diff options
author | Julien Lancelot <julien.lancelot@sonarsource.com> | 2018-07-04 16:39:57 +0200 |
---|---|---|
committer | SonarTech <sonartech@sonarsource.com> | 2018-07-11 20:21:21 +0200 |
commit | 884cd785c870a40d804f445e27be5528a2940514 (patch) | |
tree | 062a6a9d619a5963cfa90f0d2ecb8c9a8472383c /server/sonar-server-common/src | |
parent | f675d5865684706e6943bf74bdb96a7e1b7e1549 (diff) | |
download | sonarqube-884cd785c870a40d804f445e27be5528a2940514.tar.gz sonarqube-884cd785c870a40d804f445e27be5528a2940514.zip |
SONAR-10945 Prevent access qgates and rules to none members of paid organization
* Add membership check for paid organization in api/qualitygates ws
* Add membership check for paid organization in api/rules ws
* Move membership check in UserSession
* Use UserSession#checkMemebership in QGates and Rules ws
Diffstat (limited to 'server/sonar-server-common/src')
3 files changed, 33 insertions, 0 deletions
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/user/BaseUserSession.java b/server/sonar-server-common/src/main/java/org/sonar/server/user/BaseUserSession.java index 913f285ded4..51c591cd62f 100644 --- a/server/sonar-server-common/src/main/java/org/sonar/server/user/BaseUserSession.java +++ b/server/sonar-server-common/src/main/java/org/sonar/server/user/BaseUserSession.java @@ -69,6 +69,13 @@ public abstract class BaseUserSession implements UserSession { protected abstract boolean hasProjectUuidPermission(String permission, String projectUuid); @Override + public final boolean hasMembership(OrganizationDto organization) { + return isRoot() || hasMembershipImpl(organization); + } + + protected abstract boolean hasMembershipImpl(OrganizationDto organization); + + @Override public final List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components) { if (isRoot()) { return new ArrayList<>(components); diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server-common/src/main/java/org/sonar/server/user/UserSession.java index 4eca7b6b46c..645254afcf3 100644 --- a/server/sonar-server-common/src/main/java/org/sonar/server/user/UserSession.java +++ b/server/sonar-server-common/src/main/java/org/sonar/server/user/UserSession.java @@ -173,4 +173,20 @@ public interface UserSession { */ UserSession checkIsSystemAdministrator(); + /** + * Returns {@code true} if the user is member of the organization, otherwise {@code false}. + * + * If the organization does not exist, then returns {@code false}. + * + * Always returns {@code true} if {@link #isRoot()} is {@code true}, even if + * organization does not exist. + */ + boolean hasMembership(OrganizationDto organization); + + /** + * Ensures that {@link #hasMembership(OrganizationDto)} is {@code true}, + * otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. + */ + UserSession checkMembership(OrganizationDto organization); + } diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/user/LightUserSessionRule.java b/server/sonar-server-common/src/test/java/org/sonar/server/user/LightUserSessionRule.java index 0c39a08164e..640dcb9aa91 100644 --- a/server/sonar-server-common/src/test/java/org/sonar/server/user/LightUserSessionRule.java +++ b/server/sonar-server-common/src/test/java/org/sonar/server/user/LightUserSessionRule.java @@ -146,6 +146,11 @@ public class LightUserSessionRule extends BaseUserSession implements TestRule { } @Override + protected boolean hasMembershipImpl(OrganizationDto organization) { + throw new UnsupportedOperationException("hasMembershipImpl not implemented"); + } + + @Override protected Optional<String> componentUuidToProjectUuid(String componentUuid) { return Optional.ofNullable(projectUuidByComponentUuid.get(componentUuid)); } @@ -233,4 +238,9 @@ public class LightUserSessionRule extends BaseUserSession implements TestRule { public UserSession checkIsSystemAdministrator() { throw new UnsupportedOperationException("checkIsSystemAdministrator not implemented"); } + + @Override + public UserSession checkMembership(OrganizationDto organization) { + throw new UnsupportedOperationException("checkMembership not implemented"); + } } |