import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
-import org.sonarqube.ws.client.permission.AddUserWsRequest;
import org.sonarqube.ws.client.permission.PermissionsService;
import util.user.UserRule;
static String DASHBOARD_USER = "dashboard_user";
static String CAN_SHARE_DASHBOARDS = "can_share_dashboards";
- static String CANNOT_SHARE_DASHBOARDS = "cannot_share_dashboards";
static PermissionsService permissionsWsClient;
userRule.createUser(DASHBOARD_USER, "password");
userRule.createUser(CAN_SHARE_DASHBOARDS, "password");
- userRule.createUser(CANNOT_SHARE_DASHBOARDS, "password");
-
- permissionsWsClient.addUser(new AddUserWsRequest()
- .setLogin(CAN_SHARE_DASHBOARDS)
- .setPermission("shareDashboard")
- );
}
@AfterClass
@Test
public void share_global_dashboard() throws Exception {
Selenese selenese = Selenese.builder().setHtmlTestsInClasspath("global-dashboard-sharing-permission",
- "/authorisation/DashboardSharingPermissionTest/global-dashboard-sharing-allowed.html",
- "/authorisation/DashboardSharingPermissionTest/global-dashboard-sharing-denied.html")
+ "/authorisation/DashboardSharingPermissionTest/global-dashboard-sharing-allowed.html")
.build();
orchestrator.executeSelenese(selenese);
}
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
-import org.sonarqube.ws.client.permission.AddUserWsRequest;
-import org.sonarqube.ws.client.permission.PermissionsService;
import util.user.UserRule;
-import static util.ItUtils.newAdminWsClient;
-
public class SystemAdminPermissionTest {
@ClassRule
public static void setUpUsers() {
orchestrator.resetData();
- PermissionsService permissionsWsClient = newAdminWsClient(orchestrator).permissions();
-
userRule.createUser("can_share", "password");
- permissionsWsClient.addUser(new AddUserWsRequest().setLogin("can_share").setPermission("shareDashboard"));
-
userRule.createUser("cannot_share", "password");
}
@Test
public void should_change_ownership_of_shared_global_dashboard() throws Exception {
seleniumSuite("change-global-dashboard-ownership",
- "/authorisation/SystemAdminPermissionTest/change-shared-global-dashboard-owner.html",
- "/authorisation/SystemAdminPermissionTest/change-shared-global-dashboard-owner-failure.html");
+ "/authorisation/SystemAdminPermissionTest/change-shared-global-dashboard-owner.html");
}
private void seleniumSuite(String suiteName, String... tests) {
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head profile="http://selenium-ide.openqa.org/profiles/test-case">
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
- <title>global-dashboard-sharing-permission</title>
-</head>
-<body>
-<table cellpadding="1" cellspacing="1" border="1">
- <tbody>
- <tr>
- <td>open</td>
- <td>/sessions/logout</td>
- <td></td>
- </tr>
- <tr>
- <td>open</td>
- <td>/dashboards</td>
- <td></td>
- </tr>
- <tr>
- <td>type</td>
- <td>id=login</td>
- <td>cannot_share_dashboards</td>
- </tr>
- <tr>
- <td>type</td>
- <td>id=password</td>
- <td>password</td>
- </tr>
- <tr>
- <td>clickAndWait</td>
- <td>name=commit</td>
- <td></td>
- </tr>
- <tr>
- <td>click</td>
- <td>create-link-dashboard</td>
- <td></td>
- </tr>
- <tr>
- <td>waitForVisible</td>
- <td>css=div.modal-body</td>
- <td></td>
- </tr>
- <tr>
- <td>assertElementNotPresent</td>
- <td>css=div.modal-body > div.modal.field > input#shared</td>
- <td></td>
- </tr>
- </tbody>
-</table>
-</body>
-</html>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head profile="http://selenium-ide.openqa.org/profiles/test-case">
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
- <title>change-shared-global-dashboard-owner</title>
-</head>
-<body>
-<table cellpadding="1" cellspacing="1" border="1">
- <tbody>
- <tr>
- <td>open</td>
- <td>/sessions/logout</td>
- <td></td>
- </tr>
- <tr>
- <td>open</td>
- <td>/dashboards</td>
- <td></td>
- </tr>
- <tr>
- <td>type</td>
- <td>login</td>
- <td>admin</td>
- </tr>
- <tr>
- <td>type</td>
- <td>password</td>
- <td>admin</td>
