diff options
| author | Simon Brandhof <simon.brandhof@gmail.com> | 2012-07-05 16:40:16 +0200 |
|---|---|---|
| committer | Simon Brandhof <simon.brandhof@gmail.com> | 2012-07-05 17:00:17 +0200 |
| commit | cba251c929936768308e59365bc44f532bb16756 (patch) | |
| tree | 5b6b4afcc4863b6264e41d112677e31b7ea1da8f /sonar-server | |
| parent | 5016b01b23344d65768d68ab03419caad3f57c4b (diff) | |
| download | sonarqube-cba251c929936768308e59365bc44f532bb16756.tar.gz sonarqube-cba251c929936768308e59365bc44f532bb16756.zip | |
SONAR-3618 Support custom default permissions for non-project resources
Diffstat (limited to 'sonar-server')
10 files changed, 170 insertions, 77 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/roles_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/roles_controller.rb index 0703ecec5ce..3b879f7448c 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/roles_controller.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/roles_controller.rb @@ -24,7 +24,10 @@ class RolesController < ApplicationController PER_PAGE = 2 before_filter :admin_required - verify :method => :post, :only => [:grant_users, :grant_groups], :redirect_to => {:action => 'global'} + verify :method => :post, :only => [:set_users, :set_groups, :set_default_project_groups, :set_default_project_users], :redirect_to => {:action => 'global'} + + + # GET REQUESTS def global end @@ -38,44 +41,72 @@ class RolesController < ApplicationController end @qualifier = params[:qualifier] || 'TRK' + conditions_sql = 'projects.enabled=:enabled and projects.qualifier=:qualifier and projects.copy_resource_id is null' conditions_values = {:enabled => true, :qualifier => @qualifier} - + joins = nil if params[:q].present? - conditions_sql += ' and projects.id in (select ri.resource_id from resource_index ri where ri.qualifier=:qualifier and ri.kee like :search)' - conditions_values[:search]="#{params[:q].downcase}%" + joins = "INNER JOIN resource_index on resource_index.resource_id=projects.id and resource_index.qualifier=#{ActiveRecord::Base::sanitize(@qualifier)} and resource_index.kee like #{ActiveRecord::Base::sanitize(params[:q] + '%')}" end @pagination = Api::Pagination.new(params) @projects=Project.find(:all, - :include => %w(user_roles group_roles index), + :joins => joins, :conditions => [conditions_sql, conditions_values], - :order => 'resource_index.kee', + :order => 'projects.name', :offset => @pagination.offset, :limit => @pagination.limit) - @pagination.count=Project.count(:conditions => [conditions_sql, conditions_values]) + @pagination.count=Project.count(:joins => joins, :conditions => [conditions_sql, conditions_values]) end def edit_users - @project=Project.by_key(params[:resource]) if !params[:resource].blank? + @project=Project.by_key(params[:resource]) if params[:resource].present? @role = params[:role] end def edit_groups - @project=Project.by_key(params[:resource]) if !params[:resource].blank? + @project=Project.by_key(params[:resource]) if params[:resource].present? @role = params[:role] end - def grant_users + def edit_default_project_groups + bad_request('Missing role') if params[:role].blank? + bad_request('Missing qualifier') if params[:qualifier].blank? + end + + def edit_default_project_users + bad_request('Missing role') if params[:role].blank? + bad_request('Missing qualifier') if params[:qualifier].blank? + end + + # POST REQUESTS + + def set_users + bad_request('Missing role') if params[:role].blank? UserRole.grant_users(params[:users], params[:role], params[:resource]) redirect end - def grant_groups + def set_groups + bad_request('Missing role') if params[:role].blank? GroupRole.grant_groups(params[:groups], params[:role], params[:resource]) redirect end + def set_default_project_groups + bad_request('Missing role') if params[:role].blank? + bad_request('Missing qualifier') if params[:qualifier].blank? + Property.set("sonar.role.#{params[:role]}.#{params[:qualifier]}.defaultGroups", params[:groups].join(',')) + redirect + end + + def set_default_project_users + bad_request('Missing role') if params[:role].blank? + bad_request('Missing qualifier') if params[:qualifier].blank? + Property.set("sonar.role.#{params[:role]}.#{params[:qualifier]}.defaultUsers", params[:users].join(',')) + redirect + end + private def redirect redirect_to(:action => params['redirect'] || 'global', :q => params[:q], :qualifier => params[:qualifier], :page => params[:page]) diff --git a/sonar-server/src/main/webapp/WEB-INF/app/helpers/roles_helper.rb b/sonar-server/src/main/webapp/WEB-INF/app/helpers/roles_helper.rb index f714d49b910..b0750b80f09 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/helpers/roles_helper.