]> source.dussan.org Git - sonarqube.git/blob
projects / sonarqube.git / blob
? search:


eb4ceead7949d46cf7500872e75b6f0358cf9595
[sonarqube.git] /
1 /*
2  * SonarQube, open source software quality management tool.
3  * Copyright (C) 2008-2014 SonarSource
4  * mailto:contact AT sonarsource DOT com
5  *
6  * SonarQube is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * SonarQube is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20
21 package org.sonar.server.permission.ws.template;
22
23 import com.google.common.base.Predicate;
24 import com.google.common.collect.FluentIterable;
25 import java.util.List;
26 import javax.annotation.Nullable;
27 import org.junit.Before;
28 import org.junit.Rule;
29 import org.junit.Test;
30 import org.junit.experimental.categories.Category;
31 import org.junit.rules.ExpectedException;
32 import org.sonar.api.config.Settings;
33 import org.sonar.api.resources.Qualifiers;
34 import org.sonar.api.utils.System2;
35 import org.sonar.api.web.UserRole;
36 import org.sonar.core.permission.GlobalPermissions;
37 import org.sonar.db.DbClient;
38 import org.sonar.db.DbSession;
39 import org.sonar.db.DbTester;
40 import org.sonar.db.component.ComponentDto;
41 import org.sonar.db.component.ResourceTypesRule;
42 import org.sonar.db.permission.GroupWithPermissionDto;
43 import org.sonar.db.permission.PermissionQuery;
44 import org.sonar.db.permission.PermissionRepository;
45 import org.sonar.db.permission.PermissionTemplateDto;
46 import org.sonar.db.permission.UserWithPermissionDto;
47 import org.sonar.db.user.GroupDto;
48 import org.sonar.db.user.GroupRoleDto;
49 import org.sonar.db.user.UserDto;
50 import org.sonar.db.user.UserRoleDto;
51 import org.sonar.server.component.ComponentFinder;
52 import org.sonar.server.exceptions.BadRequestException;
53 import org.sonar.server.exceptions.ForbiddenException;
54 import org.sonar.server.exceptions.NotFoundException;
55 import org.sonar.server.exceptions.UnauthorizedException;
56 import org.sonar.server.issue.index.IssueAuthorizationIndexer;
57 import org.sonar.server.permission.PermissionFinder;
58 import org.sonar.server.permission.PermissionService;
59 import org.sonar.server.permission.ws.PermissionDependenciesFinder;
60 import org.sonar.server.tester.UserSessionRule;
61 import org.sonar.server.usergroups.ws.UserGroupFinder;
62 import org.sonar.server.ws.TestRequest;
63 import org.sonar.server.ws.TestResponse;
64 import org.sonar.server.ws.WsActionTester;
65 import org.sonar.test.DbTests;
66
67 import static org.assertj.core.api.Assertions.assertThat;
68 import static org.mockito.Mockito.mock;
69 import static org.mockito.Mockito.verify;
70 import static org.sonar.db.component.ComponentTesting.newProjectDto;
71 import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateDto;
72 import static org.sonar.db.user.GroupMembershipQuery.IN;
73 import static org.sonar.db.user.GroupTesting.newGroupDto;
74 import static org.sonar.db.user.UserTesting.newUserDto;
75 import static org.sonar.server.permission.ws.PermissionsWsParameters.PARAM_PROJECT_ID;
76 import static org.sonar.server.permission.ws.PermissionsWsParameters.PARAM_PROJECT_KEY;
77 import static org.sonar.server.permission.ws.PermissionsWsParameters.PARAM_TEMPLATE_UUID;
78 import static org.sonar.server.permission.ws.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
79
80 @Category(DbTests.class)
81 public class ApplyTemplateActionTest {
82
83   @Rule
84   public DbTester db = DbTester.create(System2.INSTANCE);
85   @Rule
86   public UserSessionRule userSession = UserSessionRule.standalone();
87   @Rule
88   public ExpectedException expectedException = ExpectedException.none();
89   ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, "DEV");
90
91   WsActionTester ws;
92   DbClient dbClient;
93   DbSession dbSession;
94
95   UserDto user1;
96   UserDto user2;
97   GroupDto group1;
98   GroupDto group2;
99   ComponentDto project;
100   PermissionTemplateDto template1;
101   PermissionTemplateDto template2;
102   IssueAuthorizationIndexer issueAuthorizationIndexer = mock(IssueAuthorizationIndexer.class);
103
104   @Before
105   public void setUp() {
106     userSession.login("login").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
107     dbClient = db.getDbClient();
108     dbSession = db.getSession();
109
110     PermissionRepository repository = new PermissionRepository(dbClient, new Settings());
111     PermissionFinder permissionFinder = new PermissionFinder(dbClient);
