]> source.dussan.org Git - sonarqube.git/blob
projects / sonarqube.git / blob
? search:


5d687921ea30be511337513e48221b0b41e5c081
[sonarqube.git] /
1 /*
2  * SonarQube
3  * Copyright (C) 2009-2022 SonarSource SA
4  * mailto:info AT sonarsource DOT com
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20 package org.sonar.server.permission;
21
22 import java.util.List;
23 import java.util.stream.Collectors;
24 import java.util.stream.Stream;
25 import javax.annotation.Nullable;
26 import org.junit.Rule;
27 import org.junit.Test;
28 import org.sonar.api.web.UserRole;
29 import org.sonar.core.util.SequenceUuidFactory;
30 import org.sonar.db.DbSession;
31 import org.sonar.db.DbTester;
32 import org.sonar.db.component.ComponentDto;
33 import org.sonar.db.component.ResourceTypesRule;
34 import org.sonar.db.permission.template.PermissionTemplateDbTester;
35 import org.sonar.db.permission.template.PermissionTemplateDto;
36 import org.sonar.db.user.GroupDto;
37 import org.sonar.db.user.UserDto;
38 import org.sonar.server.es.ProjectIndexers;
39 import org.sonar.server.es.TestProjectIndexers;
40 import org.sonar.server.exceptions.TemplateMatchingKeyException;
41 import org.sonar.server.tester.UserSessionRule;
42
43 import static java.util.Collections.singletonList;
44 import static org.assertj.core.api.Assertions.assertThat;
45 import static org.assertj.core.api.Assertions.assertThatThrownBy;
46 import static org.sonar.api.resources.Qualifiers.APP;
47 import static org.sonar.api.resources.Qualifiers.PROJECT;
48 import static org.sonar.api.resources.Qualifiers.VIEW;
49 import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
50 import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
51 import static org.sonar.db.permission.GlobalPermission.SCAN;
52
53 public class PermissionTemplateServiceTest {
54
55   @Rule
56   public DbTester dbTester = DbTester.create();
57
58   private final ResourceTypesRule resourceTypesRule = new ResourceTypesRule().setRootQualifiers(PROJECT, VIEW, APP);
59   private final DefaultTemplatesResolver defaultTemplatesResolver = new DefaultTemplatesResolverImpl(dbTester.getDbClient(), resourceTypesRule);
60   private final PermissionService permissionService = new PermissionServiceImpl(resourceTypesRule);
61   private final UserSessionRule userSession = UserSessionRule.standalone();
62   private final PermissionTemplateDbTester templateDb = dbTester.permissionTemplates();
63   private final DbSession session = dbTester.getSession();
64   private final ProjectIndexers projectIndexers = new TestProjectIndexers();
65   private final PermissionTemplateService underTest = new PermissionTemplateService(dbTester.getDbClient(), projectIndexers, userSession, defaultTemplatesResolver,
66     new SequenceUuidFactory());
67   private ComponentDto privateProject;
68
69   @Test
70   public void apply_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() {
71     ComponentDto privateProject = dbTester.components().insertPrivateProject();
72     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
73     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
74
75     underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
76
77     assertThat(selectProjectPermissionsOfGroup(null, privateProject)).isEmpty();
78   }
79
80   @Test
81   public void apply_default_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() {
82     ComponentDto privateProject = dbTester.components().insertPrivateProject();
83     UserDto creator = dbTester.users().insertUser();
84     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
85     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
86     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
87
88     underTest.applyDefaultToNewComponent(session, privateProject, creator.getUuid());
89
90     assertThat(selectProjectPermissionsOfGroup(null, privateProject)).isEmpty();
91   }
92
93   @Test
94   public void apply_inserts_permissions_to_group_AnyOne_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
95     ComponentDto publicProject = dbTester.components().insertPublicProject();
96     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
97     permissionService.getAllProjectPermissions()
98       .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm));
99     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
100
101     underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
102
103     assertThat(selectProjectPermissionsOfGroup(null, publicProject))
104       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
105   }
106
107   @Test
108   public void applyDefault_inserts_permissions_to_group_AnyOne_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
109     ComponentDto publicProject = dbTester.components().insertPublicProject();
110     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
111     permissionService.getAllProjectPermissions()
112       .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm));
113     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
114     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
115
116     underTest.applyDefaultToNewComponent(session, publicProject, null);
117
118     assertThat(selectProjectPermissionsOfGroup(null, publicProject))
119       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
120   }
121
122   @Test
123   public void apply_inserts_any_permissions_to_group_when_applying_template_on_private_project() {
124     ComponentDto privateProject = dbTester.components().insertPrivateProject();
125     GroupDto group = dbTester.users().insertGroup();
126     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
127     permissionService.getAllProjectPermissions()
128       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
129     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
130
131     underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
132
133     assertThat(selectProjectPermissionsOfGroup(group, privateProject))
