SONAR-13117 Fix SSF-103

author: Julien Lancelot <julien.lancelot@sonarsource.com> 2020-02-21 17:47:01 +0100
committer: SonarTech <sonartech@sonarsource.com> 2020-02-26 10:41:19 +0100
commit: d57aeee822d83a3b5fe22229e9865af52ae71ea3 (patch)
tree: 7043865febdb7403f6683b9aacd5337892840f53 /server/sonar-webserver-webapi
parent: b4e8e07c765f771ef0898cadd71386cb9dcbfab4 (diff)
download: sonarqube-d57aeee822d83a3b5fe22229e9865af52ae71ea3.tar.gz
sonarqube-d57aeee822d83a3b5fe22229e9865af52ae71ea3.zip
2 files changed, 15 insertions, 9 deletions
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/source/ws/IssueSnippetsAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/source/ws/IssueSnippetsAction.java
index d7ea42a3b45..64533cc0b15 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/source/ws/IssueSnippetsAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/source/ws/IssueSnippetsAction.java
@@ -89,7 +89,7 @@ public class IssueSnippetsAction implements SourcesWsAction {
         .orElseThrow(() -> new NotFoundException(format("Issue with key '%s' does not exist", issueKey)));
       ComponentDto project = dbClient.componentDao().selectByUuid(dbSession, issueDto.getProjectUuid())
         .orElseThrow(() -> new NotFoundException(format("Project with uuid '%s' does not exist", issueDto.getProjectUuid())));
-      userSession.checkComponentPermission(UserRole.USER, project);
+      userSession.checkComponentPermission(UserRole.CODEVIEWER, project);
 
       DbIssues.Locations locations = issueDto.parseLocations();
       String componentUuid = issueDto.getComponentUuid();
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/source/ws/IssueSnippetsActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/source/ws/IssueSnippetsActionTest.java
index eb88f53d03b..017dfa5ac23 100644
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/source/ws/IssueSnippetsActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/source/ws/IssueSnippetsActionTest.java
@@ -59,6 +59,7 @@ import static org.sonar.api.measures.CoreMetrics.LINES_KEY;
 import static org.sonar.api.measures.CoreMetrics.TECHNICAL_DEBT_KEY;
 import static org.sonar.api.measures.CoreMetrics.TESTS_KEY;
 import static org.sonar.api.measures.CoreMetrics.VIOLATIONS_KEY;
+import static org.sonar.api.web.UserRole.CODEVIEWER;
 import static org.sonar.api.web.UserRole.USER;
 import static org.sonar.db.component.ComponentTesting.newFileDto;
 
@@ -97,7 +98,7 @@ public class IssueSnippetsActionTest {
     ComponentDto file = insertFile(project, "file");
     DbFileSources.Data fileSources = FileSourceTesting.newFakeData(10).build();
     fileSourceTester.insertFileSource(file, 10, dto -> dto.setSourceData(fileSources));
-    userSession.logIn().addProjectPermission(USER, project, file);
+    userSession.logIn().addProjectPermission(CODEVIEWER, project, file);
 
     String issueKey = insertIssue(file, newLocation(file.uuid(), 5, 5));
 
@@ -124,7 +125,7 @@ public class IssueSnippetsActionTest {
 
     DbFileSources.Data fileSources = FileSourceTesting.newFakeData(10).build();
     fileSourceTester.insertFileSource(file, 10, dto -> dto.setSourceData(fileSources));
-    userSession.logIn().addProjectPermission(USER, project, file);
+    userSession.logIn().addProjectPermission(CODEVIEWER, project, file);
 
     String issueKey = insertIssue(file, newLocation(file.uuid(), 5, 5));
 
@@ -139,7 +140,7 @@ public class IssueSnippetsActionTest {
 
     DbFileSources.Data fileSources = FileSourceTesting.newFakeData(10).build();
     fileSourceTester.insertFileSource(file, 10, dto -> dto.setSourceData(fileSources));
-    userSession.logIn().addProjectPermission(USER, project, file);
+    userSession.logIn().addProjectPermission(CODEVIEWER, project, file);
 
     String issueKey = insertIssue(file, newLocation(file2.uuid(), 5, 5));
 
