For the longest time, most of our SonarQube projects have been public within the enterprise. We are now attempting to make them private by default, with permissions settings for each user who needs access. We set this on the “project_roles” page, setting the project to private, and adding entries for each required user. We are presently doing this manually for each project.
I maintain an automation system that uses the REST api to create particular projects that are associated with existing projects. These are based on pull request branches. I am specifically not using “new-style branches”, and that won’t be an option for now. In the scripting code, I copy some information from the base project, like the quality gate and quality profiles. It appears that I’m going to need to copy this permissions information the same way.
I’ve browsed through the REST api automated documentation, and I don’t see any operation that contains this information. How can I get this from the REST api and set it in a new project? I’m starting to wonder whether this isn’t supported in the version we’re using, and will require a system upgrade.
If I understand correctly, you want to fetch the list of user and their permission for a specific project from the API?
If this is correct, the public API doesn’t allow that. The internal API can achieve this through the GET /api/permissions/users endpoint. But use it at your own risk; internal APIs are subject to change or removal without notice.
And to give a user permission for a specific project you can use the POST api/permissions/add_user endpoint from the public API.
That will be very unfortunate if I have to rely on an internal API to do what I need to do. Everything that I can set in the GUI should be readable and writable from the public API.
Where can I get documentation for “/api/permissions/users”? It’s not in the Web API page.
I suppose it’s possible I won’t need this, but I haven’t tested this yet.
Our projects supposedly use the “permissions template”, so that when we create a new project with a name that begins with the prefiix associated with the template, that created project will get the permissions settings defined in the template. This includes making it a “private” project, with all the specific userids of people working on the project.
If this works with the REST api, then if I create the project using the correct prefix, it should get the permissions that it should have.
In initial testing, it doesn’t appear to be working. Projects created with the REST api, using the correct template prefix are only getting minimal permissions settings, when the “base” projects have many more specific users in their permissions list. It appears that I may have to use the internal API to get a correct copy of the permissions from the base project.