public void decorate(Resource resource, DecoratorContext context) {
if (shouldDecorateResource(resource)) {
- resourcePermissioning.grantDefaultPermissions(resource);
+ resourcePermissioning.grantDefaultRoles(resource);
}
}
private boolean shouldDecorateResource(Resource resource) {
- return resource.getId() != null && isProject(resource) && !resourcePermissioning.hasPermissions(resource);
+ return resource.getId() != null && isProject(resource) && !resourcePermissioning.hasRoles(resource);
}
private boolean isProject(Resource resource) {
this.myBatis = myBatis;
}
- public boolean hasPermissions(Resource resource) {
+ public boolean hasRoles(Resource resource) {
if (resource.getId() != null) {
SqlSession session = myBatis.openSession();
try {
return false;
}
- public void addUserPermissions(Resource resource, String login, String role) {
+ public void grantUserRole(Resource resource, String login, String role) {
if (resource.getId() != null) {
SqlSession session = myBatis.openSession();
try {
}
}
- public void addGroupPermissions(Resource resource, String groupName, String role) {
+ public void grantGroupRole(Resource resource, String groupName, String role) {
if (resource.getId() != null) {
SqlSession session = myBatis.openSession();
try {
}
}
- public void grantDefaultPermissions(Resource resource) {
+ public void grantDefaultRoles(Resource resource) {
if (resource.getId() != null) {
SqlSession session = myBatis.openSession();
try {
- removePermissions(resource, session);
- grantDefaultPermissions(resource, UserRole.ADMIN, session);
- grantDefaultPermissions(resource, UserRole.USER, session);
- grantDefaultPermissions(resource, UserRole.CODEVIEWER, session);
+ removeRoles(resource, session);
+ grantDefaultRoles(resource, UserRole.ADMIN, session);
+ grantDefaultRoles(resource, UserRole.USER, session);
+ grantDefaultRoles(resource, UserRole.CODEVIEWER, session);
session.commit();
} finally {
MyBatis.closeQuietly(session);
}
}
- private void removePermissions(Resource resource, SqlSession session) {
+ private void removeRoles(Resource resource, SqlSession session) {
Long resourceId = new Long(resource.getId());
RoleMapper mapper = session.getMapper(RoleMapper.class);
mapper.deleteGroupRolesByResourceId(resourceId);
mapper.deleteUserRolesByResourceId(resourceId);
}
- private void grantDefaultPermissions(Resource resource, String role, SqlSession session) {
+ private void grantDefaultRoles(Resource resource, String role, SqlSession session) {
UserMapper userMapper = session.getMapper(UserMapper.class);
RoleMapper roleMapper = session.getMapper(RoleMapper.class);
String[] groupNames = settings.getStringArrayBySeparator("sonar.role." + role + "." + resource.getQualifier() + ".defaultGroups", ",");
public void doNotApplySecurityWhenExistingPermissions() {
Project project = new Project("project");
project.setId(10);
- when(resourcePermissioning.hasPermissions(project)).thenReturn(true);
+ when(resourcePermissioning.hasRoles(project)).thenReturn(true);
decorator.decorate(project, null);
- verify(resourcePermissioning, never()).grantDefaultPermissions(project);
+ verify(resourcePermissioning, never()).grantDefaultRoles(project);
}
@Test
Project project = new Project("project");
Project module = new Project("module").setParent(project);
module.setId(10);
- when(resourcePermissioning.hasPermissions(project)).thenReturn(false);
+ when(resourcePermissioning.hasRoles(project)).thenReturn(false);
decorator.decorate(module, null);
- verify(resourcePermissioning, never()).grantDefaultPermissions(module);
+ verify(resourcePermissioning, never()).grantDefaultRoles(module);
}
@Test
public void applySecurityWhenNoPermissions() {
Project project = new Project("project");
project.setId(10);
- when(resourcePermissioning.hasPermissions(project)).thenReturn(false);
+ when(resourcePermissioning.hasRoles(project)).thenReturn(false);
decorator.decorate(project, null);
- verify(resourcePermissioning).grantDefaultPermissions(project);
+ verify(resourcePermissioning).grantDefaultRoles(project);
}
}
private Resource project = new Project("project").setId(123);
@Test
- public void addGroupPermissions() {
- setupData("addGroupPermissions");
+ public void grantGroupRole() {
+ setupData("grantGroupRole");
DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis());
- permissioning.addGroupPermissions(project, "sonar-administrators", "admin");
+ permissioning.grantGroupRole(project, "sonar-administrators", "admin");
- checkTables("addGroupPermissions", "group_roles");
+ checkTables("grantGroupRole", "group_roles");
}
@Test
- public void addGroupPermissions_anyone() {
- setupData("addGroupPermissions_anyone");
+ public void grantGroupRole_anyone() {
+ setupData("grantGroupRole_anyone");
DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis());
- permissioning.addGroupPermissions(project, DefaultGroups.ANYONE, "admin");
+ permissioning.grantGroupRole(project, DefaultGroups.ANYONE, "admin");
- checkTables("addGroupPermissions_anyone", "group_roles");
+ checkTables("grantGroupRole_anyone", "group_roles");
}
@Test
- public void addGroupPermissions_ignore_if_group_not_found() {
- setupData("addGroupPermissions_ignore_if_group_not_found");
+ public void grantGroupRole_ignore_if_group_not_found() {
