I would like to develop a custom plugin restricting access to certain parts of SonarQube (Deletion of project, Modification of permissions etc) depending on their assignment to different groups.
I was able to implement a filter which will redirect a user in case he tries to access page which is restricted to him.
There are 2 problems I am facing.
I am not able to get the logged in user (I am able to get his ID via request session but I am not able to get any more information about him.).
I am not able to get information about groups the user belongs to.
There might be an api for this however I am not able to find any examples or the documentation that might help me.
SonarQube version: 5.6.6
Security Realm: Crowd
Thank you,
Jakub
Sorry, but it's not possible to customize pages access of SonarQube.
Related
I don't find a way to allow authenticated user to only view the information in SonarQube but change nothing. Is it possible, at all?
The minimal role is "BROWSE: Access a project, browse its measures, and create/edit issues for it." which is too much unprotective.
I am using the latest version: 5.6.1.
You're right, there is currently no way to prevent an authenticated user to comment an issue for instance. The same way on Github there is no way to prevent an authenticated user to comment any issue.
I'm trying to write a function that shows if certain users are currently authenticated with Spring Security. Basically, just to display if a certain user is logged in right now.
I know I can get all logged in users via sessionRegistry.getAllPrincipals(), but what I just want to see if a specific user is logged in right now (e.g. on their profile page).
Is there a built-in function for this? If not, where's an entry point I can use to implement this functionality myself?
I'm developing a Rails app, which contains importing of profile information from LinkedIn to a Rails DB.
It works fine a lot of the time, but over the last 2 weeks it suddenly stopped working...
Default Application Permissions on LinkedIn is only r_fullprofile
I use linkedin gem as a wrapper
Fields to import - positions, educations, summary, languages, picture-url
Error, which I see in PROD logs:
LinkedIn connect failed: Scope NOT_AUTHORIZED : r_fullprofile
.rvm/gems/ruby-2.1.2/gems/oauth-0.4.7/lib/oauth/consumer.rb:178:in `request'
.rvm/gems/ruby-2.1.2/gems/oauth-0.4.7/lib/oauth/consumer.rb:194:in `token_request'
.rvm/gems/ruby-2.1.2/gems/oauth-0.4.7/lib/oauth/consumer.rb:136:in `get_request_token'
.rvm/gems/ruby-2.1.2/gems/linkedin-0.4.3/lib/linked_in/helpers/authorization.rb:22:in `request_token'
As I see in debug, for some reason request token and secret are nil,
so I decide that the API to authorize client with my linkedin-app does not work.
ALso, I found an answer on stackoverflow that some API rules were changed some time ago:
After May 12th, 2015, apps will no longer be able to request this
member permission without being specifically reviewed by LinkedIn for
compliance with the Apply with LinkedIn use case
(https://developer.linkedin.com/docs/apply-with-linkedin) or some
other partnership program membership which grants access to that
permissions.
But, does some analog of r_fullprofile permisson exists now, which give an access to get all profile information from linkedin?
Here is what I found in Developer Program Transition Guide:
Access to the r_fullprofile member permission now requires explicit approval from LinkedIn. Additionally, the focus of this permission has changed to become much more specific. Going forward, data received from the Profile API using the r_fullprofile permission can only be used to complement your company's careers pages, as described further on the Apply with LinkedIn page.
If you are already using member data provided by r_fullprofile and you believe your application meets new useage criteria, you will still be required to apply for permission on the Apply with LinkedIn page to maintain your application's ability to use the r_fullprofile member permission.
Here is a link for Apply with LinkedIn if you need it:
https://help.linkedin.com/app/ask/path/api-dvr
I have asked for restoring API-access from my application,
hope that LinkedIn support help me.
Use Apply with LinkedIn to:
Round out your knowledge about a candidate’s background, their recommendations, interests and who’s in their network
Incorporate a candidate’s full profile data in your careers site
Make it easy for qualified candidates to apply to your company’s jobs
And in a few days I received an answer that my access to API is restored!
Thanks LinkedIn Review Team, they are great guys!
I'm using SonarQube (ver4.3.2) and I'm trying to get project list that the API caller user is allowed to see. I found a following API which can get project list:
http://nemo.sonarsource.org/api/resources
When I call this API, then I get all SonarQube's projects though the API caller user doesn't have brows permission for some projects. The API caller a user means user which is authorized by http basic authentication. I want to get only project list which the API caller user can see.
Is it possible?
Regards,
Michael
When calling the "/api/resources" WS, you will get only the projects you are allowed to see - which indeed means projects for which the user has the "Browse" permission.
If you get all the projects of your SonarQube instance when calling this WS, this means that your permissions allow this and you should review them. For instance, maybe the group "anyone" is set on the "Browse" permission of each project? (which is the default configuration of SonarQube by the way).
We are using Sonhrqube 4.5 that is integrated into Google's oAuth sign-on. There are no issues with logging in (Authentication). Certain users have been provisioned with sonar-administrators role. But for some reason, the admin role keeps dropping for some users (leaves the user with sonar-users role). We have tried granting them admin access again, but it keeps happening. Also tried creating a brand new group and assigning that group to the user, but still same thing happens. Any thoughts? If you need any other information, let me know.
Just additional info, not sure if it matters - We are using the sonar-oauth-plugin from JCERTIFLab for integration with Google's signon/oauth. This plugin automatically creates users with default role - sonar-users.
Thanks in advance!
It turned out to be an issue with the Sonar plugin used for integration with google's Oauth. Every time a user is authenticated, permissions get overwritten. To overcome the problem temporarily, we predefined a list of users with admin access in the properties file.