aboutsummaryrefslogtreecommitdiffstats
path: root/server/sonar-webserver-auth
diff options
context:
space:
mode:
authorPierre <pierre.guillot@sonarsource.com>2022-06-10 18:30:02 +0200
committersonartech <sonartech@sonarsource.com>2022-06-15 20:03:02 +0000
commit3910ba6b24b5897ec740f64d7b7113df50da2dfa (patch)
tree067ce20f2fa3c352ab4cc8a246f0b74f47fc2345 /server/sonar-webserver-auth
parentb7206c7c6fd9a77f2bea2a9c1bb004d9366f748a (diff)
downloadsonarqube-3910ba6b24b5897ec740f64d7b7113df50da2dfa.tar.gz
sonarqube-3910ba6b24b5897ec740f64d7b7113df50da2dfa.zip
SONAR-16479 remove root user concept
Diffstat (limited to 'server/sonar-webserver-auth')
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java5
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java44
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java5
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java8
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java10
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java17
-rw-r--r--server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java1
-rw-r--r--server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserRegistrarImplTest.java3
-rw-r--r--server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java173
-rw-r--r--server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java25
-rw-r--r--server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AbstractMockUserSession.java2
-rw-r--r--server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java5
-rw-r--r--server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java10
-rw-r--r--server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java20
-rw-r--r--server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java5
15 files changed, 8 insertions, 325 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java
index 6864bce8424..84fa83ae551 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SafeModeUserSession.java
@@ -100,11 +100,6 @@ public class SafeModeUserSession extends AbstractUserSession {
}
@Override
- public boolean isRoot() {
- return false;
- }
-
- @Override
public boolean isSystemAdministrator() {
return false;
}
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java
index 224b7fca858..d361e8b385e 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/AbstractUserSession.java
@@ -83,67 +83,45 @@ public abstract class AbstractUserSession implements UserSession {
@Override
public final boolean hasPermission(GlobalPermission permission) {
- return isRoot() || hasPermissionImpl(permission);
+ return hasPermissionImpl(permission);
}
protected abstract boolean hasPermissionImpl(GlobalPermission permission);
@Override
public final boolean hasComponentPermission(String permission, ComponentDto component) {
- if (isRoot()) {
- return true;
- }
String projectUuid = defaultString(component.getMainBranchProjectUuid(), component.projectUuid());
return hasProjectUuidPermission(permission, projectUuid);
}
@Override
public final boolean hasProjectPermission(String permission, ProjectDto project) {
- if (isRoot()) {
- return true;
- }
return hasProjectUuidPermission(permission, project.getUuid());
}
@Override
public final boolean hasProjectPermission(String permission, String projectUuid) {
- if (isRoot()) {
- return true;
- }
return hasProjectUuidPermission(permission, projectUuid);
}
@Override
public final boolean hasChildProjectsPermission(String permission, ComponentDto component) {
- if (isRoot()) {
- return true;
- }
String applicationUuid = defaultString(component.getMainBranchProjectUuid(), component.projectUuid());
return hasChildProjectsPermission(permission, applicationUuid);
}
@Override
public final boolean hasChildProjectsPermission(String permission, ProjectDto project) {
- if (isRoot()) {
- return true;
- }
return hasChildProjectsPermission(permission, project.getUuid());
}
@Override
public final boolean hasPortfolioChildProjectsPermission(String permission, ComponentDto portfolio) {
- if (isRoot()) {
- return true;
- }
-
return hasPortfolioChildProjectsPermission(permission, portfolio.uuid());
}
@Override
public final boolean hasComponentUuidPermission(String permission, String componentUuid) {
- if (isRoot()) {
- return true;
- }
Optional<String> projectUuid = componentUuidToProjectUuid(componentUuid);
return projectUuid
.map(s -> hasProjectUuidPermission(permission, s))
@@ -160,17 +138,11 @@ public abstract class AbstractUserSession implements UserSession {
@Override
