aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTeryk Bellahsene <teryk.bellahsene@sonarsource.com>2015-08-20 10:54:38 +0200
committerTeryk Bellahsene <teryk.bellahsene@sonarsource.com>2015-08-24 10:09:51 +0200
commite2b1e27a21b6f703a7665018aa029582615188f2 (patch)
tree3a5dd640a63a4dbe34f8ca35709408c05c28df51
parent291fb3a2df3e2c45cc04cfdb31d977bb6b731b7f (diff)
downloadsonarqube-e2b1e27a21b6f703a7665018aa029582615188f2.tar.gz
sonarqube-e2b1e27a21b6f703a7665018aa029582615188f2.zip
Create and use PermissionPrivilegeChecker in the permission domain
Diffstat
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java62
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java13
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUpdater.java21
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/permission/PermissionUpdater.java18
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java8
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionWsCommons.java22
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java9
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java31
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java8
-rw-r--r--server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java2
-rw-r--r--server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java2
-rw-r--r--server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java4
-rw-r--r--server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java2
-rw-r--r--server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java2
-rw-r--r--server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java4
15 files changed, 112 insertions, 96 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java
new file mode 100644
index 00000000000..aaa6e145fcf
--- /dev/null
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java
@@ -0,0 +1,62 @@
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2014 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.server.permission;
+
+import com.google.common.base.Optional;
+import javax.annotation.Nullable;
+import org.sonar.api.web.UserRole;
+import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.db.component.ComponentDto;
+import org.sonar.server.user.UserSession;
+
+public class PermissionPrivilegeChecker {
+ private PermissionPrivilegeChecker() {
+ // static methods only
+ }
+
+ public static void checkGlobalAdminUser(UserSession userSession) {
+ userSession
+ .checkLoggedIn()
+ .checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ }
+
+ public static void checkProjectAdminUserByComponentKey(UserSession userSession, @Nullable String componentKey) {
+ userSession.checkLoggedIn();
+ if (componentKey == null || !userSession.hasProjectPermission(UserRole.ADMIN, componentKey)) {
+ userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ }
+ }
+
+ public static void checkProjectAdminUserByComponentUuid(UserSession userSession, @Nullable String componentUuid) {
+ userSession.checkLoggedIn();
+ if (componentUuid == null || !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, componentUuid)) {
+ userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ }
+ }
+
+ public static void checkProjectAdminUserByComponentDto(UserSession userSession, Optional<ComponentDto> project) {
+ if (project.isPresent()) {
+ checkProjectAdminUserByComponentUuid(userSession, project.get().uuid());
+ } else {
+ checkGlobalAdminUser(userSession);
+ }
+ }
+}
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java
index 50c8c34b5c3..063a7ebea6d 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java
@@ -39,6 +39,9 @@ import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.user.UserSession;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentKey;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
+
/**
* Used by ruby code <pre>Internal.permission_templates</pre>
*/
@@ -67,7 +70,7 @@ public class PermissionTemplateService {
@CheckForNull
public PermissionTemplate selectPermissionTemplate(String templateKey) {
- PermissionTemplateUpdater.checkSystemAdminUser(userSession);
+ checkGlobalAdminUser(userSession);
PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectPermissionTemplate(templateKey);
return PermissionTemplate.create(permissionTemplateDto);
}
@@ -77,7 +80,7 @@ public class PermissionTemplateService {
}
public List<PermissionTemplate> selectAllPermissionTemplates(@Nullable String componentKey) {
- PermissionTemplateUpdater.checkProjectAdminUser(componentKey, userSession);
+ checkProjectAdminUserByComponentKey(userSession, componentKey);
List<PermissionTemplate> permissionTemplates = Lists.newArrayList();
List<PermissionTemplateDto> permissionTemplateDtos = permissionTemplateDao.selectAllPermissionTemplates();
if (permissionTemplateDtos != null) {
@@ -89,7 +92,7 @@ public class PermissionTemplateService {
}
public PermissionTemplate createPermissionTemplate(String name, @Nullable String description, @Nullable String keyPattern) {
