Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-7242

Remove the useless "Execute Preview Analysis" global permission

    Details

      Description

      The "Execute Preview Analysis" global permission was introduced a long time ago to tell which user had the permission to run a "local" analysis on his/her box without pushing the results to the server. This permission particularly allowed to get the global settings from the server in order to bootstrap the analysis, and also (at that time) to request for the H2 file (DB extract) that was used to run a local analysis. All this is over and this permission don't make sense any longer.

      What's more, this permission is a burden because it is required to make the project "Execute Analysis" permission (SONAR-7174) work as expected - whereas it is a global permission.

      Therefore:

      • The permission should be removed
        • This is the so-called "dry-run" permission
        • There should be a DB migration to clean the DB
      • For the /batch/global WS that relies on it, the update should be the following:
        • If the user has the "Execute Analysis" permission ("scan"), then all the settings from the server are returned
        • Else if the user is authenticated, then all the settings from the server are returned except the ".secured" ones (but the licenses are still returned to allow the scanner to execute language plugins)
        • Else "Unauthorised" is returned.
      • For the /batch/project WS that relies on it, the update should be the following:
        • In issues mode, the permission "Browse" is required,
        • In standard mode, the permission "Execute Analysis" is required
        • Secured settings will only be return to user having the "Execute Analysis" permission
        • If the user doesn't have "Browse" or "Execute Analysis", "Unauthorised" is returned.
      • For the /batch/users WS that relies on it, the update should be the following:
        • If the user is logged, return the user names of given user logins.
        • Else "Unauthorised" is returned.
      • For the /batch/issues WS that relies on it, the update should be the following:
        • If the user has "Browse" permission on the given component, issues of this component are returned
        • Else "Unauthorised" is returned.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                julien.lancelot Julien Lancelot
                Reporter:
                fabrice.bellingard Fabrice Bellingard
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: