]> source.dussan.org Git - sonarqube.git/blob
projects / sonarqube.git / blob
? search:


10b339c08f35337d86247b5a05a94de1df2d352d
[sonarqube.git] /
1 /*
2  * SonarQube
3  * Copyright (C) 2009-2023 SonarSource SA
4  * mailto:info AT sonarsource DOT com
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20 package org.sonar.server.permission;
21
22 import java.util.List;
23 import java.util.stream.Collectors;
24 import java.util.stream.Stream;
25 import javax.annotation.Nullable;
26 import org.junit.Rule;
27 import org.junit.Test;
28 import org.sonar.api.web.UserRole;
29 import org.sonar.core.util.SequenceUuidFactory;
30 import org.sonar.db.DbSession;
31 import org.sonar.db.DbTester;
32 import org.sonar.db.component.ResourceTypesRule;
33 import org.sonar.db.permission.GlobalPermission;
34 import org.sonar.db.permission.template.PermissionTemplateDbTester;
35 import org.sonar.db.permission.template.PermissionTemplateDto;
36 import org.sonar.db.portfolio.PortfolioDto;
37 import org.sonar.db.project.ProjectDto;
38 import org.sonar.db.user.GroupDto;
39 import org.sonar.db.user.UserDto;
40 import org.sonar.server.es.ProjectIndexers;
41 import org.sonar.server.es.TestProjectIndexers;
42 import org.sonar.server.exceptions.TemplateMatchingKeyException;
43 import org.sonar.server.tester.UserSessionRule;
44
45 import static java.util.Collections.singletonList;
46 import static org.assertj.core.api.Assertions.assertThat;
47 import static org.assertj.core.api.Assertions.assertThatThrownBy;
48 import static org.sonar.api.resources.Qualifiers.APP;
49 import static org.sonar.api.resources.Qualifiers.PROJECT;
50 import static org.sonar.api.resources.Qualifiers.VIEW;
51
52 public class PermissionTemplateServiceIT {
53
54   @Rule
55   public DbTester dbTester = DbTester.create(true);
56
57   private final ResourceTypesRule resourceTypesRule = new ResourceTypesRule().setRootQualifiers(PROJECT, VIEW, APP);
58   private final DefaultTemplatesResolver defaultTemplatesResolver = new DefaultTemplatesResolverImpl(dbTester.getDbClient(), resourceTypesRule);
59   private final PermissionService permissionService = new PermissionServiceImpl(resourceTypesRule);
60   private final UserSessionRule userSession = UserSessionRule.standalone();
61   private final PermissionTemplateDbTester templateDb = dbTester.permissionTemplates();
62   private final DbSession session = dbTester.getSession();
63   private final ProjectIndexers projectIndexers = new TestProjectIndexers();
64   private final PermissionTemplateService underTest = new PermissionTemplateService(dbTester.getDbClient(), projectIndexers, userSession, defaultTemplatesResolver,
65     new SequenceUuidFactory());
66
67   @Test
68   public void apply_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() {
69     ProjectDto privateProject = dbTester.components().insertPrivateProject().getProjectDto();
70     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
71     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
72
73     underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
74
75     assertThat(selectProjectPermissionsOfGroup(null, privateProject.getUuid())).isEmpty();
76   }
77
78   @Test
79   public void apply_default_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() {
80     ProjectDto privateProject = dbTester.components().insertPrivateProject().getProjectDto();
81     UserDto creator = dbTester.users().insertUser();
82     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
83     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
84     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
85
86     underTest.applyDefaultToNewComponent(session, privateProject, creator.getUuid());
87
88     assertThat(selectProjectPermissionsOfGroup(null, privateProject.getUuid())).isEmpty();
89   }
90
91   @Test
92   public void apply_inserts_permissions_to_group_AnyOne_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
93     ProjectDto publicProject = dbTester.components().insertPublicProject().getProjectDto();
94     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
95     permissionService.getAllProjectPermissions()
96       .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm));
97     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
98
99     underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
100
101     assertThat(selectProjectPermissionsOfGroup(null, publicProject.getUuid()))
102       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
103   }
104
105   @Test
106   public void applyDefault_inserts_permissions_to_group_AnyOne_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
107     ProjectDto publicProject = dbTester.components().insertPublicProject().getProjectDto();
108     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
109     permissionService.getAllProjectPermissions()
110       .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm));
111     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
112     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
113
114     underTest.applyDefaultToNewComponent(session, publicProject, null);
115
116     assertThat(selectProjectPermissionsOfGroup(null, publicProject.getUuid()))
117       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
118   }
119
120   @Test
121   public void apply_inserts_any_permissions_to_group_when_applying_template_on_private_project() {
122     ProjectDto privateProject = dbTester.components().insertPrivateProject().getProjectDto();
123     GroupDto group = dbTester.users().insertGroup();
124     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
125     permissionService.getAllProjectPermissions()
126       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
127     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
128
129     underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
130
131     assertThat(selectProjectPermissionsOfGroup(group, privateProject.getUuid()))
132       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
133   }
134
135   @Test
136   public void applyDefault_inserts_any_permissions_to_group_when_applying_template_on_private_project() {
