SONARCLOUD-213 clarify "scan" in org vs project permissions

author: Simon Brandhof <simon.brandhof@sonarsource.com> 2018-11-29 22:02:19 +0100
committer: SonarTech <sonartech@sonarsource.com> 2018-12-12 20:21:02 +0100
commit: cf489b9db95939a21c84f3eb133b57ac52acfce7 (patch)
tree: 88f60b1a707b801cc95a8b1db62419163757389b /server/sonar-server/src
parent: 86cd2f36c84cdf32b64765583af59c4bd6569884 (diff)
download: sonarqube-cf489b9db95939a21c84f3eb133b57ac52acfce7.tar.gz
sonarqube-cf489b9db95939a21c84f3eb133b57ac52acfce7.zip
9 files changed, 17 insertions, 19 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java
index cdd7ec30ba1..eae87909f2a 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java
@@ -32,6 +32,7 @@ import javax.annotation.Nullable;
 import org.sonar.api.resources.Qualifiers;
 import org.sonar.api.resources.Scopes;
 import org.sonar.api.server.ServerSide;
+import org.sonar.api.web.UserRole;
 import org.sonar.core.util.stream.MoreCollectors;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
@@ -48,7 +49,6 @@ import org.sonar.server.user.UserSession;
 import static com.google.common.collect.Lists.newArrayList;
 import static com.google.common.collect.Maps.newHashMap;
 import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.core.util.stream.MoreCollectors.index;
 import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
 import static org.sonar.server.ws.WsUtils.checkRequest;
@@ -74,7 +74,7 @@ public class ProjectDataLoader {
       String pullRequest = query.getPullRequest();
       ComponentDto mainModule = componentFinder.getByKey(session, moduleKey);
       checkRequest(isProjectOrModule(mainModule), "Key '%s' belongs to a component which is not a Project", moduleKey);
-      boolean hasScanPerm = userSession.hasComponentPermission(SCAN_EXECUTION, mainModule) ||
+      boolean hasScanPerm = userSession.hasComponentPermission(UserRole.SCAN, mainModule) ||
         userSession.hasPermission(OrganizationPermission.SCAN, mainModule.getOrganizationUuid());
       boolean hasBrowsePerm = userSession.hasComponentPermission(USER, mainModule);
       checkPermission(query.isIssuesMode(), hasScanPerm, hasBrowsePerm);
diff --git a/server/sonar-server/src/main/java/org/sonar/server/branch/pr/ws/ListAction.java b/server/sonar-server/src/main/java/org/sonar/server/branch/pr/ws/ListAction.java
index a1ccc974a37..bb97f476b7b 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/branch/pr/ws/ListAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/branch/pr/ws/ListAction.java
@@ -28,6 +28,7 @@ import javax.annotation.Nullable;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.component.BranchDto;
@@ -50,7 +51,6 @@ import static org.sonar.api.measures.CoreMetrics.ALERT_STATUS_KEY;
 import static org.sonar.api.resources.Qualifiers.PROJECT;
 import static org.sonar.api.utils.DateUtils.formatDateTime;
 import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.core.util.Protobuf.setNullable;
 import static org.sonar.core.util.stream.MoreCollectors.toList;
 import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
@@ -125,7 +125,7 @@ public class ListAction implements PullRequestWsAction {
 
   private void checkPermission(ComponentDto component) {
     if (userSession.hasComponentPermission(USER, component) ||
-      userSession.hasComponentPermission(SCAN_EXECUTION, component) ||
+      userSession.hasComponentPermission(UserRole.SCAN, component) ||
       userSession.hasPermission(OrganizationPermission.SCAN, component.getOrganizationUuid())) {
       return;
     }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/branch/ws/ListAction.java b/server/sonar-server/src/main/java/org/sonar/server/branch/ws/ListAction.java
index 640e3899712..af8ad5d2f75 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/branch/ws/ListAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/branch/ws/ListAction.java
@@ -33,6 +33,7 @@ import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.component.BranchDto;
@@ -55,7 +56,6 @@ import static org.sonar.api.resources.Qualifiers.APP;
 import static org.sonar.api.resources.Qualifiers.PROJECT;
 import static org.sonar.api.utils.DateUtils.formatDateTime;
 import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.core.util.Protobuf.setNullable;
 import static org.sonar.core.util.stream.MoreCollectors.toList;
 import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
@@ -175,7 +175,7 @@ public class ListAction implements BranchWsAction {
 
