source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2017 SonarSource SA
   4  * mailto:info AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.server.permission.ws;
  21
  22 import org.junit.Before;
  23 import org.junit.Test;
  24 import org.sonar.api.resources.Qualifiers;
  25 import org.sonar.api.web.UserRole;
  26 import org.sonar.db.component.ComponentDbTester;
  27 import org.sonar.db.component.ComponentDto;
  28 import org.sonar.db.component.ComponentTesting;
  29 import org.sonar.db.component.ResourceTypesRule;
  30 import org.sonar.db.organization.OrganizationDto;
  31 import org.sonar.db.user.GroupDto;
  32 import org.sonar.db.user.UserDto;
  33 import org.sonar.server.exceptions.ForbiddenException;
  34 import org.sonar.server.exceptions.UnauthorizedException;
  35 import org.sonar.server.i18n.I18nRule;
  36 import org.sonarqube.ws.WsPermissions;
  37
  38 import static org.assertj.core.api.Assertions.assertThat;
  39 import static org.sonar.api.server.ws.WebService.Param.PAGE;
  40 import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
  41 import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
  42 import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
  43 import static org.sonar.db.component.ComponentTesting.newProjectCopy;
  44 import static org.sonar.db.component.ComponentTesting.newView;
  45 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
  46 import static org.sonar.test.JsonAssert.assertJson;
  47 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
  48 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_QUALIFIER;
  49
  50 public class SearchProjectPermissionsActionTest extends BasePermissionWsTest<SearchProjectPermissionsAction> {
  51
  52   private ComponentDbTester componentDb = new ComponentDbTester(db);
  53   private I18nRule i18n = new I18nRule();
  54
  55   @Before
  56   public void setUp() {
  57     i18n.setProjectPermissions();
  58     userSession.logIn().setSystemAdministrator();
  59   }
  60
  61   @Override
  62   protected SearchProjectPermissionsAction buildWsAction() {
  63     i18n.setProjectPermissions();
  64     ResourceTypesRule rootResourceTypes = newRootResourceTypes();
  65     PermissionWsSupport wsSupport = newPermissionWsSupport();
  66     SearchProjectPermissionsDataLoader dataLoader = new SearchProjectPermissionsDataLoader(db.getDbClient(), wsSupport, rootResourceTypes);
  67     return new SearchProjectPermissionsAction(db.getDbClient(), userSession, i18n, rootResourceTypes, dataLoader, wsSupport);
  68   }
  69
  70   @Test
  71   public void search_project_permissions_counts_0_users_and_0_groups_on_public_project_without_any_specified_permission_in_DB() {
  72     ComponentDto project = db.components().insertPublicProject();
  73
  74     String result = newRequest().execute().getInput();
  75
  76     assertJson(result)
  77       .ignoreFields("permissions")
  78       .isSimilarTo("{" +
  79         "  \"paging\": {" +
  80         "    \"pageIndex\": 1," +
  81         "    \"pageSize\": 25," +
  82         "    \"total\": 1" +
  83         "  }," +
  84         "  \"projects\": [" +
  85         "    {" +
  86         "      \"id\": \"" + project.uuid() + "\"," +
  87         "      \"key\": \"" + project.getDbKey() + "\"," +
  88         "      \"name\": \"" + project.name() + "\"," +
  89         "      \"qualifier\": \"TRK\"," +
  90         "      \"permissions\": []" +
  91         "    }" +
  92         "  ]" +
  93         "}");
  94   }
  95
  96   @Test
  97   public void search_project_permissions_counts_0_users_and_0_groups_on_private_project_without_any_specified_permission_in_DB() {
  98     ComponentDto project = db.components().insertPrivateProject();
  99
 100     String result = newRequest().execute().getInput();
 101
 102     assertJson(result)
 103       .ignoreFields("permissions")
 104       .isSimilarTo("{" +
 105         "  \"paging\": {" +
 106         "    \"pageIndex\": 1," +
 107         "    \"pageSize\": 25," +
 108         "    \"total\": 1" +
