]> source.dussan.org Git - sonarqube.git/blob
792392e14e266d5c2f7fc132c5e71bb06acf3482
[sonarqube.git] /
1 /*
2  * SonarQube, open source software quality management tool.
3  * Copyright (C) 2008-2014 SonarSource
4  * mailto:contact AT sonarsource DOT com
5  *
6  * SonarQube is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * SonarQube is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20
21 package org.sonar.server.permission.ws;
22
23 import java.util.List;
24 import javax.annotation.Nullable;
25 import org.junit.Before;
26 import org.junit.Rule;
27 import org.junit.Test;
28 import org.junit.rules.ExpectedException;
29 import org.sonar.api.resources.Qualifiers;
30 import org.sonar.api.resources.ResourceType;
31 import org.sonar.api.resources.ResourceTypes;
32 import org.sonar.api.utils.System2;
33 import org.sonar.api.web.UserRole;
34 import org.sonar.core.permission.GlobalPermissions;
35 import org.sonar.db.DbClient;
36 import org.sonar.db.DbSession;
37 import org.sonar.db.DbTester;
38 import org.sonar.db.component.ComponentDto;
39 import org.sonar.db.user.GroupDto;
40 import org.sonar.db.user.GroupRoleDto;
41 import org.sonar.db.user.UserDto;
42 import org.sonar.db.user.UserRoleDto;
43 import org.sonar.server.component.ComponentFinder;
44 import org.sonar.server.exceptions.ForbiddenException;
45 import org.sonar.server.exceptions.UnauthorizedException;
46 import org.sonar.server.i18n.I18nRule;
47 import org.sonar.server.tester.UserSessionRule;
48 import org.sonar.server.usergroups.ws.UserGroupFinder;
49 import org.sonar.server.ws.WsActionTester;
50
51 import static java.util.Arrays.asList;
52 import static org.assertj.core.api.Assertions.assertThat;
53 import static org.mockito.Mockito.mock;
54 import static org.mockito.Mockito.when;
55 import static org.sonar.api.server.ws.WebService.Param.PAGE;
56 import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
57 import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
58 import static org.sonar.db.component.ComponentTesting.newDeveloper;
59 import static org.sonar.db.component.ComponentTesting.newProjectCopy;
60 import static org.sonar.db.component.ComponentTesting.newProjectDto;
61 import static org.sonar.db.component.ComponentTesting.newView;
62 import static org.sonar.db.user.GroupTesting.newGroupDto;
63 import static org.sonar.db.user.UserTesting.newUserDto;
64 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
65 import static org.sonar.test.JsonAssert.assertJson;
66
67 public class SearchProjectPermissionsActionTest {
68   @Rule
69   public ExpectedException expectedException = ExpectedException.none();
70   @Rule
71   public UserSessionRule userSession = UserSessionRule.standalone();
72   @Rule
73   public DbTester db = DbTester.create(System2.INSTANCE);
74
75   WsActionTester ws;
76   I18nRule i18n = new I18nRule();
77   DbClient dbClient = db.getDbClient();
78   DbSession dbSession = db.getSession();
79   ResourceTypes resourceTypes = mock(ResourceTypes.class);
80   SearchProjectPermissionsDataLoader dataLoader;
81
82   SearchProjectPermissionsAction underTest;
83
84   @Before
85   public void setUp() {
86     resourceTypes = mock(ResourceTypes.class);
87     when(resourceTypes.getRoots()).thenReturn(rootResourceTypes());
88     ComponentFinder componentFinder = new ComponentFinder(dbClient);
89     PermissionDependenciesFinder finder = new PermissionDependenciesFinder(dbClient, componentFinder, new UserGroupFinder(dbClient), resourceTypes);
90     i18n.setProjectPermissions();
91
92     dataLoader = new SearchProjectPermissionsDataLoader(dbClient, finder, resourceTypes);
93     underTest = new SearchProjectPermissionsAction(dbClient, userSession, i18n, dataLoader);
94
95     ws = new WsActionTester(underTest);
96
97     userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
98   }
99
100   @Test
101   public void search_project_permissions() {
102     UserDto user1 = insertUser(newUserDto());
103     UserDto user2 = insertUser(newUserDto());
104     UserDto user3 = insertUser(newUserDto());
105