public final List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components) {
- if (isRoot()) {
- return new ArrayList<>(components);
- }
return doKeepAuthorizedComponents(permission, components);
}
@Override
public List<ProjectDto> keepAuthorizedProjects(String permission, Collection<ProjectDto> projects) {
- if (isRoot()) {
- return new ArrayList<>(projects);
- }
return doKeepAuthorizedProjects(permission, projects);
}
@@ -195,14 +167,6 @@ public abstract class AbstractUserSession implements UserSession {
}
@Override
- public UserSession checkIsRoot() {
- if (!isRoot()) {
- throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);
- }
- return this;
- }
-
- @Override
public final UserSession checkLoggedIn() {
if (!isLoggedIn()) {
throw new UnauthorizedException(AUTHENTICATION_IS_REQUIRED_MESSAGE);
@@ -228,7 +192,7 @@ public abstract class AbstractUserSession implements UserSession {
@Override
public UserSession checkProjectPermission(String projectPermission, ProjectDto project) {
- if (isRoot() || hasProjectUuidPermission(projectPermission, project.getUuid())) {
+ if (hasProjectUuidPermission(projectPermission, project.getUuid())) {
return this;
}
@@ -237,7 +201,7 @@ public abstract class AbstractUserSession implements UserSession {
@Override
public UserSession checkChildProjectsPermission(String projectPermission, ComponentDto component) {
- if (isRoot() || !APP.equals(component.qualifier()) || hasChildProjectsPermission(projectPermission, component)) {
+ if (!APP.equals(component.qualifier()) || hasChildProjectsPermission(projectPermission, component)) {
return this;
}
@@ -246,7 +210,7 @@ public abstract class AbstractUserSession implements UserSession {
@Override
public UserSession checkChildProjectsPermission(String projectPermission, ProjectDto application) {
- if (isRoot() || !APP.equals(application.getQualifier()) || hasChildProjectsPermission(projectPermission, application)) {
+ if (!APP.equals(application.getQualifier()) || hasChildProjectsPermission(projectPermission, application)) {
return this;
}
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java
index 0ac01236152..0994a6ec857 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/DoPrivileged.java
@@ -97,11 +97,6 @@ public final class DoPrivileged {
}
@Override
- public boolean isRoot() {
- return true;
- }
-
- @Override
public Optional<IdentityProvider> getIdentityProvider() {
return Optional.empty();
}
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
index 914b2a985f6..80ec73f6257 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
@@ -122,11 +122,6 @@ public class ServerUserSession extends AbstractUserSession {
}
@Override
- public boolean isRoot() {
- return userDto != null && userDto.isRoot();
- }
-
- @Override
public Optional<IdentityProvider> getIdentityProvider() {
return ofNullable(userDto).map(d -> computeIdentity(d).getIdentityProvider());
}
@@ -351,9 +346,6 @@ public class ServerUserSession extends AbstractUserSession {
}
private boolean loadIsSystemAdministrator() {
- if (isRoot()) {
- return true;
- }
return hasPermission(GlobalPermission.ADMINISTER);
}
}
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
index 1d8866c1b16..2adc5d4bbb4 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
@@ -101,16 +101,6 @@ public class ThreadLocalUserSession implements UserSession {
}
@Override
- public UserSession checkIsRoot() {
- return get().checkIsRoot();
- }
-
- @Override
- public boolean isRoot() {
- return get().isRoot();
- }
-
- @Override
public UserSession checkLoggedIn() {
get().checkLoggedIn();
return this;
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java
index f10db0d1dfc..feb73aaebd0 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/UserSession.java
@@ -150,18 +150,6 @@ public interface UserSession {
boolean isLoggedIn();
/**
- * Whether the user has root privileges. If {@code true}, then user automatically
- * benefits from all the permissions on all projects.
- */
- boolean isRoot();
-
- /**
- * Ensures that {@link #isRoot()} returns {@code true} otherwise throws a
- * {@link org.sonar.server.exceptions.ForbiddenException}.
- */
- UserSession checkIsRoot();
-
- /**
* Ensures that user is logged in otherwise throws {@link org.sonar.server.exceptions.UnauthorizedException}.
*/
UserSession checkLoggedIn();
@@ -169,7 +157,6 @@ public interface UserSession {
/**
* Returns {@code true} if the permission is granted, otherwise {@code false}.
*
- * Always returns {@code true} if {@link #isRoot()} is {@code true}.
