]> source.dussan.org Git - sonarqube.git/blob
100e3843f93ed716e4123f4f0be2b1693b216880
[sonarqube.git] /
1 /*
2  * SonarQube
3  * Copyright (C) 2009-2016 SonarSource SA
4  * mailto:contact AT sonarsource DOT com
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20
21 package org.sonar.server.permission.ws.template;
22
23 import static org.assertj.core.api.Assertions.assertThat;
24 import static org.mockito.Mockito.mock;
25 import static org.sonar.db.component.ComponentTesting.newDeveloper;
26 import static org.sonar.db.component.ComponentTesting.newProjectDto;
27 import static org.sonar.db.component.ComponentTesting.newView;
28 import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateDto;
29 import static org.sonar.db.user.GroupMembershipQuery.IN;
30 import static org.sonar.db.user.GroupTesting.newGroupDto;
31 import static org.sonar.db.user.UserTesting.newUserDto;
32 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_QUALIFIER;
33 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
34 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
35
36 import com.google.common.base.Predicate;
37 import com.google.common.collect.FluentIterable;
38 import java.util.List;
39 import javax.annotation.Nullable;
40 import org.junit.Before;
41 import org.junit.Rule;
42 import org.junit.Test;
43 import org.junit.rules.ExpectedException;
44 import org.sonar.api.config.Settings;
45 import org.sonar.api.resources.Qualifiers;
46 import org.sonar.api.server.ws.WebService.Param;
47 import org.sonar.api.utils.System2;
48 import org.sonar.api.web.UserRole;
49 import org.sonar.core.permission.GlobalPermissions;
50 import org.sonar.db.DbClient;
51 import org.sonar.db.DbSession;
52 import org.sonar.db.DbTester;
53 import org.sonar.db.component.ComponentDbTester;
54 import org.sonar.db.component.ComponentDto;
55 import org.sonar.db.component.ResourceTypesRule;
56 import org.sonar.db.permission.GroupWithPermissionDto;
57 import org.sonar.db.permission.PermissionQuery;
58 import org.sonar.db.permission.PermissionRepository;
59 import org.sonar.db.permission.PermissionTemplateDto;
60 import org.sonar.db.permission.UserWithPermissionDto;
61 import org.sonar.db.user.GroupDbTester;
62 import org.sonar.db.user.GroupDto;
63 import org.sonar.db.user.GroupRoleDto;
64 import org.sonar.db.user.UserDbTester;
65 import org.sonar.db.user.UserDto;
66 import org.sonar.db.user.UserRoleDto;
67 import org.sonar.server.component.ComponentFinder;
68 import org.sonar.server.exceptions.BadRequestException;
69 import org.sonar.server.exceptions.NotFoundException;
70 import org.sonar.server.i18n.I18nRule;
71 import org.sonar.server.issue.index.IssueAuthorizationIndexer;
72 import org.sonar.server.permission.PermissionService;
73 import org.sonar.server.permission.ws.PermissionDependenciesFinder;
74 import org.sonar.server.tester.UserSessionRule;
75 import org.sonar.server.usergroups.ws.UserGroupFinder;
76 import org.sonar.server.ws.TestRequest;
77 import org.sonar.server.ws.WsActionTester;
78
79 public class BulkApplyTemplateActionTest {
80   @Rule
81   public UserSessionRule userSession = UserSessionRule.standalone().login("login").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
82   @Rule
83   public ExpectedException expectedException = ExpectedException.none();
84   @Rule
85   public DbTester db = DbTester.create(System2.INSTANCE);
86   ComponentDbTester componentDb = new ComponentDbTester(db);
87   UserDbTester userDb = new UserDbTester(db);
88   GroupDbTester groupDb = new GroupDbTester(db);
89   DbClient dbClient = db.getDbClient();
90   DbSession dbSession = db.getSession();
91
92   ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, "DEV");
93   I18nRule i18n = new I18nRule();
94   WsActionTester ws;
95
96   UserDto user1;
97   UserDto user2;
98   GroupDto group1;
99   GroupDto group2;
100   PermissionTemplateDto template1;
101   PermissionTemplateDto template2;
102   IssueAuthorizationIndexer issueAuthorizationIndexer = mock(IssueAuthorizationIndexer.class);
103
104   @Before
105   public void setUp() {
106     PermissionRepository repository = new PermissionRepository(dbClient, new Settings());
107     ComponentFinder componentFinder = new ComponentFinder(dbClient);