- PermissionTemplateUpdater.checkSystemAdminUser(userSession);
+ checkGlobalAdminUser(userSession);
validateTemplateName(null, name);
validateKeyPattern(keyPattern);
PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.insertPermissionTemplate(name, description, keyPattern);
@@ -97,14 +100,14 @@ public class PermissionTemplateService {
}
public void updatePermissionTemplate(Long templateId, String newName, @Nullable String newDescription, @Nullable String newKeyPattern) {
- PermissionTemplateUpdater.checkSystemAdminUser(userSession);
+ checkGlobalAdminUser(userSession);
validateTemplateName(templateId, newName);
validateKeyPattern(newKeyPattern);
permissionTemplateDao.updatePermissionTemplate(templateId, newName, newDescription, newKeyPattern);
}
public void deletePermissionTemplate(Long templateId) {
- PermissionTemplateUpdater.checkSystemAdminUser(userSession);
+ checkGlobalAdminUser(userSession);
permissionTemplateDao.deletePermissionTemplate(templateId);
}
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUpdater.java
index 100d176b567..4e4385c45f6 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUpdater.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUpdater.java
@@ -20,11 +20,8 @@
package org.sonar.server.permission;
-import javax.annotation.Nullable;
import org.sonar.api.security.DefaultGroups;
-import org.sonar.api.web.UserRole;
import org.sonar.core.permission.ComponentPermissions;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.permission.PermissionTemplateDao;
import org.sonar.db.permission.PermissionTemplateDto;
@@ -32,9 +29,10 @@ import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDao;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.user.UserSession;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
+
abstract class PermissionTemplateUpdater {
private final String templateKey;
@@ -54,7 +52,7 @@ abstract class PermissionTemplateUpdater {
}
void executeUpdate() {
- checkSystemAdminUser(userSession);
+ checkGlobalAdminUser(userSession);
Long templateId = getTemplateId(templateKey);
validatePermission(permission);
doExecute(templateId, permission);
@@ -81,19 +79,6 @@ abstract class PermissionTemplateUpdater {
return groupDto.getId();
}
- static void checkSystemAdminUser(UserSession userSession) {
- checkProjectAdminUser(null, userSession);
- }
-
- static void checkProjectAdminUser(@Nullable String componentKey, UserSession userSession) {
- userSession.checkLoggedIn();
- if (componentKey == null) {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
- } else if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, componentKey)) {
- throw new ForbiddenException("Insufficient privileges");
- }
- }
-
private void validatePermission(String permission) {
if (permission == null || !ComponentPermissions.ALL.contains(permission)) {
throw new BadRequestException("Invalid permission: " + permission);
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionUpdater.java
index 345cf2d138f..7c7d52d0135 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionUpdater.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionUpdater.java
@@ -24,7 +24,6 @@ import java.util.List;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import org.sonar.api.security.DefaultGroups;
-import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
@@ -34,10 +33,11 @@ import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.component.ComponentFinder;
import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.issue.index.IssueAuthorizationIndexer;
import org.sonar.server.user.UserSession;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentKey;
+
public class PermissionUpdater {
private enum Operation {
@@ -104,7 +104,7 @@ public class PermissionUpdater {
private boolean applyChangeOnGroup(DbSession session, Operation operation, PermissionChange permissionChange) {
Long componentId = getComponentId(session, permissionChange.componentKey());
- checkProjectAdminPermission(permissionChange.componentKey());
+ checkProjectAdminUserByComponentKey(userSession, permissionChange.componentKey());
List<String> existingPermissions = dbClient.roleDao().selectGroupPermissions(session, permissionChange.groupName(), componentId);
if (shouldSkipPermissionChange(operation, existingPermissions, permissionChange)) {
@@ -132,7 +132,7 @@ public class PermissionUpdater {
private boolean applyChangeOnUser(DbSession session, Operation operation, PermissionChange permissionChange) {
Long componentId = getComponentId(session, permissionChange.componentKey());
- checkProjectAdminPermission(permissionChange.componentKey());
+ checkProjectAdminUserByComponentKey(userSession, permissionChange.componentKey());
List<String> existingPermissions = dbClient.roleDao().selectUserPermissions(session, permissionChange.userLogin(), componentId);
if (shouldSkipPermissionChange(operation, existingPermissions, permissionChange)) {
