SourcesShowWS : Check user has the code viewer role on the asks component

author: Julien Lancelot <julien.lancelot@sonarsource.com> 2014-01-24 16:22:29 +0100
committer: Julien Lancelot <julien.lancelot@sonarsource.com> 2014-01-24 16:22:42 +0100
commit: d08db62051ec8a9b09e2c3cf8176ff038e7c02f5 (patch)
tree: 77367c355ff39dd48dbfaef69d21f431a0a81566
parent: b300f735bf5aeda3d8b77e1d67012641f8a94f9b (diff)
download: sonarqube-d08db62051ec8a9b09e2c3cf8176ff038e7c02f5.tar.gz
sonarqube-d08db62051ec8a9b09e2c3cf8176ff038e7c02f5.zip
5 files changed, 122 insertions, 9 deletions
diff --git a/sonar-server/src/main/java/org/sonar/server/platform/Platform.java b/sonar-server/src/main/java/org/sonar/server/platform/Platform.java
index 5f7b9af5e49..c11aa773ccf 100644
--- a/sonar-server/src/main/java/org/sonar/server/platform/Platform.java
+++ b/sonar-server/src/main/java/org/sonar/server/platform/Platform.java
@@ -100,6 +100,7 @@ import org.sonar.server.rule.*;
 import org.sonar.server.rule.ws.RuleShowWsHandler;
 import org.sonar.server.rule.ws.RuleTagsWs;
 import org.sonar.server.rule.ws.RulesWs;
+import org.sonar.server.source.SourceService;
 import org.sonar.server.source.ws.SourcesShowWsHandler;
 import org.sonar.server.source.ws.SourcesWs;
 import org.sonar.server.startup.*;
@@ -369,6 +370,7 @@ public final class Platform {
 
     // source
     servicesContainer.addSingleton(HtmlSourceDecorator.class);
+    servicesContainer.addSingleton(SourceService.class);
     servicesContainer.addSingleton(SourcesWs.class);
     servicesContainer.addSingleton(SourcesShowWsHandler.class);
 
diff --git a/sonar-server/src/main/java/org/sonar/server/source/SourceService.java b/sonar-server/src/main/java/org/sonar/server/source/SourceService.java
new file mode 100644
index 00000000000..061917472ca
--- /dev/null
+++ b/sonar-server/src/main/java/org/sonar/server/source/SourceService.java
@@ -0,0 +1,47 @@
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+package org.sonar.server.source;
+
+import org.sonar.api.ServerComponent;
+import org.sonar.api.web.UserRole;
+import org.sonar.core.resource.ResourceDao;
+import org.sonar.core.resource.ResourceDto;
+import org.sonar.core.source.HtmlSourceDecorator;
+import org.sonar.server.user.UserSession;
+
+import java.util.List;
+
+public class SourceService implements ServerComponent {
+
+  private final HtmlSourceDecorator sourceDecorator;
+  private final ResourceDao resourceDao;
+
+  public SourceService(HtmlSourceDecorator sourceDecorator, ResourceDao resourceDao) {
+    this.sourceDecorator = sourceDecorator;
+    this.resourceDao = resourceDao;
+  }
+
+  public List<String> sourcesFromComponent(String componentKey){
+    ResourceDto project = resourceDao.getRootProjectByComponentKey(componentKey);
+    UserSession.get().checkProjectPermission(UserRole.CODEVIEWER, project.getKey());
+    return sourceDecorator.getDecoratedSourceAsHtml(componentKey);
+  }
+}
diff --git a/sonar-server/src/main/java/org/sonar/server/source/ws/SourcesShowWsHandler.java b/sonar-server/src/main/java/org/sonar/server/source/ws/SourcesShowWsHandler.java
index 470f35e1d11..3a52deb82cc 100644
--- a/sonar-server/src/main/java/org/sonar/server/source/ws/SourcesShowWsHandler.java
+++ b/sonar-server/src/main/java/org/sonar/server/source/ws/SourcesShowWsHandler.java
@@ -24,23 +24,23 @@ import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.RequestHandler;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.utils.text.JsonWriter;
-import org.sonar.core.source.HtmlSourceDecorator;
 import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.source.SourceService;
 
 import java.util.List;
 
 public class SourcesShowWsHandler implements RequestHandler {
 
-  private final HtmlSourceDecorator sourceDecorator;
+  private final SourceService sourceService;
 