112     ComponentFinder componentFinder = new ComponentFinder(dbClient);
113     PermissionService permissionService = new PermissionService(dbClient, repository, issueAuthorizationIndexer, userSession, componentFinder);
114     PermissionDependenciesFinder permissionDependenciesFinder = new PermissionDependenciesFinder(dbClient, componentFinder, new UserGroupFinder(dbClient), resourceTypes);
115
116     ApplyTemplateAction underTest = new ApplyTemplateAction(dbClient, permissionService, permissionDependenciesFinder);
117     ws = new WsActionTester(underTest);
118
119     user1 = insertUser(newUserDto().setLogin("user-login-1"));
120     user2 = insertUser(newUserDto().setLogin("user-login-2"));
121     group1 = insertGroup(newGroupDto().setName("group-name-1"));
122     group2 = insertGroup(newGroupDto().setName("group-name-2"));
123
124     // template 1
125     template1 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-1"));
126     addUserToTemplate(user1, template1, UserRole.CODEVIEWER);
127     addUserToTemplate(user2, template1, UserRole.ISSUE_ADMIN);
128     addGroupToTemplate(group1, template1, UserRole.ADMIN);
129     addGroupToTemplate(group2, template1, UserRole.USER);
130     // template 2
131     template2 = insertTemplate(newPermissionTemplateDto().setUuid("permission-template-uuid-2"));
132     addUserToTemplate(user1, template2, UserRole.USER);
133     addUserToTemplate(user2, template2, UserRole.USER);
134     addGroupToTemplate(group1, template2, UserRole.USER);
135     addGroupToTemplate(group2, template2, UserRole.USER);
136
137     project = insertProject(newProjectDto("project-uuid-1"));
138     addUserPermissionToProject(user1, project, UserRole.ADMIN);
139     addUserPermissionToProject(user2, project, UserRole.ADMIN);
140     addGroupPermissionToProject(group1, project, UserRole.ADMIN);
141     addGroupPermissionToProject(group2, project, UserRole.ADMIN);
142
143     commit();
144   }
145
146   @Test
147   public void apply_template_with_project_uuid() {
148     assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).hasSize(2);
149     assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).hasSize(2);
150
151     newRequest(template1.getUuid(), project.uuid(), null);
152
153     assertTemplate1AppliedToProject();
154     verify(issueAuthorizationIndexer).index();
155   }
156
157   @Test
158   public void apply_template_with_project_uuid_by_template_name() {
159     ws.newRequest()
160       .setParam(PARAM_TEMPLATE_NAME, template1.getName().toUpperCase())
161       .setParam(PARAM_PROJECT_ID, project.uuid())
162       .execute();
163     commit();
164
165     assertTemplate1AppliedToProject();
166   }
167
168   @Test
169   public void apply_template_with_project_key() {
170     newRequest(template1.getUuid(), null, project.key());
171
172     assertTemplate1AppliedToProject();
173   }
174
175   @Test
176   public void fail_when_unknown_template() {
177     expectedException.expect(NotFoundException.class);
178     expectedException.expectMessage("Permission template with id 'unknown-template-uuid' is not found");
179
180     newRequest("unknown-template-uuid", project.uuid(), null);
181   }
182
183   @Test
184   public void fail_when_unknown_project_uuid() {
185     expectedException.expect(NotFoundException.class);
186     expectedException.expectMessage("Project id 'unknown-project-uuid' not found");
187
188     newRequest(template1.getUuid(), "unknown-project-uuid", null);
189   }
190
191   @Test
192   public void fail_when_unknown_project_key() {
193     expectedException.expect(NotFoundException.class);
194     expectedException.expectMessage("Project key 'unknown-project-key' not found");
195
196     newRequest(template1.getUuid(), null, "unknown-project-key");
197   }
198
199   @Test
200   public void fail_when_template_is_not_provided() {
201     expectedException.expect(BadRequestException.class);
202
203     newRequest(null, project.uuid(), null);
204   }
205
206   @Test
207   public void fail_when_project_uuid_and_key_not_provided() {
208     expectedException.expect(BadRequestException.class);
209     expectedException.expectMessage("Project id or project key must be provided, not both.");
210
211     newRequest(template1.getUuid(), null, null);
212   }
213
214   @Test
215   public void fail_when_anonymous() {
216     expectedException.expect(UnauthorizedException.class);
217     userSession.anonymous();
218
