source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2023 SonarSource SA
   4  * mailto:info AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.server.permission.ws.template;
  21
  22 import java.util.List;
  23 import javax.annotation.Nullable;
  24 import org.junit.Before;
  25 import org.junit.Test;
  26 import org.sonar.api.resources.Qualifiers;
  27 import org.sonar.api.resources.ResourceTypes;
  28 import org.sonar.api.server.ws.Change;
  29 import org.sonar.api.server.ws.WebService.Action;
  30 import org.sonar.core.permission.GlobalPermissions;
  31 import org.sonar.db.component.ResourceTypesRule;
  32 import org.sonar.db.permission.PermissionQuery;
  33 import org.sonar.db.permission.template.PermissionTemplateDto;
  34 import org.sonar.db.user.GroupDto;
  35 import org.sonar.server.exceptions.BadRequestException;
  36 import org.sonar.server.exceptions.ForbiddenException;
  37 import org.sonar.server.exceptions.NotFoundException;
  38 import org.sonar.server.exceptions.UnauthorizedException;
  39 import org.sonar.server.permission.PermissionService;
  40 import org.sonar.server.permission.PermissionServiceImpl;
  41 import org.sonar.server.permission.ws.BasePermissionWsTest;
  42 import org.sonar.server.permission.ws.WsParameters;
  43 import org.sonar.server.ws.TestRequest;
  44
  45 import static org.assertj.core.api.Assertions.assertThat;
  46 import static org.assertj.core.api.Assertions.assertThatThrownBy;
  47 import static org.assertj.core.api.Assertions.tuple;
  48 import static org.sonar.api.security.DefaultGroups.ANYONE;
  49 import static org.sonar.api.web.UserRole.CODEVIEWER;
  50 import static org.sonar.db.permission.GlobalPermission.SCAN;
  51 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
  52 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
  53 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
  54 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
  55
  56 public class RemoveGroupFromTemplateActionTest extends BasePermissionWsTest<RemoveGroupFromTemplateAction> {
  57
  58   private static final String PERMISSION = CODEVIEWER;
  59
  60   private GroupDto group;
  61   private PermissionTemplateDto template;
  62   private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
  63   private PermissionService permissionService = new PermissionServiceImpl(resourceTypes);
  64   private WsParameters wsParameters = new WsParameters(permissionService);
  65
  66   @Override
  67   protected RemoveGroupFromTemplateAction buildWsAction() {
  68     return new RemoveGroupFromTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, wsParameters);
  69   }
  70
  71   @Before
  72   public void setUp() {
  73     loginAsAdmin();
  74
  75     group = db.users().insertGroup("group-name");
  76     template = db.permissionTemplates().insertTemplate();
  77     addGroupToTemplate(template, group.getUuid(), PERMISSION, group.getName());
  78   }
  79
  80   @Test
  81   public void verify_definition() {
  82     Action wsDef = wsTester.getDef();
  83
  84     assertThat(wsDef.isInternal()).isFalse();
  85     assertThat(wsDef.since()).isEqualTo("5.2");
  86     assertThat(wsDef.isPost()).isTrue();
  87     assertThat(wsDef.changelog()).extracting(Change::getVersion, Change::getDescription).containsOnly(
  88       tuple("10.0", "Parameter 'groupId' is removed. Use 'groupName' instead."),
  89       tuple("8.4", "Parameter 'groupId' is deprecated. Format changes from integer to string. Use 'groupName' instead."));
  90   }
  91
  92   @Test
  93   public void remove_group_from_template() {
  94     newRequest(group.getName(), template.getUuid(), PERMISSION);
  95
  96     assertThat(getGroupNamesInTemplateAndPermission(template, PERMISSION)).isEmpty();
  97   }
  98
  99   @Test
 100   public void remove_group_from_template_by_name_case_insensitive() {
 101     newRequest()
 102       .setParam(PARAM_GROUP_NAME, group.getName())
 103       .setParam(PARAM_PERMISSION, PERMISSION)
 104       .setParam(PARAM_TEMPLATE_NAME, template.getName().toUpperCase())
 105       .execute();
 106
 107     assertThat(getGroupNamesInTemplateAndPermission(template, PERMISSION)).isEmpty();
