]> source.dussan.org Git - sonarqube.git/blob
projects / sonarqube.git / blob
? search:


77de29c71fd67ff3423f014d88895f8613cc913e
[sonarqube.git] /
1 /*
2  * SonarQube
3  * Copyright (C) 2009-2021 SonarSource SA
4  * mailto:info AT sonarsource DOT com
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20 package org.sonar.server.permission.index;
21
22 import org.junit.Rule;
23 import org.junit.Test;
24 import org.junit.rules.ExpectedException;
25 import org.sonar.api.resources.Qualifiers;
26 import org.sonar.api.utils.System2;
27 import org.sonar.db.DbSession;
28 import org.sonar.db.DbTester;
29 import org.sonar.db.component.ComponentDto;
30 import org.sonar.db.es.EsQueueDto;
31 import org.sonar.db.user.GroupDto;
32 import org.sonar.db.user.UserDto;
33 import org.sonar.server.es.EsTester;
34 import org.sonar.server.es.IndexType;
35 import org.sonar.server.es.IndexType.IndexMainType;
36 import org.sonar.server.es.IndexingResult;
37 import org.sonar.server.es.ProjectIndexer;
38 import org.sonar.server.tester.UserSessionRule;
39
40 import static java.util.Arrays.asList;
41 import static java.util.Collections.singletonList;
42 import static org.assertj.core.api.Assertions.assertThat;
43 import static org.sonar.api.web.UserRole.ADMIN;
44 import static org.sonar.api.web.UserRole.USER;
45 import static org.sonar.server.es.ProjectIndexer.Cause.PERMISSION_CHANGE;
46 import static org.sonar.server.permission.index.IndexAuthorizationConstants.TYPE_AUTHORIZATION;
47 import java.util.Collection;
48
49 public class PermissionIndexerTest {
50
51   private static final IndexMainType INDEX_TYPE_FOO_AUTH = IndexType.main(FooIndexDefinition.DESCRIPTOR, TYPE_AUTHORIZATION);
52
53   @Rule
54   public ExpectedException expectedException = ExpectedException.none();
55   @Rule
56   public DbTester db = DbTester.create(System2.INSTANCE);
57   @Rule
58   public EsTester es = EsTester.createCustom(new FooIndexDefinition());
59   @Rule
60   public UserSessionRule userSession = UserSessionRule.standalone();
61
62   private FooIndex fooIndex = new FooIndex(es.client(), new WebAuthorizationTypeSupport(userSession));
63   private FooIndexer fooIndexer = new FooIndexer(es.client());
64   private PermissionIndexer underTest = new PermissionIndexer(db.getDbClient(), es.client(), fooIndexer);
65
66   @Test
67   public void indexOnStartup_grants_access_to_any_user_and_to_group_Anyone_on_public_projects() {
68     ComponentDto project = createAndIndexPublicProject();
69     UserDto user1 = db.users().insertUser();
70     UserDto user2 = db.users().insertUser();
71
72     indexOnStartup();
73
74     verifyAnyoneAuthorized(project);
75     verifyAuthorized(project, user1);
76     verifyAuthorized(project, user2);
77   }
78
79   @Test
80   public void indexAll_grants_access_to_any_user_and_to_group_Anyone_on_public_projects() {
81     ComponentDto project = createAndIndexPublicProject();
82     UserDto user1 = db.users().insertUser();
83     UserDto user2 = db.users().insertUser();
84
85     underTest.indexAll(underTest.getIndexTypes());
86
87     verifyAnyoneAuthorized(project);
88     verifyAuthorized(project, user1);
89     verifyAuthorized(project, user2);
90   }
91
92   @Test
93   public void deletion_resilience_will_deindex_projects() {
94     ComponentDto project1 = createUnindexedPublicProject();
95     ComponentDto project2 = createUnindexedPublicProject();
96     // UserDto user1 = db.users().insertUser();
97     indexOnStartup();
98     assertThat(es.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(2);
99
100     // Simulate a indexation issue
101     db.getDbClient().componentDao().delete(db.getSession(), project1.uuid(), Qualifiers.PROJECT);
102     underTest.prepareForRecovery(db.getSession(), asList(project1.uuid()), ProjectIndexer.Cause.PROJECT_DELETION);
103     assertThat(db.countRowsOfTable(db.getSession(), "es_queue")).isEqualTo(1);
