3 * Copyright (C) 2009-2016 SonarSource SA
4 * mailto:contact AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.server.permission.ws.template;
22 import java.util.Collections;
23 import java.util.List;
24 import javax.annotation.Nullable;
25 import org.junit.Before;
26 import org.junit.Rule;
27 import org.junit.Test;
28 import org.sonar.api.config.MapSettings;
29 import org.sonar.api.web.UserRole;
30 import org.sonar.core.permission.GlobalPermissions;
31 import org.sonar.db.component.ComponentDto;
32 import org.sonar.db.organization.OrganizationDto;
33 import org.sonar.db.permission.PermissionQuery;
34 import org.sonar.db.permission.PermissionRepository;
35 import org.sonar.db.permission.template.PermissionTemplateDto;
36 import org.sonar.db.user.GroupDto;
37 import org.sonar.db.user.UserDto;
38 import org.sonar.server.component.ComponentFinder;
39 import org.sonar.server.component.es.ProjectMeasuresIndexDefinition;
40 import org.sonar.server.es.EsTester;
41 import org.sonar.server.exceptions.BadRequestException;
42 import org.sonar.server.exceptions.ForbiddenException;
43 import org.sonar.server.exceptions.NotFoundException;
44 import org.sonar.server.issue.index.IssueIndexDefinition;
45 import org.sonar.server.permission.PermissionService;
46 import org.sonar.server.permission.index.PermissionIndexer;
47 import org.sonar.server.permission.index.PermissionIndexerTester;
48 import org.sonar.server.permission.ws.BasePermissionWsTest;
49 import org.sonar.server.ws.WsTester;
51 import static java.util.Collections.singletonList;
52 import static org.assertj.core.api.Assertions.assertThat;
53 import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
54 import static org.sonar.db.component.ComponentTesting.newProjectDto;
55 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.CONTROLLER;
56 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
57 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
58 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
59 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
61 public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateAction> {
64 public EsTester esTester = new EsTester(new IssueIndexDefinition(new MapSettings()), new ProjectMeasuresIndexDefinition(new MapSettings()));
66 private static final String ACTION = "apply_template";
68 private UserDto user1;
69 private UserDto user2;
70 private GroupDto group1;
71 private GroupDto group2;
72 private ComponentDto project;
73 private PermissionTemplateDto template1;
74 private PermissionTemplateDto template2;
76 private PermissionIndexerTester authorizationIndexerTester = new PermissionIndexerTester(esTester);
78 private PermissionIndexer permissionIndexer = new PermissionIndexer(db.getDbClient(), esTester.client());
81 protected ApplyTemplateAction buildWsAction() {
82 PermissionRepository repository = new PermissionRepository(db.getDbClient(), new MapSettings());
83 ComponentFinder componentFinder = new ComponentFinder(db.getDbClient());
84 PermissionService permissionService = new PermissionService(db.getDbClient(), repository, permissionIndexer, userSession, componentFinder);
85 return new ApplyTemplateAction(db.getDbClient(), userSession, permissionService, newPermissionWsSupport());
90 user1 = db.users().insertUser("user-login-1");
91 user2 = db.users().insertUser("user-login-2");
92 OrganizationDto defaultOrg = db.getDefaultOrganization();
93 group1 = db.users().insertGroup(defaultOrg, "group-name-1");
94 group2 = db.users().insertGroup(defaultOrg, "group-name-2");
97 template1 = insertTemplate();
98 addUserToTemplate(user1, template1, UserRole.CODEVIEWER);
99 addUserToTemplate(user2, template1, UserRole.ISSUE_ADMIN);
100 addGroupToTemplate(group1, template1, UserRole.ADMIN);
101 addGroupToTemplate(group2, template1, UserRole.USER);
103 template2 = insertTemplate();
104 addUserToTemplate(user1, template2, UserRole.USER);
105 addUserToTemplate(user2, template2, UserRole.USER);
106 addGroupToTemplate(group1, template2, UserRole.USER);
107 addGroupToTemplate(group2, template2, UserRole.USER);
109 project = db.components().insertComponent(newProjectDto("project-uuid-1"));
110 db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project);
111 db.users().insertProjectPermissionOnUser(user2, UserRole.ADMIN, project);
112 db.users().insertProjectPermissionOnGroup(group1, UserRole.ADMIN, project);
113 db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project);
117 public void apply_template_with_project_uuid() throws Exception {
118 loginAsAdminOnDefaultOrganization();
120 newRequest(template1.getUuid(), project.uuid(), null);
