Discussion:
Add user to project (not web interface, from "rest" or "curl")
michal
2013-06-10 08:59:43 UTC
Permalink
Hi,

in this way I may add new user to Sonar:

/users/create?commit=Create&user%5Blogin%5D=<LOGIN>&user%5Bname%5D=<NAME>&user%5Bpassword%5D=<PASSWORD>&user%5Bpassword_confirmation%5D=<PASSWORD>

How may I to add user as project administrator to specifed project ?

I see in Firebug something like that:
id=80146&role=admin&redirect=&users%5B%5D=10423

Must I search userid and projectid in sonar db ?
How will be look a rest/curl request ?

thanks,
Mike



--
View this message in context: http://sonar.15.x6.nabble.com/Add-user-to-project-not-web-interface-from-rest-or-curl-tp5013231.html
Sent from the Sonar user mailing list archive at Nabble.com.
Matthew Hall
2013-06-10 13:57:23 UTC
Permalink
I am wondering, do this API and the other APIs have any protection against CSRF exploits BTW? If it doesn't require a token I could spearphish an admin and add myself to Sonar.

Matthew.
--
Sent from my mobile device.
Post by michal
Hi,
/users/create?commit=Create&user%5Blogin%5D=<LOGIN>&user%5Bname%5D=<NAME>&user%5Bpassword%5D=<PASSWORD>&user%5Bpassword_confirmation%5D=<PASSWORD>
How may I to add user as project administrator to specifed project ?
id=80146&role=admin&redirect=&users%5B%5D=10423
Must I search userid and projectid in sonar db ?
How will be look a rest/curl request ?
thanks,
Mike
--
http://sonar.15.x6.nabble.com/Add-user-to-project-not-web-interface-from-rest-or-curl-tp5013231.html
Sent from the Sonar user mailing list archive at Nabble.com.
---------------------------------------------------------------------
http://xircles.codehaus.org/manage_email
Schulz, Christian
2013-06-11 08:20:27 UTC
Permalink
At the moment you are authenticating with your account.
In the future it should be changed:
http://jira.codehaus.org/browse/SONAR-4043
-----Original Message-----
Sent: Monday, June 10, 2013 3:57 PM
Subject: Re: [sonar-user] Add user to project (not web interface, from "rest" or
"curl")
I am wondering, do this API and the other APIs have any protection against
CSRF exploits BTW? If it doesn't require a token I could spearphish an admin
and add myself to Sonar.
Matthew.
--
Sent from my mobile device.
Post by michal
Hi,
/users/create?commit=Create&user%5Blogin%5D=<LOGIN>&user%5Bname%
5D=<NAME>&user%5Bpassword%5D=<PASSWORD>&user%5Bpassword_confir
mation%5D=<PASSWORD>
Post by michal
How may I to add user as project administrator to specifed project ?
id=80146&role=admin&redirect=&users%5B%5D=10423
Must I search userid and projectid in sonar db ?
How will be look a rest/curl request ?
thanks,
Mike
--
http://sonar.15.x6.nabble.com/Add-user-to-project-not-web-interface-from-
rest-or-curl-tp5013231.html
Post by michal
Sent from the Sonar user mailing list archive at Nabble.com.
---------------------------------------------------------------------
http://xircles.codehaus.org/manage_email
---------------------------------------------------------------------
http://xircles.codehaus.org/manage_email
This email (including any attachments) may contain confidential and/or
privileged information or information otherwise protected from disclosure.
If you are not the intended recipient, please notify the sender immediately,
do not copy this message or any attachments and do not use it for any
purpose or disclose its content to any person, but delete this message and
any attachments from your system.
Astrium disclaims any and all liability if this email transmission
was virus corrupted, altered or falsified.
----------------------------------------------------------------------------
Astrium GmbH
Vorsitzender des Aufsichtsrates: Günter Stamerjohanns
Geschäftsführung: Evert Dudok (Vorsitzender), Jens Schomburgk,
Dr. Johannes von Thadden
Sitz der Gesellschaft: München -
Registergericht: Amtsgericht München, HRB Nr. 107647
Ust. Ident. Nr. /VAT reg. no. DE167015356
----------------------------------------------------------------------------
Weitere Informationen über EADS Astrium unter www.as
Schulz, Christian
2013-06-11 08:26:40 UTC
Permalink
Hello Mike,

the project_roles should help you, there you will find grant_groups.
But I recommend to wait till the API contains such functionality.

