]> source.dussan.org Git - sonarqube.git/blob
37add93ad632d476427e62a9aff7e983f7d2c4a1
[sonarqube.git] /
1 /*
2  * SonarQube
3  * Copyright (C) 2009-2024 SonarSource SA
4  * mailto:info AT sonarsource DOT com
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20 package org.sonar.server.qualityprofile.ws;
21
22 import org.junit.Rule;
23 import org.junit.Test;
24 import org.sonar.api.server.ws.WebService;
25 import org.sonar.db.DbClient;
26 import org.sonar.db.DbTester;
27 import org.sonar.db.qualityprofile.QProfileDto;
28 import org.sonar.db.user.GroupDto;
29 import org.sonar.db.user.UserDto;
30 import org.sonar.server.exceptions.BadRequestException;
31 import org.sonar.server.exceptions.ForbiddenException;
32 import org.sonar.server.exceptions.UnauthorizedException;
33 import org.sonar.server.qualityprofile.QProfileRules;
34 import org.sonar.server.rule.ws.RuleQueryFactory;
35 import org.sonar.server.tester.UserSessionRule;
36 import org.sonar.server.ws.TestRequest;
37 import org.sonar.server.ws.WsActionTester;
38
39 import static org.apache.commons.lang.RandomStringUtils.randomAlphanumeric;
40 import static org.assertj.core.api.Assertions.assertThat;
41 import static org.assertj.core.api.Assertions.assertThatThrownBy;
42 import static org.mockito.ArgumentMatchers.any;
43 import static org.mockito.Mockito.RETURNS_DEEP_STUBS;
44 import static org.mockito.Mockito.mock;
45 import static org.mockito.Mockito.verify;
46 import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_PROFILES;
47 import static org.sonar.db.permission.GlobalPermission.SCAN;
48 import static org.sonar.server.platform.db.migration.def.VarcharColumnDef.UUID_SIZE;
49 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_TARGET_KEY;
50
51 public class DeactivateRulesActionIT {
52
53   @Rule
54   public DbTester db = DbTester.create();
55   @Rule
56   public UserSessionRule userSession = UserSessionRule.standalone();
57
58   private DbClient dbClient = db.getDbClient();
59   private QProfileRules qProfileRules = mock(QProfileRules.class, RETURNS_DEEP_STUBS);
60   private final QProfileWsSupport wsSupport = new QProfileWsSupport(dbClient, userSession);
61   private RuleQueryFactory ruleQueryFactory = mock(RuleQueryFactory.class, RETURNS_DEEP_STUBS);
62   private DeactivateRulesAction underTest = new DeactivateRulesAction(ruleQueryFactory, userSession, qProfileRules, wsSupport, dbClient);
63   private WsActionTester ws = new WsActionTester(underTest);
64
65   @Test
66   public void definition() {
67     WebService.Action definition = ws.getDef();
68     assertThat(definition).isNotNull();
69     assertThat(definition.isPost()).isTrue();
70     assertThat(definition.params()).extracting(WebService.Param::key).containsExactlyInAnyOrder(
71       "types",
72       "template_key",
73       "languages",
74       "is_template",
75       "inheritance",
76       "qprofile",
77       "compareToProfile",
78       "tags",
79       "asc",
80       "q",
81       "active_severities",
82       "s",
83       "repositories",
84       "targetKey",
85       "statuses",
86       "rule_key",
87       "available_since",
88       "activation",
89       "severities",
90       "cwe",
91       "owaspTop10",
92       "owaspTop10-2021",
93       "sansTop25",
94       "sonarsourceSecurity",
95       "cleanCodeAttributeCategories",
96       "impactSoftwareQualities",
97       "impactSeverities");
98   }
99
100   @Test
101   public void as_global_admin() {
102     UserDto user = db.users().insertUser();
103     QProfileDto qualityProfile = db.qualityProfiles().insert();
104     userSession.logIn(user).addPermission(ADMINISTER_QUALITY_PROFILES);
105
106     ws.newRequest()
107       .setMethod("POST")
108       .setParam(PARAM_TARGET_KEY, qualityProfile.getKee())
109       .execute();
110
111     verify(qProfileRules).bulkDeactivateAndCommit(any(), any(), any());
112   }
113
114   @Test
115   public void as_qprofile_editor() {
116     UserDto user = db.users().insertUser();
117     GroupDto group = db.users().insertGroup();
118     QProfileDto qualityProfile = db.qualityProfiles().insert();
119     db.qualityProfiles().addGroupPermission(qualityProfile, group);
120     userSession.logIn(user).setGroups(group);
121
122     ws.newRequest()
123       .setMethod("POST")
124       .setParam(PARAM_TARGET_KEY, qualityProfile.getKee())
125       .execute();
126
127     verify(qProfileRules).bulkDeactivateAndCommit(any(), any(), any());
128   }
129
130   @Test
131   public void fail_if_not_logged_in() {
132     TestRequest request = ws.newRequest()
133       .setMethod("POST")
134       .setParam(PARAM_TARGET_KEY, randomAlphanumeric(UUID_SIZE));
135
136     assertThatThrownBy(request::execute)
137       .isInstanceOf(UnauthorizedException.class);
138   }
139
140   @Test
141   public void fail_if_built_in_profile() {
142     userSession.logIn().addPermission(ADMINISTER_QUALITY_PROFILES);
143     QProfileDto qualityProfile = db.qualityProfiles().insert(p -> p.setIsBuiltIn(true));
144     TestRequest request = ws.newRequest()
145       .setMethod("POST")
146       .setParam(PARAM_TARGET_KEY, qualityProfile.getKee());
147
148     assertThatThrownBy(request::execute)
149       .isInstanceOf(BadRequestException.class);
150   }
151
152   @Test
153   public void fail_if_not_quality_profile_administrator() {
154     userSession.logIn(db.users().insertUser()).addPermission(SCAN);
155     QProfileDto qualityProfile = db.qualityProfiles().insert();
156     TestRequest request = ws.newRequest()
157       .setMethod("POST")
158       .setParam(PARAM_TARGET_KEY, qualityProfile.getKee());
159
160     assertThatThrownBy(request::execute)
161       .isInstanceOf(ForbiddenException.class);
162   }
163 }