source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2016 SonarSource SA
   4  * mailto:contact AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.server.computation.task.projectanalysis.step;
  21
  22 import java.util.List;
  23 import java.util.Map;
  24 import org.elasticsearch.search.SearchHit;
  25 import org.junit.After;
  26 import org.junit.Before;
  27 import org.junit.Rule;
  28 import org.junit.Test;
  29 import org.sonar.api.config.Settings;
  30 import org.sonar.api.security.DefaultGroups;
  31 import org.sonar.api.utils.System2;
  32 import org.sonar.api.web.UserRole;
  33 import org.sonar.db.DbClient;
  34 import org.sonar.db.DbSession;
  35 import org.sonar.db.DbTester;
  36 import org.sonar.db.component.ComponentDto;
  37 import org.sonar.db.component.ComponentTesting;
  38 import org.sonar.db.permission.PermissionRepository;
  39 import org.sonar.db.permission.template.PermissionTemplateDto;
  40 import org.sonar.db.user.GroupRoleDto;
  41 import org.sonar.server.computation.task.projectanalysis.component.TreeRootHolderRule;
  42 import org.sonar.server.computation.task.projectanalysis.component.Component;
  43 import org.sonar.server.computation.task.projectanalysis.component.MutableDbIdsRepositoryRule;
  44 import org.sonar.server.computation.task.projectanalysis.component.ReportComponent;
  45 import org.sonar.server.computation.task.projectanalysis.component.ViewsComponent;
  46 import org.sonar.server.computation.task.step.ComputationStep;
  47 import org.sonar.server.es.EsTester;
  48 import org.sonar.server.issue.index.IssueAuthorizationIndexer;
  49 import org.sonar.server.issue.index.IssueIndexDefinition;
  50
  51 import static org.assertj.core.api.Assertions.assertThat;
  52 import static org.sonar.db.component.ComponentTesting.newView;
  53 import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
  54 import static org.sonar.server.computation.task.projectanalysis.component.Component.Type.PROJECT;
  55 import static org.sonar.server.computation.task.projectanalysis.component.Component.Type.VIEW;
  56
  57
  58 public class ApplyPermissionsStepTest extends BaseStepTest {
  59
  60   private static final String ROOT_KEY = "ROOT_KEY";
  61   private static final String ROOT_UUID = "ROOT_UUID";
  62   private static final long SOME_DATE = 1000L;
  63
  64   @Rule
  65   public EsTester esTester = new EsTester(new IssueIndexDefinition(new Settings()));
  66
  67   @Rule
  68   public DbTester dbTester = DbTester.create(System2.INSTANCE);
  69
  70   @Rule
  71   public TreeRootHolderRule treeRootHolder = new TreeRootHolderRule();
  72
  73   @Rule
  74   public MutableDbIdsRepositoryRule dbIdsRepository = MutableDbIdsRepositoryRule.create(treeRootHolder);
  75
  76   DbSession dbSession;
  77
  78   DbClient dbClient = dbTester.getDbClient();
  79
  80   Settings settings = new Settings();
  81
  82   IssueAuthorizationIndexer issueAuthorizationIndexer;
  83
  84   ApplyPermissionsStep step;
  85
  86   @Before
  87   public void setUp() {
  88     dbSession = dbClient.openSession(false);
  89
  90     issueAuthorizationIndexer = new IssueAuthorizationIndexer(dbClient, esTester.client());
  91     issueAuthorizationIndexer.setEnabled(true);
  92
  93     step = new ApplyPermissionsStep(dbClient, dbIdsRepository, issueAuthorizationIndexer, new PermissionRepository(dbClient, settings), treeRootHolder);
  94   }
  95
  96   @After
  97   public void tearDown() {
  98     dbSession.close();
  99   }
 100
 101   @Test
 102   public void grant_permission_on_new_project() {
 103     ComponentDto projectDto = ComponentTesting.newProjectDto(ROOT_UUID).setKey(ROOT_KEY);
 104     dbClient.componentDao().insert(dbSession, projectDto);
 105
 106     // Create a permission template containing browse permission for anonymous group
 107     createDefaultPermissionTemplate(UserRole.USER);
 108
 109     Component project = ReportComponent.builder(PROJECT, 1).setUuid(ROOT_UUID).setKey(ROOT_KEY).build();
 110     dbIdsRepository.setComponentId(project, projectDto.getId());
 111     treeRootHolder.setRoot(project);
 112
 113     step.execute();
 114     dbSession.commit();
 115
 116     assertThat(dbClient.componentDao().selectOrFailByKey(dbSession, ROOT_KEY).getAuthorizationUpdatedAt()).isNotNull();
