Use the methods UserSession accepting OrganizationPermission param

server/sonar-ce/src/main/java/org/sonar/ce/user/CeUserSession.java

@@ -87,12 +87,12 @@ public boolean hasOrganizationPermission(String organizationUuid, String permiss
   }
 
   @Override
-  public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) {
+  public UserSession checkOrganizationPermission(String organizationUuid, String permission) {
     throw notImplemented();
   }
 
   @Override
-  public UserSession checkOrganizationPermission(String organizationUuid, String permission) {
+  public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) {
     throw notImplemented();
   }
 

server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java

@@ -38,6 +38,7 @@
 import org.sonar.scanner.protocol.input.ProjectRepositories;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.permission.OrganizationPermission;
 import org.sonar.server.user.UserSession;
 
 import static com.google.common.collect.Lists.newArrayList;
@@ -68,7 +69,7 @@ public ProjectRepositories load(ProjectDataQuery query) {
       }
 
       boolean hasScanPerm = userSession.hasComponentPermission(SCAN_EXECUTION, module) ||
-        userSession.hasOrganizationPermission(module.getOrganizationUuid(), SCAN_EXECUTION);
+        userSession.hasPermission(OrganizationPermission.SCAN, module.getOrganizationUuid());
       boolean hasBrowsePerm = userSession.hasComponentPermission(USER, module);
       checkPermission(query.isIssuesMode(), hasScanPerm, hasBrowsePerm);
 

server/sonar-server/src/main/java/org/sonar/server/ce/ws/TaskAction.java

@@ -38,12 +38,12 @@
 import org.sonar.db.ce.CeActivityDto;
 import org.sonar.db.ce.CeQueueDto;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.server.permission.OrganizationPermission;
 import org.sonar.server.user.UserSession;
 import org.sonar.server.ws.WsUtils;
 import org.sonarqube.ws.WsCe;
 
 import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;
 
@@ -118,8 +118,8 @@ private Optional<ComponentDto> loadComponent(DbSession dbSession, @Nullable Stri
   private void checkPermission(Optional<ComponentDto> component) {
     if (component.isPresent()) {
       String orgUuid = component.get().getOrganizationUuid();
-      if (!userSession.hasOrganizationPermission(orgUuid, SYSTEM_ADMIN) &&
-        !userSession.hasOrganizationPermission(orgUuid, SCAN_EXECUTION) &&
+      if (!userSession.hasPermission(OrganizationPermission.ADMINISTER, orgUuid) &&
+        !userSession.hasPermission(OrganizationPermission.SCAN, orgUuid) &&
         !userSession.hasComponentPermission(SCAN_EXECUTION, component.get())) {
         throw insufficientPrivilegesException();
       }

server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java

@@ -37,12 +37,12 @@
 import org.sonar.server.component.ComponentUpdater;
 import org.sonar.server.component.NewComponent;
 import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.permission.OrganizationPermission;
 import org.sonar.server.permission.PermissionTemplateService;
 import org.sonar.server.user.UserSession;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static java.lang.String.format;
-import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
 import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.server.component.NewComponent.newComponentBuilder;
 import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
@@ -75,7 +75,7 @@ public CeTask submit(String organizationKey, String projectKey, @Nullable String
       OrganizationDto organizationDto = getOrganizationDtoOrFail(dbSession, organizationKey);
       Optional<ComponentDto> opt = dbClient.componentDao().selectByKey(dbSession, effectiveProjectKey);
       ensureOrganizationIsConsistent(opt, organizationDto);
-      ComponentDto project = opt.or(() -> createProject(dbSession, organizationDto.getUuid(), projectKey, projectBranch, projectName));
+      ComponentDto project = opt.or(() -> createProject(dbSession, organizationDto, projectKey, projectBranch, projectName));
       checkScanPermission(project);
       return submitReport(dbSession, reportInput, project);
     }
@@ -88,7 +88,7 @@ private void checkScanPermission(ComponentDto project) {
     // That means that dropping the permission on the project does not have any effects
     // if user has still the permission on the organization
     if (!userSession.hasComponentPermission(SCAN_EXECUTION, project) &&
-      !userSession.hasOrganizationPermission(project.getOrganizationUuid(), SCAN_EXECUTION)) {
+      !userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid())) {
       throw insufficientPrivilegesException();
     }
   }
@@ -106,18 +106,18 @@ private static void ensureOrganizationIsConsistent(Optional<ComponentDto> projec
     }
   }
 