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/helpers/roles_helper.rb @@ -18,43 +18,54 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 # module RolesHelper - + def users(role, resource_id=nil) resource_id=(resource_id.blank? ? nil : resource_id.to_i) user_roles=UserRole.find(:all, :include => 'user', :conditions => {:role => role, :resource_id => resource_id}) users = user_roles.map { |ur| ur.user } - Api::Utils.insensitive_sort(users) {|user| user.name} + Api::Utils.insensitive_sort(users) { |user| user.name } end def all_users users = User.find(:all, :conditions => ["active=?", true]) - Api::Utils.insensitive_sort(users) {|user| user.name} + Api::Utils.insensitive_sort(users) { |user| user.name } end def groups(role, resource_id=nil) resource_id=(resource_id.blank? ? nil : resource_id.to_i) group_roles=GroupRole.find(:all, :include => 'group', :conditions => {:role => role, :resource_id => resource_id}) - groups = group_roles.map{|ur| ur.group} - Api::Utils.insensitive_sort(groups) {|group| group ? group.name : ''} + groups = group_roles.map { |ur| ur.group } + Api::Utils.insensitive_sort(groups) { |group| group ? group.name : '' } end def all_groups - [nil].concat(Api::Utils.insensitive_sort(Group.all) {|group| group.name}) + [nil].concat(Api::Utils.insensitive_sort(Group.all) { |group| group.name }) end def group_name(group) group ? group.name : 'Anyone' end + def default_project_groups(role, qualifier) + property_value=(controller.java_facade.getConfigurationValue("sonar.role.#{role}.#{qualifier}.defaultGroups")||'') + Api::Utils.insensitive_sort(property_value.split(',')) + end + + def default_project_users(role, qualifier) + property_value=(controller.java_facade.getConfigurationValue("sonar.role.#{role}.#{qualifier}.defaultUsers") || '') + Api::Utils.insensitive_sort(property_value.split(',')) + end + def role_name(role) - case(role.to_s) - when 'admin' then 'Administrators' - when 'default-admin' then 'Administrators' - when 'user' then 'Users' - when 'default-user' then 'Users' - when 'codeviewer' then 'Code viewers' - when 'default-codeviewer' then 'Code viewers' - else role.to_s + case (role.to_s) + when 'admin' then + 'Administrators' + when 'user' then + 'Users' + when 'codeviewer' then + 'Code viewers' + else + role.to_s end end end diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_layout.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_layout.html.erb index 989ec8f92ca..345fb8176b9 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_layout.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_layout.html.erb @@ -99,7 +99,7 @@ <% end %> <% if (@project.project? || @project.view? || @project.subview?) %> <li class="<%= 'selected' if request.request_uri.include?('/project_roles') -%>"> - <a href="<%= ApplicationController.root_context -%>/project_roles/index?resource=<%= @project.id -%>"><%= message('project_roles.page') -%></a></li> + <a href="<%= ApplicationController.root_context -%>/project_roles/index?resource=<%= @project.id -%>"><%= message('roles.page') -%></a></li> <% end %> <% # NOTE: we keep "@project.view? || @project.subview?" in the test for backward compatibility with the Views plugin @@ -149,9 +149,9 @@ <li class="<%= 'selected' if request.request_uri.include?('/groups') -%>"> <a href="<%= ApplicationController.root_context -%>/groups/index"><%= message('user_groups.page') -%></a></li> <li class="<%= 'selected' if request.request_uri.include?('/roles/global') -%>"> - <a href="<%= ApplicationController.root_context -%>/roles/global"><%= message('global_roles.page') -%></a></li> + <a href="<%= ApplicationController.root_context -%>/roles/global"><%= message('system_administrators.page') -%></a></li> <li class="<%= 'selected' if request.request_uri.include?('/roles/projects') -%>"> - <a href="<%= ApplicationController.root_context -%>/roles/projects"><%= message('project_roles.page') -%></a></li> + <a href="<%= ApplicationController.root_context -%>/roles/projects"><%= message('roles.page') -%></a></li> <li class="h2"><%= message('sidebar.system') -%></li> <li class="<%= 'selected' if request.request_uri.include?('/settings') -%>"> diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_default_project_groups.