]> source.dussan.org Git - sonarqube.git/blob
aead1d2453e6f23d9eedaf206b0f81245863074a
[sonarqube.git] /
1 /*
2  * SonarQube, open source software quality management tool.
3  * Copyright (C) 2008-2014 SonarSource
4  * mailto:contact AT sonarsource DOT com
5  *
6  * SonarQube is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * SonarQube is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20
21 package org.sonar.server.permission.ws;
22
23 import java.util.List;
24 import javax.annotation.Nullable;
25 import org.junit.Before;
26 import org.junit.Rule;
27 import org.junit.Test;
28 import org.junit.rules.ExpectedException;
29 import org.sonar.api.resources.Qualifiers;
30 import org.sonar.api.resources.ResourceType;
31 import org.sonar.api.resources.ResourceTypes;
32 import org.sonar.api.utils.System2;
33 import org.sonar.api.web.UserRole;
34 import org.sonar.core.permission.GlobalPermissions;
35 import org.sonar.db.DbClient;
36 import org.sonar.db.DbSession;
37 import org.sonar.db.DbTester;
38 import org.sonar.db.component.ComponentDto;
39 import org.sonar.db.user.GroupDto;
40 import org.sonar.db.user.GroupRoleDto;
41 import org.sonar.db.user.UserDto;
42 import org.sonar.db.user.UserRoleDto;
43 import org.sonar.server.component.ComponentFinder;
44 import org.sonar.server.exceptions.ForbiddenException;
45 import org.sonar.server.exceptions.UnauthorizedException;
46 import org.sonar.server.i18n.I18nRule;
47 import org.sonar.server.tester.UserSessionRule;
48 import org.sonar.server.ws.WsActionTester;
49
50 import static java.util.Arrays.asList;
51 import static org.assertj.core.api.Assertions.assertThat;
52 import static org.mockito.Mockito.mock;
53 import static org.mockito.Mockito.when;
54 import static org.sonar.api.server.ws.WebService.Param.PAGE;
55 import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
56 import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
57 import static org.sonar.db.component.ComponentTesting.newDeveloper;
58 import static org.sonar.db.component.ComponentTesting.newProjectCopy;
59 import static org.sonar.db.component.ComponentTesting.newProjectDto;
60 import static org.sonar.db.component.ComponentTesting.newView;
61 import static org.sonar.db.user.GroupTesting.newGroupDto;
62 import static org.sonar.db.user.UserTesting.newUserDto;
63 import static org.sonar.server.permission.ws.Parameters.PARAM_PROJECT_ID;
64 import static org.sonar.test.JsonAssert.assertJson;
65
66 public class SearchProjectPermissionsActionTest {
67   @Rule
68   public ExpectedException expectedException = ExpectedException.none();
69   @Rule
70   public UserSessionRule userSession = UserSessionRule.standalone();
71   @Rule
72   public DbTester db = DbTester.create(System2.INSTANCE);
73
74   WsActionTester ws;
75   I18nRule i18n = new I18nRule();
76   DbClient dbClient = db.getDbClient();
77   DbSession dbSession = db.getSession();
78   ResourceTypes resourceTypes = mock(ResourceTypes.class);
79   SearchProjectPermissionsDataLoader dataLoader;
80
81   SearchProjectPermissionsAction underTest;
82
83   @Before
84   public void setUp() {
85     resourceTypes = mock(ResourceTypes.class);
86     when(resourceTypes.getRoots()).thenReturn(rootResourceTypes());
87     ComponentFinder componentFinder = new ComponentFinder(dbClient);
88     PermissionDependenciesFinder finder = new PermissionDependenciesFinder(dbClient, componentFinder);
89     i18n.setProjectPermissions();
90
91     dataLoader = new SearchProjectPermissionsDataLoader(dbClient, finder, resourceTypes);
92     underTest = new SearchProjectPermissionsAction(dbClient, userSession, i18n, dataLoader);
93
94     ws = new WsActionTester(underTest);
95
96     userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
97   }
98
99   @Test
100   public void search_project_permissions() {
101     UserDto user1 = insertUser(newUserDto());
102     UserDto user2 = insertUser(newUserDto());
103     UserDto user3 = insertUser(newUserDto());
104
105     ComponentDto jdk7 = insertJdk7();
