From b97f21885c0402db6fa922b3b8e8f160fdaef59c Mon Sep 17 00:00:00 2001
From: Sébastien Lesaint <sebastien.lesaint@sonarsource.com>
Date: Wed, 23 Aug 2017 09:06:08 +0200
Subject: SONAR-9739 add UserSession#checkIsRoot

---
 .../src/main/java/org/sonar/ce/user/CeUserSession.java   |  5 +++++
 .../java/org/sonar/server/user/AbstractUserSession.java  |  8 ++++++++
 .../org/sonar/server/user/ThreadLocalUserSession.java    |  5 +++++
 .../src/main/java/org/sonar/server/user/UserSession.java |  6 ++++++
 .../java/org/sonar/server/tester/UserSessionRule.java    |  5 +++++
 .../org/sonar/server/user/ServerUserSessionTest.java     | 16 ++++++++++++++++
 6 files changed, 45 insertions(+)

diff --git a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java
index 36d4c8c2928..fcdbfb6f260 100644
--- a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java
+++ b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java
@@ -67,6 +67,11 @@ public class CeUserSession implements UserSession {
     throw notImplemented();
   }
 
+  @Override
+  public UserSession checkIsRoot() {
+    throw notImplemented();
+  }
+
   @Override
   public UserSession checkLoggedIn() {
     throw notImplemented();
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java
index 5012cd3b96b..47c5ea88abe 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java
@@ -38,6 +38,14 @@ public abstract class AbstractUserSession implements UserSession {
   private static final ForbiddenException INSUFFICIENT_PRIVILEGES_EXCEPTION = new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);
   private static final String AUTHENTICATION_IS_REQUIRED_MESSAGE = "Authentication is required";
 
+  @Override
+  public UserSession checkIsRoot() {
+    if (!isRoot()) {
+      throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);
+    }
+    return this;
+  }
+
   @Override
   public final UserSession checkLoggedIn() {
     if (!isLoggedIn()) {
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
index d27f4b02381..3fafcaf44fc 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java
@@ -83,6 +83,11 @@ public class ThreadLocalUserSession implements UserSession {
     return get().isLoggedIn();
   }
 
+  @Override
+  public UserSession checkIsRoot() {
+    return get().checkIsRoot();
+  }
+
   @Override
   public boolean isRoot() {
     return get().isRoot();
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
index 23b16f560a2..6ed0c42c657 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
@@ -67,6 +67,12 @@ public interface UserSession {
    */
   boolean isRoot();
 
+  /**
+   * Ensures that {@link #isRoot()} returns {@code true} otherwise throws a
+   * {@link org.sonar.server.exceptions.ForbiddenException}.
+   */
+  UserSession checkIsRoot();
+
   /**
    * Ensures that user is logged in otherwise throws {@link org.sonar.server.exceptions.UnauthorizedException}.
    */
diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
index 12a892587db..508bed2249f 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java
@@ -272,6 +272,11 @@ public class UserSessionRule implements TestRule, UserSession {
     return currentUserSession.isRoot();
   }
 
+  @Override
+  public UserSession checkIsRoot() {
+    return currentUserSession.checkIsRoot();
+  }
+
   @Override
   public UserSession checkLoggedIn() {
     currentUserSession.checkLoggedIn();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
index b4fff65d1c7..d19500ea2e4 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
@@ -138,6 +138,22 @@ public class ServerUserSessionTest {
     assertThat(newUserSession(NON_ROOT_USER_DTO).isRoot()).isFalse();
   }
 
+  @Test
+  public void checkIsRoot_throws_IPFE_if_flag_root_is_false_on_UserDto() {
+    UserSession underTest = newUserSession(NON_ROOT_USER_DTO);
+
+    expectInsufficientPrivilegesForbiddenException();
+
+    underTest.checkIsRoot();
+  }
+
+  @Test
+  public void checkIsRoot_does_not_fail_if_flag_root_is_true_on_UserDto() {
+    UserSession underTest = newUserSession(ROOT_USER_DTO);
+
+    assertThat(underTest.checkIsRoot()).isSameAs(underTest);
+  }
+
   @Test
   public void hasComponentUuidPermission_returns_true_when_flag_root_is_true_on_UserDto_no_matter_if_user_has_project_permission_for_given_uuid() {
     UserSession underTest = newUserSession(ROOT_USER_DTO);
-- 
cgit v1.2.3