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_default_project_groups.html.erb new file mode 100644 index 00000000000..8c688773fe7 --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_default_project_groups.html.erb @@ -0,0 +1,54 @@ +<% + granted_groups=default_project_groups(params[:role], params[:qualifier]) + all_groups = ['Anyone'].concat(Api::Utils.insensitive_sort(Group.all.map{|group| group.name})) + ungranted_groups=all_groups - granted_groups +%> +<div class="subtitle">» <a href="<%= url_for :action => params[:redirect], :q => params[:q], :qualifier => params[:qualifier] -%>">Back</a></div> +<h1>TO BE DEFINED</h1> +<br/> +<div> + <form action="<%= url_for :action => 'set_default_project_groups' -%>" method="POST"> + <input name="role" value="<%= params[:role] -%>" type="hidden"/> + <input name="redirect" value="projects" type="hidden"/> + <input name="q" value="<%= params[:q] -%>" type="hidden" /> + <input name="qualifier" value="<%= params[:qualifier] -%>" type="hidden" /> + <input name="page" value="<%= params[:page] -%>" type="hidden" /> + <table> + <tbody> + <tr> + <td style="padding: 5px 0;" valign="top"> + <h2>Ungranted groups</h2> + <select name="from" id="from" size="20" style="margin: 5px 0; width: 300px;" multiple="multiple"> + <% ungranted_groups.each do |group| %> + <option value="<%= h group -%>"><%= group -%></option> + <% end %> + </select> + </td> + <td style="padding: 0 10px;" align="center"> + <button id="select_right" onclick="SelectBox.move('from', 'to');SelectBox.sort('to');SelectBox.redisplay('to');return false;">select >></button><br> + <button id="select_right_all" onclick="SelectBox.move_all('from', 'to');return false;">select all >></button><br><br> + <button id="select_left" onclick="SelectBox.move('to', 'from');return false;"><< unselect</button><br> + <button id="select_left_all" onclick="SelectBox.move_all('to', 'from');return false;"><< unselect all</button> + </td> + <td class="box" style="padding: 5px 10px;" valign="top"> + <h2>Role: <%= role_name(params[:role]) -%></h2> + + <select name="groups[]" id="to" size="20" multiple="multiple" style="margin: 5px 0; width: 300px;"> + <% granted_groups.each do |group| %> + <option value="<%= h group -%>"><%= group -%></option> + <% end %> + </select><br> + + <div style="padding: 5px 0;"> + <input id="save" value="Save" onclick="SelectBox.select_all('to');submit();return false;" type="submit"> + </div> + </td> + </tr> + </tbody> + </table> + </form> + <script> + SelectBox.init('from'); + SelectBox.init('to'); + </script> +</div> diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_default_project_users.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_default_project_users.html.erb new file mode 100644 index 00000000000..e69de29bb2d --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_default_project_users.html.erb diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_groups.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_groups.html.erb index d62f6f7dd34..45d0213e677 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_groups.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_groups.html.erb @@ -3,17 +3,15 @@ ungranted_groups=all_groups - granted_groups if @project title=h(@project.name) - elsif @role.starts_with?('default-') - title="Default project #{role_name(@role)}" else - title="Global #{role_name(@role)}" + title='System administrators' end %> <div class="subtitle">» <a href="<%= url_for :action => params[:redirect], :q => params[:q], :qualifier => params[:qualifier] -%>">Back</a></div> <h1><%= title %></h1> <br/> <div> - <form action="<%= url_for :action => 'grant_groups' -%>" method="post"> + <form action="<%= url_for :action => 'set_groups' -%>" method="post"> <input name="resource" value="<%= params[:resource] -%>" type="hidden"/> <input name="role" value="<%= @role -%>" type="hidden"/> <input name="redirect" value="<%= params[:redirect] -%>" type="hidden"/> diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_users.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_users.html.erb index 295a56ec59e..7782d580f1c 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_users.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/edit_users.html.erb @@ -13,7 +13,7 @@ <h1><%= title %></h1> <br/> <div id="main_content"> - <form action="<%= url_for :action => 'grant_users' -%>" method="post"> + <form action="<%= url_for :action => 'set_users' -%>" method="post"> <input name="resource" value="<%= params[:resource] -%>" type="hidden"/> <input name="role" value="<%= @role -%>" type="hidden" /> <input name="redirect" value="<%= params[:redirect] -%>" type="hidden" /> diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/global.