]> source.dussan.org Git - sonarqube.git/blob
projects / sonarqube.git / blob
? search:


7e93ed7f4d89ec93266e2eff979f2b511ccb4b12
[sonarqube.git] /
1 /*
2  * SonarQube
3  * Copyright (C) 2009-2023 SonarSource SA
4  * mailto:info AT sonarsource DOT com
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20 package org.sonar.server.permission.index;
21
22 import java.util.Collection;
23 import org.junit.Rule;
24 import org.junit.Test;
25 import org.sonar.api.utils.System2;
26 import org.sonar.db.DbSession;
27 import org.sonar.db.DbTester;
28 import org.sonar.db.component.ProjectData;
29 import org.sonar.db.entity.EntityDto;
30 import org.sonar.db.es.EsQueueDto;
31 import org.sonar.db.portfolio.PortfolioDto;
32 import org.sonar.db.project.ProjectDto;
33 import org.sonar.db.user.GroupDto;
34 import org.sonar.db.user.UserDto;
35 import org.sonar.server.es.EsTester;
36 import org.sonar.server.es.IndexType;
37 import org.sonar.server.es.IndexType.IndexMainType;
38 import org.sonar.server.es.Indexers.EntityEvent;
39 import org.sonar.server.es.IndexingResult;
40 import org.sonar.server.tester.UserSessionRule;
41
42 import static java.util.Arrays.asList;
43 import static java.util.Collections.singletonList;
44 import static org.assertj.core.api.Assertions.assertThat;
45 import static org.sonar.api.resources.Qualifiers.PROJECT;
46 import static org.sonar.api.web.UserRole.ADMIN;
47 import static org.sonar.api.web.UserRole.USER;
48 import static org.sonar.server.es.Indexers.EntityEvent.PERMISSION_CHANGE;
49 import static org.sonar.server.permission.index.IndexAuthorizationConstants.TYPE_AUTHORIZATION;
50
51 public class PermissionIndexerTest {
52
53   private static final IndexMainType INDEX_TYPE_FOO_AUTH = IndexType.main(FooIndexDefinition.DESCRIPTOR, TYPE_AUTHORIZATION);
54
55   @Rule
56   public DbTester db = DbTester.create(System2.INSTANCE);
57   @Rule
58   public EsTester es = EsTester.createCustom(new FooIndexDefinition());
59   @Rule
60   public UserSessionRule userSession = UserSessionRule.standalone();
61
62   private FooIndex fooIndex = new FooIndex(es.client(), new WebAuthorizationTypeSupport(userSession));
63   private FooIndexer fooIndexer = new FooIndexer(es.client(), db.getDbClient());
64   private PermissionIndexer underTest = new PermissionIndexer(db.getDbClient(), es.client(), fooIndexer);
65
66   @Test
67   public void indexOnStartup_grants_access_to_any_user_and_to_group_Anyone_on_public_projects() {
68     ProjectDto project = createAndIndexPublicProject();
69     UserDto user1 = db.users().insertUser();
70     UserDto user2 = db.users().insertUser();
71
72     indexOnStartup();
73
74     verifyAnyoneAuthorized(project);
75     verifyAuthorized(project, user1);
76     verifyAuthorized(project, user2);
77   }
78
79   @Test
80   public void indexAll_grants_access_to_any_user_and_to_group_Anyone_on_public_projects() {
81     ProjectDto project = createAndIndexPublicProject();
82     UserDto user1 = db.users().insertUser();
83     UserDto user2 = db.users().insertUser();
84
85     underTest.indexAll(underTest.getIndexTypes());
86
87     verifyAnyoneAuthorized(project);
88     verifyAuthorized(project, user1);
89     verifyAuthorized(project, user2);
90   }
91
92   @Test
93   public void deletion_resilience_will_deindex_projects() {
94     ProjectDto project1 = createUnindexedPublicProject();
95     ProjectDto project2 = createUnindexedPublicProject();
96     // UserDto user1 = db.users().insertUser();
97     indexOnStartup();
98     assertThat(es.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(2);
99
100     // Simulate a indexation issue
101     db.getDbClient().purgeDao().deleteProject(db.getSession(), project1.getUuid(), PROJECT, project1.getName(), project1.getKey());
102     underTest.prepareForRecoveryOnEntityEvent(db.getSession(), asList(project1.getUuid()), EntityEvent.DELETION);