+ setupData("grantGroupRole_ignore_if_group_not_found");
DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis());
- permissioning.addGroupPermissions(project, "not_found", "admin");
+ permissioning.grantGroupRole(project, "not_found", "admin");
- checkTables("addGroupPermissions_ignore_if_group_not_found", "group_roles");
+ checkTables("grantGroupRole_ignore_if_group_not_found", "group_roles");
}
@Test
- public void addGroupPermissions_ignore_if_not_persisted() {
- setupData("addGroupPermissions_ignore_if_not_persisted");
+ public void grantGroupRole_ignore_if_not_persisted() {
+ setupData("grantGroupRole_ignore_if_not_persisted");
DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis());
Project resourceWithoutId = new Project("");
- permissioning.addGroupPermissions(resourceWithoutId, "sonar-users", "admin");
+ permissioning.grantGroupRole(resourceWithoutId, "sonar-users", "admin");
- checkTables("addGroupPermissions_ignore_if_not_persisted", "group_roles");
+ checkTables("grantGroupRole_ignore_if_not_persisted", "group_roles");
}
@Test
- public void grantDefaultPermissions() {
- setupData("grantDefaultPermissions");
+ public void grantDefaultRoles() {
+ setupData("grantDefaultRoles");
Settings settings = new Settings(new PropertyDefinitions(DefaultResourcePermissioning.class));
DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis());
- permissioning.grantDefaultPermissions(project);
+ permissioning.grantDefaultRoles(project);
- checkTables("grantDefaultPermissions", "user_roles", "group_roles");
+ checkTables("grantDefaultRoles", "user_roles", "group_roles");
}
@Test
- public void grantDefaultPermissions_unknown_group() {
- setupData("grantDefaultPermissions_unknown_group");
+ public void grantDefaultRoles_unknown_group() {
+ setupData("grantDefaultRoles_unknown_group");
Settings settings = new Settings();
settings.setProperty("sonar.role.admin.TRK.defaultGroups", "sonar-administrators,unknown");
DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis());
- permissioning.grantDefaultPermissions(project);
+ permissioning.grantDefaultRoles(project);
- checkTables("grantDefaultPermissions_unknown_group", "group_roles");
+ checkTables("grantDefaultRoles_unknown_group", "group_roles");
}
@Test
- public void grantDefaultPermissions_users() {
- setupData("grantDefaultPermissions_users");
+ public void grantDefaultRoles_users() {
+ setupData("grantDefaultRoles_users");
Settings settings = new Settings();
settings.setProperty("sonar.role.admin.TRK.defaultUsers", "marius,disabled,notfound");
DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis());
- permissioning.grantDefaultPermissions(project);
+ permissioning.grantDefaultRoles(project);
- checkTables("grantDefaultPermissions_users", "user_roles");
+ checkTables("grantDefaultRoles_users", "user_roles");
}
@Test
- public void hasPermissions() {
- setupData("hasPermissions");
+ public void hasRoles() {
+ setupData("hasRoles");
DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis());
// no groups and at least one user
- assertThat(permissioning.hasPermissions(new Project("only_users").setId(1))).isTrue();
+ assertThat(permissioning.hasRoles(new Project("only_users").setId(1))).isTrue();
// no users and at least one group
- assertThat(permissioning.hasPermissions(new Project("only_groups").setId(2))).isTrue();
+ assertThat(permissioning.hasRoles(new Project("only_groups").setId(2))).isTrue();
// groups and users
- assertThat(permissioning.hasPermissions(new Project("groups_and_users").setId(3))).isTrue();
+ assertThat(permissioning.hasRoles(new Project("groups_and_users").setId(3))).isTrue();
// no groups, no users
- assertThat(permissioning.hasPermissions(new Project("no_groups_no_users").setId(4))).isFalse();
+ assertThat(permissioning.hasRoles(new Project("no_groups_no_users").setId(4))).isFalse();
// does not exist
- assertThat(permissioning.hasPermissions(new Project("not_found"))).isFalse();
+ assertThat(permissioning.hasRoles(new Project("not_found"))).isFalse();
}
}
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators"/>
- <groups id="101" name="sonar-users"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
-
- <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
-
- <!-- already existed -->
- <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
-
- <!-- already existed -->
- <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
-
- <!-- already existed -->
- <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
-
- <!-- already existed -->
- <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators"/>
- <groups id="101" name="sonar-users"/>
- <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
-
- <!-- on other resources -->
- <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="2" group_id="101" resource_id="1" role="user"/>
- <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
-
- <!--
- new rows : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer),
- -->
- <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
- <group_roles id="4" group_id="101" resource_id="123" role="user"/>
- <group_roles id="5" group_id="[null]" resource_id="123" role="user"/>
- <group_roles id="6" group_id="101" resource_id="123" role="codeviewer"/>
