From 456f46662f89717382a910f192df1f44cd8b8fd4 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Sun, 19 Feb 2017 15:35:37 +0100 Subject: [PATCH] Use the methods UserSession accepting OrganizationPermission param --- .../java/org/sonar/ce/user/CeUserSession.java | 4 +- .../sonar/server/batch/ProjectDataLoader.java | 3 +- .../org/sonar/server/ce/ws/TaskAction.java | 6 +-- .../computation/queue/ReportSubmitter.java | 14 +++--- .../server/organization/ws/DeleteAction.java | 4 +- .../organization/ws/EnableSupportAction.java | 4 +- .../ws/SearchMyOrganizationsAction.java | 5 +- .../server/organization/ws/UpdateAction.java | 4 +- .../PermissionPrivilegeChecker.java | 5 +- .../server/project/ws/BulkDeleteAction.java | 4 +- .../sonar/server/project/ws/CreateAction.java | 4 +- .../sonar/server/project/ws/DeleteAction.java | 4 +- .../sonar/server/project/ws/GhostsAction.java | 4 +- .../server/project/ws/ProvisionedAction.java | 4 +- .../sonar/server/project/ws/SearchAction.java | 4 +- .../server/qualitygate/QualityGates.java | 4 +- .../server/qualitygate/ws/AppAction.java | 4 +- .../server/qualitygate/ws/CreateAction.java | 4 +- .../qualitygate/ws/CreateConditionAction.java | 4 +- .../server/qualitygate/ws/SelectAction.java | 4 +- .../qualitygate/ws/UpdateConditionAction.java | 4 +- .../QProfileProjectOperations.java | 4 +- .../qualityprofile/QProfileService.java | 5 +- .../qualityprofile/ws/QProfileWsSupport.java | 5 +- .../org/sonar/server/rule/ws/AppAction.java | 5 +- .../sonar/server/rule/ws/RuleWsSupport.java | 5 +- .../server/setting/ws/SettingsWsSupport.java | 11 +++-- .../sonar/server/ui/ws/ComponentAction.java | 16 +++---- .../server/ui/ws/OrganizationAction.java | 11 ++--- .../server/user/AbstractUserSession.java | 17 +++---- .../org/sonar/server/user/DoPrivileged.java | 3 +- .../sonar/server/user/ServerUserSession.java | 3 +- .../server/user/ThreadLocalUserSession.java | 22 ++++----- .../org/sonar/server/user/UserSession.java | 1 - .../sonar/server/user/ws/CurrentAction.java | 9 ++-- .../server/user/ws/DeactivateAction.java | 7 +-- .../server/usergroups/ws/AddUserAction.java | 4 +- .../server/usergroups/ws/CreateAction.java | 4 +- .../server/usergroups/ws/DeleteAction.java | 6 +-- .../usergroups/ws/RemoveUserAction.java | 6 +-- .../server/usergroups/ws/SearchAction.java | 4 +- .../server/usergroups/ws/UpdateAction.java | 4 +- .../server/usergroups/ws/UsersAction.java | 4 +- .../server/batch/ProjectDataLoaderTest.java | 3 +- .../sonar/server/ce/ws/TaskActionTest.java | 5 +- .../queue/ReportSubmitterTest.java | 11 +++-- .../organization/ws/DeleteActionTest.java | 4 +- .../ws/EnableSupportActionTest.java | 5 +- .../organization/ws/UpdateActionTest.java | 6 +-- .../permission/ws/AddGroupActionTest.java | 3 +- .../permission/ws/BasePermissionWsTest.java | 6 +-- ...AddProjectCreatorToTemplateActionTest.java | 3 +- .../template/AddUserToTemplateActionTest.java | 4 +- .../ws/template/ApplyTemplateActionTest.java | 4 +- .../ws/template/CreateTemplateActionTest.java | 4 +- .../ws/template/DeleteTemplateActionTest.java | 4 +- .../RemoveGroupFromTemplateActionTest.java | 4 +- .../template/SearchTemplatesActionTest.java | 6 +-- .../ws/template/TemplateUsersActionTest.java | 4 +- .../ws/template/UpdateTemplateActionTest.java | 4 +- .../project/ws/BulkDeleteActionTest.java | 6 +-- .../server/project/ws/CreateActionTest.java | 12 ++--- .../server/project/ws/DeleteActionTest.java | 6 +-- .../server/project/ws/GhostsActionTest.java | 35 +++++++------- .../project/ws/ProvisionedActionTest.java | 47 ++++++++++--------- .../server/project/ws/SearchActionTest.java | 34 +++++++------- .../server/qualitygate/ws/AppActionTest.java | 4 +- .../qualitygate/ws/CreateActionTest.java | 7 ++- .../ws/CreateConditionActionTest.java | 7 ++- .../qualitygate/ws/DeselectActionTest.java | 4 +- .../qualitygate/ws/SelectActionTest.java | 4 +- .../ws/UpdateConditionActionTest.java | 7 ++- .../QProfileServiceMediumTest.java | 4 +- .../ws/AddProjectActionTest.java | 4 +- .../ws/ChangeParentActionMediumTest.java | 4 +- .../qualityprofile/ws/CopyActionTest.java | 4 +- .../qualityprofile/ws/CreateActionTest.java | 4 +- .../qualityprofile/ws/DeleteActionTest.java | 4 +- .../qualityprofile/ws/RenameActionTest.java | 4 +- .../qualityprofile/ws/RestoreActionTest.java | 4 +- .../ws/RestoreBuiltInActionTest.java | 4 +- .../ws/SetDefaultActionTest.java | 4 +- .../server/rule/RegisterRulesMediumTest.java | 4 +- .../sonar/server/rule/ws/AppActionTest.java | 4 +- .../server/rule/ws/DeleteActionTest.java | 4 +- .../server/rule/ws/ShowActionMediumTest.java | 4 +- .../rule/ws/UpdateActionMediumTest.java | 4 +- .../setting/ws/ListDefinitionsActionTest.java | 8 ++-- .../server/setting/ws/ValuesActionTest.java | 7 +-- .../tester/AbstractMockUserSession.java | 23 ++++----- .../sonar/server/tester/UserSessionRule.java | 40 ++++++++-------- .../server/ui/ws/ComponentActionTest.java | 12 ++--- .../server/ui/ws/OrganizationActionTest.java | 15 +++--- .../server/user/ServerUserSessionTest.java | 43 +++++++++-------- .../server/user/ws/CurrentActionTest.java | 10 ++-- .../usergroups/ws/AddUserActionTest.java | 4 +- .../usergroups/ws/CreateActionTest.java | 4 +- .../usergroups/ws/DeleteActionTest.java | 4 +- .../usergroups/ws/RemoveUserActionTest.java | 3 +- .../usergroups/ws/SearchActionTest.java | 6 +-- .../usergroups/ws/UpdateActionTest.java | 4 +- .../server/usergroups/ws/UsersActionTest.java | 4 +- 102 files changed, 380 insertions(+), 373 deletions(-) diff --git a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java index 9ef58ff8d960..9a045b346ddf 100644 --- a/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java +++ b/server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java @@ -87,12 +87,12 @@ public boolean hasOrganizationPermission(String organizationUuid, String permiss } @Override - public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { + public UserSession checkOrganizationPermission(String organizationUuid, String permission) { throw notImplemented(); } @Override - public UserSession checkOrganizationPermission(String organizationUuid, String permission) { + public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { throw notImplemented(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java index fab76d2bb552..5b2b8ce604ca 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java +++ b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java @@ -38,6 +38,7 @@ import org.sonar.scanner.protocol.input.ProjectRepositories; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static com.google.common.collect.Lists.newArrayList; @@ -68,7 +69,7 @@ public ProjectRepositories load(ProjectDataQuery query) { } boolean hasScanPerm = userSession.hasComponentPermission(SCAN_EXECUTION, module) || - userSession.hasOrganizationPermission(module.getOrganizationUuid(), SCAN_EXECUTION); + userSession.hasPermission(OrganizationPermission.SCAN, module.getOrganizationUuid()); boolean hasBrowsePerm = userSession.hasComponentPermission(USER, module); checkPermission(query.isIssuesMode(), hasScanPerm, hasBrowsePerm); diff --git a/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java b/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java index b59b991a7faf..aa52c814cf58 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java @@ -38,12 +38,12 @@ import org.sonar.db.ce.CeActivityDto; import org.sonar.db.ce.CeQueueDto; import org.sonar.db.component.ComponentDto; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonar.server.ws.WsUtils; import org.sonarqube.ws.WsCe; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -118,8 +118,8 @@ private Optional loadComponent(DbSession dbSession, @Nullable Stri private void checkPermission(Optional component) { if (component.isPresent()) { String orgUuid = component.get().getOrganizationUuid(); - if (!userSession.hasOrganizationPermission(orgUuid, SYSTEM_ADMIN) && - !userSession.hasOrganizationPermission(orgUuid, SCAN_EXECUTION) && + if (!userSession.hasPermission(OrganizationPermission.ADMINISTER, orgUuid) && + !userSession.hasPermission(OrganizationPermission.SCAN, orgUuid) && !userSession.hasComponentPermission(SCAN_EXECUTION, component.get())) { throw insufficientPrivilegesException(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java index d0a4679963b8..7febecaf5d46 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java @@ -37,12 +37,12 @@ import org.sonar.server.component.ComponentUpdater; import org.sonar.server.component.NewComponent; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.permission.PermissionTemplateService; import org.sonar.server.user.UserSession; import static com.google.common.base.Preconditions.checkArgument; import static java.lang.String.format; -import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.server.component.NewComponent.newComponentBuilder; import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; @@ -75,7 +75,7 @@ public CeTask submit(String organizationKey, String projectKey, @Nullable String OrganizationDto organizationDto = getOrganizationDtoOrFail(dbSession, organizationKey); Optional opt = dbClient.componentDao().selectByKey(dbSession, effectiveProjectKey); ensureOrganizationIsConsistent(opt, organizationDto); - ComponentDto project = opt.or(() -> createProject(dbSession, organizationDto.getUuid(), projectKey, projectBranch, projectName)); + ComponentDto project = opt.or(() -> createProject(dbSession, organizationDto, projectKey, projectBranch, projectName)); checkScanPermission(project); return submitReport(dbSession, reportInput, project); } @@ -88,7 +88,7 @@ private void checkScanPermission(ComponentDto project) { // That means that dropping the permission on the project does not have any effects // if user has still the permission on the organization if (!userSession.hasComponentPermission(SCAN_EXECUTION, project) && - !userSession.hasOrganizationPermission(project.getOrganizationUuid(), SCAN_EXECUTION)) { + !userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid())) { throw insufficientPrivilegesException(); } } @@ -106,18 +106,18 @@ private static void ensureOrganizationIsConsistent(Optional projec } } - private ComponentDto createProject(DbSession dbSession, String organizationUuid, String projectKey, @Nullable String projectBranch, @Nullable String projectName) { - userSession.checkOrganizationPermission(organizationUuid, PROVISIONING); + private ComponentDto createProject(DbSession dbSession, OrganizationDto organization, String projectKey, @Nullable String projectBranch, @Nullable String projectName) { + userSession.checkPermission(OrganizationPermission.PROVISION_PROJECTS, organization); Integer userId = userSession.getUserId(); boolean wouldCurrentUserHaveScanPermission = permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate( - dbSession, organizationUuid, userId, projectBranch, projectKey, Qualifiers.PROJECT); + dbSession, organization.getUuid(), userId, projectBranch, projectKey, Qualifiers.PROJECT); if (!wouldCurrentUserHaveScanPermission) { throw insufficientPrivilegesException(); } NewComponent newProject = newComponentBuilder() - .setOrganizationUuid(organizationUuid) + .setOrganizationUuid(organization.getUuid()) .setKey(projectKey) .setName(StringUtils.defaultIfBlank(projectName, projectKey)) .setBranch(projectBranch) diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/DeleteAction.java index 5fea4d459646..65a4f3a70988 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/DeleteAction.java @@ -34,8 +34,8 @@ import org.sonar.server.user.UserSession; import static com.google.common.base.Preconditions.checkArgument; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_KEY; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; public class DeleteAction implements OrganizationsAction { @@ -90,7 +90,7 @@ public void handle(Request request, Response response) throws Exception { if (organizationDto.isGuarded()) { userSession.checkIsSystemAdministrator(); } else { - userSession.checkOrganizationPermission(organizationDto.getUuid(), SYSTEM_ADMIN); + userSession.checkPermission(ADMINISTER, organizationDto); } deleteProjects(dbSession, organizationDto.getUuid()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/EnableSupportAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/EnableSupportAction.java index 60427f8cb937..ec596176b795 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/EnableSupportAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/EnableSupportAction.java @@ -26,10 +26,10 @@ import org.sonar.db.DbSession; import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.organization.OrganizationFlags; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static java.util.Objects.requireNonNull; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; public class EnableSupportAction implements OrganizationsAction { private static final String ACTION = "enable_support"; @@ -73,7 +73,7 @@ public void handle(Request request, Response response) throws Exception { } private void verifySystemAdministrator() { - userSession.checkLoggedIn().checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(OrganizationPermission.ADMINISTER, defaultOrganizationProvider.get().getUuid()); } private boolean isSupportDisabled(DbSession dbSession) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchMyOrganizationsAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchMyOrganizationsAction.java index 52bbc0440a72..128a4f9010b1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchMyOrganizationsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchMyOrganizationsAction.java @@ -25,10 +25,9 @@ import org.sonar.api.utils.text.JsonWriter; import org.sonar.db.DbClient; import org.sonar.db.DbSession; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; - public class SearchMyOrganizationsAction implements OrganizationsAction { private static final String ACTION = "search_my_organizations"; @@ -62,7 +61,7 @@ public void handle(Request request, Response response) throws Exception { JsonWriter jsonWriter = response.newJsonWriter()) { jsonWriter.beginObject(); jsonWriter.name("organizations").beginArray(); - dbClient.organizationDao().selectByPermission(dbSession, userSession.getUserId(), SYSTEM_ADMIN) + dbClient.organizationDao().selectByPermission(dbSession, userSession.getUserId(), OrganizationPermission.ADMINISTER.getKey()) .forEach(dto -> jsonWriter.value(dto.getKey())); jsonWriter.endArray(); jsonWriter.endObject(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/UpdateAction.java index ac51fe383fcb..4ec8e70b7e26 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/UpdateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/UpdateAction.java @@ -34,12 +34,12 @@ import org.sonarqube.ws.Organizations; import static java.lang.String.format; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_AVATAR_URL; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_DESCRIPTION; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_KEY; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_NAME; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_URL; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.ws.WsUtils.writeProtobuf; public class UpdateAction implements OrganizationsAction { @@ -93,7 +93,7 @@ public void handle(Request request, Response response) throws Exception { OrganizationDto dto = getDto(dbSession, key); - userSession.checkOrganizationPermission(dto.getUuid(), SYSTEM_ADMIN); + userSession.checkPermission(ADMINISTER, dto); dto.setName(updateRequest.getName().or(dto::getName)) .setDescription(updateRequest.getDescription().or(dto::getDescription)) diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java index bce14f0dd9be..6c152c60f07b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java @@ -23,7 +23,6 @@ import org.sonar.api.web.UserRole; import org.sonar.server.user.UserSession; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; public class PermissionPrivilegeChecker { @@ -34,7 +33,7 @@ private PermissionPrivilegeChecker() { public static void checkGlobalAdmin(UserSession userSession, String organizationUuid) { userSession .checkLoggedIn() - .checkOrganizationPermission(organizationUuid, SYSTEM_ADMIN); + .checkPermission(OrganizationPermission.ADMINISTER, organizationUuid); } /** @@ -45,7 +44,7 @@ public static void checkGlobalAdmin(UserSession userSession, String organization public static void checkProjectAdmin(UserSession userSession, String organizationUuid, Optional projectId) { userSession.checkLoggedIn(); - if (userSession.hasOrganizationPermission(organizationUuid, SYSTEM_ADMIN)) { + if (userSession.hasPermission(OrganizationPermission.ADMINISTER, organizationUuid)) { return; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java index e8d367668f42..65f33bac3116 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java @@ -25,7 +25,6 @@ import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -33,6 +32,7 @@ import org.sonar.server.component.ComponentCleanerService; import org.sonar.server.user.UserSession; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; public class BulkDeleteAction implements ProjectsWsAction { @@ -104,7 +104,7 @@ private Optional loadOrganizationByKey(DbSession dbSession, @Nu return Optional.empty(); } OrganizationDto org = support.getOrganization(dbSession, orgKey); - userSession.checkOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(ADMINISTER, org); return Optional.of(org); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/CreateAction.java index 183378521952..641c3e544b53 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/CreateAction.java @@ -35,8 +35,8 @@ import static java.util.Optional.ofNullable; import