source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2016 SonarSource SA
   4  * mailto:contact AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.server.permission.ws.template;
  21
  22 import com.google.common.base.Predicate;
  23 import com.google.common.collect.FluentIterable;
  24 import java.util.List;
  25 import javax.annotation.Nullable;
  26 import org.junit.Before;
  27 import org.junit.Rule;
  28 import org.junit.Test;
  29 import org.junit.rules.ExpectedException;
  30 import org.sonar.api.config.Settings;
  31 import org.sonar.api.resources.Qualifiers;
  32 import org.sonar.api.utils.System2;
  33 import org.sonar.api.web.UserRole;
  34 import org.sonar.core.permission.GlobalPermissions;
  35 import org.sonar.db.DbClient;
  36 import org.sonar.db.DbSession;
  37 import org.sonar.db.DbTester;
  38 import org.sonar.db.component.ComponentDto;
  39 import org.sonar.db.component.ResourceTypesRule;
  40 import org.sonar.db.permission.GroupWithPermissionDto;
  41 import org.sonar.db.permission.OldPermissionQuery;
  42 import org.sonar.db.permission.PermissionRepository;
  43 import org.sonar.db.permission.template.PermissionTemplateDto;
  44 import org.sonar.db.permission.UserWithPermissionDto;
  45 import org.sonar.db.user.GroupDto;
  46 import org.sonar.db.user.GroupRoleDto;
  47 import org.sonar.db.user.UserDto;
  48 import org.sonar.db.user.UserPermissionDto;
  49 import org.sonar.server.component.ComponentFinder;
  50 import org.sonar.server.exceptions.BadRequestException;
  51 import org.sonar.server.exceptions.ForbiddenException;
  52 import org.sonar.server.exceptions.NotFoundException;
  53 import org.sonar.server.exceptions.UnauthorizedException;
  54 import org.sonar.server.issue.index.IssueAuthorizationIndexer;
  55 import org.sonar.server.permission.PermissionService;
  56 import org.sonar.server.permission.ws.PermissionDependenciesFinder;
  57 import org.sonar.server.tester.UserSessionRule;
  58 import org.sonar.server.usergroups.ws.UserGroupFinder;
  59 import org.sonar.server.ws.TestRequest;
  60 import org.sonar.server.ws.TestResponse;
  61 import org.sonar.server.ws.WsActionTester;
  62
  63 import static org.assertj.core.api.Assertions.assertThat;
  64 import static org.mockito.Mockito.mock;
  65 import static org.mockito.Mockito.verify;
  66 import static org.sonar.db.component.ComponentTesting.newProjectDto;
  67 import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
  68 import static org.sonar.db.user.GroupMembershipQuery.IN;
  69 import static org.sonar.db.user.GroupTesting.newGroupDto;
  70 import static org.sonar.db.user.UserTesting.newUserDto;
  71 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
  72 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
  73 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
  74 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
  75
  76
  77 public class ApplyTemplateActionTest {
  78
  79   @Rule
  80   public DbTester db = DbTester.create(System2.INSTANCE);
  81   @Rule
  82   public UserSessionRule userSession = UserSessionRule.standalone();
  83   @Rule
  84   public ExpectedException expectedException = ExpectedException.none();
  85   ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, "DEV");
  86
  87   WsActionTester ws;
  88   DbClient dbClient;
  89   DbSession dbSession;
  90
  91   UserDto user1;
  92   UserDto user2;
  93   GroupDto group1;
  94   GroupDto group2;
  95   ComponentDto project;
  96   PermissionTemplateDto template1;
  97   PermissionTemplateDto template2;
  98   IssueAuthorizationIndexer issueAuthorizationIndexer = mock(IssueAuthorizationIndexer.class);
  99
 100   @Before
 101   public void setUp() {
 102     userSession.login("login").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
 103     dbClient = db.getDbClient();
 104     dbSession = db.getSession();
 105
 106     PermissionRepository repository = new PermissionRepository(dbClient, new Settings());
 107     ComponentFinder componentFinder = new ComponentFinder(dbClient);
 108     PermissionService permissionService = new PermissionService(dbClient, repository, issueAuthorizationIndexer, userSession, componentFinder);
 109     PermissionDependenciesFinder permissionDependenciesFinder = new PermissionDependenciesFinder(dbClient, componentFinder, new UserGroupFinder(dbClient), resourceTypes);
