]> source.dussan.org Git - sonarqube.git/blob
5017a9b621dd1c10dc71275209b81970bf139c1e
[sonarqube.git] /
1 /*
2  * SonarQube
3  * Copyright (C) 2009-2016 SonarSource SA
4  * mailto:contact AT sonarsource DOT com
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20 package org.sonar.server.permission.ws.template;
21
22 import com.google.common.base.Predicate;
23 import com.google.common.collect.FluentIterable;
24 import java.util.List;
25 import javax.annotation.Nullable;
26 import org.junit.Before;
27 import org.junit.Rule;
28 import org.junit.Test;
29 import org.junit.rules.ExpectedException;
30 import org.sonar.api.config.Settings;
31 import org.sonar.api.resources.Qualifiers;
32 import org.sonar.api.utils.System2;
33 import org.sonar.api.web.UserRole;
34 import org.sonar.core.permission.GlobalPermissions;
35 import org.sonar.db.DbClient;
36 import org.sonar.db.DbSession;
37 import org.sonar.db.DbTester;
38 import org.sonar.db.component.ComponentDto;
39 import org.sonar.db.component.ResourceTypesRule;
40 import org.sonar.db.permission.GroupWithPermissionDto;
41 import org.sonar.db.permission.OldPermissionQuery;
42 import org.sonar.db.permission.PermissionRepository;
43 import org.sonar.db.permission.template.PermissionTemplateDto;
44 import org.sonar.db.permission.UserWithPermissionDto;
45 import org.sonar.db.user.GroupDto;
46 import org.sonar.db.user.GroupRoleDto;
47 import org.sonar.db.user.UserDto;
48 import org.sonar.db.user.UserRoleDto;
49 import org.sonar.server.component.ComponentFinder;
50 import org.sonar.server.exceptions.BadRequestException;
51 import org.sonar.server.exceptions.ForbiddenException;
52 import org.sonar.server.exceptions.NotFoundException;
53 import org.sonar.server.exceptions.UnauthorizedException;
54 import org.sonar.server.issue.index.IssueAuthorizationIndexer;
55 import org.sonar.server.permission.PermissionService;
56 import org.sonar.server.permission.ws.PermissionDependenciesFinder;
57 import org.sonar.server.tester.UserSessionRule;
58 import org.sonar.server.usergroups.ws.UserGroupFinder;
59 import org.sonar.server.ws.TestRequest;
60 import org.sonar.server.ws.TestResponse;
61 import org.sonar.server.ws.WsActionTester;
62
63 import static org.assertj.core.api.Assertions.assertThat;
64 import static org.mockito.Mockito.mock;
65 import static org.mockito.Mockito.verify;
66 import static org.sonar.db.component.ComponentTesting.newProjectDto;
67 import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
68 import static org.sonar.db.user.GroupMembershipQuery.IN;
69 import static org.sonar.db.user.GroupTesting.newGroupDto;
70 import static org.sonar.db.user.UserTesting.newUserDto;
71 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
72 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
73 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
74 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
75
76
77 public class ApplyTemplateActionTest {
78
79   @Rule
80   public DbTester db = DbTester.create(System2.INSTANCE);
81   @Rule
82   public UserSessionRule userSession = UserSessionRule.standalone();
83   @Rule
84   public ExpectedException expectedException = ExpectedException.none();
85   ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, "DEV");
86
87   WsActionTester ws;
88   DbClient dbClient;
89   DbSession dbSession;
90
91   UserDto user1;
92   UserDto user2;
93   GroupDto group1;
94   GroupDto group2;
95   ComponentDto project;
96   PermissionTemplateDto template1;
97   PermissionTemplateDto template2;
98   IssueAuthorizationIndexer issueAuthorizationIndexer = mock(IssueAuthorizationIndexer.class);
99
100   @Before
101   public void setUp() {
102     userSession.login("login").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
103     dbClient = db.getDbClient();
104     dbSession = db.getSession();
105
106     PermissionRepository repository = new PermissionRepository(dbClient, new Settings());
107     ComponentFinder componentFinder = new ComponentFinder(dbClient);
108     PermissionService permissionService = new PermissionService(dbClient, repository, issueAuthorizationIndexer, userSession, componentFinder);
109     PermissionDependenciesFinder permissionDependenciesFinder = new PermissionDependenciesFinder(dbClient, componentFinder, new UserGroupFinder(dbClient), resourceTypes);