static org.sonar.api.resources.Qualifiers.PROJECT; -import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; import static org.sonar.server.component.NewComponent.newComponentBuilder; +import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS; import static org.sonar.server.project.ws.ProjectsWsSupport.PARAM_ORGANIZATION; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -109,7 +109,7 @@ private CreateWsResponse doHandle(CreateRequest request) { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = support.getOrganization(dbSession, ofNullable(request.getOrganization()) .orElseGet(defaultOrganizationProvider.get()::getKey)); - userSession.checkOrganizationPermission(organization.getUuid(), PROVISIONING); + userSession.checkPermission(PROVISION_PROJECTS, organization); ComponentDto componentDto = componentUpdater.create(dbSession, newComponentBuilder() .setOrganizationUuid(organization.getUuid()) diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java index 9af482443a20..4174ccb637d5 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java @@ -23,12 +23,12 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; import org.sonar.server.component.ComponentCleanerService; import org.sonar.server.component.ComponentFinder; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static org.sonar.server.component.ComponentFinder.ParamNames.PROJECT_ID_AND_PROJECT; @@ -92,7 +92,7 @@ public void handle(Request request, Response response) throws Exception { private void checkPermission(ComponentDto project) { if (!userSession.hasComponentPermission(UserRole.ADMIN, project)) { - userSession.checkOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER, project.getOrganizationUuid()); } } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java index 3378d587852f..372972e07783 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java @@ -29,7 +29,6 @@ import org.sonar.api.server.ws.WebService; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.utils.text.JsonWriter; -import org.sonar.api.web.UserRole; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -40,6 +39,7 @@ import static com.google.common.collect.Sets.newHashSet; import static org.sonar.server.es.SearchOptions.MAX_LIMIT; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; public class GhostsAction implements ProjectsWsAction { @@ -89,7 +89,7 @@ public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = getOrganization(dbSession, request); - userSession.checkOrganizationPermission(organization.getUuid(), UserRole.ADMIN); + userSession.checkPermission(ADMINISTER, organization); long nbOfProjects = dbClient.componentDao().countGhostProjects(dbSession, organization.getUuid(), query); List projects = dbClient.componentDao().selectGhostProjects(dbSession, organization.getUuid(), query, diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java index 0c3070917811..dd37366e6c8d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java @@ -30,7 +30,6 @@ import org.sonar.api.server.ws.WebService; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.utils.text.JsonWriter; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -41,6 +40,7 @@ import static com.google.common.collect.Sets.newHashSet; import static org.sonar.server.es.SearchOptions.MAX_LIMIT; +import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS; import static org.sonar.server.project.ws.ProjectsWsSupport.PARAM_ORGANIZATION; public class ProvisionedAction implements ProjectsWsAction { @@ -90,7 +90,7 @@ public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = support.getOrganization(dbSession, request.getParam(PARAM_ORGANIZATION).or(defaultOrganizationProvider.get()::getKey)); - userSession.checkOrganizationPermission(organization.getUuid(), GlobalPermissions.PROVISIONING); + userSession.checkPermission(PROVISION_PROJECTS, organization); RowBounds rowBounds = new RowBounds(options.getOffset(), options.getLimit()); List projects = dbClient.componentDao().selectProvisioned(dbSession, organization.getUuid(), query, QUALIFIERS_FILTER, rowBounds); diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchAction.java index 3ca4f103486b..72b4889dd480 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchAction.java @@ -31,6 +31,7 @@ import org.sonar.db.component.ComponentQuery; import org.sonar.db.organization.OrganizationDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsProjects.SearchWsResponse; import org.sonarqube.ws.client.project.SearchWsRequest; @@ -39,7 +40,6 @@ import static java.util.Optional.ofNullable; import static org.sonar.api.resources.Qualifiers.PROJECT; import static org.sonar.api.resources.Qualifiers.VIEW; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.WsProjects.SearchWsResponse.Component; import static org.sonarqube.ws.WsProjects.SearchWsResponse.newBuilder; @@ -98,7 +98,7 @@ private static SearchWsRequest toSearchWsRequest(Request request) { private SearchWsResponse doHandle(SearchWsRequest request) { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = support.getOrganization(dbSession, ofNullable(request.getOrganization()).orElseGet(defaultOrganizationProvider.get()::getKey)); - userSession.checkOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER, organization); ComponentQuery query = buildQuery(request); Paging paging = buildPaging(dbSession, request, organization, query); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java index f260216f69c2..ebec7083a15a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java @@ -41,10 +41,10 @@ import org.sonar.server.exceptions.Errors; import org.sonar.server.exceptions.Message; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonar.server.util.Validation; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; /** @@ -248,7 +248,7 @@ private void checkIsSystemAdministrator() { } private void checkProjectAdmin(ComponentDto project) { - if (!userSession.hasOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN) + if (!userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, project.getOrganizationUuid()) && !userSession.hasComponentPermission(UserRole.ADMIN, project)) { throw insufficientPrivilegesException(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java index 4a066f11b2f5..dbcc50aee0ac 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java @@ -28,12 +28,12 @@ import org.sonar.db.DbSession; import org.sonar.db.metric.MetricDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsQualityGates.AppWsResponse.Metric; import static org.sonar.api.measures.CoreMetrics.ALERT_STATUS_KEY; import static org.sonar.api.measures.Metric.ValueType.RATING; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.server.qualitygate.ValidRatingMetrics.isCoreRatingMetric; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.WsQualityGates.AppWsResponse; @@ -63,7 +63,7 @@ public void define(WebService.NewController controller) { @Override public void handle(Request request, Response response) { writeProtobuf(AppWsResponse.newBuilder() - .setEdit(userSession.hasOrganizationPermission(defaultOrganizationProvider.get().getUuid(), QUALITY_GATE_ADMIN)) + .setEdit(userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, defaultOrganizationProvider.get().getUuid())) .addAllMetrics(loadMetrics() .stream() .map(AppAction::toMetric) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateAction.java index 05d28321462d..5ebe970af8b0 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateAction.java @@ -22,11 +22,11 @@ import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualitygate.QualityGateDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.qualitygate.QualityGateUpdater; import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsQualityGates.CreateWsResponse; @@ -66,7 +66,7 @@ public void define(WebService.NewController controller) { @Override public void handle(Request request, Response response) { - userSession.checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_GATE_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, defaultOrganizationProvider.get().getUuid()); try (DbSession dbSession = dbClient.openSession(false)) { QualityGateDto newQualityGate = qualityGateUpdater.create(dbSession, request.mandatoryParam(PARAM_NAME)); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java index c5fdba691f4a..b1a00da23657 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/CreateConditionAction.java @@ -26,12 +26,12 @@ import org.sonar.db.DbSession; import org.sonar.db.qualitygate.QualityGateConditionDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.qualitygate.QualityGateConditionsUpdater; import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsQualityGates.CreateConditionWsResponse; import org.sonarqube.ws.client.qualitygate.CreateConditionRequest; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.core.util.Protobuf.setNullable; import static org.sonar.server.qualitygate.ws.QualityGatesWs.addConditionParams; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -77,7 +77,7 @@ public void define(WebService.NewController controller) { @Override public void handle(Request request, Response response) { - userSession.checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), QUALITY_GATE_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, defaultOrganizationProvider.get().getUuid()); try (DbSession dbSession = dbClient.openSession(false)) { writeProtobuf(doHandle(toWsRequest(request), dbSession), request, response); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java index f08093f5c51f..5f4f6c777dcf 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java @@ -25,7 +25,6 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.util.Uuids; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -33,6 +32,7 @@ import org.sonar.db.property.PropertyDto; import org.sonar.server.component.ComponentFinder; import org.sonar.server.component.ComponentFinder.ParamNames; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.qualitygate.SelectWsRequest; @@ -115,7 +115,7 @@ private ComponentDto getProject(DbSession dbSession, @Nullable String projectId, ComponentDto project = selectProjectById(dbSession, projectId) .or(() -> componentFinder.getByUuidOrKey(dbSession, projectId, projectKey, ParamNames.PROJECT_ID_AND_KEY)); - if (!userSession.hasOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.QUALITY_GATE_ADMIN) && + if (!userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, project.getOrganizationUuid()) && !userSession.hasComponentPermission(UserRole.ADMIN, project)) { throw insufficientPrivilegesException(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java index eefeb8f334cb..7768ef5eea53 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/UpdateConditionAction.java @@ -31,8 +31,8 @@ import org.sonarqube.ws.WsQualityGates.UpdateConditionWsResponse; import org.sonarqube.ws.client.qualitygate.UpdateConditionRequest; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.core.util.Protobuf.setNullable; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonar.server.qualitygate.ws.QualityGatesWs.addConditionParams; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.ACTION_UPDATE_CONDITION; @@ -77,7 +77,7 @@ public void define(WebService.NewController controller) { @Override public void handle(Request request, Response response) { - userSession.checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), QUALITY_GATE_ADMIN); + userSession.checkPermission(ADMINISTER_QUALITY_GATES, defaultOrganizationProvider.get().getUuid()); try (DbSession dbSession = dbClient.openSession(false)) { writeProtobuf(doHandle(toWsRequest(request), dbSession), request, response); diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java index 83597a76e628..c372563b0e2e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileProjectOperations.java @@ -21,12 +21,12 @@ import org.sonar.api.server.ServerSide; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; import org.sonar.db.qualityprofile.QualityProfileDto; import org.sonar.server.exceptions.ForbiddenException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonar.server.ws.WsUtils; @@ -78,7 +78,7 @@ private QualityProfileDto selectProfileByKey(DbSession session, String profileKe } private void checkAdminOnProject(ComponentDto project) { - if (!userSession.hasOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN) && + if (!userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_PROFILES, project.getOrganizationUuid()) && !userSession.hasComponentPermission(UserRole.ADMIN, project)) { throw new ForbiddenException("Insufficient privileges"); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java index 998ae3f9549c..bd46ecbfc28f 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/QProfileService.java @@ -23,7 +23,6 @@ import java.util.List; import javax.annotation.Nullable; import org.sonar.api.server.ServerSide; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualityprofile.ActiveRuleKey; @@ -32,6 +31,8 @@ import org.sonar.server.rule.index.RuleQuery; import org.sonar.server.user.UserSession; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; + @ServerSide public class QProfileService { @@ -96,6 +97,6 @@ public void backup(String profileKey, Writer writer) { private void verifyAdminPermission() { userSession .checkLoggedIn() - .checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .checkPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileWsSupport.java index 371ec76a1c20..e4d940f8e55e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileWsSupport.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileWsSupport.java @@ -20,10 +20,11 @@ package org.sonar.server.qualityprofile.ws; import org.sonar.api.server.ServerSide; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.user.UserSession; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; + @ServerSide public class QProfileWsSupport { @@ -38,6 +39,6 @@ public QProfileWsSupport(UserSession userSession, DefaultOrganizationProvider de public void checkQProfileAdminPermission() { userSession .checkLoggedIn() - .checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .checkPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java index 0f2bbb0a79bb..5f5be8c1759b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/AppAction.java @@ -32,10 +32,9 @@ import org.sonar.db.DbSession; import org.sonar.db.qualityprofile.QualityProfileDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; - public class AppAction implements RulesWsAction { private final Languages languages; @@ -78,7 +77,7 @@ public void handle(Request request, Response response) throws Exception { } private void addPermissions(JsonWriter json) { - boolean canWrite = userSession.hasOrganizationPermission(defaultOrganizationProvider.get().getUuid(), QUALITY_PROFILE_ADMIN); + boolean canWrite = userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); json.prop("canWrite", canWrite); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java index 4de9d4fb9159..7c84bc528bc2 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java +++ b/server/sonar-server/src/main/java/org/sonar/server/rule/ws/RuleWsSupport.java @@ -20,10 +20,11 @@ package org.sonar.server.rule.ws; import org.sonar.api.server.ServerSide; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.user.UserSession; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; + @ServerSide public class RuleWsSupport { private final UserSession userSession; @@ -37,6 +38,6 @@ public RuleWsSupport(UserSession userSession, DefaultOrganizationProvider defaul public void checkQProfileAdminPermission() { userSession .checkLoggedIn() - .checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .checkPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java index cbd71108547e..4ae159af80e2 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java +++ b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/SettingsWsSupport.java @@ -26,6 +26,7 @@ import org.sonar.api.server.ServerSide; import org.sonar.db.component.ComponentDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static org.sonar.api.PropertyType.LICENSE; @@ -57,11 +58,11 @@ Predicate isDefinitionVisible(Optional compone } boolean isVisible(String key, @Nullable PropertyDefinition definition, Optional component) { - return hasPermission(SCAN_EXECUTION, component) || (verifySecuredSetting(key, definition, component) && (verifyLicenseSetting(key, definition))); + return hasPermission(OrganizationPermission.SCAN, SCAN_EXECUTION, component) || (verifySecuredSetting(key, definition, component) && (verifyLicenseSetting(key, definition))); } private boolean verifySecuredSetting(String key, @Nullable PropertyDefinition definition, Optional component) { - return isLicense(key, definition) || (!key.endsWith(DOT_SECURED) || hasPermission(ADMIN, component)); + return isLicense(key, definition) || (!key.endsWith(DOT_SECURED) || hasPermission(OrganizationPermission.ADMINISTER, ADMIN, component)); } private boolean verifyLicenseSetting(String key, @Nullable PropertyDefinition definition) { @@ -72,12 +73,12 @@ private static boolean isLicense(String key, @Nullable PropertyDefinition defini return key.endsWith(LICENSE_SUFFIX) || key.endsWith(LICENSE_HASH_SUFFIX) || (definition != null && definition.type() == LICENSE); } - private boolean hasPermission(String projectOrOrgPermission, Optional component) { - if (userSession.hasOrganizationPermission(defaultOrganizationProvider.get().getUuid(), projectOrOrgPermission)) { + private boolean hasPermission(OrganizationPermission orgPermission, String projectPermission, Optional component) { + if (userSession.hasPermission(orgPermission, defaultOrganizationProvider.get().getUuid())) { return true; } return component - .map(c -> userSession.hasComponentPermission(projectOrOrgPermission, c)) + .map(c -> userSession.hasComponentPermission(projectPermission, c)) .orElse(false); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java index dd8839b82d56..f69cb16ec7c8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/ComponentAction.java @@ -50,6 +50,7 @@ import org.sonar.db.property.PropertyQuery; import org.sonar.db.qualitygate.QualityGateDto; import org.sonar.server.component.ComponentFinder; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.qualitygate.QualityGateFinder; import org.sonar.server.qualityprofile.QPMeasureData; import org.sonar.server.qualityprofile.QualityProfile; @@ -59,9 +60,8 @@ import static org.sonar.api.measures.CoreMetrics.QUALITY_PROFILES_KEY; import static org.sonar.api.web.UserRole.ADMIN; import static org.sonar.api.web.UserRole.USER; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; @@ -142,8 +142,8 @@ public void handle(Request request, Response response) throws Exception { writeProfiles(json, session, component); writeQualityGate(json, session, component); if (userSession.hasComponentPermission(ADMIN, component) || - userSession.hasOrganizationPermission(org.getUuid(), QUALITY_PROFILE_ADMIN) || - userSession.hasOrganizationPermission(org.getUuid(), QUALITY_GATE_ADMIN)) { + userSession.hasPermission(ADMINISTER_QUALITY_PROFILES, org) || + userSession.hasPermission(ADMINISTER_QUALITY_GATES, org)) { writeConfiguration(json, component); } writeBreadCrumbs(json, session, component); @@ -229,9 +229,9 @@ private void writeConfiguration(JsonWriter json, ComponentDto component) { private void writeConfigPageAccess(JsonWriter json, boolean isProjectAdmin, ComponentDto component) { boolean isProject = Qualifiers.PROJECT.equals(component.qualifier()); boolean showManualMeasures = isProjectAdmin && !Qualifiers.DIRECTORY.equals(component.qualifier()); - boolean isQualityProfileAdmin = userSession.hasOrganizationPermission(component.getOrganizationUuid(), QUALITY_PROFILE_ADMIN); - boolean isQualityGateAdmin = userSession.hasOrganizationPermission(component.getOrganizationUuid(), QUALITY_GATE_ADMIN); - boolean isOrganizationAdmin = userSession.hasOrganizationPermission(component.getOrganizationUuid(), SYSTEM_ADMIN); + boolean isQualityProfileAdmin = userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_PROFILES, component.getOrganizationUuid()); + boolean isQualityGateAdmin = userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, component.getOrganizationUuid()); + boolean isOrganizationAdmin = userSession.hasPermission(OrganizationPermission.ADMINISTER, component.getOrganizationUuid()); json.prop("showSettings", isProjectAdmin && componentTypeHasProperty(component, PROPERTY_CONFIGURABLE)); json.prop("showQualityProfiles", isProject && (isProjectAdmin || isQualityProfileAdmin)); diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java index 2b66b7b9eb31..83e3a1d113d1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java @@ -23,14 +23,13 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.text.JsonWriter; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.organization.OrganizationDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; public class OrganizationAction implements NavigationWsAction { @@ -80,13 +79,13 @@ public void handle(Request request, Response response) throws Exception { } private void writeOrganization(JsonWriter json, OrganizationDto organization) { - String organizationUuid = organization.getUuid(); json.name("organization") .beginObject() - .prop("canAdmin", userSession.hasOrganizationPermission(organizationUuid, SYSTEM_ADMIN)) - .prop("canProvisionProjects", userSession.hasOrganizationPermission(organizationUuid, GlobalPermissions.PROVISIONING)) - .prop("canDelete", organization.isGuarded() ? userSession.isSystemAdministrator() : userSession.hasOrganizationPermission(organizationUuid, SYSTEM_ADMIN)) + .prop("canAdmin", userSession.hasPermission(OrganizationPermission.ADMINISTER, organization)) + .prop("canProvisionProjects", userSession.hasPermission(OrganizationPermission.PROVISION_PROJECTS, organization)) + .prop("canDelete", organization.isGuarded() ? userSession.isSystemAdministrator() : userSession.hasPermission(OrganizationPermission.ADMINISTER, organization)) .prop("isDefault", organization.getKey().equals(defaultOrganizationProvider.get().getKey())) .endObject(); + } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java index afd2ee8b80ca..51ab7daccfb8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java @@ -39,11 +39,6 @@ public final UserSession checkLoggedIn() { return this; } - @Override - public final boolean hasOrganizationPermission(String organizationUuid, String permission) { - return hasPermission(OrganizationPermission.fromKey(permission), organizationUuid); - } - @Override public final boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { return hasPermission(permission, organization.getUuid()); @@ -67,12 +62,18 @@ public final UserSession checkPermission(OrganizationPermission permission, Stri return this; } + protected abstract boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid); + @Override - public final UserSession checkOrganizationPermission(String organizationUuid, String permission) { - return checkPermission(OrganizationPermission.fromKey(permission), organizationUuid); + public final boolean hasOrganizationPermission(String organizationUuid, String permission) { + return hasPermission(OrganizationPermission.fromKey(permission), organizationUuid); } - protected abstract boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid); + @Override + public final UserSession checkOrganizationPermission(String organizationUuid, String permission) { + checkPermission(OrganizationPermission.fromKey(permission), organizationUuid); + return this; + } @Override public final boolean hasComponentPermission(String permission, ComponentDto component) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java index ab3f94a76369..ca665e9ac39d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java @@ -22,12 +22,11 @@ import java.util.Collection; import java.util.Collections; import java.util.Optional; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.user.GroupDto; import org.sonar.server.permission.OrganizationPermission; /** - * Allow code to be executed with the highest privileges possible, as if executed by a {@link GlobalPermissions#SYSTEM_ADMIN} account. + * Allow code to be executed with the highest privileges possible, as if executed by a {@link OrganizationPermission#ADMINISTER} account. * @since 4.3 */ public final class DoPrivileged { diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java index 262e5c72996f..5baea280a71d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java @@ -29,7 +29,6 @@ import java.util.Set; import javax.annotation.CheckForNull; import javax.annotation.Nullable; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.util.stream.Collectors; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -177,7 +176,7 @@ private boolean loadIsSystemAdministrator() { try (DbSession dbSession = dbClient.openSession(false)) { if (!organizationFlags.isEnabled(dbSession)) { String uuidOfDefaultOrg = defaultOrganizationProvider.get().getUuid(); - return hasOrganizationPermission(uuidOfDefaultOrg, GlobalPermissions.SYSTEM_ADMIN); + return hasPermission(OrganizationPermission.ADMINISTER, uuidOfDefaultOrg); } // organization feature is enabled -> requires to be root return false; diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java index 6fce68f3f6f3..63ab326985ba 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ThreadLocalUserSession.java @@ -104,6 +104,17 @@ public UserSession checkPermission(OrganizationPermission permission, String org return this; } + @Override + public boolean hasOrganizationPermission(String organizationUuid, String permission) { + return get().hasOrganizationPermission(organizationUuid, permission); + } + + @Override + public UserSession checkOrganizationPermission(String organizationUuid, String permission) { + get().checkOrganizationPermission(organizationUuid, permission); + return this; + } + @Override public UserSession checkComponentPermission(String projectPermission, ComponentDto component) { get().checkComponentPermission(projectPermission, component); @@ -137,23 +148,12 @@ public boolean hasComponentUuidPermission(String permission, String componentUui return get().hasComponentUuidPermission(permission, componentUuid); } - @Override - public UserSession checkOrganizationPermission(String organizationUuid, String permission) { - get().checkOrganizationPermission(organizationUuid, permission); - return this; - } - @Override public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { get().checkPermission(permission, organization); return this; } - @Override - public boolean hasOrganizationPermission(String organizationUuid, String permission) { - return get().hasOrganizationPermission(organizationUuid, permission); - } - @Override public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { return get().hasPermission(permission, organization); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java index 163185312dc2..bf8c0053d798 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java @@ -113,7 +113,6 @@ public interface UserSession { * component does not exist. * * If the permission is not granted, then the organization permission is _not_ checked. - * There's _no_ automatic fallback on {@link #hasOrganizationPermission(String, String)}. * * @param component non-null component. * @param permission project permission as defined by {@link org.sonar.core.permission.ProjectPermissions} diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java index 8e17b2ebd5d5..70a1a425a4c4 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java @@ -19,17 +19,18 @@ */ package org.sonar.server.user.ws; +import java.util.Arrays; import java.util.Collection; import java.util.Optional; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService.NewController; import org.sonar.api.utils.text.JsonWriter; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static com.google.common.base.Strings.isNullOrEmpty; @@ -140,9 +141,9 @@ private void writeGlobalPermissions(JsonWriter json) { json.name("global").beginArray(); String defaultOrganizationUuid = defaultOrganizationProvider.get().getUuid(); - GlobalPermissions.ALL.stream() - .filter(permission -> userSession.hasOrganizationPermission(defaultOrganizationUuid, permission)) - .forEach(json::value); + Arrays.stream(OrganizationPermission.values()) + .filter(permission -> userSession.hasPermission(permission, defaultOrganizationUuid)) + .forEach(permission -> json.value(permission.getKey())); json.endArray(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java index 1dfbb350a72b..00e4d9639b52 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java @@ -35,12 +35,12 @@ import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import org.sonar.server.user.index.UserIndexer; import static java.lang.String.format; import static java.util.Collections.singletonList; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.ws.WsUtils.checkFound; import static org.sonar.server.ws.WsUtils.checkRequest; @@ -135,10 +135,11 @@ private void ensureNotLastAdministrator(DbSession dbSession, UserDto user) { private List selectOrganizationsWithNoMoreAdministrators(DbSession dbSession, UserDto user) { Set organizationUuids = dbClient.authorizationDao().selectOrganizationUuidsOfUserWithGlobalPermission( - dbSession, user.getId(), SYSTEM_ADMIN); + dbSession, user.getId(), OrganizationPermission.ADMINISTER.getKey()); List problematicOrganizations = new ArrayList<>(); for (String organizationUuid : organizationUuids) { - int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, organizationUuid, SYSTEM_ADMIN, user.getId()); + int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, + organizationUuid, OrganizationPermission.ADMINISTER.getKey(), user.getId()); if (remaining == 0) { problematicOrganizations.add(organizationUuid); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java index ab5f8a6203ef..bf354cda4e3e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java @@ -23,7 +23,6 @@ import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService.NewAction; import org.sonar.api.server.ws.WebService.NewController; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; @@ -31,6 +30,7 @@ import org.sonar.server.user.UserSession; import static java.lang.String.format; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_LOGIN; @@ -69,7 +69,7 @@ public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { GroupId groupId = support.findGroup(dbSession, request); - userSession.checkLoggedIn().checkOrganizationPermission(groupId.getOrganizationUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(ADMINISTER, groupId.getOrganizationUuid()); String login = request.mandatoryParam(PARAM_LOGIN); UserDto user = dbClient.userDao().selectActiveUserByLogin(dbSession, login); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java index e67b71596b25..63b21e2323f1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java @@ -24,7 +24,6 @@ import org.sonar.api.server.ws.WebService.NewAction; import org.sonar.api.server.ws.WebService.NewController; import org.sonar.api.user.UserGroupValidation; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.organization.OrganizationDto; @@ -33,6 +32,7 @@ import org.sonarqube.ws.WsUserGroups; import static org.sonar.api.user.UserGroupValidation.GROUP_NAME_MAX_LENGTH; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.DESCRIPTION_MAX_LENGTH; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_DESCRIPTION; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; @@ -84,7 +84,7 @@ public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = support.findOrganizationByKey(dbSession, request.param(PARAM_ORGANIZATION_KEY)); - userSession.checkOrganizationPermission(organization.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(ADMINISTER, organization); GroupDto group = new GroupDto() .setOrganizationUuid(organization.getUuid()) .setName(request.mandatoryParam(PARAM_GROUP_NAME)) diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java index 1a5ab10e85bb..8df8b811ab11 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java @@ -30,11 +30,11 @@ import org.sonar.db.DbSession; import org.sonar.db.user.GroupDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static com.google.common.base.Preconditions.checkArgument; import static java.lang.String.format; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.defineGroupWsParameters; @@ -74,7 +74,7 @@ public void define(NewController context) { public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { GroupId groupId = support.findGroup(dbSession, request); - userSession.checkOrganizationPermission(groupId.getOrganizationUuid(), SYSTEM_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER, groupId.getOrganizationUuid()); checkNotTryingToDeleteDefaultGroup(dbSession, groupId); checkNotTryingToDeleteLastAdminGroup(dbSession, groupId); @@ -105,7 +105,7 @@ private void checkNotTryingToDeleteDefaultGroup(DbSession dbSession, GroupId gro private void checkNotTryingToDeleteLastAdminGroup(DbSession dbSession, GroupId group) { int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroup(dbSession, - group.getOrganizationUuid(), SYSTEM_ADMIN, group.getId()); + group.getOrganizationUuid(), OrganizationPermission.ADMINISTER.getKey(), group.getId()); checkArgument(remaining > 0, "The last system admin group cannot be deleted"); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java index dc0e2b5da576..2a2f6286a44b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java @@ -27,10 +27,10 @@ import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static java.lang.String.format; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_LOGIN; @@ -71,7 +71,7 @@ public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { GroupId group = support.findGroup(dbSession, request); - userSession.checkOrganizationPermission(group.getOrganizationUuid(), SYSTEM_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER, group.getOrganizationUuid()); String login = request.mandatoryParam(PARAM_LOGIN); UserDto user = getUser(dbSession, login); @@ -90,7 +90,7 @@ public void handle(Request request, Response response) throws Exception { */ private void ensureLastAdminIsNotRemoved(DbSession dbSession, GroupId group, UserDto user) { int remainingAdmins = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroupMember(dbSession, - group.getOrganizationUuid(), SYSTEM_ADMIN, group.getId(), user.getId()); + group.getOrganizationUuid(), OrganizationPermission.ADMINISTER.getKey(), group.getId(), user.getId()); if (remainingAdmins == 0) { throw new BadRequestException("The last administrator user cannot be removed"); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java index 061951dff3c9..a027f606c7df 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java @@ -39,8 +39,8 @@ import org.sonar.server.user.UserSession; import static org.apache.commons.lang.StringUtils.defaultIfBlank; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.es.SearchOptions.MAX_LIMIT; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_ORGANIZATION_KEY; public class SearchAction implements UserGroupsWsAction { @@ -92,7 +92,7 @@ public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { OrganizationDto organization = groupWsSupport.findOrganizationByKey(dbSession, request.param(PARAM_ORGANIZATION_KEY)); - userSession.checkLoggedIn().checkOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN); + userSession.checkLoggedIn().checkPermission(ADMINISTER, organization); int