diff options
| author | Teryk Bellahsene <teryk.bellahsene@sonarsource.com> | 2016-11-15 11:09:31 +0100 |
|---|---|---|
| committer | Teryk Bellahsene <teryk.bellahsene@sonarsource.com> | 2016-11-15 17:09:08 +0100 |
| commit | a78be959b529f2aa9d222bae67075d5acd33e6c8 (patch) | |
| tree | 409cbe918f6f6dce071f1996c7293a4603e94e45 | |
| parent | 8e1e2e1e2e5b346062e87b7b8401baece8f379a4 (diff) | |
| download | sonarqube-a78be959b529f2aa9d222bae67075d5acd33e6c8.tar.gz sonarqube-a78be959b529f2aa9d222bae67075d5acd33e6c8.zip | |
SONAR-8342 SONAR-8343 SONAR-8344 Make permission template WS require system administer permission
18 files changed, 59 insertions, 66 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java index 8e4b25cbded..db8c4a6fd31 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java @@ -22,18 +22,19 @@ package org.sonar.server.permission; import java.util.Optional; import javax.annotation.Nullable; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.user.UserSession; +import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; + public class PermissionPrivilegeChecker { private PermissionPrivilegeChecker() { // static methods only } - public static void checkGlobalAdminUser(UserSession userSession) { + public static void checkGlobalAdmin(UserSession userSession, String organizationUuid) { userSession .checkLoggedIn() - .checkPermission(GlobalPermissions.SYSTEM_ADMIN); + .checkOrganizationPermission(organizationUuid, SYSTEM_ADMIN); } /** @@ -43,7 +44,7 @@ public class PermissionPrivilegeChecker { public static void checkProjectAdminUserByComponentKey(UserSession userSession, @Nullable String componentKey) { userSession.checkLoggedIn(); if (componentKey == null || !userSession.hasComponentPermission(UserRole.ADMIN, componentKey)) { - userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(SYSTEM_ADMIN); } } @@ -55,7 +56,7 @@ public class PermissionPrivilegeChecker { public static void checkProjectAdmin(UserSession userSession, String organizationUuid, Optional<ProjectId> projectId) { userSession.checkLoggedIn(); if (!projectId.isPresent() || !userSession.hasComponentUuidPermission(UserRole.ADMIN, projectId.get().getUuid())) { - userSession.checkOrganizationPermission(organizationUuid, GlobalPermissions.SYSTEM_ADMIN); + userSession.checkOrganizationPermission(organizationUuid, SYSTEM_ADMIN); } } @@ -69,7 +70,7 @@ public class PermissionPrivilegeChecker { public static void checkProjectAdmin(UserSession userSession, Optional<ProjectId> projectId) { userSession.checkLoggedIn(); if (!projectId.isPresent() || !userSession.hasComponentUuidPermission(UserRole.ADMIN, projectId.get().getUuid())) { - userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(SYSTEM_ADMIN); } } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java index 16acc33ee20..3950dd43868 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java @@ -20,7 +20,6 @@ package org.sonar.server.permission.ws; import java.util.Locale; -import java.util.Optional; import org.sonar.api.i18n.I18n; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; @@ -34,7 +33,7 @@ import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsPermissions.Permission; import org.sonarqube.ws.WsPermissions.WsSearchGlobalPermissionsResponse; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.WsPermissions.Permission.newBuilder; @@ -74,7 +73,7 @@ public class SearchGlobalPermissionsAction implements PermissionsWsAction { public void handle(Request wsRequest, Response wsResponse) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto org = support.findOrganization(dbSession, wsRequest.param(PARAM_ORGANIZATION_KEY)); - checkProjectAdmin(userSession, org.getUuid(), Optional.empty()); + checkGlobalAdmin(userSession, org.getUuid()); WsSearchGlobalPermissionsResponse response = buildResponse(dbSession, org); writeProtobuf(response, wsRequest, wsResponse); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java index 4466ba4a7a8..0da23f6befb 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java @@ -19,7 +19,6 @@ */ package org.sonar.server.permission.ws.template; -import java.util.Optional; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -33,7 +32,7 @@ import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static java.lang.String.format; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; @@ -79,7 +78,7 @@ public class AddGroupToTemplateAction implements PermissionsWsAction { format("It is not possible to add the '%s' permission to the group 'Anyone'.", permission)); PermissionTemplateDto template = support.findTemplate(dbSession, fromRequest(request)); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty()); + checkGlobalAdmin(userSession, template.getOrganizationUuid()); if (!groupAlreadyAdded(dbSession, template.getId(), permission, groupId)) { dbClient.permissionTemplateDao().insertGroupPermission(dbSession, template.getId(), groupId.getId(), permission); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java index 05e7de5c0ad..642793ca3b8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java @@ -34,7 +34,7 @@ import