-  public SourcesShowWsHandler(HtmlSourceDecorator sourceDecorator) {
-    this.sourceDecorator = sourceDecorator;
+  public SourcesShowWsHandler(SourceService sourceService) {
+    this.sourceService = sourceService;
   }
 
   @Override
   public void handle(Request request, Response response) {
     String componentKey = request.requiredParam("key");
-    List<String> sourceHtml = sourceDecorator.getDecoratedSourceAsHtml(componentKey);
+    List<String> sourceHtml = sourceService.sourcesFromComponent(componentKey);
     if (sourceHtml == null) {
       throw new NotFoundException("Source code not found for : " + componentKey);
     }
diff --git a/sonar-server/src/test/java/org/sonar/server/source/SourceServiceTest.java b/sonar-server/src/test/java/org/sonar/server/source/SourceServiceTest.java
new file mode 100644
index 00000000000..ba489c1ba61
--- /dev/null
+++ b/sonar-server/src/test/java/org/sonar/server/source/SourceServiceTest.java
@@ -0,0 +1,64 @@
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+package org.sonar.server.source;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.sonar.api.web.UserRole;
+import org.sonar.core.resource.ResourceDao;
+import org.sonar.core.resource.ResourceDto;
+import org.sonar.core.source.HtmlSourceDecorator;
+import org.sonar.server.user.MockUserSession;
+
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class SourceServiceTest {
+
+  @Mock
+  HtmlSourceDecorator sourceDecorator;
+
+  @Mock
+  ResourceDao resourceDao;
+
+  SourceService service;
+
+  @Before
+  public void setUp() throws Exception {
+    service = new SourceService(sourceDecorator, resourceDao);
+  }
+
+  @Test
+  public void sources_from_component() throws Exception {
+    String projectKey = "org.sonar.sample";
+    String componentKey = "org.sonar.sample:Sample";
+    MockUserSession.set().addProjectPermissions(UserRole.CODEVIEWER, projectKey);
+    when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(projectKey));
+
+    service.sourcesFromComponent(componentKey);
+
+    verify(sourceDecorator).getDecoratedSourceAsHtml(componentKey);
+  }
+}
diff --git a/sonar-server/src/test/java/org/sonar/server/source/ws/SourcesShowWsHandlerTest.java b/sonar-server/src/test/java/org/sonar/server/source/ws/SourcesShowWsHandlerTest.java
index d2e36e87d42..ceb81b8fe5e 100644
--- a/sonar-server/src/test/java/org/sonar/server/source/ws/SourcesShowWsHandlerTest.java
+++ b/sonar-server/src/test/java/org/sonar/server/source/ws/SourcesShowWsHandlerTest.java
@@ -26,7 +26,7 @@ import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
 import org.sonar.api.server.ws.WsTester;
-import org.sonar.core.source.HtmlSourceDecorator;
+import org.sonar.server.source.SourceService;
 
 import static com.google.common.collect.Lists.newArrayList;
 import static org.mockito.Mockito.when;
@@ -35,19 +35,19 @@ import static org.mockito.Mockito.when;
 public class SourcesShowWsHandlerTest {
 
   @Mock
-  HtmlSourceDecorator sourceDecorator;
+  SourceService sourceService;
 
   WsTester tester;
 
   @Before
   public void setUp() throws Exception {
-    tester = new WsTester(new SourcesWs(new SourcesShowWsHandler(sourceDecorator)));
+    tester = new WsTester(new SourcesWs(new SourcesShowWsHandler(sourceService)));
   }
 
   @Test
   public void show_source() throws Exception {
     String componentKey = "org.apache.struts:struts:Dispatcher";
-    when(sourceDecorator.getDecoratedSourceAsHtml(componentKey)).thenReturn(newArrayList(
+    when(sourceService.sourcesFromComponent(componentKey)).thenReturn(newArrayList(
       "/*",
       " * Header",
       " */",
author	Julien Lancelot <julien.lancelot@sonarsource.com>	2014-01-24 16:22:29 +0100
committer	Julien Lancelot <julien.lancelot@sonarsource.com>	2014-01-24 16:22:42 +0100
commit	d08db62051ec8a9b09e2c3cf8176ff038e7c02f5 (patch)
tree	77367c355ff39dd48dbfaef69d21f431a0a81566
parent	b300f735bf5aeda3d8b77e1d67012641f8a94f9b (diff)
download	sonarqube-d08db62051ec8a9b09e2c3cf8176ff038e7c02f5.tar.gz sonarqube-d08db62051ec8a9b09e2c3cf8176ff038e7c02f5.zip