134       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
135   }
136
137   @Test
138   public void applyDefault_inserts_any_permissions_to_group_when_applying_template_on_private_project() {
139     GroupDto group = dbTester.users().insertGroup();
140     ComponentDto privateProject = dbTester.components().insertPrivateProject();
141     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
142     permissionService.getAllProjectPermissions()
143       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
144     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
145     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
146
147     underTest.applyDefaultToNewComponent(session, privateProject, null);
148
149     assertThat(selectProjectPermissionsOfGroup(group, privateProject))
150       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
151   }
152
153   @Test
154   public void apply_inserts_permissions_to_group_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
155     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
156     ComponentDto publicProject = dbTester.components().insertPublicProject();
157     GroupDto group = dbTester.users().insertGroup();
158     permissionService.getAllProjectPermissions()
159       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
160     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
161
162     underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
163
164     assertThat(selectProjectPermissionsOfGroup(group, publicProject))
165       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
166   }
167
168   @Test
169   public void applyDefault_inserts_permissions_to_group_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
170     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
171     ComponentDto publicProject = dbTester.components().insertPublicProject();
172     GroupDto group = dbTester.users().insertGroup();
173     permissionService.getAllProjectPermissions()
174       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
175     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
176     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
177
178     underTest.applyDefaultToNewComponent(session, publicProject, null);
179
180     assertThat(selectProjectPermissionsOfGroup(group, publicProject))
181       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
182   }
183
184   @Test
185   public void apply_inserts_permissions_to_user_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
186     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
187     ComponentDto publicProject = dbTester.components().insertPublicProject();
188     UserDto user = dbTester.users().insertUser();
189     permissionService.getAllProjectPermissions()
190       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
191     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
192
193     underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
194
195     assertThat(selectProjectPermissionsOfUser(user, publicProject))
196       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
197   }
198
199   @Test
200   public void applyDefault_inserts_permissions_to_user_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
201     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
202     ComponentDto publicProject = dbTester.components().insertPublicProject();
203     UserDto user = dbTester.users().insertUser();
204     permissionService.getAllProjectPermissions()
205       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
206     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
207     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
208
209     underTest.applyDefaultToNewComponent(session, publicProject, null);
210
211     assertThat(selectProjectPermissionsOfUser(user, publicProject))
212       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
213   }
214
215   @Test
216   public void apply_inserts_any_permissions_to_user_when_applying_template_on_private_project() {
217     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
218     ComponentDto privateProject = dbTester.components().insertPrivateProject();
219     UserDto user = dbTester.users().insertUser();
220     permissionService.getAllProjectPermissions()
221       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
222     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
223
224     underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
225
226     assertThat(selectProjectPermissionsOfUser(user, privateProject))
227       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
228   }
229
230   @Test
231   public void applyDefault_inserts_any_permissions_to_user_when_applying_template_on_private_project() {
232     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
233     ComponentDto privateProject = dbTester.components().insertPrivateProject();
234     UserDto user = dbTester.users().insertUser();
235     permissionService.getAllProjectPermissions()
236       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
237     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
238     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
239
240     underTest.applyDefaultToNewComponent(session, privateProject, null);
241
242     assertThat(selectProjectPermissionsOfUser(user, privateProject))
243       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
244   }
245
246   @Test
247   public void applyDefault_inserts_permissions_to_ProjectCreator_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
248     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
249     ComponentDto publicProject = dbTester.components().insertPublicProject();
250     UserDto user = dbTester.users().insertUser();
251     permissionService.getAllProjectPermissions()
252       .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm));
253     dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");
254     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