org.sonar.server.permission.ws.PermissionsWsAction; import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.permission.AddProjectCreatorToTemplateWsRequest; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; @@ -79,7 +79,7 @@ public class AddProjectCreatorToTemplateAction implements PermissionsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef( request.getTemplateId(), request.getOrganization(), request.getTemplateName())); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty()); + checkGlobalAdmin(userSession, template.getOrganizationUuid()); Optional<PermissionTemplateCharacteristicDto> templatePermission = dbClient.permissionTemplateCharacteristicDao() .selectByPermissionAndTemplateId(dbSession, request.getPermission(), template.getId()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java index 878b69ef404..b6a36e1bfd6 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java @@ -20,7 +20,6 @@ package org.sonar.server.permission.ws.template; import java.util.List; -import java.util.Optional; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -34,7 +33,7 @@ import org.sonar.server.permission.ws.PermissionsWsAction; import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.permission.AddUserToTemplateWsRequest; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createUserLoginParameter; @@ -84,7 +83,7 @@ public class AddUserToTemplateAction implements PermissionsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { PermissionTemplateDto template = wsSupport.findTemplate(dbSession, newTemplateRef( request.getTemplateId(), request.getOrganization(), request.getTemplateName())); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty()); + checkGlobalAdmin(userSession, template.getOrganizationUuid()); UserId user = wsSupport.findUser(dbSession, userLogin); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java index 9018b0f6f69..3fddb19e16f 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java @@ -20,7 +20,6 @@ package org.sonar.server.permission.ws.template; import java.util.Collections; -import java.util.Optional; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -29,13 +28,12 @@ import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.PermissionTemplateService; -import org.sonar.server.permission.ProjectId; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.permission.ApplyTemplateWsRequest; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.permission.ws.ProjectWsRef.newWsProjectRef; @@ -62,10 +60,13 @@ public class ApplyTemplateAction implements PermissionsWsAction { @Override public void define(WebService.NewController context) { WebService.NewAction action = context.createAction("apply_template") - .setDescription("Apply a permission template to one project.<br />" + - "The project id or project key must be provided.<br />" + - "The template id or name must be provided.<br />" + - "It requires administration permissions to access.") + .setDescription("Apply a permission template to one project.<br>" + + "The project id or project key must be provided.<br>" + + "The template id or name must be provided.<br>" + + "Requires the following permission:" + + "<ul>" + + " <li>'Administer System'</li>" + + "</ul>") .setPost(true) .setSince("5.2") .setHandler(this); @@ -86,8 +87,7 @@ public class ApplyTemplateAction implements PermissionsWsAction { request.getTemplateId(), request.getOrganization(), request.getTemplateName())); ComponentDto project = wsSupport.getRootComponentOrModule(dbSession, newWsProjectRef(request.getProjectId(), request.getProjectKey())); - ProjectId projectId = new ProjectId(project); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.of(projectId)); + checkGlobalAdmin(userSession, template.getOrganizationUuid()); permissionTemplateService.apply(dbSession, template, Collections.singletonList(project)); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/BulkApplyTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/BulkApplyTemplateAction.java index 8d384577535..f5cf6b0278d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/BulkApplyTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/BulkApplyTemplateAction.java @@ -22,7 +22,6 @@ package org.sonar.server.permission.ws.template; import com.google.common.collect.Collections2; import java.util.List; -import java.util.Optional; import javax.annotation.Nullable; import org.sonar.api.i18n.I18n; import org.sonar.api.resources.ResourceTypes; @@ -36,18 +35,17 @@ import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentQuery; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.PermissionTemplateService; -import org.sonar.server.permission.ProjectId; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.permission.BulkApplyTemplateWsRequest; import static org.sonar.server.component.ResourceTypeFunctions.RESOURCE_TYPE_TO_QUALIFIER; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef; -import static org.sonar.server.ws.WsParameterBuilder.QualifierParameterContext.newQualifierParameterContext; import static org.sonar.server.ws.WsParameterBuilder.createRootQualifierParameter; +import static org.sonar.server.ws.WsParameterBuilder.QualifierParameterContext.newQualifierParameterContext; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION_KEY; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_QUALIFIER; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; @@ -77,7 +75,10 @@ public class BulkApplyTemplateAction implements PermissionsWsAction { WebService.NewAction action = context.createAction("bulk_apply_template") .setDescription("Apply a permission template to several projects.