@@ -204,16 +204,6 @@ public class PermissionUpdater {
return component;
}
- private void checkProjectAdminPermission(@Nullable String projectKey) {
- if (projectKey == null) {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
- } else {
- if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, projectKey)) {
- throw new ForbiddenException("Insufficient privileges");
- }
- }
- }
-
private void indexProjectPermissions() {
issueAuthorizationIndexer.index();
}
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java
index 943d6731917..f01343db2d7 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java
@@ -34,10 +34,12 @@ import org.sonar.db.permission.PermissionQuery;
import org.sonar.server.permission.GroupWithPermissionQueryResult;
import org.sonar.server.permission.PermissionFinder;
import org.sonar.server.permission.ws.PermissionRequest.Builder;
+import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Common;
import org.sonarqube.ws.Permissions;
import static com.google.common.base.Objects.firstNonNull;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentDto;
import static org.sonar.server.permission.PermissionQueryParser.toMembership;
import static org.sonar.server.permission.ws.PermissionWsCommons.createPermissionParameter;
import static org.sonar.server.permission.ws.PermissionWsCommons.createProjectKeyParameter;
@@ -45,10 +47,12 @@ import static org.sonar.server.permission.ws.PermissionWsCommons.createProjectUu
import static org.sonar.server.ws.WsUtils.writeProtobuf;
public class GroupsAction implements PermissionsWsAction {
+ private final UserSession userSession;
private final PermissionFinder permissionFinder;
private final PermissionWsCommons permissionWsCommons;
- public GroupsAction(PermissionFinder permissionFinder, PermissionWsCommons permissionWsCommons) {
+ public GroupsAction(UserSession userSession, PermissionFinder permissionFinder, PermissionWsCommons permissionWsCommons) {
+ this.userSession = userSession;
this.permissionFinder = permissionFinder;
this.permissionWsCommons = permissionWsCommons;
}
@@ -78,7 +82,7 @@ public class GroupsAction implements PermissionsWsAction {
public void handle(Request wsRequest, Response wsResponse) throws Exception {
PermissionRequest request = new Builder(wsRequest).withPagination().build();
Optional<ComponentDto> project = permissionWsCommons.searchProject(request);
- permissionWsCommons.checkPermissions(project);
+ checkProjectAdminUserByComponentDto(userSession, project);
PermissionQuery permissionQuery = buildPermissionQuery(request, project);
Permissions.GroupsResponse groupsResponse = groupsResponse(permissionQuery, request);
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionWsCommons.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionWsCommons.java
index 8a0a5f7ed34..8749870dca9 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionWsCommons.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionWsCommons.java
@@ -24,7 +24,6 @@ import com.google.common.base.Joiner;
import com.google.common.base.Optional;
import javax.annotation.Nullable;
import org.sonar.api.server.ws.WebService.NewAction;
-import org.sonar.api.web.UserRole;
import org.sonar.core.permission.ComponentPermissions;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
@@ -34,9 +33,6 @@ import org.sonar.db.user.GroupDto;
import org.sonar.server.component.ComponentFinder;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.permission.PermissionChange;
-import org.sonar.server.user.UserSession;
-
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
public class PermissionWsCommons {
@@ -58,12 +54,10 @@ public class PermissionWsCommons {
private final DbClient dbClient;
private final ComponentFinder componentFinder;
- private final UserSession userSession;
- public PermissionWsCommons(DbClient dbClient, ComponentFinder componentFinder, UserSession userSession) {
+ public PermissionWsCommons(DbClient dbClient, ComponentFinder componentFinder) {
this.dbClient = dbClient;
this.componentFinder = componentFinder;
- this.userSession = userSession;
}
public String searchGroupName(DbSession dbSession, @Nullable String groupNameParam, @Nullable Long groupId) {
@@ -119,20 +113,6 @@ public class PermissionWsCommons {
}
}
- void checkPermissions(Optional<ComponentDto> project) {
- userSession.checkLoggedIn();
-
- if (userSession.hasGlobalPermission(SYSTEM_ADMIN) || projectPresentAndAdminPermissionsOnIt(project)) {
- return;
- }
-
- userSession.checkGlobalPermission(SYSTEM_ADMIN);
- }
-
- boolean projectPresentAndAdminPermissionsOnIt(Optional<ComponentDto> project) {
- return project.isPresent() && userSession.hasProjectPermissionByUuid(UserRole.ADMIN, project.get().projectUuid());
- }
-
static void createPermissionParameter(NewAction action) {
action.createParam(PARAM_PERMISSION)
.setDescription(PERMISSION_PARAM_DESCRIPTION)