122 assertTemplate1AppliedToProject();
126 public void apply_template_with_project_uuid_by_template_name() throws Exception {
127 loginAsAdminOnDefaultOrganization();
129 wsTester.newPostRequest(CONTROLLER, ACTION)
130 .setParam(PARAM_TEMPLATE_NAME, template1.getName().toUpperCase())
131 .setParam(PARAM_PROJECT_ID, project.uuid())
134 assertTemplate1AppliedToProject();
138 public void apply_template_with_project_key() throws Exception {
139 loginAsAdminOnDefaultOrganization();
141 newRequest(template1.getUuid(), null, project.key());
143 assertTemplate1AppliedToProject();
147 public void fail_when_unknown_template() throws Exception {
148 loginAsAdminOnDefaultOrganization();
150 expectedException.expect(NotFoundException.class);
151 expectedException.expectMessage("Permission template with id 'unknown-template-uuid' is not found");
153 newRequest("unknown-template-uuid", project.uuid(), null);
157 public void fail_when_unknown_project_uuid() throws Exception {
158 loginAsAdminOnDefaultOrganization();
160 expectedException.expect(NotFoundException.class);
161 expectedException.expectMessage("Project id 'unknown-project-uuid' not found");
163 newRequest(template1.getUuid(), "unknown-project-uuid", null);
167 public void fail_when_unknown_project_key() throws Exception {
168 loginAsAdminOnDefaultOrganization();
170 expectedException.expect(NotFoundException.class);
171 expectedException.expectMessage("Project key 'unknown-project-key' not found");
173 newRequest(template1.getUuid(), null, "unknown-project-key");
177 public void fail_when_template_is_not_provided() throws Exception {
178 loginAsAdminOnDefaultOrganization();
180 expectedException.expect(BadRequestException.class);
182 newRequest(null, project.uuid(), null);
186 public void fail_when_project_uuid_and_key_not_provided() throws Exception {
187 loginAsAdminOnDefaultOrganization();
189 expectedException.expect(BadRequestException.class);
190 expectedException.expectMessage("Project id or project key can be provided, not both.");
192 newRequest(template1.getUuid(), null, null);
196 public void fail_when_not_admin_of_organization() throws Exception {
197 userSession.login().addOrganizationPermission("otherOrg", SYSTEM_ADMIN);
199 expectedException.expect(ForbiddenException.class);
200 userSession.login().setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
202 newRequest(template1.getUuid(), project.uuid(), null);
205 private void assertTemplate1AppliedToProject() {
206 assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).containsExactly(group1.getName());
207 assertThat(selectProjectPermissionGroups(project, UserRole.USER)).containsExactly(group2.getName());
208 assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
209 assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).containsExactly(user1.getLogin());
210 assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).containsExactly(user2.getLogin());
212 authorizationIndexerTester.verifyProjectExistsWithPermission(project.uuid(), singletonList(group2.getName()), Collections.emptyList());
215 private WsTester.Result newRequest(@Nullable String templateUuid, @Nullable String projectUuid, @Nullable String projectKey) throws Exception {
216 WsTester.TestRequest request = wsTester.newPostRequest(CONTROLLER, ACTION);
217 if (templateUuid != null) {
218 request.setParam(PARAM_TEMPLATE_ID, templateUuid);
220 if (projectUuid != null) {
221 request.setParam(PARAM_PROJECT_ID, projectUuid);
223 if (projectKey != null) {
224 request.setParam(PARAM_PROJECT_KEY, projectKey);
227 return request.execute();
230 private void addUserToTemplate(UserDto user, PermissionTemplateDto permissionTemplate, String permission) {
231 db.getDbClient().permissionTemplateDao().insertUserPermission(db.getSession(), permissionTemplate.getId(), user.getId(), permission);
235 private void addGroupToTemplate(GroupDto group, PermissionTemplateDto permissionTemplate, String permission) {
236 db.getDbClient().permissionTemplateDao().insertGroupPermission(db.getSession(), permissionTemplate.getId(), group.getId(), permission);
240 private List<String> selectProjectPermissionGroups(ComponentDto project, String permission) {
241 PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build();
242 return db.getDbClient().groupPermissionDao().selectGroupNamesByPermissionQuery(db.getSession(), query);
245 private List<String> selectProjectPermissionUsers(ComponentDto project, String permission) {
246 PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build();
247 return db.getDbClient().userPermissionDao().selectLogins(db.getSession(), query);