<br />" + "The template id or name must be provided.<br />" + - "It requires administration permissions to access.") + "Requires the following permission:" + + "<ul>" + + " <li>'Administer System'</li>" + + "</ul>") .setPost(true) .setSince("5.5") .setHandler(this); @@ -108,10 +109,7 @@ public class BulkApplyTemplateAction implements PermissionsWsAction { .build(); List<ComponentDto> projects = dbClient.componentDao().selectByQuery(dbSession, componentQuery, 0, Integer.MAX_VALUE); - for (ComponentDto project : projects) { - ProjectId projectId = new ProjectId(project); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.of(projectId)); - } + checkGlobalAdmin(userSession, template.getOrganizationUuid()); permissionTemplateService.apply(dbSession, template, projects); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java index 854ba103c02..70005a438bd 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java @@ -20,7 +20,6 @@ package org.sonar.server.permission.ws.template; import java.util.Date; -import java.util.Optional; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -38,7 +37,7 @@ import org.sonarqube.ws.WsPermissions.PermissionTemplate; import org.sonarqube.ws.client.permission.CreateTemplateWsRequest; import static java.lang.String.format; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionRequestValidator.MSG_TEMPLATE_WITH_SAME_NAME; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPattern; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateTemplateNameFormat; @@ -95,7 +94,7 @@ public class CreateTemplateAction implements PermissionsWsAction { private CreateTemplateWsResponse doHandle(CreateTemplateWsRequest request) { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto org = wsSupport.findOrganization(dbSession, request.getOrganizationKey()); - checkProjectAdmin(userSession, org.getUuid(), Optional.empty()); + checkGlobalAdmin(userSession, org.getUuid()); validateTemplateNameForCreation(dbSession, org, request.getName()); validateProjectPattern(request.getProjectKeyPattern()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/DeleteTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/DeleteTemplateAction.java index 144109f4dfe..4d99118bd1a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/DeleteTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/DeleteTemplateAction.java @@ -19,7 +19,6 @@ */ package org.sonar.server.permission.ws.template; -import java.util.Optional; import java.util.Set; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; @@ -32,7 +31,7 @@ import org.sonar.server.permission.ws.PermissionsWsAction; import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.permission.DeleteTemplateWsRequest; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef; import static org.sonar.server.ws.WsUtils.checkRequest; @@ -75,7 +74,7 @@ public class DeleteTemplateAction implements PermissionsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { PermissionTemplateDto template = finder.findTemplate(dbSession, newTemplateRef( request.getTemplateId(), request.getOrganization(), request.getTemplateName())); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty()); + checkGlobalAdmin(userSession, template.getOrganizationUuid()); checkTemplateUuidIsNotDefault(template.getUuid()); dbClient.permissionTemplateDao().deleteById(dbSession, template.getId()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java index 4104b40b2bc..c9548101c40 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java @@ -19,7 +19,6 @@ */ package org.sonar.server.permission.ws.template; -import java.util.Optional; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -32,7 +31,7 @@ import org.sonar.server.user.UserSession; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static com.google.common.base.Preconditions.checkArgument; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; @@ -72,7 +71,7 @@ public class RemoveGroupFromTemplateAction implements PermissionsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { String permission = request.mandatoryParam(PARAM_PERMISSION); PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.fromRequest(request)); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty()); + checkGlobalAdmin(userSession, template.getOrganizationUuid()); GroupIdOrAnyone groupId = wsSupport.findGroup(dbSession, request); checkArgument(groupId.getOrganizationUuid().equals(template.getOrganizationUuid()), "Group and template are on different organizations"); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java index 3d9cbec8537..e73a3f26fe7 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java @@ -35,7 +35,7 @@ import