- <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
- <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
-
- <!-- on other resources -->
- <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="2" group_id="101" resource_id="1" role="user"/>
- <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators"/>
- <groups id="101" name="sonar-users"/>
- <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
-
- <!-- on other resources -->
- <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="2" group_id="101" resource_id="1" role="user"/>
- <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
-
- <!--
- new rows : sonar-administrators (admin)
- -->
- <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
- <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
-
- <!-- on other resources -->
- <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="2" group_id="101" resource_id="1" role="user"/>
- <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators"/>
- <groups id="101" name="sonar-users"/>
- <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
- <users id="201" login="disabled" name="Disabled" email="[null]" active="[false]"/>
-
- <!-- on other resources -->
- <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="2" group_id="101" resource_id="1" role="user"/>
- <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
-
- <!--
- new row : marius (admin)
- -->
- <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators" />
- <groups id="101" name="sonar-users" />
- <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
- <users id="201" login="disabled" name="Disabled" email="[null]" active="[false]" />
-
- <!-- on other resources -->
- <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="2" group_id="101" resource_id="1" role="user"/>
- <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
-</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators"/>
+ <groups id="101" name="sonar-users"/>
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+ <!--
+ new rows : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer),
+ -->
+ <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
+ <group_roles id="4" group_id="101" resource_id="123" role="user"/>
+ <group_roles id="5" group_id="[null]" resource_id="123" role="user"/>
+ <group_roles id="6" group_id="101" resource_id="123" role="codeviewer"/>
+ <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators"/>
+ <groups id="101" name="sonar-users"/>
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+ <!--
+ new rows : sonar-administrators (admin)
+ -->
+ <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators"/>
+ <groups id="101" name="sonar-users"/>
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+ <users id="201" login="disabled" name="Disabled" email="[null]" active="[false]"/>
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+ <!--
+ new row : marius (admin)
+ -->
+ <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+ <users id="201" login="disabled" name="Disabled" email="[null]" active="[false]" />
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators"/>
+ <groups id="101" name="sonar-users"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+
+ <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+
+ <!-- already existed -->
+ <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+
+ <!-- already existed -->
+ <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+
+ <!-- already existed -->
+ <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+
+ <!-- already existed -->
+ <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
+</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
- <groups id="100" name="sonar-administrators"/>
- <groups id="101" name="sonar-users"/>
- <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
-
- <!-- only_users -->
- <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
-
- <!-- only_groups -->
- <group_roles id="1" group_id="100" resource_id="2" role="admin"/>
-
- <!-- groups_and_users -->
- <group_roles id="2" group_id="101" resource_id="3" role="user"/>
- <user_roles id="2" user_id="200" resource_id="3" role="admin"/>
-
-</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+ <groups id="100" name="sonar-administrators"/>
+ <groups id="101" name="sonar-users"/>
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+
+ <!-- only_users -->
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+ <!-- only_groups -->
+ <group_roles id="1" group_id="100" resource_id="2" role="admin"/>
+
+ <!-- groups_and_users -->
+ <group_roles id="2" group_id="101" resource_id="3" role="user"/>
+ <user_roles id="2" user_id="200" resource_id="3" role="admin"/>
+
+</dataset>
\ No newline at end of file
*/
public interface ResourcePermissioning extends BatchComponent {
- boolean hasPermissions(Resource resource);
+ boolean hasRoles(Resource resource);
- void grantDefaultPermissions(Resource resource);
+ void grantDefaultRoles(Resource resource);
- void addUserPermissions(Resource resource, String login, String role);
+ void grantUserRole(Resource resource, String login, String role);
- void addGroupPermissions(Resource resource, String groupName, String role);
+ void grantGroupRole(Resource resource, String groupName, String role);
}