Merge branch 'Ericsson:master' into provider-gitlab-addition

Author: feyruzb

.github/workflows/codechecker_master_analysis.yml

@@ -32,9 +32,5 @@ jobs:
           CODECHECKER_TOKEN: ${{ secrets.CODECHECKER_STORE_TOKEN }}
           PR_NUMBER: ${{ github.event.number }}
         run: |
-          pwd
-          ls
-          touch ~/.codechecker.passwords.json
-          chmod 0600 ~/.codechecker.passwords.json
           echo "{\"client_autologin\" : true,\"credentials\": {\"*\": \"store:$CODECHECKER_TOKEN\"}}" > ~/.codechecker.passwords.json
           bash ./ci/github_analysis/codechecker_gate_master.sh

.github/workflows/codechecker_pr_analysis.yml

@@ -1,7 +1,9 @@
 name: codechecker-pr-analysis
 
 # Triggers the workflow on push or pull request events.
-on: [push, pull_request]
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
 
 jobs:
   codechecker-pr-analyis:
@@ -29,10 +31,5 @@ jobs:
           CODECHECKER_TOKEN: ${{ secrets.CODECHECKER_STORE_TOKEN }}
           PR_NUMBER: ${{ github.event.number }}
         run: |
-          pwd
-          ls
-          CodeChecker version
-          touch ~/.codechecker.passwords.json
-          chmod 0600 ~/.codechecker.passwords.json
-          echo "{\"client_autologin\" : true,\"credentials\": {\"https://codechecker-demo.eastus.cloudapp.azure.com\": \"store:$CODECHECKER_TOKEN\"}}" > ~/.codechecker.passwords.json
+          echo "{\"client_autologin\" : true,\"credentials\": {\"https://codechecker-demo.eastus.cloudapp.azure.com\": \"store:${CODECHECKER_TOKEN}\"}}" > ~/.codechecker.passwords.json
           bash ./ci/github_analysis/codechecker_gate_pr.sh $GITHUB_REF

web/server/codechecker_server/api/product_server.py

@@ -123,8 +123,12 @@ def __get_product(self, session, product):
 
         args = {'config_db_session': session,
                 'productID': product.id}
-        product_access = permissions.require_permission(
+
+        has_product_permission = permissions.require_permission(
             permissions.PRODUCT_VIEW, args, self.__auth_session)
+        has_global_permission = permissions.require_permission(
+            permissions.PERMISSION_VIEW, args, self.__auth_session)
+        has_access_permission = has_product_permission or has_global_permission
 
         admin_perm_name = permissions.PRODUCT_ADMIN.name
         admins = session.query(ProductPermission). \
@@ -154,7 +158,7 @@ def __get_product(self, session, product):
             runCount=product.num_of_runs,
             latestStoreToProduct=latest_storage_date,
             connected=connected,
-            accessible=product_access,
+            accessible=has_access_permission,
             administrating=self.__administrating(args),
             databaseStatus=server_product.db_status,
             admins=[admin.name for admin in admins],
@@ -260,9 +264,10 @@ def getProductConfiguration(self, product_id):
         Get the product configuration --- WITHOUT THE DB PASSWORD --- of the
         given product.
         """
-        self.__require_permission([permissions.PRODUCT_VIEW], {
-            'productID': product_id
-        })
+        self.__require_permission([
+            permissions.PRODUCT_VIEW,
+            permissions.PERMISSION_VIEW
+        ], {'productID': product_id})
 
         with DBSession(self.__session) as session:
             product = session.query(Product).get(product_id)

web/server/codechecker_server/api/report_server.py

@@ -1468,7 +1468,10 @@ def __require_store(self):
         self.__require_permission([permissions.PRODUCT_STORE])
 
     def __require_view(self):
-        self.__require_permission([permissions.PRODUCT_VIEW])
+        self.__require_permission([
+            permissions.PRODUCT_VIEW,
+            permissions.PERMISSION_VIEW
+        ])
 
     def __add_comment(self, bug_id, message, kind=CommentKindValue.USER,
                       date=None):

web/server/codechecker_server/session_manager.py

@@ -592,7 +592,7 @@ def __try_personal_access_token(self, auth_string):
 
         return {
             'username': personal_access_token.user_name,
-            'groups': personal_access_token.groups
+            'groups': str(personal_access_token.groups).split(";")
         }
 
     def __try_auth_dictionary(self, auth_string):
@@ -616,6 +616,8 @@ def __try_auth_dictionary(self, auth_string):
             'groups' in method_config and \
             username in method_config['groups'] else []
 
+        self.__update_personal_access_token_groups(username, group_list)
+
         return {
             'username': username,
             'groups': group_list
@@ -648,10 +650,39 @@ def __try_auth_ldap(self, auth_string):
                 if cc_ldap.auth_user(ldap_conf, username, password):
                     groups = cc_ldap.get_groups(ldap_conf, username, password)
                     self.__update_groups(username, groups)
+                    self.__update_personal_access_token_groups(
+                        username,
+                        groups
+                    )
                     return {'username': username, 'groups': groups}
 
         return False
 
+    def __update_personal_access_token_groups(self, user_name, groups):
+        """
+        Update the groups assigned to a personal access token.
+        """
+        if not self.__database_connection:
+            return None
+
+        transaction = None
+        try:
+            transaction = self.__database_connection()
+            transaction.query(PersonalAccessToken) \
+                .filter(PersonalAccessToken.user_name == user_name) \
+                .update({PersonalAccessToken.groups: ';'.join(groups)})
+            transaction.commit()
+            return True
+        except Exception as e:
+            LOG.error(
+                f"Couldn't find personal access token for user "
+                f"{user_name}: {str(e)}")
+        finally:
+            if transaction:
+                transaction.close()
+
+        return False
+
     def __update_groups(self, user_name, groups):
         """
         Updates group field of the users tokens.
@@ -839,6 +870,8 @@ def create_session_oauth(self, provider: str,
 
         self.__sessions.append(local_session)
 
+        self.__update_personal_access_token_groups(username, groups)
+
         # Store the session in the database.
         transaction = None
         if self.__database_connection:

web/server/vue-cli/src/main.js

@@ -64,7 +64,8 @@ router.beforeResolve((to, from, next) => {
   store.dispatch(GET_AUTH_PARAMS).then(() => {
     if (to.matched.some(record => record.meta.requiresAuth)) {
       if (store.getters.authParams.requiresAuthentication &&
-        !store.getters.isAuthenticated
+        (!store.getters.authParams.sessionStillActive ||
+         !store.getters.isAuthenticated)
       ) {
         // Redirect the user to the login page but keep the original path to
         // redirect the user back once logged in.

web/server/vue-cli/src/store/modules/auth.js

@@ -37,8 +37,6 @@ const getters = {
 
 const actions = {
   [GET_AUTH_PARAMS]({ commit }) {
-    if (state.authParams) return state.authParams;
-
     return new Promise(resolve => {
       authService.getClient().getAuthParameters(
         handleThriftError(params => {

web/server/vue-cli/src/views/Login.vue

@@ -167,6 +167,7 @@ export default {
 
   computed: {
     ...mapGetters([
+      "authParams",
       "isAuthenticated"
     ]),
     ssoButtonText() {
@@ -185,7 +186,7 @@ export default {
   },
 
   created() {
-    if (this.isAuthenticated) {
+    if (this.isAuthenticated && this.authParams.sessionStillActive) {
       const returnTo = this.$router.currentRoute.query["return_to"];
       this.$router.replace(returnTo || { name: "products" });
     }