changeset 38:6f43b1252b32 auth

check project (not global) permission while downloading symbols
author Evgeniy.Koshkin
date Thu, 29 Aug 2013 15:59:40 +0400
parents 7e971d72b49c
children 1586b9eb682e
files server/src/jetbrains/buildServer/symbols/DownloadSymbolsController.java
diffstat 1 files changed, 30 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/server/src/jetbrains/buildServer/symbols/DownloadSymbolsController.java	Thu Aug 29 15:29:22 2013 +0400
+++ b/server/src/jetbrains/buildServer/symbols/DownloadSymbolsController.java	Thu Aug 29 15:59:40 2013 +0400
@@ -75,11 +75,19 @@
       return null;
     }
 
+    final String valuableUriPart = requestURI.substring(requestURI.indexOf(SymbolsConstants.APP_SYMBOLS) + SymbolsConstants.APP_SYMBOLS.length());
+    final int firstDelimiterPosition = valuableUriPart.indexOf('/');
+    final String fileName = valuableUriPart.substring(0, firstDelimiterPosition);
+    final String signature = valuableUriPart.substring(firstDelimiterPosition + 1, valuableUriPart.indexOf('/', firstDelimiterPosition + 1));
+    final String guid = signature.substring(0, signature.length() - 1); //last symbol is PEDebugType
+    LOG.debug(String.format("Symbol file requested. File name: %s. Guid: %s.", fileName, guid));
+
     final SUser user = myAuthHelper.getAuthenticatedUser(request, response, new Predicate<SUser>() {
       public boolean apply(SUser user) {
-        //TODO: check permissions locally (for particular project)
-        //response.sendError(HttpServletResponse.SC_FORBIDDEN, "You have no permissions to download PDB files.");
-        return user.isPermissionGrantedForAnyProject(Permission.VIEW_BUILD_RUNTIME_DATA);
+        final String projectId = findRelatedProjectId(guid);
+        if(projectId == null) return false;
+        //TODO: response.sendError(HttpServletResponse.SC_FORBIDDEN, "You have no permissions to download PDB files.");
+        return user.isPermissionGrantedForProject(projectId, Permission.VIEW_BUILD_RUNTIME_DATA);
       }
     });
     if (user == null) return null;
@@ -87,13 +95,6 @@
     try {
       mySecurityContext.runAs(user, new SecurityContextEx.RunAsAction() {
         public void run() throws Throwable {
-          final String valuableUriPart = requestURI.substring(requestURI.indexOf(SymbolsConstants.APP_SYMBOLS) + SymbolsConstants.APP_SYMBOLS.length());
-          final int firstDelimiterPosition = valuableUriPart.indexOf('/');
-          final String fileName = valuableUriPart.substring(0, firstDelimiterPosition);
-          final String signature = valuableUriPart.substring(firstDelimiterPosition + 1, valuableUriPart.indexOf('/', firstDelimiterPosition + 1));
-          final String guid = signature.substring(0, signature.length() - 1); //last symbol is PEDebugType
-          LOG.debug(String.format("Symbol file requested. File name: %s. Guid: %s.", fileName, guid));
-
           final BuildArtifact buildArtifact = findArtifact(guid, fileName);
           if(buildArtifact == null){
             WebUtil.notFound(request, response, "Symbol file not found", null);
@@ -121,13 +122,13 @@
     return null;
   }
 
+  @Nullable
   private BuildArtifact findArtifact(String guid, String fileName) {
-    final Iterator<BuildMetadataEntry> entryIterator = myBuildMetadataStorage.getEntriesByKey(BuildSymbolsIndexProvider.PROVIDER_ID, guid);
-    if(!entryIterator.hasNext()){
+    final BuildMetadataEntry entry = getMetadataEntry(guid);
+    if(entry == null) {
       LOG.debug(String.format("No items found in symbol index for guid '%s'", guid));
       return null;
     }
-    final BuildMetadataEntry entry = entryIterator.next();
     final Map<String,String> metadata = entry.getMetadata();
     final String storedFileName = metadata.get(BuildSymbolsIndexProvider.FILE_NAME_KEY);
     final String artifactPath = metadata.get(BuildSymbolsIndexProvider.ARTIFACT_PATH_KEY);
@@ -147,4 +148,20 @@
     }
     return buildArtifact;
   }
+
+  @Nullable
+  private String findRelatedProjectId(String symbolFileId) {
+    //TODO: log errorS
+    final BuildMetadataEntry metadataEntry = getMetadataEntry(symbolFileId);
+    if(metadataEntry == null) return null;
+    final SBuild build = myServer.findBuildInstanceById(metadataEntry.getBuildId());
+    if(build == null) return null;
+    return build.getProjectId();
+  }
+
+  @Nullable
+  private BuildMetadataEntry getMetadataEntry(String key){
+    final Iterator<BuildMetadataEntry> entryIterator = myBuildMetadataStorage.getEntriesByKey(BuildSymbolsIndexProvider.PROVIDER_ID, key);
+    return !entryIterator.hasNext() ? null : entryIterator.next();
+  }
 }
\ No newline at end of file