2 * SonarQube, open source software quality management tool.
3 * Copyright (C) 2008-2014 SonarSource
4 * mailto:contact AT sonarsource DOT com
6 * SonarQube is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * SonarQube is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21 package org.sonar.server.permission.ws;
23 import java.util.List;
24 import javax.annotation.Nullable;
25 import org.junit.Before;
26 import org.junit.Rule;
27 import org.junit.Test;
28 import org.junit.rules.ExpectedException;
29 import org.sonar.api.resources.Qualifiers;
30 import org.sonar.api.resources.ResourceType;
31 import org.sonar.api.resources.ResourceTypes;
32 import org.sonar.api.utils.System2;
33 import org.sonar.api.web.UserRole;
34 import org.sonar.core.permission.GlobalPermissions;
35 import org.sonar.db.DbClient;
36 import org.sonar.db.DbSession;
37 import org.sonar.db.DbTester;
38 import org.sonar.db.component.ComponentDto;
39 import org.sonar.db.user.GroupDto;
40 import org.sonar.db.user.GroupRoleDto;
41 import org.sonar.db.user.UserDto;
42 import org.sonar.db.user.UserRoleDto;
43 import org.sonar.server.component.ComponentFinder;
44 import org.sonar.server.exceptions.ForbiddenException;
45 import org.sonar.server.exceptions.UnauthorizedException;
46 import org.sonar.server.i18n.I18nRule;
47 import org.sonar.server.tester.UserSessionRule;
48 import org.sonar.server.ws.WsActionTester;
50 import static java.util.Arrays.asList;
51 import static org.assertj.core.api.Assertions.assertThat;
52 import static org.mockito.Mockito.mock;
53 import static org.mockito.Mockito.when;
54 import static org.sonar.api.server.ws.WebService.Param.PAGE;
55 import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
56 import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
57 import static org.sonar.db.component.ComponentTesting.newDeveloper;
58 import static org.sonar.db.component.ComponentTesting.newProjectCopy;
59 import static org.sonar.db.component.ComponentTesting.newProjectDto;
60 import static org.sonar.db.component.ComponentTesting.newView;
61 import static org.sonar.db.user.GroupTesting.newGroupDto;
62 import static org.sonar.db.user.UserTesting.newUserDto;
63 import static org.sonar.server.permission.ws.Parameters.PARAM_PROJECT_ID;
64 import static org.sonar.test.JsonAssert.assertJson;
66 public class SearchProjectPermissionsActionTest {
68 public ExpectedException expectedException = ExpectedException.none();
70 public UserSessionRule userSession = UserSessionRule.standalone();
72 public DbTester db = DbTester.create(System2.INSTANCE);
75 I18nRule i18n = new I18nRule();
76 DbClient dbClient = db.getDbClient();
77 DbSession dbSession = db.getSession();
78 ResourceTypes resourceTypes = mock(ResourceTypes.class);
79 SearchProjectPermissionsDataLoader dataLoader;
81 SearchProjectPermissionsAction underTest;
85 resourceTypes = mock(ResourceTypes.class);
86 when(resourceTypes.getRoots()).thenReturn(rootResourceTypes());
87 ComponentFinder componentFinder = new ComponentFinder(dbClient);
88 PermissionDependenciesFinder finder = new PermissionDependenciesFinder(dbClient, componentFinder);
89 i18n.setProjectPermissions();
91 dataLoader = new SearchProjectPermissionsDataLoader(dbClient, finder, resourceTypes);
92 underTest = new SearchProjectPermissionsAction(dbClient, userSession, i18n, dataLoader);
94 ws = new WsActionTester(underTest);
96 userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
100 public void search_project_permissions() {
101 UserDto user1 = insertUser(newUserDto());
102 UserDto user2 = insertUser(newUserDto());
103 UserDto user3 = insertUser(newUserDto());
105 ComponentDto jdk7 = insertJdk7();
106 ComponentDto project2 = insertClang();
107 ComponentDto dev = insertDeveloper();
108 ComponentDto view = insertView();
109 insertProjectInView(jdk7, view);
111 insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), jdk7.getId());
112 insertUserRole(UserRole.ADMIN, user1.getId(), jdk7.getId());
113 insertUserRole(UserRole.ADMIN, user2.getId(), jdk7.getId());
114 insertUserRole(UserRole.ADMIN, user3.getId(), jdk7.getId());
115 insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), project2.getId());
116 insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), dev.getId());
117 insertUserRole(UserRole.ISSUE_ADMIN, user1.getId(), view.getId());
119 insertUserRole(GlobalPermissions.SYSTEM_ADMIN, user1.getId(), null);
121 GroupDto group1 = insertGroup(newGroupDto());
122 GroupDto group2 = insertGroup(newGroupDto());
123 GroupDto group3 = insertGroup(newGroupDto());
125 insertGroupRole(UserRole.ADMIN, jdk7.getId(), null);
126 insertGroupRole(UserRole.ADMIN, jdk7.getId(), group1.getId());
127 insertGroupRole(UserRole.ADMIN, jdk7.getId(), group2.getId());
128 insertGroupRole(UserRole.ADMIN, jdk7.getId(), group3.getId());
129 insertGroupRole(UserRole.ADMIN, dev.getId(), group2.getId());
130 insertGroupRole(UserRole.ADMIN, view.getId(), group2.getId());
134 String result = ws.newRequest().execute().getInput();
136 assertJson(result).isSimilarTo(getClass().getResource("search_project_permissions-example.json"));
140 public void empty_result() {