137     GroupDto group = dbTester.users().insertGroup();
138     ProjectDto privateProject = dbTester.components().insertPrivateProject().getProjectDto();
139     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
140     permissionService.getAllProjectPermissions()
141       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
142     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
143     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
144
145     underTest.applyDefaultToNewComponent(session, privateProject, null);
146
147     assertThat(selectProjectPermissionsOfGroup(group, privateProject.getUuid()))
148       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
149   }
150
151   @Test
152   public void apply_inserts_permissions_to_group_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
153     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
154     ProjectDto publicProject = dbTester.components().insertPublicProject().getProjectDto();
155     GroupDto group = dbTester.users().insertGroup();
156     permissionService.getAllProjectPermissions()
157       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
158     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
159
160     underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
161
162     assertThat(selectProjectPermissionsOfGroup(group, publicProject.getUuid()))
163       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
164   }
165
166   @Test
167   public void applyDefault_inserts_permissions_to_group_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
168     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
169     ProjectDto publicProject = dbTester.components().insertPublicProject().getProjectDto();
170     GroupDto group = dbTester.users().insertGroup();
171     permissionService.getAllProjectPermissions()
172       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
173     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
174     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
175
176     underTest.applyDefaultToNewComponent(session, publicProject, null);
177
178     assertThat(selectProjectPermissionsOfGroup(group, publicProject.getUuid()))
179       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
180   }
181
182   @Test
183   public void apply_inserts_permissions_to_user_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
184     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
185     ProjectDto publicProject = dbTester.components().insertPublicProject().getProjectDto();
186     UserDto user = dbTester.users().insertUser();
187     permissionService.getAllProjectPermissions()
188       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
189     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
190
191     underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
192
193     assertThat(selectProjectPermissionsOfUser(user, publicProject.getUuid()))
194       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
195   }
196
197   @Test
198   public void applyDefault_inserts_permissions_to_user_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
199     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
200     ProjectDto publicProject = dbTester.components().insertPublicProject().getProjectDto();
201     UserDto user = dbTester.users().insertUser();
202     permissionService.getAllProjectPermissions()
203       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
204     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
205     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
206
207     underTest.applyDefaultToNewComponent(session, publicProject, null);
208
209     assertThat(selectProjectPermissionsOfUser(user, publicProject.getUuid()))
210       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
211   }
212
213   @Test
214   public void apply_inserts_any_permissions_to_user_when_applying_template_on_private_project() {
215     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
216     ProjectDto privateProject = dbTester.components().insertPrivateProject().getProjectDto();
217     UserDto user = dbTester.users().insertUser();
218     permissionService.getAllProjectPermissions()
219       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
220     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
221
222     underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
223
224     assertThat(selectProjectPermissionsOfUser(user, privateProject.getUuid()))
225       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
226   }
227
228   @Test
229   public void applyDefault_inserts_any_permissions_to_user_when_applying_template_on_private_project() {
230     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
231     ProjectDto privateProject = dbTester.components().insertPrivateProject().getProjectDto();
232     UserDto user = dbTester.users().insertUser();
233     permissionService.getAllProjectPermissions()
234       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
235     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
236     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
237
238     underTest.applyDefaultToNewComponent(session, privateProject, null);
239
240     assertThat(selectProjectPermissionsOfUser(user, privateProject.getUuid()))
241       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
242   }
243
244   @Test
245   public void applyDefault_inserts_permissions_to_ProjectCreator_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
246     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
247     ProjectDto publicProject = dbTester.components().insertPublicProject().getProjectDto();
248     UserDto user = dbTester.users().insertUser();
249     permissionService.getAllProjectPermissions()
250       .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm));
251     dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");
252     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
253
254     underTest.applyDefaultToNewComponent(session, publicProject, user.getUuid());
