@Test
public void user_should_be_authorized() {
- ComponentDto project1 = db.components().insertPublicProject(organization);
- ComponentDto project2 = db.components().insertPublicProject(organization);
- ComponentDto project3 = db.components().insertPublicProject(organization);
+ ComponentDto project1 = db.components().insertPrivateProject(organization);
+ ComponentDto project2 = db.components().insertPrivateProject(organization);
+ ComponentDto project3 = db.components().insertPrivateProject(organization);
UserDto user = db.users().insertUser("u1");
GroupDto group = db.users().insertGroup(organization);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project2);
@Test
public void group_should_be_authorized() {
- ComponentDto project1 = db.components().insertPublicProject(organization);
- ComponentDto project2 = db.components().insertPublicProject(organization);
- ComponentDto project3 = db.components().insertPublicProject(organization);
+ ComponentDto project1 = db.components().insertPrivateProject(organization);
+ ComponentDto project2 = db.components().insertPrivateProject(organization);
+ ComponentDto project3 = db.components().insertPrivateProject(organization);
UserDto user1 = db.users().insertUser("u1");
GroupDto group = db.users().insertGroup(organization);
db.users().insertMembers(group, user1);
UserDto user1 = db.users().insertUser("u1");
GroupDto group = db.users().insertGroup(organization);
db.users().insertMembers(group, user1);
- db.users().insertProjectPermissionOnAnyone(UserRole.USER, project1);
- db.users().insertProjectPermissionOnAnyone(UserRole.USER, project2);
assertThat(underTest.keepAuthorizedProjectIds(dbSession, newHashSet(project1.getId(), project2.getId()), null, UserRole.USER))
.containsOnly(project1.getId(), project2.getId());
@Test
public void keep_authorized_users_returns_empty_list_for_role_and_project_for_anonymous() {
- ComponentDto project1 = db.components().insertPublicProject(organization);
- ComponentDto project2 = db.components().insertPublicProject(organization);
- ComponentDto project3 = db.components().insertPublicProject(organization);
+ ComponentDto project1 = db.components().insertPrivateProject(organization);
+ ComponentDto project2 = db.components().insertPrivateProject(organization);
+ ComponentDto project3 = db.components().insertPrivateProject(organization);
UserDto user1 = db.users().insertUser("u1");
UserDto user2 = db.users().insertUser("u2");
UserDto user3 = db.users().insertUser("u3");
db.users().insertProjectPermissionOnUser(user1, UserRole.USER, project1);
db.users().insertProjectPermissionOnUser(user2, UserRole.USER, project1);
db.users().insertProjectPermissionOnUser(user3, UserRole.USER, project1);
- db.users().insertProjectPermissionOnAnyone(UserRole.USER, project2);
db.users().insertProjectPermissionOnGroup(group2, UserRole.USER, project3);
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession,
@Test
public void selectProjectPermissionsOfAnonymous_returns_permissions_of_anonymous_user_on_specified_public_project() {
ComponentDto project = db.components().insertPublicProject(organization);
- db.users().insertProjectPermissionOnAnyone(UserRole.CODEVIEWER, project);
- db.users().insertProjectPermissionOnUser(db.users().insertUser(), UserRole.USER, project);
+ db.users().insertProjectPermissionOnAnyone("p1", project);
+ db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p2", project);
ComponentDto otherProject = db.components().insertPublicProject();
- db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, otherProject);
+ db.users().insertProjectPermissionOnAnyone("p3", otherProject);
- assertThat(underTest.selectProjectPermissionsOfAnonymous(dbSession, project.uuid())).containsOnly(UserRole.CODEVIEWER);
+ assertThat(underTest.selectProjectPermissionsOfAnonymous(dbSession, project.uuid())).containsOnly("p1");
}
@Test
@Test
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_public_project_through_anonymous_permissions() {
ComponentDto project = db.components().insertPublicProject(organization);
- db.users().insertProjectPermissionOnAnyone(UserRole.CODEVIEWER, project);
- db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnAnyone("p1", project);
+ db.users().insertProjectPermissionOnAnyone("p2", project);
- assertThat(underTest.selectProjectPermissions(dbSession, project.uuid(), user.getId())).containsOnly(UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN);
+ assertThat(underTest.selectProjectPermissions(dbSession, project.uuid(), user.getId())).containsOnly("p1", "p2");
