source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2019 SonarSource SA
   4  * mailto:info AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.server.qualityprofile.ws;
  21
  22 import org.junit.Before;
  23 import org.junit.Rule;
  24 import org.junit.Test;
  25 import org.junit.rules.ExpectedException;
  26 import org.sonar.api.server.ws.WebService;
  27 import org.sonar.db.DbClient;
  28 import org.sonar.db.DbTester;
  29 import org.sonar.db.organization.OrganizationDto;
  30 import org.sonar.db.qualityprofile.QProfileDto;
  31 import org.sonar.db.user.GroupDto;
  32 import org.sonar.db.user.UserDto;
  33 import org.sonar.server.exceptions.BadRequestException;
  34 import org.sonar.server.exceptions.ForbiddenException;
  35 import org.sonar.server.exceptions.UnauthorizedException;
  36 import org.sonar.server.organization.TestDefaultOrganizationProvider;
  37 import org.sonar.server.qualityprofile.QProfileRules;
  38 import org.sonar.server.rule.ws.RuleQueryFactory;
  39 import org.sonar.server.tester.UserSessionRule;
  40 import org.sonar.server.ws.TestRequest;
  41 import org.sonar.server.ws.WsActionTester;
  42
  43 import static org.apache.commons.lang.RandomStringUtils.randomAlphanumeric;
  44 import static org.assertj.core.api.Assertions.assertThat;
  45 import static org.mockito.ArgumentMatchers.any;
  46 import static org.mockito.Mockito.RETURNS_DEEP_STUBS;
  47 import static org.mockito.Mockito.mock;
  48 import static org.mockito.Mockito.verify;
  49 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;
  50 import static org.sonar.server.platform.db.migration.def.VarcharColumnDef.UUID_SIZE;
  51 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_ORGANIZATION;
  52 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_TARGET_KEY;
  53
  54 public class DeactivateRulesActionTest {
  55
  56   @Rule
  57   public DbTester db = DbTester.create();
  58   @Rule
  59   public UserSessionRule userSession = UserSessionRule.standalone();
  60   @Rule
  61   public ExpectedException thrown = ExpectedException.none();
  62
  63   private DbClient dbClient = db.getDbClient();
  64   private QProfileRules qProfileRules = mock(QProfileRules.class, RETURNS_DEEP_STUBS);
  65   private QProfileWsSupport wsSupport = new QProfileWsSupport(dbClient, userSession, TestDefaultOrganizationProvider.from(db));
  66   private RuleQueryFactory ruleQueryFactory = mock(RuleQueryFactory.class, RETURNS_DEEP_STUBS);
  67   private DeactivateRulesAction underTest = new DeactivateRulesAction(ruleQueryFactory, userSession, qProfileRules, wsSupport, dbClient);
  68   private WsActionTester ws = new WsActionTester(underTest);
  69   private OrganizationDto defaultOrganization;
  70   private OrganizationDto organization;
  71
  72   @Before
  73   public void before() {
  74     defaultOrganization = db.getDefaultOrganization();
  75     organization = db.organizations().insert();
  76   }
  77
  78   @Test
  79   public void definition() {
  80     WebService.Action definition = ws.getDef();
  81     assertThat(definition).isNotNull();
  82     assertThat(definition.isPost()).isTrue();
  83     assertThat(definition.params()).extracting(WebService.Param::key).containsExactlyInAnyOrder(
  84       "types",
  85       "template_key",
  86       "languages",
  87       "is_template",
  88       "inheritance",
  89       "qprofile",
  90       "compareToProfile",
  91       "tags",
  92       "asc",
  93       "q",
  94       "active_severities",
  95       "s",
  96       "repositories",
  97       "targetKey",
  98       "statuses",
  99       "rule_key",
 100       "available_since",
 101       "activation",
 102       "severities",
 103       "organization",
 104       "cwe",
 105       "owaspTop10",
 106       "sansTop25",
 107       "sonarsourceSecurity");
 108     WebService.Param targetProfile = definition.param("targetKey");
 109     assertThat(targetProfile.deprecatedKey()).isEqualTo("profile_key");
 110   }
 111
 112   @Test
 113   public void as_global_admin() {
 114     UserDto user = db.users().insertUser();
 115     QProfileDto qualityProfile = db.qualityProfiles().insert(organization);
 116     userSession.logIn(user).addPermission(ADMINISTER_QUALITY_PROFILES, organization);
 117
 118     ws.newRequest()
 119       .setMethod("POST")
 120       .setParam(PARAM_ORGANIZATION, organization.getKey())
 121       .setParam(PARAM_TARGET_KEY, qualityProfile.getKee())
 122       .execute();
 123
 124     verify(qProfileRules).bulkDeactivateAndCommit(any(), any(), any());
 125   }
 126
 127   @Test
 128   public void as_qprofile_editor() {
 129     UserDto user = db.users().insertUser();
 130     GroupDto group = db.users().insertGroup(organization);
 131     QProfileDto qualityProfile = db.qualityProfiles().insert(organization);
 132     db.organizations().addMember(organization, user);
 133     db.qualityProfiles().addGroupPermission(qualityProfile, group);
 134     userSession.logIn(user).setGroups(group);
 135
 136     ws.newRequest()
 137       .setMethod("POST")
 138       .setParam(PARAM_ORGANIZATION, organization.getKey())
 139       .setParam(PARAM_TARGET_KEY, qualityProfile.getKee())
 140       .execute();
 141
 142     verify(qProfileRules).bulkDeactivateAndCommit(any(), any(), any());
 143   }
 144
 145   @Test
 146   public void fail_if_not_logged_in() {
 147     TestRequest request = ws.newRequest()
 148       .setMethod("POST")
 149       .setParam(PARAM_TARGET_KEY, randomAlphanumeric(UUID_SIZE));
 150
 151     thrown.expect(UnauthorizedException.class);
 152     request.execute();
 153   }
 154
 155   @Test
 156   public void fail_if_built_in_profile() {
 157     userSession.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganization);
 158     QProfileDto qualityProfile = db.qualityProfiles().insert(defaultOrganization, p -> p.setIsBuiltIn(true));
 159     TestRequest request = ws.newRequest()
 160       .setMethod("POST")
 161       .setParam(PARAM_TARGET_KEY, qualityProfile.getKee());
 162
 163     thrown.expect(BadRequestException.class);
 164
 165     request.execute();
 166   }
 167
 168   @Test
 169   public void fail_if_not_organization_quality_profile_administrator() {
 170     userSession.logIn(db.users().insertUser()).addPermission(ADMINISTER_QUALITY_PROFILES, defaultOrganization);
 171     QProfileDto qualityProfile = db.qualityProfiles().insert(organization);
 172     TestRequest request = ws.newRequest()
 173       .setMethod("POST")
 174       .setParam(PARAM_TARGET_KEY, qualityProfile.getKee());
 175
 176     thrown.expect(ForbiddenException.class);
 177     request.execute();
 178   }
 179 }