110
111     ApplyTemplateAction underTest = new ApplyTemplateAction(dbClient, permissionService, permissionDependenciesFinder);
112     ws = new WsActionTester(underTest);
113
114     user1 = insertUser(newUserDto().setLogin("user-login-1"));
115     user2 = insertUser(newUserDto().setLogin("user-login-2"));
116     group1 = insertGroup(newGroupDto().setName("group-name-1"));
117     group2 = insertGroup(newGroupDto().setName("group-name-2"));
118
119     // template 1
120     template1 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-1"));
121     addUserToTemplate(user1, template1, UserRole.CODEVIEWER);
122     addUserToTemplate(user2, template1, UserRole.ISSUE_ADMIN);
123     addGroupToTemplate(group1, template1, UserRole.ADMIN);
124     addGroupToTemplate(group2, template1, UserRole.USER);
125     // template 2
126     template2 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-2"));
127     addUserToTemplate(user1, template2, UserRole.USER);
128     addUserToTemplate(user2, template2, UserRole.USER);
129     addGroupToTemplate(group1, template2, UserRole.USER);
130     addGroupToTemplate(group2, template2, UserRole.USER);
131
132     project = insertProject(newProjectDto("project-uuid-1"));
133     addUserPermissionToProject(user1, project, UserRole.ADMIN);
134     addUserPermissionToProject(user2, project, UserRole.ADMIN);
135     addGroupPermissionToProject(group1, project, UserRole.ADMIN);
136     addGroupPermissionToProject(group2, project, UserRole.ADMIN);
137
138     commit();
139   }
140
141   @Test
142   public void apply_template_with_project_uuid() {
143     assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).hasSize(2);
144     assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).hasSize(2);
145
146     newRequest(template1.getUuid(), project.uuid(), null);
147
148     assertTemplate1AppliedToProject();
149     verify(issueAuthorizationIndexer).index();
150   }
151
152   @Test
153   public void apply_template_with_project_uuid_by_template_name() {
154     ws.newRequest()
155       .setParam(PARAM_TEMPLATE_NAME, template1.getName().toUpperCase())
156       .setParam(PARAM_PROJECT_ID, project.uuid())
157       .execute();
158     commit();
159
160     assertTemplate1AppliedToProject();
161   }
162
163   @Test
164   public void apply_template_with_project_key() {
165     newRequest(template1.getUuid(), null, project.key());
166
167     assertTemplate1AppliedToProject();
168   }
169
170   @Test
171   public void fail_when_unknown_template() {
172     expectedException.expect(NotFoundException.class);
173     expectedException.expectMessage("Permission template with id 'unknown-template-uuid' is not found");
174
175     newRequest("unknown-template-uuid", project.uuid(), null);
176   }
177
178   @Test
179   public void fail_when_unknown_project_uuid() {
180     expectedException.expect(NotFoundException.class);
181     expectedException.expectMessage("Project id 'unknown-project-uuid' not found");
182
183     newRequest(template1.getUuid(), "unknown-project-uuid", null);
184   }
185
186   @Test
187   public void fail_when_unknown_project_key() {
188     expectedException.expect(NotFoundException.class);
189     expectedException.expectMessage("Project key 'unknown-project-key' not found");
190
191     newRequest(template1.getUuid(), null, "unknown-project-key");
192   }
193
194   @Test
195   public void fail_when_template_is_not_provided() {
196     expectedException.expect(BadRequestException.class);
197
198     newRequest(null, project.uuid(), null);
199   }
200
201   @Test
202   public void fail_when_project_uuid_and_key_not_provided() {
203     expectedException.expect(BadRequestException.class);
204     expectedException.expectMessage("Project id or project key must be provided, not both.");
205
206     newRequest(template1.getUuid(), null, null);
207   }
208
209   @Test
210   public void fail_when_anonymous() {
211     expectedException.expect(UnauthorizedException.class);
212     userSession.anonymous();
213
214     newRequest(template1.getUuid(), project.uuid(), null);
215   }
216
217   @Test
218   public void fail_when_insufficient_privileges() {