}
@Test
@Test
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_public_project_through_all_possible_configurations() {
ComponentDto project = db.components().insertPublicProject(organization);
- db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project);
- db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, project);
- db.users().insertProjectPermissionOnGroup(group1, UserRole.USER, project);
+ db.users().insertProjectPermissionOnUser(user, "p1", project);
+ db.users().insertProjectPermissionOnAnyone("p2", project);
+ db.users().insertProjectPermissionOnGroup(group1, "p3", project);
db.users().insertMember(group1, user);
- assertThat(underTest.selectProjectPermissions(dbSession, project.uuid(), user.getId())).containsOnly(UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.USER);
+ assertThat(underTest.selectProjectPermissions(dbSession, project.uuid(), user.getId())).containsOnly("p1", "p2", "p3");
}
}
ComponentDto project2 = db.components().insertPublicProject();
ComponentDto project3 = db.components().insertPublicProject();
- db.users().insertProjectPermissionOnGroup(group1, ISSUE_ADMIN, project1);
- db.users().insertProjectPermissionOnGroup(group1, ADMIN, project2);
- db.users().insertProjectPermissionOnGroup(group2, ADMIN, project2);
- db.users().insertProjectPermissionOnGroup(group3, ADMIN, project2);
+ db.users().insertProjectPermissionOnGroup(group1, "p1", project1);
+ db.users().insertProjectPermissionOnGroup(group1, "p2", project2);
+ db.users().insertProjectPermissionOnGroup(group2, "p2", project2);
+ db.users().insertProjectPermissionOnGroup(group3, "p2", project2);
// anyone group
- db.users().insertProjectPermissionOnAnyone(ADMIN, project2);
- db.users().insertProjectPermissionOnGroup(group1, USER, project2);
- db.users().insertProjectPermissionOnGroup(group1, USER, project3);
+ db.users().insertProjectPermissionOnAnyone("p2", project2);
+ db.users().insertProjectPermissionOnGroup(group1, "p3", project2);
+ db.users().insertProjectPermissionOnGroup(group1, "p3", project3);
final List<CountPerProjectPermission> result = new ArrayList<>();
underTest.groupsCountByComponentIdAndPermission(dbSession, asList(project2.getId(), project3.getId(), 789L),
context -> result.add((CountPerProjectPermission) context.getResultObject()));
assertThat(result).hasSize(3);
- assertThat(result).extracting("permission").containsOnly(ADMIN, USER);
+ assertThat(result).extracting("permission").containsOnly("p2", "p3");
assertThat(result).extracting("componentId").containsOnly(project2.getId(), project3.getId());
assertThat(result).extracting("count").containsOnly(4, 1);
}
ComponentDto project = db.components().insertPublicProject();
ComponentDto anotherProject = db.components().insertPublicProject();
- db.users().insertProjectPermissionOnGroup(group1, SCAN_EXECUTION, project);
- db.users().insertProjectPermissionOnGroup(group1, PROVISIONING, project);
- db.users().insertProjectPermissionOnAnyone(USER, project);
+ db.users().insertProjectPermissionOnGroup(group1, "p1", project);
+ db.users().insertProjectPermissionOnGroup(group1, "p2", project);
+ db.users().insertProjectPermissionOnAnyone("p3", project);
- db.users().insertProjectPermissionOnGroup(group1, SYSTEM_ADMIN, anotherProject);
- db.users().insertProjectPermissionOnAnyone(SYSTEM_ADMIN, anotherProject);
- db.users().insertProjectPermissionOnGroup(group3, SCAN_EXECUTION, anotherProject);
- db.users().insertPermissionOnGroup(group2, SCAN);
+ db.users().insertProjectPermissionOnGroup(group1, "p4", anotherProject);
+ db.users().insertProjectPermissionOnAnyone("p4", anotherProject);
+ db.users().insertProjectPermissionOnGroup(group3, "p1", anotherProject);
+ db.users().insertPermissionOnGroup(group2, "p5");
PermissionQuery.Builder builderOnComponent = newQuery().setComponentUuid(project.uuid());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
builderOnComponent.withAtLeastOnePermission().build())).containsOnlyOnce(group1.getName());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
- builderOnComponent.setPermission(SCAN_EXECUTION).build())).containsOnlyOnce(group1.getName());
+ builderOnComponent.setPermission("p1").build())).containsOnlyOnce(group1.getName());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
- builderOnComponent.setPermission(USER).build())).containsOnlyOnce(ANYONE);
+ builderOnComponent.setPermission("p3").build())).containsOnlyOnce(ANYONE);
}
@Test
public void selectByGroupIds_on_public_projects() {
OrganizationDto org = db.organizations().insert();
