import org.sonar.batch.scan.ScanTask;
import org.sonar.batch.tasks.ListTask;
import org.sonar.batch.tasks.Tasks;
-import org.sonar.core.permission.ComponentPermissionFacade;
+import org.sonar.core.permission.PermissionFacade;
import org.sonar.core.resource.DefaultResourcePermissions;
public class TaskContainer extends ComponentContainer {
private void installComponentsUsingTaskExtensions() {
add(
ResourceTypes.class,
- ComponentPermissionFacade.class,
+ PermissionFacade.class,
DefaultResourcePermissions.class,
Tasks.class);
}
+++ /dev/null
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2013 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.core.permission;
-
-import org.apache.ibatis.session.SqlSession;
-import org.sonar.api.ServerComponent;
-import org.sonar.api.security.DefaultGroups;
-import org.sonar.api.task.TaskComponent;
-import org.sonar.core.persistence.MyBatis;
-import org.sonar.core.user.*;
-
-import java.util.List;
-
-/**
- * Internal use only
- * @since 3.7
- *
- * This facade wraps all the db operations related to component-based permissions
- */
-public class ComponentPermissionFacade implements TaskComponent, ServerComponent {
-
- private final MyBatis myBatis;
- private final RoleDao roleDao;
- private final UserDao userDao;
- private final PermissionDao permissionDao;
-
- public ComponentPermissionFacade(MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionDao permissionDao) {
- this.myBatis = myBatis;
- this.roleDao = roleDao;
- this.userDao = userDao;
- this.permissionDao = permissionDao;
- }
-
- public void setUserPermission(Long resourceId, String userLogin, String permission) {
- SqlSession session = myBatis.openSession();
- try {
- UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(userLogin);
- if (user != null) {
- UserRoleDto userRole = new UserRoleDto()
- .setRole(permission)
- .setUserId(user.getId())
- .setResourceId(Long.valueOf(resourceId));
- roleDao.deleteUserRole(userRole, session);
- roleDao.insertUserRole(userRole, session);
- session.commit();
- }
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- public void setGroupPermission(Long resourceId, String groupName, String permission) {
- SqlSession session = myBatis.openSession();
- try {
- GroupRoleDto groupRole = new GroupRoleDto()
- .setRole(permission)
- .setResourceId(Long.valueOf(resourceId));
- if (DefaultGroups.isAnyone(groupName)) {
- roleDao.deleteGroupRole(groupRole, session);
- roleDao.insertGroupRole(groupRole, session);
- session.commit();
- } else {
- GroupDto group = userDao.selectGroupByName(groupName, session);
- if (group != null) {
- groupRole.setGroupId(group.getId());
- roleDao.deleteGroupRole(groupRole, session);
- roleDao.insertGroupRole(groupRole, session);
- session.commit();
- }
- }
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- public int countPermissions(Long resourceId) {
- return roleDao.countGroupRoles(resourceId) + roleDao.countUserRoles(resourceId);
- }
-
- public void removeAllPermissions(Long resourceId, SqlSession session) {
- roleDao.deleteGroupRolesByResourceId(resourceId, session);
- roleDao.deleteUserRolesByResourceId(resourceId, session);
- }
-
- public void addUserPermission(Long resourceId, String userLogin, String permission, SqlSession session) {
- UserDto user = userDao.selectActiveUserByLogin(userLogin, session);
- if (user != null) {
- UserRoleDto userRoleDto = new UserRoleDto().setRole(permission).setUserId(user.getId()).setResourceId(resourceId);
- roleDao.insertUserRole(userRoleDto, session);
- }
- }
-
- public void addGroupPermission(Long resourceId, String groupName, String permission, SqlSession session) {
- GroupRoleDto groupRole = new GroupRoleDto().setRole(permission).setResourceId(resourceId);
- if (DefaultGroups.isAnyone(groupName)) {
- roleDao.insertGroupRole(groupRole, session);
- } else {
- GroupDto group = userDao.selectGroupByName(groupName, session);
- if (group != null) {
- roleDao.insertGroupRole(groupRole.setGroupId(group.getId()), session);
- }
- }
- }
-
- public PermissionTemplateDto getPermissionTemplate(String templateKey) {
- PermissionTemplateDto permissionTemplateDto = permissionDao.selectTemplateByKey(templateKey);
- if(permissionTemplateDto == null) {
- throw new IllegalArgumentException("Could not retrieve permission template with key " + templateKey);
- }
- PermissionTemplateDto templateWithPermissions = permissionDao.selectPermissionTemplate(permissionTemplateDto.getName());
- if(templateWithPermissions == null) {
- throw new IllegalArgumentException("Could not retrieve permissions for template with key " + templateKey);
- }
- return templateWithPermissions;
- }
-
- public void applyPermissionTemplate(String templateKey, Long resourceId) {
- SqlSession session = myBatis.openSession();
- try {
- removeAllPermissions(resourceId, session);
- PermissionTemplateDto permissionTemplate = getPermissionTemplate(templateKey);
- List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions();
- if(usersPermissions != null) {
- for (PermissionTemplateUserDto userPermission : usersPermissions) {
- addUserPermission(resourceId, userPermission.getUserLogin(), userPermission.getPermission(), session);
- }
- }
- List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions();
- if(groupsPermissions != null) {
- for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
- String groupName = groupPermission.getGroupName() == null ? DefaultGroups.ANYONE : groupPermission.getGroupName();
- addGroupPermission(resourceId, groupName, groupPermission.getPermission(), session);
- }
- }
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.core.permission;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * Holds the constants representing the various global permissions that can be assigned to users & groups
+ *
+ * @since 3.7
+ */
+public class GlobalPermission {
+
+ public static final GlobalPermission SYSTEM_ADMIN = new GlobalPermission("admin");
+ public static final GlobalPermission QUALITY_PROFILE_ADMIN = new GlobalPermission("profileadmin");
+ public static final GlobalPermission DASHBOARD_SHARING = new GlobalPermission("shareDashboard");
+ public static final GlobalPermission SCAN_EXECUTION = new GlobalPermission("scan");
+ public static final GlobalPermission DRY_RUN_EXECUTION = new GlobalPermission("dryRunScan");
+
+ private final String key;
+
+ // Use linked hash map to preserve order
+ private static Map<String, GlobalPermission> allGlobal = new LinkedHashMap<String, GlobalPermission>();
+
+ static {
+ allGlobal.put(SYSTEM_ADMIN.key, SYSTEM_ADMIN);
+ allGlobal.put(QUALITY_PROFILE_ADMIN.key, QUALITY_PROFILE_ADMIN);
+ allGlobal.put(DASHBOARD_SHARING.key, DASHBOARD_SHARING);
+ allGlobal.put(SCAN_EXECUTION.key, SCAN_EXECUTION);
+ allGlobal.put(DRY_RUN_EXECUTION.key, DRY_RUN_EXECUTION);
+ }
+
+ private GlobalPermission(String key) {
+ this.key = key;
+ }
+
+ public String key() {
+ return key;
+ }
+
+ public static Map<String, GlobalPermission> allGlobal() {
+ return allGlobal;
+ }
+
+}
+++ /dev/null
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2013 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.core.permission;
-
-import java.util.LinkedHashMap;
-import java.util.Map;
-
-/**
- *
- * Holds the constants representing the various global permissions that can be assigned to users & groups
- *
- * @since 3.7
- */
-public class Permission {
-
- public static final Permission SYSTEM_ADMIN = new Permission("admin");
- public static final Permission QUALITY_PROFILE_ADMIN = new Permission("profileadmin");
- public static final Permission DASHBOARD_SHARING = new Permission("shareDashboard");
- public static final Permission SCAN_EXECUTION = new Permission("scan");
- public static final Permission DRY_RUN_EXECUTION = new Permission("dryRunScan");
-
- private final String key;
- // Use linked hash map to preserve order
- private static Map<String, Permission> allGlobal = new LinkedHashMap<String, Permission>();
-
- static {
- allGlobal.put(SYSTEM_ADMIN.key, SYSTEM_ADMIN);
- allGlobal.put(QUALITY_PROFILE_ADMIN.key, QUALITY_PROFILE_ADMIN);
- allGlobal.put(DASHBOARD_SHARING.key, DASHBOARD_SHARING);
- allGlobal.put(SCAN_EXECUTION.key, SCAN_EXECUTION);
- allGlobal.put(DRY_RUN_EXECUTION.key, DRY_RUN_EXECUTION);
- }
-
- private Permission(String key) {
- this.key = key;
- }
-
- public String key() {
- return key;
- }
-
- public static Map<String, Permission> allGlobal() {
- return allGlobal;
- }
-
- public static boolean isValid(String permission) {
- return allGlobal.containsKey(permission);
- }
-}
+++ /dev/null
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2013 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.core.permission;
-
-import org.apache.commons.lang.time.DateFormatUtils;
-import org.apache.ibatis.session.SqlSession;
-import org.sonar.api.ServerComponent;
-import org.sonar.api.task.TaskComponent;
-import org.sonar.core.date.DateProvider;
-import org.sonar.core.date.DefaultDateProvider;
-import org.sonar.core.persistence.MyBatis;
-
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-import java.text.Normalizer;
-import java.util.Date;
-import java.util.List;
-
-public class PermissionDao implements TaskComponent, ServerComponent {
-
- private final MyBatis myBatis;
- private final DateProvider dateProvider;
-
- public PermissionDao(MyBatis myBatis, DateProvider dateProvider) {
- this.myBatis = myBatis;
- this.dateProvider = dateProvider;
- }
-
- public PermissionDao(MyBatis myBatis) {
- this(myBatis, new DefaultDateProvider());
- }
-
- @CheckForNull
- public PermissionTemplateDto selectTemplateByName(String templateName) {
- SqlSession session = myBatis.openSession();
- try {
- PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
- return mapper.selectByName(templateName);
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- @CheckForNull
- public PermissionTemplateDto selectTemplateByKey(String templateKey) {
- SqlSession session = myBatis.openSession();
- try {
- PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
- return mapper.selectByKey(templateKey);
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- @CheckForNull
- public PermissionTemplateDto selectPermissionTemplate(String templateName) {
- PermissionTemplateDto permissionTemplate = null;
- SqlSession session = myBatis.openSession();
- try {
- PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
- permissionTemplate = mapper.selectByName(templateName);
- PermissionTemplateDto templateUsersPermissions = mapper.selectTemplateUsersPermissions(templateName);
- if(templateUsersPermissions != null) {
- permissionTemplate.setUsersPermissions(templateUsersPermissions.getUsersPermissions());
- }
- PermissionTemplateDto templateGroupsPermissions = mapper.selectTemplateGroupsPermissions(templateName);
- if(templateGroupsPermissions != null) {
- permissionTemplate.setGroupsByPermission(templateGroupsPermissions.getGroupsPermissions());
- }
- } finally {
- MyBatis.closeQuietly(session);
- }
- return permissionTemplate;
- }
-
- @CheckForNull
- public List<PermissionTemplateDto> selectAllPermissionTemplates() {
- SqlSession session = myBatis.openSession();
- try {
- return session.selectList("selectAllPermissionTemplates");
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- public PermissionTemplateDto createPermissionTemplate(String templateName, @Nullable String description) {
- Date creationDate = now();
- PermissionTemplateDto permissionTemplate = new PermissionTemplateDto()
- .setName(templateName)
- .setKee(generateTemplateKee(templateName, creationDate))
- .setDescription(description)
- .setCreatedAt(creationDate)
- .setUpdatedAt(creationDate);
- SqlSession session = myBatis.openSession();
- try {
- PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
- mapper.insert(permissionTemplate);
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
- return permissionTemplate;
- }
-
- public void deletePermissionTemplate(Long templateId) {
- SqlSession session = myBatis.openSession();
- try {
- PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
- mapper.deleteUsersPermissions(templateId);
- mapper.deleteGroupsPermissions(templateId);
- mapper.delete(templateId);
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- public void updatePermissionTemplate(Long templateId, String templateName, @Nullable String description) {
- PermissionTemplateDto permissionTemplate = new PermissionTemplateDto()
- .setId(templateId)
- .setName(templateName)
- .setDescription(description)
- .setUpdatedAt(now());
- SqlSession session = myBatis.openSession();
- try {
- PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
- mapper.update(permissionTemplate);
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- public void addUserPermission(Long templateId, Long userId, String permission) {
- PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto()
- .setTemplateId(templateId)
- .setUserId(userId)
- .setPermission(permission)
- .setCreatedAt(now())
- .setUpdatedAt(now());
- SqlSession session = myBatis.openSession();
- try {
- PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
- mapper.insertUserPermission(permissionTemplateUser);
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- public void removeUserPermission(Long templateId, Long userId, String permission) {
- PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto()
- .setTemplateId(templateId)
- .setPermission(permission)
- .setUserId(userId);
- SqlSession session = myBatis.openSession();
- try {
- PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
- mapper.deleteUserPermission(permissionTemplateUser);
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- public void addGroupPermission(Long templateId, @Nullable Long groupId, String permission) {
- PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto()
- .setTemplateId(templateId)
- .setPermission(permission)
- .setGroupId(groupId)
- .setCreatedAt(now())
- .setUpdatedAt(now());
- SqlSession session = myBatis.openSession();
- try {
- PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
- mapper.insertGroupPermission(permissionTemplateGroup);
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- public void removeGroupPermission(Long templateId, @Nullable Long groupId, String permission) {
- PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto()
- .setTemplateId(templateId)
- .setPermission(permission)
- .setGroupId(groupId);
- SqlSession session = myBatis.openSession();
- try {
- PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
- mapper.deleteGroupPermission(permissionTemplateGroup);
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- private String generateTemplateKee(String name, Date timeStamp) {
- if(PermissionTemplateDto.DEFAULT.getName().equals(name)) {
- return PermissionTemplateDto.DEFAULT.getKee();
- }
- String normalizedName = Normalizer.normalize(name, Normalizer.Form.NFD).replaceAll("[^\\p{ASCII}]", "").replace(" ", "_");
- return normalizedName.toLowerCase() + "_" + DateFormatUtils.format(timeStamp, "yyyyMMdd_HHmmss");
- }
-
- private Date now() {
- return dateProvider.now();
- }
-}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.core.permission;
+
+import org.apache.ibatis.session.SqlSession;
+import org.sonar.api.ServerComponent;
+import org.sonar.api.security.DefaultGroups;
+import org.sonar.api.task.TaskComponent;
+import org.sonar.core.persistence.MyBatis;
+import org.sonar.core.user.*;
+
+import javax.annotation.Nullable;
+
+import java.util.List;
+
+/**
+ * Internal use only
+ *
+ * @since 3.7
+ * <p/>
+ * This facade wraps db operations related to permissions
+ */
+public class PermissionFacade implements TaskComponent, ServerComponent {
+
+ private final MyBatis myBatis;
+ private final RoleDao roleDao;
+ private final UserDao userDao;
+ private final PermissionTemplateDao permissionTemplateDao;
+
+ public PermissionFacade(MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionTemplateDao permissionTemplateDao) {
+ this.myBatis = myBatis;
+ this.roleDao = roleDao;
+ this.userDao = userDao;
+ this.permissionTemplateDao = permissionTemplateDao;
+ }
+
+ public void insertUserPermission(@Nullable Long resourceId, Long userId, String permission, @Nullable SqlSession session) {
+ UserRoleDto userRoleDto = new UserRoleDto()
+ .setRole(permission)
+ .setUserId(userId)
+ .setResourceId(resourceId);
+ if (session != null) {
+ roleDao.insertUserRole(userRoleDto, session);
+ } else {
+ roleDao.insertUserRole(userRoleDto);
+ }
+ }
+
+ public void insertUserPermission(@Nullable Long resourceId, Long userId, String permission) {
+ insertUserPermission(resourceId, userId, permission, null);
+ }
+
+ public void deleteUserPermission(@Nullable Long resourceId, Long userId, String permission, @Nullable SqlSession session) {
+ UserRoleDto userRoleDto = new UserRoleDto()
+ .setRole(permission)
+ .setUserId(userId)
+ .setResourceId(resourceId);
+ if (session != null) {
+ roleDao.deleteUserRole(userRoleDto, session);
+ } else {
+ roleDao.deleteUserRole(userRoleDto);
+ }
+ }
+
+ public void deleteUserPermission(@Nullable Long resourceId, Long userId, String permission) {
+ deleteUserPermission(resourceId, userId, permission, null);
+ }
+
+ public void insertGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, @Nullable SqlSession session) {
+ GroupRoleDto groupRole = new GroupRoleDto()
+ .setRole(permission)
+ .setGroupId(groupId)
+ .setResourceId(resourceId);
+ if (session != null) {
+ roleDao.insertGroupRole(groupRole, session);
+ } else {
+ roleDao.insertGroupRole(groupRole);
+ }
+ }
+
+ public void insertGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission) {
+ insertGroupPermission(resourceId, groupId, permission, null);
+ }
+
+ public void insertGroupPermission(@Nullable Long resourceId, @Nullable String groupName, String permission, @Nullable SqlSession session) {
+ if (DefaultGroups.isAnyone(groupName)) {
+ insertGroupPermission(resourceId, (Long) null, permission, session);
+ } else {
+ GroupDto group = userDao.selectGroupByName(groupName, session);
+ if (group != null) {
+ insertGroupPermission(resourceId, group.getId(), permission, session);
+ }
+ }
+ }
+
+ public void deleteGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, @Nullable SqlSession session) {
+ GroupRoleDto groupRole = new GroupRoleDto()
+ .setRole(permission)
+ .setGroupId(groupId)
+ .setResourceId(resourceId);
+ if (session != null) {
+ roleDao.deleteGroupRole(groupRole, session);
+ } else {
+ roleDao.deleteGroupRole(groupRole);
+ }
+ }
+
+ public void deleteGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission) {
+ deleteGroupPermission(resourceId, groupId, permission, null);
+ }
+
+ public void deleteGroupPermission(@Nullable Long resourceId, @Nullable String groupName, String permission, @Nullable SqlSession session) {
+ if (DefaultGroups.isAnyone(groupName)) {
+ deleteGroupPermission(resourceId, (Long) null, permission, session);
+ } else {
+ GroupDto group = userDao.selectGroupByName(groupName, session);
+ if (group != null) {
+ deleteGroupPermission(resourceId, group.getId(), permission, session);
+ }
+ }
+ }
+
+ public PermissionTemplateDto getPermissionTemplate(String templateKey) {
+ PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectTemplateByKey(templateKey);
+ if (permissionTemplateDto == null) {
+ throw new IllegalArgumentException("Could not retrieve permission template with key " + templateKey);
+ }
+ PermissionTemplateDto templateWithPermissions = permissionTemplateDao.selectPermissionTemplate(permissionTemplateDto.getName());
+ if (templateWithPermissions == null) {
+ throw new IllegalArgumentException("Could not retrieve permissions for template with key " + templateKey);
+ }
+ return templateWithPermissions;
+ }
+
+ public void applyPermissionTemplate(String templateKey, Long resourceId) {
+ SqlSession session = myBatis.openSession();
+ try {
+ removeAllPermissions(resourceId, session);
+ PermissionTemplateDto permissionTemplate = getPermissionTemplate(templateKey);
+ List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions();
+ if (usersPermissions != null) {
+ for (PermissionTemplateUserDto userPermission : usersPermissions) {
+ insertUserPermission(resourceId, userPermission.getUserId(), userPermission.getPermission(), session);
+ }
+ }
+ List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions();
+ if (groupsPermissions != null) {
+ for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
+ Long groupId = groupPermission.getGroupId() == null ? null : groupPermission.getGroupId();
+ insertGroupPermission(resourceId, groupId, groupPermission.getPermission(), session);
+ }
+ }
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ public int countPermissions(Long resourceId) {
+ return roleDao.countGroupRoles(resourceId) + roleDao.countUserRoles(resourceId);
+ }
+
+ public void removeAllPermissions(Long resourceId, SqlSession session) {
+ roleDao.deleteGroupRolesByResourceId(resourceId, session);
+ roleDao.deleteUserRolesByResourceId(resourceId, session);
+ }
+}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.core.permission;
+
+import org.apache.commons.lang.time.DateFormatUtils;
+import org.apache.ibatis.session.SqlSession;
+import org.sonar.api.ServerComponent;
+import org.sonar.api.task.TaskComponent;
+import org.sonar.core.date.DateProvider;
+import org.sonar.core.date.DefaultDateProvider;
+import org.sonar.core.persistence.MyBatis;
+
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
+
+import java.text.Normalizer;
+import java.util.Date;
+import java.util.List;
+
+public class PermissionTemplateDao implements TaskComponent, ServerComponent {
+
+ private final MyBatis myBatis;
+ private final DateProvider dateProvider;
+
+ public PermissionTemplateDao(MyBatis myBatis, DateProvider dateProvider) {
+ this.myBatis = myBatis;
+ this.dateProvider = dateProvider;
+ }
+
+ public PermissionTemplateDao(MyBatis myBatis) {
+ this(myBatis, new DefaultDateProvider());
+ }
+
+ @CheckForNull
+ public PermissionTemplateDto selectTemplateByName(String templateName) {
+ SqlSession session = myBatis.openSession();
+ try {
+ PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
+ return mapper.selectByName(templateName);
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ @CheckForNull
+ public PermissionTemplateDto selectTemplateByKey(String templateKey) {
+ SqlSession session = myBatis.openSession();
+ try {
+ PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
+ return mapper.selectByKey(templateKey);
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ @CheckForNull
+ public PermissionTemplateDto selectPermissionTemplate(String templateName) {
+ PermissionTemplateDto permissionTemplate = null;
+ SqlSession session = myBatis.openSession();
+ try {
+ PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
+ permissionTemplate = mapper.selectByName(templateName);
+ PermissionTemplateDto templateUsersPermissions = mapper.selectTemplateUsersPermissions(templateName);
+ if(templateUsersPermissions != null) {
+ permissionTemplate.setUsersPermissions(templateUsersPermissions.getUsersPermissions());
+ }
+ PermissionTemplateDto templateGroupsPermissions = mapper.selectTemplateGroupsPermissions(templateName);
+ if(templateGroupsPermissions != null) {
+ permissionTemplate.setGroupsByPermission(templateGroupsPermissions.getGroupsPermissions());
+ }
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ return permissionTemplate;
+ }
+
+ @CheckForNull
+ public List<PermissionTemplateDto> selectAllPermissionTemplates() {
+ SqlSession session = myBatis.openSession();
+ try {
+ return session.selectList("selectAllPermissionTemplates");
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ public PermissionTemplateDto createPermissionTemplate(String templateName, @Nullable String description) {
+ Date creationDate = now();
+ PermissionTemplateDto permissionTemplate = new PermissionTemplateDto()
+ .setName(templateName)
+ .setKee(generateTemplateKee(templateName, creationDate))
+ .setDescription(description)
+ .setCreatedAt(creationDate)
+ .setUpdatedAt(creationDate);
+ SqlSession session = myBatis.openSession();
+ try {
+ PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
+ mapper.insert(permissionTemplate);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ return permissionTemplate;
+ }
+
+ public void deletePermissionTemplate(Long templateId) {
+ SqlSession session = myBatis.openSession();
+ try {
+ PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
+ mapper.deleteUsersPermissions(templateId);
+ mapper.deleteGroupsPermissions(templateId);
+ mapper.delete(templateId);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ public void updatePermissionTemplate(Long templateId, String templateName, @Nullable String description) {
+ PermissionTemplateDto permissionTemplate = new PermissionTemplateDto()
+ .setId(templateId)
+ .setName(templateName)
+ .setDescription(description)
+ .setUpdatedAt(now());
+ SqlSession session = myBatis.openSession();
+ try {
+ PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
+ mapper.update(permissionTemplate);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ public void addUserPermission(Long templateId, Long userId, String permission) {
+ PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto()
+ .setTemplateId(templateId)
+ .setUserId(userId)
+ .setPermission(permission)
+ .setCreatedAt(now())
+ .setUpdatedAt(now());
+ SqlSession session = myBatis.openSession();
+ try {
+ PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
+ mapper.insertUserPermission(permissionTemplateUser);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ public void removeUserPermission(Long templateId, Long userId, String permission) {
+ PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto()
+ .setTemplateId(templateId)
+ .setPermission(permission)
+ .setUserId(userId);
+ SqlSession session = myBatis.openSession();
+ try {
+ PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
+ mapper.deleteUserPermission(permissionTemplateUser);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ public void addGroupPermission(Long templateId, @Nullable Long groupId, String permission) {
+ PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto()
+ .setTemplateId(templateId)
+ .setPermission(permission)
+ .setGroupId(groupId)
+ .setCreatedAt(now())
+ .setUpdatedAt(now());
+ SqlSession session = myBatis.openSession();
+ try {
+ PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
+ mapper.insertGroupPermission(permissionTemplateGroup);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ public void removeGroupPermission(Long templateId, @Nullable Long groupId, String permission) {
+ PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto()
+ .setTemplateId(templateId)
+ .setPermission(permission)
+ .setGroupId(groupId);
+ SqlSession session = myBatis.openSession();
+ try {
+ PermissionTemplateMapper mapper = session.getMapper(PermissionTemplateMapper.class);
+ mapper.deleteGroupPermission(permissionTemplateGroup);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ private String generateTemplateKee(String name, Date timeStamp) {
+ if(PermissionTemplateDto.DEFAULT.getName().equals(name)) {
+ return PermissionTemplateDto.DEFAULT.getKee();
+ }
+ String normalizedName = Normalizer.normalize(name, Normalizer.Form.NFD).replaceAll("[^\\p{ASCII}]", "").replace(" ", "_");
+ return normalizedName.toLowerCase() + "_" + DateFormatUtils.format(timeStamp, "yyyyMMdd_HHmmss");
+ }
+
+ private Date now() {
+ return dateProvider.now();
+ }
+}
*/
package org.sonar.core.persistence;
-import org.sonar.core.notification.db.NotificationQueueDao;
-
import com.google.common.collect.ImmutableList;
import org.sonar.core.dashboard.ActiveDashboardDao;
import org.sonar.core.dashboard.DashboardDao;
import org.sonar.core.graph.jdbc.GraphDao;
import org.sonar.core.issue.db.*;
import org.sonar.core.measure.MeasureFilterDao;
-import org.sonar.core.permission.PermissionDao;
+import org.sonar.core.notification.db.NotificationQueueDao;
+import org.sonar.core.permission.PermissionTemplateDao;
import org.sonar.core.properties.PropertiesDao;
import org.sonar.core.purge.PurgeDao;
import org.sonar.core.resource.ResourceDao;
LoadedTemplateDao.class,
MeasureFilterDao.class,
NotificationQueueDao.class,
- PermissionDao.class,
+ PermissionTemplateDao.class,
PropertiesDao.class,
PurgeDao.class,
ResourceIndexerDao.class,
import org.apache.ibatis.session.SqlSession;
import org.sonar.api.config.Settings;
import org.sonar.api.resources.Resource;
-import org.sonar.api.security.DefaultGroups;
import org.sonar.api.security.ResourcePermissions;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.ComponentPermissionFacade;
+import org.sonar.core.permission.PermissionFacade;
import org.sonar.core.permission.PermissionTemplateDto;
import org.sonar.core.permission.PermissionTemplateGroupDto;
import org.sonar.core.permission.PermissionTemplateUserDto;
import org.sonar.core.persistence.MyBatis;
+import org.sonar.core.user.UserDto;
+import org.sonar.core.user.UserMapper;
-import java.util.ArrayList;
import java.util.List;
+import static com.google.common.collect.Lists.newArrayList;
+
/**
* @since 3.2
*/
private final Settings settings;
private final MyBatis myBatis;
- private final ComponentPermissionFacade permissionFacade;
+ private final PermissionFacade permissionFacade;
- public DefaultResourcePermissions(Settings settings, MyBatis myBatis, ComponentPermissionFacade permissionFacade) {
+ public DefaultResourcePermissions(Settings settings, MyBatis myBatis, PermissionFacade permissionFacade) {
this.settings = settings;
this.myBatis = myBatis;
this.permissionFacade = permissionFacade;
public void grantUserRole(Resource resource, String login, String role) {
if (resource.getId() != null) {
- permissionFacade.setUserPermission(Long.valueOf(resource.getId()), login, role);
+ SqlSession session = myBatis.openSession();
+ try {
+ UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(login);
+ if (user != null) {
+ permissionFacade.deleteUserPermission(Long.valueOf(resource.getId()), user.getId(), role, session);
+ permissionFacade.insertUserPermission(Long.valueOf(resource.getId()), user.getId(), role, session);
+ session.commit();
+ }
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
}
}
public void grantGroupRole(Resource resource, String groupName, String role) {
if (resource.getId() != null) {
- permissionFacade.setGroupPermission(Long.valueOf(resource.getId()), groupName, role);
+ SqlSession session = myBatis.openSession();
+ try {
+ permissionFacade.deleteGroupPermission(Long.valueOf(resource.getId()), groupName, role, session);
+ permissionFacade.insertGroupPermission(Long.valueOf(resource.getId()), groupName, role, session);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
}
}
private void grantDefaultRoles(Resource resource, String role, SqlSession session) {
PermissionTemplateDto applicablePermissionTemplate = getPermissionTemplate(resource.getQualifier());
- List<String> groupNames = getEligibleGroups(role, applicablePermissionTemplate);
- for (String groupName : groupNames) {
+ List<Long> groupIds = getEligibleGroups(role, applicablePermissionTemplate);
+ for (Long groupId : groupIds) {
Long resourceId = Long.valueOf(resource.getId());
- permissionFacade.addGroupPermission(resourceId, groupName, role, session);
+ permissionFacade.insertGroupPermission(resourceId, groupId, role, session);
}
- List<String> logins = getEligibleUsers(role, applicablePermissionTemplate);
- for (String login : logins) {
+ List<Long> userIds = getEligibleUsers(role, applicablePermissionTemplate);
+ for (Long userId : userIds) {
Long resourceId = Long.valueOf(resource.getId());
- permissionFacade.addUserPermission(resourceId, login, role, session);
+ permissionFacade.insertUserPermission(resourceId, userId, role, session);
}
}
- private List<String> getEligibleGroups(String role, PermissionTemplateDto permissionTemplate) {
- List<String> eligibleGroups = new ArrayList<String>();
+ private List<Long> getEligibleGroups(String role, PermissionTemplateDto permissionTemplate) {
+ List<Long> eligibleGroups = newArrayList();
List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions();
- if(groupsPermissions != null) {
+ if (groupsPermissions != null) {
for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
- if(role.equals(groupPermission.getPermission())) {
- String groupName = groupPermission.getGroupName() != null ? groupPermission.getGroupName() : DefaultGroups.ANYONE;
- eligibleGroups.add(groupName);
+ if (role.equals(groupPermission.getPermission())) {
+ Long groupId = groupPermission.getGroupId() != null ? groupPermission.getGroupId() : null;
+ eligibleGroups.add(groupId);
}
}
}
return eligibleGroups;
}
- private List<String> getEligibleUsers(String role, PermissionTemplateDto permissionTemplate) {
- List<String> eligibleUsers = new ArrayList<String>();
+ private List<Long> getEligibleUsers(String role, PermissionTemplateDto permissionTemplate) {
+ List<Long> eligibleUsers = newArrayList();
List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions();
- if(usersPermissions != null) {
+ if (usersPermissions != null) {
for (PermissionTemplateUserDto userPermission : usersPermissions) {
- if(role.equals(userPermission.getPermission())) {
- eligibleUsers.add(userPermission.getUserLogin());
+ if (role.equals(userPermission.getPermission())) {
+ eligibleUsers.add(userPermission.getUserId());
}
}
}
private PermissionTemplateDto getPermissionTemplate(String qualifier) {
String qualifierTemplateKey = settings.getString("sonar.permission.template." + qualifier + ".default");
- if(!StringUtils.isBlank(qualifierTemplateKey)) {
+ if (!StringUtils.isBlank(qualifierTemplateKey)) {
return permissionFacade.getPermissionTemplate(qualifierTemplateKey);
}
String defaultTemplateKey = settings.getString("sonar.permission.template.default");
- if(StringUtils.isBlank(defaultTemplateKey)) {
+ if (StringUtils.isBlank(defaultTemplateKey)) {
throw new IllegalStateException("At least one default permission template should be defined");
}
return permissionFacade.getPermissionTemplate(defaultTemplateKey);
package org.sonar.core.user;
+import javax.annotation.Nullable;
+
/**
* @since 3.2
*/
return this;
}
+ @Nullable
public Long getResourceId() {
return resourceId;
}
- public UserRoleDto setResourceId(Long resourceId) {
+ public UserRoleDto setResourceId(@Nullable Long resourceId) {
this.resourceId = resourceId;
return this;
}
u.login AS user_login
FROM permission_templates pt
INNER JOIN perm_templates_users ptu ON ptu.template_id = pt.id
- INNER JOIN users u ON u.id = ptu.user_id
+ INNER JOIN users u ON u.id = ptu.user_id AND u.active = ${_true}
WHERE pt.name = #{templateName}
</select>
+++ /dev/null
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2013 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.core.permission;
-
-import org.apache.ibatis.session.SqlSession;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.rules.ExpectedException;
-import org.sonar.api.web.UserRole;
-import org.sonar.core.persistence.AbstractDaoTestCase;
-import org.sonar.core.persistence.MyBatis;
-import org.sonar.core.user.RoleDao;
-import org.sonar.core.user.UserDao;
-
-import static org.fest.assertions.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-public class ComponentPermissionFacadeTest extends AbstractDaoTestCase {
-
- @Rule
- public ExpectedException throwable = ExpectedException.none();
-
- private ComponentPermissionFacade permissionFacade;
- private RoleDao roleDao;
- private UserDao userDao;
- private PermissionDao permissionDao;
-
- @Before
- public void setUp() {
- roleDao = new RoleDao(getMyBatis());
- userDao = new UserDao(getMyBatis());
- permissionDao = new PermissionDao(getMyBatis());
- permissionFacade = new ComponentPermissionFacade(getMyBatis(), roleDao, userDao, permissionDao);
- }
-
- @Test
- public void should_apply_permission_template() throws Exception {
- setupData("should_apply_permission_template");
-
- permissionFacade.applyPermissionTemplate("default_20130101_010203", 123L);
-
- checkTable("should_apply_permission_template", "group_roles", "group_id", "resource_id", "role");
- checkTable("should_apply_permission_template", "user_roles", "group_id", "resource_id", "role");
- }
-
- @Test
- public void should_set_user_permission() throws Exception {
- setupData("should_set_user_permission");
-
- permissionFacade.setUserPermission(123L, "dave.loper", UserRole.ADMIN);
-
- checkTable("should_set_user_permission", "user_roles", "user_id", "resource_id", "role");
- }
-
- @Test
- public void should_set_group_permission() throws Exception {
- setupData("should_set_group_permission");
-
- permissionFacade.setGroupPermission(123L, "devs", UserRole.ADMIN);
-
- checkTable("should_set_group_permission", "group_roles", "group_id", "resource_id", "role");
- }
-
- @Test
- public void should_count_component_permissions() throws Exception {
- setupData("should_count_component_permissions");
-
- assertThat(permissionFacade.countPermissions(123L)).isEqualTo(2);
- }
-
- @Test
- public void should_add_user_permission() throws Exception {
- setupData("should_add_user_permission");
-
- SqlSession session = getMyBatis().openSession();
- try {
- permissionFacade.addUserPermission(123L, "dave.loper", UserRole.ADMIN, session);
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
-
- checkTable("should_add_user_permission", "user_roles", "user_id", "resource_id", "role");
- }
-
- @Test
- public void should_add_group_permission() throws Exception {
- setupData("should_add_group_permission");
-
- SqlSession session = getMyBatis().openSession();
- try {
- permissionFacade.addGroupPermission(123L, "devs", UserRole.USER, session);
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
-
- checkTable("should_add_group_permission", "group_roles", "group_id", "resource_id", "role");
- }
-
- @Test
- public void should_retrieve_permission_template() throws Exception {
- PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto().setName("Test template");
- PermissionTemplateDto templateWithPermissions = new PermissionTemplateDto();
- permissionDao = mock(PermissionDao.class);
- when(permissionDao.selectTemplateByKey("test_template")).thenReturn(permissionTemplateDto);
- when(permissionDao.selectPermissionTemplate("Test template")).thenReturn(templateWithPermissions);
-
- permissionFacade = new ComponentPermissionFacade(null, null, null, permissionDao);
-
- PermissionTemplateDto permissionTemplate = permissionFacade.getPermissionTemplate("test_template");
-
- assertThat(permissionTemplate).isSameAs(templateWithPermissions);
- }
-
- @Test
- public void should_fail_on_unmatched_template() throws Exception {
- throwable.expect(IllegalArgumentException.class);
-
- permissionDao = mock(PermissionDao.class);
-
- permissionFacade = new ComponentPermissionFacade(null, null, null, permissionDao);
- permissionFacade.getPermissionTemplate("unmatched");
- }
-
- @Test
- public void should_remove_all_permissions() throws Exception {
- setupData("should_remove_all_permissions");
-
- SqlSession session = getMyBatis().openSession();
- try {
- permissionFacade.removeAllPermissions(123L, session);
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
-
- checkTable("should_remove_all_permissions", "group_roles", "group_id", "resource_id", "role");
- checkTable("should_remove_all_permissions", "user_roles", "user_id", "resource_id", "role");
- }
-}
+++ /dev/null
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2013 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.core.permission;
-
-import org.apache.ibatis.session.SqlSession;
-import org.junit.Before;
-import org.junit.Test;
-import org.sonar.api.utils.DateUtils;
-import org.sonar.core.date.DateProvider;
-import org.sonar.core.persistence.AbstractDaoTestCase;
-import org.sonar.core.persistence.MyBatis;
-
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.List;
-
-import static org.fest.assertions.Assertions.assertThat;
-import static org.mockito.Mockito.*;
-
-public class PermissionDaoTest extends AbstractDaoTestCase {
-
- Date now;
- PermissionDao permissionDao;
- DateProvider dateProvider;
-
- @Before
- public void setUpDao() throws ParseException {
- now = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse("2013-01-02 01:04:05");
- dateProvider = mock(DateProvider.class);
- stub(dateProvider.now()).toReturn(now);
- permissionDao = new PermissionDao(getMyBatis(), dateProvider);
- }
-
- @Test
- public void should_create_permission_template() throws Exception {
- setupData("createPermissionTemplate");
- PermissionTemplateDto permissionTemplate = permissionDao.createPermissionTemplate("my template", "my description");
- assertThat(permissionTemplate).isNotNull();
- assertThat(permissionTemplate.getId()).isEqualTo(1L);
- checkTable("createPermissionTemplate", "permission_templates", "id", "name", "kee", "description");
- }
-
- @Test
- public void should_normalize_kee_on_template_creation() throws Exception {
- setupData("createNonAsciiPermissionTemplate");
- PermissionTemplateDto permissionTemplate = permissionDao.createPermissionTemplate("Môü Gnô Gnèçà ß", "my description");
- assertThat(permissionTemplate).isNotNull();
- assertThat(permissionTemplate.getId()).isEqualTo(1L);
- checkTable("createNonAsciiPermissionTemplate", "permission_templates", "id", "name", "kee", "description");
- }
-
- @Test
- public void should_skip_key_normalization_on_default_template() throws Exception {
-
- PermissionTemplateMapper mapper = mock(PermissionTemplateMapper.class);
-
- SqlSession session = mock(SqlSession.class);
- when(session.getMapper(PermissionTemplateMapper.class)).thenReturn(mapper);
-
- MyBatis myBatis = mock(MyBatis.class);
- when(myBatis.openSession()).thenReturn(session);
-
- permissionDao = new PermissionDao(myBatis, dateProvider);
- PermissionTemplateDto permissionTemplate = permissionDao.createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), null);
-
- verify(mapper).insert(permissionTemplate);
- verify(session).commit();
-
- assertThat(permissionTemplate.getKee()).isEqualTo(PermissionTemplateDto.DEFAULT.getKee());
- }
-
- @Test
- public void should_select_permission_template() throws Exception {
- setupData("selectPermissionTemplate");
- PermissionTemplateDto permissionTemplate = permissionDao.selectPermissionTemplate("my template");
-
- assertThat(permissionTemplate).isNotNull();
- assertThat(permissionTemplate.getName()).isEqualTo("my template");
- assertThat(permissionTemplate.getKee()).isEqualTo("my_template_20130102_030405");
- assertThat(permissionTemplate.getDescription()).isEqualTo("my description");
- assertThat(permissionTemplate.getUsersPermissions()).hasSize(3);
- assertThat(permissionTemplate.getUsersPermissions()).onProperty("userId").containsOnly(1L, 2L, 1L);
- assertThat(permissionTemplate.getUsersPermissions()).onProperty("userLogin").containsOnly("login1", "login2", "login2");
- assertThat(permissionTemplate.getUsersPermissions()).onProperty("userName").containsOnly("user1", "user2", "user2");
- assertThat(permissionTemplate.getUsersPermissions()).onProperty("permission").containsOnly("user_permission1", "user_permission1", "user_permission2");
- assertThat(permissionTemplate.getGroupsPermissions()).hasSize(3);
- assertThat(permissionTemplate.getGroupsPermissions()).onProperty("groupId").containsOnly(1L, 2L, null);
- assertThat(permissionTemplate.getGroupsPermissions()).onProperty("groupName").containsOnly("group1", "group2", null);
- assertThat(permissionTemplate.getGroupsPermissions()).onProperty("permission").containsOnly("group_permission1", "group_permission1", "group_permission2");
- }
-
- @Test
- public void should_select_empty_permission_template() throws Exception {
- setupData("selectEmptyPermissionTemplate");
- PermissionTemplateDto permissionTemplate = permissionDao.selectPermissionTemplate("my template");
-
- assertThat(permissionTemplate).isNotNull();
- assertThat(permissionTemplate.getName()).isEqualTo("my template");
- assertThat(permissionTemplate.getDescription()).isEqualTo("my description");
- assertThat(permissionTemplate.getUsersPermissions()).isNull();
- assertThat(permissionTemplate.getGroupsPermissions()).isNull();
- }
-
- @Test
- public void should_select_permission_template_by_name() throws Exception {
- setupData("selectPermissionTemplate");
-
- PermissionTemplateDto permissionTemplate = permissionDao.selectTemplateByName("my template");
-
- assertThat(permissionTemplate).isNotNull();
- assertThat(permissionTemplate.getId()).isEqualTo(1L);
- assertThat(permissionTemplate.getName()).isEqualTo("my template");
- assertThat(permissionTemplate.getKee()).isEqualTo("my_template_20130102_030405");
- assertThat(permissionTemplate.getDescription()).isEqualTo("my description");
- }
-
- @Test
- public void should_select_permission_template_by_key() throws Exception {
- setupData("selectPermissionTemplate");
-
- PermissionTemplateDto permissionTemplate = permissionDao.selectTemplateByKey("my_template_20130102_030405");
-
- assertThat(permissionTemplate).isNotNull();
- assertThat(permissionTemplate.getId()).isEqualTo(1L);
- assertThat(permissionTemplate.getName()).isEqualTo("my template");
- assertThat(permissionTemplate.getKee()).isEqualTo("my_template_20130102_030405");
- assertThat(permissionTemplate.getDescription()).isEqualTo("my description");
- }
-
- @Test
- public void should_select_all_permission_templates() throws Exception {
- setupData("selectAllPermissionTemplates");