@@ -150,7 +151,7 @@ public class IssueSnippetsActionTest {
   @Test
   public void no_code_to_display() {
     ComponentDto file = insertFile(project, "file");
-    userSession.logIn().addProjectPermission(USER, project, file);
+    userSession.logIn().addProjectPermission(CODEVIEWER, project, file);
 
     String issueKey = insertIssue(file, newLocation(file.uuid(), 5, 5));
 
@@ -161,6 +162,7 @@ public class IssueSnippetsActionTest {
   @Test
   public void fail_if_no_project_permission() {
     ComponentDto file = insertFile(project, "file");
+    userSession.logIn().addProjectPermission(USER, project, file);
     String issueKey = insertIssue(file, newLocation(file.uuid(), 5, 5));
 
     expectedException.expect(ForbiddenException.class);
@@ -171,7 +173,7 @@ public class IssueSnippetsActionTest {
   public void fail_if_issue_not_found() {
     ComponentDto file = insertFile(project, "file");
     insertIssue(file, newLocation(file.uuid(), 5, 5));
-    userSession.logIn().addProjectPermission(USER, project, file);
+    userSession.logIn().addProjectPermission(CODEVIEWER, project, file);
 
     expectedException.expect(NotFoundException.class);
     expectedException.expectMessage("Issue with key 'invalid' does not exist");
@@ -180,8 +182,12 @@ public class IssueSnippetsActionTest {
 
   @Test
   public void fail_if_parameter_missing() {
+    ComponentDto file = insertFile(project, "file");
+    userSession.logIn().addProjectPermission(CODEVIEWER, project, file);
+
     expectedException.expect(IllegalArgumentException.class);
     expectedException.expectMessage("The 'issueKey' parameter is missing");
+
     actionTester.newRequest().execute();
   }
 
@@ -194,7 +200,7 @@ public class IssueSnippetsActionTest {
     fileSourceTester.insertFileSource(file1, 10, dto -> dto.setSourceData(fileSources));
     fileSourceTester.insertFileSource(file2, 10, dto -> dto.setSourceData(fileSources));
 
-    userSession.logIn().addProjectPermission(USER, project, file1, file2);
+    userSession.logIn().addProjectPermission(CODEVIEWER, project, file1, file2);
 
     String issueKey1 = insertIssue(file1, newLocation(file1.uuid(), 5, 5),
       newLocation(file1.uuid(), 9, 9), newLocation(file2.uuid(), 1, 5));
@@ -213,7 +219,7 @@ public class IssueSnippetsActionTest {
     DbFileSources.Data fileSources = FileSourceTesting.newFakeData(20).build();
     fileSourceTester.insertFileSource(file1, 20, dto -> dto.setSourceData(fileSources));
 
-    userSession.logIn().addProjectPermission(USER, project, file1);
+    userSession.logIn().addProjectPermission(CODEVIEWER, project, file1);
 
     // these two locations should get connected, making a single range 3-14
     String issueKey1 = insertIssue(file1, newLocation(file1.uuid(), 5, 5),
@@ -236,7 +242,7 @@ public class IssueSnippetsActionTest {
     fileSourceTester.insertFileSource(file2, 10, dto -> dto.setSourceData(fileSources));
 
     userSession.logIn()
-      .addProjectPermission(USER, project, file1, file2)
+      .addProjectPermission(CODEVIEWER, project, file1, file2)
       .addMembership(organization);
 
     String issueKey1 = insertIssue(file1, newLocation(file1.uuid(), 5, 5),
author	Julien Lancelot <julien.lancelot@sonarsource.com>	2020-02-21 17:47:01 +0100
committer	SonarTech <sonartech@sonarsource.com>	2020-02-26 10:41:19 +0100
commit	d57aeee822d83a3b5fe22229e9865af52ae71ea3 (patch)
tree	7043865febdb7403f6683b9aacd5337892840f53 /server/sonar-webserver-webapi
parent	b4e8e07c765f771ef0898cadd71386cb9dcbfab4 (diff)
download	sonarqube-d57aeee822d83a3b5fe22229e9865af52ae71ea3.tar.gz sonarqube-d57aeee822d83a3b5fe22229e9865af52ae71ea3.zip