diff options
author | Aurelien Poscia <aurelien.poscia@sonarsource.com> | 2022-09-26 09:24:30 +0200 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2022-09-26 20:03:17 +0000 |
commit | 4345cc170846b25d06fed206df003fb28ea3305c (patch) | |
tree | 1fa850f9c81346037ba4fc14bd1ed518141f51c4 /server/sonar-webserver-auth/src | |
parent | e259319f06382315f7c276bb3c603b15e812f914 (diff) | |
download | sonarqube-4345cc170846b25d06fed206df003fb28ea3305c.tar.gz sonarqube-4345cc170846b25d06fed206df003fb28ea3305c.zip |
SONAR_17313 Allow to provision projects with Global Analysis Token, when user has provisioning permission
Diffstat (limited to 'server/sonar-webserver-auth/src')
-rw-r--r-- | server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java | 6 | ||||
-rw-r--r-- | server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java | 40 |
2 files changed, 41 insertions, 5 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java index 9c1e401e4cf..c47709f6ec7 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java @@ -19,6 +19,8 @@ */ package org.sonar.server.user; +import java.util.EnumSet; +import java.util.Set; import org.sonar.db.DbClient; import org.sonar.db.permission.GlobalPermission; import org.sonar.db.user.TokenType; @@ -28,6 +30,7 @@ import org.sonar.db.user.UserTokenDto; public class TokenUserSession extends ServerUserSession { private static final String SCAN = "scan"; + private static final Set<GlobalPermission> GLOBAL_ANALYSIS_TOKEN_SUPPORTED_PERMISSIONS = EnumSet.of(GlobalPermission.SCAN, GlobalPermission.PROVISION_PROJECTS); private final UserTokenDto userToken; public TokenUserSession(DbClient dbClient, UserDto user, UserTokenDto userToken) { @@ -66,8 +69,7 @@ public class TokenUserSession extends ServerUserSession { //the project analysis token to work for multiple projects in case the user has Global Permissions. return false; case GLOBAL_ANALYSIS_TOKEN: - return GlobalPermission.SCAN.equals(permission) && - super.hasPermissionImpl(permission); + return GLOBAL_ANALYSIS_TOKEN_SUPPORTED_PERMISSIONS.contains(permission) && super.hasPermissionImpl(permission); default: throw new IllegalArgumentException("Unsupported token type " + tokenType.name()); } diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java index 0af1c638820..43c1b394648 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java @@ -144,6 +144,40 @@ public class TokenUserSessionTest { assertThat(userSession.hasPermission(GlobalPermission.SCAN)).isTrue(); } + @Test + public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsTrueIfUserIsGranted() { + UserDto user = db.users().insertUser(); + + db.users().insertPermissionOnUser(user, GlobalPermission.SCAN); + db.users().insertPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS); + + TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user); + + assertThat(userSession.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue(); + } + + @Test + public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsFalseIfUserIsNotGranted() { + UserDto user = db.users().insertUser(); + + db.users().insertPermissionOnUser(user, GlobalPermission.SCAN); + + TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user); + + assertThat(userSession.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isFalse(); + } + + @Test + public void test_hasAdministerGlobalPermission_for_GlobalAnalysisToken_returnsFalse() { + UserDto user = db.users().insertUser(); + + db.users().insertPermissionOnUser(user, GlobalPermission.ADMINISTER); + + TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user); + + assertThat(userSession.hasPermission(GlobalPermission.ADMINISTER)).isFalse(); + } + private TokenUserSession mockTokenUserSession(UserDto userDto) { return new TokenUserSession(dbClient, userDto, mockUserTokenDto()); } @@ -156,7 +190,7 @@ public class TokenUserSessionTest { return new TokenUserSession(dbClient, userDto, mockGlobalAnalysisTokenDto()); } - private UserTokenDto mockUserTokenDto() { + private static UserTokenDto mockUserTokenDto() { UserTokenDto userTokenDto = new UserTokenDto(); userTokenDto.setType(USER_TOKEN.name()); userTokenDto.setName("User Token"); @@ -164,7 +198,7 @@ public class TokenUserSessionTest { return userTokenDto; } - private UserTokenDto mockProjectAnalysisTokenDto(ComponentDto componentDto) { + private static UserTokenDto mockProjectAnalysisTokenDto(ComponentDto componentDto) { UserTokenDto userTokenDto = new UserTokenDto(); userTokenDto.setType(PROJECT_ANALYSIS_TOKEN.name()); userTokenDto.setName("Project Analysis Token"); @@ -175,7 +209,7 @@ public class TokenUserSessionTest { return userTokenDto; } - private UserTokenDto mockGlobalAnalysisTokenDto() { + private static UserTokenDto mockGlobalAnalysisTokenDto() { UserTokenDto userTokenDto = new UserTokenDto(); userTokenDto.setType(GLOBAL_ANALYSIS_TOKEN.name()); userTokenDto.setName("Global Analysis Token"); |