org.sonar.server.permission.ws.PermissionsWsAction; import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.permission.RemoveProjectCreatorFromTemplateWsRequest; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; @@ -80,7 +80,7 @@ public class RemoveProjectCreatorFromTemplateAction implements PermissionsWsActi try (DbSession dbSession = dbClient.openSession(false)) { PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef( request.getTemplateId(), request.getOrganization(), request.getTemplateName())); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty()); + checkGlobalAdmin(userSession, template.getOrganizationUuid()); PermissionTemplateCharacteristicDao dao = dbClient.permissionTemplateCharacteristicDao(); Optional<PermissionTemplateCharacteristicDto> templatePermission = dao.selectByPermissionAndTemplateId(dbSession, request.getPermission(), template.getId()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java index e1d56feedc1..ba373ebdabf 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java @@ -19,7 +19,6 @@ */ package org.sonar.server.permission.ws.template; -import java.util.Optional; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -32,7 +31,7 @@ import org.sonar.server.permission.ws.PermissionsWsAction; import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.permission.RemoveUserFromTemplateWsRequest; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; @@ -83,7 +82,7 @@ public class RemoveUserFromTemplateAction implements PermissionsWsAction { validateProjectPermission(permission); PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef( request.getTemplateId(), request.getOrganization(), request.getTemplateName())); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty()); + checkGlobalAdmin(userSession, template.getOrganizationUuid()); UserId user = wsSupport.findUser(dbSession, userLogin); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java index 553a1494762..adb3453cbfa 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java @@ -41,6 +41,7 @@ import org.sonarqube.ws.WsPermissions.SearchTemplatesWsResponse.TemplateIdQualif import org.sonarqube.ws.client.permission.SearchTemplatesWsRequest; import static org.sonar.api.utils.DateUtils.formatDateTime; +import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.core.util.Protobuf.setNullable; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -68,7 +69,10 @@ public class SearchTemplatesAction implements PermissionsWsAction { public void define(WebService.NewController context) { WebService.NewAction action = context.createAction("search_templates") .setDescription("List permission templates.<br />" + - "It requires to be authenticated.") + "Requires the following permission:" + + "<ul>" + + " <li>'Administer System'</li>" + + "</ul>") .setResponseExample(getClass().getResource("search_templates-example.json")) .setSince("5.2") .addSearchQuery("defau", "permission template names") @@ -79,13 +83,12 @@ public class SearchTemplatesAction implements PermissionsWsAction { @Override public void handle(Request wsRequest, Response wsResponse) throws Exception { - userSession.checkLoggedIn(); - try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto org = support.findOrganization(dbSession, wsRequest.param(PARAM_ORGANIZATION_KEY)); SearchTemplatesWsRequest request = new SearchTemplatesWsRequest() .setOrganizationUuid(org.getUuid()) .setQuery(wsRequest.param(Param.TEXT_QUERY)); + userSession.checkLoggedIn().checkOrganizationPermission(request.getOrganizationUuid(), SYSTEM_ADMIN); SearchTemplatesWsResponse searchTemplatesWsResponse = buildResponse(dataLoader.load(dbSession, request)); writeProtobuf(searchTemplatesWsResponse, wsRequest, wsResponse); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SetDefaultTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SetDefaultTemplateAction.java index 824a0a6ae7e..d6c0bf8b45c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SetDefaultTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SetDefaultTemplateAction.java @@ -19,7 +19,6 @@ */ package org.sonar.server.permission.ws.template; -import java.util.Optional; import org.sonar.api.i18n.I18n; import org.sonar.api.resources.Qualifiers; import org.sonar.api.resources.ResourceTypes; @@ -36,7 +35,7 @@ import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.permission.SetDefaultTemplateWsRequest; import static org.sonar.server.permission.DefaultPermissionTemplates.defaultRootQualifierTemplateProperty; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateQualifier; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef; @@ -89,7 +88,7 @@ public class SetDefaultTemplateAction implements PermissionsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { String qualifier = request.getQualifier(); PermissionTemplateDto template = findTemplate(dbSession, request); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty()); + checkGlobalAdmin(userSession, template.getOrganizationUuid()); validateQualifier(qualifier, resourceTypes); setDefaultTemplateUuid(dbSession, template.getUuid(), qualifier); dbSession.commit(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java index 426de4de3c6..0f3b354b909 