219     newRequest(template1.getUuid(), project.uuid(), null);
220   }
221
222   @Test
223   public void fail_when_insufficient_privileges() {
224     expectedException.expect(ForbiddenException.class);
225     userSession.login().setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
226
227     newRequest(template1.getUuid(), project.uuid(), null);
228   }
229
230   private void assertTemplate1AppliedToProject() {
231     assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).extracting("name").containsExactly(group1.getName());
232     assertThat(selectProjectPermissionGroups(project, UserRole.USER)).extracting("name").containsExactly(group2.getName());
233     assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
234     assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).extracting("login").containsExactly(user1.getLogin());
235     assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).extracting("login").containsExactly(user2.getLogin());
236   }
237
238   private TestResponse newRequest(@Nullable String templateUuid, @Nullable String projectUuid, @Nullable String projectKey) {
239     TestRequest request = ws.newRequest();
240     if (templateUuid != null) {
241       request.setParam(PARAM_TEMPLATE_UUID, templateUuid);
242     }
243     if (projectUuid != null) {
244       request.setParam(PARAM_PROJECT_ID, projectUuid);
245     }
246     if (projectKey != null) {
247       request.setParam(PARAM_PROJECT_KEY, projectKey);
248     }
249
250     TestResponse result = request.execute();
251     commit();
252
253     return result;
254   }
255
256   private ComponentDto insertProject(ComponentDto project) {
257     dbClient.componentDao().insert(dbSession, project);
258     return dbClient.componentDao().selectOrFailByUuid(dbSession, project.uuid());
259   }
260
261   private PermissionTemplateDto insertTemplate(PermissionTemplateDto template) {
262     return dbClient.permissionTemplateDao().insert(dbSession, template);
263   }
264
265   private UserDto insertUser(UserDto userDto) {
266     return dbClient.userDao().insert(dbSession, userDto.setActive(true));
267   }
268
269   private GroupDto insertGroup(GroupDto group) {
270     return dbClient.groupDao().insert(dbSession, group);
271   }
272
273   private void addUserToTemplate(UserDto user, PermissionTemplateDto permissionTemplate, String permission) {
274     dbClient.permissionTemplateDao().insertUserPermission(dbSession, permissionTemplate.getId(), user.getId(), permission);
275   }
276
277   private void addGroupToTemplate(GroupDto group, PermissionTemplateDto permissionTemplate, String permission) {
278     dbClient.permissionTemplateDao().insertGroupPermission(dbSession, permissionTemplate.getId(), group.getId(), permission);
279   }
280
281   private void addUserPermissionToProject(UserDto user, ComponentDto project, String permission) {
282     dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto()
283       .setRole(permission)
284       .setUserId(user.getId())
285       .setResourceId(project.getId()));
286   }
287
288   private void addGroupPermissionToProject(GroupDto group, ComponentDto project, String permission) {
289     dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto()
290       .setRole(permission)
291       .setResourceId(project.getId())
292       .setGroupId(group.getId()));
293   }
294
295   private List<GroupWithPermissionDto> selectProjectPermissionGroups(ComponentDto project, String permission) {
296     return FluentIterable.from(dbClient.permissionDao().selectGroups(dbSession, query(permission), project.getId()))
297       .filter(new PermissionNotNull())
298       .toList();
299   }
300
301   private List<UserWithPermissionDto> selectProjectPermissionUsers(ComponentDto project, String permission) {
302     return dbClient.permissionDao().selectUsers(dbSession, query(permission), project.getId(), 0, Integer.MAX_VALUE);
303   }
304
305   private void commit() {
306     dbSession.commit();
307   }
308
309   private static PermissionQuery query(String permission) {
310     return PermissionQuery.builder().membership(IN).permission(permission).build();
311   }
312
313   private static class PermissionNotNull implements Predicate<GroupWithPermissionDto> {
314     @Override
315     public boolean apply(@Nullable GroupWithPermissionDto input) {
316       return input.getPermission() != null;
317     }
318   }
319 }
Continuous Inspection: https://github.com/SonarSource/sonarqube