limit = dbClient.groupDao().countByQuery(dbSession, organization.getUuid(), query); List groups = dbClient.groupDao().selectByQuery(dbSession, organization.getUuid(), query, options.getOffset(), pageSize); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java index 4b0ba22e96c6..90105ddf23bf 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java @@ -26,7 +26,6 @@ import org.sonar.api.server.ws.WebService.NewAction; import org.sonar.api.server.ws.WebService.NewController; import org.sonar.api.user.UserGroupValidation; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.organization.OrganizationDto; @@ -40,6 +39,7 @@ import static org.sonar.api.CoreProperties.CORE_DEFAULT_GROUP; import static org.sonar.api.user.UserGroupValidation.GROUP_NAME_MAX_LENGTH; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.DESCRIPTION_MAX_LENGTH; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_DESCRIPTION; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; @@ -100,7 +100,7 @@ public void handle(Request request, Response response) throws Exception { checkFound(group, "Could not find a user group with id '%s'.", groupId); Optional org = dbClient.organizationDao().selectByUuid(dbSession, group.getOrganizationUuid()); checkFoundWithOptional(org, "Could not find organization with id '%s'.", group.getOrganizationUuid()); - userSession.checkOrganizationPermission(org.get().getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.checkPermission(ADMINISTER, org.get()); boolean changed = false; String newName = request.param(PARAM_GROUP_NAME); diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java index 85bb5af7a7e9..2f10a7db4fc1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UsersAction.java @@ -33,10 +33,10 @@ import org.sonar.db.user.GroupMembershipQuery; import org.sonar.db.user.UserMembershipDto; import org.sonar.db.user.UserMembershipQuery; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.user.UserSession; import static org.sonar.api.utils.Paging.forPageIndex; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.usergroups.ws.GroupWsSupport.defineGroupWsParameters; public class UsersAction implements UserGroupsWsAction { @@ -79,7 +79,7 @@ public void handle(Request request, Response response) throws Exception { try (DbSession dbSession = dbClient.openSession(false)) { GroupId group = support.findGroup(dbSession, request); - userSession.checkOrganizationPermission(group.getOrganizationUuid(), SYSTEM_ADMIN); + userSession.checkPermission(OrganizationPermission.ADMINISTER, group.getOrganizationUuid()); UserMembershipQuery query = UserMembershipQuery.builder() .groupId(group.getId()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderTest.java b/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderTest.java index 634f9a8af8c2..93e15fc2ffcc 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderTest.java @@ -42,6 +42,7 @@ import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.fail; +import static org.sonar.server.permission.OrganizationPermission.SCAN; public class ProjectDataLoaderTest { @Rule @@ -171,7 +172,7 @@ public void issues_mode_is_forbidden_if_user_doesnt_have_browse_permission() { @Test public void scan_permission_on_organization_is_enough_even_without_scan_permission_on_project() { ComponentDto project = dbTester.components().insertProject(); - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.SCAN_EXECUTION); + userSession.logIn().addPermission(SCAN, project.getOrganizationUuid()); userSession.logIn().addProjectUuidPermissions(UserRole.USER, project.uuid()); ProjectRepositories repositories = underTest.load(ProjectDataQuery.create().setModuleKey(project.key()).setIssuesMode(true)); diff --git a/server/sonar-server/src/test/java/org/sonar/server/ce/ws/TaskActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/ce/ws/TaskActionTest.java index 44d02902e1e8..f54cbd1d2369 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/ce/ws/TaskActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/ce/ws/TaskActionTest.java @@ -43,6 +43,7 @@ import static java.util.Collections.singleton; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonarqube.ws.MediaTypes.PROTOBUF; public class TaskActionTest { @@ -249,7 +250,7 @@ public void get_project_queue_task_with_scan_permission_on_project() { @Test public void get_project_queue_task_with_scan_permission_on_organization_but_not_on_project() { - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.SCAN_EXECUTION); + userSession.logIn().addPermission(SCAN, project.getOrganizationUuid()); CeQueueDto task = createAndPersistQueueTask(project); call(task.getUuid()); @@ -293,7 +294,7 @@ public void get_project_archived_task_with_scan_permission_on_project() { @Test public void get_project_archived_task_with_scan_permission_on_organization_but_not_on_project() { - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.SCAN_EXECUTION); + userSession.logIn().addPermission(SCAN, project.getOrganizationUuid()); CeActivityDto task = createAndPersistArchivedTask(project); call(task.getUuid()); diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java index 4c3155aa7d2f..413908fa1fbe 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java @@ -55,9 +55,10 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyZeroInteractions; import static org.mockito.Mockito.when; -import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.db.component.ComponentTesting.newProjectDto; +import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS; +import static org.sonar.server.permission.OrganizationPermission.SCAN; public class ReportSubmitterTest { @@ -137,7 +138,7 @@ public void provision_project_if_does_not_exist() throws Exception { OrganizationDto organization = db.organizations().insert(); userSession .addProjectUuidPermissions(SCAN_EXECUTION, PROJECT_UUID) - .addOrganizationPermission(organization, PROVISIONING); + .addPermission(PROVISION_PROJECTS, organization); mockSuccessfulPrepareSubmitCall(); ComponentDto createdProject = newProjectDto(organization, PROJECT_UUID).setKey(PROJECT_KEY); @@ -168,7 +169,7 @@ public void describeTo(Description description) { public void no_favorite_when_no_project_creator_permission_on_permission_template() { userSession .addProjectUuidPermissions(SCAN_EXECUTION, PROJECT_UUID) - .addOrganizationPermission(db.getDefaultOrganization(), PROVISIONING); + .addPermission(PROVISION_PROJECTS, db.getDefaultOrganization()); mockSuccessfulPrepareSubmitCall(); ComponentDto createdProject = newProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setKey(PROJECT_KEY); @@ -187,7 +188,7 @@ public void no_favorite_when_no_project_creator_permission_on_permission_templat public void submit_a_report_on_new_project_with_scan_permission_on_organization() { userSession .addProjectUuidPermissions(SCAN_EXECUTION, PROJECT_UUID) - .addOrganizationPermission(db.getDefaultOrganization(), PROVISIONING); + .addPermission(PROVISION_PROJECTS, db.getDefaultOrganization()); mockSuccessfulPrepareSubmitCall(); ComponentDto project = newProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setKey(PROJECT_KEY); @@ -205,7 +206,7 @@ public void submit_a_report_on_new_project_with_scan_permission_on_organization( public void user_with_scan_permission_on_organization_is_allowed_to_submit_a_report_on_existing_project() { OrganizationDto org = db.organizations().insert(); ComponentDto project = db.components().insertProject(org); - userSession.addOrganizationPermission(org, SCAN_EXECUTION); + userSession.addPermission(SCAN, org); mockSuccessfulPrepareSubmitCall(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/DeleteActionTest.java index c33983050d4b..ff023924f06c 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/DeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/DeleteActionTest.java @@ -49,8 +49,8 @@ import static org.mockito.Matchers.any; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_KEY; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class DeleteActionTest { @@ -295,6 +295,6 @@ private void logInAsSystemAdministrator() { } private void logInAsAdministrator(OrganizationDto organization) { - userSession.logIn().addOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, organization); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/EnableSupportActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/EnableSupportActionTest.java index 6f03cc442e1b..72c1e5e88241 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/EnableSupportActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/EnableSupportActionTest.java @@ -29,7 +29,6 @@ import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.organization.DefaultOrganizationProvider; -import org.sonar.server.organization.OrganizationValidationImpl; import org.sonar.server.organization.OrganizationFlags; import org.sonar.server.organization.OrganizationFlagsImpl; import org.sonar.server.organization.TestDefaultOrganizationProvider; @@ -38,7 +37,7 @@ import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class EnableSupportActionTest { @@ -114,7 +113,7 @@ public void test_definition() { } private void logInAsSystemAdministrator(String login) { - userSession.logIn(login).addOrganizationPermission(db.getDefaultOrganization().getUuid(), SYSTEM_ADMIN); + userSession.logIn(login).addPermission(ADMINISTER, db.getDefaultOrganization()); } private void call() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/UpdateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/UpdateActionTest.java index 08dc07629bb5..ef8682c20faf 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/UpdateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/UpdateActionTest.java @@ -41,10 +41,10 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.organization.ws.OrganizationsWsTestSupport.STRING_257_CHARS_LONG; import static org.sonar.server.organization.ws.OrganizationsWsTestSupport.STRING_65_CHARS_LONG; import static org.sonar.server.organization.ws.OrganizationsWsTestSupport.setParam; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class UpdateActionTest { private static final String SOME_KEY = "key"; @@ -375,7 +375,7 @@ private void verifyResponseAndDb(Organizations.UpdateWsResponse response, assertThat(newDto.getUpdatedAt()).isEqualTo(updateAt); } - private void logInAsAdministrator(OrganizationDto organizationDto) { - userSession.logIn().addOrganizationPermission(organizationDto.getUuid(), SYSTEM_ADMIN); + private void logInAsAdministrator(OrganizationDto organization) { + userSession.logIn().addPermission(ADMINISTER, organization); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java index f93bdf80f9f8..3a6ac2f92305 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java @@ -36,6 +36,7 @@ import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.component.ComponentTesting.newView; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; @@ -268,7 +269,7 @@ public void fail_when_project_uuid_and_project_key_are_provided() throws Excepti public void adding_global_permission_fails_if_not_administrator_of_organization() throws Exception { GroupDto group = db.users().insertGroup(db.getDefaultOrganization(), "sonar-administrators"); // user is administrator of another organization - userSession.logIn().addOrganizationPermission("anotherOrg", SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, "anotherOrg"); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java index 7cfa45aad6bd..877c19ecbc4e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java @@ -41,8 +41,8 @@ import org.sonar.server.ws.WsActionTester; import static org.mockito.Mockito.mock; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public abstract class BasePermissionWsTest { @@ -87,9 +87,9 @@ protected TestRequest newRequest() { } protected void loginAsAdmin(OrganizationDto org, OrganizationDto... otherOrgs) { - userSession.logIn().addOrganizationPermission(org.getUuid(), SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); for (OrganizationDto otherOrg : otherOrgs) { - userSession.addOrganizationPermission(otherOrg.getUuid(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, otherOrg); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java index c2f50ead44a1..88319738ed3a 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java @@ -34,6 +34,7 @@ import static org.mockito.Mockito.spy; import static org.mockito.Mockito.when; import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; @@ -116,7 +117,7 @@ public void fail_if_permission_is_not_a_project_permission() throws Exception { @Test public void fail_if_not_admin_of_default_organization() throws Exception { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization().getUuid(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java index 426b836685ef..d0a4cb362268 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java @@ -36,7 +36,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.web.UserRole.CODEVIEWER; import static org.sonar.api.web.UserRole.ISSUE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_USER_LOGIN; @@ -100,7 +100,7 @@ public void fail_if_not_a_project_permission() throws Exception { @Test public void fail_if_not_admin_of_default_organization() throws Exception { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization().getUuid(), QUALITY_PROFILE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization()); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java index 1c5dd22c7582..2cfb1bdc701f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java @@ -41,7 +41,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; @@ -175,7 +175,7 @@ public void fail_when_project_uuid_and_key_not_provided() throws Exception { @Test public void fail_when_not_admin_of_organization() throws Exception { - userSession.logIn().addOrganizationPermission("otherOrg", SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, "otherOrg"); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/CreateTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/CreateTemplateActionTest.java index e0f373754e15..30e44bc34bab 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/CreateTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/CreateTemplateActionTest.java @@ -31,7 +31,7 @@ import org.sonar.server.ws.TestResponse; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.test.JsonAssert.assertJson; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_DESCRIPTION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_NAME; @@ -122,7 +122,7 @@ public void fail_if_name_already_exists_in_database_case_insensitive() throws Ex @Test public void fail_if_not_admin() throws Exception { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization().getUuid(), QUALITY_PROFILE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization()); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/DeleteTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/DeleteTemplateActionTest.java index 4b0d337779d2..ad45b22d3586 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/DeleteTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/DeleteTemplateActionTest.java @@ -53,7 +53,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.fail; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; @@ -383,7 +383,7 @@ public void fail_if_both_uuid_and_name_are_provided_with_views() throws Exceptio // } private UserSessionRule loginAsAdmin(OrganizationDto organization) { - return userSession.logIn().addOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN); + return userSession.logIn().addPermission(ADMINISTER, organization); } private void runOnAllUnderTests(ConsumerWithException consumer) throws Exception { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java index 63ce8f422bf8..5016f1ab1556 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java @@ -37,7 +37,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.security.DefaultGroups.ANYONE; import static org.sonar.api.web.UserRole.CODEVIEWER; -import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -120,7 +120,7 @@ public void fail_if_not_a_project_permission() throws Exception { @Test public void fail_if_insufficient_privileges() throws Exception { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization().getUuid(), SCAN_EXECUTION); + userSession.logIn().addPermission(SCAN, db.getDefaultOrganization()); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java index e68409f338a4..4fdd1fe9b6df 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java @@ -43,10 +43,10 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01; import static org.sonar.core.util.Uuids.UUID_EXAMPLE_02; import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.test.JsonAssert.assertJson; public class SearchTemplatesActionTest extends BasePermissionWsTest { @@ -73,7 +73,7 @@ public void setUp() { SearchTemplatesDataLoader dataLoaderWithViews = new SearchTemplatesDataLoader(dbClient, defaultTemplatesResolverWithViews); underTestWithoutViews = new WsActionTester(new SearchTemplatesAction(dbClient, userSession, i18n, newPermissionWsSupport(), dataLoaderWithViews)); i18n.setProjectPermissions(); - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization().getUuid(), SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, db.getDefaultOrganization()); } @Test @@ -178,7 +178,7 @@ public void search_in_organization() throws Exception { PermissionTemplateDto templateInOrg = insertProjectTemplate(org); insertProjectTemplate(db.getDefaultOrganization()); db.commit(); - userSession.addOrganizationPermission(org.getUuid(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, org); WsPermissions.SearchTemplatesWsResponse result = WsPermissions.SearchTemplatesWsResponse.parseFrom( newRequest(underTestWithoutViews) diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java index d48671953d76..b6f30621ed7b 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java @@ -40,9 +40,9 @@ import static org.sonar.api.web.UserRole.CODEVIEWER; import static org.sonar.api.web.UserRole.ISSUE_ADMIN; import static org.sonar.api.web.UserRole.USER; -import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateUserDto; import static org.sonar.db.user.UserTesting.newUserDto; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonar.test.JsonAssert.assertJson; import static org.sonarqube.ws.MediaTypes.PROTOBUF; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -275,7 +275,7 @@ public void fail_if_not_logged_in() throws Exception { @Test public void fail_if_insufficient_privileges() throws Exception { PermissionTemplateDto template = addTemplateToDefaultOrganization(); - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization().getUuid(), SCAN_EXECUTION); + userSession.logIn().addPermission(SCAN, db.getDefaultOrganization()); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/UpdateTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/UpdateTemplateActionTest.java index 32bd2bd68877..06c4767fb173 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/UpdateTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/UpdateTemplateActionTest.java @@ -35,8 +35,8 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.spy; import static org.mockito.Mockito.when; -import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonar.test.JsonAssert.assertJson; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_DESCRIPTION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ID; @@ -190,7 +190,7 @@ public void fail_if_not_logged_in() throws Exception { @Test public void fail_if_not_admin() throws Exception { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization().getUuid(), SCAN_EXECUTION); + userSession.logIn().addPermission(SCAN, db.getDefaultOrganization()); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/BulkDeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/BulkDeleteActionTest.java index bfd741255e39..9b7846be0e68 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/BulkDeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/BulkDeleteActionTest.java @@ -25,7 +25,6 @@ import org.junit.rules.ExpectedException; import org.mockito.ArgumentCaptor; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -43,6 +42,7 @@ import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyZeroInteractions; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class BulkDeleteActionTest { @@ -117,7 +117,7 @@ public void projects_that_dont_exist_are_ignored_and_dont_break_bulk_deletion() @Test public void throw_ForbiddenException_if_organization_administrator_does_not_set_organization_parameter() throws Exception { - userSession.logIn().addOrganizationPermission(org1.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org1); ComponentDto project = db.components().insertProject(org1); expectedException.expect(ForbiddenException.class); @@ -132,7 +132,7 @@ public void throw_ForbiddenException_if_organization_administrator_does_not_set_ @Test public void organization_administrator_deletes_projects_by_keys_in_his_organization() throws Exception { - userSession.logIn().addOrganizationPermission(org1.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org1); ComponentDto toDelete = db.components().insertProject(org1); ComponentDto cantBeDeleted = db.components().insertProject(org2); diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/CreateActionTest.java index b269d3cc1f8c..e00390897e3b 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/CreateActionTest.java @@ -52,8 +52,8 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; import static org.sonar.core.util.Protobuf.setNullable; +import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS; import static org.sonar.server.project.ws.ProjectsWsSupport.PARAM_ORGANIZATION; import static org.sonar.test.JsonAssert.assertJson; import static org.sonarqube.ws.client.WsRequest.Method.POST; @@ -85,7 +85,7 @@ public class CreateActionTest { @Test public void create_project() throws Exception { - userSession.addOrganizationPermission(db.getDefaultOrganization(), PROVISIONING); + userSession.addPermission(PROVISION_PROJECTS, db.getDefaultOrganization()); expectSuccessfulCallToComponentUpdater(); CreateWsResponse response = call(CreateRequest.builder() @@ -100,7 +100,7 @@ public void create_project() throws Exception { @Test public void create_project_with_branch() throws Exception { - userSession.addOrganizationPermission(db.getDefaultOrganization(), PROVISIONING); + userSession.addPermission(PROVISION_PROJECTS, db.getDefaultOrganization()); call(CreateRequest.builder() .setKey(DEFAULT_PROJECT_KEY) @@ -116,7 +116,7 @@ public void create_project_with_branch() throws Exception { @Test public void create_project_with_deprecated_parameter() throws Exception { OrganizationDto organization = db.organizations().insert(); - userSession.addOrganizationPermission(organization, PROVISIONING); + userSession.addPermission(PROVISION_PROJECTS, organization); ws.newRequest() .setMethod(POST.name()) @@ -134,7 +134,7 @@ public void create_project_with_deprecated_parameter() throws Exception { public void fail_when_project_already_exists() throws Exception { OrganizationDto organization = db.organizations().insert(); when(componentUpdater.create(any(DbSession.class), any(NewComponent.class), anyInt())).thenThrow(new BadRequestException("already exists")); - userSession.addOrganizationPermission(organization, PROVISIONING); + userSession.addPermission(PROVISION_PROJECTS, organization); expectedException.expect(BadRequestException.class); @@ -170,7 +170,7 @@ public void fail_when_missing_create_project_permission() throws Exception { @Test public void test_example() { - userSession.addOrganizationPermission(db.getDefaultOrganization(), PROVISIONING); + userSession.addPermission(PROVISION_PROJECTS, db.getDefaultOrganization()); expectSuccessfulCallToComponentUpdater(); String result = ws.newRequest() diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/DeleteActionTest.java index ec202da02bb7..483c5f434edb 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/DeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/DeleteActionTest.java @@ -42,7 +42,7 @@ import static org.mockito.Matchers.any; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonarqube.ws.client.project.ProjectsWsParameters.CONTROLLER; import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_PROJECT; import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_PROJECT_ID; @@ -80,7 +80,7 @@ public void setUp() { @Test public void organization_administrator_deletes_project_by_id() throws Exception { ComponentDto project = componentDbTester.insertProject(); - userSessionRule.logIn().addOrganizationPermission(project.getOrganizationUuid(), SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, project.getOrganizationUuid()); WsTester.TestRequest request = newRequest().setParam(PARAM_PROJECT_ID, project.uuid()); call(request); @@ -91,7 +91,7 @@ public void organization_administrator_deletes_project_by_id() throws Exception @Test public void organization_administrator_deletes_project_by_key() throws Exception { ComponentDto project = componentDbTester.insertProject(); - userSessionRule.logIn().addOrganizationPermission(project.getOrganizationUuid(), SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, project.getOrganizationUuid()); call(newRequest().setParam(PARAM_PROJECT, project.key())); diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/GhostsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/GhostsActionTest.java index 98b27f263e77..0b1d3896a97a 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/GhostsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/GhostsActionTest.java @@ -29,7 +29,6 @@ import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.utils.DateUtils; import org.sonar.api.utils.System2; -import org.sonar.api.web.UserRole; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; @@ -46,9 +45,9 @@ import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.SnapshotDto.STATUS_PROCESSED; import static org.sonar.db.component.SnapshotDto.STATUS_UNPROCESSED; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.test.JsonAssert.assertJson; public class GhostsActionTest { @@ -86,7 +85,7 @@ public void ghost_projects_without_analyzed_projects() throws Exception { ComponentDto ghost1 = insertGhostProject(organization); ComponentDto ghost2 = insertGhostProject(organization); ComponentDto activeProject = insertActiveProject(organization); - userSessionRule.logIn().addOrganizationPermission(organization, SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, organization); TestResponse result = underTest.newRequest() .setParam("organization", organization.getKey()) @@ -117,7 +116,7 @@ public void ghost_projects_with_correct_pagination() throws Exception { int count = i; insertGhostProject(organization, dto -> dto.setKey("ghost-key-" + count)); } - userSessionRule.logIn().addOrganizationPermission(organization, SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, organization); TestResponse result = underTest.newRequest() .setParam("organization", organization.getKey()) @@ -138,7 +137,7 @@ public void ghost_projects_with_correct_pagination() throws Exception { public void ghost_projects_with_chosen_fields() throws Exception { OrganizationDto organization = db.organizations().insert(); insertGhostProject(organization); - userSessionRule.logIn().addOrganizationPermission(organization, SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, organization); TestResponse result = underTest.newRequest() .setParam("organization", organization.getKey()) @@ -158,7 +157,7 @@ public void ghost_projects_with_partial_query_on_name() throws Exception { insertGhostProject(organization, dto -> dto.setName("ghost-name-11")); insertGhostProject(organization, dto -> dto.setName("ghost-name-20")); - userSessionRule.logIn().addOrganizationPermission(organization, SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, organization); TestResponse result = underTest.newRequest() .setParam("organization", organization.getKey()) @@ -175,7 +174,7 @@ public void ghost_projects_with_partial_query_on_key() throws Exception { OrganizationDto organization = db.organizations().insert(); insertGhostProject(organization, dto -> dto.setKey("ghost-key-1")); - userSessionRule.logIn().addOrganizationPermission(organization, SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, organization); TestResponse result = underTest.newRequest() .setParam("organization", organization.getKey()) @@ -188,15 +187,15 @@ public void ghost_projects_with_partial_query_on_key() throws Exception { @Test public void ghost_projects_base_on_json_example() throws Exception { - OrganizationDto organizationDto = db.organizations().insert(); - ComponentDto hBaseProject = ComponentTesting.newProjectDto(organizationDto, "ce4c03d6-430f-40a9-b777-ad877c00aa4d") + OrganizationDto organization = db.organizations().insert(); + ComponentDto hBaseProject = ComponentTesting.newProjectDto(organization, "ce4c03d6-430f-40a9-b777-ad877c00aa4d") .setKey("org.apache.hbas:hbase") .setName("HBase") .setCreatedAt(DateUtils.parseDateTime("2015-03-04T23:03:44+0100")); dbClient.componentDao().insert(db.getSession(), hBaseProject); dbClient.snapshotDao().insert(db.getSession(), SnapshotTesting.newAnalysis(hBaseProject) .setStatus(STATUS_UNPROCESSED)); - ComponentDto roslynProject = ComponentTesting.newProjectDto(organizationDto, "c526ef20-131b-4486-9357-063fa64b5079") + ComponentDto roslynProject = ComponentTesting.newProjectDto(organization, "c526ef20-131b-4486-9357-063fa64b5079") .setKey("com.microsoft.roslyn:roslyn") .setName("Roslyn") .setCreatedAt(DateUtils.parseDateTime("2013-03-04T23:03:44+0100")); @@ -204,22 +203,22 @@ public void ghost_projects_base_on_json_example() throws Exception { dbClient.snapshotDao().insert(db.getSession(), SnapshotTesting.newAnalysis(roslynProject) .setStatus(STATUS_UNPROCESSED)); db.getSession().commit(); - userSessionRule.logIn().addOrganizationPermission(organizationDto, SYSTEM_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER, organization); TestResponse result = underTest.newRequest() - .setParam("organization", organizationDto.getKey()) + .setParam("organization", organization.getKey()) .execute(); assertJson(result.getInput()) .isSimilarTo(Resources.getResource(getClass(), "projects-example-ghosts.json")); } - @Test(expected = ForbiddenException.class) - public void fail_if_does_not_have_sufficient_rights() throws Exception { - userSessionRule.logIn() - .addOrganizationPermission(db.getDefaultOrganization(), UserRole.USER) - .addOrganizationPermission(db.getDefaultOrganization(), UserRole.ISSUE_ADMIN) - .addOrganizationPermission(db.getDefaultOrganization(), UserRole.CODEVIEWER); + @Test + public void throws_ForbiddenException_if_not_administrator_of_organization() throws Exception { + userSessionRule.logIn(); + + expectedException.expect(ForbiddenException.class); + expectedException.expectMessage("Insufficient privileges"); underTest.newRequest().execute(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/ProvisionedActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/ProvisionedActionTest.java index dc85c23db3cf..62bdff5caa12 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/ProvisionedActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/ProvisionedActionTest.java @@ -28,7 +28,6 @@ import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.utils.DateUtils; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; @@ -44,6 +43,8 @@ import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonar.test.JsonAssert.assertJson; public class ProvisionedActionTest { @@ -80,14 +81,14 @@ public void verify_definition() { @Test public void all_provisioned_projects_without_analyzed_projects() throws Exception { - OrganizationDto organizationDto = db.organizations().insert(); - ComponentDto analyzedProject = ComponentTesting.newProjectDto(organizationDto, "analyzed-uuid-1"); - db.components().insertComponents(newProvisionedProject(organizationDto, "1"), newProvisionedProject(organizationDto, "2"), analyzedProject); + OrganizationDto org = db.organizations().insert(); + ComponentDto analyzedProject = ComponentTesting.newProjectDto(org, "analyzed-uuid-1"); + db.components().insertComponents(newProvisionedProject(org, "1"), newProvisionedProject(org, "2"), analyzedProject); db.components().insertSnapshot(SnapshotTesting.newAnalysis(analyzedProject)); - userSessionRule.logIn().addOrganizationPermission(organizationDto, GlobalPermissions.PROVISIONING); + userSessionRule.logIn().addPermission(PROVISION_PROJECTS, org); TestResponse result = underTest.newRequest() - .setParam(PARAM_ORGANIZATION, organizationDto.getKey()) + .setParam(PARAM_ORGANIZATION, org.getKey()) .execute(); String json = result.getInput(); @@ -111,14 +112,14 @@ public void all_provisioned_projects_without_analyzed_projects() throws Exceptio @Test public void provisioned_projects_with_correct_pagination() throws Exception { - OrganizationDto organizationDto = db.organizations().insert(); + OrganizationDto org = db.organizations().insert(); for (int i = 1; i <= 10; i++) { - db.components().insertComponent(newProvisionedProject(organizationDto, String.valueOf(i))); + db.components().insertComponent(newProvisionedProject(org, String.valueOf(i))); } - userSessionRule.logIn().addOrganizationPermission(organizationDto, GlobalPermissions.PROVISIONING); + userSessionRule.logIn().addPermission(PROVISION_PROJECTS, org); TestRequest request = underTest.newRequest() - .setParam(PARAM_ORGANIZATION, organizationDto.getKey()) + .setParam(PARAM_ORGANIZATION, org.getKey()) .setParam(Param.PAGE, "3") .setParam(Param.PAGE_SIZE, "4"); @@ -131,7 +132,7 @@ public void provisioned_projects_with_correct_pagination() throws Exception { public void provisioned_projects_with_desired_fields() throws Exception { OrganizationDto organization = db.organizations().insert(); db.components().insertComponent(newProvisionedProject(organization, "1")); - userSessionRule.logIn().addOrganizationPermission(organization, GlobalPermissions.PROVISIONING); + userSessionRule.logIn().addPermission(PROVISION_PROJECTS, organization); String jsonOutput = underTest.newRequest() .setParam(PARAM_ORGANIZATION, organization.getKey()) @@ -145,12 +146,12 @@ public void provisioned_projects_with_desired_fields() throws Exception { @Test public void provisioned_projects_with_query() throws Exception { - OrganizationDto organization = db.organizations().insert(); - db.components().insertComponents(newProvisionedProject(organization, "1"), newProvisionedProject(organization, "2")); - userSessionRule.logIn().addOrganizationPermission(organization, GlobalPermissions.PROVISIONING); + OrganizationDto org = db.organizations().insert(); + db.components().insertComponents(newProvisionedProject(org, "1"), newProvisionedProject(org, "2")); + userSessionRule.logIn().addPermission(PROVISION_PROJECTS, org); String jsonOutput = underTest.newRequest() - .setParam(PARAM_ORGANIZATION, organization.getKey()) + .setParam(PARAM_ORGANIZATION, org.getKey()) .setParam(Param.TEXT_QUERY, "PROVISIONED-name-2") .execute().getInput(); @@ -161,20 +162,20 @@ public void provisioned_projects_with_query() throws Exception { @Test public void provisioned_projects_as_defined_in_the_example() throws Exception { - OrganizationDto organizationDto = db.organizations().insert(); - ComponentDto hBaseProject = ComponentTesting.newProjectDto(organizationDto, "ce4c03d6-430f-40a9-b777-ad877c00aa4d") + OrganizationDto org = db.organizations().insert(); + ComponentDto hBaseProject = ComponentTesting.newProjectDto(org, "ce4c03d6-430f-40a9-b777-ad877c00aa4d") .setKey("org.apache.hbas:hbase") .setName("HBase") .setCreatedAt(DateUtils.parseDateTime("2015-03-04T23:03:44+0100")); - ComponentDto roslynProject = ComponentTesting.newProjectDto(organizationDto, "c526ef20-131b-4486-9357-063fa64b5079") + ComponentDto roslynProject = ComponentTesting.newProjectDto(org, "c526ef20-131b-4486-9357-063fa64b5079") .setKey("com.microsoft.roslyn:roslyn") .setName("Roslyn") .setCreatedAt(DateUtils.parseDateTime("2013-03-04T23:03:44+0100")); db.components().insertComponents(hBaseProject, roslynProject); - userSessionRule.logIn().addOrganizationPermission(organizationDto.getUuid(), GlobalPermissions.PROVISIONING); + userSessionRule.logIn().addPermission(PROVISION_PROJECTS, org); TestResponse result = underTest.newRequest() - .setParam(PARAM_ORGANIZATION, organizationDto.getKey()) + .setParam(PARAM_ORGANIZATION, org.getKey()) .execute(); assertJson(result.getInput()) @@ -183,9 +184,9 @@ public void provisioned_projects_as_defined_in_the_example() throws Exception { @Test public void fail_when_not_enough_privileges() throws Exception { - OrganizationDto organizationDto = db.organizations().insert(); - db.components().insertComponent(newProvisionedProject(organizationDto, "1")); - userSessionRule.logIn().addOrganizationPermission(organizationDto.getUuid(), GlobalPermissions.SCAN_EXECUTION); + OrganizationDto organization = db.organizations().insert(); + db.components().insertComponent(newProvisionedProject(organization, "1")); + userSessionRule.logIn().addPermission(SCAN, organization); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java index 1aa03aa609fa..8fe65742135c 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java @@ -52,14 +52,14 @@ import static org.sonar.api.server.ws.WebService.Param.PAGE; import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE; import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.core.util.Protobuf.setNullable; import static org.sonar.db.component.ComponentTesting.newDirectory; import static org.sonar.db.component.ComponentTesting.newFileDto; import static org.sonar.db.component.ComponentTesting.newModuleDto; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.component.ComponentTesting.newView; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.test.JsonAssert.assertJson; import static org.sonarqube.ws.MediaTypes.PROTOBUF; import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_ORGANIZATION; @@ -85,7 +85,7 @@ public class SearchActionTest { @Test public void search_by_key_query() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); db.components().insertComponents( newProjectDto(db.getDefaultOrganization()).setKey("project-_%-key"), newProjectDto(db.getDefaultOrganization()).setKey("project-key-without-escaped-characters")); @@ -97,7 +97,7 @@ public void search_by_key_query() throws IOException { @Test public void search_projects_when_no_qualifier_set() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); db.components().insertComponents( newProjectDto(db.getDefaultOrganization()).setKey(PROJECT_KEY_1), newView(db.getDefaultOrganization())); @@ -109,7 +109,7 @@ public void search_projects_when_no_qualifier_set() throws IOException { @Test public void search_projects() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); ComponentDto project = newProjectDto(db.getDefaultOrganization()).setKey(PROJECT_KEY_1); ComponentDto module = newModuleDto(project); ComponentDto directory = newDirectory(module, "dir"); @@ -126,7 +126,7 @@ public void search_projects() throws IOException { @Test public void search_views() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); db.components().insertComponents( newProjectDto(db.getDefaultOrganization()).setKey(PROJECT_KEY_1), newView(db.getDefaultOrganization()).setKey("view1")); @@ -138,7 +138,7 @@ public void search_views() throws IOException { @Test public void search_projects_and_views() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); db.components().insertComponents( newProjectDto(db.getDefaultOrganization()).setKey(PROJECT_KEY_1), newView(db.getDefaultOrganization()).setKey("view1")); @@ -150,7 +150,7 @@ public void search_projects_and_views() throws IOException { @Test public void search_on_default_organization_when_no_organization_set() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); OrganizationDto otherOrganization = db.organizations().insert(); db.components().insertComponents( newProjectDto(db.getDefaultOrganization()).setKey(PROJECT_KEY_1), @@ -166,7 +166,7 @@ public void search_on_default_organization_when_no_organization_set() throws IOE public void search_for_projects_on_given_organization() throws IOException { OrganizationDto organization1 = db.organizations().insert(); OrganizationDto organization2 = db.organizations().insert(); - userSession.addOrganizationPermission(organization1, SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, organization1); ComponentDto project1 = newProjectDto(organization1); ComponentDto project2 = newProjectDto(organization1); ComponentDto project3 = newProjectDto(organization2); @@ -179,7 +179,7 @@ public void search_for_projects_on_given_organization() throws IOException { @Test public void result_is_paginated() throws IOException { - userSession.addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, db.getDefaultOrganization()); List componentDtoList = new ArrayList<>(); for (int i = 1; i <= 9; i++) { componentDtoList.add(newProjectDto(db.getDefaultOrganization(), "project-uuid-" + i).setKey("project-key-" + i).setName("Project Name " + i)); @@ -193,7 +193,7 @@ public void result_is_paginated() throws IOException { @Test public void fail_when_not_system_admin() throws Exception { - userSession.addOrganizationPermission(db.getDefaultOrganization(), QUALITY_PROFILE_ADMIN); + userSession.addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization()); expectedException.expect(ForbiddenException.class); call(SearchWsRequest.builder().build()); @@ -208,7 +208,7 @@ public void fail_on_unknown_organization() throws Exception { @Test public void fail_on_invalid_qualifier() throws Exception { - userSession.addOrganizationPermission(db.getDefaultOrganization(), QUALITY_PROFILE_ADMIN); + userSession.addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization()); expectedException.expect(IllegalArgumentException.class); expectedException.expectMessage("Value of parameter 'qualifiers' (BRC) must be one of: [TRK, VW]"); @@ -256,15 +256,15 @@ public void verify_define() { @Test public void verify_response_example() throws URISyntaxException, IOException { - OrganizationDto organizationDto = db.organizations().insertForKey("my-org-1"); - userSession.addOrganizationPermission(organizationDto, SYSTEM_ADMIN); + OrganizationDto organization = db.organizations().insertForKey("my-org-1"); + userSession.addPermission(ADMINISTER, organization); db.components().insertComponents( - newProjectDto(organizationDto, "project-uuid-1").setName("Project Name 1").setKey("project-key-1"), - newProjectDto(organizationDto, "project-uuid-2").setName("Project Name 1").setKey("project-key-2")); + newProjectDto(organization, "project-uuid-1").setName("Project Name 1").setKey("project-key-1"), + newProjectDto(organization, "project-uuid-2").setName("Project Name 1").setKey("project-key-2")); String response = ws.newRequest() .setMediaType(MediaTypes.JSON) - .setParam(PARAM_ORGANIZATION, organizationDto.getKey()) + .setParam(PARAM_ORGANIZATION, organization.getKey()) .execute().getInput(); assertJson(response).isSimilarTo(ws.getDef().responseExampleAsString()); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java index 083ac36bf40d..e20120cf37d0 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java @@ -43,8 +43,8 @@ import static org.sonar.api.measures.Metric.ValueType.INT; import static org.sonar.api.measures.Metric.ValueType.RATING; import static org.sonar.api.measures.Metric.ValueType.WORK_DUR; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.db.metric.MetricTesting.newMetricDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonar.test.JsonAssert.assertJson; import static org.sonarqube.ws.MediaTypes.JSON; @@ -173,7 +173,7 @@ public void return_edit_to_false_when_not_quality_gate_permission() throws Excep @Test public void return_edit_to_true_when_quality_gate_permission() throws Exception { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); AppWsResponse response = executeRequest(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateActionTest.java index 0c546cc9debf..d64bba04fc10 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateActionTest.java @@ -25,7 +25,6 @@ import org.junit.rules.ExpectedException; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -41,7 +40,7 @@ import org.sonarqube.ws.WsQualityGates.CreateWsResponse; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; public class CreateActionTest { @@ -88,7 +87,7 @@ public void throw_ForbiddenException_if_not_gate_administrator_of_default_organi // as long as organizations don't support Quality gates, the global permission // is defined on the default organization OrganizationDto org = db.organizations().insert(); - userSession.logIn().addOrganizationPermission(org, GlobalPermissions.QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, org); expectedException.expect(ForbiddenException.class); expectedException.expectMessage("Insufficient privileges"); @@ -118,7 +117,7 @@ private CreateWsResponse executeRequest(String name) { } private void logInAsQualityGateAdmin() { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization().getUuid(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java index c1f2de41ab10..2161ca4056d2 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/CreateConditionActionTest.java @@ -29,7 +29,6 @@ import org.junit.rules.ExpectedException; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -48,9 +47,9 @@ import org.sonarqube.ws.WsQualityGates.CreateConditionWsResponse; import static org.assertj.core.api.Java6Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.db.metric.MetricTesting.newMetricDto; import static org.sonar.server.computation.task.projectanalysis.metric.Metric.MetricType.PERCENT; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_ERROR; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_GATE_ID; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_METRIC; @@ -132,7 +131,7 @@ public void throw_ForbiddenException_if_not_gate_administrator_of_default_organi // as long as organizations don't support Quality gates, the global permission // is defined on the default organization OrganizationDto org = db.organizations().insert(); - userSession.logIn().addOrganizationPermission(org, GlobalPermissions.QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, org); expectedException.expect(ForbiddenException.class); expectedException.expectMessage("Insufficient privileges"); @@ -205,6 +204,6 @@ private CreateConditionWsResponse executeRequest(long qualityProfileId, String m } private void logInAsQualityGateAdmin() { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java index 4b6df910f965..2e841707d305 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java @@ -41,7 +41,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.server.qualitygate.QualityGates.SONAR_QUALITYGATE_PROPERTY; public class DeselectActionTest { @@ -173,7 +173,7 @@ public void fail_when_not_project_admin() throws Exception { public void fail_when_not_quality_gates_admin() throws Exception { String gateId = String.valueOf(gate.getId()); - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), QUALITY_PROFILE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, project.getOrganizationUuid()); expectedException.expect(ForbiddenException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java index eccbc6af3a25..158eb1d261da 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java @@ -37,7 +37,7 @@ import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonar.server.qualitygate.QualityGates.SONAR_QUALITYGATE_PROPERTY; public class SelectActionTest { @@ -109,7 +109,7 @@ public void project_admin() throws Exception { @Test public void gate_administrator_can_associate_a_gate_to_a_project() throws Exception { - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, project.getOrganizationUuid()); String gateId = String.valueOf(gate.getId()); callByKey(gateId, project.getKey()); diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java index 85b05684e82b..1b961f033b97 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/UpdateConditionActionTest.java @@ -29,7 +29,6 @@ import org.junit.rules.ExpectedException; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -48,9 +47,9 @@ import org.sonarqube.ws.WsQualityGates.CreateConditionWsResponse; import static org.assertj.core.api.Java6Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.db.metric.MetricTesting.newMetricDto; import static org.sonar.server.computation.task.projectanalysis.metric.Metric.MetricType.PERCENT; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_ERROR; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_ID; import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_METRIC; @@ -140,7 +139,7 @@ public void throw_ForbiddenException_if_not_gate_administrator_of_default_organi // as long as organizations don't support Quality gates, the global permission // is defined on the default organization OrganizationDto org = db.organizations().insert(); - userSession.logIn().addOrganizationPermission(org, GlobalPermissions.QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, org); expectedException.expect(ForbiddenException.class); expectedException.expectMessage("Insufficient privileges"); @@ -213,7 +212,7 @@ private CreateConditionWsResponse executeRequest(long conditionId, String metric } private void logInAsQualityGateAdmin() { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization(), QUALITY_GATE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_GATES, db.getDefaultOrganization()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/QProfileServiceMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/QProfileServiceMediumTest.java index 80035a363c8f..19bc21cc4c44 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/QProfileServiceMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/QProfileServiceMediumTest.java @@ -36,7 +36,6 @@ import org.sonar.api.rules.Rule; import org.sonar.api.rules.RulePriority; import org.sonar.api.utils.ValidationMessages; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.rule.RuleDto; @@ -54,6 +53,7 @@ import static org.sonar.db.rule.RuleTesting.newXooX1; import static org.sonar.db.rule.RuleTesting.newXooX2; import static org.sonar.db.rule.RuleTesting.newXooX3; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.server.qualityprofile.QProfileTesting.XOO_P1_KEY; import static org.sonar.server.qualityprofile.QProfileTesting.XOO_P2_KEY; @@ -226,6 +226,6 @@ public RulesProfile importProfile(Reader reader, ValidationMessages messages) { } private void logInAsQProfileAdministrator() { - userSessionRule.logIn().addOrganizationPermission(tester.get(DefaultOrganizationProvider.class).get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, tester.get(DefaultOrganizationProvider.class).get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java index ab22b08a54ae..ee89b268100d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java @@ -41,7 +41,7 @@ import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.server.qualityprofile.QProfileTesting.newQProfileDto; public class AddProjectActionTest { @@ -121,7 +121,7 @@ private void assertProjectIsAssociatedToProfile(String projectKey, String langua } private void setUserAsQualityProfileAdmin() { - userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), QUALITY_PROFILE_ADMIN); + userSession.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, project.getOrganizationUuid()); } private void executeRequest(ComponentDto project, QualityProfileDto qualityProfile) { diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionMediumTest.java index bde959af4ef7..6a24e8a33d78 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionMediumTest.java @@ -28,7 +28,6 @@ import org.sonar.api.rule.RuleKey; import org.sonar.api.rule.RuleStatus; import org.sonar.api.rule.Severity; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualityprofile.ActiveRuleDto; @@ -51,6 +50,7 @@ import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class ChangeParentActionMediumTest { @@ -76,7 +76,7 @@ public void setUp() { ruleIndexer = tester.get(RuleIndexer.class); activeRuleIndexer = tester.get(ActiveRuleIndexer.class); ruleIndex = tester.get(RuleIndex.class); - userSessionRule.logIn().addOrganizationPermission(tester.get(DefaultOrganizationProvider.class).get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, tester.get(DefaultOrganizationProvider.class).get().getUuid()); } @After diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CopyActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CopyActionTest.java index d0ab85d9746f..c7a09d79f810 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CopyActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CopyActionTest.java @@ -26,7 +26,6 @@ import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.runners.MockitoJUnitRunner; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.qualityprofile.QualityProfileDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; @@ -40,6 +39,7 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; @RunWith(MockitoJUnitRunner.class) public class CopyActionTest { @@ -153,6 +153,6 @@ public void throw_UnauthorizedException_if_not_logged_in() throws Exception { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java index 97a0e9ff8af2..ece09436339c 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/CreateActionTest.java @@ -33,7 +33,6 @@ import org.sonar.api.rules.RulePriority; import org.sonar.api.utils.System2; import org.sonar.api.utils.ValidationMessages; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -63,6 +62,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.sonar.server.language.LanguageTesting.newLanguages; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonarqube.ws.QualityProfiles.CreateWsResponse; import static org.sonarqube.ws.QualityProfiles.CreateWsResponse.QualityProfile; import static org.sonarqube.ws.QualityProfiles.CreateWsResponse.parseFrom; @@ -246,6 +246,6 @@ public RulesProfile importProfile(Reader reader, ValidationMessages messages) { private void logInAsQProfileAdministrator() { userSession .