]> source.dussan.org Git - sonarqube.git/blob
projects / sonarqube.git / blob
? search:


326a75ac709c7f08b2f5929d85f413f246f2d2a2
[sonarqube.git] /
1 /*
2  * SonarQube
3  * Copyright (C) 2009-2020 SonarSource SA
4  * mailto:info AT sonarsource DOT com
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20 package org.sonar.server.permission.index;
21
22 import java.util.Collection;
23 import org.junit.Rule;
24 import org.junit.Test;
25 import org.junit.rules.ExpectedException;
26 import org.sonar.api.utils.System2;
27 import org.sonar.db.DbSession;
28 import org.sonar.db.DbTester;
29 import org.sonar.db.component.ComponentDto;
30 import org.sonar.db.es.EsQueueDto;
31 import org.sonar.db.organization.OrganizationDto;
32 import org.sonar.db.user.GroupDto;
33 import org.sonar.db.user.UserDto;
34 import org.sonar.server.es.EsTester;
35 import org.sonar.server.es.IndexType;
36 import org.sonar.server.es.IndexType.IndexMainType;
37 import org.sonar.server.es.IndexingResult;
38 import org.sonar.server.es.ProjectIndexer;
39 import org.sonar.server.tester.UserSessionRule;
40
41 import static java.util.Arrays.asList;
42 import static java.util.Collections.singletonList;
43 import static org.assertj.core.api.Assertions.assertThat;
44 import static org.sonar.api.web.UserRole.ADMIN;
45 import static org.sonar.api.web.UserRole.USER;
46 import static org.sonar.server.es.ProjectIndexer.Cause.PERMISSION_CHANGE;
47 import static org.sonar.server.permission.index.IndexAuthorizationConstants.TYPE_AUTHORIZATION;
48
49 public class PermissionIndexerTest {
50
51   private static final IndexMainType INDEX_TYPE_FOO_AUTH = IndexType.main(FooIndexDefinition.DESCRIPTOR, TYPE_AUTHORIZATION);
52
53   @Rule
54   public ExpectedException expectedException = ExpectedException.none();
55   @Rule
56   public DbTester db = DbTester.create(System2.INSTANCE);
57   @Rule
58   public EsTester es = EsTester.createCustom(new FooIndexDefinition());
59   @Rule
60   public UserSessionRule userSession = UserSessionRule.standalone();
61
62   private FooIndex fooIndex = new FooIndex(es.client(), new WebAuthorizationTypeSupport(userSession));
63   private FooIndexer fooIndexer = new FooIndexer(es.client());
64   private PermissionIndexer underTest = new PermissionIndexer(db.getDbClient(), es.client(), fooIndexer);
65
66   @Test
67   public void indexOnStartup_grants_access_to_any_user_and_to_group_Anyone_on_public_projects() {
68     ComponentDto project = createAndIndexPublicProject();
69     UserDto user1 = db.users().insertUser();
70     UserDto user2 = db.users().insertUser();
71
72     indexOnStartup();
73
74     verifyAnyoneAuthorized(project);
75     verifyAuthorized(project, user1);
76     verifyAuthorized(project, user2);
77   }
78
79   @Test
80   public void deletion_resilience_will_deindex_projects() {
81     ComponentDto project1 = createUnindexedPublicProject();
82     ComponentDto project2 = createUnindexedPublicProject();
83     // UserDto user1 = db.users().insertUser();
84     indexOnStartup();
85     assertThat(es.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(2);
86
87     // Simulate a indexation issue
88     db.getDbClient().componentDao().delete(db.getSession(), project1.uuid());
89     underTest.prepareForRecovery(db.getSession(), asList(project1.uuid()), ProjectIndexer.Cause.PROJECT_DELETION);
90     assertThat(db.countRowsOfTable(db.getSession(), "es_queue")).isEqualTo(1);
91     Collection<EsQueueDto> esQueueDtos = db.getDbClient().esQueueDao().selectForRecovery(db.getSession(), Long.MAX_VALUE, 2);
92
93     underTest.index(db.getSession(), esQueueDtos);
94
95     assertThat(db.countRowsOfTable(db.getSession(), "es_queue")).isEqualTo(0);
96     assertThat(es.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(1);
97   }
98
99   @Test
100   public void indexOnStartup_grants_access_to_user() {
101     ComponentDto project = createAndIndexPrivateProject();
