SONAR-18856 Refactor favorites and properties

author: Duarte Meneses <duarte.meneses@sonarsource.com> 2023-05-15 19:49:00 -0500
committer: sonartech <sonartech@sonarsource.com> 2023-06-01 20:02:59 +0000
commit: 46effb33d74b5b37f097288d6bac6343a2d06a8c (patch)
tree: d97ed78ac7d0413214353667dcf2424101f79646 /server/sonar-webserver-auth
parent: 9bc77e5b117af186e37aff6e22a0ed6da96d5ae5 (diff)
download: sonarqube-46effb33d74b5b37f097288d6bac6343a2d06a8c.tar.gz
sonarqube-46effb33d74b5b37f097288d6bac6343a2d06a8c.zip
5 files changed, 85 insertions, 3 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java
index 818e5de16f1..44ee9a5e252 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java
@@ -28,6 +28,7 @@ import javax.annotation.Nullable;
 import org.sonar.api.web.UserRole;
 import org.sonar.core.util.stream.MoreCollectors;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.db.entity.EntityDto;
 import org.sonar.db.permission.GlobalPermission;
 import org.sonar.db.project.ProjectDto;
 import org.sonar.db.user.UserDto;
@@ -88,7 +89,6 @@ public abstract class AbstractUserSession implements UserSession {
 
   @Override
   public boolean hasComponentPermission(String permission, ComponentDto component) {
-
     Optional<String> projectUuid1 = componentUuidToProjectUuid(component.uuid());
 
     return projectUuid1
@@ -102,6 +102,11 @@ public abstract class AbstractUserSession implements UserSession {
   }
 
   @Override
+  public final boolean hasEntityPermission(String permission, EntityDto entity) {
+    return hasProjectUuidPermission(permission, entity.getUuid());
+  }
+
+  @Override
   public final boolean hasProjectPermission(String permission, String projectUuid) {
     return hasProjectUuidPermission(permission, projectUuid);
   }
@@ -148,6 +153,21 @@ public abstract class AbstractUserSession implements UserSession {
     return doKeepAuthorizedProjects(permission, projects);
   }
 
+  @Override
+  public  <T extends EntityDto>  List<T> keepAuthorizedEntities(String permission, Collection<T> projects) {
+    return doKeepAuthorizedEntities(permission, projects);
+  }
+
+  /**
+   * Naive implementation, to be overridden if needed
+   */
+  protected  <T extends EntityDto> List<T> doKeepAuthorizedEntities(String permission, Collection<T> entities) {
+    boolean allowPublicComponent = PUBLIC_PERMISSIONS.contains(permission);
+    return entities.stream()
+      .filter(c -> (allowPublicComponent && !c.isPrivate()) || hasProjectPermission(permission, c.getUuid()))
+      .toList();
+  }
+
   /**
    * Naive implementation, to be overridden if needed
    */
@@ -202,6 +222,15 @@ public abstract class AbstractUserSession implements UserSession {
   }
 
   @Override
+  public UserSession checkEntityPermission(String projectPermission, EntityDto entity) {
+    if (hasEntityPermission(projectPermission, entity)) {
+      return this;
+    }
+
+    throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);
+  }
+
+  @Override
   public UserSession checkChildProjectsPermission(String projectPermission, ComponentDto component) {
     if (!APP.equals(component.qualifier()) || hasChildProjectsPermission(projectPermission, component)) {
       return this;
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
index 020c9e08acb..518b710e5f4 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
@@ -41,6 +41,7 @@ import org.sonar.db.component.BranchDto;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.ComponentTreeQuery;
 import org.sonar.db.component.ComponentTreeQuery.Strategy;
+import org.sonar.db.entity.EntityDto;
 import org.sonar.db.permission.GlobalPermission;
 import org.sonar.db.project.ProjectDto;
 import org.sonar.db.user.GroupDto;
@@ -195,6 +196,17 @@ public class ServerUserSession extends AbstractUserSession {
       .toList();
   }
 
+  @Override
+  public <T extends EntityDto> List<T> keepAuthorizedEntities(String permission, Collection<T> projects) {
+    Set<String> projectsUuids = projects.stream().map(EntityDto::getUuid).collect(Collectors.toSet());
+    // TODO
+    Set<String> authorizedProjectsUuids = keepProjectsUuidsByPermission(permission, projectsUuids);
+
+    return projects.stream()
+      .filter(project -> authorizedProjectsUuids.contains(project.getUuid()))
+      .toList();
+  }
+
   private Set<String> keepProjectsUuidsByPermission(String permission, Collection<String> projectsUuids) {
     try (DbSession dbSession = dbClient.openSession(false)) {
       String userUuid = userDto == null ? null : userDto.getUuid();
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
index 192cb000789..66b3e060fe5 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
@@ -24,6 +24,7 @@ import java.util.List;
 import java.util.Optional;
 import javax.annotation.CheckForNull;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.db.entity.EntityDto;
 import org.sonar.db.permission.GlobalPermission;
 import org.sonar.db.project.ProjectDto;
 import org.sonar.db.user.GroupDto;
@@ -129,6 +130,12 @@ public class ThreadLocalUserSession implements UserSession {
   }
 