GroupDto group1 = db.users().insertGroup(org, "Group-1");
- db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);
+ db.users().insertPermissionOnGroup(group1, "p1");
GroupDto group2 = db.users().insertGroup(org, "Group-2");
ComponentDto project = db.components().insertPublicProject(org);
- db.users().insertProjectPermissionOnGroup(group2, USER, project);
+ db.users().insertProjectPermissionOnGroup(group2, "p2", project);
GroupDto group3 = db.users().insertGroup(org, "Group-3");
- db.users().insertProjectPermissionOnGroup(group3, USER, project);
+ db.users().insertProjectPermissionOnGroup(group3, "p2", project);
// Anyone group
- db.users().insertPermissionOnAnyone(org, SCAN);
- db.users().insertProjectPermissionOnAnyone(PROVISIONING, project);
+ db.users().insertPermissionOnAnyone(org, "p3");
+ db.users().insertProjectPermissionOnAnyone("p4", project);
assertThat(underTest.selectByGroupIds(dbSession, defaultOrganizationUuid, singletonList(group1.getId()), project.getId())).isEmpty();
assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(group2.getId()), project.getId()))
.extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId)
- .containsOnly(tuple(group2.getId(), USER, project.getId()));
+ .containsOnly(tuple(group2.getId(), "p2", project.getId()));
assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(group3.getId()), project.getId()))
.extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId)
- .containsOnly(tuple(group3.getId(), USER, project.getId()));
+ .containsOnly(tuple(group3.getId(), "p2", project.getId()));
assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(ANYONE_ID), project.getId()))
.extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId)
- .containsOnly(tuple(0, PROVISIONING, project.getId()));
+ .containsOnly(tuple(0, "p4", project.getId()));
assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), asList(group1.getId(), group2.getId(), ANYONE_ID), project.getId())).hasSize(2);
assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(MISSING_ID), project.getId())).isEmpty();
import java.util.function.Consumer;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
+import org.sonar.core.permission.ProjectPermissions;
import org.sonar.core.util.stream.MoreCollectors;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
public GroupPermissionDto insertProjectPermissionOnAnyone(String permission, ComponentDto project) {
checkArgument(!project.isPrivate(), "No permission to group AnyOne can be granted on a private project");
+ checkArgument(!ProjectPermissions.PUBLIC_PERMISSIONS.contains(permission),
+ "permission %s can't be granted on a public project", permission);
GroupPermissionDto dto = new GroupPermissionDto()
.setOrganizationUuid(project.getOrganizationUuid())
.setGroupId(null)
public GroupPermissionDto insertProjectPermissionOnGroup(GroupDto group, String permission, ComponentDto project) {
checkArgument(group.getOrganizationUuid().equals(project.getOrganizationUuid()), "Different organizations");
+ checkArgument(project.isPrivate() || !ProjectPermissions.PUBLIC_PERMISSIONS.contains(permission),
+ "%s can't be granted on a public project", permission);
GroupPermissionDto dto = new GroupPermissionDto()
.setOrganizationUuid(group.getOrganizationUuid())
.setGroupId(group.getId())
* Grant permission on given project
*/
public UserPermissionDto insertProjectPermissionOnUser(UserDto user, String permission, ComponentDto project) {
+ checkArgument(project.isPrivate() || !ProjectPermissions.PUBLIC_PERMISSIONS.contains(permission),
+ "%s can't be granted on a public project", permission);
UserPermissionDto dto = new UserPermissionDto(project.getOrganizationUuid(), permission, user.getId(), project.getId());
db.getDbClient().userPermissionDao().insert(db.getSession(), dto);
db.commit();
public void return_measures_on_view() throws Exception {
ComponentDto view = newView(db.getDefaultOrganization());
SnapshotDto viewSnapshot = db.components().insertProjectAndSnapshot(view);
- setBrowsePermissionOnUser(view);
MetricDto coverage = insertCoverageMetric();
dbClient.measureDao().insert(dbSession, newMeasureDto(coverage, view, viewSnapshot).setValue(15.5d));
db.commit();
ComponentDto view = newView(db.getDefaultOrganization());
SnapshotDto viewSnapshot = db.components().insertProjectAndSnapshot(view);
ComponentDto subView = db.components().insertComponent(newSubView(view));
- setBrowsePermissionOnUser(view);
MetricDto coverage = insertCoverageMetric();