 110
 111     ApplyTemplateAction underTest = new ApplyTemplateAction(dbClient, permissionService, permissionDependenciesFinder);
 112     ws = new WsActionTester(underTest);
 113
 114     user1 = insertUser(newUserDto().setLogin("user-login-1"));
 115     user2 = insertUser(newUserDto().setLogin("user-login-2"));
 116     group1 = insertGroup(newGroupDto().setName("group-name-1"));
 117     group2 = insertGroup(newGroupDto().setName("group-name-2"));
 118
 119     // template 1
 120     template1 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-1"));
 121     addUserToTemplate(user1, template1, UserRole.CODEVIEWER);
 122     addUserToTemplate(user2, template1, UserRole.ISSUE_ADMIN);
 123     addGroupToTemplate(group1, template1, UserRole.ADMIN);
 124     addGroupToTemplate(group2, template1, UserRole.USER);
 125     // template 2
 126     template2 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-2"));
 127     addUserToTemplate(user1, template2, UserRole.USER);
 128     addUserToTemplate(user2, template2, UserRole.USER);
 129     addGroupToTemplate(group1, template2, UserRole.USER);
 130     addGroupToTemplate(group2, template2, UserRole.USER);
 131
 132     project = insertProject(newProjectDto("project-uuid-1"));
 133     addUserPermissionToProject(user1, project, UserRole.ADMIN);
 134     addUserPermissionToProject(user2, project, UserRole.ADMIN);
 135     addGroupPermissionToProject(group1, project, UserRole.ADMIN);
 136     addGroupPermissionToProject(group2, project, UserRole.ADMIN);
 137
 138     commit();
 139   }
 140
 141   @Test
 142   public void apply_template_with_project_uuid() {
 143     assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).hasSize(2);
 144     assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).hasSize(2);
 145
 146     newRequest(template1.getUuid(), project.uuid(), null);
 147
 148     assertTemplate1AppliedToProject();
 149     verify(issueAuthorizationIndexer).index();
 150   }
 151
 152   @Test
 153   public void apply_template_with_project_uuid_by_template_name() {
 154     ws.newRequest()
 155       .setParam(PARAM_TEMPLATE_NAME, template1.getName().toUpperCase())
 156       .setParam(PARAM_PROJECT_ID, project.uuid())
 157       .execute();
 158     commit();
 159
 160     assertTemplate1AppliedToProject();
 161   }
 162
 163   @Test
 164   public void apply_template_with_project_key() {
 165     newRequest(template1.getUuid(), null, project.key());
 166
 167     assertTemplate1AppliedToProject();
 168   }
 169
 170   @Test
 171   public void fail_when_unknown_template() {
 172     expectedException.expect(NotFoundException.class);
 173     expectedException.expectMessage("Permission template with id 'unknown-template-uuid' is not found");
 174
 175     newRequest("unknown-template-uuid", project.uuid(), null);
 176   }
 177
 178   @Test
 179   public void fail_when_unknown_project_uuid() {
 180     expectedException.expect(NotFoundException.class);
 181     expectedException.expectMessage("Project id 'unknown-project-uuid' not found");
 182
 183     newRequest(template1.getUuid(), "unknown-project-uuid", null);
 184   }
 185
 186   @Test
 187   public void fail_when_unknown_project_key() {
 188     expectedException.expect(NotFoundException.class);
 189     expectedException.expectMessage("Project key 'unknown-project-key' not found");
 190
 191     newRequest(template1.getUuid(), null, "unknown-project-key");
 192   }
 193
 194   @Test
 195   public void fail_when_template_is_not_provided() {
 196     expectedException.expect(BadRequestException.class);
 197
 198     newRequest(null, project.uuid(), null);
 199   }
 200
 201   @Test
 202   public void fail_when_project_uuid_and_key_not_provided() {
 203     expectedException.expect(BadRequestException.class);
 204     expectedException.expectMessage("Project id or project key must be provided, not both.");
 205
 206     newRequest(template1.getUuid(), null, null);
 207   }
 208
 209   @Test
 210   public void fail_when_anonymous() {
 211     expectedException.expect(UnauthorizedException.class);
 212     userSession.anonymous();
 213
 214     newRequest(template1.getUuid(), project.uuid(), null);
 215   }
 216
 217   @Test
 218   public void fail_when_insufficient_privileges() {
 219     expectedException.expect(ForbiddenException.class);
