aboutsummaryrefslogtreecommitdiffstats
path: root/server/sonar-server-common/src
diff options
context:
space:
mode:
authorJulien Lancelot <julien.lancelot@sonarsource.com>2018-07-04 16:39:57 +0200
committerSonarTech <sonartech@sonarsource.com>2018-07-11 20:21:21 +0200
commit884cd785c870a40d804f445e27be5528a2940514 (patch)
tree062a6a9d619a5963cfa90f0d2ecb8c9a8472383c /server/sonar-server-common/src
parentf675d5865684706e6943bf74bdb96a7e1b7e1549 (diff)
downloadsonarqube-884cd785c870a40d804f445e27be5528a2940514.tar.gz
sonarqube-884cd785c870a40d804f445e27be5528a2940514.zip
SONAR-10945 Prevent access qgates and rules to none members of paid organization
* Add membership check for paid organization in api/qualitygates ws * Add membership check for paid organization in api/rules ws * Move membership check in UserSession * Use UserSession#checkMemebership in QGates and Rules ws
Diffstat (limited to 'server/sonar-server-common/src')
-rw-r--r--server/sonar-server-common/src/main/java/org/sonar/server/user/BaseUserSession.java7
-rw-r--r--server/sonar-server-common/src/main/java/org/sonar/server/user/UserSession.java16
-rw-r--r--server/sonar-server-common/src/test/java/org/sonar/server/user/LightUserSessionRule.java10
3 files changed, 33 insertions, 0 deletions
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/user/BaseUserSession.java b/server/sonar-server-common/src/main/java/org/sonar/server/user/BaseUserSession.java
index 913f285ded4..51c591cd62f 100644
--- a/server/sonar-server-common/src/main/java/org/sonar/server/user/BaseUserSession.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/user/BaseUserSession.java
@@ -69,6 +69,13 @@ public abstract class BaseUserSession implements UserSession {
protected abstract boolean hasProjectUuidPermission(String permission, String projectUuid);
@Override
+ public final boolean hasMembership(OrganizationDto organization) {
+ return isRoot() || hasMembershipImpl(organization);
+ }
+
+ protected abstract boolean hasMembershipImpl(OrganizationDto organization);
+
+ @Override
public final List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components) {
if (isRoot()) {
return new ArrayList<>(components);
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server-common/src/main/java/org/sonar/server/user/UserSession.java
index 4eca7b6b46c..645254afcf3 100644
--- a/server/sonar-server-common/src/main/java/org/sonar/server/user/UserSession.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/user/UserSession.java
@@ -173,4 +173,20 @@ public interface UserSession {
*/
UserSession checkIsSystemAdministrator();
+ /**
+ * Returns {@code true} if the user is member of the organization, otherwise {@code false}.
+ *
+ * If the organization does not exist, then returns {@code false}.
+ *
+ * Always returns {@code true} if {@link #isRoot()} is {@code true}, even if
+ * organization does not exist.
+ */
+ boolean hasMembership(OrganizationDto organization);
+
+ /**
+ * Ensures that {@link #hasMembership(OrganizationDto)} is {@code true},
+ * otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
+ */
+ UserSession checkMembership(OrganizationDto organization);
+
}
diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/user/LightUserSessionRule.java b/server/sonar-server-common/src/test/java/org/sonar/server/user/LightUserSessionRule.java
index 0c39a08164e..640dcb9aa91 100644
--- a/server/sonar-server-common/src/test/java/org/sonar/server/user/LightUserSessionRule.java
+++ b/server/sonar-server-common/src/test/java/org/sonar/server/user/LightUserSessionRule.java
@@ -146,6 +146,11 @@ public class LightUserSessionRule extends BaseUserSession implements TestRule {
}
@Override
+ protected boolean hasMembershipImpl(OrganizationDto organization) {
+ throw new UnsupportedOperationException("hasMembershipImpl not implemented");
+ }
+
+ @Override
protected Optional<String> componentUuidToProjectUuid(String componentUuid) {
return Optional.ofNullable(projectUuidByComponentUuid.get(componentUuid));
}
@@ -233,4 +238,9 @@ public class LightUserSessionRule extends BaseUserSession implements TestRule {
public UserSession checkIsSystemAdministrator() {
throw new UnsupportedOperationException("checkIsSystemAdministrator not implemented");
}
+
+ @Override
+ public UserSession checkMembership(OrganizationDto organization) {
+ throw new UnsupportedOperationException("checkMembership not implemented");
+ }
}