aboutsummaryrefslogtreecommitdiffstats
path: root/server/sonar-webserver-auth/src
diff options
context:
space:
mode:
authorAurelien Poscia <aurelien.poscia@sonarsource.com>2022-09-26 09:24:30 +0200
committersonartech <sonartech@sonarsource.com>2022-09-26 20:03:17 +0000
commit4345cc170846b25d06fed206df003fb28ea3305c (patch)
tree1fa850f9c81346037ba4fc14bd1ed518141f51c4 /server/sonar-webserver-auth/src
parente259319f06382315f7c276bb3c603b15e812f914 (diff)
downloadsonarqube-4345cc170846b25d06fed206df003fb28ea3305c.tar.gz
sonarqube-4345cc170846b25d06fed206df003fb28ea3305c.zip
SONAR_17313 Allow to provision projects with Global Analysis Token, when user has provisioning permission
Diffstat (limited to 'server/sonar-webserver-auth/src')
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java6
-rw-r--r--server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java40
2 files changed, 41 insertions, 5 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java
index 9c1e401e4cf..c47709f6ec7 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/TokenUserSession.java
@@ -19,6 +19,8 @@
*/
package org.sonar.server.user;
+import java.util.EnumSet;
+import java.util.Set;
import org.sonar.db.DbClient;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.TokenType;
@@ -28,6 +30,7 @@ import org.sonar.db.user.UserTokenDto;
public class TokenUserSession extends ServerUserSession {
private static final String SCAN = "scan";
+ private static final Set<GlobalPermission> GLOBAL_ANALYSIS_TOKEN_SUPPORTED_PERMISSIONS = EnumSet.of(GlobalPermission.SCAN, GlobalPermission.PROVISION_PROJECTS);
private final UserTokenDto userToken;
public TokenUserSession(DbClient dbClient, UserDto user, UserTokenDto userToken) {
@@ -66,8 +69,7 @@ public class TokenUserSession extends ServerUserSession {
//the project analysis token to work for multiple projects in case the user has Global Permissions.
return false;
case GLOBAL_ANALYSIS_TOKEN:
- return GlobalPermission.SCAN.equals(permission) &&
- super.hasPermissionImpl(permission);
+ return GLOBAL_ANALYSIS_TOKEN_SUPPORTED_PERMISSIONS.contains(permission) && super.hasPermissionImpl(permission);
default:
throw new IllegalArgumentException("Unsupported token type " + tokenType.name());
}
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java
index 0af1c638820..43c1b394648 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java
@@ -144,6 +144,40 @@ public class TokenUserSessionTest {
assertThat(userSession.hasPermission(GlobalPermission.SCAN)).isTrue();
}
+ @Test
+ public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsTrueIfUserIsGranted() {
+ UserDto user = db.users().insertUser();
+
+ db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
+ db.users().insertPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
+
+ TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);
+
+ assertThat(userSession.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
+ }
+
+ @Test
+ public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsFalseIfUserIsNotGranted() {
+ UserDto user = db.users().insertUser();
+
+ db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
+
+ TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);
+
+ assertThat(userSession.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isFalse();
+ }
+
+ @Test
+ public void test_hasAdministerGlobalPermission_for_GlobalAnalysisToken_returnsFalse() {
+ UserDto user = db.users().insertUser();
+
+ db.users().insertPermissionOnUser(user, GlobalPermission.ADMINISTER);
+
+ TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);
+
+ assertThat(userSession.hasPermission(GlobalPermission.ADMINISTER)).isFalse();
+ }
+
private TokenUserSession mockTokenUserSession(UserDto userDto) {
return new TokenUserSession(dbClient, userDto, mockUserTokenDto());
}
@@ -156,7 +190,7 @@ public class TokenUserSessionTest {
return new TokenUserSession(dbClient, userDto, mockGlobalAnalysisTokenDto());
}
- private UserTokenDto mockUserTokenDto() {
+ private static UserTokenDto mockUserTokenDto() {
UserTokenDto userTokenDto = new UserTokenDto();
userTokenDto.setType(USER_TOKEN.name());
userTokenDto.setName("User Token");
@@ -164,7 +198,7 @@ public class TokenUserSessionTest {
return userTokenDto;
}
- private UserTokenDto mockProjectAnalysisTokenDto(ComponentDto componentDto) {
+ private static UserTokenDto mockProjectAnalysisTokenDto(ComponentDto componentDto) {
UserTokenDto userTokenDto = new UserTokenDto();
userTokenDto.setType(PROJECT_ANALYSIS_TOKEN.name());
userTokenDto.setName("Project Analysis Token");
@@ -175,7 +209,7 @@ public class TokenUserSessionTest {
return userTokenDto;
}
- private UserTokenDto mockGlobalAnalysisTokenDto() {
+ private static UserTokenDto mockGlobalAnalysisTokenDto() {
UserTokenDto userTokenDto = new UserTokenDto();
userTokenDto.setType(GLOBAL_ANALYSIS_TOKEN.name());
userTokenDto.setName("Global Analysis Token");