-
- List<PermissionTemplateDto> permissionTemplates = permissionDao.selectAllPermissionTemplates();
-
- assertThat(permissionTemplates).hasSize(3);
- assertThat(permissionTemplates).onProperty("id").containsOnly(1L, 2L, 3L);
- assertThat(permissionTemplates).onProperty("name").containsOnly("template1", "template2", "template3");
- assertThat(permissionTemplates).onProperty("kee").containsOnly("template1_20130102_030405", "template2_20130102_030405", "template3_20130102_030405");
- assertThat(permissionTemplates).onProperty("description").containsOnly("description1", "description2", "description3");
- }
-
- @Test
- public void should_update_permission_template() throws Exception {
- setupData("updatePermissionTemplate");
-
- permissionDao.updatePermissionTemplate(1L, "new_name", "new_description");
-
- checkTable("updatePermissionTemplate", "permission_templates", "id", "name", "kee", "description");
- }
-
- @Test
- public void should_delete_permission_template() throws Exception {
- setupData("deletePermissionTemplate");
-
- permissionDao.deletePermissionTemplate(1L);
-
- checkTable("deletePermissionTemplate", "permission_templates", "id", "name", "description");
- checkTable("deletePermissionTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
- checkTable("deletePermissionTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
- }
-
- @Test
- public void should_add_user_permission_to_template() throws Exception {
- setupData("addUserPermissionToTemplate");
- permissionDao.addUserPermission(1L, 1L, "new_permission");
-
- checkTable("addUserPermissionToTemplate", "permission_templates", "id", "name", "description");
- checkTable("addUserPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
- checkTable("addUserPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
- }
-
- @Test
- public void should_remove_user_permission_from_template() throws Exception {
- setupData("removeUserPermissionFromTemplate");
- permissionDao.removeUserPermission(1L, 2L, "permission_to_remove");
-
- checkTable("removeUserPermissionFromTemplate", "permission_templates", "id", "name", "description");
- checkTable("removeUserPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
- checkTable("removeUserPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
- }
-
- @Test
- public void should_add_group_permission_to_template() throws Exception {
- setupData("addGroupPermissionToTemplate");
- permissionDao.addGroupPermission(1L, 1L, "new_permission");
-
- checkTable("addGroupPermissionToTemplate", "permission_templates", "id", "name", "description");
- checkTable("addGroupPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
- checkTable("addGroupPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
- }
-
- @Test
- public void should_remove_group_permission_from_template() throws Exception {
- setupData("removeGroupPermissionFromTemplate");
- permissionDao.removeGroupPermission(1L, 2L, "permission_to_remove");
-
- checkTable("removeGroupPermissionFromTemplate", "permission_templates", "id", "name", "description");
- checkTable("removeGroupPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
- checkTable("removeGroupPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
- }
-
- @Test
- public void should_add_group_permission_with_null_name() throws Exception {
- setupData("addNullGroupPermissionToTemplate");
- permissionDao.addGroupPermission(1L, null, "new_permission");
-
- checkTable("addNullGroupPermissionToTemplate", "permission_templates", "id", "name", "description");
- checkTable("addNullGroupPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
- checkTable("addNullGroupPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
- }
-
- @Test
- public void should_remove_group_permission_with_null_name() throws Exception {
- setupData("removeNullGroupPermissionFromTemplate");
- permissionDao.removeGroupPermission(1L, null, "permission_to_remove");
-
- checkTable("removeNullGroupPermissionFromTemplate", "permission_templates", "id", "name", "description");
- checkTable("removeNullGroupPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
- checkTable("removeNullGroupPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
- }
-}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.core.permission;
+
+import org.apache.ibatis.session.SqlSession;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.sonar.api.web.UserRole;
+import org.sonar.core.persistence.AbstractDaoTestCase;
+import org.sonar.core.persistence.MyBatis;
+import org.sonar.core.user.RoleDao;
+import org.sonar.core.user.UserDao;
+
+import static org.fest.assertions.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class PermissionFacadeTest extends AbstractDaoTestCase {
+
+ @Rule
+ public ExpectedException throwable = ExpectedException.none();
+
+ private PermissionFacade permissionFacade;
+ private PermissionTemplateDao permissionTemplateDao;
+
+ @Before
+ public void setUp() {
+ RoleDao roleDao = new RoleDao(getMyBatis());
+ UserDao userDao = new UserDao(getMyBatis());
+ permissionTemplateDao = new PermissionTemplateDao(getMyBatis());
+ permissionFacade = new PermissionFacade(getMyBatis(), roleDao, userDao, permissionTemplateDao);
+ }
+
+ @Test
+ public void should_apply_permission_template() throws Exception {
+ setupData("should_apply_permission_template");
+
+ permissionFacade.applyPermissionTemplate("default_20130101_010203", 123L);
+
+ checkTable("should_apply_permission_template", "group_roles", "group_id", "resource_id", "role");
+ checkTable("should_apply_permission_template", "user_roles", "group_id", "resource_id", "role");
+ }
+
+ @Test
+ public void should_count_component_permissions() throws Exception {
+ setupData("should_count_component_permissions");
+
+ assertThat(permissionFacade.countPermissions(123L)).isEqualTo(2);
+ }
+
+ @Test
+ public void should_add_user_permission() throws Exception {
+ setupData("should_add_user_permission");
+
+ permissionFacade.insertUserPermission(123L, 200L, UserRole.ADMIN);
+
+ checkTable("should_add_user_permission", "user_roles", "user_id", "resource_id", "role");
+ }
+
+ @Test
+ public void should_delete_user_permission() throws Exception {
+ setupData("should_delete_user_permission");
+
+ permissionFacade.deleteUserPermission(123L, 200L, UserRole.ADMIN);
+
+ checkTable("should_delete_user_permission", "user_roles", "user_id", "resource_id", "role");
+ }
+
+ @Test
+ public void should_insert_group_permission() throws Exception {
+ setupData("should_insert_group_permission");
+
+ SqlSession session = getMyBatis().openSession();
+ try {
+ permissionFacade.insertGroupPermission(123L, 100L, UserRole.USER);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+
+ checkTable("should_insert_group_permission", "group_roles", "group_id", "resource_id", "role");
+ }
+
+ @Test
+ public void should_insert_group_name_permission() throws Exception {
+ setupData("should_insert_group_permission");
+
+ SqlSession session = getMyBatis().openSession();
+ try {
+ permissionFacade.insertGroupPermission(123L, "devs", UserRole.USER, session);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+
+ checkTable("should_insert_group_permission", "group_roles", "group_id", "resource_id", "role");
+ }
+
+ @Test
+ public void should_insert_anyone_group_permission() throws Exception {
+ setupData("should_insert_anyone_group_permission");
+
+ SqlSession session = getMyBatis().openSession();
+ try {
+ permissionFacade.insertGroupPermission(123L, "Anyone", UserRole.USER, session);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+
+ checkTable("should_insert_anyone_group_permission", "group_roles", "group_id", "resource_id", "role");
+ }
+
+ @Test
+ public void should_delete_group_permission() throws Exception {
+ setupData("should_delete_group_permission");
+
+ permissionFacade.deleteGroupPermission(123L, 100L, UserRole.USER);
+
+ checkTable("should_delete_group_permission", "group_roles", "group_id", "resource_id", "role");
+ }
+
+ @Test
+ public void should_delete_group_name_permission() throws Exception {
+ setupData("should_delete_group_permission");
+
+ SqlSession session = getMyBatis().openSession();
+ try {
+ permissionFacade.deleteGroupPermission(123L, "devs", UserRole.USER, session);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+
+ checkTable("should_delete_group_permission", "group_roles", "group_id", "resource_id", "role");
+ }
+
+ @Test
+ public void should_retrieve_permission_template() throws Exception {
+ PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto().setName("Test template");
+ PermissionTemplateDto templateWithPermissions = new PermissionTemplateDto();
+ permissionTemplateDao = mock(PermissionTemplateDao.class);
+ when(permissionTemplateDao.selectTemplateByKey("test_template")).thenReturn(permissionTemplateDto);
+ when(permissionTemplateDao.selectPermissionTemplate("Test template")).thenReturn(templateWithPermissions);
+
+ permissionFacade = new PermissionFacade(null, null, null, permissionTemplateDao);
+
+ PermissionTemplateDto permissionTemplate = permissionFacade.getPermissionTemplate("test_template");
+
+ assertThat(permissionTemplate).isSameAs(templateWithPermissions);
+ }
+
+ @Test
+ public void should_fail_on_unmatched_template() throws Exception {
+ throwable.expect(IllegalArgumentException.class);
+
+ permissionTemplateDao = mock(PermissionTemplateDao.class);
+
+ permissionFacade = new PermissionFacade(null, null, null, permissionTemplateDao);
+ permissionFacade.getPermissionTemplate("unmatched");
+ }
+
+ @Test
+ public void should_remove_all_permissions() throws Exception {
+ setupData("should_remove_all_permissions");
+
+ SqlSession session = getMyBatis().openSession();
+ try {
+ permissionFacade.removeAllPermissions(123L, session);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+
+ checkTable("should_remove_all_permissions", "group_roles", "group_id", "resource_id", "role");
+ checkTable("should_remove_all_permissions", "user_roles", "user_id", "resource_id", "role");
+ }
+}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.core.permission;
+
+import org.apache.ibatis.session.SqlSession;
+import org.junit.Before;
+import org.junit.Test;
+import org.sonar.core.date.DateProvider;
+import org.sonar.core.persistence.AbstractDaoTestCase;
+import org.sonar.core.persistence.MyBatis;
+
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.List;
+
+import static org.fest.assertions.Assertions.assertThat;
+import static org.mockito.Mockito.*;
+
+public class PermissionTemplateDaoTest extends AbstractDaoTestCase {
+
+ Date now;
+ PermissionTemplateDao permissionTemplateDao;
+ DateProvider dateProvider;
+
+ @Before
+ public void setUpDao() throws ParseException {
+ now = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse("2013-01-02 01:04:05");
+ dateProvider = mock(DateProvider.class);
+ stub(dateProvider.now()).toReturn(now);
+ permissionTemplateDao = new PermissionTemplateDao(getMyBatis(), dateProvider);
+ }
+
+ @Test
+ public void should_create_permission_template() throws Exception {
+ setupData("createPermissionTemplate");
+ PermissionTemplateDto permissionTemplate = permissionTemplateDao.createPermissionTemplate("my template", "my description");
+ assertThat(permissionTemplate).isNotNull();
+ assertThat(permissionTemplate.getId()).isEqualTo(1L);
+ checkTable("createPermissionTemplate", "permission_templates", "id", "name", "kee", "description");
+ }
+
+ @Test
+ public void should_normalize_kee_on_template_creation() throws Exception {
+ setupData("createNonAsciiPermissionTemplate");
+ PermissionTemplateDto permissionTemplate = permissionTemplateDao.createPermissionTemplate("Môü Gnô Gnèçà ß", "my description");
+ assertThat(permissionTemplate).isNotNull();
+ assertThat(permissionTemplate.getId()).isEqualTo(1L);
+ checkTable("createNonAsciiPermissionTemplate", "permission_templates", "id", "name", "kee", "description");
+ }
+
+ @Test
+ public void should_skip_key_normalization_on_default_template() throws Exception {
+
+ PermissionTemplateMapper mapper = mock(PermissionTemplateMapper.class);
+
+ SqlSession session = mock(SqlSession.class);
+ when(session.getMapper(PermissionTemplateMapper.class)).thenReturn(mapper);
+
+ MyBatis myBatis = mock(MyBatis.class);
+ when(myBatis.openSession()).thenReturn(session);
+
+ permissionTemplateDao = new PermissionTemplateDao(myBatis, dateProvider);
+ PermissionTemplateDto permissionTemplate = permissionTemplateDao.createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), null);
+
+ verify(mapper).insert(permissionTemplate);
+ verify(session).commit();
+
+ assertThat(permissionTemplate.getKee()).isEqualTo(PermissionTemplateDto.DEFAULT.getKee());
+ }
+
+ @Test
+ public void should_select_permission_template() throws Exception {
+ setupData("selectPermissionTemplate");
+ PermissionTemplateDto permissionTemplate = permissionTemplateDao.selectPermissionTemplate("my template");
+
+ assertThat(permissionTemplate).isNotNull();
+ assertThat(permissionTemplate.getName()).isEqualTo("my template");
+ assertThat(permissionTemplate.getKee()).isEqualTo("my_template_20130102_030405");
+ assertThat(permissionTemplate.getDescription()).isEqualTo("my description");
+ assertThat(permissionTemplate.getUsersPermissions()).hasSize(3);
+ assertThat(permissionTemplate.getUsersPermissions()).onProperty("userId").containsOnly(1L, 2L, 1L);
+ assertThat(permissionTemplate.getUsersPermissions()).onProperty("userLogin").containsOnly("login1", "login2", "login2");
+ assertThat(permissionTemplate.getUsersPermissions()).onProperty("userName").containsOnly("user1", "user2", "user2");
+ assertThat(permissionTemplate.getUsersPermissions()).onProperty("permission").containsOnly("user_permission1", "user_permission1", "user_permission2");
+ assertThat(permissionTemplate.getGroupsPermissions()).hasSize(3);
+ assertThat(permissionTemplate.getGroupsPermissions()).onProperty("groupId").containsOnly(1L, 2L, null);
+ assertThat(permissionTemplate.getGroupsPermissions()).onProperty("groupName").containsOnly("group1", "group2", null);
+ assertThat(permissionTemplate.getGroupsPermissions()).onProperty("permission").containsOnly("group_permission1", "group_permission1", "group_permission2");
+ }
+
+ @Test
+ public void should_select_empty_permission_template() throws Exception {
+ setupData("selectEmptyPermissionTemplate");
+ PermissionTemplateDto permissionTemplate = permissionTemplateDao.selectPermissionTemplate("my template");
+
+ assertThat(permissionTemplate).isNotNull();
+ assertThat(permissionTemplate.getName()).isEqualTo("my template");
+ assertThat(permissionTemplate.getDescription()).isEqualTo("my description");
+ assertThat(permissionTemplate.getUsersPermissions()).isNull();
+ assertThat(permissionTemplate.getGroupsPermissions()).isNull();
+ }
+
+ @Test
+ public void should_select_permission_template_by_name() throws Exception {
+ setupData("selectPermissionTemplate");
+
+ PermissionTemplateDto permissionTemplate = permissionTemplateDao.selectTemplateByName("my template");
+
+ assertThat(permissionTemplate).isNotNull();
+ assertThat(permissionTemplate.getId()).isEqualTo(1L);
+ assertThat(permissionTemplate.getName()).isEqualTo("my template");
+ assertThat(permissionTemplate.getKee()).isEqualTo("my_template_20130102_030405");
+ assertThat(permissionTemplate.getDescription()).isEqualTo("my description");
+ }
+
+ @Test
+ public void should_select_permission_template_by_key() throws Exception {
+ setupData("selectPermissionTemplate");
+
+ PermissionTemplateDto permissionTemplate = permissionTemplateDao.selectTemplateByKey("my_template_20130102_030405");
+
+ assertThat(permissionTemplate).isNotNull();
+ assertThat(permissionTemplate.getId()).isEqualTo(1L);
+ assertThat(permissionTemplate.getName()).isEqualTo("my template");
+ assertThat(permissionTemplate.getKee()).isEqualTo("my_template_20130102_030405");
+ assertThat(permissionTemplate.getDescription()).isEqualTo("my description");
+ }
+
+ @Test
+ public void should_select_all_permission_templates() throws Exception {
+ setupData("selectAllPermissionTemplates");
+
+ List<PermissionTemplateDto> permissionTemplates = permissionTemplateDao.selectAllPermissionTemplates();
+
+ assertThat(permissionTemplates).hasSize(3);
+ assertThat(permissionTemplates).onProperty("id").containsOnly(1L, 2L, 3L);
+ assertThat(permissionTemplates).onProperty("name").containsOnly("template1", "template2", "template3");
+ assertThat(permissionTemplates).onProperty("kee").containsOnly("template1_20130102_030405", "template2_20130102_030405", "template3_20130102_030405");
+ assertThat(permissionTemplates).onProperty("description").containsOnly("description1", "description2", "description3");
+ }
+
+ @Test
+ public void should_update_permission_template() throws Exception {
+ setupData("updatePermissionTemplate");
+
+ permissionTemplateDao.updatePermissionTemplate(1L, "new_name", "new_description");
+
+ checkTable("updatePermissionTemplate", "permission_templates", "id", "name", "kee", "description");
+ }
+
+ @Test
+ public void should_delete_permission_template() throws Exception {
+ setupData("deletePermissionTemplate");
+
+ permissionTemplateDao.deletePermissionTemplate(1L);
+
+ checkTable("deletePermissionTemplate", "permission_templates", "id", "name", "description");
+ checkTable("deletePermissionTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("deletePermissionTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
+ }
+
+ @Test
+ public void should_add_user_permission_to_template() throws Exception {
+ setupData("addUserPermissionToTemplate");
+ permissionTemplateDao.addUserPermission(1L, 1L, "new_permission");
+
+ checkTable("addUserPermissionToTemplate", "permission_templates", "id", "name", "description");
+ checkTable("addUserPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("addUserPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
+ }
+
+ @Test
+ public void should_remove_user_permission_from_template() throws Exception {
+ setupData("removeUserPermissionFromTemplate");
+ permissionTemplateDao.removeUserPermission(1L, 2L, "permission_to_remove");
+
+ checkTable("removeUserPermissionFromTemplate", "permission_templates", "id", "name", "description");
+ checkTable("removeUserPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("removeUserPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
+ }
+
+ @Test
+ public void should_add_group_permission_to_template() throws Exception {
+ setupData("addGroupPermissionToTemplate");
+ permissionTemplateDao.addGroupPermission(1L, 1L, "new_permission");
+
+ checkTable("addGroupPermissionToTemplate", "permission_templates", "id", "name", "description");
+ checkTable("addGroupPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("addGroupPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
+ }
+
+ @Test
+ public void should_remove_group_permission_from_template() throws Exception {
+ setupData("removeGroupPermissionFromTemplate");
+ permissionTemplateDao.removeGroupPermission(1L, 2L, "permission_to_remove");
+
+ checkTable("removeGroupPermissionFromTemplate", "permission_templates", "id", "name", "description");
+ checkTable("removeGroupPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("removeGroupPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
+ }
+
+ @Test
+ public void should_add_group_permission_with_null_name() throws Exception {
+ setupData("addNullGroupPermissionToTemplate");
+ permissionTemplateDao.addGroupPermission(1L, null, "new_permission");
+
+ checkTable("addNullGroupPermissionToTemplate", "permission_templates", "id", "name", "description");
+ checkTable("addNullGroupPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("addNullGroupPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
+ }
+
+ @Test
+ public void should_remove_group_permission_with_null_name() throws Exception {
+ setupData("removeNullGroupPermissionFromTemplate");
+ permissionTemplateDao.removeGroupPermission(1L, null, "permission_to_remove");
+
+ checkTable("removeNullGroupPermissionFromTemplate", "permission_templates", "id", "name", "description");
+ checkTable("removeNullGroupPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("removeNullGroupPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
+ }
+}
import org.sonar.api.resources.Project;
import org.sonar.api.resources.Resource;
import org.sonar.api.security.DefaultGroups;
-import org.sonar.core.permission.ComponentPermissionFacade;
-import org.sonar.core.permission.PermissionDao;
+import org.sonar.core.permission.PermissionFacade;
+import org.sonar.core.permission.PermissionTemplateDao;
import org.sonar.core.persistence.AbstractDaoTestCase;
import org.sonar.core.user.RoleDao;
import org.sonar.core.user.UserDao;
@Before
public void initResourcePermissions() {
settings = new Settings();
- ComponentPermissionFacade permissionFacade = new ComponentPermissionFacade(getMyBatis(),
- new RoleDao(getMyBatis()), new UserDao(getMyBatis()), new PermissionDao(getMyBatis()));
+ PermissionFacade permissionFacade = new PermissionFacade(getMyBatis(),
+ new RoleDao(getMyBatis()), new UserDao(getMyBatis()), new PermissionTemplateDao(getMyBatis()));
permissions = new DefaultResourcePermissions(settings, getMyBatis(), permissionFacade);
}
import org.junit.Test;
import org.sonar.api.security.DefaultGroups;
-import org.sonar.core.permission.Permission;
+import org.sonar.core.permission.GlobalPermission;
import org.sonar.core.persistence.AbstractDaoTestCase;
import static org.fest.assertions.Assertions.assertThat;
RoleDao dao = new RoleDao(getMyBatis());
- assertThat(dao.selectUserPermissions("admin_user")).containsOnly(Permission.SYSTEM_ADMIN.key(), Permission.QUALITY_PROFILE_ADMIN.key());
- assertThat(dao.selectUserPermissions("profile_admin_user")).containsOnly(Permission.QUALITY_PROFILE_ADMIN.key());
+ assertThat(dao.selectUserPermissions("admin_user")).containsOnly(GlobalPermission.SYSTEM_ADMIN.key(), GlobalPermission.QUALITY_PROFILE_ADMIN.key());
+ assertThat(dao.selectUserPermissions("profile_admin_user")).containsOnly(GlobalPermission.QUALITY_PROFILE_ADMIN.key());
}
@Test
RoleDao dao = new RoleDao(getMyBatis());
- assertThat(dao.selectGroupPermissions("sonar-administrators")).containsOnly(Permission.SYSTEM_ADMIN.key(), Permission.QUALITY_PROFILE_ADMIN.key(),
- Permission.DASHBOARD_SHARING.key(), Permission.DRY_RUN_EXECUTION.key(), Permission.SCAN_EXECUTION.key());
- assertThat(dao.selectGroupPermissions("sonar-users")).containsOnly(Permission.DASHBOARD_SHARING.key(), Permission.DRY_RUN_EXECUTION.key(),
- Permission.SCAN_EXECUTION.key());
- assertThat(dao.selectGroupPermissions(DefaultGroups.ANYONE)).containsOnly(Permission.DRY_RUN_EXECUTION.key(), Permission.SCAN_EXECUTION.key());
