private Set<String> searchOrganizationWithProvisionPermission(DbSession dbSession) { Integer userId = userSession.getUserId(); return userId == null ? emptySet() : dbClient.organizationDao().selectByPermission(dbSession, userId, PROVISION_PROJECTS.getKey()).stream().map(OrganizationDto::getUuid).collect(toSet()); }
public PermissionServiceImpl(ResourceTypes resourceTypes) { globalPermissions = ImmutableList.copyOf(ALL_GLOBAL_PERMISSIONS.stream() .filter(s -> !s.equals(OrganizationPermission.APPLICATION_CREATOR) || resourceTypes.isQualifierPresent(Qualifiers.APP)) .filter(s -> !s.equals(OrganizationPermission.PORTFOLIO_CREATOR) || resourceTypes.isQualifierPresent(Qualifiers.VIEW)) .collect(toList())); projectPermissions = ImmutableList.copyOf(ALL_PROJECT_PERMISSIONS.stream() .filter(s -> !s.equals(OrganizationPermission.APPLICATION_CREATOR.getKey()) || resourceTypes.isQualifierPresent(Qualifiers.APP)) .filter(s -> !s.equals(OrganizationPermission.PORTFOLIO_CREATOR.getKey()) || resourceTypes.isQualifierPresent(Qualifiers.VIEW)) .collect(toList())); }
private void unsafeGiveAllPermissionsToRootComponent(ComponentDto component, UserDto user, GroupDto group, OrganizationDto organization) { Arrays.stream(OrganizationPermission.values()) .forEach(organizationPermission -> { dbTester.users().insertPermissionOnAnyone(organization, organizationPermission); dbTester.users().insertPermissionOnGroup(group, organizationPermission); dbTester.users().insertPermissionOnUser(organization, user, organizationPermission); }); permissionService.getAllProjectPermissions() .forEach(permission -> { unsafeInsertProjectPermissionOnAnyone(component, permission); unsafeInsertProjectPermissionOnGroup(component, group, permission); unsafeInsertProjectPermissionOnUser(component, user, permission); }); }
private List<String> getGlobalPermissions() { String defaultOrganizationUuid = defaultOrganizationProvider.get().getUuid(); return OrganizationPermission.all() .filter(permission -> userSession.hasPermission(permission, defaultOrganizationUuid)) .map(OrganizationPermission::getKey) .collect(toList()); }
@Test public void execute_throws_ForbiddenException_if_user_has_all_permissions_but_ADMIN_on_specified_component() { OrganizationDto organization = dbTester.organizations().insert(); ComponentDto project = dbTester.components().insertPublicProject(organization); request.setParam(PARAM_PROJECT, project.getDbKey()) .setParam(PARAM_VISIBILITY, randomVisibility); userSessionRule.addProjectPermission(UserRole.ISSUE_ADMIN, project); Arrays.stream(OrganizationPermission.values()) .forEach(perm -> userSessionRule.addPermission(perm, organization)); request.setParam(PARAM_PROJECT, project.getDbKey()) .setParam(PARAM_VISIBILITY, randomVisibility); expectInsufficientPrivilegeException(); request.execute(); }
/** * Owners group has an hard coded name, a description based on the organization's name and has all global permissions. */ private GroupDto insertOwnersGroup(DbSession dbSession, OrganizationDto organization) { GroupDto group = dbClient.groupDao().insert(dbSession, new GroupDto() .setOrganizationUuid(organization.getUuid()) .setName(OWNERS_GROUP_NAME) .setDescription(format(OWNERS_GROUP_DESCRIPTION_PATTERN, organization.getName()))); OrganizationPermission.all().forEach(p -> addPermissionToGroup(dbSession, group, p)); return group; }
/** * Used by license notifications */ public List<String> selectGlobalAdministratorLogins(DbSession dbSession) { return mapper(dbSession).selectLoginsWithGlobalPermission(ADMINISTER.getKey()); }
private WsSearchGlobalPermissionsResponse buildResponse(DbSession dbSession, OrganizationDto org) { WsSearchGlobalPermissionsResponse.Builder response = WsSearchGlobalPermissionsResponse.newBuilder(); Permission.Builder permission = newBuilder(); OrganizationPermission.all() .map(OrganizationPermission::getKey) .forEach(permissionKey -> { PermissionQuery query = permissionQuery(permissionKey, org); response.addPermissions( permission .clear() .setKey(permissionKey) .setName(i18nName(permissionKey)) .setDescription(i18nDescriptionMessage(permissionKey)) .setUsersCount(countUsers(dbSession, query)) .setGroupsCount(countGroups(dbSession, org, permissionKey))); }); return response.build(); }