106     ComponentDto jdk7 = insertJdk7();
107     ComponentDto project2 = insertClang();
108     ComponentDto dev = insertDeveloper();
109     ComponentDto view = insertView();
110     insertProjectInView(jdk7, view);
111
112     insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), jdk7.getId());
113     insertUserRole(UserRole.ADMIN, user1.getId(), jdk7.getId());
114     insertUserRole(UserRole.ADMIN, user2.getId(), jdk7.getId());
115     insertUserRole(UserRole.ADMIN, user3.getId(), jdk7.getId());
116     insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), project2.getId());
117     insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), dev.getId());
118     insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), view.getId());
119     // global permission
120     insertUserRole(GlobalPermissions.SYSTEM_ADMIN, user1.getId(), null);
121
122     GroupDto group1 = insertGroup(newGroupDto());
123     GroupDto group2 = insertGroup(newGroupDto());
124     GroupDto group3 = insertGroup(newGroupDto());
125
126     insertGroupRole(UserRole.ADMIN, jdk7.getId(), null);
127     insertGroupRole(UserRole.ADMIN, jdk7.getId(), group1.getId());
128     insertGroupRole(UserRole.ADMIN, jdk7.getId(), group2.getId());
129     insertGroupRole(UserRole.ADMIN, jdk7.getId(), group3.getId());
130     insertGroupRole(UserRole.ADMIN, dev.getId(), group2.getId());
131     insertGroupRole(UserRole.ADMIN, view.getId(), group2.getId());
132
133     commit();
134
135     String result = ws.newRequest().execute().getInput();
136
137     assertJson(result).isSimilarTo(getClass().getResource("search_project_permissions-example.json"));
138   }
139
140   @Test
141   public void empty_result() {
142     String result = ws.newRequest().execute().getInput();
143
144     assertJson(result).isSimilarTo(getClass().getResource("SearchProjectPermissionsActionTest/empty.json"));
145   }
146
147   @Test
148   public void search_project_permissions_with_project_permission() {
149     userSession.login().addProjectUuidPermissions(UserRole.ADMIN, "project-uuid");
150     insertComponent(newProjectDto("project-uuid"));
151     commit();
152
153     String result = ws.newRequest()
154       .setParam(PARAM_PROJECT_ID, "project-uuid")
155       .execute().getInput();
156
157     assertThat(result).contains("project-uuid");
158   }
159
160   @Test
161   public void has_projects_ordered_by_name() {
162     for (int i = 9; i >= 1; i--) {
163       insertComponent(newProjectDto()
164         .setName("project-name-" + i));
165     }
166     commit();
167
168     String result = ws.newRequest()
169       .setParam(PAGE, "1")
170       .setParam(PAGE_SIZE, "3")
171       .execute().getInput();
172
173     assertThat(result)
174       .contains("project-name-1", "project-name-2", "project-name-3")
175       .doesNotContain("project-name-4");
176   }
177
178   @Test
179   public void search_by_query_on_name() {
180     insertComponent(newProjectDto().setName("project-name"));
181     insertComponent(newProjectDto().setName("another-name"));
182     commit();
183
184     String result = ws.newRequest()
185       .setParam(TEXT_QUERY, "project")
186       .execute().getInput();
187
188     assertThat(result).contains("project-name")
189       .doesNotContain("another-name");
190   }
191
192   @Test
193   public void search_by_query_on_key() {
194     insertComponent(newProjectDto().setKey("project-key"));
195     insertComponent(newProjectDto().setKey("another-key"));
196     commit();
197
198     String result = ws.newRequest()
199       .setParam(TEXT_QUERY, "project")
200       .execute().getInput();
201
202     assertThat(result).contains("project-key")
203       .doesNotContain("another-key");
204   }
205
206   @Test
207   public void handle_more_than_1000_projects() {
208     for (int i = 1; i <= 1001; i++) {
209       insertComponent(newProjectDto("project-uuid-" + i));
210     }
211     commit();
212
213     String result = ws.newRequest()
214       .setParam(TEXT_QUERY, "project")
215       .setParam(PAGE_SIZE, "1001")