104     Collection<EsQueueDto> esQueueDtos = db.getDbClient().esQueueDao().selectForRecovery(db.getSession(), Long.MAX_VALUE, 2);
105
106     underTest.index(db.getSession(), esQueueDtos);
107
108     assertThat(db.countRowsOfTable(db.getSession(), "es_queue")).isZero();
109     assertThat(es.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(1);
110   }
111
112   @Test
113   public void indexOnStartup_grants_access_to_user() {
114     ComponentDto project = createAndIndexPrivateProject();
115     UserDto user1 = db.users().insertUser();
116     UserDto user2 = db.users().insertUser();
117     db.users().insertProjectPermissionOnUser(user1, USER, project);
118     db.users().insertProjectPermissionOnUser(user2, ADMIN, project);
119
120     indexOnStartup();
121
122     // anonymous
123     verifyAnyoneNotAuthorized(project);
124
125     // user1 has access
126     verifyAuthorized(project, user1);
127
128     // user2 has not access (only USER permission is accepted)
129     verifyNotAuthorized(project, user2);
130   }
131
132   @Test
133   public void indexOnStartup_grants_access_to_group_on_private_project() {
134     ComponentDto project = createAndIndexPrivateProject();
135     UserDto user1 = db.users().insertUser();
136     UserDto user2 = db.users().insertUser();
137     UserDto user3 = db.users().insertUser();
138     GroupDto group1 = db.users().insertGroup();
139     GroupDto group2 = db.users().insertGroup();
140     db.users().insertProjectPermissionOnGroup(group1, USER, project);
141     db.users().insertProjectPermissionOnGroup(group2, ADMIN, project);
142
143     indexOnStartup();
144
145     // anonymous
146     verifyAnyoneNotAuthorized(project);
147
148     // group1 has access
149     verifyAuthorized(project, user1, group1);
150
151     // group2 has not access (only USER permission is accepted)
152     verifyNotAuthorized(project, user2, group2);
153
154     // user3 is not in any group
155     verifyNotAuthorized(project, user3);
156   }
157
158   @Test
159   public void indexOnStartup_grants_access_to_user_and_group() {
160     ComponentDto project = createAndIndexPrivateProject();
161     UserDto user1 = db.users().insertUser();
162     UserDto user2 = db.users().insertUser();
163     GroupDto group = db.users().insertGroup();
164     db.users().insertMember(group, user2);
165     db.users().insertProjectPermissionOnUser(user1, USER, project);
166     db.users().insertProjectPermissionOnGroup(group, USER, project);
167
168     indexOnStartup();
169
170     // anonymous
171     verifyAnyoneNotAuthorized(project);
172
173     // has direct access
174     verifyAuthorized(project, user1);
175
176     // has access through group
177     verifyAuthorized(project, user1, group);
178
179     // no access
180     verifyNotAuthorized(project, user2);
181   }
182
183   @Test
184   public void indexOnStartup_does_not_grant_access_to_anybody_on_private_project() {
185     ComponentDto project = createAndIndexPrivateProject();
186     UserDto user = db.users().insertUser();
187     GroupDto group = db.users().insertGroup();
188
189     indexOnStartup();
190
191     verifyAnyoneNotAuthorized(project);
192     verifyNotAuthorized(project, user);
193     verifyNotAuthorized(project, user, group);
194   }
195
196   @Test
197   public void indexOnStartup_grants_access_to_anybody_on_public_project() {
198     ComponentDto project = createAndIndexPublicProject();
199     UserDto user = db.users().insertUser();
200     GroupDto group = db.users().insertGroup();
201
202     indexOnStartup();
203
204     verifyAnyoneAuthorized(project);
205     verifyAuthorized(project, user);
206     verifyAuthorized(project, user, group);
207   }
208
209   @Test
210   public void indexOnStartup_grants_access_to_anybody_on_view() {
211     ComponentDto view = createAndIndexView();
212     UserDto user = db.users().insertUser();
213     GroupDto group = db.users().insertGroup();
214
215     indexOnStartup();
216