*/
boolean hasPermission(GlobalPermission permission);
@@ -185,9 +172,6 @@ public interface UserSession {
*
* If the component does not exist, then returns {@code false}.
*
- * Always returns {@code true} if {@link #isRoot()} is {@code true}, even if
- * component does not exist.
- *
* @param component non-null component.
* @param permission project permission as defined by {@link org.sonar.server.permission.PermissionService}
*/
@@ -263,7 +247,6 @@ public interface UserSession {
*
* Returns {@code true} if:
* <ul>
- * <li>{@link #isRoot()} is {@code true}</li>
* <li>user is administrator</li>
* </ul>
*/
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java
index 0278a2eab3f..8cf6876dbda 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java
@@ -43,7 +43,6 @@ public class SafeModeUserSessionTest {
@Test
public void session_has_no_permissions() {
assertThat(underTest.shouldResetPassword()).isFalse();
- assertThat(underTest.isRoot()).isFalse();
assertThat(underTest.isSystemAdministrator()).isFalse();
assertThat(underTest.hasPermissionImpl(GlobalPermission.ADMINISTER)).isFalse();
assertThat(underTest.hasProjectUuidPermission(UserRole.USER, "foo")).isFalse();
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserRegistrarImplTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserRegistrarImplTest.java
index accef48c744..97991e5945b 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserRegistrarImplTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserRegistrarImplTest.java
@@ -104,7 +104,6 @@ public class UserRegistrarImplTest {
assertThat(user.getExternalLogin()).isEqualTo(USER_LOGIN);
assertThat(user.getExternalIdentityProvider()).isEqualTo("github");
assertThat(user.getExternalId()).isEqualTo("ABCD");
- assertThat(user.isRoot()).isFalse();
checkGroupMembership(user, defaultGroup);
}
@@ -132,7 +131,6 @@ public class UserRegistrarImplTest {
assertThat(user.getExternalIdentityProvider()).isEqualTo("sonarqube");
assertThat(user.getExternalId()).isEqualTo("ABCD");
assertThat(user.isLocal()).isFalse();
- assertThat(user.isRoot()).isFalse();
checkGroupMembership(user, defaultGroup);
}
@@ -479,7 +477,6 @@ public class UserRegistrarImplTest {
assertThat(userDto.getExternalId()).isEqualTo(USER_IDENTITY.getProviderId());
assertThat(userDto.getExternalLogin()).isEqualTo(USER_IDENTITY.getProviderLogin());
assertThat(userDto.getExternalIdentityProvider()).isEqualTo(GH_IDENTITY_PROVIDER.getKey());
- assertThat(userDto.isRoot()).isFalse();
}
@Test
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
index c3ea59725e7..47a4197b6f0 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
@@ -138,62 +138,6 @@ public class ServerUserSessionTest {
}
@Test
- public void isRoot_is_false_is_flag_root_is_false_on_UserDto() {
- UserDto root = db.users().insertUser();
- root = db.users().makeRoot(root);
- assertThat(newUserSession(root).isRoot()).isTrue();
-
- UserDto notRoot = db.users().insertUser();
- assertThat(newUserSession(notRoot).isRoot()).isFalse();
- }
-
- @Test
- public void checkIsRoot_throws_IPFE_if_flag_root_is_false_on_UserDto() {
- UserDto user = db.users().insertUser();
- UserSession underTest = newUserSession(user);
-
- assertThatForbiddenExceptionIsThrown(underTest::checkIsRoot);
- }
-
- @Test
- public void checkIsRoot_does_not_fail_if_flag_root_is_true_on_UserDto() {
- UserDto root = db.users().insertUser();
- root = db.users().makeRoot(root);
-
- UserSession underTest = newUserSession(root);
-
- assertThat(underTest.checkIsRoot()).isSameAs(underTest);
- }
-
- @Test
- public void hasComponentUuidPermission_returns_true_when_flag_root_is_true_on_UserDto_no_matter_if_user_has_project_permission_for_given_uuid() {
- UserDto root = db.users().insertUser();
- root = db.users().makeRoot(root);
- ComponentDto project = db.components().insertPrivateProject();
- ComponentDto file = db.components().insertComponent(newFileDto(project));
-
- UserSession underTest = newUserSession(root);
-
- assertThat(underTest.hasComponentUuidPermission(USER, file.uuid())).isTrue();
- assertThat(underTest.hasComponentUuidPermission(CODEVIEWER, file.uuid())).isTrue();
- assertThat(underTest.hasComponentUuidPermission(ADMIN, file.uuid())).isTrue();
- assertThat(underTest.hasComponentUuidPermission("whatever", "who cares?")).isTrue();
- }
-
- @Test
- public void checkComponentUuidPermission_succeeds_if_user_has_permission_for_specified_uuid_in_db() {
- UserDto root = db.users().insertUser();
- root = db.users().makeRoot(root);
- ComponentDto project = db.components().insertPrivateProject();
- ComponentDto file = db.components().insertComponent(newFileDto(project));
-
- UserSession underTest = newUserSession(root);
-
- assertThat(underTest.checkComponentUuidPermission(USER, file.uuid())).isSameAs(underTest);
- assertThat(underTest.checkComponentUuidPermission("whatever", "who cares?")).isSameAs(underTest);
- }
-
- @Test
public void checkComponentUuidPermission_fails_with_FE_when_user_has_not_permission_for_specified_uuid_in_db() {
UserDto user = db.users().insertUser();
ComponentDto project = db.components().insertPrivateProject();
@@ -204,19 +148,6 @@ public class ServerUserSessionTest {
}
@Test
- public void checkChildProjectsPermission_succeeds_if_user_is_root() {
- UserDto root = db.users().insertUser();
- root = db.users().makeRoot(root);
- ComponentDto project = db.components().insertPrivateProject();
- ComponentDto application = db.components().insertPrivateApplication();
- db.components().addApplicationProject(application, project);
-
- UserSession underTest = newUserSession(root);
-
- assertThat(underTest.checkChildProjectsPermission(USER, application)).isSameAs(underTest);
- }
-
- @Test
public void checkChildProjectsPermission_succeeds_if_user_has_permissions_on_all_application_child_projects() {
UserDto user = db.users().insertUser();
ComponentDto project = db.components().insertPrivateProject();
@@ -262,19 +193,10 @@ public class ServerUserSessionTest {
@Test
public void checkPermission_succeeds_when_user_has_the_specified_permission() {
- UserDto root = db.users().insertUser();
- root = db.users().makeRoot(root);
- db.users().insertPermissionOnUser(root, PROVISIONING);
+ UserDto adminUser = db.users().insertAdminByUserPermission();
+ db.users().insertPermissionOnUser(adminUser, PROVISIONING);
- newUserSession(root).checkPermission(PROVISION_PROJECTS);
- }
-
- @Test
- public void checkPermission_succeeds_when_user_is_root() {
- UserDto root = db.users().insertUser();
- root = db.users().makeRoot(root);
-
- newUserSession(root).checkPermission(PROVISION_PROJECTS);
+ newUserSession(adminUser).checkPermission(PROVISION_PROJECTS);
}
@Test
@@ -652,17 +574,6 @@ public class ServerUserSessionTest {
}
@Test
- public void hasComponentPermissionByDtoOrUuid_returns_true_for_any_project_or_permission_for_root_user() {
- UserDto root = db.users().insertUser();
- root = db.users().makeRoot(root);
- ComponentDto publicProject = db.components().insertPublicProject();
-
- ServerUserSession underTest = newUserSession(root);
-
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, "does not matter", publicProject)).isTrue();
- }
-
- @Test
public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_logged_in_user() {
UserDto user = db.users().insertUser();
ComponentDto publicProject = db.components().insertPublicProject();
@@ -806,74 +717,6 @@ public class ServerUserSessionTest {
}
@Test
- public void keepAuthorizedComponents_returns_all_specified_components_if_root() {
- UserDto root = db.users().insertUser();
- root = db.users().makeRoot(root);
- UserSession underTest = newUserSession(root);
-
- ComponentDto project1 = db.components().insertPublicProject();
- ComponentDto project2 = db.components().insertPrivateProject();
- ComponentDto project3 = db.components().insertPrivateProject();
- ComponentDto project4 = db.components().insertPrivateProject();
- ComponentDto project5 = db.components().insertPrivateProject();
- ComponentDto project6 = db.components().insertPrivateProject();
-
- ComponentDto portfolio = db.components().insertPrivatePortfolio();
-
- ComponentDto subPortfolio = db.components().insertComponent(newSubPortfolio(portfolio));
-
- ComponentDto app = db.components().insertPrivateApplication();
-