 109         "  }," +
 110         "  \"projects\": [" +
 111         "    {" +
 112         "      \"id\": \"" + project.uuid() + "\"," +
 113         "      \"key\": \"" + project.getDbKey() + "\"," +
 114         "      \"name\": \"" + project.name() + "\"," +
 115         "      \"qualifier\": \"TRK\"," +
 116         "      \"permissions\": []" +
 117         "    }" +
 118         "  ]" +
 119         "}");
 120   }
 121
 122   @Test
 123   public void search_project_permissions() throws Exception {
 124     UserDto user1 = db.users().insertUser();
 125     UserDto user2 = db.users().insertUser();
 126     UserDto user3 = db.users().insertUser();
 127
 128     ComponentDto jdk7 = insertJdk7();
 129     ComponentDto project2 = insertClang();
 130     ComponentDto view = insertView();
 131     insertProjectInView(jdk7, view);
 132
 133     db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, jdk7);
 134     db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, jdk7);
 135     db.users().insertProjectPermissionOnUser(user2, UserRole.ADMIN, jdk7);
 136     db.users().insertProjectPermissionOnUser(user3, UserRole.ADMIN, jdk7);
 137     db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, project2);
 138     db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, view);
 139     // global permission
 140     db.users().insertPermissionOnUser(user1, ADMINISTER);
 141
 142     GroupDto group1 = db.users().insertGroup();
 143     GroupDto group2 = db.users().insertGroup();
 144     GroupDto group3 = db.users().insertGroup();
 145
 146     db.users().insertProjectPermissionOnAnyone(UserRole.ADMIN, jdk7);
 147     db.users().insertProjectPermissionOnGroup(group1, UserRole.ADMIN, jdk7);
 148     db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, jdk7);
 149     db.users().insertProjectPermissionOnGroup(group3, UserRole.ADMIN, jdk7);
 150     db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, view);
 151
 152     db.commit();
 153
 154     String result = newRequest().execute().getInput();
 155
 156     assertJson(result)
 157       .ignoreFields("permissions")
 158       .isSimilarTo(getClass().getResource("search_project_permissions-example.json"));
 159   }
 160
 161   @Test
 162   public void empty_result() throws Exception {
 163     String result = newRequest().execute().getInput();
 164
 165     assertJson(result)
 166       .ignoreFields("permissions")
 167       .isSimilarTo(getClass().getResource("SearchProjectPermissionsActionTest/empty.json"));
 168   }
 169
 170   @Test
 171   public void search_project_permissions_with_project_permission() throws Exception {
 172     ComponentDto project = db.components().insertComponent(newPrivateProjectDto(db.getDefaultOrganization(), "project-uuid"));
 173     userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
 174
 175     String result = newRequest()
 176       .setParam(PARAM_PROJECT_ID, "project-uuid")
 177       .execute().getInput();
 178
 179     assertThat(result).contains("project-uuid");
 180   }
 181
 182   @Test
 183   public void has_projects_ordered_by_name() throws Exception {
 184     OrganizationDto organizationDto = db.organizations().insert();
 185     for (int i = 9; i >= 1; i--) {
 186       db.components().insertComponent(ComponentTesting.newPrivateProjectDto(organizationDto)
 187         .setName("project-name-" + i));
 188     }
 189
 190     String result = newRequest()
 191       .setParam(PAGE, "1")
 192       .setParam(PAGE_SIZE, "3")
 193       .execute().getInput();
 194
 195     assertThat(result)
 196       .contains("project-name-1", "project-name-2", "project-name-3")
 197       .doesNotContain("project-name-4");
 198   }
 199
 200   @Test
 201   public void search_by_query_on_name() throws Exception {
 202     componentDb.insertProjectAndSnapshot(ComponentTesting.newPrivateProjectDto(db.getDefaultOrganization()).setName("project-name"));
 203     componentDb.insertProjectAndSnapshot(ComponentTesting.newPrivateProjectDto(db.getDefaultOrganization()).setName("another-name"));
 204
