Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-15985

Validate user's permission and deactivated/active status before pushing an event

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 9.4
    • Component/s: Web API
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      For API /api/push/sonarlint_events

      1. Permissions are checked when the connection is established. Then, the user could lose permission on a project.
      As it's hard to react to permission change (could be inherited for a group), it's easier to check permission on every event sent in the client.

      => Before sending a message, validate the project's permissions for the user.

      2. Authentication is done once when the connection is established. Then, the authenticated user could be deleted/deactivated.
      It is time-consuming to implement immediate close of connection when the user is deactivated, hence we are going to check whether the connected user is still 'active' on every push to the client.

      => Before sending a message, validate that connected user is still valid (not deactivated) user of SonarQube.

        Attachments

          Activity

            People

            Assignee:
            lukasz.jarocki Łukasz Jarocki
            Reporter:
            pierre.guillot Pierre Guillot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: