SONAR-8662 Wrong entries in "Administration" menu of a project dashboard when not enough permission (#1642)

author: Stas Vilchik <stas-vilchik@users.noreply.github.com> 2017-02-09 10:52:23 +0100
committer: GitHub <noreply@github.com> 2017-02-09 10:52:23 +0100
commit: 867894b876c520c1342a60e36a2e421a2a291b71 (patch)
tree: 4ebcd69e235cea0c0c427a1d064648b1aec5da77 /server
parent: a6a9e784a3ebc96723fe21c7e18a67d44b67ae10 (diff)
download: sonarqube-867894b876c520c1342a60e36a2e421a2a291b71.tar.gz
sonarqube-867894b876c520c1342a60e36a2e421a2a291b71.zip
5 files changed, 37 insertions, 4 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java
index b15ccd19b7e..6bb6be1c1da 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java
@@ -59,6 +59,7 @@ import org.sonar.server.user.UserSession;
 import static org.sonar.api.measures.CoreMetrics.QUALITY_PROFILES_KEY;
 import static org.sonar.api.web.UserRole.ADMIN;
 import static org.sonar.api.web.UserRole.USER;
+import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
 import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
 import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
 import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
@@ -139,7 +140,9 @@ public class ComponentAction implements NavigationWsAction {
       writeComponent(json, session, component, org, analysis.orElse(null));
       writeProfiles(json, session, component);
       writeQualityGate(json, session, component);
-      if (userSession.hasComponentPermission(ADMIN, component) || userSession.hasOrganizationPermission(org.getUuid(), QUALITY_PROFILE_ADMIN)) {
+      if (userSession.hasComponentPermission(ADMIN, component) ||
+        userSession.hasOrganizationPermission(org.getUuid(), QUALITY_PROFILE_ADMIN) ||
+        userSession.hasOrganizationPermission(org.getUuid(), QUALITY_GATE_ADMIN)) {
         writeConfiguration(json, component);
       }
       writeBreadCrumbs(json, session, component);
@@ -225,10 +228,12 @@ public class ComponentAction implements NavigationWsAction {
   private void writeConfigPageAccess(JsonWriter json, boolean isAdmin, ComponentDto component) {
     boolean isProject = Qualifiers.PROJECT.equals(component.qualifier());
     boolean showManualMeasures = isAdmin && !Qualifiers.DIRECTORY.equals(component.qualifier());
+    boolean isQualityProfileAdmin = userSession.hasOrganizationPermission(component.getOrganizationUuid(), QUALITY_PROFILE_ADMIN);
+    boolean isQualityGateAdmin = userSession.hasOrganizationPermission(component.getOrganizationUuid(), QUALITY_GATE_ADMIN);
 
     json.prop("showSettings", isAdmin && componentTypeHasProperty(component, PROPERTY_CONFIGURABLE));
-    json.prop("showQualityProfiles", isProject);
-    json.prop("showQualityGates", isProject);
+    json.prop("showQualityProfiles", isProject && (isAdmin || isQualityProfileAdmin));
+    json.prop("showQualityGates", isProject && (isAdmin || isQualityGateAdmin));
     json.prop("showManualMeasures", showManualMeasures);
     json.prop("showLinks", isAdmin && isProject);
     json.prop("showPermissions", isAdmin && componentTypeHasProperty(component, PROPERTY_HAS_ROLE_POLICY));
diff --git a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java
index 7b58db290d7..54afe3e27e8 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java
@@ -64,6 +64,7 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 import static org.sonar.api.measures.CoreMetrics.QUALITY_PROFILES_KEY;
 import static org.sonar.api.web.page.Page.Scope.COMPONENT;
+import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
 import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
 import static org.sonar.db.component.ComponentTesting.newDirectory;
 import static org.sonar.db.component.ComponentTesting.newFileDto;
@@ -316,6 +317,17 @@ public class ComponentActionTest {
   }
 
   @Test
+  public void return_configuration_for_quality_gate_admin() throws Exception {
+    init();
+    componentDbTester.insertComponent(project);
+    userSessionRule.logIn()
+      .addProjectUuidPermissions(UserRole.USER, project.uuid())
+      .addOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN);
+
+    executeAndVerify(project.key(), "return_configuration_for_quality_gate_admin.json");
+  }
+
+  @Test
   public void return_bread_crumbs_on_several_levels() throws Exception {
     init();
     ComponentDto project = componentDbTester.insertComponent(this.project);
diff --git a/server/sonar-server/src/test/resources/org/sonar/server/ui/ws/ComponentActionTest/return_configuration_for_quality_gate_admin.json b/server/sonar-server/src/test/resources/org/sonar/server/ui/ws/ComponentActionTest/return_configuration_for_quality_gate_admin.json
new file mode 100644
index 00000000000..893e9dfc04a
--- /dev/null
+++ b/server/sonar-server/src/test/resources/org/sonar/server/ui/ws/ComponentActionTest/return_configuration_for_quality_gate_admin.json
@@ -0,0 +1,12 @@
+{
+  "configuration": {
+    "showSettings": false,
+    "showQualityProfiles": false,
+    "showQualityGates": true,
+    "showManualMeasures": false,
+    "showLinks": false,
+    "showPermissions": false,
+    "showHistory": false,
+    "showUpdateKey": false
+  }
+}
diff --git a/server/sonar-server/src/test/resources/org/sonar/server/ui/ws/ComponentActionTest/return_configuration_for_quality_profile_admin.json b/server/sonar-server/src/test/resources/org/sonar/server/ui/ws/ComponentActionTest/return_configuration_for_quality_profile_admin.json
index 0b8a1b3a05d..8a8dd68ca93 100644
--- a/server/sonar-server/src/test/resources/org/sonar/server/ui/ws/ComponentActionTest/return_configuration_for_quality_profile_admin.json
+++ b/server/sonar-server/src/test/resources/org/sonar/server/ui/ws/ComponentActionTest/return_configuration_for_quality_profile_admin.json
@@ -2,7 +2,7 @@
   "configuration": {
     "showSettings": false,
     "showQualityProfiles": true,
-    "showQualityGates": true,
+    "showQualityGates": false,
     "showManualMeasures": false,
     "showLinks": false,
     "showPermissions": false,
diff --git a/server/sonar-web/src/main/js/app/components/nav/component/ComponentNavMenu.js b/server/sonar-web/src/main/js/app/components/nav/component/ComponentNavMenu.js
index 4d9aa5f18ee..6b64ac85174 100644
--- a/server/sonar-web/src/main/js/app/components/nav/component/ComponentNavMenu.js
+++ b/server/sonar-web/src/main/js/app/components/nav/component/ComponentNavMenu.js
@@ -278,6 +278,10 @@ export default class ComponentNavMenu extends React.Component {
   renderDeletionLink () {
     const { qualifier } = this.props.component;
 
+    if (!this.props.conf.showSettings) {
+      return null;
+    }
+
     if (qualifier !== 'TRK' && qualifier !== 'VW') {
       return null;
     }
author	Stas Vilchik <stas-vilchik@users.noreply.github.com>	2017-02-09 10:52:23 +0100
committer	GitHub <noreply@github.com>	2017-02-09 10:52:23 +0100
commit	867894b876c520c1342a60e36a2e421a2a291b71 (patch)
tree	4ebcd69e235cea0c0c427a1d064648b1aec5da77 /server
parent	a6a9e784a3ebc96723fe21c7e18a67d44b67ae10 (diff)
download	sonarqube-867894b876c520c1342a60e36a2e421a2a291b71.tar.gz sonarqube-867894b876c520c1342a60e36a2e421a2a291b71.zip