/*
* SonarQube, open source software quality management tool.
* Copyright (C) 2008-2014 SonarSource
* mailto:contact AT sonarsource DOT com
*
* SonarQube is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* SonarQube is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package org.sonar.server.permission;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.ComponentPermissions;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.permission.PermissionTemplateDao;
import org.sonar.core.permission.PermissionTemplateDto;
import org.sonar.core.user.GroupDto;
import org.sonar.core.user.UserDao;
import org.sonar.core.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.user.UserSession;
import javax.annotation.Nullable;
abstract class PermissionTemplateUpdater {
private final String templateKey;
private final String permission;
private final String updatedReference;
private final PermissionTemplateDao permissionTemplateDao;
private final UserDao userDao;
PermissionTemplateUpdater(String templateKey, String permission, String updatedReference, PermissionTemplateDao permissionTemplateDao, UserDao userDao) {
this.templateKey = templateKey;
this.permission = permission;
this.updatedReference = updatedReference;
this.permissionTemplateDao = permissionTemplateDao;
this.userDao = userDao;
}
void executeUpdate() {
checkSystemAdminUser();
Long templateId = getTemplateId(templateKey);
validatePermission(permission);
doExecute(templateId, permission);
}
abstract void doExecute(Long templateId, String permission);
Long getUserId() {
UserDto userDto = userDao.selectActiveUserByLogin(updatedReference);
if (userDto == null) {
throw new BadRequestException("Unknown user: " + updatedReference);
}
return userDto.getId();
}
Long getGroupId() {
if (DefaultGroups.isAnyone(updatedReference)) {
return null;
}
GroupDto groupDto = userDao.selectGroupByName(updatedReference);
if (groupDto == null) {
throw new BadRequestException("Unknown group: " + updatedReference);
}
return groupDto.getId();
}
static void checkSystemAdminUser() {
checkProjectAdminUser(null);
}
static void checkProjectAdminUser(@Nullable String componentKey) {
UserSession currentSession = UserSession.get();
currentSession.checkLoggedIn();
if (componentKey == null) {
currentSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
} else {
if (!currentSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) && !currentSession.hasProjectPermission(UserRole.ADMIN, componentKey)) {
throw new ForbiddenException("Insufficient privileges");
}
}
}
private void validatePermission(String permission) {
if (permission == null || !ComponentPermissions.ALL.contains(permission)) {
throw new BadRequestException("Invalid permission: " + permission);
}
}
private Long getTemplateId(String key) {
PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectTemplateByKey(key);
if (permissionTemplateDto == null) {
throw new BadRequestException("Unknown template: " + key);
}
return permissionTemplateDto.getId();
}
}