3 * Copyright (C) 2009-2016 SonarSource SA
4 * mailto:contact AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.server.permission.ws;
22 import java.io.IOException;
23 import javax.annotation.Nullable;
24 import org.junit.Before;
25 import org.junit.Rule;
26 import org.junit.Test;
27 import org.junit.experimental.categories.Category;
28 import org.junit.rules.ExpectedException;
29 import org.sonar.api.utils.System2;
30 import org.sonar.db.DbTester;
31 import org.sonar.db.user.GroupDto;
32 import org.sonar.db.user.GroupRoleDto;
33 import org.sonar.db.user.UserDto;
34 import org.sonar.db.user.UserRoleDto;
35 import org.sonar.server.exceptions.ForbiddenException;
36 import org.sonar.server.exceptions.UnauthorizedException;
37 import org.sonar.server.i18n.I18nRule;
38 import org.sonar.server.tester.UserSessionRule;
39 import org.sonar.server.ws.WsActionTester;
40 import org.sonar.test.DbTests;
41 import org.sonarqube.ws.MediaTypes;
42 import org.sonarqube.ws.WsPermissions;
44 import static org.sonar.core.permission.GlobalPermissions.DASHBOARD_SHARING;
45 import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
46 import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
47 import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
48 import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
49 import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
50 import static org.sonar.test.JsonAssert.assertJson;
52 @Category(DbTests.class)
53 public class SearchGlobalPermissionsActionTest {
56 public ExpectedException expectedException = ExpectedException.none();
58 public DbTester db = DbTester.create(System2.INSTANCE);
60 public UserSessionRule userSession = UserSessionRule.standalone();
62 I18nRule i18n = new I18nRule();
68 ws = new WsActionTester(new SearchGlobalPermissionsAction(db.getDbClient(), userSession, i18n));
69 userSession.login("login").setGlobalPermissions(SYSTEM_ADMIN);
73 public void search() {
74 GroupDto adminGroup = insertGroup(newGroupDto("sonar-admins", "Administrators"));
75 GroupDto userGroup = insertGroup(newGroupDto("sonar-users", "Users"));
76 insertGroupRole(newGroupRole(SCAN_EXECUTION, null));
77 insertGroupRole(newGroupRole(SCAN_EXECUTION, userGroup.getId()));
78 insertGroupRole(newGroupRole(SYSTEM_ADMIN, adminGroup.getId()));
79 insertGroupRole(newGroupRole(PROVISIONING, userGroup.getId()));
80 insertGroupRole(newGroupRole(DASHBOARD_SHARING, null));
82 UserDto user = insertUser(newUserDto("user", "user-name"));
83 UserDto adminUser = insertUser(newUserDto("admin", "admin-name"));
84 insertUserRole(newUserRoleDto(PROVISIONING, user.getId()));
85 insertUserRole(newUserRoleDto(QUALITY_PROFILE_ADMIN, user.getId()));
86 insertUserRole(newUserRoleDto(QUALITY_PROFILE_ADMIN, adminUser.getId()));
87 insertUserRole(newUserRoleDto(QUALITY_GATE_ADMIN, user.getId()));
88 insertUserRole(newUserRoleDto(QUALITY_GATE_ADMIN, adminUser.getId()));
90 db.getSession().commit();
92 String result = ws.newRequest().execute().getInput();
94 assertJson(result).isSimilarTo(getClass().getResource("search_global_permissions-example.json"));
98 public void protobuf_response() throws IOException {
99 WsPermissions.WsSearchGlobalPermissionsResponse wsSearchGlobalPermissionsResponse = WsPermissions.WsSearchGlobalPermissionsResponse.parseFrom(
101 .setMediaType(MediaTypes.PROTOBUF)
102 .execute().getInputStream());
103 System.out.println(wsSearchGlobalPermissionsResponse.getPermissionsList());
107 public void fail_if_insufficient_privileges() {
108 expectedException.expect(ForbiddenException.class);
109 userSession.login("login");
111 ws.newRequest().execute();
115 public void fail_if_not_logged_in() {
116 expectedException.expect(UnauthorizedException.class);
117 userSession.anonymous();
119 ws.newRequest().execute();
122 private void initI18nMessages() {
123 i18n.put("global_permissions.admin", "Administer System");
124 i18n.put("global_permissions.admin.desc", "Ability to perform all administration functions for the instance: " +
125 "global configuration and personalization of default dashboards.");
126 i18n.put("global_permissions.profileadmin", "Administer Quality Profiles");
127 i18n.put("global_permissions.profileadmin.desc", "Ability to perform any action on the quality profiles.");
128 i18n.put("global_permissions.gateadmin", "Administer Quality Gates");
129 i18n.put("global_permissions.gateadmin.desc", "Ability to perform any action on the quality gates.");
130 i18n.put("global_permissions.shareDashboard", "Share Dashboards And Filters");
131 i18n.put("global_permissions.shareDashboard.desc", "Ability to share dashboards, issue filters and measure filters.");
132 i18n.put("global_permissions.scan", "Execute Analysis");
133 i18n.put("global_permissions.scan.desc", "Ability to execute analyses, and to get all settings required to perform the analysis, " +
134 "even the secured ones like the scm account password, the jira account password, and so on.");
135 i18n.put("global_permissions.provisioning", "Create Projects");
136 i18n.put("global_permissions.provisioning.desc", "Ability to initialize project structure before first analysis.");
139 private UserDto insertUser(UserDto user) {
140 return db.getDbClient().userDao().insert(db.getSession(), user);
143 private void insertUserRole(UserRoleDto userRole) {
144 db.getDbClient().roleDao().insertUserRole(db.getSession(), userRole);
147 private GroupDto insertGroup(GroupDto groupDto) {
148 return db.getDbClient().groupDao().insert(db.getSession(), groupDto);
151 private void insertGroupRole(GroupRoleDto group) {
152 db.getDbClient().roleDao().insertGroupRole(db.getSession(), group);
155 private static UserDto newUserDto(String login, String name) {
156 return new UserDto().setLogin(login).setName(name).setActive(true);
159 private static GroupDto newGroupDto(String name, String description) {
160 return new GroupDto().setName(name).setDescription(description);
163 private static GroupRoleDto newGroupRole(String role, @Nullable Long groupId) {
164 GroupRoleDto groupRole = new GroupRoleDto().setRole(role);
165 if (groupId != null) {
166 groupRole.setGroupId(groupId);
172 private static UserRoleDto newUserRoleDto(String role, long userId) {
173 return new UserRoleDto()