private Set<String> searchOrganizationWithAdminPermission(DbSession dbSession) { Integer userId = userSession.getUserId(); return userId == null ? emptySet() : dbClient.organizationDao().selectByPermission(dbSession, userId, ADMINISTER.getKey()).stream().map(OrganizationDto::getUuid).collect(toSet()); }
GroupDto defaultGroup = defaultGroupCreator.create(dbSession, organization.getUuid()); dbClient.qualityGateDao().associate(dbSession, uuidFactory.create(), organization, builtInQualityGate); OrganizationPermission.all() .forEach(p -> insertUserPermissions(dbSession, newUser, organization, p)); insertPersonalOrgDefaultTemplate(dbSession, organization, defaultGroup);
public PermissionChange(Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId, PermissionService permissionService) { this.operation = requireNonNull(operation); this.organizationUuid = requireNonNull(organizationUuid); this.permission = requireNonNull(permission); this.projectId = projectId; this.permissionService = permissionService; if (projectId == null) { checkRequest(permissionService.getAllOrganizationPermissions().stream().anyMatch(p -> p.getKey().equals(permission)), "Invalid global permission '%s'. Valid values are %s", permission, permissionService.getAllOrganizationPermissions().stream().map(OrganizationPermission::getKey).collect(toList())); } else { checkRequest(permissionService.getAllProjectPermissions().contains(permission), "Invalid project permission '%s'. Valid values are %s", permission, permissionService.getAllProjectPermissions()); } }
public List<String> selectQualityProfileAdministratorLogins(DbSession dbSession) { return mapper(dbSession).selectLoginsWithGlobalPermission(ADMINISTER_QUALITY_PROFILES.getKey()); }
private void insertPermissionForAdministrators(DbSession dbSession, PermissionTemplateDto template) { Optional<GroupDto> admins = dbClient.groupDao().selectByName(dbSession, template.getOrganizationUuid(), DefaultGroups.ADMINISTRATORS); if (admins.isPresent()) { insertGroupPermission(dbSession, template, UserRole.ADMIN, admins.get()); insertGroupPermission(dbSession, template, UserRole.ISSUE_ADMIN, admins.get()); insertGroupPermission(dbSession, template, UserRole.SECURITYHOTSPOT_ADMIN, admins.get()); insertGroupPermission(dbSession, template, OrganizationPermission.APPLICATION_CREATOR.getKey(), admins.get()); insertGroupPermission(dbSession, template, OrganizationPermission.PORTFOLIO_CREATOR.getKey(), admins.get()); } else { LOG.error("Cannot setup default permission for group: " + DefaultGroups.ADMINISTRATORS); } }
private List<String> selectOrganizationsWithNoMoreAdministrators(DbSession dbSession, UserDto user) { Set<String> organizationUuids = dbClient.authorizationDao().selectOrganizationUuidsOfUserWithGlobalPermission( dbSession, user.getId(), OrganizationPermission.ADMINISTER.getKey()); List<String> problematicOrganizations = new ArrayList<>(); for (String organizationUuid : organizationUuids) { int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, organizationUuid, OrganizationPermission.ADMINISTER.getKey(), user.getId()); if (remaining == 0) { problematicOrganizations.add(organizationUuid); } } return problematicOrganizations; }
private void checkNotTryingToDeleteLastAdminGroup(DbSession dbSession, GroupDto group) { int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroup(dbSession, group.getOrganizationUuid(), OrganizationPermission.ADMINISTER.getKey(), group.getId()); checkArgument(remaining > 0, "The last system admin group cannot be deleted"); }
/** * Grant organization permission to user */ public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, OrganizationPermission permission) { return insertPermissionOnUser(org, user, permission.getKey()); }
public GroupPermissionDto insertPermissionOnGroup(GroupDto group, OrganizationPermission permission) { return insertPermissionOnGroup(group, permission.getKey()); }
public GroupPermissionDto insertPermissionOnAnyone(OrganizationDto org, OrganizationPermission permission) { return insertPermissionOnAnyone(org, permission.getKey()); }