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java @@ -23,7 +23,6 @@ import com.google.common.collect.Multimap; import com.google.common.collect.Ordering; import com.google.common.collect.TreeMultimap; import java.util.List; -import java.util.Optional; import java.util.stream.Collectors; import org.sonar.api.security.DefaultGroups; import org.sonar.api.server.ws.Request; @@ -48,7 +47,7 @@ import static org.sonar.core.util.Protobuf.setNullable; import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; @@ -92,7 +91,7 @@ public class TemplateGroupsAction implements PermissionsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { WsTemplateRef templateRef = WsTemplateRef.fromRequest(wsRequest); PermissionTemplateDto template = support.findTemplate(dbSession, templateRef); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty()); + checkGlobalAdmin(userSession, template.getOrganizationUuid()); PermissionQuery query = buildPermissionQuery(wsRequest); int total = dbClient.permissionTemplateDao().countGroupNamesByQueryAndTemplate(dbSession, query, template.getId()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java index 864dd94eae6..0d4fd48e8d7 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java @@ -23,7 +23,6 @@ import com.google.common.collect.Multimap; import com.google.common.collect.Ordering; import com.google.common.collect.TreeMultimap; import java.util.List; -import java.util.Optional; import java.util.stream.Collectors; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; @@ -49,7 +48,7 @@ import static org.sonar.core.util.Protobuf.setNullable; import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; @@ -94,7 +93,7 @@ public class TemplateUsersAction implements PermissionsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { WsTemplateRef templateRef = WsTemplateRef.fromRequest(wsRequest); PermissionTemplateDto template = support.findTemplate(dbSession, templateRef); - checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty()); + checkGlobalAdmin(userSession, template.getOrganizationUuid()); PermissionQuery query = buildQuery(wsRequest, template); int total = dbClient.permissionTemplateDao().countUserLoginsByQueryAndTemplate(dbSession, query, template.getId()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/UpdateTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/UpdateTemplateAction.java index 229e043b4b9..f2691406dc7 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/UpdateTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/UpdateTemplateAction.java @@ -20,7 +20,6 @@ package org.sonar.server.permission.ws.template; import java.util.Date; -import java.util.Optional; import javax.annotation.Nullable; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; @@ -38,7 +37,7 @@ import org.sonarqube.ws.client.permission.UpdateTemplateWsRequest; import static com.google.common.base.MoreObjects.firstNonNull; import static java.lang.String.format; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.PermissionRequestValidator.MSG_TEMPLATE_WITH_SAME_NAME; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPattern; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateTemplateNameFormat; @@ -100,7 +99,7 @@ public class UpdateTemplateAction implements PermissionsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { PermissionTemplateDto templateToUpdate = getAndBuildTemplateToUpdate(dbSession, uuid, nameParam, descriptionParam, projectPatternParam); - checkProjectAdmin(userSession, templateToUpdate.getOrganizationUuid(), Optional.empty()); + checkGlobalAdmin(userSession, templateToUpdate.getOrganizationUuid()); validateTemplate(dbSession, templateToUpdate); PermissionTemplateDto updatedTemplate = updateTemplate(dbSession, templateToUpdate); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java index 4434d2c8d1c..770fe514f3f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java @@ -43,6 +43,7 @@ import org.sonarqube.ws.WsPermissions; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY; +import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01; import static org.sonar.core.util.Uuids.UUID_EXAMPLE_02; import static org.sonar.core.util.Uuids.UUID_EXAMPLE_03; @@ -74,7 +75,7 @@ public class SearchTemplatesActionTest extends BasePermissionWsTest<SearchTempla @Before public void setUp() { i18n.setProjectPermissions(); - userSession.login(); + userSession.login().addOrganizationPermission(db.getDefaultOrganization().getUuid(), SYSTEM_ADMIN); } @Test @@ -146,8 +147,9 @@ public class SearchTemplatesActionTest extends BasePermissionWsTest<SearchTempla public void search_in_organization() throws Exception { OrganizationDto org = db.organizations().insert(); PermissionTemplateDto templateInOrg = insertProjectTemplate(org); - PermissionTemplateDto templateInDefaultOrg = insertProjectTemplateOnDefaultOrganization(); + insertProjectTemplateOnDefaultOrganization(); db.commit(); + userSession.addOrganizationPermission(org.getUuid(), SYSTEM_ADMIN); WsPermissions.SearchTemplatesWsResponse result = WsPermissions.SearchTemplatesWsResponse.parseFrom(newRequest() .setParam("organization", org.getKey()) |