   private void checkPermission(ComponentDto component) {
     if (!userSession.hasComponentPermission(USER, component) &&
-      !userSession.hasComponentPermission(SCAN_EXECUTION, component) &&
+      !userSession.hasComponentPermission(UserRole.SCAN, component) &&
       !userSession.hasPermission(SCAN, component.getOrganizationUuid())) {
       throw insufficientPrivilegesException();
     }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/ce/queue/ReportSubmitter.java b/server/sonar-server/src/main/java/org/sonar/server/ce/queue/ReportSubmitter.java
index 382c0e85183..660a261abcd 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/ce/queue/ReportSubmitter.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/ce/queue/ReportSubmitter.java
@@ -28,6 +28,7 @@ import javax.annotation.Nullable;
 import org.sonar.api.resources.Qualifiers;
 import org.sonar.api.resources.Scopes;
 import org.sonar.api.server.ServerSide;
+import org.sonar.api.web.UserRole;
 import org.sonar.ce.queue.CeQueue;
 import org.sonar.ce.queue.CeTaskSubmit;
 import org.sonar.ce.task.CeTask;
@@ -48,7 +49,6 @@ import org.sonar.server.user.UserSession;
 import static com.google.common.base.Preconditions.checkArgument;
 import static java.lang.String.format;
 import static org.apache.commons.lang.StringUtils.defaultIfBlank;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.server.component.NewComponent.newComponentBuilder;
 import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
 
@@ -96,7 +96,7 @@ public class ReportSubmitter {
     // they don't have the direct permission on the project.
     // That means that dropping the permission on the project does not have any effects
     // if user has still the permission on the organization
-    if (!userSession.hasComponentPermission(SCAN_EXECUTION, project) &&
+    if (!userSession.hasComponentPermission(UserRole.SCAN, project) &&
       !userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid())) {
       throw insufficientPrivilegesException();
     }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java b/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java
index 6e7d7ae330d..ac4b2f917d7 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java
@@ -32,6 +32,7 @@ import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
 import org.sonar.core.util.Uuids;
 import org.sonar.core.util.stream.MoreCollectors;
 import org.sonar.db.DbClient;
@@ -45,7 +46,6 @@ import org.sonar.server.user.UserSession;
 import org.sonar.server.ws.WsUtils;
 import org.sonarqube.ws.Ce;
 
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;
 
@@ -126,7 +126,7 @@ public class TaskAction implements CeWsAction {
       String orgUuid = component.get().getOrganizationUuid();
       if (!userSession.hasPermission(OrganizationPermission.ADMINISTER, orgUuid) &&
         !userSession.hasPermission(OrganizationPermission.SCAN, orgUuid) &&
-        !userSession.hasComponentPermission(SCAN_EXECUTION, component.get())) {
+        !userSession.hasComponentPermission(UserRole.SCAN, component.get())) {
         throw insufficientPrivilegesException();
       }
 
diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationUpdater.java
index 6bb14d6fb72..47f55a3546d 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationUpdater.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationUpdater.java
@@ -24,7 +24,6 @@ import java.util.function.Consumer;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nullable;
 import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbSession;
 import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.user.UserDto;
@@ -60,7 +59,7 @@ public interface OrganizationUpdater {
    *       <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#ADMIN ADMIN}</li>
    *       <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#ISSUE_ADMIN ISSUE_ADMIN}</li>
    *       <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#SECURITYHOTSPOT_ADMIN SECURITYHOTSPOT_ADMIN}</li>
-   *       <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link GlobalPermissions#SCAN_EXECUTION SCAN_EXECUTION}</li>
+   *       <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#SCAN SCAN}</li>
    *       <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#USER USER}</li>
    *       <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#CODEVIEWER CODEVIEWER}</li>
    *     </ul>
@@ -105,7 +104,7 @@ public interface OrganizationUpdater {
    *       <li>project creator : {@link UserRole#ADMIN ADMIN}</li>
    *       <li>project creator : {@link UserRole#ISSUE_ADMIN ISSUE_ADMIN}</li>
    *       <li>project creator : {@link UserRole#SECURITYHOTSPOT_ADMIN SECURITYHOTSPOT_ADMIN}</li>
-   *       <li>project creator : {@link GlobalPermissions#SCAN_EXECUTION SCAN_EXECUTION}</li>
+   *       <li>project creator : {@link UserRole#SCAN SCAN}</li>
    *       <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#USER USER}</li>
    *       <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#CODEVIEWER CODEVIEWER}</li>
    *     </ul>
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionServiceImpl.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionServiceImpl.java
index 76c54faf52d..2bb4055ccf2 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionServiceImpl.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionServiceImpl.java
@@ -26,7 +26,6 @@ import javax.annotation.concurrent.Immutable;
 import org.sonar.api.resources.Qualifiers;
 import org.sonar.api.resources.ResourceTypes;
 import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.permission.OrganizationPermission;
 
