3 * Copyright (C) 2009-2016 SonarSource SA
4 * mailto:contact AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.server.permission.ws.template;
22 import com.google.common.base.Predicate;
23 import com.google.common.collect.FluentIterable;
24 import java.util.List;
25 import javax.annotation.Nullable;
26 import org.junit.Before;
27 import org.junit.Rule;
28 import org.junit.Test;
29 import org.junit.rules.ExpectedException;
30 import org.sonar.api.config.Settings;
31 import org.sonar.api.resources.Qualifiers;
32 import org.sonar.api.utils.System2;
33 import org.sonar.api.web.UserRole;
34 import org.sonar.core.permission.GlobalPermissions;
35 import org.sonar.db.DbClient;
36 import org.sonar.db.DbSession;
37 import org.sonar.db.DbTester;
38 import org.sonar.db.component.ComponentDto;
39 import org.sonar.db.component.ResourceTypesRule;
40 import org.sonar.db.permission.GroupWithPermissionDto;
41 import org.sonar.db.permission.OldPermissionQuery;
42 import org.sonar.db.permission.PermissionRepository;
43 import org.sonar.db.permission.template.PermissionTemplateDto;
44 import org.sonar.db.permission.UserWithPermissionDto;
45 import org.sonar.db.user.GroupDto;
46 import org.sonar.db.user.GroupRoleDto;
47 import org.sonar.db.user.UserDto;
48 import org.sonar.db.user.UserRoleDto;
49 import org.sonar.server.component.ComponentFinder;
50 import org.sonar.server.exceptions.BadRequestException;
51 import org.sonar.server.exceptions.ForbiddenException;
52 import org.sonar.server.exceptions.NotFoundException;
53 import org.sonar.server.exceptions.UnauthorizedException;
54 import org.sonar.server.issue.index.IssueAuthorizationIndexer;
55 import org.sonar.server.permission.PermissionService;
56 import org.sonar.server.permission.ws.PermissionDependenciesFinder;
57 import org.sonar.server.tester.UserSessionRule;
58 import org.sonar.server.usergroups.ws.UserGroupFinder;
59 import org.sonar.server.ws.TestRequest;
60 import org.sonar.server.ws.TestResponse;
61 import org.sonar.server.ws.WsActionTester;
63 import static org.assertj.core.api.Assertions.assertThat;
64 import static org.mockito.Mockito.mock;
65 import static org.mockito.Mockito.verify;
66 import static org.sonar.db.component.ComponentTesting.newProjectDto;
67 import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
68 import static org.sonar.db.user.GroupMembershipQuery.IN;
69 import static org.sonar.db.user.GroupTesting.newGroupDto;
70 import static org.sonar.db.user.UserTesting.newUserDto;
71 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
72 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
73 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
74 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
77 public class ApplyTemplateActionTest {
80 public DbTester db = DbTester.create(System2.INSTANCE);
82 public UserSessionRule userSession = UserSessionRule.standalone();
84 public ExpectedException expectedException = ExpectedException.none();
85 ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, "DEV");
96 PermissionTemplateDto template1;
97 PermissionTemplateDto template2;
98 IssueAuthorizationIndexer issueAuthorizationIndexer = mock(IssueAuthorizationIndexer.class);
101 public void setUp() {
102 userSession.login("login").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
103 dbClient = db.getDbClient();
104 dbSession = db.getSession();
106 PermissionRepository repository = new PermissionRepository(dbClient, new Settings());
107 ComponentFinder componentFinder = new ComponentFinder(dbClient);
108 PermissionService permissionService = new PermissionService(dbClient, repository, issueAuthorizationIndexer, userSession, componentFinder);
109 PermissionDependenciesFinder permissionDependenciesFinder = new PermissionDependenciesFinder(dbClient, componentFinder, new UserGroupFinder(dbClient), resourceTypes);
111 ApplyTemplateAction underTest = new ApplyTemplateAction(dbClient, permissionService, permissionDependenciesFinder);
112 ws = new WsActionTester(underTest);
114 user1 = insertUser(newUserDto().setLogin("user-login-1"));
115 user2 = insertUser(newUserDto().setLogin("user-login-2"));
116 group1 = insertGroup(newGroupDto().setName("group-name-1"));
117 group2 = insertGroup(newGroupDto().setName("group-name-2"));
120 template1 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-1"));
121 addUserToTemplate(user1, template1, UserRole.CODEVIEWER);
122 addUserToTemplate(user2, template1, UserRole.ISSUE_ADMIN);
123 addGroupToTemplate(group1, template1, UserRole.ADMIN);
124 addGroupToTemplate(group2, template1, UserRole.USER);
126 template2 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-2"));
127 addUserToTemplate(user1, template2, UserRole.USER);
128 addUserToTemplate(user2, template2, UserRole.USER);
129 addGroupToTemplate(group1, template2, UserRole.USER);
130 addGroupToTemplate(group2, template2, UserRole.USER);
132 project = insertProject(newProjectDto("project-uuid-1"));
133 addUserPermissionToProject(user1, project, UserRole.ADMIN);
134 addUserPermissionToProject(user2, project, UserRole.ADMIN);
135 addGroupPermissionToProject(group1, project, UserRole.ADMIN);
136 addGroupPermissionToProject(group2, project, UserRole.ADMIN);
142 public void apply_template_with_project_uuid() {
143 assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).hasSize(2);
144 assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).hasSize(2);
146 newRequest(template1.getUuid(), project.uuid(), null);
148 assertTemplate1AppliedToProject();