- ComponentDto app2 = db.components().insertPrivateApplication();
-
- // Add public project1 to private portfolio
- db.components().addPortfolioProject(portfolio, project1);
- db.components().insertComponent(newProjectCopy(project1, portfolio));
-
- // Add private project2 to private portfolio
- db.components().addPortfolioProject(portfolio, project2);
- db.components().insertComponent(newProjectCopy(project2, portfolio));
-
- // Add private project4 to sub-portfolio
- db.components().addPortfolioProject(subPortfolio, project4);
- db.components().insertComponent(newProjectCopy(project4, subPortfolio));
- db.components().addPortfolioReference(portfolio, subPortfolio.uuid());
-
- // Add private project3 without permissions to private portfolio
- db.components().addPortfolioProject(portfolio, project3);
- db.components().insertComponent(newProjectCopy(project3, portfolio));
-
- // Add private project5 to app
- db.components().addApplicationProject(app, project5);
- db.components().insertComponent(newProjectCopy(project5, app));
- db.components().addPortfolioReference(portfolio, app.uuid());
-
- // Add private project6 to private app2
- db.components().addApplicationProject(app2, project6);
- db.components().insertComponent(newProjectCopy(project6, app2));
- db.components().addPortfolioReference(portfolio, app2.uuid());
-
- assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(portfolio))).hasSize(1);
- assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(portfolio))).containsExactly(portfolio);
-
- assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(app, subPortfolio, app2))).hasSize(3);
- assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(app, subPortfolio, app2))).containsExactly(app, subPortfolio, app2);
-
- assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(project1, project2, project3, project4, project5, project6))).hasSize(6);
- assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(project1, project2, project3, project4, project5, project6))).containsExactly(project1, project2, project3, project4, project5, project6);
- }
-
- @Test
- public void isSystemAdministrator_returns_true_if_org_feature_is_enabled_and_user_is_root() {
- UserDto root = db.users().insertUser();
- root = db.users().makeRoot(root);
-
- UserSession session = newUserSession(root);
-
- assertThat(session.isSystemAdministrator()).isTrue();
- }
-
- @Test
public void isSystemAdministrator_returns_false_if_org_feature_is_enabled_and_user_is_not_root() {
UserDto user = db.users().insertUser();
@@ -919,16 +762,6 @@ public class ServerUserSessionTest {
}
@Test
- public void checkIsSystemAdministrator_succeeds_if_system_administrator() {
- UserDto root = db.users().insertUser();
- root = db.users().makeRoot(root);
-
- UserSession session = newUserSession(root);
-
- session.checkIsSystemAdministrator();
- }
-
- @Test
public void checkIsSystemAdministrator_throws_ForbiddenException_if_not_system_administrator() {
UserDto user = db.users().insertUser();
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java
index 4f8a5e463c9..f1fc01c2a3c 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java
@@ -79,31 +79,6 @@ public class ThreadLocalUserSessionTest {
}
@Test
- public void get_session_for_root_user() {
- GroupDto group = GroupTesting.newGroupDto();
- MockUserSession expected = new MockUserSession("root")
- .setUuid("root-uuid")
- .setResetPassword(true)
- .setLastSonarlintConnectionDate(1000L)
- .setGroups(group);
- expected.setRoot(true);
- threadLocalUserSession.set(expected);
-
- UserSession session = threadLocalUserSession.get();
- assertThat(session).isSameAs(expected);
- assertThat(threadLocalUserSession.getLastSonarlintConnectionDate()).isEqualTo(1000L);
- assertThat(threadLocalUserSession.getLogin()).isEqualTo("root");
- assertThat(threadLocalUserSession.getUuid()).isEqualTo("root-uuid");
- assertThat(threadLocalUserSession.isLoggedIn()).isTrue();
- assertThat(threadLocalUserSession.shouldResetPassword()).isTrue();
- assertThat(threadLocalUserSession.getGroups()).extracting(GroupDto::getUuid).containsOnly(group.getUuid());
- assertThat(threadLocalUserSession.hasChildProjectsPermission(USER, new ComponentDto())).isTrue();
