private boolean isMemberOfOrganization(DbSession dbSession, ComponentDto file) { OrganizationDto organizationDto = dbClient.organizationDao().selectByUuid(dbSession, file.getOrganizationUuid()) .orElseThrow(() -> new IllegalStateException(String.format("Organization with uuid '%s' not found", file.getOrganizationUuid()))); return !userSession.hasMembership(organizationDto); }
static Components.Component.Builder componentDtoToWsComponent(ComponentDto dto, OrganizationDto organizationDto, Optional<SnapshotDto> lastAnalysis) { checkArgument( Objects.equals(dto.getOrganizationUuid(), organizationDto.getUuid()), "OrganizationUuid (%s) of ComponentDto to convert to Ws Component is not the same as the one (%s) of the specified OrganizationDto", dto.getOrganizationUuid(), organizationDto.getUuid()); return componentDtoToWsComponent(dto, organizationDto.getKey(), lastAnalysis); }
private String getOrganizationKey(DbSession dbSession, ComponentDto component) { String organizationUuid = component.getOrganizationUuid(); return dbClient.organizationDao().selectByUuid(dbSession, organizationUuid) .orElseThrow(() -> new IllegalStateException("Unknown organization: " + organizationUuid)) .getKey(); }
private void checkPermission(ComponentDto project) { if (!userSession.hasComponentPermission(UserRole.ADMIN, project)) { userSession.checkPermission(OrganizationPermission.ADMINISTER, project.getOrganizationUuid()); } } }
void checkProjectBelongsToOrganization(OrganizationDto organization, ComponentDto project) { if (project.getOrganizationUuid().equals(organization.getUuid())) { return; } throw new NotFoundException(format("Project '%s' doesn't exist in organization '%s'", project.getKey(), organization.getKey())); }
private void checkPermission(Optional<ComponentDto> component) { if (component.isPresent()) { String orgUuid = component.get().getOrganizationUuid(); if (!userSession.hasPermission(OrganizationPermission.ADMINISTER, orgUuid) && !userSession.hasPermission(OrganizationPermission.SCAN, orgUuid) && !userSession.hasComponentPermission(UserRole.SCAN, component.get())) { throw insufficientPrivilegesException(); } } else { userSession.checkIsSystemAdministrator(); } }
public OrganizationDto getOrganization(DbSession dbSession, ComponentDto component) { String organizationUuid = component.getOrganizationUuid(); Optional<OrganizationDto> organizationDto = dbClient.organizationDao().selectByUuid(dbSession, organizationUuid); return checkFoundWithOptional(organizationDto, "Organization with uuid '%s' not found", organizationUuid); }
private void checkScanPermission(ComponentDto project) { // this is a specific and inconsistent behavior. For legacy reasons, "technical users" // defined on an organization should be able to analyze a project even if // they don't have the direct permission on the project. // That means that dropping the permission on the project does not have any effects // if user has still the permission on the organization if (!userSession.hasComponentPermission(UserRole.SCAN, project) && !userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid())) { throw insufficientPrivilegesException(); } }
private void checkAuthorized(DbSession dbSession, SearchProjectPermissionsRequest request) { com.google.common.base.Optional<ProjectWsRef> projectRef = newOptionalWsProjectRef(request.getProjectId(), request.getProjectKey()); if (projectRef.isPresent()) { ComponentDto project = wsSupport.getRootComponentOrModule(dbSession, projectRef.get()); PermissionPrivilegeChecker.checkProjectAdmin(userSession, project.getOrganizationUuid(), Optional.of(new ProjectId(project))); } else { userSession.checkLoggedIn().checkIsSystemAdministrator(); } }
private void checkPermission(ComponentDto component) { if (userSession.hasComponentPermission(USER, component) || userSession.hasComponentPermission(UserRole.SCAN, component) || userSession.hasPermission(OrganizationPermission.SCAN, component.getOrganizationUuid())) { return; } throw insufficientPrivilegesException(); }
private void checkPermission(ComponentDto component) { if (!userSession.hasComponentPermission(USER, component) && !userSession.hasComponentPermission(UserRole.SCAN, component) && !userSession.hasPermission(SCAN, component.getOrganizationUuid())) { throw insufficientPrivilegesException(); } } }
private void insertProjectPermissionOnGroup(DbSession dbSession, ComponentDto component, String permission, Integer groupId) { dbClient.groupPermissionDao().insert(dbSession, new GroupPermissionDto() .setOrganizationUuid(component.getOrganizationUuid()) .setResourceId(component.getId()) .setGroupId(groupId) .setRole(permission)); }
/** * Grant permission on given project */ public UserPermissionDto insertProjectPermissionOnUser(UserDto user, String permission, ComponentDto project) { checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission), "%s can't be granted on a public project", permission); checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); UserPermissionDto dto = new UserPermissionDto(project.getOrganizationUuid(), permission, user.getId(), project.getId()); db.getDbClient().userPermissionDao().insert(db.getSession(), dto); db.commit(); return dto; }
@Test public void get_project_archived_task_with_scan_permission_on_organization_but_not_on_project() { userSession.logIn().addPermission(SCAN, privateProject.getOrganizationUuid()); CeActivityDto task = createAndPersistArchivedTask(privateProject); call(task.getUuid()); }
private static ProjectMeasuresDoc newDoc(ComponentDto project) { return new ProjectMeasuresDoc() .setOrganizationUuid(project.getOrganizationUuid()) .setId(project.uuid()) .setKey(project.getDbKey()) .setName(project.name()); }
@Test public void get_project_queue_task_with_scan_permission_on_organization_but_not_on_project() { UserDto user = db.users().insertUser(); userSession.logIn(user).addPermission(SCAN, privateProject.getOrganizationUuid()); CeQueueDto task = createAndPersistQueueTask(privateProject, user); call(task.getUuid()); }
private static ProjectMeasuresDoc newDoc(ComponentDto project) { return new ProjectMeasuresDoc() .setOrganizationUuid(project.getOrganizationUuid()) .setId(project.uuid()) .setKey(project.getDbKey()) .setName(project.name()); }
private void unsafeInsertProjectPermissionOnAnyone(String perm) { GroupPermissionDto dto = new GroupPermissionDto() .setOrganizationUuid(privateProject.getOrganizationUuid()) .setGroupId(null) .setRole(perm) .setResourceId(privateProject.getId()); db.getDbClient().groupPermissionDao().insert(db.getSession(), dto); db.commit(); } }
private void unsafeInsertProjectPermissionOnAnyone(ComponentDto component, String permission) { GroupPermissionDto dto = new GroupPermissionDto() .setOrganizationUuid(component.getOrganizationUuid()) .setGroupId(null) .setRole(permission) .setResourceId(component.getId()); dbTester.getDbClient().groupPermissionDao().insert(dbTester.getSession(), dto); dbTester.commit(); }
@Test public void fail_when_not_quality_gates_admin() { OrganizationDto organization = db.organizations().insert(); userSession.addPermission(ADMINISTER_QUALITY_GATES, organization); ComponentDto project = db.components().insertPrivateProject(organization); userSession.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, project.getOrganizationUuid()); expectedException.expect(ForbiddenException.class); ws.newRequest() .setParam("projectKey", project.getKey()) .setParam("organization", organization.getKey()) .execute(); }