source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2016 SonarSource SA
   4  * mailto:contact AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20
  21 package org.sonar.server.permission.ws.template;
  22
  23 import com.google.common.base.Predicate;
  24 import com.google.common.collect.FluentIterable;
  25 import java.util.List;
  26 import javax.annotation.Nullable;
  27 import org.junit.Before;
  28 import org.junit.Rule;
  29 import org.junit.Test;
  30 import org.junit.rules.ExpectedException;
  31 import org.sonar.api.config.Settings;
  32 import org.sonar.api.resources.Qualifiers;
  33 import org.sonar.api.server.ws.WebService.Param;
  34 import org.sonar.api.utils.System2;
  35 import org.sonar.api.web.UserRole;
  36 import org.sonar.core.permission.GlobalPermissions;
  37 import org.sonar.db.DbClient;
  38 import org.sonar.db.DbSession;
  39 import org.sonar.db.DbTester;
  40 import org.sonar.db.component.ComponentDbTester;
  41 import org.sonar.db.component.ComponentDto;
  42 import org.sonar.db.component.ResourceTypesRule;
  43 import org.sonar.db.permission.GroupWithPermissionDto;
  44 import org.sonar.db.permission.PermissionQuery;
  45 import org.sonar.db.permission.PermissionRepository;
  46 import org.sonar.db.permission.PermissionTemplateDto;
  47 import org.sonar.db.permission.UserWithPermissionDto;
  48 import org.sonar.db.user.GroupDbTester;
  49 import org.sonar.db.user.GroupDto;
  50 import org.sonar.db.user.GroupRoleDto;
  51 import org.sonar.db.user.UserDbTester;
  52 import org.sonar.db.user.UserDto;
  53 import org.sonar.db.user.UserRoleDto;
  54 import org.sonar.server.component.ComponentFinder;
  55 import org.sonar.server.exceptions.BadRequestException;
  56 import org.sonar.server.exceptions.NotFoundException;
  57 import org.sonar.server.i18n.I18nRule;
  58 import org.sonar.server.issue.index.IssueAuthorizationIndexer;
  59 import org.sonar.server.permission.PermissionService;
  60 import org.sonar.server.permission.ws.PermissionDependenciesFinder;
  61 import org.sonar.server.tester.UserSessionRule;
  62 import org.sonar.server.usergroups.ws.UserGroupFinder;
  63 import org.sonar.server.ws.TestRequest;
  64 import org.sonar.server.ws.WsActionTester;
  65
  66 import static org.assertj.core.api.Assertions.assertThat;
  67 import static org.mockito.Mockito.mock;
  68 import static org.sonar.db.component.ComponentTesting.newDeveloper;
  69 import static org.sonar.db.component.ComponentTesting.newProjectDto;
  70 import static org.sonar.db.component.ComponentTesting.newView;
  71 import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateDto;
  72 import static org.sonar.db.user.GroupMembershipQuery.IN;
  73 import static org.sonar.db.user.GroupTesting.newGroupDto;
  74 import static org.sonar.db.user.UserTesting.newUserDto;
  75 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_QUALIFIER;
  76 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
  77 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
  78
  79 public class BulkApplyTemplateActionTest {
  80   @Rule
  81   public UserSessionRule userSession = UserSessionRule.standalone().login("login").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
  82   @Rule
  83   public ExpectedException expectedException = ExpectedException.none();
  84   @Rule
  85   public DbTester db = DbTester.create(System2.INSTANCE);
  86   ComponentDbTester componentDb = new ComponentDbTester(db);
  87   UserDbTester userDb = new UserDbTester(db);
  88   GroupDbTester groupDb = new GroupDbTester(db);
  89   DbClient dbClient = db.getDbClient();
  90   DbSession dbSession = db.getSession();
  91
  92   ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, "DEV");
  93   I18nRule i18n = new I18nRule();
  94   WsActionTester ws;
  95
  96   UserDto user1;
  97   UserDto user2;
  98   GroupDto group1;
  99   GroupDto group2;
 100   PermissionTemplateDto template1;
 101   PermissionTemplateDto template2;
 102   IssueAuthorizationIndexer issueAuthorizationIndexer = mock(IssueAuthorizationIndexer.class);
 103
 104   @Before
 105   public void setUp() {
 106     PermissionRepository repository = new PermissionRepository(dbClient, new Settings());
 107     ComponentFinder componentFinder = new ComponentFinder(dbClient);