+ assertThat(dao.selectGroupPermissions("sonar-administrators")).containsOnly(GlobalPermission.SYSTEM_ADMIN.key(), GlobalPermission.QUALITY_PROFILE_ADMIN.key(),
+ GlobalPermission.DASHBOARD_SHARING.key(), GlobalPermission.DRY_RUN_EXECUTION.key(), GlobalPermission.SCAN_EXECUTION.key());
+ assertThat(dao.selectGroupPermissions("sonar-users")).containsOnly(GlobalPermission.DASHBOARD_SHARING.key(), GlobalPermission.DRY_RUN_EXECUTION.key(),
+ GlobalPermission.SCAN_EXECUTION.key());
+ assertThat(dao.selectGroupPermissions(DefaultGroups.ANYONE)).containsOnly(GlobalPermission.DRY_RUN_EXECUTION.key(), GlobalPermission.SCAN_EXECUTION.key());
}
@Test
public void should_delete_user_global_permission() throws Exception {
setupData("userPermissions");
- UserRoleDto userRoleToDelete = new UserRoleDto().setUserId(200L).setRole(Permission.QUALITY_PROFILE_ADMIN.key());
+ UserRoleDto userRoleToDelete = new UserRoleDto().setUserId(200L).setRole(GlobalPermission.QUALITY_PROFILE_ADMIN.key());
RoleDao dao = new RoleDao(getMyBatis());
dao.deleteUserRole(userRoleToDelete);
public void should_delete_group_global_permission() throws Exception {
setupData("groupPermissions");
- GroupRoleDto groupRoleToDelete = new GroupRoleDto().setGroupId(100L).setRole(Permission.QUALITY_PROFILE_ADMIN.key());
+ GroupRoleDto groupRoleToDelete = new GroupRoleDto().setGroupId(100L).setRole(GlobalPermission.QUALITY_PROFILE_ADMIN.key());
RoleDao dao = new RoleDao(getMyBatis());
dao.deleteGroupRole(groupRoleToDelete);
+++ /dev/null
-<dataset>
-
- <groups id="100" name="devs"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
- <group_roles id="2" group_id="100" resource_id="123" role="user"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <groups id="100" name="devs"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
- <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
-
- <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
-
- <!-- on other resources -->
- <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="2" group_id="101" resource_id="1" role="user"/>
- <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
-
- <!-- new groups permissions : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer) -->
- <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
- <group_roles id="4" group_id="101" resource_id="123" role="user"/>
- <group_roles id="5" group_id="[null]" resource_id="123" role="user"/>
- <group_roles id="6" group_id="101" resource_id="123" role="codeviewer"/>
- <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
-
- <!-- new user permission : marius (admin) -->
- <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
-
- <!-- default permission template for all qualifiers -->
- <permission_templates id="1" name="default" kee="default_20130101_010203"/>
-
- <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
- <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
- <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
- <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
- <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
-
- <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
-
- <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
-
- <!-- on other resources -->
- <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="2" group_id="101" resource_id="1" role="user"/>
- <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
-
-
- <!-- default permission template for all qualifiers -->
- <permission_templates id="1" name="default" kee="default_20130101_010203"/>
-
- <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
- <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
- <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
- <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
- <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
-
- <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <groups id="100" name="devs"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <groups id="100" name="devs"/>
-
- <user_roles/>
-
- <group_roles/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <groups id="100" name="devs"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <groups id="100" name="devs"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
- <group_roles id="2" group_id="100" resource_id="123" role="admin"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <groups id="100" name="devs"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
- <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
- <perm_templates_users/>
- <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="new_permission"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
- <perm_templates_users/>
- <perm_templates_groups/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
- <perm_templates_users/>
- <perm_templates_groups id="1" template_id="1" group_id="[null]" permission_reference="new_permission"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
- <perm_templates_users/>
- <perm_templates_groups/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
- <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="new_permission"/>
- <perm_templates_groups/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
- <perm_templates_users/>
- <perm_templates_groups/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="Môü Gnô Gnèçà ß" kee="mou_gno_gneca_20130102_010405" description="my description"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset></dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_010405" description="my description"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset></dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="2" name="other template" kee="my_template_20130102_030405" description="other description" created_at="[null]" updated_at="[null]"/>
-
- <perm_templates_users/>
-
- <perm_templates_groups/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description" created_at="[null]" updated_at="[null]"/>
- <permission_templates id="2" name="other template" kee="my_template_20130102_030405" description="other description" created_at="[null]" updated_at="[null]"/>
-
- <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="user_permission1"/>
- <perm_templates_users id="2" template_id="1" user_id="2" permission_reference="user_permission1"/>
- <perm_templates_users id="3" template_id="1" user_id="2" permission_reference="user_permission2"/>
-
- <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="group_permission1"/>
- <perm_templates_groups id="2" template_id="1" group_id="2" permission_reference="group_permission1"/>
- <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="group_permission2"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
- <perm_templates_users/>
- <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
- <perm_templates_groups id="3" template_id="1" group_id="2" permission_reference="remaining_permission_same_group"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
- <perm_templates_users/>
- <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
- <perm_templates_groups id="2" template_id="1" group_id="2" permission_reference="permission_to_remove"/>
- <perm_templates_groups id="3" template_id="1" group_id="2" permission_reference="remaining_permission_same_group"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
- <perm_templates_users/>
- <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
- <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="remaining_permission_same_group"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
- <perm_templates_users/>
- <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
- <perm_templates_groups id="2" template_id="1" group_id="[null]" permission_reference="permission_to_remove"/>
- <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="remaining_permission_same_group"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
-
- <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="remaining_permission_other_user"/>
- <perm_templates_users id="3" template_id="1" user_id="2" permission_reference="remaining_permission_same_user"/>
-
- <perm_templates_groups/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
-
- <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="remaining_permission_other_user"/>
- <perm_templates_users id="2" template_id="1" user_id="2" permission_reference="permission_to_remove"/>
- <perm_templates_users id="3" template_id="1" user_id="2" permission_reference="remaining_permission_same_user"/>
-
- <perm_templates_groups/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="template1" kee="template1_20130102_030405" description="description1" created_at="[null]" updated_at="[null]"/>
- <permission_templates id="2" name="template2" kee="template2_20130102_030405" description="description2" created_at="[null]" updated_at="[null]"/>
- <permission_templates id="3" name="template3" kee="template3_20130102_030405" description="description3" created_at="[null]" updated_at="[null]"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description" created_at="[null]" updated_at="[null]"/>
-
- <users id="1" login="user1" name="user1" />
- <users id="2" login="user2" name="user2" />
-
- <groups id="1" name="group1"/>
- <groups id="2" name="group2"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description" created_at="[null]" updated_at="[null]"/>
-
- <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="user_permission1"/>
- <perm_templates_users id="2" template_id="1" user_id="2" permission_reference="user_permission1"/>
- <perm_templates_users id="3" template_id="1" user_id="2" permission_reference="user_permission2"/>
-
- <users id="1" login="login1" name="user1" />
- <users id="2" login="login2" name="user2" />
-
- <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="group_permission1"/>
- <perm_templates_groups id="2" template_id="1" group_id="2" permission_reference="group_permission1"/>
- <!-- Anyone group -->
- <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="group_permission2"/>
- <!-- Unmatched group -->
- <perm_templates_groups id="4" template_id="1" group_id="999999" permission_reference="group_permission2"/>
-
- <groups id="1" name="group1"/>
- <groups id="2" name="group2"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="new_name" kee="template1_20130102_030405" description="new_description" created_at="[null]" updated_at="[null]"/>
- <permission_templates id="2" name="template2" kee="template2_20130102_030405" description="description2" created_at="[null]" updated_at="[null]"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <permission_templates id="1" name="template1" kee="template1_20130102_030405" description="description1" created_at="[null]" updated_at="[null]"/>
- <permission_templates id="2" name="template2" kee="template2_20130102_030405" description="description2" created_at="[null]" updated_at="[null]"/>
-</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+ <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+ <!-- new groups permissions : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer) -->
+ <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
+ <group_roles id="4" group_id="101" resource_id="123" role="user"/>
+ <group_roles id="5" group_id="[null]" resource_id="123" role="user"/>
+ <group_roles id="6" group_id="101" resource_id="123" role="codeviewer"/>
+ <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
+
+ <!-- new user permission : marius (admin) -->
+ <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+
+ <!-- default permission template for all qualifiers -->
+ <permission_templates id="1" name="default" kee="default_20130101_010203"/>
+
+ <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
+ <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
+ <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
+ <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
+
+ <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+
+ <!-- default permission template for all qualifiers -->
+ <permission_templates id="1" name="default" kee="default_20130101_010203"/>
+
+ <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
+ <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
+ <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
+ <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
+
+ <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <groups id="100" name="devs"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+ <group_roles id="2" group_id="100" resource_id="123" role="user"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+ <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+ <group_roles id="2" group_id="[null]" resource_id="123" role="user"/>
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+ <group_roles id="2" group_id="100" resource_id="123" role="user"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <groups id="100" name="devs"/>
+
+ <user_roles/>
+
+ <group_roles/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <groups id="100" name="devs"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+ <perm_templates_users/>
+ <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="new_permission"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+ <perm_templates_users/>
+ <perm_templates_groups/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+ <perm_templates_users/>
+ <perm_templates_groups id="1" template_id="1" group_id="[null]" permission_reference="new_permission"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+ <perm_templates_users/>
+ <perm_templates_groups/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+ <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="new_permission"/>
+ <perm_templates_groups/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+ <perm_templates_users/>
+ <perm_templates_groups/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="Môü Gnô Gnèçà ß" kee="mou_gno_gneca_20130102_010405" description="my description"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset></dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_010405" description="my description"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset></dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="2" name="other template" kee="my_template_20130102_030405" description="other description" created_at="[null]" updated_at="[null]"/>
+
+ <perm_templates_users/>
+
+ <perm_templates_groups/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description" created_at="[null]" updated_at="[null]"/>
+ <permission_templates id="2" name="other template" kee="my_template_20130102_030405" description="other description" created_at="[null]" updated_at="[null]"/>
+
+ <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="user_permission1"/>
+ <perm_templates_users id="2" template_id="1" user_id="2" permission_reference="user_permission1"/>
+ <perm_templates_users id="3" template_id="1" user_id="2" permission_reference="user_permission2"/>
+
+ <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="group_permission1"/>
+ <perm_templates_groups id="2" template_id="1" group_id="2" permission_reference="group_permission1"/>
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="group_permission2"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+ <perm_templates_users/>
+ <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
+ <perm_templates_groups id="3" template_id="1" group_id="2" permission_reference="remaining_permission_same_group"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+ <perm_templates_users/>
+ <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
+ <perm_templates_groups id="2" template_id="1" group_id="2" permission_reference="permission_to_remove"/>
+ <perm_templates_groups id="3" template_id="1" group_id="2" permission_reference="remaining_permission_same_group"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+ <perm_templates_users/>
+ <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="remaining_permission_same_group"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+ <perm_templates_users/>
+ <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
+ <perm_templates_groups id="2" template_id="1" group_id="[null]" permission_reference="permission_to_remove"/>
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="remaining_permission_same_group"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+
+ <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="remaining_permission_other_user"/>
+ <perm_templates_users id="3" template_id="1" user_id="2" permission_reference="remaining_permission_same_user"/>
+
+ <perm_templates_groups/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
+
+ <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="remaining_permission_other_user"/>
+ <perm_templates_users id="2" template_id="1" user_id="2" permission_reference="permission_to_remove"/>
+ <perm_templates_users id="3" template_id="1" user_id="2" permission_reference="remaining_permission_same_user"/>
+
+ <perm_templates_groups/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="template1" kee="template1_20130102_030405" description="description1" created_at="[null]" updated_at="[null]"/>
+ <permission_templates id="2" name="template2" kee="template2_20130102_030405" description="description2" created_at="[null]" updated_at="[null]"/>
+ <permission_templates id="3" name="template3" kee="template3_20130102_030405" description="description3" created_at="[null]" updated_at="[null]"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description" created_at="[null]" updated_at="[null]"/>
+
+ <users id="1" login="user1" name="user1" />
+ <users id="2" login="user2" name="user2" />
+
+ <groups id="1" name="group1"/>
+ <groups id="2" name="group2"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description" created_at="[null]" updated_at="[null]"/>
+
+ <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="user_permission1"/>
+ <perm_templates_users id="2" template_id="1" user_id="2" permission_reference="user_permission1"/>
+ <perm_templates_users id="3" template_id="1" user_id="2" permission_reference="user_permission2"/>
+
+ <users id="1" login="login1" name="user1" />
+ <users id="2" login="login2" name="user2" />
+
+ <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="group_permission1"/>
+ <perm_templates_groups id="2" template_id="1" group_id="2" permission_reference="group_permission1"/>
+ <!-- Anyone group -->
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="group_permission2"/>
+ <!-- Unmatched group -->
+ <perm_templates_groups id="4" template_id="1" group_id="999999" permission_reference="group_permission2"/>
+
+ <groups id="1" name="group1"/>
+ <groups id="2" name="group2"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="new_name" kee="template1_20130102_030405" description="new_description" created_at="[null]" updated_at="[null]"/>
+ <permission_templates id="2" name="template2" kee="template2_20130102_030405" description="description2" created_at="[null]" updated_at="[null]"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <permission_templates id="1" name="template1" kee="template1_20130102_030405" description="description1" created_at="[null]" updated_at="[null]"/>
+ <permission_templates id="2" name="template2" kee="template2_20130102_030405" description="description2" created_at="[null]" updated_at="[null]"/>
+</dataset>
\ No newline at end of file
<perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
<perm_templates_users id="2" template_id="1" user_id="201" permission_reference="admin"/>
-</dataset>
\ No newline at end of file
+</dataset>
import org.sonar.core.issue.db.IssueFilterDto;
import org.sonar.core.issue.db.IssueFilterFavouriteDao;
import org.sonar.core.issue.db.IssueFilterFavouriteDto;
-import org.sonar.core.permission.Permission;
+import org.sonar.core.permission.GlobalPermission;
import org.sonar.core.user.AuthorizationDao;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
}
private boolean isAdmin(String user) {
- return authorizationDao.selectGlobalPermissions(user).contains(Permission.SYSTEM_ADMIN.key());
+ return authorizationDao.selectGlobalPermissions(user).contains(GlobalPermission.SYSTEM_ADMIN.key());
}
private IssueFilterResult createIssueFilterResult(IssueQueryResult issueQueryResult, IssueQuery issueQuery) {
}
private boolean hasUserSharingPermission(String user){
- return authorizationDao.selectGlobalPermissions(user).contains(Permission.DASHBOARD_SHARING.key());
+ return authorizationDao.selectGlobalPermissions(user).contains(GlobalPermission.DASHBOARD_SHARING.key());
}
}
import org.slf4j.LoggerFactory;
import org.sonar.api.ServerComponent;
import org.sonar.api.security.DefaultGroups;
-import org.sonar.core.permission.ComponentPermissionFacade;
-import org.sonar.core.permission.Permission;
-import org.sonar.core.user.*;
+import org.sonar.core.permission.GlobalPermission;
+import org.sonar.core.permission.PermissionFacade;
+import org.sonar.core.resource.ResourceDao;
+import org.sonar.core.resource.ResourceDto;
+import org.sonar.core.resource.ResourceQuery;
+import org.sonar.core.user.GroupDto;
+import org.sonar.core.user.RoleDao;
+import org.sonar.core.user.UserDao;
+import org.sonar.core.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.user.UserSession;
+import javax.annotation.Nullable;
+
import java.util.List;
import java.util.Map;
private final RoleDao roleDao;
private final UserDao userDao;
- private final ComponentPermissionFacade permissionFacade;
+ private final ResourceDao resourceDao;
+ private final PermissionFacade permissionFacade;
- public InternalPermissionService(RoleDao roleDao, UserDao userDao, ComponentPermissionFacade permissionFacade) {
+ public InternalPermissionService(RoleDao roleDao, UserDao userDao, ResourceDao resourceDao, PermissionFacade permissionFacade) {
this.roleDao = roleDao;
this.userDao = userDao;
+ this.resourceDao = resourceDao;
this.permissionFacade = permissionFacade;
}
public void applyPermissionTemplate(Map<String, Object> params) {
UserSession.get().checkLoggedIn();
- UserSession.get().checkGlobalPermission(Permission.SYSTEM_ADMIN);
+ UserSession.get().checkGlobalPermission(GlobalPermission.SYSTEM_ADMIN);
ApplyPermissionTemplateQuery query = ApplyPermissionTemplateQuery.buildFromParams(params);
query.validate();
for (String component : query.getSelectedComponents()) {
- applyPermissionTemplate(query.getTemplateKey(), component);
+ permissionFacade.applyPermissionTemplate(query.getTemplateKey(), Long.parseLong(component));
}
}
- private void applyPermissionTemplate(String templateKey, String componentId) {
- permissionFacade.applyPermissionTemplate(templateKey, Long.parseLong(componentId));
- }
-
private void changePermission(String permissionChange, Map<String, Object> params) {