103     assertThat(db.countRowsOfTable(db.getSession(), "es_queue")).isOne();
104     Collection<EsQueueDto> esQueueDtos = db.getDbClient().esQueueDao().selectForRecovery(db.getSession(), Long.MAX_VALUE, 2);
105
106     underTest.index(db.getSession(), esQueueDtos);
107
108     assertThat(db.countRowsOfTable(db.getSession(), "es_queue")).isZero();
109     assertThat(es.countDocuments(INDEX_TYPE_FOO_AUTH)).isOne();
110   }
111
112   @Test
113   public void indexOnStartup_grants_access_to_user() {
114     ProjectDto project = createAndIndexPrivateProject();
115     UserDto user1 = db.users().insertUser();
116     UserDto user2 = db.users().insertUser();
117     db.users().insertProjectPermissionOnUser(user1, USER, project);
118     db.users().insertProjectPermissionOnUser(user2, ADMIN, project);
119
120     indexOnStartup();
121
122     // anonymous
123     verifyAnyoneNotAuthorized(project);
124
125     // user1 has access
126     verifyAuthorized(project, user1);
127
128     // user2 has not access (only USER permission is accepted)
129     verifyNotAuthorized(project, user2);
130   }
131
132   @Test
133   public void indexOnStartup_grants_access_to_group_on_private_project() {
134     ProjectDto project = createAndIndexPrivateProject();
135     UserDto user1 = db.users().insertUser();
136     UserDto user2 = db.users().insertUser();
137     UserDto user3 = db.users().insertUser();
138     GroupDto group1 = db.users().insertGroup();
139     GroupDto group2 = db.users().insertGroup();
140     db.users().insertEntityPermissionOnGroup(group1, USER, project);
141     db.users().insertEntityPermissionOnGroup(group2, ADMIN, project);
142
143     indexOnStartup();
144
145     // anonymous
146     verifyAnyoneNotAuthorized(project);
147
148     // group1 has access
149     verifyAuthorized(project, user1, group1);
150
151     // group2 has not access (only USER permission is accepted)
152     verifyNotAuthorized(project, user2, group2);
153
154     // user3 is not in any group
155     verifyNotAuthorized(project, user3);
156   }
157
158   @Test
159   public void indexOnStartup_grants_access_to_user_and_group() {
160     ProjectDto project = createAndIndexPrivateProject();
161     UserDto user1 = db.users().insertUser();
162     UserDto user2 = db.users().insertUser();
163     GroupDto group = db.users().insertGroup();
164     db.users().insertMember(group, user2);
165     db.users().insertProjectPermissionOnUser(user1, USER, project);
166     db.users().insertEntityPermissionOnGroup(group, USER, project);
167
168     indexOnStartup();
169
170     // anonymous
171     verifyAnyoneNotAuthorized(project);
172
173     // has direct access
174     verifyAuthorized(project, user1);
175
176     // has access through group
177     verifyAuthorized(project, user1, group);
178
179     // no access
180     verifyNotAuthorized(project, user2);
181   }
182
183   @Test
184   public void indexOnStartup_does_not_grant_access_to_anybody_on_private_project() {
185     ProjectDto project = createAndIndexPrivateProject();
186     UserDto user = db.users().insertUser();
187     GroupDto group = db.users().insertGroup();
188
189     indexOnStartup();
190
191     verifyAnyoneNotAuthorized(project);
192     verifyNotAuthorized(project, user);
193     verifyNotAuthorized(project, user, group);
194   }
195
196   @Test
197   public void indexOnStartup_grants_access_to_anybody_on_public_project() {
198     ProjectDto project = createAndIndexPublicProject();
199     UserDto user = db.users().insertUser();
200     GroupDto group = db.users().insertGroup();
201
202     indexOnStartup();
203
204     verifyAnyoneAuthorized(project);
205     verifyAuthorized(project, user);
206     verifyAuthorized(project, user, group);
207   }
208
209   @Test
210   public void indexOnStartup_grants_access_to_anybody_on_view() {