 108     PermissionService permissionService = new PermissionService(dbClient, repository, issueAuthorizationIndexer, userSession, componentFinder);
 109     PermissionDependenciesFinder permissionDependenciesFinder = new PermissionDependenciesFinder(dbClient, componentFinder, new UserGroupFinder(dbClient), resourceTypes);
 110
 111     BulkApplyTemplateAction underTest = new BulkApplyTemplateAction(dbClient, permissionService, permissionDependenciesFinder, userSession, i18n, resourceTypes);
 112     ws = new WsActionTester(underTest);
 113
 114     user1 = userDb.insertUser(newUserDto().setLogin("user-login-1"));
 115     user2 = userDb.insertUser(newUserDto().setLogin("user-login-2"));
 116     group1 = groupDb.insertGroup(newGroupDto().setName("group-name-1"));
 117     group2 = groupDb.insertGroup(newGroupDto().setName("group-name-2"));
 118
 119     // template 1
 120     template1 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-1"));
 121     addUserToTemplate(user1, template1, UserRole.CODEVIEWER);
 122     addUserToTemplate(user2, template1, UserRole.ISSUE_ADMIN);
 123     addGroupToTemplate(group1, template1, UserRole.ADMIN);
 124     addGroupToTemplate(group2, template1, UserRole.USER);
 125     // template 2
 126     template2 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-2"));
 127     addUserToTemplate(user1, template2, UserRole.USER);
 128     addUserToTemplate(user2, template2, UserRole.USER);
 129     addGroupToTemplate(group1, template2, UserRole.USER);
 130     addGroupToTemplate(group2, template2, UserRole.USER);
 131
 132     commit();
 133   }
 134
 135   @Test
 136   public void bulk_apply_template_by_template_uuid() {
 137     ComponentDto project = componentDb.insertComponent(newProjectDto());
 138     ComponentDto view = componentDb.insertComponent(newView());
 139     ComponentDto developer = componentDb.insertComponent(newDeveloper("developer-name"));
 140     addUserPermissionToProject(user1, developer, UserRole.ADMIN);
 141     addUserPermissionToProject(user2, developer, UserRole.ADMIN);
 142     addGroupPermissionToProject(group1, developer, UserRole.ADMIN);
 143     addGroupPermissionToProject(group2, developer, UserRole.ADMIN);
 144     db.commit();
 145
 146     call(ws.newRequest().setParam(PARAM_TEMPLATE_ID, template1.getUuid()));
 147
 148     assertTemplate1AppliedToProject(project);
 149     assertTemplate1AppliedToProject(view);
 150     assertTemplate1AppliedToProject(developer);
 151   }
 152
 153   @Test
 154   public void bulk_apply_template_by_template_name() {
 155     ComponentDto project = componentDb.insertComponent(newProjectDto());
 156
 157     call(ws.newRequest().setParam(PARAM_TEMPLATE_NAME, template1.getName()));
 158
 159     assertTemplate1AppliedToProject(project);
 160   }
 161
 162   @Test
 163   public void apply_template_by_qualifier() {
 164     ComponentDto project = componentDb.insertComponent(newProjectDto());
 165     ComponentDto view = componentDb.insertComponent(newView());
 166
 167     call(ws.newRequest()
 168       .setParam(PARAM_TEMPLATE_ID, template1.getUuid())
 169       .setParam(PARAM_QUALIFIER, project.qualifier()));
 170
 171     assertTemplate1AppliedToProject(project);
 172     assertNoPermissionOnProject(view);
 173   }
 174
 175   @Test
 176   public void apply_template_by_query_on_name_and_key() {
 177     ComponentDto projectFoundByKey = newProjectDto().setKey("sonar");
 178     componentDb.insertProjectAndSnapshot(projectFoundByKey);
 179     ComponentDto projectFoundByName = newProjectDto().setName("name-sonar-name");
 180     componentDb.insertProjectAndSnapshot(projectFoundByName);
 181     // match must be exact on key
 182     ComponentDto projectUntouched = newProjectDto().setKey("new-sonar").setName("project-name");
 183     componentDb.insertProjectAndSnapshot(projectUntouched);
 184     componentDb.indexAllComponents();
 185
 186     call(ws.newRequest()
 187       .setParam(PARAM_TEMPLATE_ID, template1.getUuid())
 188       .setParam(Param.TEXT_QUERY, "sonar"));
 189
 190     assertTemplate1AppliedToProject(projectFoundByKey);
 191     assertTemplate1AppliedToProject(projectFoundByName);
 192     assertNoPermissionOnProject(projectUntouched);
 193   }
 194
 195   @Test
 196   public void fail_if_no_template_parameter() {
 197     expectedException.expect(BadRequestException.class);