108     PermissionService permissionService = new PermissionService(dbClient, repository, issueAuthorizationIndexer, userSession, componentFinder);
109     PermissionDependenciesFinder permissionDependenciesFinder = new PermissionDependenciesFinder(dbClient, componentFinder, new UserGroupFinder(dbClient), resourceTypes);
110
111     BulkApplyTemplateAction underTest = new BulkApplyTemplateAction(dbClient, permissionService, permissionDependenciesFinder, i18n, resourceTypes);
112     ws = new WsActionTester(underTest);
113
114     user1 = userDb.insertUser(newUserDto().setLogin("user-login-1"));
115     user2 = userDb.insertUser(newUserDto().setLogin("user-login-2"));
116     group1 = groupDb.insertGroup(newGroupDto().setName("group-name-1"));
117     group2 = groupDb.insertGroup(newGroupDto().setName("group-name-2"));
118
119     // template 1
120     template1 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-1"));
121     addUserToTemplate(user1, template1, UserRole.CODEVIEWER);
122     addUserToTemplate(user2, template1, UserRole.ISSUE_ADMIN);
123     addGroupToTemplate(group1, template1, UserRole.ADMIN);
124     addGroupToTemplate(group2, template1, UserRole.USER);
125     // template 2
126     template2 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-2"));
127     addUserToTemplate(user1, template2, UserRole.USER);
128     addUserToTemplate(user2, template2, UserRole.USER);
129     addGroupToTemplate(group1, template2, UserRole.USER);
130     addGroupToTemplate(group2, template2, UserRole.USER);
131
132     commit();
133   }
134
135   @Test
136   public void bulk_apply_template_by_template_uuid() {
137     ComponentDto project = componentDb.insertComponent(newProjectDto());
138     ComponentDto view = componentDb.insertComponent(newView());
139     ComponentDto developer = componentDb.insertComponent(newDeveloper("developer-name"));
140     addUserPermissionToProject(user1, developer, UserRole.ADMIN);
141     addUserPermissionToProject(user2, developer, UserRole.ADMIN);
142     addGroupPermissionToProject(group1, developer, UserRole.ADMIN);
143     addGroupPermissionToProject(group2, developer, UserRole.ADMIN);
144     db.commit();
145
146     call(ws.newRequest().setParam(PARAM_TEMPLATE_ID, template1.getUuid()));
147
148     assertTemplate1AppliedToProject(project);
149     assertTemplate1AppliedToProject(view);
150     assertTemplate1AppliedToProject(developer);
151   }
152
153   @Test
154   public void bulk_apply_template_by_template_name() {
155     ComponentDto project = componentDb.insertComponent(newProjectDto());
156
157     call(ws.newRequest().setParam(PARAM_TEMPLATE_NAME, template1.getName()));
158
159     assertTemplate1AppliedToProject(project);
160   }
161
162   @Test
163   public void apply_template_by_qualifier() {
164     ComponentDto project = componentDb.insertComponent(newProjectDto());
165     ComponentDto view = componentDb.insertComponent(newView());
166
167     call(ws.newRequest()
168       .setParam(PARAM_TEMPLATE_ID, template1.getUuid())
169       .setParam(PARAM_QUALIFIER, project.qualifier()));
170
171     assertTemplate1AppliedToProject(project);
172     assertNoPermissionOnProject(view);
173   }
174
175   @Test
176   public void apply_template_by_query_on_name_and_key() {
177     ComponentDto projectFoundByKey = newProjectDto().setKey("sonar");
178     componentDb.insertProjectAndSnapshot(projectFoundByKey);
179     ComponentDto projectFoundByName = newProjectDto().setName("name-sonar-name");
180     componentDb.insertProjectAndSnapshot(projectFoundByName);
181     // match must be exact on key
182     ComponentDto projectUntouched = newProjectDto().setKey("new-sonar").setName("project-name");
183     componentDb.insertProjectAndSnapshot(projectUntouched);
184     componentDb.indexAllComponents();
185
186     call(ws.newRequest()
187       .setParam(PARAM_TEMPLATE_ID, template1.getUuid())
188       .setParam(Param.TEXT_QUERY, "sonar"));
189
190     assertTemplate1AppliedToProject(projectFoundByKey);
191     assertTemplate1AppliedToProject(projectFoundByName);
192     assertNoPermissionOnProject(projectUntouched);
193   }
194
195   @Test
196   public void fail_if_no_template_parameter() {
197     expectedException.expect(BadRequestException.class);