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeleteActionTest.java index c1161ba66c88..08ef309c9315 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeleteActionTest.java @@ -27,7 +27,6 @@ import org.sonar.api.resources.Language; import org.sonar.api.resources.Languages; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -48,6 +47,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class DeleteActionTest { @@ -190,6 +190,6 @@ public void fail_if_profile_does_not_exist() throws Exception { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RenameActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RenameActionTest.java index 51144c10a468..474c8702340e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RenameActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RenameActionTest.java @@ -24,7 +24,6 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.qualityprofile.QualityProfileDto; @@ -40,6 +39,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class RenameActionTest { @@ -164,6 +164,6 @@ private void createProfiles() { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreActionTest.java index 940b488dc4b1..06d6ff09d8c7 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreActionTest.java @@ -27,7 +27,6 @@ import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.runners.MockitoJUnitRunner; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.qualityprofile.QualityProfileDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; @@ -45,6 +44,7 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; @RunWith(MockitoJUnitRunner.class) public class RestoreActionTest { @@ -115,6 +115,6 @@ public void throw_UnauthorizedException_if_not_logged_in() throws Exception { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreBuiltInActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreBuiltInActionTest.java index 52a7ada60c17..73e8870add5a 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreBuiltInActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RestoreBuiltInActionTest.java @@ -23,7 +23,6 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.resources.Languages; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.language.LanguageTesting; @@ -37,6 +36,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class RestoreBuiltInActionTest { @@ -90,6 +90,6 @@ public void throw_UnauthorizedException_if_not_logged_in() throws Exception { private void logInAsQProfileAdministrator() { userSession .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/SetDefaultActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/SetDefaultActionTest.java index c362d2b49ab1..430cf129ca23 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/SetDefaultActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/SetDefaultActionTest.java @@ -25,7 +25,6 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.qualityprofile.QualityProfileDto; @@ -42,6 +41,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class SetDefaultActionTest { @@ -147,7 +147,7 @@ public void throw_UnauthorizedException_if_not_logged_in() throws Exception { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } private void createProfiles() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/RegisterRulesMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/RegisterRulesMediumTest.java index ee464bacec4d..9ba2baa50cae 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/RegisterRulesMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/RegisterRulesMediumTest.java @@ -36,7 +36,6 @@ import org.sonar.api.server.debt.DebtRemediationFunction; import org.sonar.api.server.rule.RuleParamType; import org.sonar.api.server.rule.RulesDefinition; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualityprofile.ActiveRuleDto; @@ -60,6 +59,7 @@ import static com.google.common.collect.Sets.newHashSet; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; // TODO remaining tests should be moved to RegisterRulesTest public class RegisterRulesMediumTest { @@ -459,6 +459,6 @@ public String apply(@Nonnull ActiveRuleParamDto input) { } private void logInAsQProfileAdministrator() { - userSessionRule.logIn().addOrganizationPermission(TESTER.get(DefaultOrganizationProvider.class).get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSessionRule.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, TESTER.get(DefaultOrganizationProvider.class).get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/AppActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/AppActionTest.java index e497dc62924e..019f8af0e281 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/AppActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/AppActionTest.java @@ -26,7 +26,6 @@ import org.sonar.api.resources.Language; import org.sonar.api.resources.Languages; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbTester; import org.sonar.db.qualityprofile.QualityProfileDto; import org.sonar.db.rule.RuleRepositoryDto; @@ -41,6 +40,7 @@ import static org.mockito.Matchers.isA; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class AppActionTest { @@ -59,7 +59,7 @@ public void should_generate_app_init_info() throws Exception { AppAction app = new AppAction(languages, db.getDbClient(), i18n, userSessionRule, defaultOrganizationProvider); WsTester tester = new WsTester(new RulesWs(app)); - userSessionRule.addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + userSessionRule.addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); QualityProfileDto profile1 = QProfileTesting.newXooP1(); QualityProfileDto profile2 = QProfileTesting.newXooP2().setParentKee(QProfileTesting.XOO_P1_KEY); diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/DeleteActionTest.java index a3ac2ce131d2..4b690bb3cfdf 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/DeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/DeleteActionTest.java @@ -23,7 +23,6 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.rule.RuleKey; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.organization.DefaultOrganizationProvider; @@ -34,6 +33,7 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class DeleteActionTest { @@ -77,6 +77,6 @@ public void throw_UnauthorizedException_if_not_logged_in() throws Exception { private void logInAsQProfileAdministrator() { userSession .logIn() - .addOrganizationPermission(defaultOrganizationProvider.get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganizationProvider.get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/ShowActionMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/ShowActionMediumTest.java index e13c79a9d537..f9f4262e0caa 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/ShowActionMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/ShowActionMediumTest.java @@ -28,7 +28,6 @@ import org.sonar.api.rule.RuleKey; import org.sonar.api.rule.RuleStatus; import org.sonar.api.rules.RuleType; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.qualityprofile.ActiveRuleDao; @@ -53,6 +52,7 @@ import static com.google.common.collect.Sets.newHashSet; import static org.sonar.api.rule.Severity.MINOR; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; public class ShowActionMediumTest { @@ -61,7 +61,7 @@ public class ShowActionMediumTest { @Rule public UserSessionRule userSessionRule = UserSessionRule.forServerTester(tester).logIn() - .addOrganizationPermission(tester.get(DefaultOrganizationProvider.class).get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, tester.get(DefaultOrganizationProvider.class).get().getUuid()); WsTester wsTester; diff --git a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionMediumTest.java index a123a3893128..7c7207494026 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/rule/ws/UpdateActionMediumTest.java @@ -28,7 +28,6 @@ import org.sonar.api.rule.RuleKey; import org.sonar.api.rule.RuleStatus; import org.sonar.api.rule.Severity; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.rule.RuleDao; @@ -47,6 +46,7 @@ import static org.junit.Assert.fail; import static org.sonar.api.server.debt.DebtRemediationFunction.Type.LINEAR; import static org.sonar.api.server.debt.DebtRemediationFunction.Type.LINEAR_OFFSET; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.server.rule.ws.UpdateAction.PARAM_REMEDIATION_FN_BASE_EFFORT; import static org.sonar.server.rule.ws.UpdateAction.PARAM_REMEDIATION_FN_GAP_MULTIPLIER; import static org.sonar.server.rule.ws.UpdateAction.PARAM_REMEDIATION_FN_TYPE; @@ -178,6 +178,6 @@ public void fail_to_update_custom_when_description_is_empty() { private void logInAsQProfileAdministrator() { userSessionRule .logIn() - .addOrganizationPermission(tester.get(DefaultOrganizationProvider.class).get().getUuid(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, tester.get(DefaultOrganizationProvider.class).get().getUuid()); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java index 549b204ff0f4..e09bc2aecba8 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java @@ -56,9 +56,9 @@ import static org.sonar.api.web.UserRole.ADMIN; import static org.sonar.api.web.UserRole.CODEVIEWER; import static org.sonar.api.web.UserRole.USER; -import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newProjectDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonarqube.ws.MediaTypes.JSON; import static org.sonarqube.ws.Settings.Definition.CategoryOneOfCase.CATEGORYONEOF_NOT_SET; import static org.sonarqube.ws.Settings.Definition.DefaultValueOneOfCase.DEFAULTVALUEONEOF_NOT_SET; @@ -345,7 +345,7 @@ public void return_license_settings_when_authenticated_but_not_admin() throws Ex @Test public void return_secured_settings_when_not_authenticated_but_with_scan_permission() throws Exception { - userSession.anonymous().addOrganizationPermission(db.getDefaultOrganization(), SCAN_EXECUTION); + userSession.anonymous().addPermission(SCAN, db.getDefaultOrganization()); propertyDefinitions.addComponents(asList( PropertyDefinition.builder("foo").build(), PropertyDefinition.builder("secret.secured").build(), @@ -480,7 +480,7 @@ private void logInAsProjectUser() { } private void logInAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org, SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } private void logInAsProjectAdmin() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java index 23aea49481c0..373e11be6092 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java @@ -67,11 +67,12 @@ import static org.sonar.api.web.UserRole.CODEVIEWER; import static org.sonar.api.web.UserRole.USER; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newModuleDto; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.property.PropertyTesting.newComponentPropertyDto; import static org.sonar.db.property.PropertyTesting.newGlobalPropertyDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonarqube.ws.MediaTypes.JSON; import static org.sonarqube.ws.Settings.Setting.ParentValueOneOfCase.PARENTVALUEONEOF_NOT_SET; @@ -550,7 +551,7 @@ public void return_license_with_hash_settings_when_authenticated_but_not_admin() @Test public void return_global_secured_settings_when_not_authenticated_but_with_scan_permission() throws Exception { - userSession.anonymous().addOrganizationPermission(db.getDefaultOrganization(), SCAN_EXECUTION); + userSession.anonymous().addPermission(SCAN, db.getDefaultOrganization()); definitions.addComponents(asList( PropertyDefinition.builder("foo").build(), PropertyDefinition.builder("secret.secured").build(), @@ -838,7 +839,7 @@ private void logInAsProjectUser() { } private void logInAsAdmin() { - userSession.logIn().addOrganizationPermission(db.getDefaultOrganization(), SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, db.getDefaultOrganization()); } private void logInAsProjectAdmin() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java b/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java index 2371ce51a85d..0fb052da6005 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java @@ -41,6 +41,17 @@ protected AbstractMockUserSession(Class clazz) { this.clazz = clazz; } + public T addPermission(OrganizationPermission permission, String organizationUuid) { + permissionsByOrganizationUuid.put(organizationUuid, permission); + return clazz.cast(this); + } + + @Override + protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { + return permissionsByOrganizationUuid.get(organizationUuid).contains(permission); + } + + public T addProjectUuidPermissions(String projectPermission, String... projectUuids) { this.projectPermissionsCheckedByUuid.add(projectPermission); this.projectUuidByPermission.putAll(projectPermission, newArrayList(projectUuids)); @@ -55,12 +66,7 @@ public T addComponentUuidPermission(String projectPermission, String projectUuid addProjectUuidPermissions(projectPermission, projectUuid); return clazz.cast(this); } - - @Override - protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { - return permissionsByOrganizationUuid.get(organizationUuid).contains(permission); - } - + @Override protected Optional componentUuidToProjectUuid(String componentUuid) { return Optional.ofNullable(projectUuidByComponentUuid.get(componentUuid)); @@ -71,11 +77,6 @@ protected boolean hasProjectUuidPermission(String permission, String projectUuid return projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid); } - public T addOrganizationPermission(String organizationUuid, String permission) { - permissionsByOrganizationUuid.put(organizationUuid, OrganizationPermission.fromKey(permission)); - return clazz.cast(this); - } - public T setSystemAdministrator(boolean b) { this.systemAdministrator = b; return clazz.cast(this); diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java index 9411379652f6..4ba09e9fb304 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/UserSessionRule.java @@ -53,7 +53,7 @@ * In both cases, one can define user session behavior which should apply on all tests directly on the property, eg.: * 
  * {@literal @}Rule
- * public UserSessionRule userSessionRule = UserSessionRule.standalone().login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+ * public UserSessionRule userSessionRule = UserSessionRule.standalone().login("admin").setOrganizationPermissions(OrganizationPermissions.SYSTEM_ADMIN);
  *
*

*

