]> source.dussan.org Git - sonarqube.git/blob
f94005ad729ba664f38bd24a9543af4171c843b6
[sonarqube.git] /
1 /*
2  * SonarQube
3  * Copyright (C) 2009-2016 SonarSource SA
4  * mailto:contact AT sonarsource DOT com
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 3 of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  */
20 package org.sonar.server.permission.ws.template;
21
22 import com.google.common.base.Function;
23 import java.util.List;
24 import javax.annotation.Nonnull;
25 import javax.annotation.Nullable;
26 import org.junit.Before;
27 import org.junit.Rule;
28 import org.junit.Test;
29 import org.junit.rules.ExpectedException;
30 import org.sonar.api.resources.Qualifiers;
31 import org.sonar.api.utils.System2;
32 import org.sonar.api.web.UserRole;
33 import org.sonar.core.permission.GlobalPermissions;
34 import org.sonar.db.DbClient;
35 import org.sonar.db.DbSession;
36 import org.sonar.db.DbTester;
37 import org.sonar.db.component.ResourceTypesRule;
38 import org.sonar.db.permission.GroupWithPermissionDto;
39 import org.sonar.db.permission.PermissionQuery;
40 import org.sonar.db.permission.PermissionTemplateDto;
41 import org.sonar.db.user.GroupDto;
42 import org.sonar.server.component.ComponentFinder;
43 import org.sonar.server.exceptions.BadRequestException;
44 import org.sonar.server.exceptions.ForbiddenException;
45 import org.sonar.server.exceptions.NotFoundException;
46 import org.sonar.server.exceptions.UnauthorizedException;
47 import org.sonar.server.permission.ws.PermissionDependenciesFinder;
48 import org.sonar.server.tester.UserSessionRule;
49 import org.sonar.server.usergroups.ws.UserGroupFinder;
50 import org.sonar.server.ws.TestRequest;
51 import org.sonar.server.ws.WsActionTester;
52
53 import static com.google.common.collect.FluentIterable.from;
54 import static org.assertj.core.api.Assertions.assertThat;
55 import static org.sonar.api.security.DefaultGroups.ANYONE;
56 import static org.sonar.api.web.UserRole.ADMIN;
57 import static org.sonar.api.web.UserRole.CODEVIEWER;
58 import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
59 import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateDto;
60 import static org.sonar.db.user.GroupMembershipQuery.IN;
61 import static org.sonar.db.user.GroupTesting.newGroupDto;
62 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
63 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
64 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
65 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
66 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
67
68
69 public class AddGroupToTemplateActionTest {
70
71   private static final String GROUP_NAME = "group-name";
72   @Rule
73   public DbTester db = DbTester.create(System2.INSTANCE);
74   @Rule
75   public ExpectedException expectedException = ExpectedException.none();
76   @Rule
77   public UserSessionRule userSession = UserSessionRule.standalone();
78   ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, "DEV");
79
80   WsActionTester ws;
81   DbClient dbClient;
82   DbSession dbSession;
83   GroupDto group;
84   PermissionTemplateDto permissionTemplate;
85
86   @Before
87   public void setUp() {
88     dbClient = db.getDbClient();
89     dbSession = db.getSession();
90     userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
91
92     PermissionDependenciesFinder dependenciesFinder = new PermissionDependenciesFinder(dbClient, new ComponentFinder(dbClient), new UserGroupFinder(dbClient), resourceTypes);
93     ws = new WsActionTester(new AddGroupToTemplateAction(dbClient, dependenciesFinder, userSession));
94
95     group = insertGroup(newGroupDto().setName(GROUP_NAME));
96     permissionTemplate = insertPermissionTemplate(newPermissionTemplateDto());
97     commit();
98   }
99
100   @Test
101   public void add_group_to_template() {
102     newRequest(GROUP_NAME, permissionTemplate.getUuid(), CODEVIEWER);
103
104     assertThat(getGroupNamesInTemplateAndPermission(permissionTemplate.getId(), CODEVIEWER)).containsExactly(GROUP_NAME);
105   }
106
107   @Test
108   public void add_group_to_template_by_name() {
109     ws.newRequest()
110       .setParam(PARAM_GROUP_NAME, GROUP_NAME)
111       .setParam(PARAM_PERMISSION, CODEVIEWER)
112       .setParam(PARAM_TEMPLATE_NAME, permissionTemplate.getName().toUpperCase())
113       .execute();
114     commit();
115
116     assertThat(getGroupNamesInTemplateAndPermission(permissionTemplate.getId(), CODEVIEWER)).containsExactly(GROUP_NAME);
117   }
118
119   @Test
120   public void add_with_group_id() {
121     ws.newRequest()
122       .setParam(PARAM_TEMPLATE_ID, permissionTemplate.getUuid())
123       .setParam(PARAM_PERMISSION, CODEVIEWER)
124       .setParam(PARAM_GROUP_ID, String.valueOf(group.getId()))
125       .execute();