102     UserDto user1 = db.users().insertUser();
103     UserDto user2 = db.users().insertUser();
104     db.users().insertProjectPermissionOnUser(user1, USER, project);
105     db.users().insertProjectPermissionOnUser(user2, ADMIN, project);
106
107     indexOnStartup();
108
109     // anonymous
110     verifyAnyoneNotAuthorized(project);
111
112     // user1 has access
113     verifyAuthorized(project, user1);
114
115     // user2 has not access (only USER permission is accepted)
116     verifyNotAuthorized(project, user2);
117   }
118
119   @Test
120   public void indexOnStartup_grants_access_to_group_on_private_project() {
121     ComponentDto project = createAndIndexPrivateProject();
122     UserDto user1 = db.users().insertUser();
123     UserDto user2 = db.users().insertUser();
124     UserDto user3 = db.users().insertUser();
125     GroupDto group1 = db.users().insertGroup();
126     GroupDto group2 = db.users().insertGroup();
127     db.users().insertProjectPermissionOnGroup(group1, USER, project);
128     db.users().insertProjectPermissionOnGroup(group2, ADMIN, project);
129
130     indexOnStartup();
131
132     // anonymous
133     verifyAnyoneNotAuthorized(project);
134
135     // group1 has access
136     verifyAuthorized(project, user1, group1);
137
138     // group2 has not access (only USER permission is accepted)
139     verifyNotAuthorized(project, user2, group2);
140
141     // user3 is not in any group
142     verifyNotAuthorized(project, user3);
143   }
144
145   @Test
146   public void indexOnStartup_grants_access_to_user_and_group() {
147     ComponentDto project = createAndIndexPrivateProject();
148     UserDto user1 = db.users().insertUser();
149     UserDto user2 = db.users().insertUser();
150     GroupDto group = db.users().insertGroup();
151     db.users().insertMember(group, user2);
152     db.users().insertProjectPermissionOnUser(user1, USER, project);
153     db.users().insertProjectPermissionOnGroup(group, USER, project);
154
155     indexOnStartup();
156
157     // anonymous
158     verifyAnyoneNotAuthorized(project);
159
160     // has direct access
161     verifyAuthorized(project, user1);
162
163     // has access through group
164     verifyAuthorized(project, user1, group);
165
166     // no access
167     verifyNotAuthorized(project, user2);
168   }
169
170   @Test
171   public void indexOnStartup_does_not_grant_access_to_anybody_on_private_project() {
172     ComponentDto project = createAndIndexPrivateProject();
173     UserDto user = db.users().insertUser();
174     GroupDto group = db.users().insertGroup();
175
176     indexOnStartup();
177
178     verifyAnyoneNotAuthorized(project);
179     verifyNotAuthorized(project, user);
180     verifyNotAuthorized(project, user, group);
181   }
182
183   @Test
184   public void indexOnStartup_grants_access_to_anybody_on_public_project() {
185     ComponentDto project = createAndIndexPublicProject();
186     UserDto user = db.users().insertUser();
187     GroupDto group = db.users().insertGroup();
188
189     indexOnStartup();
190
191     verifyAnyoneAuthorized(project);
192     verifyAuthorized(project, user);
193     verifyAuthorized(project, user, group);
194   }
195
196   @Test
197   public void indexOnStartup_grants_access_to_anybody_on_view() {
198     ComponentDto view = createAndIndexView();
199     UserDto user = db.users().insertUser();
200     GroupDto group = db.users().insertGroup();
201
202     indexOnStartup();
203
204     verifyAnyoneAuthorized(view);
205     verifyAuthorized(view, user);
206     verifyAuthorized(view, user, group);
207   }
208
209   @Test
210   public void indexOnStartup_grants_access_on_many_projects() {
211     UserDto user1 = db.users().insertUser();
212     UserDto user2 = db.users().insertUser();
213     ComponentDto project = null;
214     for (int i = 0; i < 10; i++) {
215       project = createAndIndexPrivateProject();