217     verifyAnyoneAuthorized(view);
218     verifyAuthorized(view, user);
219     verifyAuthorized(view, user, group);
220   }
221
222   @Test
223   public void indexOnStartup_grants_access_on_many_projects() {
224     UserDto user1 = db.users().insertUser();
225     UserDto user2 = db.users().insertUser();
226     ComponentDto project = null;
227     for (int i = 0; i < 10; i++) {
228       project = createAndIndexPrivateProject();
229       db.users().insertProjectPermissionOnUser(user1, USER, project);
230     }
231
232     indexOnStartup();
233
234     verifyAnyoneNotAuthorized(project);
235     verifyAuthorized(project, user1);
236     verifyNotAuthorized(project, user2);
237   }
238
239   @Test
240   public void public_projects_are_visible_to_anybody() {
241     ComponentDto projectOnOrg1 = createAndIndexPublicProject();
242     UserDto user = db.users().insertUser();
243
244     indexOnStartup();
245
246     verifyAnyoneAuthorized(projectOnOrg1);
247     verifyAuthorized(projectOnOrg1, user);
248   }
249
250   @Test
251   public void indexOnAnalysis_does_nothing_because_CE_does_not_touch_permissions() {
252     ComponentDto project = createAndIndexPublicProject();
253
254     underTest.indexOnAnalysis(project.uuid());
255
256     assertThatAuthIndexHasSize(0);
257     verifyAnyoneNotAuthorized(project);
258   }
259
260   @Test
261   public void permissions_are_not_updated_on_project_tags_update() {
262     ComponentDto project = createAndIndexPublicProject();
263
264     indexPermissions(project, ProjectIndexer.Cause.PROJECT_TAGS_UPDATE);
265
266     assertThatAuthIndexHasSize(0);
267     verifyAnyoneNotAuthorized(project);
268   }
269
270   @Test
271   public void permissions_are_not_updated_on_project_key_update() {
272     ComponentDto project = createAndIndexPublicProject();
273
274     indexPermissions(project, ProjectIndexer.Cause.PROJECT_TAGS_UPDATE);
275
276     assertThatAuthIndexHasSize(0);
277     verifyAnyoneNotAuthorized(project);
278   }
279
280   @Test
281   public void index_permissions_on_project_creation() {
282     ComponentDto project = createAndIndexPrivateProject();
283     UserDto user = db.users().insertUser();
284     db.users().insertProjectPermissionOnUser(user, USER, project);
285
286     indexPermissions(project, ProjectIndexer.Cause.PROJECT_CREATION);
287
288     assertThatAuthIndexHasSize(1);
289     verifyAuthorized(project, user);
290   }
291
292   @Test
293   public void index_permissions_on_permission_change() {
294     ComponentDto project = createAndIndexPrivateProject();
295     UserDto user1 = db.users().insertUser();
296     UserDto user2 = db.users().insertUser();
297     db.users().insertProjectPermissionOnUser(user1, USER, project);
298     indexPermissions(project, ProjectIndexer.Cause.PROJECT_CREATION);
299     verifyAuthorized(project, user1);
300     verifyNotAuthorized(project, user2);
301
302     db.users().insertProjectPermissionOnUser(user2, USER, project);
303     indexPermissions(project, PERMISSION_CHANGE);
304
305     verifyAuthorized(project, user1);
306     verifyAuthorized(project, user1);
307   }
308
309   @Test
310   public void delete_permissions_on_project_deletion() {
311     ComponentDto project = createAndIndexPrivateProject();
312     UserDto user = db.users().insertUser();
313     db.users().insertProjectPermissionOnUser(user, USER, project);
314     indexPermissions(project, ProjectIndexer.Cause.PROJECT_CREATION);
315     verifyAuthorized(project, user);
316
317     db.getDbClient().componentDao().delete(db.getSession(), project.uuid(), Qualifiers.PROJECT);
318     indexPermissions(project, ProjectIndexer.Cause.PROJECT_DELETION);
319
320     verifyNotAuthorized(project, user);
321     assertThatAuthIndexHasSize(0);
322   }
323
324   @Test
325   public void errors_during_indexing_are_recovered() {
326     ComponentDto project = createAndIndexPublicProject();
327     es.lockWrites(INDEX_TYPE_FOO_AUTH);