141 String result = ws.newRequest().execute().getInput();
143 assertJson(result).isSimilarTo(getClass().getResource("SearchProjectPermissionsActionTest/empty.json"));
147 public void search_project_permissions_with_project_permission() {
148 userSession.login().addProjectUuidPermissions(UserRole.ADMIN, "project-uuid");
149 insertComponent(newProjectDto("project-uuid"));
152 String result = ws.newRequest()
153 .setParam(PARAM_PROJECT_ID, "project-uuid")
154 .execute().getInput();
156 assertThat(result).contains("project-uuid");
160 public void has_projects_ordered_by_name() {
161 for (int i = 9; i >= 1; i--) {
162 insertComponent(newProjectDto()
163 .setName("project-name-" + i));
167 String result = ws.newRequest()
169 .setParam(PAGE_SIZE, "3")
170 .execute().getInput();
173 .contains("project-name-1", "project-name-2", "project-name-3")
174 .doesNotContain("project-name-4");
178 public void search_by_query_on_name() {
179 insertComponent(newProjectDto().setName("project-name"));
180 insertComponent(newProjectDto().setName("another-name"));
183 String result = ws.newRequest()
184 .setParam(TEXT_QUERY, "project")
185 .execute().getInput();
187 assertThat(result).contains("project-name")
188 .doesNotContain("another-name");
192 public void search_by_query_on_key() {
193 insertComponent(newProjectDto().setKey("project-key"));
194 insertComponent(newProjectDto().setKey("another-key"));
197 String result = ws.newRequest()
198 .setParam(TEXT_QUERY, "project")
199 .execute().getInput();
201 assertThat(result).contains("project-key")
202 .doesNotContain("another-key");
206 public void handle_more_than_1000_projects() {
207 for (int i = 1; i <= 1001; i++) {
208 insertComponent(newProjectDto("project-uuid-" + i));
212 String result = ws.newRequest()
213 .setParam(TEXT_QUERY, "project")
214 .setParam(PAGE_SIZE, "1001")
215 .execute().getInput();
217 assertThat(result).contains("project-uuid-1", "project-uuid-999", "project-uuid-1001");
221 public void result_depends_of_root_types() {
222 ResourceType projectResourceType = ResourceType.builder(Qualifiers.PROJECT).build();
223 when(resourceTypes.getRoots()).thenReturn(asList(projectResourceType));
224 insertComponent(newView("view-uuid"));
225 insertComponent(newDeveloper("developer-name"));
226 insertComponent(newProjectDto("project-uuid"));
228 dataLoader = new SearchProjectPermissionsDataLoader(dbClient, new PermissionDependenciesFinder(dbClient, new ComponentFinder(dbClient)), resourceTypes);
229 underTest = new SearchProjectPermissionsAction(dbClient, userSession, i18n, dataLoader);
230 ws = new WsActionTester(underTest);
232 String result = ws.newRequest().execute().getInput();
234 assertThat(result).contains("project-uuid")
235 .doesNotContain("view-uuid")
236 .doesNotContain("developer-name");
240 public void fail_if_not_logged_in() {
241 expectedException.expect(UnauthorizedException.class);
242 userSession.anonymous();
244 ws.newRequest().execute();
248 public void fail_if_not_admin() {
249 expectedException.expect(ForbiddenException.class);
252 ws.newRequest().execute();
255 private ComponentDto insertView() {
256 return insertComponent(newView()
257 .setUuid("752d8bfd-420c-4a83-a4e5-8ab19b13c8fc")
262 private ComponentDto insertProjectInView(ComponentDto project, ComponentDto view) {
263 return insertComponent(newProjectCopy("project-in-view-uuid", project, view));
266 private ComponentDto insertDeveloper() {
267 return insertComponent(newDeveloper("Simon Brandhof")
268 .setUuid("4e607bf9-7ed0-484a-946d-d58ba7dab2fb")
269 .setKey("simon-brandhof"));
272 private ComponentDto insertClang() {
273 return insertComponent(newProjectDto("project-uuid-2")
276 .setUuid("ce4c03d6-430f-40a9-b777-ad877c00aa4d"));
279 private ComponentDto insertJdk7() {
280 return insertComponent(newProjectDto("project-uuid-1")
282 .setKey("net.java.openjdk:jdk7")
283 .setUuid("0bd7b1e7-91d6-439e-a607-4a3a9aad3c6a"));
286 private UserDto insertUser(UserDto user) {
287 return dbClient.userDao().insert(dbSession, user.setActive(true));
290 private void insertUserRole(String permission, long userId, @Nullable Long resourceId) {
291 dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto()
294 .setResourceId(resourceId));
297 private GroupDto insertGroup(GroupDto group) {
298 return dbClient.groupDao().insert(dbSession, group);
301 private void insertGroupRole(String permission, @Nullable Long resourceId, @Nullable Long groupId) {
302 dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto().setRole(permission).setResourceId(resourceId).setGroupId(groupId));
305 private ComponentDto insertComponent(ComponentDto component) {
306 dbClient.componentDao().insert(dbSession, component.setEnabled(true));
307 return dbClient.componentDao().selectOrFailByUuid(dbSession, component.uuid());
310 private void commit() {
314 private static List<ResourceType> rootResourceTypes() {
315 ResourceType project = ResourceType.builder(Qualifiers.PROJECT).build();
316 ResourceType view = ResourceType.builder(Qualifiers.VIEW).build();
317 ResourceType dev = ResourceType.builder("DEV").build();
319 return asList(project, view, dev);