diff options
| author | Klaudio Sinani <klaudio.sinani@sonarsource.com> | 2022-01-19 11:10:09 +0100 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2022-01-20 20:02:44 +0000 |
| commit | 60b608ea9283e3b46fa99d58d8a75844e4d1352e (patch) | |
| tree | b7c042b991bba91612fbc447fa8976431a32b308 /server | |
| parent | 1dc59e984548492542cbbae727808ea10ae2ad58 (diff) | |
| download | sonarqube-60b608ea9283e3b46fa99d58d8a75844e4d1352e.tar.gz sonarqube-60b608ea9283e3b46fa99d58d8a75844e4d1352e.zip | |
SONAR-15877 Ensure `canBrowseAllChildProjects` is present for subview components
Diffstat (limited to 'server')
2 files changed, 11 insertions, 1 deletions
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java index 2c556e25f7b..29ce154d1bc 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java @@ -403,6 +403,7 @@ public class ServerUserSessionTest { ComponentDto project2 = db.components().insertPrivateProject(); ComponentDto project3 = db.components().insertPrivateProject(); ComponentDto project4 = db.components().insertPrivateProject(); + ComponentDto project5 = db.components().insertPrivateProject(); UserDto user = db.users().insertUser(); UserSession session = newUserSession(user); @@ -429,13 +430,22 @@ public class ServerUserSessionTest { db.components().insertComponent(newProjectCopy(project4, subPortfolio)); db.components().addPortfolioReference(portfolio, subPortfolio.uuid()); + // The predicate should work both on view and subview components assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue(); + assertThat(session.hasPortfolioChildProjectsPermission(USER, subPortfolio)).isTrue(); // Add private project3 without permissions to private portfolio db.components().addPortfolioProject(portfolio, project3); db.components().insertComponent(newProjectCopy(project3, portfolio)); assertThat(session.hasChildProjectsPermission(USER, portfolio)).isFalse(); + + // Add private project5 without permissions to sub-portfolio + db.components().addPortfolioProject(subPortfolio, project5); + db.components().insertComponent(newProjectCopy(project5, subPortfolio)); + + assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isFalse(); + assertThat(session.hasPortfolioChildProjectsPermission(USER, subPortfolio)).isFalse(); } @Test diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/ui/ws/ComponentAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/ui/ws/ComponentAction.java index 486681be01b..b97f9951878 100644 --- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/ui/ws/ComponentAction.java +++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/ui/ws/ComponentAction.java @@ -217,7 +217,7 @@ public class ComponentAction implements NavigationWsAction { if (Qualifiers.APP.equals(component.qualifier())) { json.prop("canBrowseAllChildProjects", userSession.hasChildProjectsPermission(USER, component)); } - if (Qualifiers.VIEW.equals(component.qualifier())) { + if (Qualifiers.VIEW.equals(component.qualifier()) || Qualifiers.SUBVIEW.equals(component.qualifier())) { json.prop("canBrowseAllChildProjects", userSession.hasPortfolioChildProjectsPermission(USER, component)); } if (QUALIFIERS_WITH_VISIBILITY.contains(component.qualifier())) { |