3 * Copyright (C) 2009-2016 SonarSource SA
4 * mailto:contact AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.server.permission.ws.template;
22 import com.google.common.base.Function;
23 import java.util.List;
24 import javax.annotation.Nonnull;
25 import javax.annotation.Nullable;
26 import org.junit.Before;
27 import org.junit.Rule;
28 import org.junit.Test;
29 import org.junit.rules.ExpectedException;
30 import org.sonar.api.resources.Qualifiers;
31 import org.sonar.api.utils.System2;
32 import org.sonar.api.web.UserRole;
33 import org.sonar.core.permission.GlobalPermissions;
34 import org.sonar.db.DbClient;
35 import org.sonar.db.DbSession;
36 import org.sonar.db.DbTester;
37 import org.sonar.db.component.ResourceTypesRule;
38 import org.sonar.db.permission.GroupWithPermissionDto;
39 import org.sonar.db.permission.OldPermissionQuery;
40 import org.sonar.db.permission.PermissionTemplateDto;
41 import org.sonar.db.user.GroupDto;
42 import org.sonar.server.component.ComponentFinder;
43 import org.sonar.server.exceptions.BadRequestException;
44 import org.sonar.server.exceptions.ForbiddenException;
45 import org.sonar.server.exceptions.NotFoundException;
46 import org.sonar.server.exceptions.UnauthorizedException;
47 import org.sonar.server.permission.ws.PermissionDependenciesFinder;
48 import org.sonar.server.tester.UserSessionRule;
49 import org.sonar.server.usergroups.ws.UserGroupFinder;
50 import org.sonar.server.ws.TestRequest;
51 import org.sonar.server.ws.WsActionTester;
53 import static com.google.common.collect.FluentIterable.from;
54 import static org.assertj.core.api.Assertions.assertThat;
55 import static org.sonar.api.security.DefaultGroups.ANYONE;
56 import static org.sonar.api.web.UserRole.ADMIN;
57 import static org.sonar.api.web.UserRole.CODEVIEWER;
58 import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
59 import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateDto;
60 import static org.sonar.db.user.GroupMembershipQuery.IN;
61 import static org.sonar.db.user.GroupTesting.newGroupDto;
62 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
63 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
64 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
65 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
66 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
69 public class AddGroupToTemplateActionTest {
71 private static final String GROUP_NAME = "group-name";
73 public DbTester db = DbTester.create(System2.INSTANCE);
75 public ExpectedException expectedException = ExpectedException.none();
77 public UserSessionRule userSession = UserSessionRule.standalone();
78 ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, "DEV");
84 PermissionTemplateDto permissionTemplate;
88 dbClient = db.getDbClient();
89 dbSession = db.getSession();
90 userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
92 PermissionDependenciesFinder dependenciesFinder = new PermissionDependenciesFinder(dbClient, new ComponentFinder(dbClient), new UserGroupFinder(dbClient), resourceTypes);
93 ws = new WsActionTester(new AddGroupToTemplateAction(dbClient, dependenciesFinder, userSession));
95 group = insertGroup(newGroupDto().setName(GROUP_NAME));
96 permissionTemplate = insertPermissionTemplate(newPermissionTemplateDto());
101 public void add_group_to_template() {
102 newRequest(GROUP_NAME, permissionTemplate.getUuid(), CODEVIEWER);
104 assertThat(getGroupNamesInTemplateAndPermission(permissionTemplate.getId(), CODEVIEWER)).containsExactly(GROUP_NAME);
108 public void add_group_to_template_by_name() {
110 .setParam(PARAM_GROUP_NAME, GROUP_NAME)
111 .setParam(PARAM_PERMISSION, CODEVIEWER)
112 .setParam(PARAM_TEMPLATE_NAME, permissionTemplate.getName().toUpperCase())
116 assertThat(getGroupNamesInTemplateAndPermission(permissionTemplate.getId(), CODEVIEWER)).containsExactly(GROUP_NAME);
120 public void add_with_group_id() {
122 .setParam(PARAM_TEMPLATE_ID, permissionTemplate.getUuid())
123 .setParam(PARAM_PERMISSION, CODEVIEWER)
124 .setParam(PARAM_GROUP_ID, String.valueOf(group.getId()))