255
256     assertThat(selectProjectPermissionsOfUser(user, publicProject.getUuid()))
257       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
258   }
259
260   @Test
261   public void applyDefault_inserts_any_permissions_to_ProjectCreator_when_applying_template_on_private_project() {
262     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
263     ProjectDto privateProject = dbTester.components().insertPrivateProject().getProjectDto();
264     UserDto user = dbTester.users().insertUser();
265     permissionService.getAllProjectPermissions()
266       .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm));
267     dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");
268     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
269
270     underTest.applyDefaultToNewComponent(session, privateProject, user.getUuid());
271
272     assertThat(selectProjectPermissionsOfUser(user, privateProject.getUuid()))
273       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
274   }
275
276   @Test
277   public void apply_template_on_view() {
278     PortfolioDto portfolio = dbTester.components().insertPrivatePortfolioDto();
279     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
280     GroupDto group = dbTester.users().insertGroup();
281     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
282     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
283     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
284
285     underTest.applyDefaultToNewComponent(session, portfolio, null);
286
287     assertThat(selectProjectPermissionsOfGroup(group, portfolio.getUuid()))
288       .containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
289   }
290
291   @Test
292   public void apply_default_template_on_application() {
293     ProjectDto application = dbTester.components().insertPublicApplication().getProjectDto();
294     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
295     PermissionTemplateDto appPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
296     GroupDto group = dbTester.users().insertGroup();
297     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
298     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
299     dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, appPermissionTemplate, null);
300
301     underTest.applyDefaultToNewComponent(session, application, null);
302
303     assertThat(selectProjectPermissionsOfGroup(group, application.getUuid()))
304       .containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
305   }
306
307   @Test
308   public void apply_default_template_on_portfolio() {
309     PortfolioDto portfolio = dbTester.components().insertPublicPortfolioDto();
310     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
311     PermissionTemplateDto portPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
312     GroupDto group = dbTester.users().insertGroup();
313     dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
314     dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
315     dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, portPermissionTemplate);
316
317     underTest.applyDefaultToNewComponent(session, portfolio, null);
318
319     assertThat(selectProjectPermissionsOfGroup(group, portfolio.getUuid()))
320       .containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
321   }
322
323   @Test
324   public void apply_project_default_template_on_view_when_no_view_default_template() {
325     PortfolioDto portfolio = dbTester.components().insertPrivatePortfolioDto();
326     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
327     GroupDto group = dbTester.users().insertGroup();
328     dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
329     dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, null);
330
331     underTest.applyDefaultToNewComponent(session, portfolio, null);
332
333     assertThat(selectProjectPermissionsOfGroup(group, portfolio.getUuid())).containsOnly(GlobalPermission.PROVISION_PROJECTS.getKey());
334   }
335
336   @Test
337   public void apply_template_on_applications() {
338     ProjectDto application = dbTester.components().insertPublicApplication().getProjectDto();
339     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
340     GroupDto group = dbTester.users().insertGroup();
341     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
342     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
343     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
344
345     underTest.applyDefaultToNewComponent(session, application, null);
346
347     assertThat(selectProjectPermissionsOfGroup(group, application.getUuid()))
348       .containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
349   }
350
351   @Test
352   public void apply_default_view_template_on_application() {
353     ProjectDto application = dbTester.components().insertPublicApplication().getProjectDto();
354     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
355     PermissionTemplateDto appPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
356     PermissionTemplateDto portPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
357     GroupDto group = dbTester.users().insertGroup();
358     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
359     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
360     dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, appPermissionTemplate, portPermissionTemplate);
361
362     underTest.applyDefaultToNewComponent(session, application, null);
363
364     assertThat(selectProjectPermissionsOfGroup(group, application.getUuid()))
365       .containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
366   }
367
368   @Test
369   public void apply_project_default_template_on_application_when_no_application_default_template() {
370     ProjectDto application = dbTester.components().insertPublicApplication().getProjectDto();
371     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
372     GroupDto group = dbTester.users().insertGroup();
373     dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