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java
index 617309f4877..93244d6ef9d 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java
@@ -33,6 +33,7 @@ import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Permissions.Permission;
import org.sonarqube.ws.Permissions.SearchGlobalPermissionsResponse;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
import static org.sonarqube.ws.Permissions.Permission.newBuilder;
@@ -62,7 +63,7 @@ public class SearchGlobalPermissionsAction implements PermissionsWsAction {
@Override
public void handle(Request wsRequest, Response wsResponse) throws Exception {
- checkPermissions();
+ checkGlobalAdminUser(userSession);
DbSession dbSession = dbClient.openSession(false);
try {
@@ -94,12 +95,6 @@ public class SearchGlobalPermissionsAction implements PermissionsWsAction {
return response.build();
}
- private void checkPermissions() {
- userSession
- .checkLoggedIn()
- .checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
- }
-
private String i18nDescriptionMessage(String permissionKey) {
return i18n.message(userSession.locale(), PROPERTY_PREFIX + permissionKey + DESCRIPTION_SUFFIX, "");
}
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java
index 1e9dcbc7e78..0dc5dbde560 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java
@@ -25,9 +25,7 @@ import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.Paging;
-import org.sonar.api.web.UserRole;
import org.sonar.core.permission.ComponentPermissions;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.ComponentDto;
@@ -37,6 +35,9 @@ import org.sonarqube.ws.Permissions.Permission;
import org.sonarqube.ws.Permissions.SearchProjectPermissionsResponse;
import org.sonarqube.ws.Permissions.SearchProjectPermissionsResponse.Project;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentKey;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentUuid;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PROJECT_KEY;
import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PROJECT_UUID;
import static org.sonar.server.permission.ws.PermissionWsCommons.createProjectKeyParameter;
@@ -92,29 +93,21 @@ public class SearchProjectPermissionsAction implements PermissionsWsAction {
private void checkRequestAndPermissions(Request wsRequest) {
String projectUuid = wsRequest.param(PARAM_PROJECT_UUID);
String projectKey = wsRequest.param(PARAM_PROJECT_KEY);
- boolean isProjectUuidNonNull = projectUuid != null;
- boolean isProjectKeyNonNull = projectKey != null;
+ boolean hasProjectUuid = projectUuid != null;
+ boolean hasProjectKey = projectKey != null;
- if (isProjectUuidNonNull || isProjectKeyNonNull) {
+ if (hasProjectUuid || hasProjectKey) {
checkRequest(projectUuid != null ^ projectKey != null, "Project id or project key can be provided, not both.");
}
- userSession.checkLoggedIn();
- if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) {
+ if (hasProjectUuid) {
+ checkProjectAdminUserByComponentUuid(userSession, projectUuid);
return;
+ } else if (hasProjectKey) {
+ checkProjectAdminUserByComponentKey(userSession, projectKey);
+ } else {
+ checkGlobalAdminUser(userSession);
}
-
- if (isProjectUuidNonNull) {
- userSession.checkProjectUuidPermission(UserRole.ADMIN, projectUuid);
- return;
- }
-
- if (isProjectKeyNonNull) {
- userSession.checkProjectPermission(UserRole.ADMIN, projectKey);
- return;
- }
-
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
}
private SearchProjectPermissionsResponse buildReponse(SearchProjectPermissionsData data) {
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java
index 3160673efea..6c7c9e6343c 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java
@@ -33,10 +33,12 @@ import org.sonar.db.permission.PermissionQuery;
import org.sonar.server.permission.PermissionFinder;
import org.sonar.server.permission.UserWithPermissionQueryResult;
import org.sonar.server.permission.ws.PermissionRequest.Builder;
+import org.sonar.server.user.UserSession;
import org.sonarqube.ws.Common;
import org.sonarqube.ws.Permissions.UsersResponse;
import static com.google.common.base.Objects.firstNonNull;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentDto;
import static org.sonar.server.permission.PermissionQueryParser.toMembership;
import static org.sonar.server.permission.ws.PermissionWsCommons.createPermissionParameter;
import static org.sonar.server.permission.ws.PermissionWsCommons.createProjectKeyParameter;
@@ -45,10 +47,12 @@ import static org.sonar.server.ws.WsUtils.writeProtobuf;
public class UsersAction implements PermissionsWsAction {
+ private final UserSession userSession;
private final PermissionFinder permissionFinder;
private final PermissionWsCommons permissionWsCommons;
- public UsersAction(PermissionFinder permissionFinder, PermissionWsCommons permissionWsCommons) {
+ public UsersAction(UserSession userSession, PermissionFinder permissionFinder, PermissionWsCommons permissionWsCommons) {