219     expectedException.expect(ForbiddenException.class);
220     userSession.login().setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
221
222     newRequest(template1.getUuid(), project.uuid(), null);
223   }
224
225   private void assertTemplate1AppliedToProject() {
226     assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).extracting("name").containsExactly(group1.getName());
227     assertThat(selectProjectPermissionGroups(project, UserRole.USER)).extracting("name").containsExactly(group2.getName());
228     assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
229     assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).extracting("login").containsExactly(user1.getLogin());
230     assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).extracting("login").containsExactly(user2.getLogin());
231   }
232
233   private TestResponse newRequest(@Nullable String templateUuid, @Nullable String projectUuid, @Nullable String projectKey) {
234     TestRequest request = ws.newRequest();
235     if (templateUuid != null) {
236       request.setParam(PARAM_TEMPLATE_ID, templateUuid);
237     }
238     if (projectUuid != null) {
239       request.setParam(PARAM_PROJECT_ID, projectUuid);
240     }
241     if (projectKey != null) {
242       request.setParam(PARAM_PROJECT_KEY, projectKey);
243     }
244
245     TestResponse result = request.execute();
246     commit();
247
248     return result;
249   }
250
251   private ComponentDto insertProject(ComponentDto project) {
252     dbClient.componentDao().insert(dbSession, project);
253     return dbClient.componentDao().selectOrFailByUuid(dbSession, project.uuid());
254   }
255
256   private PermissionTemplateDto insertTemplate(PermissionTemplateDto template) {
257     return dbClient.permissionTemplateDao().insert(dbSession, template);
258   }
259
260   private UserDto insertUser(UserDto userDto) {
261     return dbClient.userDao().insert(dbSession, userDto.setActive(true));
262   }
263
264   private GroupDto insertGroup(GroupDto group) {
265     return dbClient.groupDao().insert(dbSession, group);
266   }
267
268   private void addUserToTemplate(UserDto user, PermissionTemplateDto permissionTemplate, String permission) {
269     dbClient.permissionTemplateDao().insertUserPermission(dbSession, permissionTemplate.getId(), user.getId(), permission);
270   }
271
272   private void addGroupToTemplate(GroupDto group, PermissionTemplateDto permissionTemplate, String permission) {
273     dbClient.permissionTemplateDao().insertGroupPermission(dbSession, permissionTemplate.getId(), group.getId(), permission);
274   }
275
276   private void addUserPermissionToProject(UserDto user, ComponentDto project, String permission) {
277     dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto()
278       .setRole(permission)
279       .setUserId(user.getId())
280       .setResourceId(project.getId()));
281   }
282
283   private void addGroupPermissionToProject(GroupDto group, ComponentDto project, String permission) {
284     dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto()
285       .setRole(permission)
286       .setResourceId(project.getId())
287       .setGroupId(group.getId()));
288   }
289
290   private List<GroupWithPermissionDto> selectProjectPermissionGroups(ComponentDto project, String permission) {
291     return FluentIterable.from(dbClient.permissionDao().selectGroups(dbSession, query(permission), project.getId()))
292       .filter(new PermissionNotNull())
293       .toList();
294   }
295
296   private List<UserWithPermissionDto> selectProjectPermissionUsers(ComponentDto project, String permission) {
297     return dbClient.permissionDao().selectUsers(dbSession, query(permission), project.getId(), 0, Integer.MAX_VALUE);
298   }
299
300   private void commit() {
301     dbSession.commit();
302   }
303
304   private static OldPermissionQuery query(String permission) {
305     return OldPermissionQuery.builder().membership(IN).permission(permission).build();
306   }
307
308   private static class PermissionNotNull implements Predicate<GroupWithPermissionDto> {
309     @Override
310     public boolean apply(@Nullable GroupWithPermissionDto input) {
311       return input.getPermission() != null;
312     }
313   }
314 }