UserSession.get().checkLoggedIn();
- UserSession.get().checkGlobalPermission(Permission.SYSTEM_ADMIN);
+ UserSession.get().checkGlobalPermission(GlobalPermission.SYSTEM_ADMIN);
PermissionChangeQuery permissionChangeQuery = PermissionChangeQuery.buildFromParams(params);
permissionChangeQuery.validate();
applyPermissionChange(permissionChange, permissionChangeQuery);
}
private void applyGroupPermissionChange(String operation, PermissionChangeQuery permissionChangeQuery) {
- List<String> existingPermissions = roleDao.selectGroupPermissions(permissionChangeQuery.getGroup());
- if (shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.getRole())) {
+ List<String> existingPermissions = roleDao.selectGroupPermissions(permissionChangeQuery.group());
+ if (shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.permission())) {
LOG.info("Skipping permission change '{} {}' for group {} as it matches the current permission scheme",
- new String[] {operation, permissionChangeQuery.getRole(), permissionChangeQuery.getGroup()});
+ new String[]{operation, permissionChangeQuery.permission(), permissionChangeQuery.group()});
} else {
- Long targetedGroup = getTargetedGroup(permissionChangeQuery.getGroup());
- GroupRoleDto groupRole = new GroupRoleDto().setRole(permissionChangeQuery.getRole()).setGroupId(targetedGroup);
+ Long targetedGroup = getTargetedGroup(permissionChangeQuery.group());
if (ADD.equals(operation)) {
- roleDao.insertGroupRole(groupRole);
+ permissionFacade.insertGroupPermission(getComponentId(permissionChangeQuery.component()), targetedGroup, permissionChangeQuery.permission());
} else {
- roleDao.deleteGroupRole(groupRole);
+ permissionFacade.deleteGroupPermission(getComponentId(permissionChangeQuery.component()), targetedGroup, permissionChangeQuery.permission());
}
}
}
private void applyUserPermissionChange(String operation, PermissionChangeQuery permissionChangeQuery) {
- List<String> existingPermissions = roleDao.selectUserPermissions(permissionChangeQuery.getUser());
- if (shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.getRole())) {
+ List<String> existingPermissions = roleDao.selectUserPermissions(permissionChangeQuery.user());
+ if (shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.permission())) {
LOG.info("Skipping permission change '{} {}' for user {} as it matches the current permission scheme",
- new String[] {operation, permissionChangeQuery.getRole(), permissionChangeQuery.getUser()});
+ new String[]{operation, permissionChangeQuery.permission(), permissionChangeQuery.user()});
} else {
- Long targetedUser = getTargetedUser(permissionChangeQuery.getUser());
- UserRoleDto userRole = new UserRoleDto().setRole(permissionChangeQuery.getRole()).setUserId(targetedUser);
+ Long targetedUser = getTargetedUser(permissionChangeQuery.user());
if (ADD.equals(operation)) {
- roleDao.insertUserRole(userRole);
+ permissionFacade.insertUserPermission(getComponentId(permissionChangeQuery.component()), targetedUser, permissionChangeQuery.permission());
} else {
- roleDao.deleteUserRole(userRole);
+ permissionFacade.deleteUserPermission(getComponentId(permissionChangeQuery.component()), targetedUser, permissionChangeQuery.permission());
}
}
}
private Long getTargetedUser(String userLogin) {
UserDto user = userDao.selectActiveUserByLogin(userLogin);
- if(user == null) {
+ if (user == null) {
throw new BadRequestException("User " + userLogin + " does not exist");
}
return user.getId();
}
+ @Nullable
private Long getTargetedGroup(String group) {
if (DefaultGroups.isAnyone(group)) {
return null;
} else {
GroupDto groupDto = userDao.selectGroupByName(group);
- if(groupDto == null) {
+ if (groupDto == null) {
throw new BadRequestException("Group " + group + " does not exist");
}
return groupDto.getId();
return (ADD.equals(operation) && existingPermissions.contains(role)) ||
(REMOVE.equals(operation) && !existingPermissions.contains(role));
}
+
+ @Nullable
+ private Long getComponentId(String componentKey) {
+ if (componentKey == null) {
+ return null;
+ } else {
+ ResourceDto resourceDto = resourceDao.getResource(ResourceQuery.create().setKey(componentKey));
+ if (resourceDto == null) {
+ throw new BadRequestException("Component " + componentKey + " does not exists.");
+ }
+ return resourceDto.getId();
+ }
+ }
}
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonar.api.ServerComponent;
-import org.sonar.core.permission.PermissionDao;
+import org.sonar.core.permission.PermissionTemplateDao;
import org.sonar.core.permission.PermissionTemplateDto;
import org.sonar.core.user.UserDao;
import org.sonar.server.exceptions.BadRequestException;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
+
import java.util.List;
/**
private static final Logger LOG = LoggerFactory.getLogger(InternalPermissionTemplateService.class);
- private final PermissionDao permissionDao;
+ private final PermissionTemplateDao permissionTemplateDao;
private final UserDao userDao;
- public InternalPermissionTemplateService(PermissionDao permissionDao, UserDao userDao) {
- this.permissionDao = permissionDao;
+ public InternalPermissionTemplateService(PermissionTemplateDao permissionTemplateDao, UserDao userDao) {
+ this.permissionTemplateDao = permissionTemplateDao;
this.userDao = userDao;
}
@CheckForNull
public PermissionTemplate selectPermissionTemplate(String templateName) {
PermissionTemplateUpdater.checkUserCredentials();
- PermissionTemplateDto permissionTemplateDto = permissionDao.selectPermissionTemplate(templateName);
+ PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectPermissionTemplate(templateName);
return PermissionTemplate.create(permissionTemplateDto);
}
public List<PermissionTemplate> selectAllPermissionTemplates() {
PermissionTemplateUpdater.checkUserCredentials();
List<PermissionTemplate> permissionTemplates = Lists.newArrayList();
- List<PermissionTemplateDto> permissionTemplateDtos = permissionDao.selectAllPermissionTemplates();
+ List<PermissionTemplateDto> permissionTemplateDtos = permissionTemplateDao.selectAllPermissionTemplates();
if(permissionTemplateDtos != null) {
for (PermissionTemplateDto permissionTemplateDto : permissionTemplateDtos) {
permissionTemplates.add(PermissionTemplate.create(permissionTemplateDto));
public PermissionTemplate createPermissionTemplate(String name, @Nullable String description) {
PermissionTemplateUpdater.checkUserCredentials();
validateTemplateName(null, name);
- PermissionTemplateDto permissionTemplateDto = permissionDao.createPermissionTemplate(name, description);
+ PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.createPermissionTemplate(name, description);
if(permissionTemplateDto.getId() == null) {
String errorMsg = "Template creation failed";
LOG.error(errorMsg);
public void updatePermissionTemplate(Long templateId, String newName, @Nullable String newDescription) {
PermissionTemplateUpdater.checkUserCredentials();
validateTemplateName(templateId, newName);
- permissionDao.updatePermissionTemplate(templateId, newName, newDescription);
+ permissionTemplateDao.updatePermissionTemplate(templateId, newName, newDescription);
}
public void deletePermissionTemplate(Long templateId) {
PermissionTemplateUpdater.checkUserCredentials();
- permissionDao.deletePermissionTemplate(templateId);
+ permissionTemplateDao.deletePermissionTemplate(templateId);
}
public void addUserPermission(String templateName, String permission, String userLogin) {
- PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, userLogin, permissionDao, userDao) {
+ PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, userLogin, permissionTemplateDao, userDao) {
@Override
protected void doExecute(Long templateId, String permission) {
Long userId = getUserId();
- permissionDao.addUserPermission(templateId, userId, permission);
+ permissionTemplateDao.addUserPermission(templateId, userId, permission);
}
};
updater.executeUpdate();
}
public void removeUserPermission(String templateName, String permission, String userLogin) {
- PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, userLogin, permissionDao, userDao) {
+ PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, userLogin, permissionTemplateDao, userDao) {
@Override
protected void doExecute(Long templateId, String permission) {
Long userId = getUserId();
- permissionDao.removeUserPermission(templateId, userId, permission);
+ permissionTemplateDao.removeUserPermission(templateId, userId, permission);
}
};
updater.executeUpdate();
}
public void addGroupPermission(String templateName, String permission, String groupName) {
- PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, groupName, permissionDao, userDao) {
+ PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, groupName, permissionTemplateDao, userDao) {
@Override
protected void doExecute(Long templateId, String permission) {
Long groupId = getGroupId();
- permissionDao.addGroupPermission(templateId, groupId, permission);
+ permissionTemplateDao.addGroupPermission(templateId, groupId, permission);
}
};
updater.executeUpdate();
}
public void removeGroupPermission(String templateName, String permission, String groupName) {
- PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, groupName, permissionDao, userDao) {
+ PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, groupName, permissionTemplateDao, userDao) {
@Override
protected void doExecute(Long templateId, String permission) {
Long groupId = getGroupId();
- permissionDao.removeGroupPermission(templateId, groupId, permission);
+ permissionTemplateDao.removeGroupPermission(templateId, groupId, permission);
}
};
updater.executeUpdate();
String errorMsg = "Name can't be blank";
throw new BadRequestException(errorMsg);
}
- List<PermissionTemplateDto> existingTemplates = permissionDao.selectAllPermissionTemplates();
+ List<PermissionTemplateDto> existingTemplates = permissionTemplateDao.selectAllPermissionTemplates();
if(existingTemplates != null) {
for (PermissionTemplateDto existingTemplate : existingTemplates) {
if((templateId == null || !existingTemplate.getId().equals(templateId)) && (existingTemplate.getName().equals(templateName))) {
package org.sonar.server.permission;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
import org.apache.commons.lang.StringUtils;
-import org.sonar.core.permission.Permission;
+import org.sonar.api.web.UserRole;
+import org.sonar.core.permission.GlobalPermission;
import org.sonar.server.exceptions.BadRequestException;
+import javax.annotation.Nullable;
+
+import java.util.List;
import java.util.Map;
public class PermissionChangeQuery {
private static final String USER_KEY = "user";
private static final String GROUP_KEY = "group";
- private static final String ROLE_KEY = "permission";
+ private static final String PERMISSION_KEY = "permission";
+ private static final String COMPONENT_KEY = "component";
+
+ private static final List<String> COMPONENT_PERMISSIONS = ImmutableList.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.USER);
private final String user;
private final String group;
- private final String role;
+ private final String component;
+ private final String permission;
- private PermissionChangeQuery(String user, String group, String role) {
+ private PermissionChangeQuery(@Nullable String user, @Nullable String group, @Nullable String component, String permission) {
this.user = user;
this.group = group;
- this.role = role;
+ this.component = component;
+ this.permission = permission;
}
public static PermissionChangeQuery buildFromParams(Map<String, Object> params) {
- return new PermissionChangeQuery((String) params.get(USER_KEY), (String) params.get(GROUP_KEY), (String) params.get(ROLE_KEY));
+ return new PermissionChangeQuery((String) params.get(USER_KEY), (String) params.get(GROUP_KEY), (String) params.get(COMPONENT_KEY), (String) params.get(PERMISSION_KEY));
}
public void validate() {
}
private void validatePermission() {
- if (StringUtils.isBlank(role)) {
+ if (StringUtils.isBlank(permission)) {
throw new BadRequestException("Missing permission parameter");
}
- if (!Permission.allGlobal().keySet().contains(role)) {
- throw new BadRequestException("Invalid permission key " + role);
+ if (Strings.isNullOrEmpty(component)){
+ if (!GlobalPermission.allGlobal().keySet().contains(permission)) {
+ throw new BadRequestException("Invalid permission key " + permission + ". Valid ones are : "+ GlobalPermission.allGlobal().keySet());
+ }
+ } else {
+ if (!COMPONENT_PERMISSIONS.contains(permission)) {
+ throw new BadRequestException("Invalid permission key " + permission +". Valid ones are : "+ COMPONENT_PERMISSIONS);
+ }
}
}
return user != null;
}
- public String getUser() {
+ @Nullable
+ public String user() {
return user;
}
- public String getGroup() {
+ @Nullable
+ public String group() {
return group;
}
- public String getRole() {
- return role;
+ @Nullable
+ public String component() {
+ return component;
+ }
+
+ public String permission() {
+ return permission;
}
}
import com.google.common.collect.Lists;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.Permission;
-import org.sonar.core.permission.PermissionDao;
+import org.sonar.core.permission.GlobalPermission;
+import org.sonar.core.permission.PermissionTemplateDao;
import org.sonar.core.permission.PermissionTemplateDto;
import org.sonar.core.user.GroupDto;
import org.sonar.core.user.UserDao;
private final String templateName;
private final String permission;
private final String updatedReference;
- private final PermissionDao permissionDao;
+ private final PermissionTemplateDao permissionTemplateDao;
private final UserDao userDao;
- PermissionTemplateUpdater(String templateName, String permission, String updatedReference, PermissionDao permissionDao, UserDao userDao) {
+ PermissionTemplateUpdater(String templateName, String permission, String updatedReference, PermissionTemplateDao permissionTemplateDao, UserDao userDao) {
this.templateName = templateName;
this.permission = permission;
this.updatedReference = updatedReference;
- this.permissionDao = permissionDao;
+ this.permissionTemplateDao = permissionTemplateDao;
this.userDao = userDao;
}
static void checkUserCredentials() {
UserSession currentSession = UserSession.get();
currentSession.checkLoggedIn();
- currentSession.checkGlobalPermission(Permission.SYSTEM_ADMIN);
+ currentSession.checkGlobalPermission(GlobalPermission.SYSTEM_ADMIN);
}
private void validatePermission(String permission) {
}
private Long getTemplateId(String name) {
- PermissionTemplateDto permissionTemplateDto = permissionDao.selectTemplateByName(name);
+ PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectTemplateByName(name);
if(permissionTemplateDto == null) {
throw new BadRequestException("Unknown template: " + name);
}
import org.sonar.core.measure.MeasureFilterFactory;
import org.sonar.core.metric.DefaultMetricFinder;
import org.sonar.core.notification.DefaultNotificationManager;
-import org.sonar.core.permission.ComponentPermissionFacade;
-import org.sonar.core.persistence.DaoUtils;
-import org.sonar.core.persistence.DatabaseVersion;
-import org.sonar.core.persistence.DefaultDatabase;
-import org.sonar.core.persistence.DryRunDatabaseFactory;
-import org.sonar.core.persistence.MyBatis;
-import org.sonar.core.persistence.SemaphoreUpdater;
-import org.sonar.core.persistence.SemaphoresImpl;
+import org.sonar.core.permission.PermissionFacade;
+import org.sonar.core.persistence.*;
import org.sonar.core.purge.PurgeProfiler;
import org.sonar.core.qualitymodel.DefaultModelFinder;
import org.sonar.core.resource.DefaultResourcePermissions;
import org.sonar.server.configuration.ProfilesManager;
import org.sonar.server.db.DatabaseMigrator;
import org.sonar.server.db.EmbeddedDatabaseFactory;
-import org.sonar.server.issue.ActionPlanService;
-import org.sonar.server.issue.ActionService;
-import org.sonar.server.issue.AssignAction;
-import org.sonar.server.issue.CommentAction;
-import org.sonar.server.issue.DefaultIssueFinder;
-import org.sonar.server.issue.InternalRubyIssueService;
-import org.sonar.server.issue.IssueBulkChangeService;
-import org.sonar.server.issue.IssueChangelogService;
-import org.sonar.server.issue.IssueCommentService;
-import org.sonar.server.issue.IssueFilterService;
-import org.sonar.server.issue.IssueService;
-import org.sonar.server.issue.IssueStatsFinder;
-import org.sonar.server.issue.PlanAction;
-import org.sonar.server.issue.PublicRubyIssueService;
-import org.sonar.server.issue.ServerIssueStorage;
-import org.sonar.server.issue.SetSeverityAction;
-import org.sonar.server.issue.TransitionAction;
+import org.sonar.server.issue.*;
import org.sonar.server.notifications.NotificationCenter;
import org.sonar.server.notifications.NotificationService;
import org.sonar.server.permission.InternalPermissionService;
import org.sonar.server.permission.InternalPermissionTemplateService;
-import org.sonar.server.plugins.ApplicationDeployer;
-import org.sonar.server.plugins.DefaultServerPluginRepository;
-import org.sonar.server.plugins.InstalledPluginReferentialFactory;
-import org.sonar.server.plugins.PluginDeployer;
-import org.sonar.server.plugins.PluginDownloader;
-import org.sonar.server.plugins.ServerExtensionInstaller;
-import org.sonar.server.plugins.UpdateCenterClient;
-import org.sonar.server.plugins.UpdateCenterMatrixFactory;
+import org.sonar.server.plugins.*;
import org.sonar.server.qualitymodel.DefaultModelManager;
import org.sonar.server.rule.RubyRuleService;
import org.sonar.server.rules.ProfilesConsole;
import org.sonar.server.rules.RulesConsole;
-import org.sonar.server.startup.CleanDryRunCache;
-import org.sonar.server.startup.DeleteDeprecatedMeasures;
-import org.sonar.server.startup.GenerateBootstrapIndex;
-import org.sonar.server.startup.GeneratePluginIndex;
-import org.sonar.server.startup.GwtPublisher;
-import org.sonar.server.startup.JdbcDriverDeployer;
-import org.sonar.server.startup.LogServerId;
-import org.sonar.server.startup.RegisterMetrics;
-import org.sonar.server.startup.RegisterNewDashboards;
-import org.sonar.server.startup.RegisterNewMeasureFilters;
-import org.sonar.server.startup.RegisterNewProfiles;
-import org.sonar.server.startup.RegisterPermissionTemplates;
-import org.sonar.server.startup.RegisterQualityModels;
-import org.sonar.server.startup.RegisterRules;
-import org.sonar.server.startup.RegisterServletFilters;
-import org.sonar.server.startup.RenameDeprecatedPropertyKeys;
-import org.sonar.server.startup.ServerMetadataPersister;
+import org.sonar.server.startup.*;
import org.sonar.server.text.MacroInterpreter;
import org.sonar.server.text.RubyTextService;
-import org.sonar.server.ui.CodeColorizers;
-import org.sonar.server.ui.JRubyI18n;
-import org.sonar.server.ui.PageDecorations;
-import org.sonar.server.ui.SecurityRealmFactory;
-import org.sonar.server.ui.Views;
+import org.sonar.server.ui.*;
import org.sonar.server.user.DefaultUserService;
import org.sonar.server.user.NewUserNotifier;
servicesContainer.addSingleton(NewUserNotifier.class);
servicesContainer.addSingleton(DefaultUserFinder.class);
servicesContainer.addSingleton(DefaultUserService.class);
- servicesContainer.addSingleton(ComponentPermissionFacade.class);
+ servicesContainer.addSingleton(PermissionFacade.class);
servicesContainer.addSingleton(InternalPermissionService.class);
servicesContainer.addSingleton(InternalPermissionTemplateService.class);
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.utils.TimeProfiler;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.PermissionDao;
+import org.sonar.core.permission.PermissionTemplateDao;
import org.sonar.core.permission.PermissionTemplateDto;
import org.sonar.core.template.LoadedTemplateDao;
import org.sonar.core.template.LoadedTemplateDto;
private static final Logger LOG = LoggerFactory.getLogger(RegisterPermissionTemplates.class);
private final LoadedTemplateDao loadedTemplateDao;
- private final PermissionDao permissionDao;
+ private final PermissionTemplateDao permissionTemplateDao;
private final UserDao userDao;
private final PersistentSettings settings;
- public RegisterPermissionTemplates(LoadedTemplateDao loadedTemplateDao, PermissionDao permissionDao,
+ public RegisterPermissionTemplates(LoadedTemplateDao loadedTemplateDao, PermissionTemplateDao permissionTemplateDao,
UserDao userDao, PersistentSettings settings) {
this.loadedTemplateDao = loadedTemplateDao;
- this.permissionDao = permissionDao;
+ this.permissionTemplateDao = permissionTemplateDao;
this.userDao = userDao;
this.settings = settings;
}
}
private void insertDefaultTemplate(String templateName) {
- PermissionTemplateDto defaultPermissionTemplate = permissionDao
+ PermissionTemplateDto defaultPermissionTemplate = permissionTemplateDao
.createPermissionTemplate(templateName, PermissionTemplateDto.DEFAULT.getDescription());
addGroupPermission(defaultPermissionTemplate, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS);
addGroupPermission(defaultPermissionTemplate, UserRole.USER, DefaultGroups.ANYONE);
throw new IllegalArgumentException("Cannot setup default permission for group: " + groupName);
}
}
- permissionDao.addGroupPermission(template.getId(), groupId, permission);
+ permissionTemplateDao.addGroupPermission(template.getId(), groupId, permission);
}
private void registerInitialization() {
import org.sonar.api.user.User;
import org.sonar.api.user.UserFinder;
import org.sonar.api.user.UserQuery;
-import org.sonar.core.permission.Permission;
+import org.sonar.core.permission.GlobalPermission;
import org.sonar.core.user.UserDao;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.util.RubyUtils;
import javax.annotation.CheckForNull;
+
import java.util.List;
import java.util.Map;
throw new BadRequestException("Login is missing");
}
UserSession userSession = UserSession.get();
- userSession.checkGlobalPermission(Permission.SYSTEM_ADMIN);
+ userSession.checkGlobalPermission(GlobalPermission.SYSTEM_ADMIN);
if (Objects.equal(userSession.login(), login)) {
throw new BadRequestException("Self-deactivation is not possible");
}
import com.google.common.base.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.sonar.core.permission.Permission;
+import org.sonar.core.permission.GlobalPermission;
import org.sonar.core.user.AuthorizationDao;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.UnauthorizedException;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
+
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
private Integer userId;
private String login;
private Locale locale = Locale.ENGLISH;
- List<Permission> permissions = null;
+ List<GlobalPermission> globalPermissions = null;
UserSession() {
}
/**
* Ensures that user implies the specified permission. If not a {@link org.sonar.server.exceptions.ForbiddenException} is thrown.