216       .execute().getInput();
217
218     assertThat(result).contains("project-uuid-1", "project-uuid-999", "project-uuid-1001");
219   }
220
221   @Test
222   public void result_depends_of_root_types() {
223     ResourceType projectResourceType = ResourceType.builder(Qualifiers.PROJECT).build();
224     when(resourceTypes.getRoots()).thenReturn(asList(projectResourceType));
225     insertComponent(newView("view-uuid"));
226     insertComponent(newDeveloper("developer-name"));
227     insertComponent(newProjectDto("project-uuid"));
228     commit();
229     dataLoader = new SearchProjectPermissionsDataLoader(dbClient, new PermissionDependenciesFinder(dbClient, new ComponentFinder(dbClient), new UserGroupFinder(dbClient), resourceTypes),
230       resourceTypes);
231     underTest = new SearchProjectPermissionsAction(dbClient, userSession, i18n, dataLoader);
232     ws = new WsActionTester(underTest);
233
234     String result = ws.newRequest().execute().getInput();
235
236     assertThat(result).contains("project-uuid")
237       .doesNotContain("view-uuid")
238       .doesNotContain("developer-name");
239   }
240
241   @Test
242   public void fail_if_not_logged_in() {
243     expectedException.expect(UnauthorizedException.class);
244     userSession.anonymous();
245
246     ws.newRequest().execute();
247   }
248
249   @Test
250   public void fail_if_not_admin() {
251     expectedException.expect(ForbiddenException.class);
252     userSession.login();
253
254     ws.newRequest().execute();
255   }
256
257   private ComponentDto insertView() {
258     return insertComponent(newView()
259       .setUuid("752d8bfd-420c-4a83-a4e5-8ab19b13c8fc")
260       .setName("Java")
261       .setKey("Java"));
262   }
263
264   private ComponentDto insertProjectInView(ComponentDto project, ComponentDto view) {
265     return insertComponent(newProjectCopy("project-in-view-uuid", project, view));
266   }
267
268   private ComponentDto insertDeveloper() {
269     return insertComponent(newDeveloper("Simon Brandhof")
270       .setUuid("4e607bf9-7ed0-484a-946d-d58ba7dab2fb")
271       .setKey("simon-brandhof"));
272   }
273
274   private ComponentDto insertClang() {
275     return insertComponent(newProjectDto("project-uuid-2")
276       .setName("Clang")
277       .setKey("clang")
278       .setUuid("ce4c03d6-430f-40a9-b777-ad877c00aa4d"));
279   }
280
281   private ComponentDto insertJdk7() {
282     return insertComponent(newProjectDto("project-uuid-1")
283       .setName("JDK 7")
284       .setKey("net.java.openjdk:jdk7")
285       .setUuid("0bd7b1e7-91d6-439e-a607-4a3a9aad3c6a"));
286   }
287
288   private UserDto insertUser(UserDto user) {
289     return dbClient.userDao().insert(dbSession, user.setActive(true));
290   }
291
292   private void insertUserRole(String permission, long userId, @Nullable Long resourceId) {
293     dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto()
294       .setRole(permission)
295       .setUserId(userId)
296       .setResourceId(resourceId));
297   }
298
299   private GroupDto insertGroup(GroupDto group) {
300     return dbClient.groupDao().insert(dbSession, group);
301   }
302
303   private void insertGroupRole(String permission, @Nullable Long resourceId, @Nullable Long groupId) {
304     dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto().setRole(permission).setResourceId(resourceId).setGroupId(groupId));
305   }
306
307   private ComponentDto insertComponent(ComponentDto component) {
308     dbClient.componentDao().insert(dbSession, component.setEnabled(true));
309     return dbClient.componentDao().selectOrFailByUuid(dbSession, component.uuid());
310   }
311
312   private void commit() {
313     dbSession.commit();
314   }
315
316   private static List<ResourceType> rootResourceTypes() {
317     ResourceType project = ResourceType.builder(Qualifiers.PROJECT).build();
318     ResourceType view = ResourceType.builder(Qualifiers.VIEW).build();
319     ResourceType dev = ResourceType.builder("DEV").build();
320
321     return asList(project, view, dev);
322   }
323 }