diff options
3 files changed, 30 insertions, 18 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java index 37f7012531d..e1d56feedc1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java @@ -19,6 +19,7 @@ */ package org.sonar.server.permission.ws.template; +import java.util.Optional; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; @@ -31,11 +32,12 @@ import org.sonar.server.permission.ws.PermissionsWsAction; import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.permission.RemoveUserFromTemplateWsRequest; -import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser; +import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createUserLoginParameter; +import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION_KEY; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; @@ -74,14 +76,15 @@ public class RemoveUserFromTemplateAction implements PermissionsWsAction { } private void doHandle(RemoveUserFromTemplateWsRequest request) { - checkGlobalAdminUser(userSession); - String permission = request.getPermission(); String userLogin = request.getLogin(); try (DbSession dbSession = dbClient.openSession(false)) { validateProjectPermission(permission); - PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef(request.getTemplateId(), request.getTemplateName())); + PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef( + request.getTemplateId(), request.getOrganization(), request.getTemplateName())); + checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty()); + UserId user = wsSupport.findUser(dbSession, userLogin); dbClient.permissionTemplateDao().deleteUserPermission(dbSession, template.getId(), user.getId(), permission); @@ -94,6 +97,7 @@ public class RemoveUserFromTemplateAction implements PermissionsWsAction { .setPermission(request.mandatoryParam(PARAM_PERMISSION)) .setLogin(request.mandatoryParam(PARAM_USER_LOGIN)) .setTemplateId(request.param(PARAM_TEMPLATE_ID)) + .setOrganization(request.param(PARAM_ORGANIZATION_KEY)) .setTemplateName(request.param(PARAM_TEMPLATE_NAME)); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java index 3d144eae82a..84474200ad3 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java @@ -64,7 +64,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov @Test public void remove_user_from_template() throws Exception { - loginAsAdmin(); + loginAsAdminOnDefaultOrganization(); newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION); assertThat(getLoginsInTemplateAndPermission(template.getId(), DEFAULT_PERMISSION)).isEmpty(); @@ -72,7 +72,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov @Test public void remove_user_from_template_by_name_case_insensitive() throws Exception { - loginAsAdmin(); + loginAsAdminOnDefaultOrganization(); wsTester.newPostRequest(CONTROLLER, ACTION) .setParam(PARAM_USER_LOGIN, user.getLogin()) .setParam(PARAM_PERMISSION, DEFAULT_PERMISSION) @@ -84,7 +84,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov @Test public void remove_user_from_template_twice_without_failing() throws Exception { - loginAsAdmin(); + loginAsAdminOnDefaultOrganization(); newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION); newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION); @@ -95,7 +95,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov public void keep_user_permission_not_removed() throws Exception { addUserToTemplate(user, template, ISSUE_ADMIN); - loginAsAdmin(); + loginAsAdminOnDefaultOrganization(); newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION); assertThat(getLoginsInTemplateAndPermission(template.getId(), DEFAULT_PERMISSION)).isEmpty(); @@ -107,7 +107,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov UserDto newUser = db.users().insertUser("new-login"); addUserToTemplate(newUser, template, DEFAULT_PERMISSION); - loginAsAdmin(); + loginAsAdminOnDefaultOrganization(); newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION); assertThat(getLoginsInTemplateAndPermission(template.getId(), DEFAULT_PERMISSION)).containsExactly("new-login"); @@ -117,7 +117,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov public void fail_if_not_a_project_permission() throws Exception { expectedException.expect(IllegalArgumentException.class); - loginAsAdmin(); + loginAsAdminOnDefaultOrganization(); newRequest(user.getLogin(), template.getUuid(), GlobalPermissions.PROVISIONING); } @@ -141,7 +141,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov public void fail_if_user_missing() throws Exception { expectedException.expect(IllegalArgumentException.class); - loginAsAdmin(); + loginAsAdminOnDefaultOrganization(); newRequest(null, template.getUuid(), DEFAULT_PERMISSION); } @@ -149,7 +149,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov public void fail_if_permission_missing() throws Exception { expectedException.expect(IllegalArgumentException.class); - loginAsAdmin(); + loginAsAdminOnDefaultOrganization(); newRequest(user.getLogin(), template.getUuid(), null); } @@ -157,7 +157,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov public void fail_if_template_missing() throws Exception { expectedException.expect(BadRequestException.class); - loginAsAdmin(); + loginAsAdminOnDefaultOrganization(); newRequest(user.getLogin(), null, DEFAULT_PERMISSION); } @@ -166,7 +166,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov expectedException.expect(NotFoundException.class); expectedException.expectMessage("User with login 'unknown-login' is not found"); - loginAsAdmin(); + loginAsAdminOnDefaultOrganization(); newRequest("unknown-login", template.getUuid(), DEFAULT_PERMISSION); } @@ -175,7 +175,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov expectedException.expect(NotFoundException.class); expectedException.expectMessage("Permission template with id 'unknown-key' is not found"); - loginAsAdmin(); + loginAsAdminOnDefaultOrganization(); newRequest(user.getLogin(), "unknown-key", DEFAULT_PERMISSION); } @@ -205,7 +205,4 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov db.commit(); } - private void loginAsAdmin() { - userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); - } } diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/client/permission/RemoveUserFromTemplateWsRequest.java b/sonar-ws/src/main/java/org/sonarqube/ws/client/permission/RemoveUserFromTemplateWsRequest.java index 9726e4f55b9..e3867a2d0ca 100644 --- a/sonar-ws/src/main/java/org/sonarqube/ws/client/permission/RemoveUserFromTemplateWsRequest.java +++ b/sonar-ws/src/main/java/org/sonarqube/ws/client/permission/RemoveUserFromTemplateWsRequest.java @@ -28,6 +28,7 @@ public class RemoveUserFromTemplateWsRequest { private String login; private String permission; private String templateId; + private String organization; private String templateName; public String getLogin() { @@ -59,6 +60,16 @@ public class RemoveUserFromTemplateWsRequest { } @CheckForNull + public String getOrganization() { + return organization; + } + + public RemoveUserFromTemplateWsRequest setOrganization(@Nullable String s) { + this.organization = s; + return this; + } + + @CheckForNull public String getTemplateName() { return templateName; } |