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/global.html.erb index 7a97d24d756..6f01618570e 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/global.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/global.html.erb @@ -1,4 +1,4 @@ -<h1 class="marginbottom10">Global Roles</h1> +<h1 class="marginbottom10"><%= message 'system_administrators.page' -%></h1> <table class="data width100" id="global-roles"> <thead> @@ -10,7 +10,7 @@ </thead> <tbody> <tr class="even" > - <td valign="top"><b>Administrators</b><br/><span class="small gray">Ability to perform all administration functions for the instance: global configuration, personalization of Time Machine and homepage.</span></td> + <td valign="top"><b>Administrators</b><br/><span class="small gray">Ability to perform all administration functions for the instance: global configuration and personalization of default dashboards.</span></td> <td valign="top" style="word-break:break-all;width:30%;"> <span><%= users('admin').map(&:login).join(', ') %></span> (<%= link_to "select", {:action => 'edit_users', :role => 'admin', :redirect => 'global'}, :class => 'link-action' %>) diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/projects.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/projects.html.erb index 71c871d11fc..cfe4f174958 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/roles/projects.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/roles/projects.html.erb @@ -1,67 +1,66 @@ -<h1 class="marginbottom10">Default Roles for New <%= @qualifiers.map { |q| message("qualifiers.#{q}") }.join(', ') -%></h1> +<h1 class="marginbottom10"><%= message('roles.page') -%></h1> + +<% if @qualifiers.size>1 %> +<ul class="tabs" id="qualifier-tabs"> + <% @qualifiers.each do |q| + css_class = (q==@qualifier ? 'selected' : '') + %> + <li> + <%= link_to message("qualifiers.#{q}"), {:action => 'projects', :qualifier => q}, {:class => css_class} -%> + </li> + <% end %> +</ul> +<% end %> <table class="data width100" id="default-project-roles"> <thead> <tr> - <th>Role</th> + <th>Default Permissions For New <%= message("qualifiers.#{@qualifier}") -%></th> <th width="35%">Users</th> <th width="35%">Groups</th> </tr> </thead> <tbody> <tr class="even"> - <td valign="top"><b>Administrators</b><br/><span class="small gray">Ability to perform administration functions for a project by accessing its settings.</span></td> + <td valign="top"><b>Role: Administrators</b><br/><span class="small gray">Ability to perform administration functions for a project by accessing its settings.</span></td> <td valign="top" style="word-break:break-all;width:35%;"> <div style="vertical-align:top"> - <span><%= users('default-admin').map(&:login).join(', ') %></span> - (<%= link_to "select", {:action => 'edit_users', :role => 'default-admin', :redirect => 'projects'}, :class => 'link-action' %>) + <span><%= default_project_users('admin', @qualifier).join(', ') -%></span> + (<%= link_to "select", {:action => 'edit_default_project_users', :role => 'admin', :redirect => 'projects', :qualifier => @qualifier}, :class => 'link-action' %>) </div> </td> <td valign="top" style="word-break:break-all;width:35%;"> - <span><%= groups('default-admin').map { |g| group_name(g) }.join(', ') %></span> - (<%= link_to "select", {:action => 'edit_groups', :role => 'default-admin', :redirect => 'projects'}, :class => 'link-action' %>) + <span><%= default_project_groups('admin', @qualifier).join(', ') -%></span> + (<%= link_to "select", {:action => 'edit_default_project_groups', :role => 'admin', :redirect => 'projects', :qualifier => @qualifier}, :class => 'link-action' %>) </td> </tr> <tr class="odd"> - <td valign="top"><b>Users</b><br/><span class="small gray">Ability to navigate through every service of a project, except viewing source code and settings.</span></td> + <td valign="top"><b>Role: Users</b><br/><span class="small gray">Ability to navigate through every service of a project, except viewing source code and settings.