 108   }
 109
 110   @Test
 111   public void remove_group_twice_without_error() {
 112     newRequest(group.getName(), template.getUuid(), PERMISSION);
 113     newRequest(group.getName(), template.getUuid(), PERMISSION);
 114
 115     assertThat(getGroupNamesInTemplateAndPermission(template, PERMISSION)).isEmpty();
 116   }
 117
 118   @Test
 119   public void remove_anyone_group_from_template() {
 120     addGroupToTemplate(template, null, PERMISSION, null);
 121
 122     newRequest(ANYONE, template.getUuid(), PERMISSION);
 123
 124     assertThat(getGroupNamesInTemplateAndPermission(template, PERMISSION)).containsExactly(group.getName());
 125   }
 126
 127   @Test
 128   public void fail_if_not_a_project_permission() {
 129     assertThatThrownBy(() -> newRequest(group.getName(), template.getUuid(), GlobalPermissions.PROVISIONING))
 130       .isInstanceOf(IllegalArgumentException.class);
 131   }
 132
 133   @Test
 134   public void fail_if_insufficient_privileges() {
 135     userSession.logIn().addPermission(SCAN);
 136
 137     assertThatThrownBy(() -> newRequest(group.getName(), template.getUuid(), PERMISSION))
 138       .isInstanceOf(ForbiddenException.class);
 139   }
 140
 141   @Test
 142   public void fail_if_not_logged_in() {
 143     assertThatThrownBy(() ->  {
 144       userSession.anonymous();
 145       newRequest(group.getName(), template.getUuid(), PERMISSION);
 146     })
 147       .isInstanceOf(UnauthorizedException.class);
 148   }
 149
 150   @Test
 151   public void fail_if_group_params_missing() {
 152     assertThatThrownBy(() ->  {
 153       newRequest(null, template.getUuid(), PERMISSION);
 154     })
 155       .isInstanceOf(IllegalArgumentException.class)
 156       .hasMessage("The 'groupName' parameter is missing");
 157   }
 158
 159   @Test
 160   public void fail_if_permission_missing() {
 161     assertThatThrownBy(() ->  {
 162       newRequest(group.getName(), template.getUuid(), null);
 163     })
 164       .isInstanceOf(IllegalArgumentException.class);
 165   }
 166
 167   @Test
 168   public void fail_if_template_missing() {
 169     assertThatThrownBy(() ->  {
 170       newRequest(group.getName(), null, PERMISSION);
 171     })
 172       .isInstanceOf(BadRequestException.class);
 173   }
 174
 175   @Test
 176   public void fail_if_group_does_not_exist() {
 177     assertThatThrownBy(() ->  {
 178       newRequest("unknown-group-name", template.getUuid(), PERMISSION);
 179     })
 180       .isInstanceOf(NotFoundException.class)
 181       .hasMessage("No group with name 'unknown-group-name'");
 182   }
 183
 184   @Test
 185   public void fail_if_template_key_does_not_exist() {
 186     assertThatThrownBy(() ->  {
 187       newRequest(group.getName(), "unknown-key", PERMISSION);
 188     })
 189       .isInstanceOf(NotFoundException.class)
 190       .hasMessage("Permission template with id 'unknown-key' is not found");
 191   }
 192
 193   private void newRequest(@Nullable String groupName, @Nullable String templateKey, @Nullable String permission) {
 194     TestRequest request = newRequest();
 195     if (groupName != null) {
 196       request.setParam(PARAM_GROUP_NAME, groupName);
 197     }
 198     if (templateKey != null) {
 199       request.setParam(PARAM_TEMPLATE_ID, templateKey);
 200     }
 201     if (permission != null) {
 202       request.setParam(PARAM_PERMISSION, permission);
 203     }
 204
 205     request.execute();
 206   }
 207
 208   private void addGroupToTemplate(PermissionTemplateDto template, @Nullable String groupUuid, String permission, String groupName) {
 209     db.getDbClient().permissionTemplateDao().insertGroupPermission(db.getSession(), template.getUuid(), groupUuid,
 210       permission, template.getName(), groupName);
 211     db.commit();
 212   }
 213
 214   private List<String> getGroupNamesInTemplateAndPermission(PermissionTemplateDto template, String permission) {
 215     PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build();
 216     return db.getDbClient().permissionTemplateDao()
 217       .selectGroupNamesByQueryAndTemplate(db.getSession(), permissionQuery, template.getUuid());
 218   }
 219 }