Best Regards,

Christian
-----Original Message-----
Sent: Monday, June 10, 2013 11:00 AM
Subject: [sonar-user] Add user to project (not web interface, from
"rest" or
"curl")
Hi,
/users/create?commit=Create&user%5Blogin%5D=<LOGIN>&user%5Bname%5
D=<NAME>&user%5Bpassword%5D=<PASSWORD>&user%5Bpassword_confirm
ation%5D=<PASSWORD>
How may I to add user as project administrator to specifed project ?
id=80146&role=admin&redirect=&users%5B%5D=10423
Must I search userid and projectid in sonar db ?
How will be look a rest/curl request ?
thanks,
Mike
--
http://sonar.15.x6.nabble.com/Add-user-to-
project-not-web-interface-from-rest-or-curl-tp5013231.html
Sent from the Sonar user mailing list archive at Nabble.com.
---------------------------------------------------------------------
http://xircles.codehaus.org/manage_email
This email (including any attachments) may contain confidential and/or
privileged information or information otherwise protected from disclosure.
If you are not the intended recipient, please notify the sender immediately,
do not copy this message or any attachments and do not use it for any
purpose or disclose its content to any person, but delete this message and
any attachments from your system.
Astrium disclaims any and all liability if this email transmission
was virus corrupted, altered or falsified.
----------------------------------------------------------------------------
Astrium GmbH
Vorsitzender des Aufsichtsrates: Günter Stamerjohanns
Geschäftsführung: Evert Dudok (Vorsitzender), Jens Schomburgk,
Dr. Johannes von Thadden
Sitz der Gesellschaft: München -
Registergericht: Amtsgericht München, HRB Nr. 107647
Ust. Ident. Nr. /VAT reg. no. DE167015356
----------------------------------------------------------------------------
Weitere Informationen
Jean-Baptiste Vilain
2013-06-25 13:39:16 UTC
Permalink
Hi,

The only available APIs are the ones listed here :
http://docs.codehaus.org/display/SONAR/Web+Service+API
As a general rule, you should not send requests programmatically to
controllers that are not under the /api/ namespace.

A new WS API dedicated to users management has been introduced in Sonar 3.6
(http://jira.codehaus.org/browse/SONAR-4323). It will be updated with CRUD
operations support in Sonar 3.7 as well as global permissions assignment.

In the meantime, if you believe that additional operations should be
exposed in the Sonar WS API, please feel free to create or vote for the
corresponding tickets (such as http://jira.codehaus.org/browse/SONAR-3128).

Thanks,


On 11 June 2013 10:26, Schulz, Christian
Post by Schulz, Christian
Hello Mike,
the project_roles should help you, there you will find grant_groups.
But I recommend to wait till the API contains such functionality.
Best Regards,
Christian
-----Original Message-----
Sent: Monday, June 10, 2013 11:00 AM
Subject: [sonar-user] Add user to project (not web interface, from
"rest" or
"curl")
Hi,
/users/create?commit=Create&user%5Blogin%5D=<LOGIN>&user%5Bname%5
D=<NAME>&user%5Bpassword%5D=<PASSWORD>&user%5Bpassword_confirm
ation%5D=<PASSWORD>
How may I to add user as project administrator to specifed project ?
id=80146&role=admin&redirect=&users%5B%5D=10423
Must I search userid and projectid in sonar db ?
How will be look a rest/curl request ?
thanks,
Mike
--
http://sonar.15.x6.nabble.com/Add-user-to-
project-not-web-interface-from-rest-or-curl-tp5013231.html
Sent from the Sonar user mailing list archive at Nabble.com.
---------------------------------------------------------------------
http://xircles.codehaus.org/manage_email
This email (including any attachments) may contain confidential and/or
privileged information or information otherwise protected from disclosure.
If you are not the intended recipient, please notify the sender immediately,
do not copy this message or any attachments and do not use it for any
purpose or disclose its content to any person, but delete this message and
any attachments from your system.
Astrium disclaims any and all liability if this email transmission
was virus corrupted, altered or falsified.
----------------------------------------------------------------------------
Astrium GmbH
Vorsitzender des Aufsichtsrates: Günter Stamerjohanns
Geschäftsführung: Evert Dudok (Vorsitzender), Jens Schomburgk,
Dr. Johannes von Thadden
Sitz der Gesellschaft: München -
Registergericht: Amtsgericht München, HRB Nr. 107647
Ust. Ident. Nr. /VAT reg. no. DE167015356
----------------------------------------------------------------------------
Weitere Informationen über EADS Astrium unter www.astrium.eads.net
--
*Jean-Baptiste VILAIN | SonarSource**
*http://sonarsource.com
Loading...