- </tr>
- <tr>
- <td>clickAndWait</td>
- <td>commit</td>
- <td></td>
- </tr>
- <tr>
- <td>click</td>
- <td>create-link-dashboard</td>
- <td></td>
- </tr>
- <tr>
- <td>waitForVisible</td>
- <td>css=div.modal-body</td>
- <td></td>
- </tr>
- <tr>
- <td>type</td>
- <td>name</td>
- <td>shared-global-dashboard-fail</td>
- </tr>
- <tr>
- <td>storeValue</td>
- <td>name</td>
- <td>DASHBOARD_NAME</td>
- </tr>
- <tr>
- <td>click</td>
- <td>name=shared</td>
- <td></td>
- </tr>
- <tr>
- <td>clickAndWait</td>
- <td>save-submit</td>
- <td></td>
- </tr>
- <tr>
- <td>waitForVisible</td>
- <td>edit-${DASHBOARD_NAME}</td>
- <td></td>
- </tr>
- <tr>
- <td>click</td>
- <td>edit-${DASHBOARD_NAME}</td>
- <td></td>
- </tr>
- <tr>
- <td>waitForVisible</td>
- <td>css=div.modal-body</td>
- <td></td>
- </tr>
- <tr>
- <td>type</td>
- <td>select-dashboard-owner</td>
- <td>cannot_share</td>
- </tr>
- <tr>
- <td>click</td>
- <td>save-submit</td>
- <td></td>
- </tr>
- <tr>
- <td>waitForVisible</td>
- <td>css=div.modal-body > p.error</td>
- <td></td>
- </tr>
- <tr>
- <td>waitForText</td>
- <td>css=div.modal-body > p.error</td>
- <td>glob:*User cannot own this dashboard because of insufficient rights*</td>
- </tr>
- </tbody>
-</table>
-</body>
-</html>
--- /dev/null
+#
+# SonarQube, open source software quality management tool.
+# Copyright (C) 2008-2014 SonarSource
+# mailto:contact AT sonarsource DOT com
+#
+# SonarQube is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 3 of the License, or (at your option) any later version.
+#
+# SonarQube is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+
+#
+# SonarQube 6.2
+#
+class DeletePermissionShareDashboard < ActiveRecord::Migration
+
+ def self.up
+ execute_java_migration('org.sonar.db.version.v62.DeletePermissionShareDashboard')
+ end
+end
public class DatabaseVersion {
- public static final int LAST_VERSION = 1_401;
+ public static final int LAST_VERSION = 1_402;
/**
* The minimum supported version which can be upgraded. Lower
import org.sonar.db.version.v61.ShrinkModuleUuidPathOfProjects;
import org.sonar.db.version.v62.CreateDefaultOrganization;
import org.sonar.db.version.v62.CreateTableOrganizations;
+import org.sonar.db.version.v62.DeletePermissionShareDashboard;
public class MigrationStepModule extends Module {
@Override
// 6.2
CreateTableOrganizations.class,
- CreateDefaultOrganization.class);
+ CreateDefaultOrganization.class,
+ DeletePermissionShareDashboard.class
+ );
}
}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2016 SonarSource SA
+ * mailto:contact AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.db.version.v62;
+
+import java.sql.SQLException;
+import org.sonar.db.Database;
+import org.sonar.db.version.BaseDataChange;
+import org.sonar.db.version.MassUpdate;
+
+public class DeletePermissionShareDashboard extends BaseDataChange {
+
+ private static final String PERMISSION = "shareDashboard";
+
+ public DeletePermissionShareDashboard(Database db) {
+ super(db);
+ }
+
+ @Override
+ public void execute(Context context) throws SQLException {
+ deleteFromTable(context, "group_roles");
+ deleteFromTable(context, "user_roles");
+ }
+
+ private static void deleteFromTable(Context context, String tableName) throws SQLException {
+ MassUpdate massUpdate = context.prepareMassUpdate();
+ massUpdate.select("select id from " + tableName + " where role=?").setString(1, PERMISSION);
+ massUpdate.update("delete from " + tableName + " where id=?");
+ massUpdate.rowPluralName(tableName);
+ massUpdate.execute((row, update) -> {
+ update.setLong(1, row.getLong(1));
+ return true;
+ });
+ }
+}
INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('1400');
INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('1401');
+INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('1402');
INSERT INTO USERS(ID, LOGIN, NAME, EMAIL, EXTERNAL_IDENTITY, EXTERNAL_IDENTITY_PROVIDER, USER_LOCAL, CRYPTED_PASSWORD, SALT, CREATED_AT, UPDATED_AT) VALUES (1, 'admin', 'Administrator', '', 'admin', 'sonarqube', true, 'a373a0e667abb2604c1fd571eb4ad47fe8cc0878', '48bc4b0d93179b5103fd3885ea9119498e9d161b', '1418215735482', '1418215735482');
ALTER TABLE USERS ALTER COLUMN ID RESTART WITH 2;
public void verify_count_of_added_MigrationStep_types() {
ComponentContainer container = new ComponentContainer();
new MigrationStepModule().configure(container);
- assertThat(container.size()).isEqualTo(143);
+ assertThat(container.size()).isEqualTo(144);
}
}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2016 SonarSource SA
+ * mailto:contact AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.db.version.v62;
+
+import java.sql.SQLException;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.sonar.api.utils.System2;
+import org.sonar.db.DbTester;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class DeletePermissionShareDashboardTest {
+
+ @Rule
+ public ExpectedException expectedException = ExpectedException.none();
+
+ @Rule
+ public DbTester db = DbTester.createForSchema(System2.INSTANCE, DeletePermissionShareDashboardTest.class, "roles.sql");
+
+ private DeletePermissionShareDashboard underTest = new DeletePermissionShareDashboard(db.database());
+
+ @Test
+ public void delete_permissions() throws SQLException {
+ // combinations of group permissions to be kept
+ db.executeInsert("group_roles", "id", "1", "group_id", null, "resource_id", null, "role", "admin");
+ db.executeInsert("group_roles", "id", "2", "group_id", null, "resource_id", "1", "role", "issueadmin");
+ db.executeInsert("group_roles", "id", "3", "group_id", "1", "resource_id", null, "role", "admin");
+ db.executeInsert("group_roles", "id", "4", "group_id", "1", "resource_id", "1", "role", "issueadmin");
+
+ // combinations of group permissions to be removed (even if it does make sense to have "shareDashboard"
+ // on projects)
+ db.executeInsert("group_roles", "id", "5", "group_id", null, "resource_id", null, "role", "shareDashboard");
+ db.executeInsert("group_roles", "id", "6", "group_id", null, "resource_id", "1", "role", "shareDashboard");
+ db.executeInsert("group_roles", "id", "7", "group_id", "1", "resource_id", null, "role", "shareDashboard");
+ db.executeInsert("group_roles", "id", "8", "group_id", "1", "resource_id", "1", "role", "shareDashboard");
+
+ // combinations of user permissions to be kept
+ db.executeInsert("user_roles", "id", "1", "user_id", "100", "resource_id", null, "role", "admin");
+ db.executeInsert("user_roles", "id", "2", "user_id", "100", "resource_id", "1", "role", "issueadmin");
+
+ // combinations of user permissions to be removed (even if it does make sense to have "shareDashboard"
+ // on projects)
+ db.executeInsert("user_roles", "id", "3", "user_id", "100", "resource_id", null, "role", "shareDashboard");
+ db.executeInsert("user_roles", "id", "4", "user_id", "100", "resource_id", "1", "role", "shareDashboard");
+
+ underTest.execute();
+
+ assertThat(db.countRowsOfTable("group_roles")).isEqualTo(4);
+ assertThat(db.countSql("select count(id) from group_roles where role='shareDashboard'")).isEqualTo(0);
+
+ assertThat(db.countRowsOfTable("user_roles")).isEqualTo(2);
+ assertThat(db.countSql("select count(id) from user_roles where role='shareDashboard'")).isEqualTo(0);
+ }
+}
--- /dev/null
+CREATE TABLE "GROUP_ROLES" (
+ "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1),
+ "GROUP_ID" INTEGER,
+ "RESOURCE_ID" INTEGER,
+ "ROLE" VARCHAR(64) NOT NULL
+);
+CREATE INDEX "GROUP_ROLES_RESOURCE" ON "GROUP_ROLES" ("RESOURCE_ID");
+CREATE UNIQUE INDEX "UNIQ_GROUP_ROLES" ON "GROUP_ROLES" ("GROUP_ID", "RESOURCE_ID", "ROLE");
+
+
+CREATE TABLE "USER_ROLES" (
+ "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1),
+ "USER_ID" INTEGER,
+ "RESOURCE_ID" INTEGER,
+ "ROLE" VARCHAR(64) NOT NULL
+);
+CREATE INDEX "USER_ROLES_RESOURCE" ON "USER_ROLES" ("RESOURCE_ID");
+CREATE INDEX "USER_ROLES_USER" ON "USER_ROLES" ("USER_ID");