</span></td> <td valign="top" style="word-break:break-all;width:35%;"> - <span><%= users('default-user').map(&:login).join(', ') %></span> - (<%= link_to "select", {:action => 'edit_users', :role => 'default-user', :redirect => 'projects'}, :class => 'link-action' %>) + <span><%= default_project_users('user', @qualifier).join(', ') -%></span> + (<%= link_to "select", {:action => 'edit_default_project_users', :role => 'user', :redirect => 'projects', :qualifier => @qualifier}, :class => 'link-action' %>) </td> <td valign="top" style="word-break:break-all;width:35%;"> - <span><%= groups('default-user').map { |g| group_name(g) }.join(', ') %></span> - (<%= link_to "select", {:action => 'edit_groups', :role => 'default-user', :redirect => 'projects'}, :class => 'link-action' %>) + <span><%= default_project_groups('user', @qualifier).join(', ') -%></span> + (<%= link_to "select", {:action => 'edit_default_project_groups', :role => 'user', :redirect => 'projects', :qualifier => @qualifier}, :class => 'link-action' %>) </td> </tr> <tr class="even"> - <td valign="top"><b>Code viewers</b><br/><span class="small gray">Ability to view source code of a project.</span></td> + <td valign="top"><b>Role: Code viewers</b><br/><span class="small gray">Ability to view source code of a project.</span></td> <td valign="top" style="word-break:break-all;width:35%;"> - <span><%= users('default-codeviewer').map(&:login).join(', ') %></span> - (<%= link_to "select", {:action => 'edit_users', :role => 'default-codeviewer', :redirect => 'projects'}, :class => 'link-action' %>) + <span><%= default_project_users('codeviewer', @qualifier).join(', ') -%></span> + (<%= link_to "select", {:action => 'edit_default_project_users', :role => 'codeviewer', :redirect => 'projects', :qualifier => @qualifier}, :class => 'link-action' %>) </td> <td valign="top" style="word-break:break-all;width:35%;"> - <span><%= groups('default-codeviewer').map { |g| group_name(g) }.join(', ') %></span> - (<%= link_to "select", {:action => 'edit_groups', :role => 'default-codeviewer', :redirect => 'projects'}, :class => 'link-action' %>) + <span><%= default_project_groups('codeviewer', @qualifier).join(', ') -%></span> + (<%= link_to "select", {:action => 'edit_default_project_groups', :role => 'codeviewer', :redirect => 'projects', :qualifier => @qualifier}, :class => 'link-action' %>) </td> </tr> </tbody> </table> -<br/><br/> -<% if @qualifiers.size>1 %> -<ul class="tabs" id="qualifier-tabs"> - <% @qualifiers.each do |q| - css_class = (q==@qualifier ? 'selected' : '') - %> - <li> - <%= link_to message("qualifiers.#{q}"), {:action => 'projects', :qualifier => q}, {:class => css_class} -%> - </li> - <% end %> -</ul> -<% else %> - <h1 class="spacer-bottom"><%= message("qualifiers.#{@qualifiers[0]}") -%></h1> -<% end %> +<br/><br/> <div class="<%= @qualifiers.size>1 ? 'tabs-panel' : '' -%>"> diff --git a/sonar-server/src/main/webapp/WEB-INF/db/migrate/320_move_default_roles.rb b/sonar-server/src/main/webapp/WEB-INF/db/migrate/320_move_default_roles.rb index a69922188d7..df56495a5f4 100644 --- a/sonar-server/src/main/webapp/WEB-INF/db/migrate/320_move_default_roles.rb +++ b/sonar-server/src/main/webapp/WEB-INF/db/migrate/320_move_default_roles.rb @@ -39,13 +39,13 @@ class MoveDefaultRoles < ActiveRecord::Migration end def self.up - if GroupRole.count==0 - # fresh install - Property.delete_all(['prop_key like ?', 'sonar.role.%']) - Property.create(:prop_key => 'sonar.role.admin.project.defaultGroups', :text_value => 'sonar-administrators') - Property.create(:prop_key => 'sonar.role.user.project.defaultGroups', :text_value => 'sonar-users,Anyone') - Property.create(:prop_key => 'sonar.role.codeviewer.project.defaultGroups', :text_value => 'sonar-users,Anyone') - else + Group.reset_column_information + GroupRole.reset_column_information + User.reset_column_information + UserRole.reset_column_information + Property.reset_column_information + + if GroupRole.count(:conditions => ['role like ?', 'default-%'])>0 # upgrade from version < 3.2. move_groups move_users @@ -74,10 +74,10 @@ class MoveDefaultRoles < ActiveRecord::Migration end groups_per_role.each_pair do |role, groups| - Property.create(:prop_key => "sonar.role.#{role}.project.defaultGroups", :text_value => groups.join(',')) + Property.create(:prop_key => "sonar.role.#{role}.TRK.defaultGroups", :text_value => groups.join(',')) end - #GroupRole.delete_all ['role like ?', 'default-%'] + GroupRole.delete_all ['role like ?', 'default-%'] end def self.move_users @@ -94,9 +94,9 @@ class MoveDefaultRoles < ActiveRecord::Migration end users_per_role.each_pair do |role, users| - Property.create(:prop_key => "sonar.role.#{role}.project.defaultUsers", :text_value => users.join(',')) + Property.create(:prop_key => "sonar.role.#{role}.TRK.defaultUsers", :text_value => users.join(',')) end - #UserRole.delete_all ['role like ?', 'default-%'] + UserRole.delete_all ['role like ?', 'default-%'] end end |