106     ComponentDto project2 = insertClang();
107     ComponentDto dev = insertDeveloper();
108     ComponentDto view = insertView();
109     insertProjectInView(jdk7, view);
110
111     insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), jdk7.getId());
112     insertUserRole(UserRole.ADMIN, user1.getId(), jdk7.getId());
113     insertUserRole(UserRole.ADMIN, user2.getId(), jdk7.getId());
114     insertUserRole(UserRole.ADMIN, user3.getId(), jdk7.getId());
115     insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), project2.getId());
116     insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), dev.getId());
117     insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), view.getId());
118     // global permission
119     insertUserRole(GlobalPermissions.SYSTEM_ADMIN, user1.getId(), null);
120
121     GroupDto group1 = insertGroup(newGroupDto());
122     GroupDto group2 = insertGroup(newGroupDto());
123     GroupDto group3 = insertGroup(newGroupDto());
124
125     insertGroupRole(UserRole.ADMIN, jdk7.getId(), null);
126     insertGroupRole(UserRole.ADMIN, jdk7.getId(), group1.getId());
127     insertGroupRole(UserRole.ADMIN, jdk7.getId(), group2.getId());
128     insertGroupRole(UserRole.ADMIN, jdk7.getId(), group3.getId());
129     insertGroupRole(UserRole.ADMIN, dev.getId(), group2.getId());
130     insertGroupRole(UserRole.ADMIN, view.getId(), group2.getId());
131
132     commit();
133
134     String result = ws.newRequest().execute().getInput();
135
136     assertJson(result).isSimilarTo(getClass().getResource("search_project_permissions-example.json"));
137   }
138
139   @Test
140   public void empty_result() {
141     String result = ws.newRequest().execute().getInput();
142
143     assertJson(result).isSimilarTo(getClass().getResource("SearchProjectPermissionsActionTest/empty.json"));
144   }
145
146   @Test
147   public void search_project_permissions_with_project_permission() {
148     userSession.login().addProjectUuidPermissions(UserRole.ADMIN, "project-uuid");
149     insertComponent(newProjectDto("project-uuid"));
150     commit();
151
152     String result = ws.newRequest()
153       .setParam(PARAM_PROJECT_ID, "project-uuid")
154       .execute().getInput();
155
156     assertThat(result).contains("project-uuid");
157   }
158
159   @Test
160   public void has_projects_ordered_by_name() {
161     for (int i = 9; i >= 1; i--) {
162       insertComponent(newProjectDto()
163         .setName("project-name-" + i));
164     }
165     commit();
166
167     String result = ws.newRequest()
168       .setParam(PAGE, "1")
169       .setParam(PAGE_SIZE, "3")
170       .execute().getInput();
171
172     assertThat(result)
173       .contains("project-name-1", "project-name-2", "project-name-3")
174       .doesNotContain("project-name-4");
175   }
176
177   @Test
178   public void search_by_query_on_name() {
179     insertComponent(newProjectDto().setName("project-name"));
180     insertComponent(newProjectDto().setName("another-name"));
181     commit();
182
183     String result = ws.newRequest()
184       .setParam(TEXT_QUERY, "project")
185       .execute().getInput();
186
187     assertThat(result).contains("project-name")
188       .doesNotContain("another-name");
189   }
190
191   @Test
192   public void search_by_query_on_key() {
193     insertComponent(newProjectDto().setKey("project-key"));
194     insertComponent(newProjectDto().setKey("another-key"));
195     commit();
196
197     String result = ws.newRequest()
198       .setParam(TEXT_QUERY, "project")
199       .execute().getInput();
200
201     assertThat(result).contains("project-key")
202       .doesNotContain("another-key");
203   }
204
205   @Test
206   public void handle_more_than_1000_projects() {
207     for (int i = 1; i <= 1001; i++) {
208       insertComponent(newProjectDto("project-uuid-" + i));
209     }
210     commit();
211
212     String result = ws.newRequest()
213       .setParam(TEXT_QUERY, "project")
214       .setParam(PAGE_SIZE, "1001")