@@ -192,13 +192,13 @@ public UserSessionRule addProjectUuidPermissions(String projectPermission, Strin return this; } - public UserSessionRule addOrganizationPermission(String organizationUuid, String permission) { - ensureAbstractMockUserSession().addOrganizationPermission(organizationUuid, permission); + public UserSessionRule addPermission(OrganizationPermission permission, String organizationUuid) { + ensureAbstractMockUserSession().addPermission(permission, organizationUuid); return this; } - public UserSessionRule addOrganizationPermission(OrganizationDto organizationDto, String permission) { - ensureAbstractMockUserSession().addOrganizationPermission(organizationDto.getUuid(), permission); + public UserSessionRule addPermission(OrganizationPermission permission, OrganizationDto organization) { + ensureAbstractMockUserSession().addPermission(permission, organization.getUuid()); return this; } @@ -292,11 +292,22 @@ public UserSession checkLoggedIn() { return this; } + @Override + public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { + return currentUserSession.hasPermission(permission, organization); + } + @Override public boolean hasPermission(OrganizationPermission permission, String organizationUuid) { return currentUserSession.hasPermission(permission, organizationUuid); } + @Override + public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { + currentUserSession.checkPermission(permission, organization); + return this; + } + @Override public UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { currentUserSession.checkPermission(permission, organizationUuid); @@ -305,12 +316,13 @@ public UserSession checkPermission(OrganizationPermission permission, String org @Override public boolean hasOrganizationPermission(String organizationUuid, String permission) { - return currentUserSession.hasOrganizationPermission(organizationUuid, permission); + return currentUserSession.hasPermission(OrganizationPermission.fromKey(permission), organizationUuid); } @Override - public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { - return currentUserSession.hasPermission(permission, organization); + public UserSession checkOrganizationPermission(String organizationUuid, String permission) { + currentUserSession.checkPermission(OrganizationPermission.fromKey(permission), organizationUuid); + return this; } @Override @@ -335,16 +347,4 @@ public UserSession checkIsSystemAdministrator() { currentUserSession.checkIsSystemAdministrator(); return this; } - - @Override - public UserSession checkOrganizationPermission(String organizationUuid, String permission) { - currentUserSession.checkOrganizationPermission(organizationUuid, permission); - return this; - } - - @Override - public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { - currentUserSession.checkPermission(permission, organization); - return this; - } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java index 0a293bc89743..053145fea5eb 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java @@ -35,7 +35,6 @@ import org.sonar.api.web.page.Page.Qualifier; import org.sonar.api.web.page.PageDefinition; import org.sonar.core.component.DefaultResourceTypes; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.platform.PluginRepository; import org.sonar.db.DbClient; import org.sonar.db.DbTester; @@ -52,6 +51,7 @@ import org.sonar.server.component.ComponentFinder; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.permission.OrganizationPermission; import org.sonar.server.qualitygate.QualityGateFinder; import org.sonar.server.qualityprofile.QPMeasureData; import org.sonar.server.qualityprofile.QualityProfile; @@ -65,8 +65,6 @@ import static org.mockito.Mockito.when; import static org.sonar.api.measures.CoreMetrics.QUALITY_PROFILES_KEY; import static org.sonar.api.web.page.Page.Scope.COMPONENT; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; import static org.sonar.db.component.ComponentTesting.newDirectory; import static org.sonar.db.component.ComponentTesting.newFileDto; import static org.sonar.db.component.ComponentTesting.newModuleDto; @@ -74,6 +72,8 @@ import static org.sonar.db.component.SnapshotTesting.newAnalysis; import static org.sonar.db.measure.MeasureTesting.newMeasureDto; import static org.sonar.db.metric.MetricTesting.newMetricDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; import static org.sonar.test.JsonAssert.assertJson; public class ComponentActionTest { @@ -312,7 +312,7 @@ public void return_configuration_for_quality_profile_admin() throws Exception { componentDbTester.insertComponent(project); userSessionRule.logIn() .addProjectUuidPermissions(UserRole.USER, project.uuid()) - .addOrganizationPermission(project.getOrganizationUuid(), QUALITY_PROFILE_ADMIN); + .addPermission(ADMINISTER_QUALITY_PROFILES, project.getOrganizationUuid()); executeAndVerify(project.key(), "return_configuration_for_quality_profile_admin.json"); } @@ -323,7 +323,7 @@ public void return_configuration_for_quality_gate_admin() throws Exception { componentDbTester.insertComponent(project); userSessionRule.logIn() .addProjectUuidPermissions(UserRole.USER, project.uuid()) - .addOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN); + .addPermission(ADMINISTER_QUALITY_GATES, project.getOrganizationUuid()); executeAndVerify(project.key(), "return_configuration_for_quality_gate_admin.json"); } @@ -389,7 +389,7 @@ public void canApplyPermissionTemplate_is_true_if_logged_in_as_organization_admi userSessionRule.logIn() .addProjectUuidPermissions(UserRole.ADMIN, project.uuid()) - .addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + .addPermission(OrganizationPermission.ADMINISTER, org); assertJson(execute(project.key())).isSimilarTo("{\"configuration\": {\"canApplyPermissionTemplate\": true}}"); userSessionRule.logIn() diff --git a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java index 46174db1ace1..625825e3ac73 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java @@ -36,7 +36,8 @@ import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS; import static org.sonar.test.JsonAssert.assertJson; public class OrganizationActionTest { @@ -79,8 +80,8 @@ public void fails_with_IAE_if_parameter_organization_is_not_specified() { public void verify_example() { OrganizationDto organization = dbTester.organizations().insert(dto -> dto.setGuarded(true)); userSession.logIn() - .addOrganizationPermission(organization, "admin") - .addOrganizationPermission(organization, "provisioning"); + .addPermission(ADMINISTER, organization) + .addPermission(PROVISION_PROJECTS, organization); TestResponse response = executeRequest(organization); @@ -107,7 +108,7 @@ public void returns_non_admin_and_canDelete_false_when_user_logged_in_but_not_ad @Test public void returns_admin_and_canDelete_true_when_user_logged_in_and_admin_and_key_is_the_default_organization() { OrganizationDto defaultOrganization = dbTester.getDefaultOrganization(); - userSession.logIn().addOrganizationPermission(defaultOrganization.getUuid(), "admin"); + userSession.logIn().addPermission(ADMINISTER, defaultOrganization); TestResponse response = executeRequest(defaultOrganization); @@ -135,7 +136,7 @@ public void returns_non_admin_and_canDelete_false_when_user_logged_in_but_not_ad @Test public void returns_admin_and_canDelete_true_when_user_logged_in_and_admin_and_key_is_not_the_default_organization() { OrganizationDto organization = dbTester.organizations().insert(); - userSession.logIn().addOrganizationPermission(organization.getUuid(), "admin"); + userSession.logIn().addPermission(ADMINISTER, organization); TestResponse response = executeRequest(organization); @@ -145,7 +146,7 @@ public void returns_admin_and_canDelete_true_when_user_logged_in_and_admin_and_k @Test public void returns_admin_and_canDelete_false_when_user_logged_in_and_admin_and_key_is_guarded_organization() { OrganizationDto organization = dbTester.organizations().insert(dto -> dto.setGuarded(true)); - userSession.logIn().addOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, organization); TestResponse response = executeRequest(organization); @@ -167,7 +168,7 @@ public void returns_provisioning_true_when_user_can_provision_projects_in_organi // user can provision projects in org2 but not in org1 OrganizationDto org1 = dbTester.organizations().insert(); OrganizationDto org2 = dbTester.organizations().insert(); - userSession.logIn().addOrganizationPermission(org2, "provisioning"); + userSession.logIn().addPermission(PROVISION_PROJECTS, org2); verifyResponse(executeRequest(org1), false, false, false); verifyResponse(executeRequest(org2), false, true, false); diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java index bad1581b20d5..76c53edde48e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java @@ -36,6 +36,7 @@ import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.organization.TestDefaultOrganizationProvider; import org.sonar.server.organization.TestOrganizationFlags; +import org.sonar.server.permission.OrganizationPermission; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; @@ -88,7 +89,6 @@ public void anonymous_is_not_logged_in_and_does_not_have_login() throws Exceptio assertThat(session.isLoggedIn()).isFalse(); } - @Test public void getGroups_is_empty_on_anonymous() { assertThat(newAnonymousSession().getGroups()).isEmpty(); @@ -174,7 +174,7 @@ public void checkOrganizationPermission_throws_ForbiddenException_when_user_does expectInsufficientPrivilegesForbiddenException(); - newUserSession(NON_ROOT_USER_DTO).checkOrganizationPermission(org.getUuid(), PROVISIONING); + newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); } @Test @@ -183,72 +183,72 @@ public void checkOrganizationPermission_succeeds_when_user_has_the_specified_per db.users().insertUser(NON_ROOT_USER_DTO); db.users().insertPermissionOnUser(org, NON_ROOT_USER_DTO, PROVISIONING); - newUserSession(NON_ROOT_USER_DTO).checkOrganizationPermission(org.getUuid(), PROVISIONING); + newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); } @Test public void checkOrganizationPermission_succeeds_when_user_is_root() { OrganizationDto org = db.organizations().insert(); - newUserSession(ROOT_USER_DTO).checkOrganizationPermission(org.getUuid(), PROVISIONING); + newUserSession(ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); } @Test - public void test_hasOrganizationPermission_for_logged_in_user() { + public void test_hasPermission_on_organization_for_logged_in_user() { OrganizationDto org = db.organizations().insert(); ComponentDto project = db.components().insertProject(org); db.users().insertPermissionOnUser(org, userDto, PROVISIONING); db.users().insertProjectPermissionOnUser(userDto, UserRole.ADMIN, project); UserSession session = newUserSession(userDto); - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); - assertThat(session.hasOrganizationPermission(org.getUuid(), SYSTEM_ADMIN)).isFalse(); - assertThat(session.hasOrganizationPermission("another-org", PROVISIONING)).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse(); } @Test - public void test_hasOrganizationPermission_for_anonymous_user() { + public void test_hasPermission_on_organization_for_anonymous_user() { OrganizationDto org = db.organizations().insert(); db.users().insertPermissionOnAnyone(org, PROVISIONING); UserSession session = newAnonymousSession(); - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); - assertThat(session.hasOrganizationPermission(org.getUuid(), SYSTEM_ADMIN)).isFalse(); - assertThat(session.hasOrganizationPermission("another-org", PROVISIONING)).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse(); } @Test - public void hasOrganizationPermission_keeps_cache_of_permissions_of_logged_in_user() { + public void hasPermission_on_organization_keeps_cache_of_permissions_of_logged_in_user() { OrganizationDto org = db.organizations().insert(); db.users().insertPermissionOnUser(org, userDto, PROVISIONING); UserSession session = newUserSession(userDto); // feed the cache - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); // change permissions without updating the cache db.users().deletePermissionFromUser(org, userDto, PROVISIONING); db.users().insertPermissionOnUser(org, userDto, SCAN_EXECUTION); - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); - assertThat(session.hasOrganizationPermission(org.getUuid(), SYSTEM_ADMIN)).isFalse(); - assertThat(session.hasOrganizationPermission(org.getUuid(), SCAN_EXECUTION)).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse(); } @Test - public void hasOrganizationPermission_keeps_cache_of_permissions_of_anonymous_user() { + public void hasPermission_on_organization_keeps_cache_of_permissions_of_anonymous_user() { OrganizationDto org = db.organizations().insert(); db.users().insertPermissionOnAnyone(org, PROVISIONING); UserSession session = newAnonymousSession(); // feed the cache - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); // change permissions without updating the cache db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION); - assertThat(session.hasOrganizationPermission(org.getUuid(), PROVISIONING)).isTrue(); - assertThat(session.hasOrganizationPermission(org.getUuid(), SCAN_EXECUTION)).isFalse(); + assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse(); } @Test @@ -318,7 +318,6 @@ public void hasComponentPermission_keeps_cache_of_permissions_of_logged_in_user( assertThat(session.hasComponentPermission(UserRole.ADMIN, project)).isFalse(); } - @Test public void isSystemAdministrator_returns_true_if_org_feature_is_enabled_and_user_is_root() { organizationFlags.setEnabled(true); diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java index 77995b481874..1a823ff49192 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java @@ -23,7 +23,6 @@ import org.junit.Rule; import org.junit.Test; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.user.GroupDto; @@ -37,6 +36,9 @@ import static com.google.common.collect.Lists.newArrayList; import static org.sonar.db.user.GroupTesting.newGroupDto; import static org.sonar.db.user.UserTesting.newUserDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; +import static org.sonar.server.permission.OrganizationPermission.SCAN; import static org.sonar.test.JsonAssert.assertJson; public class CurrentActionTest { @@ -60,11 +62,11 @@ public void json_example() { // permissions on default organization userSessionRule - .addOrganizationPermission(db.getDefaultOrganization(), GlobalPermissions.SCAN_EXECUTION) - .addOrganizationPermission(db.getDefaultOrganization(), GlobalPermissions.QUALITY_PROFILE_ADMIN); + .addPermission(SCAN, db.getDefaultOrganization()) + .addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization()); // permissions on other organizations are ignored - userSessionRule.addOrganizationPermission(db.organizations().insert(), GlobalPermissions.SYSTEM_ADMIN); + userSessionRule.addPermission(ADMINISTER, db.organizations().insert()); UserDto obiwan = db.users().insertUser( newUserDto("obiwan.kenobi", "Obiwan Kenobi", "obiwan.kenobi@starwars.com") diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java index 95bb208352ae..b8a7f962c4f3 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java @@ -39,7 +39,7 @@ import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_LOGIN; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_ORGANIZATION_KEY; @@ -230,7 +230,7 @@ private void loginAsAdminOnDefaultOrganization() { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org.getUuid(), SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } private GroupWsSupport newGroupWsSupport() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/CreateActionTest.java index adc34488d56e..ee0e33548610 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/CreateActionTest.java @@ -25,7 +25,6 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; @@ -37,6 +36,7 @@ import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class CreateActionTest { @@ -219,7 +219,7 @@ private void loginAsAdminOnDefaultOrganization() { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } private GroupWsSupport newGroupWsSupport() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java index bdfd129a8ebf..32c61a476ff2 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java @@ -28,7 +28,6 @@ import org.sonar.api.config.Settings; import org.sonar.api.utils.internal.AlwaysIncreasingSystem2; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDbTester; import org.sonar.db.component.ComponentDto; @@ -45,6 +44,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_ORGANIZATION_KEY; @@ -290,7 +290,7 @@ private void loginAsAdminOnDefaultOrganization() { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } private WsTester.TestRequest newRequest() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java index 1bd98d38376e..5463bed8a707 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java @@ -37,6 +37,7 @@ import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_LOGIN; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_ORGANIZATION_KEY; @@ -225,7 +226,7 @@ private void loginAsAdminOnDefaultOrganization() { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn("admin").addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn("admin").addPermission(ADMINISTER, org); } private UserDto insertAnAdministratorInDefaultOrganization() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java index 4ef669b469db..27c329e546b6 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java @@ -36,8 +36,8 @@ import static org.apache.commons.lang.StringUtils.capitalize; import static org.assertj.core.api.Assertions.assertThat; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.user.GroupTesting.newGroupDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class SearchActionTest { @@ -159,7 +159,7 @@ public void search_in_organization() throws Exception { // the group in default org is not returned db.users().insertGroup(db.getDefaultOrganization(), "users"); loginAsDefaultOrgAdmin(); - userSession.addOrganizationPermission(org.getUuid(), SYSTEM_ADMIN); + userSession.addPermission(ADMINISTER, org); newRequest() .setParam("organization", org.getKey()) @@ -191,7 +191,7 @@ private void insertGroup(OrganizationDto org, String name, int numberOfMembers) } private void loginAsDefaultOrgAdmin() { - userSession.logIn("user").addOrganizationPermission(db.getDefaultOrganization().getUuid(), SYSTEM_ADMIN); + userSession.logIn("user").addPermission(ADMINISTER, db.getDefaultOrganization()); } private GroupWsSupport newGroupWsSupport() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java index 72316db5bc1e..ee2de184ab56 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java @@ -25,7 +25,6 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbSession; import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; @@ -45,6 +44,7 @@ import static org.mockito.Mockito.never; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; public class UpdateActionTest { @@ -292,6 +292,6 @@ private void loginAsAdminOnDefaultOrganization() { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UsersActionTest.java index b867cf1b6ec1..5a0b33b69519 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UsersActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UsersActionTest.java @@ -26,7 +26,6 @@ import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.server.ws.WebService.SelectionMode; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; @@ -40,6 +39,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.db.user.UserTesting.newUserDto; +import static org.sonar.server.permission.OrganizationPermission.ADMINISTER; import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_ID; public class UsersActionTest { @@ -273,6 +273,6 @@ private void loginAsAdminOnDefaultOrganization() { } private void loginAsAdmin(OrganizationDto org) { - userSession.logIn().addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); + userSession.logIn().addPermission(ADMINISTER, org); } }