-  private ComponentDto createProject(DbSession dbSession, String organizationUuid, String projectKey, @Nullable String projectBranch, @Nullable String projectName) {
-    userSession.checkOrganizationPermission(organizationUuid, PROVISIONING);
+  private ComponentDto createProject(DbSession dbSession, OrganizationDto organization, String projectKey, @Nullable String projectBranch, @Nullable String projectName) {
+    userSession.checkPermission(OrganizationPermission.PROVISION_PROJECTS, organization);
     Integer userId = userSession.getUserId();
 
     boolean wouldCurrentUserHaveScanPermission = permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(
-      dbSession, organizationUuid, userId, projectBranch, projectKey, Qualifiers.PROJECT);
+      dbSession, organization.getUuid(), userId, projectBranch, projectKey, Qualifiers.PROJECT);
     if (!wouldCurrentUserHaveScanPermission) {
       throw insufficientPrivilegesException();
     }
 
     NewComponent newProject = newComponentBuilder()
-      .setOrganizationUuid(organizationUuid)
+      .setOrganizationUuid(organization.getUuid())
       .setKey(projectKey)
       .setName(StringUtils.defaultIfBlank(projectName, projectKey))
       .setBranch(projectBranch)

server/sonar-server/src/main/java/org/sonar/server/organization/ws/DeleteAction.java

@@ -34,8 +34,8 @@
 import org.sonar.server.user.UserSession;
 
 import static com.google.common.base.Preconditions.checkArgument;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_KEY;
+import static org.sonar.server.permission.OrganizationPermission.ADMINISTER;
 import static org.sonar.server.ws.WsUtils.checkFoundWithOptional;
 
 public class DeleteAction implements OrganizationsAction {
@@ -90,7 +90,7 @@ public void handle(Request request, Response response) throws Exception {
       if (organizationDto.isGuarded()) {
         userSession.checkIsSystemAdministrator();
       } else {
-        userSession.checkOrganizationPermission(organizationDto.getUuid(), SYSTEM_ADMIN);
+        userSession.checkPermission(ADMINISTER, organizationDto);
       }
 
       deleteProjects(dbSession, organizationDto.getUuid());

server/sonar-server/src/main/java/org/sonar/server/organization/ws/EnableSupportAction.java

@@ -26,10 +26,10 @@
 import org.sonar.db.DbSession;
 import org.sonar.server.organization.DefaultOrganizationProvider;
 import org.sonar.server.organization.OrganizationFlags;
+import org.sonar.server.permission.OrganizationPermission;
 import org.sonar.server.user.UserSession;
 
 import static java.util.Objects.requireNonNull;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 
 public class EnableSupportAction implements OrganizationsAction {
   private static final String ACTION = "enable_support";
@@ -73,7 +73,7 @@ public void handle(Request request, Response response) throws Exception {
   }
 
   private void verifySystemAdministrator() {
-    userSession.checkLoggedIn().checkOrganizationPermission(defaultOrganizationProvider.get().getUuid(), SYSTEM_ADMIN);
+    userSession.checkLoggedIn().checkPermission(OrganizationPermission.ADMINISTER, defaultOrganizationProvider.get().getUuid());
   }
 
   private boolean isSupportDisabled(DbSession dbSession) {

server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchMyOrganizationsAction.java

@@ -25,10 +25,9 @@
 import org.sonar.api.utils.text.JsonWriter;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
+import org.sonar.server.permission.OrganizationPermission;
 import org.sonar.server.user.UserSession;
 
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
-
 public class SearchMyOrganizationsAction implements OrganizationsAction {
   private static final String ACTION = "search_my_organizations";
 
@@ -62,7 +61,7 @@ public void handle(Request request, Response response) throws Exception {
       JsonWriter jsonWriter = response.newJsonWriter()) {
       jsonWriter.beginObject();
       jsonWriter.name("organizations").beginArray();
-      dbClient.organizationDao().selectByPermission(dbSession, userSession.getUserId(), SYSTEM_ADMIN)
+      dbClient.organizationDao().selectByPermission(dbSession, userSession.getUserId(), OrganizationPermission.ADMINISTER.getKey())
         .forEach(dto -> jsonWriter.value(dto.getKey()));
       jsonWriter.endArray();
       jsonWriter.endObject();

server/sonar-server/src/main/java/org/sonar/server/organization/ws/UpdateAction.java

@@ -34,12 +34,12 @@
 import org.sonarqube.ws.Organizations;
 
 import static java.lang.String.format;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_AVATAR_URL;
 import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_DESCRIPTION;
 import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_KEY;
 import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_NAME;
 import static org.sonar.server.organization.ws.OrganizationsWsSupport.PARAM_URL;
+import static org.sonar.server.permission.OrganizationPermission.ADMINISTER;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;
 
 public class UpdateAction implements OrganizationsAction {
@@ -93,7 +93,7 @@ public void handle(Request request, Response response) throws Exception {
 
       OrganizationDto dto = getDto(dbSession, key);
 