*/
- public UserSession checkGlobalPermission(Permission permission) {
- if (!hasGlobalPermission(permission)) {
+ public UserSession checkGlobalPermission(GlobalPermission globalPermission) {
+ if (!hasGlobalPermission(globalPermission)) {
throw new ForbiddenException("Insufficient privileges");
}
return this;
/**
* Does the user have the given permission ?
*/
- public boolean hasGlobalPermission(Permission permission) {
- return globalPermissions().contains(permission);
+ public boolean hasGlobalPermission(GlobalPermission globalPermission) {
+ return globalPermissions().contains(globalPermission);
}
- List<Permission> globalPermissions() {
- if (permissions == null) {
+ List<GlobalPermission> globalPermissions() {
+ if (globalPermissions == null) {
List<String> permissionKeys = authorizationDao().selectGlobalPermissions(login);
- permissions = new ArrayList<Permission>();
+ globalPermissions = new ArrayList<GlobalPermission>();
for (String permissionKey : permissionKeys) {
- Permission perm = Permission.allGlobal().get(permissionKey);
+ GlobalPermission perm = GlobalPermission.allGlobal().get(permissionKey);
if (perm == null) {
LOG.warn("Ignoring unknown permission {} for user {}", permissionKey, login);
} else {
- permissions.add(perm);
+ globalPermissions.add(perm);
}
}
}
- return permissions;
+ return globalPermissions;
}
AuthorizationDao authorizationDao() {
# POST /api/permissions/add
#
# -- Mandatory parameters
- # 'permission' is the key of the permission to add
+ # 'permission' is the key of the permission to add. For global permissions, available values are : admin, profileadmin, shareDashboard, scan, dryRunScan.
+ # Component permission values are : user, codeviewer, admin
# 'user' is the user identifier (login)
# OR
# 'group' is the group identifier (group name or 'anyone')
#
+ # -- Optional parameters
+ # 'component' is the component on which add the permission. If null, the permission should be a global permission.
+ #
# -- Example
# curl -X POST -v -u admin:admin 'http://localhost:9000/api/permissions/add?permission=shareDashboard&user=new_user'
#
# POST /api/permissions/remove
#
# -- Mandatory parameters
- # 'permission' is the key of the permission to add
+ # 'permission' is the key of the permission to add. For global permissions, available values are : admin, profileadmin, shareDashboard, scan, dryRunScan.
+ # Component permission values are : user, codeviewer, admin
# 'user' is the user identifier (login)
# OR
# 'group' is the group identifier (group name or 'anyone')
#
+ # -- Optional parameters
+ # 'component' is the component on which add the permission. If null, the permission should be a global permission.
+ #
# -- Example
# curl -X POST -v -u admin:admin 'http://localhost:9000/api/permissions/remove?permission=shareDashboard&user=new_user'
#
end
end
-end
\ No newline at end of file
+end
import org.sonar.core.issue.db.IssueChangeDao;
import org.sonar.core.issue.db.IssueChangeDto;
import org.sonar.core.issue.db.IssueStorage;
-import org.sonar.core.permission.Permission;
+import org.sonar.core.permission.GlobalPermission;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
@Before
public void setUpUser() {
- MockUserSession.set().setLogin("admin").setPermissions(Permission.SYSTEM_ADMIN);
+ MockUserSession.set().setLogin("admin").setPermissions(GlobalPermission.SYSTEM_ADMIN);
}
@Before
import org.sonar.core.issue.db.IssueFilterDto;
import org.sonar.core.issue.db.IssueFilterFavouriteDao;
import org.sonar.core.issue.db.IssueFilterFavouriteDto;
-import org.sonar.core.permission.Permission;
+import org.sonar.core.permission.GlobalPermission;
import org.sonar.core.user.AuthorizationDao;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
@Test
public void should_have_permission_to_share_filter() {
- when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.DASHBOARD_SHARING.key()));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.DASHBOARD_SHARING.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Filter").setShared(false).setUserLogin("john"));
DefaultIssueFilter result = service.update(new DefaultIssueFilter().setId(1L).setName("My Filter").setShared(true).setUser("john"), userSession);
@Test
public void should_not_update_sharing_if_not_owner() {
// John is admin and want to change arthur filter sharing
- when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("Arthur Filter").setShared(true).setUserLogin("arthur"));
try {
@Test
public void should_update_other_shared_filter_if_admin_and_if_filter_owner_has_sharing_permission() {
- when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
- when(authorizationDao.selectGlobalPermissions("arthur")).thenReturn(newArrayList(Permission.DASHBOARD_SHARING.key()));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key()));
+ when(authorizationDao.selectGlobalPermissions("arthur")).thenReturn(newArrayList(GlobalPermission.DASHBOARD_SHARING.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setDescription("Old description").setUserLogin("arthur").setShared(true));
DefaultIssueFilter result = service.update(new DefaultIssueFilter().setId(1L).setName("My New Filter").setDescription("New description").setShared(true).setUser("arthur"), userSession);
@Test
public void should_not_update_other_shared_filter_if_admin_and_if_filter_owner_has_no_sharing_permission() {
- when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key()));
when(authorizationDao.selectGlobalPermissions("arthur")).thenReturn(Collections.<String>emptyList());
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setDescription("Old description").setUserLogin("arthur").setShared(true));
IssueFilterDto expectedDto = new IssueFilterDto().setName("My filter").setUserLogin("new.owner").setShared(true);
// New owner should have sharing perm in order to own the filter
- when(authorizationDao.selectGlobalPermissions("new.owner")).thenReturn(newArrayList(Permission.DASHBOARD_SHARING.key()));
- when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
+ when(authorizationDao.selectGlobalPermissions("new.owner")).thenReturn(newArrayList(GlobalPermission.DASHBOARD_SHARING.key()));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key()));
when(issueFilterDao.selectById(1L)).thenReturn(sharedFilter);
when(issueFilterDao.selectSharedFilters()).thenReturn(Lists.newArrayList(sharedFilter));
String currentUser = "dave.loper";
IssueFilterDto sharedFilter = new IssueFilterDto().setId(1L).setName("My filter").setUserLogin(currentUser).setShared(true);
- when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(Permission.DRY_RUN_EXECUTION.key()));
+ when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(GlobalPermission.DRY_RUN_EXECUTION.key()));
when(issueFilterDao.selectById(1L)).thenReturn(sharedFilter);
try {
@Test
public void should_delete_shared_filter_if_user_is_admin() {
- when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("arthur").setShared(true));
service.delete(1L, userSession);
@Test
public void should_not_delete_not_shared_filter_if_user_is_admin() {
- when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("arthur").setShared(false));
try {
@Test
public void user_can_share_filter_if_logged_and_own_sharing_permission(){
- when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.DASHBOARD_SHARING.key()));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.DASHBOARD_SHARING.key()));
UserSession userSession = MockUserSession.create().setLogin("john");
assertThat(service.canShareFilter(userSession)).isTrue();
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
-import org.apache.commons.lang.ObjectUtils;
-import org.hamcrest.BaseMatcher;
-import org.hamcrest.Description;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.security.DefaultGroups;
-import org.sonar.core.permission.ComponentPermissionFacade;
-import org.sonar.core.permission.Permission;
-import org.sonar.core.user.*;
+import org.sonar.core.permission.GlobalPermission;
+import org.sonar.core.permission.PermissionFacade;
+import org.sonar.core.resource.ResourceDao;
+import org.sonar.core.resource.ResourceDto;
+import org.sonar.core.resource.ResourceQuery;
+import org.sonar.core.user.GroupDto;
+import org.sonar.core.user.RoleDao;
+import org.sonar.core.user.UserDao;
+import org.sonar.core.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.UnauthorizedException;
import java.util.Map;
-import static org.mockito.Matchers.any;
-import static org.mockito.Matchers.argThat;
+import static org.fest.assertions.Assertions.assertThat;
import static org.mockito.Mockito.*;
-import static org.sonar.server.permission.InternalPermissionServiceTest.MatchesGroupRole.matchesRole;
-import static org.sonar.server.permission.InternalPermissionServiceTest.MatchesUserRole.matchesRole;
public class InternalPermissionServiceTest {
private InternalPermissionService service;
private RoleDao roleDao;
private UserDao userDao;
- private ComponentPermissionFacade permissionFacade;
+ private ResourceDao resourceDao;
+ private PermissionFacade permissionFacade;
@Before
public void setUpCommonStubbing() {
- MockUserSession.set().setLogin("admin").setPermissions(Permission.SYSTEM_ADMIN);
-
- UserDto targetedUser = new UserDto().setId(2L).setLogin("user").setActive(true);
- GroupDto targetedGroup = new GroupDto().setId(2L).setName("group");
+ MockUserSession.set().setLogin("admin").setPermissions(GlobalPermission.SYSTEM_ADMIN);
roleDao = mock(RoleDao.class);
-
userDao = mock(UserDao.class);
- when(userDao.selectActiveUserByLogin("user")).thenReturn(targetedUser);
- when(userDao.selectGroupByName("group")).thenReturn(targetedGroup);
+ when(userDao.selectActiveUserByLogin("user")).thenReturn(new UserDto().setId(2L).setLogin("user").setActive(true));
+ when(userDao.selectGroupByName("group")).thenReturn(new GroupDto().setId(2L).setName("group"));
+
+ resourceDao = mock(ResourceDao.class);
- permissionFacade = mock(ComponentPermissionFacade.class);
+ permissionFacade = mock(PermissionFacade.class);
- service = new InternalPermissionService(roleDao, userDao, permissionFacade);
+ service = new InternalPermissionService(roleDao, userDao, resourceDao, permissionFacade);
}
@Test
- public void should_add_user_permission() throws Exception {
- params = buildPermissionChangeParams("user", null, Permission.DASHBOARD_SHARING);
- setUpUserPermissions("user", Permission.QUALITY_PROFILE_ADMIN.key());
- UserRoleDto roleToInsert = new UserRoleDto().setUserId(2L).setRole(Permission.DASHBOARD_SHARING.key());
+ public void should_add_global_user_permission() throws Exception {
+ params = buildPermissionChangeParams("user", null, GlobalPermission.DASHBOARD_SHARING);
+ setUpUserPermissions("user", GlobalPermission.QUALITY_PROFILE_ADMIN.key());
service.addPermission(params);
- verify(roleDao).insertUserRole(argThat(matchesRole(roleToInsert)));
+ verify(permissionFacade).insertUserPermission(eq((Long) null), eq(2L), eq("shareDashboard"));
}
@Test
- public void should_remove_user_permission() throws Exception {
- params = buildPermissionChangeParams("user", null, Permission.QUALITY_PROFILE_ADMIN);
- setUpUserPermissions("user", Permission.QUALITY_PROFILE_ADMIN.key());
- UserRoleDto roleToRemove = new UserRoleDto().setUserId(2L).setRole(Permission.QUALITY_PROFILE_ADMIN.key());
+ public void should_add_component_user_permission() throws Exception {
+ when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn(
+ new ResourceDto().setId(10L).setKey("org.sample.Sample"));
- service.removePermission(params);
+ params = buildPermissionChangeParams("user", null, "org.sample.Sample", "user");
+ setUpUserPermissions("user", "codeviewer");
+
+ service.addPermission(params);
- verify(roleDao).deleteUserRole(argThat(matchesRole(roleToRemove)));
+ verify(permissionFacade).insertUserPermission(eq(10L), eq(2L), eq("user"));
}
@Test
- public void should_add_group_permission() throws Exception {
- params = buildPermissionChangeParams(null, "group", Permission.DASHBOARD_SHARING);
- setUpGroupPermissions("group", Permission.QUALITY_PROFILE_ADMIN.key());
- GroupRoleDto roleToInsert = new GroupRoleDto().setGroupId(2L).setRole(Permission.DASHBOARD_SHARING.key());
+ public void should_remove_global_user_permission() throws Exception {
+ params = buildPermissionChangeParams("user", null, GlobalPermission.QUALITY_PROFILE_ADMIN);
+ setUpUserPermissions("user", GlobalPermission.QUALITY_PROFILE_ADMIN.key());
- service.addPermission(params);
+ service.removePermission(params);
- verify(roleDao).insertGroupRole(argThat(matchesRole(roleToInsert)));
+ verify(permissionFacade).deleteUserPermission(eq((Long) null), eq(2L), eq("profileadmin"));
}
@Test
- public void should_remove_group_permission() throws Exception {
- params = buildPermissionChangeParams(null, "group", Permission.QUALITY_PROFILE_ADMIN);
- setUpGroupPermissions("group", Permission.QUALITY_PROFILE_ADMIN.key());
- GroupRoleDto roleToRemove = new GroupRoleDto().setGroupId(2L).setRole(Permission.QUALITY_PROFILE_ADMIN.key());
+ public void should_remove_component_user_permission() throws Exception {
+ when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn(
+ new ResourceDto().setId(10L).setKey("org.sample.Sample"));
+
+ params = buildPermissionChangeParams("user", null, "org.sample.Sample", "codeviewer");
+ setUpUserPermissions("user", "codeviewer");
service.removePermission(params);
- verify(roleDao).deleteGroupRole(argThat(matchesRole(roleToRemove)));
+ verify(permissionFacade).deleteUserPermission(eq(10L), eq(2L), eq("codeviewer"));
}
@Test
- public void should_skip_redundant_permission_change() throws Exception {
- params = buildPermissionChangeParams("user", null, Permission.QUALITY_PROFILE_ADMIN);
- setUpUserPermissions("user", Permission.QUALITY_PROFILE_ADMIN.key());
+ public void should_add_global_group_permission() throws Exception {
+ params = buildPermissionChangeParams(null, "group", GlobalPermission.DASHBOARD_SHARING);
+ setUpGroupPermissions("group", GlobalPermission.QUALITY_PROFILE_ADMIN.key());
service.addPermission(params);
- verify(roleDao, never()).insertUserRole(any(UserRoleDto.class));
+ verify(permissionFacade).insertGroupPermission(eq((Long) null), eq(2L), eq("shareDashboard"));
}
@Test
- public void should_fail_on_invalid_request() throws Exception {
- throwable.expect(BadRequestException.class);
- params = buildPermissionChangeParams("user", "group", Permission.QUALITY_PROFILE_ADMIN);
+ public void should_add_component_group_permission() throws Exception {
+ when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn(
+ new ResourceDto().setId(10L).setKey("org.sample.Sample"));
+
+ params = buildPermissionChangeParams(null, "group", "org.sample.Sample", "user");
+ setUpGroupPermissions("group", "codeviewer");
service.addPermission(params);
+
+ verify(permissionFacade).insertGroupPermission(eq(10L), eq(2L), eq("user"));
}
@Test
- public void should_fail_on_insufficient_rights() throws Exception {
- throwable.expect(ForbiddenException.class);
- params = buildPermissionChangeParams("user", null, Permission.QUALITY_PROFILE_ADMIN);
-
- MockUserSession.set().setLogin("unauthorized").setPermissions(Permission.QUALITY_PROFILE_ADMIN);
+ public void should_add_global_permission_to_anyone_group() throws Exception {
+ params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, GlobalPermission.QUALITY_PROFILE_ADMIN);
service.addPermission(params);
+
+ verify(permissionFacade).insertGroupPermission(eq((Long) null), eq((Long) null), eq("profileadmin"));
}
@Test
- public void should_fail_on_anonymous_access() throws Exception {
- throwable.expect(UnauthorizedException.class);
- params = buildPermissionChangeParams("user", null, Permission.QUALITY_PROFILE_ADMIN);
+ public void should_add_component_permission_to_anyone_group() throws Exception {
+ when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn(
+ new ResourceDto().setId(10L).setKey("org.sample.Sample"));
- MockUserSession.set();
+ params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, "org.sample.Sample", "user");
service.addPermission(params);
+
+ verify(permissionFacade).insertGroupPermission(eq(10L), eq((Long) null), eq("user"));
}
@Test
- public void should_add_permission_to_anyone_group() throws Exception {
- params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, Permission.QUALITY_PROFILE_ADMIN);
- GroupRoleDto roleToInsert = new GroupRoleDto().setRole(Permission.QUALITY_PROFILE_ADMIN.key());
+ public void should_remove_global_group_permission() throws Exception {
+ params = buildPermissionChangeParams(null, "group", GlobalPermission.QUALITY_PROFILE_ADMIN);
+ setUpGroupPermissions("group", GlobalPermission.QUALITY_PROFILE_ADMIN.key());
- service.addPermission(params);
+ service.removePermission(params);
- verify(roleDao).insertGroupRole(argThat(matchesRole(roleToInsert)));
+ verify(permissionFacade).deleteGroupPermission(eq((Long) null), eq(2L), eq("profileadmin"));
}
@Test
- public void should_remove_permission_from_anyone_group() throws Exception {
- params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, Permission.QUALITY_PROFILE_ADMIN);
- setUpGroupPermissions(DefaultGroups.ANYONE, Permission.QUALITY_PROFILE_ADMIN.key());
- GroupRoleDto roleToDelete = new GroupRoleDto().setRole(Permission.QUALITY_PROFILE_ADMIN.key());
+ public void should_remove_component_group_permission() throws Exception {
+ when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn(
+ new ResourceDto().setId(10L).setKey("org.sample.Sample"));
+
+ params = buildPermissionChangeParams(null, "group", "org.sample.Sample", "codeviewer");
+ setUpGroupPermissions("group", "codeviewer");
service.removePermission(params);
- verify(roleDao).deleteGroupRole(argThat(matchesRole(roleToDelete)));
+ verify(permissionFacade).deleteGroupPermission(eq(10L), eq(2L), eq("codeviewer"));
}
@Test
- public void should_apply_permission_template() throws Exception {
- params = Maps.newHashMap();
- params.put("template_key", "my_template_key");
- params.put("components", "1,2,3");
+ public void should_remove_global_permission_from_anyone_group() throws Exception {
+ params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, GlobalPermission.QUALITY_PROFILE_ADMIN);
+ setUpGroupPermissions(DefaultGroups.ANYONE, GlobalPermission.QUALITY_PROFILE_ADMIN.key());
- service.applyPermissionTemplate(params);