328
329     IndexingResult result = indexPermissions(project, PERMISSION_CHANGE);
330     assertThat(result.getTotal()).isEqualTo(1L);
331     assertThat(result.getFailures()).isEqualTo(1L);
332
333     // index is still read-only, fail to recover
334     result = recover();
335     assertThat(result.getTotal()).isEqualTo(1L);
336     assertThat(result.getFailures()).isEqualTo(1L);
337     assertThatAuthIndexHasSize(0);
338     assertThatEsQueueTableHasSize(1);
339
340     es.unlockWrites(INDEX_TYPE_FOO_AUTH);
341
342     result = recover();
343     assertThat(result.getTotal()).isEqualTo(1L);
344     assertThat(result.getFailures()).isEqualTo(0L);
345     verifyAnyoneAuthorized(project);
346     assertThatEsQueueTableHasSize(0);
347   }
348
349   private void assertThatAuthIndexHasSize(int expectedSize) {
350     assertThat(es.countDocuments(FooIndexDefinition.TYPE_AUTHORIZATION)).isEqualTo(expectedSize);
351   }
352
353   private void indexOnStartup() {
354     underTest.indexOnStartup(underTest.getIndexTypes());
355   }
356
357   private void verifyAuthorized(ComponentDto project, UserDto user) {
358     logIn(user);
359     verifyAuthorized(project, true);
360   }
361
362   private void verifyAuthorized(ComponentDto project, UserDto user, GroupDto group) {
363     logIn(user).setGroups(group);
364     verifyAuthorized(project, true);
365   }
366
367   private void verifyNotAuthorized(ComponentDto project, UserDto user) {
368     logIn(user);
369     verifyAuthorized(project, false);
370   }
371
372   private void verifyNotAuthorized(ComponentDto project, UserDto user, GroupDto group) {
373     logIn(user).setGroups(group);
374     verifyAuthorized(project, false);
375   }
376
377   private void verifyAnyoneAuthorized(ComponentDto project) {
378     userSession.anonymous();
379     verifyAuthorized(project, true);
380   }
381
382   private void verifyAnyoneNotAuthorized(ComponentDto project) {
383     userSession.anonymous();
384     verifyAuthorized(project, false);
385   }
386
387   private void verifyAuthorized(ComponentDto project, boolean expectedAccess) {
388     assertThat(fooIndex.hasAccessToProject(project.uuid())).isEqualTo(expectedAccess);
389   }
390
391   private UserSessionRule logIn(UserDto u) {
392     userSession.logIn(u);
393     return userSession;
394   }
395
396   private IndexingResult indexPermissions(ComponentDto project, ProjectIndexer.Cause cause) {
397     DbSession dbSession = db.getSession();
398     Collection<EsQueueDto> items = underTest.prepareForRecovery(dbSession, singletonList(project.uuid()), cause);
399     dbSession.commit();
400     return underTest.index(dbSession, items);
401   }
402
403   private ComponentDto createUnindexedPublicProject() {
404     return db.components().insertPublicProject();
405   }
406
407   private ComponentDto createAndIndexPrivateProject() {
408     ComponentDto project = db.components().insertPrivateProject();
409     fooIndexer.indexOnAnalysis(project.uuid());
410     return project;
411   }
412
413   private ComponentDto createAndIndexPublicProject() {
414     ComponentDto project = db.components().insertPublicProject();
415     fooIndexer.indexOnAnalysis(project.uuid());
416     return project;
417   }
418
419   private ComponentDto createAndIndexView() {
420     ComponentDto view = db.components().insertPublicPortfolio();
421     fooIndexer.indexOnAnalysis(view.uuid());
422     return view;
423   }
424
425   private IndexingResult recover() {
426     Collection<EsQueueDto> items = db.getDbClient().esQueueDao().selectForRecovery(db.getSession(), System.currentTimeMillis() + 1_000L, 10);
427     return underTest.index(db.getSession(), items);
428   }
429
430   private void assertThatEsQueueTableHasSize(int expectedSize) {
431     assertThat(db.countRowsOfTable("es_queue")).isEqualTo(expectedSize);
432   }
433
434 }
Continuous Inspection: https://github.com/SonarSource/sonarqube