126
127     assertThat(getGroupNamesInTemplateAndPermission(permissionTemplate.getId(), CODEVIEWER)).containsExactly(GROUP_NAME);
128   }
129
130   @Test
131   public void does_not_add_a_group_twice() {
132     newRequest(GROUP_NAME, permissionTemplate.getUuid(), ISSUE_ADMIN);
133     newRequest(GROUP_NAME, permissionTemplate.getUuid(), ISSUE_ADMIN);
134
135     assertThat(getGroupNamesInTemplateAndPermission(permissionTemplate.getId(), ISSUE_ADMIN)).containsExactly(GROUP_NAME);
136   }
137
138   @Test
139   public void add_anyone_group_to_template() {
140     newRequest(ANYONE, permissionTemplate.getUuid(), CODEVIEWER);
141
142     assertThat(getGroupNamesInTemplateAndPermission(permissionTemplate.getId(), CODEVIEWER)).containsExactly(ANYONE);
143   }
144
145   @Test
146   public void fail_if_add_anyone_group_to_admin_permission() {
147     expectedException.expect(BadRequestException.class);
148     expectedException.expectMessage(String.format("It is not possible to add the '%s' permission to the '%s' group.", UserRole.ADMIN, ANYONE));
149
150     newRequest(ANYONE, permissionTemplate.getUuid(), ADMIN);
151   }
152
153   @Test
154   public void fail_if_not_a_project_permission() {
155     expectedException.expect(BadRequestException.class);
156
157     newRequest(GROUP_NAME, permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
158   }
159
160   @Test
161   public void fail_if_insufficient_privileges() {
162     expectedException.expect(ForbiddenException.class);
163     userSession.setGlobalPermissions(GlobalPermissions.QUALITY_PROFILE_ADMIN);
164
165     newRequest(GROUP_NAME, permissionTemplate.getUuid(), CODEVIEWER);
166   }
167
168   @Test
169   public void fail_if_not_logged_in() {
170     expectedException.expect(UnauthorizedException.class);
171     userSession.anonymous();
172
173     newRequest(GROUP_NAME, permissionTemplate.getUuid(), CODEVIEWER);
174   }
175
176   @Test
177   public void fail_if_group_params_missing() {
178     expectedException.expect(BadRequestException.class);
179
180     newRequest(null, permissionTemplate.getUuid(), CODEVIEWER);
181   }
182
183   @Test
184   public void fail_if_permission_missing() {
185     expectedException.expect(IllegalArgumentException.class);
186
187     newRequest(GROUP_NAME, permissionTemplate.getUuid(), null);
188   }
189
190   @Test
191   public void fail_if_template_uuid_and_name_missing() {
192     expectedException.expect(BadRequestException.class);
193
194     newRequest(GROUP_NAME, null, CODEVIEWER);
195   }
196
197   @Test
198   public void fail_if_group_does_not_exist() {
199     expectedException.expect(NotFoundException.class);
200     expectedException.expectMessage("Group with name 'unknown-group-name' is not found");
201
202     newRequest("unknown-group-name", permissionTemplate.getUuid(), CODEVIEWER);
203   }
204
205   @Test
206   public void fail_if_template_key_does_not_exist() {
207     expectedException.expect(NotFoundException.class);
208     expectedException.expectMessage("Permission template with id 'unknown-key' is not found");
209
210     newRequest(GROUP_NAME, "unknown-key", CODEVIEWER);
211   }
212
213   private void newRequest(@Nullable String groupName, @Nullable String templateKey, @Nullable String permission) {
214     TestRequest request = ws.newRequest();
215     if (groupName != null) {
216       request.setParam(PARAM_GROUP_NAME, groupName);
217     }
218     if (templateKey != null) {
219       request.setParam(PARAM_TEMPLATE_ID, templateKey);
220     }
221     if (permission != null) {
222       request.setParam(PARAM_PERMISSION, permission);
223     }
224
225     request.execute();
226   }
227
228   private void commit() {
229     dbSession.commit();
230   }
231
232   private GroupDto insertGroup(GroupDto groupDto) {
233     return dbClient.groupDao().insert(dbSession, groupDto);
234   }
235
236   private PermissionTemplateDto insertPermissionTemplate(PermissionTemplateDto permissionTemplate) {
237     return dbClient.permissionTemplateDao().insert(dbSession, permissionTemplate);
238   }
239
240   private List<String> getGroupNamesInTemplateAndPermission(long templateId, String permission) {
241     PermissionQuery permissionQuery = PermissionQuery.builder().permission(permission).membership(IN).build();
242     return from(dbClient.permissionTemplateDao()
243       .selectGroups(dbSession, permissionQuery, templateId))
244       .transform(GroupWithPermissionToGroupName.INSTANCE)
245       .toList();
246   }
247
248   private enum GroupWithPermissionToGroupName implements Function<GroupWithPermissionDto, String> {
249     INSTANCE;
250
251     @Override
252     public String apply(@Nonnull GroupWithPermissionDto groupWithPermission) {
253       return groupWithPermission.getName();
254     }
255
256   }
257 }