From 3afbbf51939d4bdd898cbcb7ccc8e7a5c19e5883 Mon Sep 17 00:00:00 2001 From: Aurelien Poscia Date: Thu, 2 Jun 2022 14:45:42 +0200 Subject: SONAR-16246 Fix incorrect warning in portfolio view when user has relevant permissions --- .../org/sonar/server/user/ServerUserSession.java | 46 ++++++++++++---------- 1 file changed, 25 insertions(+), 21 deletions(-) (limited to 'server/sonar-webserver-auth') diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java index 1809f5a4938..914b2a985f6 100644 --- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java +++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java @@ -59,10 +59,11 @@ public class ServerUserSession extends AbstractUserSession { private final UserDto userDto; private final DbClient dbClient; private final Map projectUuidByComponentUuid = new HashMap<>(); + private final Map> permissionsByProjectUuid = new HashMap<>(); + private Collection groups; private Boolean isSystemAdministrator; private Set permissions; - private Map> permissionsByProjectUuid; public ServerUserSession(DbClient dbClient, @Nullable UserDto userDto) { this.dbClient = dbClient; @@ -164,41 +165,44 @@ public class ServerUserSession extends AbstractUserSession { @Override protected boolean hasProjectUuidPermission(String permission, String projectUuid) { - if (permissionsByProjectUuid == null) { - permissionsByProjectUuid = new HashMap<>(); - } return hasPermission(permission, projectUuid); } @Override protected boolean hasChildProjectsPermission(String permission, String applicationUuid) { - if (permissionsByProjectUuid == null) { - permissionsByProjectUuid = new HashMap<>(); - } - Set childProjectUuids = loadChildProjectUuids(applicationUuid); - - return childProjectUuids - .stream() - .map(uuid -> hasPermission(permission, uuid)) - .allMatch(Boolean::valueOf); + return childProjectUuids.stream() + .allMatch(uuid -> hasPermission(permission, uuid)); } @Override protected boolean hasPortfolioChildProjectsPermission(String permission, String portfolioUuid) { - if (permissionsByProjectUuid == null) { - permissionsByProjectUuid = new HashMap<>(); - } - Set portfolioHierarchyComponents = resolvePortfolioHierarchyComponents(portfolioUuid); + Set branchUuids = findBranchUuids(portfolioHierarchyComponents); + Set projectUuids = findProjectUuids(branchUuids); - Set portfolioHierarchyComponentUuids = portfolioHierarchyComponents.stream().map(ComponentDto::getCopyComponentUuid).collect(Collectors.toSet()); - - return portfolioHierarchyComponentUuids - .stream() + return projectUuids.stream() .allMatch(uuid -> hasPermission(permission, uuid)); } + private static Set findBranchUuids(Set portfolioHierarchyComponents) { + return portfolioHierarchyComponents.stream() + .map(ComponentDto::getCopyComponentUuid) + .collect(Collectors.toSet()); + } + + private Set findProjectUuids(Set branchesComponents) { + try (DbSession dbSession = dbClient.openSession(false)) { + return dbClient.componentDao().selectByUuids(dbSession, branchesComponents).stream() + .map(ServerUserSession::getProjectId) + .collect(toSet()); + } + } + + private static String getProjectId(ComponentDto branchComponent) { + return Optional.ofNullable(branchComponent.getMainBranchProjectUuid()).orElse(branchComponent.uuid()); + } + private boolean hasPermission(String permission, String projectUuid) { Set projectPermissions = permissionsByProjectUuid.computeIfAbsent(projectUuid, this::loadProjectPermissions); return projectPermissions.contains(permission); -- cgit v1.2.3