 import static java.util.stream.Collectors.toList;
@@ -35,7 +34,7 @@ import static java.util.stream.Collectors.toList;
 public class PermissionServiceImpl implements PermissionService {
 
   private static final List<String> ALL_PROJECT_PERMISSIONS = ImmutableList.of(
-    UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION, UserRole.USER);
+    UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, UserRole.SCAN, UserRole.USER);
 
   private static final List<OrganizationPermission> ALL_GLOBAL_PERMISSIONS = ImmutableList.copyOf(OrganizationPermission.values());
 
diff --git a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java
index 906c0492526..d1d797ad02f 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java
@@ -26,6 +26,7 @@ import javax.annotation.Nullable;
 import org.sonar.api.config.PropertyDefinition;
 import org.sonar.api.server.ServerSide;
 import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.permission.OrganizationPermission;
 import org.sonar.process.ProcessProperties;
@@ -36,7 +37,6 @@ import static java.lang.String.format;
 import static java.util.Arrays.stream;
 import static org.sonar.api.PropertyType.LICENSE;
 import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_BRANCH;
 import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_PULL_REQUEST;
 import static org.sonar.server.ws.KeyExamples.KEY_BRANCH_EXAMPLE_001;
@@ -70,7 +70,7 @@ public class SettingsWsSupport {
   }
 
   boolean isVisible(String key, @Nullable PropertyDefinition definition, Optional<ComponentDto> component) {
-    return hasPermission(OrganizationPermission.SCAN, SCAN_EXECUTION, component) || (verifySecuredSetting(key, definition, component) && (verifyLicenseSetting(key, definition)));
+    return hasPermission(OrganizationPermission.SCAN, UserRole.SCAN, component) || (verifySecuredSetting(key, definition, component) && (verifyLicenseSetting(key, definition)));
   }
 
   static boolean isSecured(String key) {
diff --git a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java
index 430f3c6e23f..5bd592f4215 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java
@@ -42,6 +42,7 @@ import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
 import org.sonar.core.util.stream.MoreCollectors;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
@@ -60,7 +61,6 @@ import static org.sonar.api.CoreProperties.SERVER_ID;
 import static org.sonar.api.CoreProperties.SERVER_STARTTIME;
 import static org.sonar.api.PropertyType.PROPERTY_SET;
 import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.process.ProcessProperties.Property.SONARCLOUD_ENABLED;
 import static org.sonar.server.setting.ws.PropertySetExtractor.extractPropertySetKeys;
 import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_BRANCH;
@@ -160,7 +160,7 @@ public class ValuesAction implements SettingsWsAction {
     }
     ComponentDto component = componentFinder.getByKeyAndOptionalBranchOrPullRequest(dbSession, componentKey, valuesRequest.getBranch(), valuesRequest.getPullRequest());
     if (!userSession.hasComponentPermission(USER, component) &&
-      !userSession.hasComponentPermission(SCAN_EXECUTION, component) &&
+      !userSession.hasComponentPermission(UserRole.SCAN, component) &&
       !userSession.hasPermission(OrganizationPermission.SCAN, component.getOrganizationUuid())) {
       throw insufficientPrivilegesException();
     }
author	Simon Brandhof <simon.brandhof@sonarsource.com>	2018-11-29 22:02:19 +0100
committer	SonarTech <sonartech@sonarsource.com>	2018-12-12 20:21:02 +0100
commit	cf489b9db95939a21c84f3eb133b57ac52acfce7 (patch)
tree	88f60b1a707b801cc95a8b1db62419163757389b /server/sonar-server/src
parent	86cd2f36c84cdf32b64765583af59c4bd6569884 (diff)
download	sonarqube-cf489b9db95939a21c84f3eb133b57ac52acfce7.tar.gz sonarqube-cf489b9db95939a21c84f3eb133b57ac52acfce7.zip