dbClient.measureDao().insert(dbSession, newMeasureDto(coverage, subView, viewSnapshot).setValue(15.5d));
db.commit();
private FooIndexer fooIndexer = new FooIndexer(esTester.client());
private PermissionIndexer underTest = new PermissionIndexer(dbTester.getDbClient(), esTester.client(), fooIndexer);
+ @Test
+ public void initalizeOnStartup_grants_access_to_any_user_and_to_group_Anyone_on_public_projects() {
+ ComponentDto project = createAndIndexPublicProject();
+ UserDto user1 = userDbTester.insertUser();
+ UserDto user2 = userDbTester.insertUser();
+
+ indexOnStartup();
+
+ verifyAnyoneAuthorized(project);
+ verifyAuthorized(project, user1);
+ verifyAuthorized(project, user2);
+ }
+
@Test
public void initializeOnStartup_grants_access_to_user() {
ComponentDto project = createAndIndexPrivateProject();
}
@Test
- public void initializeOnStartup_grants_access_to_group() {
+ public void initializeOnStartup_grants_access_to_group_on_private_project() {
ComponentDto project = createAndIndexPrivateProject();
UserDto user1 = userDbTester.insertUser();
UserDto user2 = userDbTester.insertUser();
public void deleteProject_deletes_the_documents_related_to_the_project() {
ComponentDto project1 = createAndIndexPublicProject();
ComponentDto project2 = createAndIndexPublicProject();
- userDbTester.insertProjectPermissionOnAnyone(USER, project1);
- userDbTester.insertProjectPermissionOnAnyone(USER, project2);
indexOnStartup();
assertThat(esTester.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(2);
@Test
public void indexProject_does_nothing_because_authorizations_are_triggered_outside_standard_indexer_lifecycle() {
ComponentDto project = createAndIndexPublicProject();
- userDbTester.insertProjectPermissionOnAnyone(USER, project);
underTest.indexProject(project.uuid(), ProjectIndexer.Cause.NEW_ANALYSIS);
underTest.indexProject(project.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
ComponentDto projectOnOrg1 = createAndIndexPublicProject(dbTester.organizations().insert());
ComponentDto projectOnOrg2 = createAndIndexPublicProject(dbTester.organizations().insert());
UserDto user = userDbTester.insertUser();
- userDbTester.insertProjectPermissionOnAnyone(USER, projectOnOrg1);
- userDbTester.insertProjectPermissionOnUser(user, USER, projectOnOrg2);
indexOnStartup();
public void remove_with_view_uuid() throws Exception {
ComponentDto view = db.components().insertComponent(newView(db.organizations().insert(), "view-uuid").setKey("view-key"));
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, view);
- db.users().insertProjectPermissionOnUser(user, CODEVIEWER, view);
+ db.users().insertProjectPermissionOnUser(user, ADMIN, view);
loginAsAdmin(db.getDefaultOrganization());
newRequest()
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.execute();
- assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(CODEVIEWER);
+ assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(ADMIN);
}
@Test
@Test
public void return_all_projects() throws Exception {
OrganizationDto org = dbTester.organizations().insert();
- ComponentDto associatedProject = insertProjectAuthorizedToAnyone(ComponentTesting.newPublicProjectDto(org));
- ComponentDto unassociatedProject = insertProjectAuthorizedToAnyone(ComponentTesting.newPublicProjectDto(org));
+ ComponentDto associatedProject = insertProject(ComponentTesting.newPublicProjectDto(org));
+ ComponentDto unassociatedProject = insertProject(ComponentTesting.newPublicProjectDto(org));
associateProjectToQualitGate(associatedProject.getId());
Association result = underTest.find(
@Test
public void return_only_associated_project() throws Exception {
OrganizationDto org = dbTester.organizations().insert();
- ComponentDto associatedProject = insertProjectAuthorizedToAnyone(ComponentTesting.newPublicProjectDto(org));
- insertProjectAuthorizedToAnyone(ComponentTesting.newPublicProjectDto(org));
+ ComponentDto associatedProject = insertProject(ComponentTesting.newPublicProjectDto(org));
+ insertProject(ComponentTesting.newPublicProjectDto(org));
associateProjectToQualitGate(associatedProject.getId());
Association result = underTest.find(
@Test
public void return_only_unassociated_project() throws Exception {
OrganizationDto org = dbTester.organizations().insert();
- ComponentDto associatedProject = insertProjectAuthorizedToAnyone(ComponentTesting.newPublicProjectDto(org));
- ComponentDto unassociatedProject = insertProjectAuthorizedToAnyone(ComponentTesting.newPublicProjectDto(org));
+ ComponentDto associatedProject = insertProject(ComponentTesting.newPublicProjectDto(org));