 220     userSession.login().setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
 221
 222     newRequest(template1.getUuid(), project.uuid(), null);
 223   }
 224
 225   private void assertTemplate1AppliedToProject() {
 226     assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).extracting("name").containsExactly(group1.getName());
 227     assertThat(selectProjectPermissionGroups(project, UserRole.USER)).extracting("name").containsExactly(group2.getName());
 228     assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
 229     assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).extracting("login").containsExactly(user1.getLogin());
 230     assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).extracting("login").containsExactly(user2.getLogin());
 231   }
 232
 233   private TestResponse newRequest(@Nullable String templateUuid, @Nullable String projectUuid, @Nullable String projectKey) {
 234     TestRequest request = ws.newRequest();
 235     if (templateUuid != null) {
 236       request.setParam(PARAM_TEMPLATE_ID, templateUuid);
 237     }
 238     if (projectUuid != null) {
 239       request.setParam(PARAM_PROJECT_ID, projectUuid);
 240     }
 241     if (projectKey != null) {
 242       request.setParam(PARAM_PROJECT_KEY, projectKey);
 243     }
 244
 245     TestResponse result = request.execute();
 246     commit();
 247
 248     return result;
 249   }
 250
 251   private ComponentDto insertProject(ComponentDto project) {
 252     dbClient.componentDao().insert(dbSession, project);
 253     return dbClient.componentDao().selectOrFailByUuid(dbSession, project.uuid());
 254   }
 255
 256   private PermissionTemplateDto insertTemplate(PermissionTemplateDto template) {
 257     return dbClient.permissionTemplateDao().insert(dbSession, template);
 258   }
 259
 260   private UserDto insertUser(UserDto userDto) {
 261     return dbClient.userDao().insert(dbSession, userDto.setActive(true));
 262   }
 263
 264   private GroupDto insertGroup(GroupDto group) {
 265     return dbClient.groupDao().insert(dbSession, group);
 266   }
 267
 268   private void addUserToTemplate(UserDto user, PermissionTemplateDto permissionTemplate, String permission) {
 269     dbClient.permissionTemplateDao().insertUserPermission(dbSession, permissionTemplate.getId(), user.getId(), permission);
 270   }
 271
 272   private void addGroupToTemplate(GroupDto group, PermissionTemplateDto permissionTemplate, String permission) {
 273     dbClient.permissionTemplateDao().insertGroupPermission(dbSession, permissionTemplate.getId(), group.getId(), permission);
 274   }
 275
 276   private void addUserPermissionToProject(UserDto user, ComponentDto project, String permission) {
 277     dbClient.roleDao().insertUserRole(dbSession, new UserPermissionDto()
 278       .setPermission(permission)
 279       .setUserId(user.getId())
 280       .setComponentId(project.getId()));
 281   }
 282
 283   private void addGroupPermissionToProject(GroupDto group, ComponentDto project, String permission) {
 284     dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto()
 285       .setRole(permission)
 286       .setResourceId(project.getId())
 287       .setGroupId(group.getId()));
 288   }
 289
 290   private List<GroupWithPermissionDto> selectProjectPermissionGroups(ComponentDto project, String permission) {
 291     return FluentIterable.from(dbClient.permissionDao().selectGroups(dbSession, query(permission), project.getId()))
 292       .filter(new PermissionNotNull())
 293       .toList();
 294   }
 295
 296   private List<UserWithPermissionDto> selectProjectPermissionUsers(ComponentDto project, String permission) {
 297     return dbClient.permissionDao().selectUsers(dbSession, query(permission), project.getId(), 0, Integer.MAX_VALUE);
 298   }
 299
 300   private void commit() {
 301     dbSession.commit();
 302   }
 303
 304   private static OldPermissionQuery query(String permission) {
 305     return OldPermissionQuery.builder().membership(IN).permission(permission).build();
 306   }
 307
 308   private static class PermissionNotNull implements Predicate<GroupWithPermissionDto> {
 309     @Override
 310     public boolean apply(@Nullable GroupWithPermissionDto input) {
 311       return input.getPermission() != null;
 312     }
 313   }
 314 }