211     PortfolioDto view = createAndIndexPortfolio();
212     UserDto user = db.users().insertUser();
213     GroupDto group = db.users().insertGroup();
214
215     indexOnStartup();
216
217     verifyAnyoneAuthorized(view);
218     verifyAuthorized(view, user);
219     verifyAuthorized(view, user, group);
220   }
221
222   @Test
223   public void indexOnStartup_grants_access_on_many_projects() {
224     UserDto user1 = db.users().insertUser();
225     UserDto user2 = db.users().insertUser();
226     ProjectDto project = null;
227     for (int i = 0; i < 10; i++) {
228       project = createAndIndexPrivateProject();
229       db.users().insertProjectPermissionOnUser(user1, USER, project);
230     }
231
232     indexOnStartup();
233
234     verifyAnyoneNotAuthorized(project);
235     verifyAuthorized(project, user1);
236     verifyNotAuthorized(project, user2);
237   }
238
239   @Test
240   public void public_projects_are_visible_to_anybody() {
241     ProjectDto projectOnOrg1 = createAndIndexPublicProject();
242     UserDto user = db.users().insertUser();
243
244     indexOnStartup();
245
246     verifyAnyoneAuthorized(projectOnOrg1);
247     verifyAuthorized(projectOnOrg1, user);
248   }
249
250   @Test
251   public void permissions_are_not_updated_on_project_tags_update() {
252     ProjectDto project = createAndIndexPublicProject();
253
254     indexPermissions(project, EntityEvent.PROJECT_TAGS_UPDATE);
255
256     assertThatAuthIndexHasSize(0);
257     verifyAnyoneNotAuthorized(project);
258   }
259
260   @Test
261   public void permissions_are_not_updated_on_project_key_update() {
262     ProjectDto project = createAndIndexPublicProject();
263
264     indexPermissions(project, EntityEvent.PROJECT_TAGS_UPDATE);
265
266     assertThatAuthIndexHasSize(0);
267     verifyAnyoneNotAuthorized(project);
268   }
269
270   @Test
271   public void index_permissions_on_project_creation() {
272     ProjectDto project = createAndIndexPrivateProject();
273     UserDto user = db.users().insertUser();
274     db.users().insertProjectPermissionOnUser(user, USER, project);
275
276     indexPermissions(project, EntityEvent.CREATION);
277
278     assertThatAuthIndexHasSize(1);
279     verifyAuthorized(project, user);
280   }
281
282   @Test
283   public void index_permissions_on_permission_change() {
284     ProjectDto project = createAndIndexPrivateProject();
285     UserDto user1 = db.users().insertUser();
286     UserDto user2 = db.users().insertUser();
287     db.users().insertProjectPermissionOnUser(user1, USER, project);
288     indexPermissions(project, EntityEvent.CREATION);
289     verifyAuthorized(project, user1);
290     verifyNotAuthorized(project, user2);
291
292     db.users().insertProjectPermissionOnUser(user2, USER, project);
293     indexPermissions(project, PERMISSION_CHANGE);
294
295     verifyAuthorized(project, user1);
296     verifyAuthorized(project, user1);
297   }
298
299   @Test
300   public void delete_permissions_on_project_deletion() {
301     ProjectDto project = createAndIndexPrivateProject();
302     UserDto user = db.users().insertUser();
303     db.users().insertProjectPermissionOnUser(user, USER, project);
304     indexPermissions(project, EntityEvent.CREATION);
305     verifyAuthorized(project, user);
306
307     db.getDbClient().purgeDao().deleteProject(db.getSession(), project.getUuid(), PROJECT, project.getUuid(), project.getKey());
308     indexPermissions(project, EntityEvent.DELETION);
309
310     verifyNotAuthorized(project, user);
311     assertThatAuthIndexHasSize(0);
312   }
313
314   @Test
315   public void errors_during_indexing_are_recovered() {
316     ProjectDto project = createAndIndexPublicProject();
317     es.lockWrites(INDEX_TYPE_FOO_AUTH);
318
319     IndexingResult result = indexPermissions(project, PERMISSION_CHANGE);