- assertThat(threadLocalUserSession.hasChildProjectsPermission(USER, new ProjectDto())).isTrue();
- assertThat(threadLocalUserSession.hasPortfolioChildProjectsPermission(USER, new ComponentDto())).isTrue();
- assertThat(threadLocalUserSession.hasProjectPermission(USER, new ProjectDto().getUuid())).isTrue();
- }
-
- @Test
public void get_session_for_anonymous() {
AnonymousMockUserSession expected = new AnonymousMockUserSession();
threadLocalUserSession.set(expected);
diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AbstractMockUserSession.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AbstractMockUserSession.java
index bf21b59d8d6..ed2cf0c2ac1 100644
--- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AbstractMockUserSession.java
+++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AbstractMockUserSession.java
@@ -217,7 +217,7 @@ public abstract class AbstractMockUserSession<T extends AbstractMockUserSession>
@Override
public boolean isSystemAdministrator() {
- return isRoot() || systemAdministrator;
+ return systemAdministrator;
}
public T setResetPassword(boolean b) {
diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java
index 704345cf6eb..072fb261d15 100644
--- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java
+++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/AnonymousMockUserSession.java
@@ -31,11 +31,6 @@ public class AnonymousMockUserSession extends AbstractMockUserSession<AnonymousM
}
@Override
- public boolean isRoot() {
- return false;
- }
-
- @Override
public boolean isActive() {
return false;
}
diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java
index b199c30275a..9ae3c3c8de9 100644
--- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java
+++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/MockUserSession.java
@@ -38,7 +38,6 @@ import static org.sonar.server.user.UserSession.IdentityProvider.SONARQUBE;
public class MockUserSession extends AbstractMockUserSession<MockUserSession> {
private final String login;
private String uuid;
- private boolean root = false;
private String name;
private List<GroupDto> groups = new ArrayList<>();
private UserSession.IdentityProvider identityProvider;
@@ -82,19 +81,10 @@ public class MockUserSession extends AbstractMockUserSession<MockUserSession> {
}
@Override
- public boolean isRoot() {
- return root;
- }
-
- @Override
public boolean isActive() {
return true;
}
- public void setRoot(boolean root) {
- this.root = root;
- }
-
@Override
public String getLogin() {
return this.login;
diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java
index c8fc0b37f98..894f7d12291 100644
--- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java
+++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/tester/UserSessionRule.java
@@ -120,16 +120,6 @@ public class UserSessionRule implements TestRule, UserSession {
return this;
}
- public UserSessionRule setRoot() {
- ensureMockUserSession().setRoot(true);
- return this;
- }
-
- public UserSessionRule setNonRoot() {
- ensureMockUserSession().setRoot(false);
- return this;
- }
-
public UserSessionRule setSystemAdministrator() {
ensureMockUserSession().setSystemAdministrator(true);
return this;
@@ -346,16 +336,6 @@ public class UserSessionRule implements TestRule, UserSession {
}
@Override
- public boolean isRoot() {
- return currentUserSession.isRoot();
- }
-
- @Override
- public UserSession checkIsRoot() {
- return currentUserSession.checkIsRoot();
- }
-
- @Override
public UserSession checkLoggedIn() {
currentUserSession.checkLoggedIn();
return this;
diff --git a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java
index 92d1d056781..afd0ab1ab9b 100644
--- a/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java
+++ b/server/sonar-webserver-auth/src/testFixtures/java/org/sonar/server/user/TestUserSessionFactory.java
@@ -108,11 +108,6 @@ public class TestUserSessionFactory implements UserSessionFactory {
}
@Override
- public boolean isRoot() {
- throw notImplemented();
- }
-
- @Override
protected boolean hasPermissionImpl(GlobalPermission permission) {
throw notImplemented();
}