 117     assertThat(dbClient.roleDao().selectGroupPermissions(dbSession, DefaultGroups.ANYONE, projectDto.getId())).containsOnly(UserRole.USER);
 118     verifyAuthorisationIndex(ROOT_UUID, DefaultGroups.ANYONE);
 119   }
 120
 121   @Test
 122   public void nothing_to_do_on_existing_project() {
 123     ComponentDto projectDto = ComponentTesting.newProjectDto(ROOT_UUID).setKey(ROOT_KEY).setAuthorizationUpdatedAt(SOME_DATE);
 124     dbClient.componentDao().insert(dbSession, projectDto);
 125     // Permissions are already set on the project
 126     dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto().setRole(UserRole.USER).setGroupId(null).setResourceId(projectDto.getId()));
 127
 128     dbSession.commit();
 129
 130     Component project = ReportComponent.builder(PROJECT, 1).setUuid(ROOT_UUID).setKey(ROOT_KEY).build();
 131     dbIdsRepository.setComponentId(project, projectDto.getId());
 132     treeRootHolder.setRoot(project);
 133
 134     step.execute();
 135     dbSession.commit();
 136
 137     // Check that authorization updated at has not been changed -> Nothing has been done
 138     assertThat(projectDto.getAuthorizationUpdatedAt()).isEqualTo(SOME_DATE);
 139   }
 140
 141   @Test
 142   public void grant_permission_on_new_view() {
 143     ComponentDto viewDto = newView(ROOT_UUID).setKey(ROOT_KEY);
 144     dbClient.componentDao().insert(dbSession, viewDto);
 145
 146     String permission = UserRole.USER;
 147     // Create a permission template containing browse permission for anonymous group
 148     createDefaultPermissionTemplate(permission);
 149
 150     Component project = ViewsComponent.builder(VIEW, ROOT_KEY).setUuid(ROOT_UUID).build();
 151     dbIdsRepository.setComponentId(project, viewDto.getId());
 152     treeRootHolder.setRoot(project);
 153
 154     step.execute();
 155     dbSession.commit();
 156
 157     assertThat(dbClient.componentDao().selectOrFailByKey(dbSession, ROOT_KEY).getAuthorizationUpdatedAt()).isNotNull();
 158     assertThat(dbClient.roleDao().selectGroupPermissions(dbSession, DefaultGroups.ANYONE, viewDto.getId())).containsOnly(permission);
 159   }
 160
 161   @Test
 162   public void nothing_to_do_on_existing_view() {
 163     ComponentDto viewDto = newView(ROOT_UUID).setKey(ROOT_KEY).setAuthorizationUpdatedAt(SOME_DATE);
 164     dbClient.componentDao().insert(dbSession, viewDto);
 165     // Permissions are already set on the view
 166     dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto().setRole(UserRole.USER).setGroupId(null).setResourceId(viewDto.getId()));
 167
 168     dbSession.commit();
 169
 170     Component project = ReportComponent.builder(PROJECT, 1).setUuid(ROOT_UUID).setKey(ROOT_KEY).build();
 171     dbIdsRepository.setComponentId(project, viewDto.getId());
 172     treeRootHolder.setRoot(project);
 173
 174     step.execute();
 175     dbSession.commit();
 176
 177     // Check that authorization updated at has not been changed -> Nothing has been done
 178     assertThat(viewDto.getAuthorizationUpdatedAt()).isEqualTo(SOME_DATE);
 179   }
 180
 181   private void createDefaultPermissionTemplate(String permission) {
 182     PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().insert(dbSession, newPermissionTemplateDto().setName("Default"));
 183     settings.setProperty("sonar.permission.template.default", permissionTemplateDto.getKee());
 184     dbClient.permissionTemplateDao().insertGroupPermission(permissionTemplateDto.getId(), null, permission);
 185     dbSession.commit();
 186   }
 187
 188   private void verifyAuthorisationIndex(String rootUuid, String groupPermission){
 189     List<SearchHit> issueAuthorizationHits = esTester.getDocuments(IssueIndexDefinition.INDEX, IssueIndexDefinition.TYPE_AUTHORIZATION);
 190     assertThat(issueAuthorizationHits).hasSize(1);
 191     Map<String, Object> issueAuthorization = issueAuthorizationHits.get(0).sourceAsMap();
 192     assertThat(issueAuthorization.get("project")).isEqualTo(rootUuid);
 193     assertThat((List<String>) issueAuthorization.get("groups")).containsOnly(groupPermission);
 194     assertThat((List<String>) issueAuthorization.get("users")).isEmpty();
 195   }
 196
 197   @Override
 198   protected ComputationStep step() {
 199     return step;
 200   }
 201 }