 198     expectedException.expectMessage("Template name or template id must be provided, not both.");
 199
 200     call(ws.newRequest());
 201   }
 202
 203   @Test
 204   public void fail_if_template_name_is_incorrect() {
 205     expectedException.expect(NotFoundException.class);
 206     expectedException.expectMessage("Permission template with id 'unknown-template-uuid' is not found");
 207
 208     call(ws.newRequest().setParam(PARAM_TEMPLATE_ID, "unknown-template-uuid"));
 209   }
 210
 211   private void call(TestRequest request) {
 212     request.execute();
 213     db.commit();
 214   }
 215
 216   private void assertTemplate1AppliedToProject(ComponentDto project) {
 217     assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).extracting("name").containsExactly(group1.getName());
 218     assertThat(selectProjectPermissionGroups(project, UserRole.USER)).extracting("name").containsExactly(group2.getName());
 219     assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
 220     assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).extracting("login").containsExactly(user1.getLogin());
 221     assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).extracting("login").containsExactly(user2.getLogin());
 222   }
 223
 224   private void assertNoPermissionOnProject(ComponentDto project) {
 225     assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).isEmpty();
 226     assertThat(selectProjectPermissionGroups(project, UserRole.CODEVIEWER)).isEmpty();
 227     assertThat(selectProjectPermissionGroups(project, UserRole.ISSUE_ADMIN)).isEmpty();
 228     assertThat(selectProjectPermissionGroups(project, UserRole.USER)).isEmpty();
 229     assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
 230     assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).isEmpty();
 231     assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).isEmpty();
 232     assertThat(selectProjectPermissionUsers(project, UserRole.USER)).isEmpty();
 233   }
 234
 235   private PermissionTemplateDto insertTemplate(PermissionTemplateDto template) {
 236     return dbClient.permissionTemplateDao().insert(dbSession, template);
 237   }
 238
 239   private void addUserToTemplate(UserDto user, PermissionTemplateDto permissionTemplate, String permission) {
 240     dbClient.permissionTemplateDao().insertUserPermission(dbSession, permissionTemplate.getId(), user.getId(), permission);
 241   }
 242
 243   private void addGroupToTemplate(GroupDto group, PermissionTemplateDto permissionTemplate, String permission) {
 244     dbClient.permissionTemplateDao().insertGroupPermission(dbSession, permissionTemplate.getId(), group.getId(), permission);
 245   }
 246
 247   private void addUserPermissionToProject(UserDto user, ComponentDto project, String permission) {
 248     dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto()
 249       .setRole(permission)
 250       .setUserId(user.getId())
 251       .setResourceId(project.getId()));
 252   }
 253
 254   private void addGroupPermissionToProject(GroupDto group, ComponentDto project, String permission) {
 255     dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto()
 256       .setRole(permission)
 257       .setResourceId(project.getId())
 258       .setGroupId(group.getId()));
 259   }
 260
 261   private List<GroupWithPermissionDto> selectProjectPermissionGroups(ComponentDto project, String permission) {
 262     return FluentIterable.from(dbClient.permissionDao().selectGroups(dbSession, query(permission), project.getId()))
 263       .filter(new PermissionNotNull())
 264       .toList();
 265   }
 266
 267   private List<UserWithPermissionDto> selectProjectPermissionUsers(ComponentDto project, String permission) {
 268     return dbClient.permissionDao().selectUsers(dbSession, query(permission), project.getId(), 0, Integer.MAX_VALUE);
 269   }
 270
 271   private void commit() {
 272     dbSession.commit();
 273   }
 274
 275   private static PermissionQuery query(String permission) {
 276     return PermissionQuery.builder().membership(IN).permission(permission).build();
 277   }
 278
 279   private static class PermissionNotNull implements Predicate<GroupWithPermissionDto> {
 280     @Override
 281     public boolean apply(@Nullable GroupWithPermissionDto input) {
 282       return input.getPermission() != null;
 283     }
 284   }
 285 }