216       db.users().insertProjectPermissionOnUser(user1, USER, project);
217     }
218
219     indexOnStartup();
220
221     verifyAnyoneNotAuthorized(project);
222     verifyAuthorized(project, user1);
223     verifyNotAuthorized(project, user2);
224   }
225
226   @Test
227   public void public_projects_are_visible_to_anybody_whatever_the_organization() {
228     ComponentDto projectOnOrg1 = createAndIndexPublicProject(db.organizations().insert());
229     ComponentDto projectOnOrg2 = createAndIndexPublicProject(db.organizations().insert());
230     UserDto user = db.users().insertUser();
231
232     indexOnStartup();
233
234     verifyAnyoneAuthorized(projectOnOrg1);
235     verifyAnyoneAuthorized(projectOnOrg2);
236     verifyAuthorized(projectOnOrg1, user);
237     verifyAuthorized(projectOnOrg2, user);
238   }
239
240   @Test
241   public void indexOnAnalysis_does_nothing_because_CE_does_not_touch_permissions() {
242     ComponentDto project = createAndIndexPublicProject();
243
244     underTest.indexOnAnalysis(project.uuid());
245
246     assertThatAuthIndexHasSize(0);
247     verifyAnyoneNotAuthorized(project);
248   }
249
250   @Test
251   public void permissions_are_not_updated_on_project_tags_update() {
252     ComponentDto project = createAndIndexPublicProject();
253
254     indexPermissions(project, ProjectIndexer.Cause.PROJECT_TAGS_UPDATE);
255
256     assertThatAuthIndexHasSize(0);
257     verifyAnyoneNotAuthorized(project);
258   }
259
260   @Test
261   public void permissions_are_not_updated_on_project_key_update() {
262     ComponentDto project = createAndIndexPublicProject();
263
264     indexPermissions(project, ProjectIndexer.Cause.PROJECT_TAGS_UPDATE);
265
266     assertThatAuthIndexHasSize(0);
267     verifyAnyoneNotAuthorized(project);
268   }
269
270   @Test
271   public void index_permissions_on_project_creation() {
272     ComponentDto project = createAndIndexPrivateProject();
273     UserDto user = db.users().insertUser();
274     db.users().insertProjectPermissionOnUser(user, USER, project);
275
276     indexPermissions(project, ProjectIndexer.Cause.PROJECT_CREATION);
277
278     assertThatAuthIndexHasSize(1);
279     verifyAuthorized(project, user);
280   }
281
282   @Test
283   public void index_permissions_on_permission_change() {
284     ComponentDto project = createAndIndexPrivateProject();
285     UserDto user1 = db.users().insertUser();
286     UserDto user2 = db.users().insertUser();
287     db.users().insertProjectPermissionOnUser(user1, USER, project);
288     indexPermissions(project, ProjectIndexer.Cause.PROJECT_CREATION);
289     verifyAuthorized(project, user1);
290     verifyNotAuthorized(project, user2);
291
292     db.users().insertProjectPermissionOnUser(user2, USER, project);
293     indexPermissions(project, PERMISSION_CHANGE);
294
295     verifyAuthorized(project, user1);
296     verifyAuthorized(project, user1);
297   }
298
299   @Test
300   public void delete_permissions_on_project_deletion() {
301     ComponentDto project = createAndIndexPrivateProject();
302     UserDto user = db.users().insertUser();
303     db.users().insertProjectPermissionOnUser(user, USER, project);
304     indexPermissions(project, ProjectIndexer.Cause.PROJECT_CREATION);
305     verifyAuthorized(project, user);
306
307     db.getDbClient().componentDao().delete(db.getSession(), project.uuid());
308     indexPermissions(project, ProjectIndexer.Cause.PROJECT_DELETION);
309
310     verifyNotAuthorized(project, user);
311     assertThatAuthIndexHasSize(0);
312   }
313
314   @Test
315   public void errors_during_indexing_are_recovered() {
316     ComponentDto project = createAndIndexPublicProject();
317     es.lockWrites(INDEX_TYPE_FOO_AUTH);
318
319     IndexingResult result = indexPermissions(project, PERMISSION_CHANGE);
320     assertThat(result.getTotal()).isEqualTo(1L);
321     assertThat(result.getFailures()).isEqualTo(1L);
322
323     // index is still read-only, fail to recover