149 verify(issueAuthorizationIndexer).index();
153 public void apply_template_with_project_uuid_by_template_name() {
155 .setParam(PARAM_TEMPLATE_NAME, template1.getName().toUpperCase())
156 .setParam(PARAM_PROJECT_ID, project.uuid())
160 assertTemplate1AppliedToProject();
164 public void apply_template_with_project_key() {
165 newRequest(template1.getUuid(), null, project.key());
167 assertTemplate1AppliedToProject();
171 public void fail_when_unknown_template() {
172 expectedException.expect(NotFoundException.class);
173 expectedException.expectMessage("Permission template with id 'unknown-template-uuid' is not found");
175 newRequest("unknown-template-uuid", project.uuid(), null);
179 public void fail_when_unknown_project_uuid() {
180 expectedException.expect(NotFoundException.class);
181 expectedException.expectMessage("Project id 'unknown-project-uuid' not found");
183 newRequest(template1.getUuid(), "unknown-project-uuid", null);
187 public void fail_when_unknown_project_key() {
188 expectedException.expect(NotFoundException.class);
189 expectedException.expectMessage("Project key 'unknown-project-key' not found");
191 newRequest(template1.getUuid(), null, "unknown-project-key");
195 public void fail_when_template_is_not_provided() {
196 expectedException.expect(BadRequestException.class);
198 newRequest(null, project.uuid(), null);
202 public void fail_when_project_uuid_and_key_not_provided() {
203 expectedException.expect(BadRequestException.class);
204 expectedException.expectMessage("Project id or project key must be provided, not both.");
206 newRequest(template1.getUuid(), null, null);
210 public void fail_when_anonymous() {
211 expectedException.expect(UnauthorizedException.class);
212 userSession.anonymous();
214 newRequest(template1.getUuid(), project.uuid(), null);
218 public void fail_when_insufficient_privileges() {
219 expectedException.expect(ForbiddenException.class);
220 userSession.login().setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
222 newRequest(template1.getUuid(), project.uuid(), null);
225 private void assertTemplate1AppliedToProject() {
226 assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).extracting("name").containsExactly(group1.getName());
227 assertThat(selectProjectPermissionGroups(project, UserRole.USER)).extracting("name").containsExactly(group2.getName());
228 assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
229 assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).extracting("login").containsExactly(user1.getLogin());
230 assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).extracting("login").containsExactly(user2.getLogin());
233 private TestResponse newRequest(@Nullable String templateUuid, @Nullable String projectUuid, @Nullable String projectKey) {
234 TestRequest request = ws.newRequest();
235 if (templateUuid != null) {
236 request.setParam(PARAM_TEMPLATE_ID, templateUuid);
238 if (projectUuid != null) {
239 request.setParam(PARAM_PROJECT_ID, projectUuid);
241 if (projectKey != null) {
242 request.setParam(PARAM_PROJECT_KEY, projectKey);
245 TestResponse result = request.execute();
251 private ComponentDto insertProject(ComponentDto project) {
252 dbClient.componentDao().insert(dbSession, project);
253 return dbClient.componentDao().selectOrFailByUuid(dbSession, project.uuid());
256 private PermissionTemplateDto insertTemplate(PermissionTemplateDto template) {
257 return dbClient.permissionTemplateDao().insert(dbSession, template);
260 private UserDto insertUser(UserDto userDto) {
261 return dbClient.userDao().insert(dbSession, userDto.setActive(true));
264 private GroupDto insertGroup(GroupDto group) {
265 return dbClient.groupDao().insert(dbSession, group);
268 private void addUserToTemplate(UserDto user, PermissionTemplateDto permissionTemplate, String permission) {
269 dbClient.permissionTemplateDao().insertUserPermission(dbSession, permissionTemplate.getId(), user.getId(), permission);
272 private void addGroupToTemplate(GroupDto group, PermissionTemplateDto permissionTemplate, String permission) {
273 dbClient.permissionTemplateDao().insertGroupPermission(dbSession, permissionTemplate.getId(), group.getId(), permission);
276 private void addUserPermissionToProject(UserDto user, ComponentDto project, String permission) {
277 dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto()
279 .setUserId(user.getId())
280 .setResourceId(project.getId()));
283 private void addGroupPermissionToProject(GroupDto group, ComponentDto project, String permission) {
284 dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto()
286 .setResourceId(project.getId())
287 .setGroupId(group.getId()));
290 private List<GroupWithPermissionDto> selectProjectPermissionGroups(ComponentDto project, String permission) {
291 return FluentIterable.from(dbClient.permissionDao().selectGroups(dbSession, query(permission), project.getId()))
292 .filter(new PermissionNotNull())
296 private List<UserWithPermissionDto> selectProjectPermissionUsers(ComponentDto project, String permission) {
297 return dbClient.permissionDao().selectUsers(dbSession, query(permission), project.getId(), 0, Integer.MAX_VALUE);
300 private void commit() {
304 private static OldPermissionQuery query(String permission) {
305 return OldPermissionQuery.builder().membership(IN).permission(permission).build();
308 private static class PermissionNotNull implements Predicate<GroupWithPermissionDto> {
310 public boolean apply(@Nullable GroupWithPermissionDto input) {
311 return input.getPermission() != null;