+ service.removePermission(params);
- verify(permissionFacade).applyPermissionTemplate("my_template_key", 1L);
- verify(permissionFacade).applyPermissionTemplate("my_template_key", 2L);
- verify(permissionFacade).applyPermissionTemplate("my_template_key", 3L);
+ verify(permissionFacade).deleteGroupPermission(eq((Long) null), eq((Long) null), eq("profileadmin"));
}
- protected static class MatchesUserRole extends BaseMatcher<UserRoleDto> {
+ @Test
+ public void should_remove_component_permission_from_anyone_group() throws Exception {
+ when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn(
+ new ResourceDto().setId(10L).setKey("org.sample.Sample"));
- private final UserRoleDto referenceDto;
+ params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, "org.sample.Sample", "codeviewer");
+ setUpGroupPermissions(DefaultGroups.ANYONE, "codeviewer");
- private MatchesUserRole(UserRoleDto referenceDto) {
- this.referenceDto = referenceDto;
- }
+ service.removePermission(params);
- public static MatchesUserRole matchesRole(UserRoleDto referenceDto) {
- return new MatchesUserRole(referenceDto);
- }
+ verify(permissionFacade).deleteGroupPermission(eq(10L), eq((Long) null), eq("codeviewer"));
+ }
- @Override
- public boolean matches(Object o) {
- if (o != null && o instanceof UserRoleDto) {
- UserRoleDto otherDto = (UserRoleDto) o;
- return ObjectUtils.equals(referenceDto.getResourceId(), otherDto.getResourceId()) &&
- ObjectUtils.equals(referenceDto.getRole(), otherDto.getRole()) &&
- ObjectUtils.equals(referenceDto.getUserId(), otherDto.getUserId());
- }
- return false;
- }
+ @Test
+ public void should_skip_redundant_add_user_permission_change() throws Exception {
+ params = buildPermissionChangeParams("user", null, GlobalPermission.QUALITY_PROFILE_ADMIN);
+ setUpUserPermissions("user", GlobalPermission.QUALITY_PROFILE_ADMIN.key());
- @Override
- public void describeTo(Description description) {
- }
+ service.addPermission(params);
+
+ verify(permissionFacade, never()).insertUserPermission(anyLong(), anyLong(), anyString());
}
- protected static class MatchesGroupRole extends BaseMatcher<GroupRoleDto> {
+ @Test
+ public void should_skip_redundant_add_group_permission_change() throws Exception {
+ params = buildPermissionChangeParams(null, "group", GlobalPermission.QUALITY_PROFILE_ADMIN);
+ setUpGroupPermissions("group", GlobalPermission.QUALITY_PROFILE_ADMIN.key());
+
+ service.addPermission(params);
- private final GroupRoleDto referenceDto;
+ verify(permissionFacade, never()).insertGroupPermission(anyLong(), anyLong(), anyString());
+ }
- private MatchesGroupRole(GroupRoleDto referenceDto) {
- this.referenceDto = referenceDto;
+ @Test
+ public void should_fail_when_user_and_group_are_provided() throws Exception {
+ try {
+ params = buildPermissionChangeParams("user", "group", GlobalPermission.QUALITY_PROFILE_ADMIN);
+ service.addPermission(params);
+ } catch (Exception e) {
+ assertThat(e).isInstanceOf(BadRequestException.class).hasMessage("Only one of user or group parameter should be provided");
}
+ }
- public static MatchesGroupRole matchesRole(GroupRoleDto referenceDto) {
- return new MatchesGroupRole(referenceDto);
+ @Test
+ public void should_fail_when_user_is_not_found() throws Exception {
+ try {
+ when(userDao.selectActiveUserByLogin("user")).thenReturn(null);
+ params = buildPermissionChangeParams("unknown", null, GlobalPermission.QUALITY_PROFILE_ADMIN);
+ service.addPermission(params);
+ } catch (Exception e) {
+ assertThat(e).isInstanceOf(BadRequestException.class).hasMessage("User unknown does not exist");
}
+ }
- @Override
- public boolean matches(Object o) {
- if (o != null && o instanceof GroupRoleDto) {
- GroupRoleDto otherDto = (GroupRoleDto) o;
- return ObjectUtils.equals(referenceDto.getResourceId(), otherDto.getResourceId()) &&
- ObjectUtils.equals(referenceDto.getRole(), otherDto.getRole()) &&
- ObjectUtils.equals(referenceDto.getGroupId(), otherDto.getGroupId());
- }
- return false;
+ @Test
+ public void should_fail_when_group_is_not_found() throws Exception {
+ try {
+ params = buildPermissionChangeParams(null, "unknown", GlobalPermission.QUALITY_PROFILE_ADMIN);
+ service.addPermission(params);
+ } catch (Exception e) {
+ assertThat(e).isInstanceOf(BadRequestException.class).hasMessage("Group unknown does not exist");
}
+ }
- @Override
- public void describeTo(Description description) {
+ @Test
+ public void should_fail_when_component_is_not_found() throws Exception {
+ try {
+ params = buildPermissionChangeParams(null, "group", "unknown", "user");
+ service.addPermission(params);
+ } catch (Exception e) {
+ assertThat(e).isInstanceOf(BadRequestException.class).hasMessage("Component unknown does not exists.");
}
}
- private Map<String, Object> buildPermissionChangeParams(String login, String group, Permission perm) {
+ @Test
+ public void should_fail_on_insufficient_rights() throws Exception {
+ try {
+ params = buildPermissionChangeParams("user", null, GlobalPermission.QUALITY_PROFILE_ADMIN);
+ MockUserSession.set().setLogin("unauthorized").setPermissions(GlobalPermission.QUALITY_PROFILE_ADMIN);
+ service.addPermission(params);
+ } catch (Exception e) {
+ assertThat(e).isInstanceOf(ForbiddenException.class).hasMessage("Insufficient privileges");
+ }
+ }
+
+ @Test
+ public void should_fail_on_anonymous_access() throws Exception {
+ throwable.expect(UnauthorizedException.class);
+ params = buildPermissionChangeParams("user", null, GlobalPermission.QUALITY_PROFILE_ADMIN);
+
+ MockUserSession.set();
+
+ service.addPermission(params);
+ }
+
+ @Test
+ public void should_apply_permission_template() throws Exception {
+ params = Maps.newHashMap();
+ params.put("template_key", "my_template_key");
+ params.put("components", "1,2,3");
+
+ service.applyPermissionTemplate(params);
+
+ verify(permissionFacade).applyPermissionTemplate("my_template_key", 1L);
+ verify(permissionFacade).applyPermissionTemplate("my_template_key", 2L);
+ verify(permissionFacade).applyPermissionTemplate("my_template_key", 3L);
+ }
+
+ private Map<String, Object> buildPermissionChangeParams(String login, String group, GlobalPermission perm) {
Map<String, Object> params = Maps.newHashMap();
params.put("user", login);
params.put("group", group);
return params;
}
+ private Map<String, Object> buildPermissionChangeParams(String login, String group, String component, String perm) {
+ Map<String, Object> params = Maps.newHashMap();
+ params.put("user", login);
+ params.put("group", group);
+ params.put("component", component);
+ params.put("permission", perm);
+ return params;
+ }
+
private void setUpUserPermissions(String login, String... permissions) {
when(roleDao.selectUserPermissions(login)).thenReturn(Lists.newArrayList(permissions));
}
private static final PermissionTemplateDto DEFAULT_TEMPLATE =
new PermissionTemplateDto().setId(1L).setName(DEFAULT_NAME).setDescription(DEFAULT_DESC);
- private PermissionDao permissionDao;
+ private PermissionTemplateDao permissionTemplateDao;
private UserDao userDao;
private InternalPermissionTemplateService permissionTemplateService;
@Before
public void setUp() {
- MockUserSession.set().setLogin("admin").setPermissions(Permission.SYSTEM_ADMIN);
- permissionDao = mock(PermissionDao.class);
+ MockUserSession.set().setLogin("admin").setPermissions(GlobalPermission.SYSTEM_ADMIN);
+ permissionTemplateDao = mock(PermissionTemplateDao.class);
userDao = mock(UserDao.class);
- permissionTemplateService = new InternalPermissionTemplateService(permissionDao, userDao);
+ permissionTemplateService = new InternalPermissionTemplateService(permissionTemplateDao, userDao);
}
@Test
public void should_create_permission_template() throws Exception {
- when(permissionDao.createPermissionTemplate(DEFAULT_NAME, DEFAULT_DESC)).thenReturn(DEFAULT_TEMPLATE);
+ when(permissionTemplateDao.createPermissionTemplate(DEFAULT_NAME, DEFAULT_DESC)).thenReturn(DEFAULT_TEMPLATE);
PermissionTemplate permissionTemplate = permissionTemplateService.createPermissionTemplate(DEFAULT_NAME, DEFAULT_DESC);
expected.expect(BadRequestException.class);
expected.expectMessage("A template with that name already exists");
- when(permissionDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(DEFAULT_TEMPLATE));
+ when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(DEFAULT_TEMPLATE));
permissionTemplateService.createPermissionTemplate(DEFAULT_NAME, DEFAULT_DESC);
}
@Test
public void should_delete_permission_template() throws Exception {
- when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
+ when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
permissionTemplateService.deletePermissionTemplate(1L);
- verify(permissionDao, times(1)).deletePermissionTemplate(1L);
+ verify(permissionTemplateDao, times(1)).deletePermissionTemplate(1L);
}
@Test
public void should_retrieve_permission_template() throws Exception {
List<PermissionTemplateUserDto> usersPermissions = Lists.newArrayList(
- buildUserPermission("user_scan", Permission.SCAN_EXECUTION.key()),
- buildUserPermission("user_dry_run", Permission.DRY_RUN_EXECUTION.key()),
- buildUserPermission("user_scan_and_dry_run", Permission.SCAN_EXECUTION.key()),
- buildUserPermission("user_scan_and_dry_run", Permission.DRY_RUN_EXECUTION.key())
+ buildUserPermission("user_scan", GlobalPermission.SCAN_EXECUTION.key()),
+ buildUserPermission("user_dry_run", GlobalPermission.DRY_RUN_EXECUTION.key()),
+ buildUserPermission("user_scan_and_dry_run", GlobalPermission.SCAN_EXECUTION.key()),
+ buildUserPermission("user_scan_and_dry_run", GlobalPermission.DRY_RUN_EXECUTION.key())
);
List<PermissionTemplateGroupDto> groupsPermissions = Lists.newArrayList(
- buildGroupPermission("admin_group", Permission.SYSTEM_ADMIN.key()),
- buildGroupPermission("scan_group", Permission.SCAN_EXECUTION.key()),
- buildGroupPermission(null, Permission.DRY_RUN_EXECUTION.key())
+ buildGroupPermission("admin_group", GlobalPermission.SYSTEM_ADMIN.key()),
+ buildGroupPermission("scan_group", GlobalPermission.SCAN_EXECUTION.key()),
+ buildGroupPermission(null, GlobalPermission.DRY_RUN_EXECUTION.key())
);
PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto()
.setUsersPermissions(usersPermissions)
.setGroupsByPermission(groupsPermissions);
- when(permissionDao.selectPermissionTemplate("my template")).thenReturn(permissionTemplateDto);
+ when(permissionTemplateDao.selectPermissionTemplate("my template")).thenReturn(permissionTemplateDto);
PermissionTemplate permissionTemplate = permissionTemplateService.selectPermissionTemplate("my template");
- assertThat(permissionTemplate.getUsersForPermission(Permission.DASHBOARD_SHARING.key())).isEmpty();
- assertThat(permissionTemplate.getUsersForPermission(Permission.SCAN_EXECUTION.key())).onProperty("userName").containsOnly("user_scan", "user_scan_and_dry_run");
- assertThat(permissionTemplate.getUsersForPermission(Permission.DRY_RUN_EXECUTION.key())).onProperty("userName").containsOnly("user_dry_run", "user_scan_and_dry_run");
- assertThat(permissionTemplate.getGroupsForPermission(Permission.DASHBOARD_SHARING.key())).isEmpty();
- assertThat(permissionTemplate.getGroupsForPermission(Permission.SCAN_EXECUTION.key())).onProperty("groupName").containsOnly("scan_group");
- assertThat(permissionTemplate.getGroupsForPermission(Permission.SYSTEM_ADMIN.key())).onProperty("groupName").containsOnly("admin_group");
+ assertThat(permissionTemplate.getUsersForPermission(GlobalPermission.DASHBOARD_SHARING.key())).isEmpty();
+ assertThat(permissionTemplate.getUsersForPermission(GlobalPermission.SCAN_EXECUTION.key())).onProperty("userName").containsOnly("user_scan", "user_scan_and_dry_run");
+ assertThat(permissionTemplate.getUsersForPermission(GlobalPermission.DRY_RUN_EXECUTION.key())).onProperty("userName").containsOnly("user_dry_run", "user_scan_and_dry_run");
+ assertThat(permissionTemplate.getGroupsForPermission(GlobalPermission.DASHBOARD_SHARING.key())).isEmpty();
+ assertThat(permissionTemplate.getGroupsForPermission(GlobalPermission.SCAN_EXECUTION.key())).onProperty("groupName").containsOnly("scan_group");
+ assertThat(permissionTemplate.getGroupsForPermission(GlobalPermission.SYSTEM_ADMIN.key())).onProperty("groupName").containsOnly("admin_group");
}
@Test
new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
PermissionTemplateDto template2 =
new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
- when(permissionDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
+ when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
List<PermissionTemplate> templates = permissionTemplateService.selectAllPermissionTemplates();
permissionTemplateService.updatePermissionTemplate(1L, "new_name", "new_description");
- verify(permissionDao).updatePermissionTemplate(1L, "new_name", "new_description");
+ verify(permissionTemplateDao).updatePermissionTemplate(1L, "new_name", "new_description");
}
@Test
new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
PermissionTemplateDto template2 =
new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
- when(permissionDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
+ when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
permissionTemplateService.updatePermissionTemplate(1L, "template2", "template1");
}
new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
PermissionTemplateDto template2 =
new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
- when(permissionDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
+ when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
permissionTemplateService.updatePermissionTemplate(1L, "template1", "new_description");
- verify(permissionDao).updatePermissionTemplate(1L, "template1", "new_description");
+ verify(permissionTemplateDao).updatePermissionTemplate(1L, "template1", "new_description");
}
@Test
public void should_add_user_permission() throws Exception {
UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user");
when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto);
- when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
+ when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
permissionTemplateService.addUserPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "user");
- verify(permissionDao, times(1)).addUserPermission(1L, 1L, DEFAULT_PERMISSION);
+ verify(permissionTemplateDao, times(1)).addUserPermission(1L, 1L, DEFAULT_PERMISSION);
}
@Test
expected.expect(BadRequestException.class);
expected.expectMessage("Unknown user:");
- when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
+ when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
when(userDao.selectActiveUserByLogin("unknown")).thenReturn(null);
permissionTemplateService.addUserPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "unknown");
public void should_remove_user_permission() throws Exception {
UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user");
when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto);
- when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
+ when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
permissionTemplateService.removeUserPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "user");
- verify(permissionDao, times(1)).removeUserPermission(1L, 1L, DEFAULT_PERMISSION);
+ verify(permissionTemplateDao, times(1)).removeUserPermission(1L, 1L, DEFAULT_PERMISSION);
}
@Test
public void should_add_group_permission() throws Exception {
GroupDto groupDto = new GroupDto().setId(1L).setName("group");
when(userDao.selectGroupByName("group")).thenReturn(groupDto);
- when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
+ when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
permissionTemplateService.addGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "group");
- verify(permissionDao, times(1)).addGroupPermission(1L, 1L, DEFAULT_PERMISSION);
+ verify(permissionTemplateDao, times(1)).addGroupPermission(1L, 1L, DEFAULT_PERMISSION);
}
@Test
expected.expect(BadRequestException.class);
expected.expectMessage("Unknown group:");
- when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
+ when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
when(userDao.selectGroupByName("unknown")).thenReturn(null);
permissionTemplateService.addGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "unknown");
public void should_remove_group_permission() throws Exception {
GroupDto groupDto = new GroupDto().setId(1L).setName("group");
when(userDao.selectGroupByName("group")).thenReturn(groupDto);
- when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
+ when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
permissionTemplateService.removeGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "group");
- verify(permissionDao, times(1)).removeGroupPermission(1L, 1L, DEFAULT_PERMISSION);
+ verify(permissionTemplateDao, times(1)).removeGroupPermission(1L, 1L, DEFAULT_PERMISSION);
}
@Test
public void should_add_permission_to_anyone_group() throws Exception {
- when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
+ when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
permissionTemplateService.addGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "Anyone");
- verify(permissionDao).addGroupPermission(1L, null, DEFAULT_PERMISSION);
+ verify(permissionTemplateDao).addGroupPermission(1L, null, DEFAULT_PERMISSION);
verifyZeroInteractions(userDao);
}
@Test
public void should_remove_permission_from_anyone_group() throws Exception {
- when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
+ when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
permissionTemplateService.removeGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "Anyone");
- verify(permissionDao).removeGroupPermission(1L, null, DEFAULT_PERMISSION);
+ verify(permissionTemplateDao).removeGroupPermission(1L, null, DEFAULT_PERMISSION);
verifyZeroInteractions(userDao);
}
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
-import org.sonar.core.permission.Permission;
+import org.sonar.core.permission.GlobalPermission;
import org.sonar.server.exceptions.BadRequestException;
import java.util.Map;
public ExpectedException thrown = ExpectedException.none();
@Test
- public void should_populate_from_params() throws Exception {
-
+ public void populate_from_params() throws Exception {