324     result = recover();
325     assertThat(result.getTotal()).isEqualTo(1L);
326     assertThat(result.getFailures()).isEqualTo(1L);
327     assertThatAuthIndexHasSize(0);
328     assertThatEsQueueTableHasSize(1);
329
330     es.unlockWrites(INDEX_TYPE_FOO_AUTH);
331
332     result = recover();
333     assertThat(result.getTotal()).isEqualTo(1L);
334     assertThat(result.getFailures()).isEqualTo(0L);
335     verifyAnyoneAuthorized(project);
336     assertThatEsQueueTableHasSize(0);
337   }
338
339   private void assertThatAuthIndexHasSize(int expectedSize) {
340     assertThat(es.countDocuments(FooIndexDefinition.TYPE_AUTHORIZATION)).isEqualTo(expectedSize);
341   }
342
343   private void indexOnStartup() {
344     underTest.indexOnStartup(underTest.getIndexTypes());
345   }
346
347   private void verifyAuthorized(ComponentDto project, UserDto user) {
348     logIn(user);
349     verifyAuthorized(project, true);
350   }
351
352   private void verifyAuthorized(ComponentDto project, UserDto user, GroupDto group) {
353     logIn(user).setGroups(group);
354     verifyAuthorized(project, true);
355   }
356
357   private void verifyNotAuthorized(ComponentDto project, UserDto user) {
358     logIn(user);
359     verifyAuthorized(project, false);
360   }
361
362   private void verifyNotAuthorized(ComponentDto project, UserDto user, GroupDto group) {
363     logIn(user).setGroups(group);
364     verifyAuthorized(project, false);
365   }
366
367   private void verifyAnyoneAuthorized(ComponentDto project) {
368     userSession.anonymous();
369     verifyAuthorized(project, true);
370   }
371
372   private void verifyAnyoneNotAuthorized(ComponentDto project) {
373     userSession.anonymous();
374     verifyAuthorized(project, false);
375   }
376
377   private void verifyAuthorized(ComponentDto project, boolean expectedAccess) {
378     assertThat(fooIndex.hasAccessToProject(project.uuid())).isEqualTo(expectedAccess);
379   }
380
381   private UserSessionRule logIn(UserDto u) {
382     userSession.logIn(u);
383     return userSession;
384   }
385
386   private IndexingResult indexPermissions(ComponentDto project, ProjectIndexer.Cause cause) {
387     DbSession dbSession = db.getSession();
388     Collection<EsQueueDto> items = underTest.prepareForRecovery(dbSession, singletonList(project.uuid()), cause);
389     dbSession.commit();
390     return underTest.index(dbSession, items);
391   }
392
393   private ComponentDto createUnindexedPublicProject() {
394     return db.components().insertPublicProject();
395   }
396
397   private ComponentDto createAndIndexPrivateProject() {
398     ComponentDto project = db.components().insertPrivateProject();
399     fooIndexer.indexOnAnalysis(project.uuid());
400     return project;
401   }
402
403   private ComponentDto createAndIndexPublicProject() {
404     ComponentDto project = db.components().insertPublicProject();
405     fooIndexer.indexOnAnalysis(project.uuid());
406     return project;
407   }
408
409   private ComponentDto createAndIndexView() {
410     ComponentDto view = db.components().insertView();
411     fooIndexer.indexOnAnalysis(view.uuid());
412     return view;
413   }
414
415   private ComponentDto createAndIndexPublicProject(OrganizationDto org) {
416     ComponentDto project = db.components().insertPublicProject(org);
417     fooIndexer.indexOnAnalysis(project.uuid());
418     return project;
419   }
420
421   private IndexingResult recover() {
422     Collection<EsQueueDto> items = db.getDbClient().esQueueDao().selectForRecovery(db.getSession(), System.currentTimeMillis() + 1_000L, 10);
423     return underTest.index(db.getSession(), items);
424   }
425
426   private void assertThatEsQueueTableHasSize(int expectedSize) {
427     assertThat(db.countRowsOfTable("es_queue")).isEqualTo(expectedSize);
428   }
429
430 }
Continuous Inspection: https://github.com/SonarSource/sonarqube