 205     String result = newRequest()
 206       .setParam(TEXT_QUERY, "project")
 207       .execute().getInput();
 208
 209     assertThat(result).contains("project-name")
 210       .doesNotContain("another-name");
 211   }
 212
 213   @Test
 214   public void search_by_query_on_key_must_match_exactly() throws Exception {
 215     OrganizationDto organizationDto = db.organizations().insert();
 216     componentDb.insertProjectAndSnapshot(ComponentTesting.newPrivateProjectDto(organizationDto).setDbKey("project-key"));
 217     componentDb.insertProjectAndSnapshot(ComponentTesting.newPrivateProjectDto(organizationDto).setDbKey("another-key"));
 218
 219     String result = newRequest()
 220       .setParam(TEXT_QUERY, "project-key")
 221       .execute()
 222       .getInput();
 223
 224     assertThat(result).contains("project-key")
 225       .doesNotContain("another-key");
 226   }
 227
 228   @Test
 229   public void handle_more_than_1000_projects() throws Exception {
 230     for (int i = 1; i <= 1001; i++) {
 231       componentDb.insertProjectAndSnapshot(newPrivateProjectDto(db.getDefaultOrganization(), "project-uuid-" + i));
 232     }
 233
 234     String result = newRequest()
 235       .setParam(TEXT_QUERY, "project")
 236       .setParam(PAGE_SIZE, "1001")
 237       .execute()
 238       .getInput();
 239
 240     assertThat(result).contains("project-uuid-1", "project-uuid-999", "project-uuid-1001");
 241   }
 242
 243   @Test
 244   public void filter_by_qualifier() throws Exception {
 245     OrganizationDto organizationDto = db.organizations().insert();
 246     db.components().insertComponent(newView(organizationDto, "view-uuid"));
 247     db.components().insertComponent(newPrivateProjectDto(organizationDto, "project-uuid"));
 248
 249     WsPermissions.SearchProjectPermissionsWsResponse result = newRequest()
 250       .setParam(PARAM_QUALIFIER, Qualifiers.PROJECT)
 251       .executeProtobuf(WsPermissions.SearchProjectPermissionsWsResponse.class);
 252
 253     assertThat(result.getProjectsList())
 254       .extracting("id")
 255       .contains("project-uuid")
 256       .doesNotContain("view-uuid");
 257   }
 258
 259   @Test
 260   public void fail_if_not_logged_in() throws Exception {
 261     userSession.anonymous();
 262
 263     expectedException.expect(UnauthorizedException.class);
 264
 265     newRequest().execute();
 266   }
 267
 268   @Test
 269   public void fail_if_not_admin() throws Exception {
 270     userSession.logIn();
 271
 272     expectedException.expect(ForbiddenException.class);
 273
 274     newRequest().execute();
 275   }
 276
 277   @Test
 278   public void display_all_project_permissions() throws Exception {
 279     String result = newRequest().execute().getInput();
 280
 281     assertJson(result)
 282       .ignoreFields("permissions")
 283       .isSimilarTo(getClass().getResource("SearchProjectPermissionsActionTest/display_all_project_permissions.json"));
 284   }
 285
 286   private ComponentDto insertView() {
 287     return db.components().insertComponent(newView(db.getDefaultOrganization())
 288       .setUuid("752d8bfd-420c-4a83-a4e5-8ab19b13c8fc")
 289       .setName("Java")
 290       .setDbKey("Java"));
 291   }
 292
 293   private ComponentDto insertProjectInView(ComponentDto project, ComponentDto view) {
 294     return db.components().insertComponent(newProjectCopy("project-in-view-uuid", project, view));
 295   }
 296
 297   private ComponentDto insertClang() {
 298     return db.components().insertComponent(newPrivateProjectDto(db.getDefaultOrganization(), "project-uuid-2")
 299       .setName("Clang")
 300       .setDbKey("clang")
 301       .setUuid("ce4c03d6-430f-40a9-b777-ad877c00aa4d"));
 302   }
 303
 304   private ComponentDto insertJdk7() {
 305     return db.components().insertComponent(ComponentTesting.newPublicProjectDto(db.getDefaultOrganization())
 306       .setName("JDK 7")
 307       .setDbKey("net.java.openjdk:jdk7")
 308       .setUuid("0bd7b1e7-91d6-439e-a607-4a3a9aad3c6a"));
 309   }
 310 }