-
Notifications
You must be signed in to change notification settings - Fork 1.9k
/
UserSession.java
192 lines (167 loc) · 6.62 KB
/
UserSession.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
/*
* SonarQube
* Copyright (C) 2009-2018 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package org.sonar.server.user;
import java.util.Collection;
import java.util.List;
import javax.annotation.CheckForNull;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.GroupDto;
public interface UserSession {
/**
* Login of the authenticated user. Returns {@code null}
* if {@link #isLoggedIn()} is {@code false}.
*/
@CheckForNull
String getLogin();
/**
* Uuid of the authenticated user. Returns {@code null}
* if {@link #isLoggedIn()} is {@code false}.
*/
@CheckForNull
String getUuid();
/**
* Name of the authenticated user. Returns {@code null}
* if {@link #isLoggedIn()} is {@code false}.
*/
@CheckForNull
String getName();
/**
* Database ID of the authenticated user. Returns {@code null}
* if {@link #isLoggedIn()} is {@code false}.
*/
@CheckForNull
Integer getUserId();
/**
* The groups that the logged-in user is member of. An empty
* collection is returned if {@link #isLoggedIn()} is {@code false}.
*/
Collection<GroupDto> getGroups();
/**
* Whether the user is logged-in or anonymous.
*/
boolean isLoggedIn();
/**
* Whether the user has root privileges. If {@code true}, then user automatically
* benefits from all the permissions on all organizations and projects.
*/
boolean isRoot();
/**
* Ensures that {@link #isRoot()} returns {@code true} otherwise throws a
* {@link org.sonar.server.exceptions.ForbiddenException}.
*/
UserSession checkIsRoot();
/**
* Ensures that user is logged in otherwise throws {@link org.sonar.server.exceptions.UnauthorizedException}.
*/
UserSession checkLoggedIn();
/**
* Returns {@code true} if the permission is granted on the organization, otherwise {@code false}.
*
* If the organization does not exist, then returns {@code false}.
*
* Always returns {@code true} if {@link #isRoot()} is {@code true}, even if
* organization does not exist.
*/
boolean hasPermission(OrganizationPermission permission, OrganizationDto organization);
boolean hasPermission(OrganizationPermission permission, String organizationUuid);
/**
* Ensures that {@link #hasPermission(OrganizationPermission, OrganizationDto)} is {@code true},
* otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
*/
UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization);
UserSession checkPermission(OrganizationPermission permission, String organizationUuid);
/**
* Returns {@code true} if the permission is granted to user on the component,
* otherwise {@code false}.
*
* If the component does not exist, then returns {@code false}.
*
* Always returns {@code true} if {@link #isRoot()} is {@code true}, even if
* component does not exist.
*
* If the permission is not granted, then the organization permission is _not_ checked.
*
* @param component non-null component.
* @param permission project permission as defined by {@link org.sonar.core.permission.ProjectPermissions}
*/
boolean hasComponentPermission(String permission, ComponentDto component);
/**
* Using {@link #hasComponentPermission(String, ComponentDto)} is recommended
* because it does not have to load project if the referenced component
* is not a project.
*
* @deprecated use {@link #hasComponentPermission(String, ComponentDto)} instead
*/
@Deprecated
boolean hasComponentUuidPermission(String permission, String componentUuid);
/**
* Return the subset of specified components which the user has granted permission.
* An empty list is returned if input is empty or if no components are allowed to be
* accessed.
* If the input is ordered, then the returned components are in the same order.
* The duplicated components are returned duplicated too.
*/
List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components);
/**
* Ensures that {@link #hasComponentPermission(String, ComponentDto)} is {@code true},
* otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
*/
UserSession checkComponentPermission(String projectPermission, ComponentDto component);
/**
* Ensures that {@link #hasComponentUuidPermission(String, String)} is {@code true},
* otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
*
* @deprecated use {@link #checkComponentPermission(String, ComponentDto)} instead
*/
@Deprecated
UserSession checkComponentUuidPermission(String permission, String componentUuid);
/**
* Whether user can administrate system, for example for using cross-organizations services
* like update center, system info or management of users.
*
* Returns {@code true} if:
* <ul>
* <li>{@link #isRoot()} is {@code true}</li>
* <li>organization feature is disabled and user is administrator of the (single) default organization</li>
* </ul>
*/
boolean isSystemAdministrator();
/**
* Ensures that {@link #isSystemAdministrator()} is {@code true},
* otherwise throws {@link org.sonar.server.exceptions.ForbiddenException}.
*/
UserSession checkIsSystemAdministrator();
/**
* Returns {@code true} if the user is member of the organization, otherwise {@code false}.
*
* If the organization does not exist, then returns {@code false}.
*
* Always returns {@code true} if {@link #isRoot()} is {@code true}, even if
* organization does not exist.
*/
boolean hasMembership(OrganizationDto organization);
/**
* Ensures that {@link #hasMembership(OrganizationDto)} is {@code true},
* otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
*/
UserSession checkMembership(OrganizationDto organization);
}