215       .execute().getInput();
216
217     assertThat(result).contains("project-uuid-1", "project-uuid-999", "project-uuid-1001");
218   }
219
220   @Test
221   public void result_depends_of_root_types() {
222     ResourceType projectResourceType = ResourceType.builder(Qualifiers.PROJECT).build();
223     when(resourceTypes.getRoots()).thenReturn(asList(projectResourceType));
224     insertComponent(newView("view-uuid"));
225     insertComponent(newDeveloper("developer-name"));
226     insertComponent(newProjectDto("project-uuid"));
227     commit();
228     dataLoader = new SearchProjectPermissionsDataLoader(dbClient, new PermissionDependenciesFinder(dbClient, new ComponentFinder(dbClient)), resourceTypes);
229     underTest = new SearchProjectPermissionsAction(dbClient, userSession, i18n, dataLoader);
230     ws = new WsActionTester(underTest);
231
232     String result = ws.newRequest().execute().getInput();
233
234     assertThat(result).contains("project-uuid")
235       .doesNotContain("view-uuid")
236       .doesNotContain("developer-name");
237   }
238
239   @Test
240   public void fail_if_not_logged_in() {
241     expectedException.expect(UnauthorizedException.class);
242     userSession.anonymous();
243
244     ws.newRequest().execute();
245   }
246
247   @Test
248   public void fail_if_not_admin() {
249     expectedException.expect(ForbiddenException.class);
250     userSession.login();
251
252     ws.newRequest().execute();
253   }
254
255   private ComponentDto insertView() {
256     return insertComponent(newView()
257       .setUuid("752d8bfd-420c-4a83-a4e5-8ab19b13c8fc")
258       .setName("Java")
259       .setKey("Java"));
260   }
261
262   private ComponentDto insertProjectInView(ComponentDto project, ComponentDto view) {
263     return insertComponent(newProjectCopy("project-in-view-uuid", project, view));
264   }
265
266   private ComponentDto insertDeveloper() {
267     return insertComponent(newDeveloper("Simon Brandhof")
268       .setUuid("4e607bf9-7ed0-484a-946d-d58ba7dab2fb")
269       .setKey("simon-brandhof"));
270   }
271
272   private ComponentDto insertClang() {
273     return insertComponent(newProjectDto("project-uuid-2")
274       .setName("Clang")
275       .setKey("clang")
276       .setUuid("ce4c03d6-430f-40a9-b777-ad877c00aa4d"));
277   }
278
279   private ComponentDto insertJdk7() {
280     return insertComponent(newProjectDto("project-uuid-1")
281       .setName("JDK 7")
282       .setKey("net.java.openjdk:jdk7")
283       .setUuid("0bd7b1e7-91d6-439e-a607-4a3a9aad3c6a"));
284   }
285
286   private UserDto insertUser(UserDto user) {
287     return dbClient.userDao().insert(dbSession, user.setActive(true));
288   }
289
290   private void insertUserRole(String permission, long userId, @Nullable Long resourceId) {
291     dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto()
292       .setRole(permission)
293       .setUserId(userId)
294       .setResourceId(resourceId));
295   }
296
297   private GroupDto insertGroup(GroupDto group) {
298     return dbClient.groupDao().insert(dbSession, group);
299   }
300
301   private void insertGroupRole(String permission, @Nullable Long resourceId, @Nullable Long groupId) {
302     dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto().setRole(permission).setResourceId(resourceId).setGroupId(groupId));
303   }
304
305   private ComponentDto insertComponent(ComponentDto component) {
306     dbClient.componentDao().insert(dbSession, component.setEnabled(true));
307     return dbClient.componentDao().selectOrFailByUuid(dbSession, component.uuid());
308   }
309
310   private void commit() {
311     dbSession.commit();
312   }
313
314   private static List<ResourceType> rootResourceTypes() {
315     ResourceType project = ResourceType.builder(Qualifiers.PROJECT).build();
316     ResourceType view = ResourceType.builder(Qualifiers.VIEW).build();
317     ResourceType dev = ResourceType.builder("DEV").build();
318
319     return asList(project, view, dev);
320   }
321 }