255
256     underTest.applyDefaultToNewComponent(session, publicProject, user.getUuid());
257
258     assertThat(selectProjectPermissionsOfUser(user, publicProject))
259       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
260   }
261
262   @Test
263   public void applyDefault_inserts_any_permissions_to_ProjectCreator_when_applying_template_on_private_project() {
264     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
265     ComponentDto privateProject = dbTester.components().insertPrivateProject();
266     UserDto user = dbTester.users().insertUser();
267     permissionService.getAllProjectPermissions()
268       .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm));
269     dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");
270     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
271
272     underTest.applyDefaultToNewComponent(session, privateProject, user.getUuid());
273
274     assertThat(selectProjectPermissionsOfUser(user, privateProject))
275       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
276   }
277
278   @Test
279   public void apply_template_on_view() {
280     ComponentDto portfolio = dbTester.components().insertPrivatePortfolio();
281     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
282     GroupDto group = dbTester.users().insertGroup();
283     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, ADMINISTER.getKey());
284     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, PROVISION_PROJECTS.getKey());
285     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
286
287     underTest.applyDefaultToNewComponent(session, portfolio, null);
288
289     assertThat(selectProjectPermissionsOfGroup(group, portfolio))
290       .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
291   }
292
293   @Test
294   public void apply_default_template_on_application() {
295     ComponentDto view = dbTester.components().insertPublicApplication();
296     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
297     PermissionTemplateDto appPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
298     GroupDto group = dbTester.users().insertGroup();
299     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, ADMINISTER.getKey());
300     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, PROVISION_PROJECTS.getKey());
301     dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, appPermissionTemplate, null);
302
303     underTest.applyDefaultToNewComponent(session, view, null);
304
305     assertThat(selectProjectPermissionsOfGroup(group, view))
306       .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
307   }
308
309   @Test
310   public void apply_default_template_on_portfolio() {
311     ComponentDto view = dbTester.components().insertPublicPortfolio();
312     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
313     PermissionTemplateDto portPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
314     GroupDto group = dbTester.users().insertGroup();
315     dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, ADMINISTER.getKey());
316     dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, PROVISION_PROJECTS.getKey());
317     dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, portPermissionTemplate);
318
319     underTest.applyDefaultToNewComponent(session, view, null);
320
321     assertThat(selectProjectPermissionsOfGroup(group, view))
322       .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
323   }
324
325   @Test
326   public void apply_project_default_template_on_view_when_no_view_default_template() {
327     ComponentDto view = dbTester.components().insertPrivatePortfolio();
328     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
329     GroupDto group = dbTester.users().insertGroup();
330     dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, PROVISION_PROJECTS.getKey());
331     dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, null);
332
333     underTest.applyDefaultToNewComponent(session, view, null);
334
335     assertThat(selectProjectPermissionsOfGroup(group, view)).containsOnly(PROVISION_PROJECTS.getKey());
336   }
337
338   @Test
339   public void apply_template_on_applications() {
340     ComponentDto application = dbTester.components().insertPublicApplication();
341     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
342     GroupDto group = dbTester.users().insertGroup();
343     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, ADMINISTER.getKey());
344     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, PROVISION_PROJECTS.getKey());
345     dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
346
347     underTest.applyDefaultToNewComponent(session, application, null);
348
349     assertThat(selectProjectPermissionsOfGroup(group, application))
350       .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
351   }
352
353   @Test
354   public void apply_default_view_template_on_application() {
355     ComponentDto application = dbTester.components().insertPublicApplication();
356     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
357     PermissionTemplateDto appPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
358     PermissionTemplateDto portPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
359     GroupDto group = dbTester.users().insertGroup();
360     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, ADMINISTER.getKey());
361     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, PROVISION_PROJECTS.getKey());
362     dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, appPermissionTemplate, portPermissionTemplate);
363
364     underTest.applyDefaultToNewComponent(session, application, null);
365
366     assertThat(selectProjectPermissionsOfGroup(group, application))
367       .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
368   }
369
370   @Test
371   public void apply_project_default_template_on_application_when_no_application_default_template() {