+ ComponentDto unassociatedProject = insertProject(ComponentTesting.newPublicProjectDto(org));
associateProjectToQualitGate(associatedProject.getId());
Association result = underTest.find(
@Test
public void test_paging() throws Exception {
OrganizationDto org = dbTester.organizations().insert();
- ComponentDto project1 = insertProjectAuthorizedToAnyone(ComponentTesting.newPublicProjectDto(org).setName("Project 1"));
- ComponentDto project2 = insertProjectAuthorizedToAnyone(ComponentTesting.newPublicProjectDto(org).setName("Project 2"));
- ComponentDto project3 = insertProjectAuthorizedToAnyone(ComponentTesting.newPublicProjectDto(org).setName("Project 3"));
+ ComponentDto project1 = insertProject(ComponentTesting.newPublicProjectDto(org).setName("Project 1"));
+ ComponentDto project2 = insertProject(ComponentTesting.newPublicProjectDto(org).setName("Project 2"));
+ ComponentDto project3 = insertProject(ComponentTesting.newPublicProjectDto(org).setName("Project 3"));
associateProjectToQualitGate(project1.getId());
// Return partial result on first page
dbTester.commit();
}
- private ComponentDto insertProjectAuthorizedToAnyone(ComponentDto project) {
+ private ComponentDto insertProject(ComponentDto project) {
dbTester.components().insertComponent(project);
- dbTester.users().insertProjectPermissionOnAnyone(UserRole.USER, project);
return project;
}
project4 = newPublicProject("DEFA", "Project Four");
dbClient.componentDao().insert(dbSession, project1, project2, project3, project4);
- addBrowsePermissionToAnyone(project1, project2, project3, project4);
-
associateProjectsWithProfile(dbSession, xooP1, project1, project2, project3, project4);
dbSession.commit();
project4 = newPublicProject("DEFA", "Project Four");
dbClient.componentDao().insert(dbSession, project1, project2, project3, project4);
- addBrowsePermissionToAnyone(project1, project2, project3, project4);
-
associateProjectsWithProfile(dbSession, xooP1, project1, project2);
dbSession.commit();
project4 = newPublicProject("DEFA", "Project Four");
dbClient.componentDao().insert(dbSession, project1, project2, project3, project4);
- addBrowsePermissionToAnyone(project1, project2, project3, project4);
-
associateProjectsWithProfile(dbSession, xooP1, project1, project2);
// project3 is associated with P2, must appear as not associated with xooP1
associateProjectsWithProfile(dbSession, xooP2, project3);
project4 = newPublicProject("DEFA", "Project Four");
dbClient.componentDao().insert(dbSession, project1, project2, project3, project4);
- addBrowsePermissionToAnyone(project1, project2, project3, project4);
-
associateProjectsWithProfile(dbSession, xooP1, project1, project2);
dbSession.commit();
project4 = newPublicProject("DEFA", "Project Four");
dbClient.componentDao().insert(dbSession, project1, project2, project3, project4);
- addBrowsePermissionToAnyone(project1, project2, project3, project4);
-
associateProjectsWithProfile(dbSession, xooP1, project1, project2);
// project3 is associated with P2, must appear as not associated with xooP1
associateProjectsWithProfile(dbSession, xooP2, project3);
return ComponentTesting.newPrivateProjectDto(organizationDto, uuid).setName(name);
}
- private void addBrowsePermissionToAnyone(ComponentDto... projects) {
- for (ComponentDto project : projects) {
- db.users().insertProjectPermissionOnAnyone(UserRole.USER, project);
- }
- }
-
private void associateProjectsWithProfile(DbSession session, QualityProfileDto profile, ComponentDto... projects) {
for (ComponentDto project : projects) {
dbClient.qualityProfileDao().insertProjectProfileAssociation(project.uuid(), profile.getKey(), session);
@Test
public void checkComponentUuidPermission_fails_with_FE_when_user_has_not_permission_for_specified_uuid_in_db() {
- addProjectPermissions(publicProject, UserRole.USER);
+ addProjectPermissions(privateProject, UserRole.USER);
UserSession session = newUserSession(user);
expectInsufficientPrivilegesForbiddenException();
import org.junit.Test;
import org.sonar.api.config.MapSettings;
import org.sonar.api.utils.System2;
-import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
ComponentDto project = ComponentTesting.newPublicProjectDto(org);
ComponentDto file = ComponentTesting.newFileDto(project, null);
dbTester.components().insertComponents(project, file);
- dbTester.users().insertProjectPermissionOnAnyone(UserRole.USER, project);
IssueDto issue = IssueTesting.newDto(rule, file, project);
dbClient.issueDao().insert(dbSession, issue);
projects / sonarqube.git / commitdiff