127 assertThat(getGroupNamesInTemplateAndPermission(permissionTemplate.getId(), CODEVIEWER)).containsExactly(GROUP_NAME);
131 public void does_not_add_a_group_twice() {
132 newRequest(GROUP_NAME, permissionTemplate.getUuid(), ISSUE_ADMIN);
133 newRequest(GROUP_NAME, permissionTemplate.getUuid(), ISSUE_ADMIN);
135 assertThat(getGroupNamesInTemplateAndPermission(permissionTemplate.getId(), ISSUE_ADMIN)).containsExactly(GROUP_NAME);
139 public void add_anyone_group_to_template() {
140 newRequest(ANYONE, permissionTemplate.getUuid(), CODEVIEWER);
142 assertThat(getGroupNamesInTemplateAndPermission(permissionTemplate.getId(), CODEVIEWER)).containsExactly(ANYONE);
146 public void fail_if_add_anyone_group_to_admin_permission() {
147 expectedException.expect(BadRequestException.class);
148 expectedException.expectMessage(String.format("It is not possible to add the '%s' permission to the '%s' group.", UserRole.ADMIN, ANYONE));
150 newRequest(ANYONE, permissionTemplate.getUuid(), ADMIN);
154 public void fail_if_not_a_project_permission() {
155 expectedException.expect(BadRequestException.class);
157 newRequest(GROUP_NAME, permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
161 public void fail_if_insufficient_privileges() {
162 expectedException.expect(ForbiddenException.class);
163 userSession.setGlobalPermissions(GlobalPermissions.QUALITY_PROFILE_ADMIN);
165 newRequest(GROUP_NAME, permissionTemplate.getUuid(), CODEVIEWER);
169 public void fail_if_not_logged_in() {
170 expectedException.expect(UnauthorizedException.class);
171 userSession.anonymous();
173 newRequest(GROUP_NAME, permissionTemplate.getUuid(), CODEVIEWER);
177 public void fail_if_group_params_missing() {
178 expectedException.expect(BadRequestException.class);
180 newRequest(null, permissionTemplate.getUuid(), CODEVIEWER);
184 public void fail_if_permission_missing() {
185 expectedException.expect(IllegalArgumentException.class);
187 newRequest(GROUP_NAME, permissionTemplate.getUuid(), null);
191 public void fail_if_template_uuid_and_name_missing() {
192 expectedException.expect(BadRequestException.class);
194 newRequest(GROUP_NAME, null, CODEVIEWER);
198 public void fail_if_group_does_not_exist() {
199 expectedException.expect(NotFoundException.class);
200 expectedException.expectMessage("Group with name 'unknown-group-name' is not found");
202 newRequest("unknown-group-name", permissionTemplate.getUuid(), CODEVIEWER);
206 public void fail_if_template_key_does_not_exist() {
207 expectedException.expect(NotFoundException.class);
208 expectedException.expectMessage("Permission template with id 'unknown-key' is not found");
210 newRequest(GROUP_NAME, "unknown-key", CODEVIEWER);
213 private void newRequest(@Nullable String groupName, @Nullable String templateKey, @Nullable String permission) {
214 TestRequest request = ws.newRequest();
215 if (groupName != null) {
216 request.setParam(PARAM_GROUP_NAME, groupName);
218 if (templateKey != null) {
219 request.setParam(PARAM_TEMPLATE_ID, templateKey);
221 if (permission != null) {
222 request.setParam(PARAM_PERMISSION, permission);
228 private void commit() {
232 private GroupDto insertGroup(GroupDto groupDto) {
233 return dbClient.groupDao().insert(dbSession, groupDto);
236 private PermissionTemplateDto insertPermissionTemplate(PermissionTemplateDto permissionTemplate) {
237 return dbClient.permissionTemplateDao().insert(dbSession, permissionTemplate);
240 private List<String> getGroupNamesInTemplateAndPermission(long templateId, String permission) {
241 OldPermissionQuery permissionQuery = OldPermissionQuery.builder().permission(permission).membership(IN).build();
242 return from(dbClient.permissionTemplateDao()
243 .selectGroups(dbSession, permissionQuery, templateId))
244 .transform(GroupWithPermissionToGroupName.INSTANCE)
248 private enum GroupWithPermissionToGroupName implements Function<GroupWithPermissionDto, String> {
252 public String apply(@Nonnull GroupWithPermissionDto groupWithPermission) {
253 return groupWithPermission.getName();