   @Override
+  public UserSession checkEntityPermission(String projectPermission, EntityDto entity) {
+    get().checkEntityPermission(projectPermission, entity);
+    return this;
+  }
+
+  @Override
   public UserSession checkProjectPermission(String projectPermission, ProjectDto project) {
     get().checkProjectPermission(projectPermission, project);
     return this;
@@ -174,6 +181,11 @@ public class ThreadLocalUserSession implements UserSession {
   }
 
   @Override
+  public boolean hasEntityPermission(String permission, EntityDto entity) {
+    return get().hasEntityPermission(permission, entity);
+  }
+
+  @Override
   public boolean hasProjectPermission(String permission, ProjectDto project) {
     return get().hasProjectPermission(permission, project);
   }
@@ -209,8 +221,12 @@ public class ThreadLocalUserSession implements UserSession {
   }
 
   @Override
+  public <T extends EntityDto> List<T> keepAuthorizedEntities(String permission, Collection<T> entities) {
+    return get().keepAuthorizedEntities(permission, entities);
+  }
+
+  @Override
   public List<ProjectDto> keepAuthorizedProjects(String permission, Collection<ProjectDto> projects) {
     return get().keepAuthorizedProjects(permission, projects);
   }
-
 }
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java
index 7f46dc68dea..a49bf480760 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java
@@ -25,7 +25,9 @@ import java.util.List;
 import java.util.Optional;
 import javax.annotation.CheckForNull;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.db.entity.EntityDto;
 import org.sonar.db.permission.GlobalPermission;
+import org.sonar.db.portfolio.PortfolioDto;
 import org.sonar.db.project.ProjectDto;
 import org.sonar.db.user.GroupDto;
 
@@ -149,6 +151,8 @@ public interface UserSession {
 
   boolean hasProjectPermission(String permission, ProjectDto project);
 
+  boolean hasEntityPermission(String permission, EntityDto entity);
+
   boolean hasProjectPermission(String permission, String projectUuid);
 
   boolean hasChildProjectsPermission(String permission, ComponentDto component);
@@ -176,6 +180,8 @@ public interface UserSession {
    */
   List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components);
 
+  <T extends EntityDto>  List<T> keepAuthorizedEntities(String permission, Collection<T> components);
+
   List<ProjectDto> keepAuthorizedProjects(String permission, Collection<ProjectDto> projects);
 
   /**
@@ -190,6 +196,8 @@ public interface UserSession {
    */
   UserSession checkProjectPermission(String projectPermission, ProjectDto project);
 
+  UserSession checkEntityPermission(String projectPermission, EntityDto entity);
+
   /**
    * Ensures that {@link #hasChildProjectsPermission(String, ComponentDto)} is {@code true}
    * otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java
index 862eb29455e..9623adc300c 100644
--- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java
+++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java
@@ -30,6 +30,7 @@ import org.junit.runner.Description;
 import org.junit.runners.model.Statement;
 import org.sonar.db.component.BranchDto;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.db.entity.EntityDto;
 import org.sonar.db.permission.GlobalPermission;
 import org.sonar.db.portfolio.PortfolioDto;
 import org.sonar.db.project.ProjectDto;
@@ -204,7 +205,7 @@ public class UserSessionRule implements TestRule, UserSession {
     return this;
   }
 
-  public UserSession registerBranches(BranchDto ...branchDtos){
+  public UserSession registerBranches(BranchDto... branchDtos) {
     ensureAbstractMockUserSession().registerBranches(branchDtos);
     return this;
   }
@@ -263,6 +264,11 @@ public class UserSessionRule implements TestRule, UserSession {
   }
 
   @Override
+  public boolean hasEntityPermission(String permission, EntityDto entity) {
+    return currentUserSession.hasProjectPermission(permission, entity.getUuid());
+  }
+
+  @Override
   public boolean hasProjectPermission(String permission, String projectUuid) {
     return currentUserSession.hasProjectPermission(permission, projectUuid);
   }
@@ -293,6 +299,11 @@ public class UserSessionRule implements TestRule, UserSession {
   }
 
   @Override
+  public <T extends EntityDto> List<T> keepAuthorizedEntities(String permission, Collection<T> entities) {
+    return currentUserSession.keepAuthorizedEntities(permission, entities);
+  }
+
+  @Override
   public List<ProjectDto> keepAuthorizedProjects(String permission, Collection<ProjectDto> projects) {
     return currentUserSession.keepAuthorizedProjects(permission, projects);
   }
@@ -370,6 +381,12 @@ public class UserSessionRule implements TestRule, UserSession {
   }
 
   @Override
+  public UserSession checkEntityPermission(String projectPermission, EntityDto entity) {
+    currentUserSession.checkEntityPermission(projectPermission, entity);
+    return this;
+  }
+
+  @Override
   public UserSession checkProjectPermission(String projectPermission, ProjectDto project) {
     currentUserSession.checkProjectPermission(projectPermission, project);
     return this;
author	Duarte Meneses <duarte.meneses@sonarsource.com>	2023-05-15 19:49:00 -0500
committer	sonartech <sonartech@sonarsource.com>	2023-06-01 20:02:59 +0000
commit	46effb33d74b5b37f097288d6bac6343a2d06a8c (patch)
tree	d97ed78ac7d0413214353667dcf2424101f79646 /server/sonar-webserver-auth
parent	9bc77e5b117af186e37aff6e22a0ed6da96d5ae5 (diff)
download	sonarqube-46effb33d74b5b37f097288d6bac6343a2d06a8c.tar.gz sonarqube-46effb33d74b5b37f097288d6bac6343a2d06a8c.zip