198     expectedException.expectMessage("Template name or template id must be provided, not both.");
199
200     call(ws.newRequest());
201   }
202
203   @Test
204   public void fail_if_template_name_is_incorrect() {
205     expectedException.expect(NotFoundException.class);
206     expectedException.expectMessage("Permission template with id 'unknown-template-uuid' is not found");
207
208     call(ws.newRequest().setParam(PARAM_TEMPLATE_ID, "unknown-template-uuid"));
209   }
210
211   private void call(TestRequest request) {
212     request.execute();
213     db.commit();
214   }
215
216   private void assertTemplate1AppliedToProject(ComponentDto project) {
217     assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).extracting("name").containsExactly(group1.getName());
218     assertThat(selectProjectPermissionGroups(project, UserRole.USER)).extracting("name").containsExactly(group2.getName());
219     assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
220     assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).extracting("login").containsExactly(user1.getLogin());
221     assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).extracting("login").containsExactly(user2.getLogin());
222   }
223
224   private void assertNoPermissionOnProject(ComponentDto project) {
225     assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).isEmpty();
226     assertThat(selectProjectPermissionGroups(project, UserRole.CODEVIEWER)).isEmpty();
227     assertThat(selectProjectPermissionGroups(project, UserRole.ISSUE_ADMIN)).isEmpty();
228     assertThat(selectProjectPermissionGroups(project, UserRole.USER)).isEmpty();
229     assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
230     assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).isEmpty();
231     assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).isEmpty();
232     assertThat(selectProjectPermissionUsers(project, UserRole.USER)).isEmpty();
233   }
234
235   private PermissionTemplateDto insertTemplate(PermissionTemplateDto template) {
236     return dbClient.permissionTemplateDao().insert(dbSession, template);
237   }
238
239   private void addUserToTemplate(UserDto user, PermissionTemplateDto permissionTemplate, String permission) {
240     dbClient.permissionTemplateDao().insertUserPermission(dbSession, permissionTemplate.getId(), user.getId(), permission);
241   }
242
243   private void addGroupToTemplate(GroupDto group, PermissionTemplateDto permissionTemplate, String permission) {
244     dbClient.permissionTemplateDao().insertGroupPermission(dbSession, permissionTemplate.getId(), group.getId(), permission);
245   }
246
247   private void addUserPermissionToProject(UserDto user, ComponentDto project, String permission) {
248     dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto()
249       .setRole(permission)
250       .setUserId(user.getId())
251       .setResourceId(project.getId()));
252   }
253
254   private void addGroupPermissionToProject(GroupDto group, ComponentDto project, String permission) {
255     dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto()
256       .setRole(permission)
257       .setResourceId(project.getId())
258       .setGroupId(group.getId()));
259   }
260
261   private List<GroupWithPermissionDto> selectProjectPermissionGroups(ComponentDto project, String permission) {
262     return FluentIterable.from(dbClient.permissionDao().selectGroups(dbSession, query(permission), project.getId()))
263       .filter(new PermissionNotNull())
264       .toList();
265   }
266
267   private List<UserWithPermissionDto> selectProjectPermissionUsers(ComponentDto project, String permission) {
268     return dbClient.permissionDao().selectUsers(dbSession, query(permission), project.getId(), 0, Integer.MAX_VALUE);
269   }
270
271   private void commit() {
272     dbSession.commit();
273   }
274
275   private static PermissionQuery query(String permission) {
276     return PermissionQuery.builder().membership(IN).permission(permission).build();
277   }
278
279   private static class PermissionNotNull implements Predicate<GroupWithPermissionDto> {
280     @Override
281     public boolean apply(@Nullable GroupWithPermissionDto input) {
282       return input.getPermission() != null;
283     }
284   }
285 }