a/sonar-server/src/test/java/org/sonar/server/user/MockUserSessionTest.java b/sonar-server/src/test/java/org/sonar/server/user/MockUserSessionTest.java
index 00932f3c2e9..5f99865391f 100644
--- a/sonar-server/src/test/java/org/sonar/server/user/MockUserSessionTest.java
+++ b/sonar-server/src/test/java/org/sonar/server/user/MockUserSessionTest.java
@@ -30,7 +30,7 @@ public class MockUserSessionTest {
UserSession mock = UserSession.get();
assertThat(mock.login()).isEqualTo("simon");
- assertThat(mock.permissions()).isEmpty();
+ assertThat(mock.globalPermissions()).isEmpty();
assertThat(mock.isLoggedIn()).isTrue();
}
}
diff --git a/sonar-server/src/test/java/org/sonar/server/user/UserSessionTest.java b/sonar-server/src/test/java/org/sonar/server/user/UserSessionTest.java
index 4b3ceded23c..a5890d3d7e1 100644
--- a/sonar-server/src/test/java/org/sonar/server/user/UserSessionTest.java
+++ b/sonar-server/src/test/java/org/sonar/server/user/UserSessionTest.java
@@ -21,6 +21,7 @@ package org.sonar.server.user;
import org.junit.Test;
import org.sonar.core.user.AuthorizationDao;
+import org.sonar.core.user.Permission;
import org.sonar.server.exceptions.ForbiddenException;
import java.util.Arrays;
@@ -62,11 +63,11 @@ public class UserSessionTest {
AuthorizationDao authorizationDao = mock(AuthorizationDao.class);
UserSession session = new SpyUserSession("marius", authorizationDao);
- when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("shareIssueFilter", "admin"));
+ when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin"));
- assertThat(session.hasPermission("shareIssueFilter")).isTrue();
- assertThat(session.hasPermission("admin")).isTrue();
- assertThat(session.hasPermission("shareDashboard")).isFalse();
+ assertThat(session.hasGlobalPermission(Permission.QUALITY_PROFILE_ADMIN)).isTrue();
+ assertThat(session.hasGlobalPermission(Permission.SYSTEM_ADMIN)).isTrue();
+ assertThat(session.hasGlobalPermission(Permission.DASHBOARD_SHARING)).isFalse();
}
@Test
@@ -81,9 +82,9 @@ public class UserSessionTest {
AuthorizationDao authorizationDao = mock(AuthorizationDao.class);
UserSession session = new SpyUserSession("marius", authorizationDao);
- when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("shareIssueFilter", "admin"));
+ when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin"));
- session.checkPermission("shareIssueFilter");
+ session.checkGlobalPermission(Permission.QUALITY_PROFILE_ADMIN);
}
@Test(expected = ForbiddenException.class)
@@ -91,9 +92,9 @@ public class UserSessionTest {
AuthorizationDao authorizationDao = mock(AuthorizationDao.class);
UserSession session = new SpyUserSession("marius", authorizationDao);
- when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("shareIssueFilter", "admin"));
+ when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin"));
- session.checkPermission("shareDashboard");
+ session.checkGlobalPermission(Permission.DASHBOARD_SHARING);
}
static class SpyUserSession extends UserSession {
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-28 16:06:44 +0000