Map<String, Object> params = Maps.newHashMap();
params.put("user", "my_login");
params.put("group", "my_group");
- params.put("permission", Permission.SYSTEM_ADMIN.key());
+ params.put("component", "org.sample.Sample");
+ params.put("permission", GlobalPermission.SYSTEM_ADMIN.key());
PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(params);
- assertThat(query.getUser()).isEqualTo("my_login");
- assertThat(query.getGroup()).isEqualTo("my_group");
- assertThat(query.getRole()).isEqualTo(Permission.SYSTEM_ADMIN.key());
+ assertThat(query.user()).isEqualTo("my_login");
+ assertThat(query.group()).isEqualTo("my_group");
+ assertThat(query.component()).isEqualTo("org.sample.Sample");
+ assertThat(query.permission()).isEqualTo(GlobalPermission.SYSTEM_ADMIN.key());
}
@Test
- public void should_validate_user_query() throws Exception {
-
+ public void validate_user_query() throws Exception {
Map<String, Object> validUserParams = Maps.newHashMap();
validUserParams.put("user", "my_login");
- validUserParams.put("permission", Permission.SYSTEM_ADMIN.key());
+ validUserParams.put("permission", GlobalPermission.SYSTEM_ADMIN.key());
PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(validUserParams);
query.validate();
}
@Test
- public void should_validate_group_query() throws Exception {
-
+ public void validate_group_query() throws Exception {
Map<String, Object> validGroupParams = Maps.newHashMap();
validGroupParams.put("group", "my_group");
- validGroupParams.put("permission", Permission.SYSTEM_ADMIN.key());
+ validGroupParams.put("permission", GlobalPermission.SYSTEM_ADMIN.key());
PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(validGroupParams);
query.validate();
}
@Test
- public void should_reject_inconsistent_query() throws Exception {
-
+ public void reject_inconsistent_query() throws Exception {
Map<String, Object> inconsistentParams = Maps.newHashMap();
inconsistentParams.put("user", "my_login");
inconsistentParams.put("group", "my_group");
- inconsistentParams.put("permission", Permission.SYSTEM_ADMIN.key());
+ inconsistentParams.put("permission", GlobalPermission.SYSTEM_ADMIN.key());
PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(inconsistentParams);
}
@Test
- public void should_detect_missing_user_or_group() throws Exception {
+ public void detect_missing_user_or_group() throws Exception {
Map<String, Object> inconsistentParams = Maps.newHashMap();
inconsistentParams.put("permission", "admin");
}
@Test
- public void should_detect_missing_permission() throws Exception {
+ public void detect_missing_permission() throws Exception {
Map<String, Object> inconsistentParams = Maps.newHashMap();
inconsistentParams.put("user", "my_login");
}
@Test
- public void should_validate_permission_reference() throws Exception {
+ public void validate_global_permission_reference() throws Exception {
+ Map<String, Object> inconsistentParams = Maps.newHashMap();
+ inconsistentParams.put("user", "my_login");
+ inconsistentParams.put("permission", "invalid");
+
+ PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(inconsistentParams);
+
+ thrown.expect(BadRequestException.class);
+ thrown.expectMessage("Invalid permission key invalid. Valid ones are : [admin, profileadmin, shareDashboard, scan, dryRunScan]");
+ query.validate();
+ }
+
+ @Test
+ public void validate_component_permission_reference() throws Exception {
Map<String, Object> inconsistentParams = Maps.newHashMap();
inconsistentParams.put("user", "my_login");
- inconsistentParams.put("permission", "invalid_role");
+ inconsistentParams.put("component", "org.sample.Sample");
+ inconsistentParams.put("permission", "invalid");
PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(inconsistentParams);
thrown.expect(BadRequestException.class);
- thrown.expectMessage("Invalid permission key invalid_role");
+ thrown.expectMessage("Invalid permission key invalid. Valid ones are : [admin, codeviewer, user]");
query.validate();
}
}
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.Permission;
-import org.sonar.core.permission.PermissionDao;
+import org.sonar.core.permission.GlobalPermission;
+import org.sonar.core.permission.PermissionTemplateDao;
import org.sonar.core.permission.PermissionTemplateDto;
import org.sonar.core.user.GroupDto;
import org.sonar.core.user.UserDao;
@Before
public void setUpCommonMocks() {
- MockUserSession.set().setLogin("admin").setPermissions(Permission.SYSTEM_ADMIN);
+ MockUserSession.set().setLogin("admin").setPermissions(GlobalPermission.SYSTEM_ADMIN);
userDao = mock(UserDao.class);
stub(userDao.selectActiveUserByLogin("user")).toReturn(DEFAULT_USER);
stub(userDao.selectGroupByName("group")).toReturn(DEFAULT_GROUP);
@Test
public void should_execute_on_valid_parameters() throws Exception {
- final PermissionDao permissionDao = mock(PermissionDao.class);
- when(permissionDao.selectTemplateByName("my template")).thenReturn(new PermissionTemplateDto().setId(1L));
+ final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class);
+ when(permissionTemplateDao.selectTemplateByName("my template")).thenReturn(new PermissionTemplateDto().setId(1L));
PermissionTemplateUpdater updater =
- new PermissionTemplateUpdater("my template", UserRole.USER, "user", permissionDao, userDao) {
+ new PermissionTemplateUpdater("my template", UserRole.USER, "user", permissionTemplateDao, userDao) {
@Override
void doExecute(Long templateId, String permission) {
- permissionDao.addUserPermission(1L, 1L, UserRole.USER);
+ permissionTemplateDao.addUserPermission(1L, 1L, UserRole.USER);
}
};
updater.executeUpdate();
- verify(permissionDao, times(1)).addUserPermission(1L, 1L, UserRole.USER);
+ verify(permissionTemplateDao, times(1)).addUserPermission(1L, 1L, UserRole.USER);
}
@Test
expected.expect(BadRequestException.class);
expected.expectMessage("Unknown template:");
- final PermissionDao permissionDao = mock(PermissionDao.class);
- when(permissionDao.selectTemplateByName("my template")).thenReturn(null);
+ final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class);
+ when(permissionTemplateDao.selectTemplateByName("my template")).thenReturn(null);
PermissionTemplateUpdater updater =
- new PermissionTemplateUpdater("my template", UserRole.USER, "user", permissionDao, userDao) {
+ new PermissionTemplateUpdater("my template", UserRole.USER, "user", permissionTemplateDao, userDao) {
@Override
void doExecute(Long templateId, String permission) {
}
expected.expect(BadRequestException.class);
expected.expectMessage("Invalid permission:");
- final PermissionDao permissionDao = mock(PermissionDao.class);
- when(permissionDao.selectTemplateByName("my template")).thenReturn(new PermissionTemplateDto().setId(1L));
+ final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class);
+ when(permissionTemplateDao.selectTemplateByName("my template")).thenReturn(new PermissionTemplateDto().setId(1L));
PermissionTemplateUpdater updater =
- new PermissionTemplateUpdater("my template", "invalid", "user", permissionDao, userDao) {
+ new PermissionTemplateUpdater("my template", "invalid", "user", permissionTemplateDao, userDao) {
@Override
void doExecute(Long templateId, String permission) {
}
expected.expect(ForbiddenException.class);
expected.expectMessage("Insufficient privileges");
- MockUserSession.set().setLogin("user").setPermissions(Permission.SCAN_EXECUTION);
+ MockUserSession.set().setLogin("user").setPermissions(GlobalPermission.SCAN_EXECUTION);
PermissionTemplateUpdater updater = new PermissionTemplateUpdater(null, null, null, null, null) {
@Override
import org.junit.Test;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.PermissionDao;
+import org.sonar.core.permission.PermissionTemplateDao;
import org.sonar.core.permission.PermissionTemplateDto;
import org.sonar.core.template.LoadedTemplateDao;
import org.sonar.core.template.LoadedTemplateDto;
private PersistentSettings settings;
private LoadedTemplateDao loadedTemplateDao;
- private PermissionDao permissionDao;
+ private PermissionTemplateDao permissionTemplateDao;
private UserDao userDao;
@Before
public void setUp() {
settings = mock(PersistentSettings.class);
loadedTemplateDao = mock(LoadedTemplateDao.class);
- permissionDao = mock(PermissionDao.class);
+ permissionTemplateDao = mock(PermissionTemplateDao.class);
userDao = mock(UserDao.class);
}
when(loadedTemplateDao.countByTypeAndKey(LoadedTemplateDto.PERMISSION_TEMPLATE_TYPE, PermissionTemplateDto.DEFAULT.getKee()))
.thenReturn(0);
- when(permissionDao.createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), PermissionTemplateDto.DEFAULT.getDescription()))
+ when(permissionTemplateDao.createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), PermissionTemplateDto.DEFAULT.getDescription()))
.thenReturn(permissionTemplate);
when(userDao.selectGroupByName(DefaultGroups.ADMINISTRATORS)).thenReturn(new GroupDto().setId(1L));
when(userDao.selectGroupByName(DefaultGroups.USERS)).thenReturn(new GroupDto().setId(2L));
- RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionDao, userDao, settings);
+ RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionTemplateDao, userDao, settings);
initializer.start();
verify(loadedTemplateDao).insert(argThat(Matches.template(expectedTemplate)));
- verify(permissionDao).createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), PermissionTemplateDto.DEFAULT.getDescription());
- verify(permissionDao).addGroupPermission(1L, 1L, UserRole.ADMIN);
- verify(permissionDao).addGroupPermission(1L, null, UserRole.USER);
- verify(permissionDao).addGroupPermission(1L, null, UserRole.CODEVIEWER);
- verifyNoMoreInteractions(permissionDao);
+ verify(permissionTemplateDao).createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), PermissionTemplateDto.DEFAULT.getDescription());
+ verify(permissionTemplateDao).addGroupPermission(1L, 1L, UserRole.ADMIN);
+ verify(permissionTemplateDao).addGroupPermission(1L, null, UserRole.USER);
+ verify(permissionTemplateDao).addGroupPermission(1L, null, UserRole.CODEVIEWER);
+ verifyNoMoreInteractions(permissionTemplateDao);
verify(settings).saveProperty(RegisterPermissionTemplates.DEFAULT_TEMPLATE_PROPERTY, PermissionTemplateDto.DEFAULT.getKee());
}
when(loadedTemplateDao.countByTypeAndKey(LoadedTemplateDto.PERMISSION_TEMPLATE_TYPE, PermissionTemplateDto.DEFAULT.getKee()))
.thenReturn(1);
- RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionDao, userDao, settings);
+ RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionTemplateDao, userDao, settings);
initializer.start();
- verifyZeroInteractions(permissionDao, settings);
+ verifyZeroInteractions(permissionTemplateDao, settings);
verify(loadedTemplateDao, never()).insert(any(LoadedTemplateDto.class));
}
LoadedTemplateDto expectedTemplate = new LoadedTemplateDto().setKey(PermissionTemplateDto.DEFAULT.getKee())
.setType(LoadedTemplateDto.PERMISSION_TEMPLATE_TYPE);
- RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionDao, userDao, settings);
+ RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionTemplateDao, userDao, settings);
initializer.start();
verify(loadedTemplateDao).insert(argThat(Matches.template(expectedTemplate)));
verify(settings).saveProperty(RegisterPermissionTemplates.DEFAULT_TEMPLATE_PROPERTY, "my_projects_template");
- verifyZeroInteractions(permissionDao);
+ verifyZeroInteractions(permissionTemplateDao);
}
private static class Matches extends BaseMatcher<LoadedTemplateDto> {
import org.mockito.ArgumentMatcher;
import org.sonar.api.user.UserFinder;
import org.sonar.api.user.UserQuery;
-import org.sonar.core.permission.Permission;
+import org.sonar.core.permission.GlobalPermission;
import org.sonar.core.user.UserDao;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
@Test
public void self_deactivation_is_not_possible() throws Exception {
try {
- MockUserSession.set().setLogin("simon").setPermissions(Permission.SYSTEM_ADMIN);
+ MockUserSession.set().setLogin("simon").setPermissions(GlobalPermission.SYSTEM_ADMIN);
service.deactivate("simon");
fail();
} catch (BadRequestException e) {
@Test
public void user_deactivation_requires_admin_permission() throws Exception {
try {
- MockUserSession.set().setLogin("simon").setPermissions(Permission.QUALITY_PROFILE_ADMIN);
+ MockUserSession.set().setLogin("simon").setPermissions(GlobalPermission.QUALITY_PROFILE_ADMIN);
service.deactivate("julien");
fail();
} catch (ForbiddenException e) {
@Test
public void deactivate_user() throws Exception {
- MockUserSession.set().setLogin("simon").setPermissions(Permission.SYSTEM_ADMIN);
+ MockUserSession.set().setLogin("simon").setPermissions(GlobalPermission.SYSTEM_ADMIN);
service.deactivate("julien");
verify(dao).deactivateUserByLogin("julien");
}
@Test
public void fail_to_deactivate_when_blank_login() throws Exception {
- MockUserSession.set().setLogin("simon").setPermissions(Permission.SYSTEM_ADMIN);
+ MockUserSession.set().setLogin("simon").setPermissions(GlobalPermission.SYSTEM_ADMIN);
try {
service.deactivate("");
fail();
*/
package org.sonar.server.user;
-import org.sonar.core.permission.Permission;
+import org.sonar.core.permission.GlobalPermission;
import javax.annotation.Nullable;
+
import java.util.Arrays;
import java.util.Collections;
import java.util.Locale;
public class MockUserSession extends UserSession {
private MockUserSession() {
- permissions = Collections.emptyList();
+ globalPermissions = Collections.emptyList();
}
public static MockUserSession set() {
return this;
}
- public MockUserSession setPermissions(Permission... perm) {
- permissions = Arrays.asList(perm);
+ public MockUserSession setPermissions(GlobalPermission... perm) {
+ globalPermissions = Arrays.asList(perm);
return this;
}
}
package org.sonar.server.user;
import org.junit.Test;
-import org.sonar.core.permission.Permission;
+import org.sonar.core.permission.GlobalPermission;
import org.sonar.core.user.AuthorizationDao;
import org.sonar.server.exceptions.ForbiddenException;
when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin"));
- assertThat(session.hasGlobalPermission(Permission.QUALITY_PROFILE_ADMIN)).isTrue();
- assertThat(session.hasGlobalPermission(Permission.SYSTEM_ADMIN)).isTrue();
- assertThat(session.hasGlobalPermission(Permission.DASHBOARD_SHARING)).isFalse();
+ assertThat(session.hasGlobalPermission(GlobalPermission.QUALITY_PROFILE_ADMIN)).isTrue();
+ assertThat(session.hasGlobalPermission(GlobalPermission.SYSTEM_ADMIN)).isTrue();
+ assertThat(session.hasGlobalPermission(GlobalPermission.DASHBOARD_SHARING)).isFalse();
}
@Test
when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin"));
- session.checkGlobalPermission(Permission.QUALITY_PROFILE_ADMIN);
+ session.checkGlobalPermission(GlobalPermission.QUALITY_PROFILE_ADMIN);
}
@Test(expected = ForbiddenException.class)
when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin"));
- session.checkGlobalPermission(Permission.DASHBOARD_SHARING);
+ session.checkGlobalPermission(GlobalPermission.DASHBOARD_SHARING);
}
static class SpyUserSession extends UserSession {
return this;
}
+ public PermissionParameters component(String component) {
+ params.put("component", component);
+ return this;
+ }
+
public PermissionParameters permission(String permission) {
params.put("permission", permission);
return this;
}
@Test
- public void should_add_user_permission() {
+ public void should_add_global_user_permission() {
httpServer.stubStatusCode(200);
PermissionParameters params = PermissionParameters.create().user("daveloper").permission("admin");
}
@Test
- public void should_add_group_permission() {
+ public void should_add_component_user_permission() {
+ httpServer.stubStatusCode(200);
+
+ PermissionParameters params = PermissionParameters.create().user("daveloper").component("org.sample.Sample").permission("admin");
+ client.addPermission(params);
+
+ assertThat(httpServer.requestedPath()).isEqualTo("/api/permissions/add");
+ assertThat(httpServer.requestParams()).includes(
+ entry("user", "daveloper"),
+ entry("component", "org.sample.Sample"),
+ entry("permission", "admin")
+ );
+ }
+
+ @Test
+ public void should_add_global_group_permission() {
httpServer.stubStatusCode(200);
PermissionParameters params = PermissionParameters.create().group("my_group").permission("admin");
}
@Test
- public void should_remove_user_permission() {
+ public void should_add_component_group_permission() {
+ httpServer.stubStatusCode(200);
+
+ PermissionParameters params = PermissionParameters.create().group("my_group").component("org.sample.Sample").permission("admin");
+ client.addPermission(params);
+
+ assertThat(httpServer.requestedPath()).isEqualTo("/api/permissions/add");
+ assertThat(httpServer.requestParams()).includes(
+ entry("group", "my_group"),
+ entry("component", "org.sample.Sample"),
+ entry("permission", "admin")
+ );
+ }
+
+ @Test
+ public void should_remove_global_user_permission() {
httpServer.stubStatusCode(200);
PermissionParameters params = PermissionParameters.create().user("daveloper").permission("admin");
}
@Test
- public void should_remove_group_permission() {
+ public void should_remove_component_user_permission() {
+ httpServer.stubStatusCode(200);
+
+ PermissionParameters params = PermissionParameters.create().user("daveloper").component("org.sample.Sample").permission("admin");
+ client.removePermission(params);
+
+ assertThat(httpServer.requestedPath()).isEqualTo("/api/permissions/remove");
+ assertThat(httpServer.requestParams()).includes(
+ entry("user", "daveloper"),
+ entry("component", "org.sample.Sample"),
+ entry("permission", "admin")
+ );
+ }
+
+ @Test
+ public void should_remove_global_group_permission() {
httpServer.stubStatusCode(200);
PermissionParameters params = PermissionParameters.create().group("my_group").permission("admin");
entry("permission", "admin")
);
}
+
+ @Test
+ public void should_remove_component_group_permission() {
+ httpServer.stubStatusCode(200);
+
+ PermissionParameters params = PermissionParameters.create().group("my_group").component("org.sample.Sample").permission("admin");
+ client.removePermission(params);
+
+ assertThat(httpServer.requestedPath()).isEqualTo("/api/permissions/remove");
+ assertThat(httpServer.requestParams()).includes(
+ entry("group", "my_group"),
+ entry("component", "org.sample.Sample"),
+ entry("permission", "admin")
+ );
+ }
}