+ this.userSession = userSession;
this.permissionWsCommons = permissionWsCommons;
this.permissionFinder = permissionFinder;
}
@@ -78,7 +82,7 @@ public class UsersAction implements PermissionsWsAction {
public void handle(Request wsRequest, Response wsResponse) throws Exception {
PermissionRequest request = new Builder(wsRequest).withPagination().build();
Optional<ComponentDto> project = permissionWsCommons.searchProject(request);
- permissionWsCommons.checkPermissions(project);
+ checkProjectAdminUserByComponentDto(userSession, project);
PermissionQuery permissionQuery = buildPermissionQuery(request, project);
UsersResponse usersResponse = usersResponse(permissionQuery, request.page(), request.pageSize());
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java
index 309b5eeccab..82065861b1d 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java
@@ -74,7 +74,7 @@ public class AddGroupActionTest {
permissionChangeCaptor = ArgumentCaptor.forClass(PermissionChange.class);
dbClient = db.getDbClient();
ws = new WsTester(new PermissionsWs(
- new AddGroupAction(dbClient, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient), userSession), permissionUpdater)));
+ new AddGroupAction(dbClient, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient)), permissionUpdater)));
userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN);
}
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
index bf6d9c276a3..a4762d2e4e3 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
@@ -74,7 +74,7 @@ public class AddUserActionTest {
dbClient = db.getDbClient();
dbSession = db.getSession();
ws = new WsTester(new PermissionsWs(
- new AddUserAction(dbClient, permissionUpdater, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient), userSession))));
+ new AddUserAction(dbClient, permissionUpdater, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient)))));
userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN);
}
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java
index 109d0ae7aa1..a88637df149 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java
@@ -77,8 +77,8 @@ public class GroupsActionTest {
dbClient = db.getDbClient();
dbSession = db.getSession();
PermissionFinder permissionFinder = new PermissionFinder(dbClient);
- PermissionWsCommons permissionWsCommons = new PermissionWsCommons(dbClient, new ComponentFinder(dbClient), userSession);
- underTest = new GroupsAction(permissionFinder, permissionWsCommons);
+ PermissionWsCommons permissionWsCommons = new PermissionWsCommons(dbClient, new ComponentFinder(dbClient));
+ underTest = new GroupsAction(userSession, permissionFinder, permissionWsCommons);
ws = new WsActionTester(underTest);
userSession.login("login").setGlobalPermissions(SYSTEM_ADMIN);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java
index 6cb7c12e87e..d86bd67dbe3 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java
@@ -71,7 +71,7 @@ public class RemoveGroupActionTest {
public void setUp() {
permissionUpdater = mock(PermissionUpdater.class);
ws = new WsTester(new PermissionsWs(
- new RemoveGroupAction(db.getDbClient(), new PermissionWsCommons(db.getDbClient(), new ComponentFinder(db.getDbClient()), userSession), permissionUpdater)));
+ new RemoveGroupAction(db.getDbClient(), new PermissionWsCommons(db.getDbClient(), new ComponentFinder(db.getDbClient())), permissionUpdater)));
userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN);
}
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java
index b6aa25aba68..bc83885df8b 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java
@@ -74,7 +74,7 @@ public class RemoveUserActionTest {
dbClient = db.getDbClient();
dbSession = db.getSession();
ws = new WsTester(new PermissionsWs(
- new RemoveUserAction(dbClient, permissionUpdater, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient), userSession))));
+ new RemoveUserAction(dbClient, permissionUpdater, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient)))));
userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN);
}
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java
index d57814cd2e7..7935ba01460 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java
@@ -72,8 +72,8 @@ public class UsersActionTest {
@Before
public void setUp() {
PermissionFinder permissionFinder = new PermissionFinder(dbClient);
- PermissionWsCommons permissionWsCommons = new PermissionWsCommons(dbClient, new ComponentFinder(dbClient), userSession);
- underTest = new UsersAction(permissionFinder, permissionWsCommons);
+ PermissionWsCommons permissionWsCommons = new PermissionWsCommons(dbClient, new ComponentFinder(dbClient));
+ underTest = new UsersAction(userSession, permissionFinder, permissionWsCommons);
ws = new WsActionTester(underTest);
userSession.login("login").setGlobalPermissions(SYSTEM_ADMIN);
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-15 06:37:29 +0000