-      userSession.checkOrganizationPermission(dto.getUuid(), SYSTEM_ADMIN);
+      userSession.checkPermission(ADMINISTER, dto);
 
       dto.setName(updateRequest.getName().or(dto::getName))
         .setDescription(updateRequest.getDescription().or(dto::getDescription))

server/sonar-server/src/main/java/org/sonar/server/permission/PermissionPrivilegeChecker.java

@@ -23,7 +23,6 @@
 import org.sonar.api.web.UserRole;
 import org.sonar.server.user.UserSession;
 
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
 
 public class PermissionPrivilegeChecker {
@@ -34,7 +33,7 @@ private PermissionPrivilegeChecker() {
   public static void checkGlobalAdmin(UserSession userSession, String organizationUuid) {
     userSession
       .checkLoggedIn()
-      .checkOrganizationPermission(organizationUuid, SYSTEM_ADMIN);
+      .checkPermission(OrganizationPermission.ADMINISTER, organizationUuid);
   }
 
   /**
@@ -45,7 +44,7 @@ public static void checkGlobalAdmin(UserSession userSession, String organization
   public static void checkProjectAdmin(UserSession userSession, String organizationUuid, Optional<ProjectId> projectId) {
     userSession.checkLoggedIn();
 
-    if (userSession.hasOrganizationPermission(organizationUuid, SYSTEM_ADMIN)) {
+    if (userSession.hasPermission(OrganizationPermission.ADMINISTER, organizationUuid)) {
       return;
     }
 

server/sonar-server/src/main/java/org/sonar/server/project/ws/BulkDeleteAction.java

@@ -25,14 +25,14 @@
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.component.ComponentCleanerService;
 import org.sonar.server.user.UserSession;
 
+import static org.sonar.server.permission.OrganizationPermission.ADMINISTER;
 import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
 
 public class BulkDeleteAction implements ProjectsWsAction {
@@ -104,7 +104,7 @@ private Optional<OrganizationDto> loadOrganizationByKey(DbSession dbSession, @Nu
       return Optional.empty();
     }
     OrganizationDto org = support.getOrganization(dbSession, orgKey);
-    userSession.checkOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN);
+    userSession.checkPermission(ADMINISTER, org);
     return Optional.of(org);
   }
 

server/sonar-server/src/main/java/org/sonar/server/project/ws/CreateAction.java

@@ -35,8 +35,8 @@
 
 import static java.util.Optional.ofNullable;
 import static org.sonar.api.resources.Qualifiers.PROJECT;
-import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
 import static org.sonar.server.component.NewComponent.newComponentBuilder;
+import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS;
 import static org.sonar.server.project.ws.ProjectsWsSupport.PARAM_ORGANIZATION;
 import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;
@@ -109,7 +109,7 @@ private CreateWsResponse doHandle(CreateRequest request) {
     try (DbSession dbSession = dbClient.openSession(false)) {
       OrganizationDto organization = support.getOrganization(dbSession, ofNullable(request.getOrganization())
         .orElseGet(defaultOrganizationProvider.get()::getKey));
-      userSession.checkOrganizationPermission(organization.getUuid(), PROVISIONING);
+      userSession.checkPermission(PROVISION_PROJECTS, organization);
 
       ComponentDto componentDto = componentUpdater.create(dbSession, newComponentBuilder()
         .setOrganizationUuid(organization.getUuid())

server/sonar-server/src/main/java/org/sonar/server/project/ws/DeleteAction.java

@@ -23,12 +23,12 @@
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.server.component.ComponentCleanerService;
 import org.sonar.server.component.ComponentFinder;
+import org.sonar.server.permission.OrganizationPermission;
 import org.sonar.server.user.UserSession;
 
 import static org.sonar.server.component.ComponentFinder.ParamNames.PROJECT_ID_AND_PROJECT;
@@ -92,7 +92,7 @@ public void handle(Request request, Response response) throws Exception {
 
   private void checkPermission(ComponentDto project) {
     if (!userSession.hasComponentPermission(UserRole.ADMIN, project)) {
-      userSession.checkOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.SYSTEM_ADMIN);
+      userSession.checkPermission(OrganizationPermission.ADMINISTER, project.getOrganizationUuid());
     }
   }
 }

server/sonar-server/src/main/java/org/sonar/server/project/ws/GhostsAction.java

@@ -29,7 +29,6 @@
 import org.sonar.api.server.ws.WebService;
 import org.sonar.api.server.ws.WebService.Param;
 import org.sonar.api.utils.text.JsonWriter;
-import org.sonar.api.web.UserRole;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.component.ComponentDto;
@@ -40,6 +39,7 @@
 