374     dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, null);
375
376     underTest.applyDefaultToNewComponent(session, application, null);
377
378     assertThat(selectProjectPermissionsOfGroup(group, application.getUuid())).containsOnly(GlobalPermission.PROVISION_PROJECTS.getKey());
379   }
380
381   @Test
382   public void apply_permission_template() {
383     UserDto user = dbTester.users().insertUser();
384     ProjectDto project = dbTester.components().insertPrivateProject().getProjectDto();
385     GroupDto adminGroup = dbTester.users().insertGroup();
386     GroupDto userGroup = dbTester.users().insertGroup();
387     dbTester.users().insertPermissionOnGroup(adminGroup, GlobalPermission.ADMINISTER.getKey());
388     dbTester.users().insertPermissionOnGroup(userGroup, UserRole.USER);
389     dbTester.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
390     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
391     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, GlobalPermission.ADMINISTER.getKey());
392     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, UserRole.ISSUE_ADMIN);
393     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, UserRole.USER);
394     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, UserRole.CODEVIEWER);
395     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, UserRole.USER);
396     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, UserRole.CODEVIEWER);
397     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, GlobalPermission.ADMINISTER.getKey());
398
399     assertThat(selectProjectPermissionsOfGroup(adminGroup, project.getUuid())).isEmpty();
400     assertThat(selectProjectPermissionsOfGroup(userGroup, project.getUuid())).isEmpty();
401     assertThat(selectProjectPermissionsOfGroup(null, project.getUuid())).isEmpty();
402     assertThat(selectProjectPermissionsOfUser(user, project.getUuid())).isEmpty();
403
404     underTest.applyAndCommit(session, permissionTemplate, singletonList(project));
405
406     assertThat(selectProjectPermissionsOfGroup(adminGroup, project.getUuid())).containsOnly(GlobalPermission.ADMINISTER.getKey(), UserRole.ISSUE_ADMIN);
407     assertThat(selectProjectPermissionsOfGroup(userGroup, project.getUuid())).containsOnly(UserRole.USER, UserRole.CODEVIEWER);
408     assertThat(selectProjectPermissionsOfGroup(null, project.getUuid())).isEmpty();
409     assertThat(selectProjectPermissionsOfUser(user, project.getUuid())).containsOnly(GlobalPermission.ADMINISTER.getKey());
410   }
411
412   private List<String> selectProjectPermissionsOfGroup(@Nullable GroupDto groupDto, String projectUuid) {
413     return dbTester.getDbClient().groupPermissionDao().selectEntityPermissionsOfGroup(session, groupDto != null ? groupDto.getUuid() : null, projectUuid);
414   }
415
416   private List<String> selectProjectPermissionsOfUser(UserDto userDto, String projectUuid) {
417     return dbTester.getDbClient().userPermissionDao().selectEntityPermissionsOfUser(session, userDto.getUuid(), projectUuid);
418   }
419
420   @Test
421   public void would_user_have_scan_permission_with_default_permission_template() {
422     GroupDto group = dbTester.users().insertGroup();
423     UserDto user = dbTester.users().insertUser();
424     dbTester.users().insertMember(group, user);
425     PermissionTemplateDto template = templateDb.insertTemplate();
426     dbTester.permissionTemplates().setDefaultTemplates(template, null, null);
427     templateDb.addProjectCreatorToTemplate(template.getUuid(), GlobalPermission.SCAN.getKey(), template.getName());
428     templateDb.addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.USER, template.getName(), user.getLogin());
429     templateDb.addGroupToTemplate(template.getUuid(), group.getUuid(), UserRole.CODEVIEWER, template.getName(), group.getName());
430     templateDb.addGroupToTemplate(template.getUuid(), null, UserRole.ISSUE_ADMIN, template.getName(), null);
431
432     // authenticated user
433     checkWouldUserHaveScanPermission(user.getUuid(), true);
434
435     // anonymous user
436     checkWouldUserHaveScanPermission(null, false);
437   }
438
439   @Test
440   public void would_user_have_scan_permission_with_unknown_default_permission_template() {
441     dbTester.permissionTemplates().setDefaultTemplates("UNKNOWN_TEMPLATE_UUID", null, null);
442
443     checkWouldUserHaveScanPermission(null, false);
444   }
445
446   @Test
447   public void would_user_have_scan_permission_with_empty_template() {
448     PermissionTemplateDto template = templateDb.insertTemplate();
449     dbTester.permissionTemplates().setDefaultTemplates(template, null, null);
450
451     checkWouldUserHaveScanPermission(null, false);
452   }
453
454   @Test
455   public void apply_permission_template_with_key_pattern_collision() {
456     final String key = "hi-test";
457     final String keyPattern = ".*-test";
458
459     Stream<PermissionTemplateDto> templates = Stream.of(
460       templateDb.insertTemplate(t -> t.setKeyPattern(keyPattern)),
461       templateDb.insertTemplate(t -> t.setKeyPattern(keyPattern))
462     );
463
464     String templateNames = templates
465       .map(PermissionTemplateDto::getName)
466       .sorted(String.CASE_INSENSITIVE_ORDER)
467       .map(x -> String.format("\"%s\"", x))
468       .collect(Collectors.joining(", "));
469
470     ProjectDto project = dbTester.components().insertPrivateProject(p -> p.setKey(key)).getProjectDto();
471
472     assertThatThrownBy(() -> underTest.applyDefaultToNewComponent(session, project, null))
473       .isInstanceOf(TemplateMatchingKeyException.class)
474       .hasMessageContaining("The \"%s\" key matches multiple permission templates: %s.", key, templateNames);
475   }
476
477   private void checkWouldUserHaveScanPermission(@Nullable String userUuid, boolean expectedResult) {
478     assertThat(underTest.wouldUserHaveScanPermissionWithDefaultTemplate(session, userUuid, "PROJECT_KEY"))
479       .isEqualTo(expectedResult);
480   }
481
482 }
Continuous Inspection: https://github.com/SonarSource/sonarqube