372     ComponentDto application = dbTester.components().insertPublicApplication();
373     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
374     GroupDto group = dbTester.users().insertGroup();
375     dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, PROVISION_PROJECTS.getKey());
376     dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, null);
377
378     underTest.applyDefaultToNewComponent(session, application, null);
379
380     assertThat(selectProjectPermissionsOfGroup(group, application)).containsOnly(PROVISION_PROJECTS.getKey());
381   }
382
383   @Test
384   public void apply_permission_template() {
385     UserDto user = dbTester.users().insertUser();
386     ComponentDto project = dbTester.components().insertPrivateProject();
387     GroupDto adminGroup = dbTester.users().insertGroup();
388     GroupDto userGroup = dbTester.users().insertGroup();
389     dbTester.users().insertPermissionOnGroup(adminGroup, "admin");
390     dbTester.users().insertPermissionOnGroup(userGroup, "user");
391     dbTester.users().insertPermissionOnUser(user, "admin");
392     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
393     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, "admin");
394     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, "issueadmin");
395     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, "user");
396     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, "codeviewer");
397     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "user");
398     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "codeviewer");
399     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "admin");
400
401     assertThat(selectProjectPermissionsOfGroup(adminGroup, project)).isEmpty();
402     assertThat(selectProjectPermissionsOfGroup(userGroup, project)).isEmpty();
403     assertThat(selectProjectPermissionsOfGroup(null, project)).isEmpty();
404     assertThat(selectProjectPermissionsOfUser(user, project)).isEmpty();
405
406     underTest.applyAndCommit(session, permissionTemplate, singletonList(project));
407
408     assertThat(selectProjectPermissionsOfGroup(adminGroup, project)).containsOnly("admin", "issueadmin");
409     assertThat(selectProjectPermissionsOfGroup(userGroup, project)).containsOnly("user", "codeviewer");
410     assertThat(selectProjectPermissionsOfGroup(null, project)).isEmpty();
411     assertThat(selectProjectPermissionsOfUser(user, project)).containsOnly("admin");
412   }
413
414   private List<String> selectProjectPermissionsOfGroup(@Nullable GroupDto groupDto, ComponentDto project) {
415     return dbTester.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(session, groupDto != null ? groupDto.getUuid() : null, project.uuid());
416   }
417
418   private List<String> selectProjectPermissionsOfUser(UserDto userDto, ComponentDto project) {
419     return dbTester.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(session,
420       userDto.getUuid(), project.uuid());
421   }
422
423   @Test
424   public void would_user_have_scan_permission_with_default_permission_template() {
425     GroupDto group = dbTester.users().insertGroup();
426     UserDto user = dbTester.users().insertUser();
427     dbTester.users().insertMember(group, user);
428     PermissionTemplateDto template = templateDb.insertTemplate();
429     dbTester.permissionTemplates().setDefaultTemplates(template, null, null);
430     templateDb.addProjectCreatorToTemplate(template.getUuid(), SCAN.getKey(), template.getName());
431     templateDb.addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.USER, template.getName(), user.getLogin());
432     templateDb.addGroupToTemplate(template.getUuid(), group.getUuid(), UserRole.CODEVIEWER, template.getName(), group.getName());
433     templateDb.addGroupToTemplate(template.getUuid(), null, UserRole.ISSUE_ADMIN, template.getName(), null);
434
435     // authenticated user
436     checkWouldUserHaveScanPermission(user.getUuid(), true);
437
438     // anonymous user
439     checkWouldUserHaveScanPermission(null, false);
440   }
441
442   @Test
443   public void would_user_have_scan_permission_with_unknown_default_permission_template() {
444     dbTester.permissionTemplates().setDefaultTemplates("UNKNOWN_TEMPLATE_UUID", null, null);
445
446     checkWouldUserHaveScanPermission(null, false);
447   }
448
449   @Test
450   public void would_user_have_scan_permission_with_empty_template() {
451     PermissionTemplateDto template = templateDb.insertTemplate();
452     dbTester.permissionTemplates().setDefaultTemplates(template, null, null);
453
454     checkWouldUserHaveScanPermission(null, false);
455   }
456
457   @Test
458   public void apply_permission_template_with_key_pattern_collision() {
459     final String key = "hi-test";
460     final String keyPattern = ".*-test";
461
462     Stream<PermissionTemplateDto> templates = Stream.of(
463       templateDb.insertTemplate(t -> t.setKeyPattern(keyPattern)),
464       templateDb.insertTemplate(t -> t.setKeyPattern(keyPattern))
465     );
466
467     String templateNames = templates
468       .map(PermissionTemplateDto::getName)
469       .sorted(String.CASE_INSENSITIVE_ORDER)
470       .map(x -> String.format("\"%s\"", x))
471       .collect(Collectors.joining(", "));
472
473     ComponentDto project = dbTester.components().insertPrivateProject(p -> p.setDbKey(key));
474
475     assertThatThrownBy(() -> underTest.applyDefaultToNewComponent(session, project, null))
476       .isInstanceOf(TemplateMatchingKeyException.class)
477       .hasMessageContaining("The \"%s\" key matches multiple permission templates: %s.", key, templateNames);
478   }
479
480   private void checkWouldUserHaveScanPermission(@Nullable String userUuid, boolean expectedResult) {
481     assertThat(underTest.wouldUserHaveScanPermissionWithDefaultTemplate(session, userUuid, "PROJECT_KEY"))
482       .isEqualTo(expectedResult);
483   }
484
485 }
Continuous Inspection: https://github.com/SonarSource/sonarqube