 import static com.google.common.collect.Sets.newHashSet;
 import static org.sonar.server.es.SearchOptions.MAX_LIMIT;
+import static org.sonar.server.permission.OrganizationPermission.ADMINISTER;
 import static org.sonar.server.ws.WsUtils.checkFoundWithOptional;
 
 public class GhostsAction implements ProjectsWsAction {
@@ -89,7 +89,7 @@ public void handle(Request request, Response response) throws Exception {
 
     try (DbSession dbSession = dbClient.openSession(false)) {
       OrganizationDto organization = getOrganization(dbSession, request);
-      userSession.checkOrganizationPermission(organization.getUuid(), UserRole.ADMIN);
+      userSession.checkPermission(ADMINISTER, organization);
 
       long nbOfProjects = dbClient.componentDao().countGhostProjects(dbSession, organization.getUuid(), query);
       List<ComponentDto> projects = dbClient.componentDao().selectGhostProjects(dbSession, organization.getUuid(), query,

server/sonar-server/src/main/java/org/sonar/server/project/ws/ProvisionedAction.java

@@ -30,7 +30,6 @@
 import org.sonar.api.server.ws.WebService;
 import org.sonar.api.server.ws.WebService.Param;
 import org.sonar.api.utils.text.JsonWriter;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.component.ComponentDto;
@@ -41,6 +40,7 @@
 
 import static com.google.common.collect.Sets.newHashSet;
 import static org.sonar.server.es.SearchOptions.MAX_LIMIT;
+import static org.sonar.server.permission.OrganizationPermission.PROVISION_PROJECTS;
 import static org.sonar.server.project.ws.ProjectsWsSupport.PARAM_ORGANIZATION;
 
 public class ProvisionedAction implements ProjectsWsAction {
@@ -90,7 +90,7 @@ public void handle(Request request, Response response) throws Exception {
     try (DbSession dbSession = dbClient.openSession(false)) {
       OrganizationDto organization = support.getOrganization(dbSession,
         request.getParam(PARAM_ORGANIZATION).or(defaultOrganizationProvider.get()::getKey));
-      userSession.checkOrganizationPermission(organization.getUuid(), GlobalPermissions.PROVISIONING);
+      userSession.checkPermission(PROVISION_PROJECTS, organization);
 
       RowBounds rowBounds = new RowBounds(options.getOffset(), options.getLimit());
       List<ComponentDto> projects = dbClient.componentDao().selectProvisioned(dbSession, organization.getUuid(), query, QUALIFIERS_FILTER, rowBounds);

server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchAction.java

@@ -31,6 +31,7 @@
 import org.sonar.db.component.ComponentQuery;
 import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.organization.DefaultOrganizationProvider;
+import org.sonar.server.permission.OrganizationPermission;
 import org.sonar.server.user.UserSession;
 import org.sonarqube.ws.WsProjects.SearchWsResponse;
 import org.sonarqube.ws.client.project.SearchWsRequest;
@@ -39,7 +40,6 @@
 import static java.util.Optional.ofNullable;
 import static org.sonar.api.resources.Qualifiers.PROJECT;
 import static org.sonar.api.resources.Qualifiers.VIEW;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;
 import static org.sonarqube.ws.WsProjects.SearchWsResponse.Component;
 import static org.sonarqube.ws.WsProjects.SearchWsResponse.newBuilder;
@@ -98,7 +98,7 @@ private static SearchWsRequest toSearchWsRequest(Request request) {
   private SearchWsResponse doHandle(SearchWsRequest request) {
     try (DbSession dbSession = dbClient.openSession(false)) {
       OrganizationDto organization = support.getOrganization(dbSession, ofNullable(request.getOrganization()).orElseGet(defaultOrganizationProvider.get()::getKey));
-      userSession.checkOrganizationPermission(organization.getUuid(), SYSTEM_ADMIN);
+      userSession.checkPermission(OrganizationPermission.ADMINISTER, organization);
 
       ComponentQuery query = buildQuery(request);
       Paging paging = buildPaging(dbSession, request, organization, query);

server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java

@@ -41,10 +41,10 @@
 import org.sonar.server.exceptions.Errors;
 import org.sonar.server.exceptions.Message;
 import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.permission.OrganizationPermission;
 import org.sonar.server.user.UserSession;
 import org.sonar.server.util.Validation;
 
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
 import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
 
 /**
@@ -248,7 +248,7 @@ private void checkIsSystemAdministrator() {
   }
 
   private void checkProjectAdmin(ComponentDto project) {
-    if (!userSession.hasOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN)
+    if (!userSession.hasPermission(OrganizationPermission.ADMINISTER_QUALITY_GATES, project.getOrganizationUuid())
       && !userSession.hasComponentPermission(UserRole.ADMIN, project)) {
       throw insufficientPrivilegesException();
     }