320     assertThat(result.getTotal()).isOne();
321     assertThat(result.getFailures()).isOne();
322
323     // index is still read-only, fail to recover
324     result = recover();
325     assertThat(result.getTotal()).isOne();
326     assertThat(result.getFailures()).isOne();
327     assertThatAuthIndexHasSize(0);
328     assertThatEsQueueTableHasSize(1);
329
330     es.unlockWrites(INDEX_TYPE_FOO_AUTH);
331
332     result = recover();
333     assertThat(result.getTotal()).isOne();
334     assertThat(result.getFailures()).isZero();
335     verifyAnyoneAuthorized(project);
336     assertThatEsQueueTableHasSize(0);
337   }
338
339   private void assertThatAuthIndexHasSize(int expectedSize) {
340     assertThat(es.countDocuments(FooIndexDefinition.TYPE_AUTHORIZATION)).isEqualTo(expectedSize);
341   }
342
343   private void indexOnStartup() {
344     underTest.indexOnStartup(underTest.getIndexTypes());
345   }
346
347   private void verifyAuthorized(EntityDto entity, UserDto user) {
348     logIn(user);
349     verifyAuthorized(entity, true);
350   }
351
352   private void verifyAuthorized(EntityDto entity, UserDto user, GroupDto group) {
353     logIn(user).setGroups(group);
354     verifyAuthorized(entity, true);
355   }
356
357   private void verifyNotAuthorized(EntityDto entity, UserDto user) {
358     logIn(user);
359     verifyAuthorized(entity, false);
360   }
361
362   private void verifyNotAuthorized(EntityDto entity, UserDto user, GroupDto group) {
363     logIn(user).setGroups(group);
364     verifyAuthorized(entity, false);
365   }
366
367   private void verifyAnyoneAuthorized(EntityDto entity) {
368     userSession.anonymous();
369     verifyAuthorized(entity, true);
370   }
371
372   private void verifyAnyoneNotAuthorized(EntityDto entity) {
373     userSession.anonymous();
374     verifyAuthorized(entity, false);
375   }
376
377   private void verifyAuthorized(EntityDto entity, boolean expectedAccess) {
378     assertThat(fooIndex.hasAccessToProject(entity.getUuid())).isEqualTo(expectedAccess);
379   }
380
381   private UserSessionRule logIn(UserDto u) {
382     userSession.logIn(u);
383     return userSession;
384   }
385
386   private IndexingResult indexPermissions(EntityDto entity, EntityEvent cause) {
387     DbSession dbSession = db.getSession();
388     Collection<EsQueueDto> items = underTest.prepareForRecoveryOnEntityEvent(dbSession, singletonList(entity.getUuid()), cause);
389     dbSession.commit();
390     return underTest.index(dbSession, items);
391   }
392
393   private ProjectDto createUnindexedPublicProject() {
394     return db.components().insertPublicProject().getProjectDto();
395   }
396
397   private ProjectDto createAndIndexPrivateProject() {
398     ProjectData project = db.components().insertPrivateProject();
399     fooIndexer.indexOnAnalysis(project.getMainBranchDto().getUuid());
400     return project.getProjectDto();
401   }
402
403   private ProjectDto createAndIndexPublicProject() {
404     ProjectData project = db.components().insertPublicProject();
405     fooIndexer.indexOnAnalysis(project.getMainBranchDto().getUuid());
406     return project.getProjectDto();
407   }
408
409   private PortfolioDto createAndIndexPortfolio() {
410     PortfolioDto view = db.components().insertPublicPortfolioDto();
411     fooIndexer.indexOnAnalysis(view.getUuid());
412     return view;
413   }
414
415   private IndexingResult recover() {
416     Collection<EsQueueDto> items = db.getDbClient().esQueueDao().selectForRecovery(db.getSession(), System.currentTimeMillis() + 1_000L, 10);
417     return underTest.index(db.getSession(), items);
418   }
419
420   private void assertThatEsQueueTableHasSize(int expectedSize) {
421     assertThat(db.countRowsOfTable("es_queue")).isEqualTo(expectedSize);
422   }
423
424 }
Continuous Inspection: https://github.com/SonarSource/sonarqube