import org.sonarqube.ws.client.PostRequest;
import org.sonarqube.ws.client.WsClient;
import org.sonarqube.ws.client.WsResponse;
+import org.sonarqube.ws.client.permission.AddUserWsRequest;
import util.ItUtils;
import static org.assertj.core.api.Assertions.assertThat;
}
@Test
- public void restart_in_prod_mode_requires_root_and_restarts_WebServer_and_ES() throws Exception {
+ public void restart_in_prod_mode_requires_sysadmin_permission_and_restarts() throws Exception {
// server classloader locks Jar files on Windows
if (!SystemUtils.IS_OS_WINDOWS) {
orchestrator = Orchestrator.builderEnv()
verifyFailWith403(() -> newWsClient(orchestrator).system().restart());
- createNonRootUser("john", "doe");
+ createNonSystemAdministrator("john", "doe");
verifyFailWith403(() -> ItUtils.newUserWsClient(orchestrator, "john", "doe").system().restart());
- createRootUser("big", "boss");
+ createSystemAdministrator("big", "boss");
ItUtils.newUserWsClient(orchestrator, "big", "boss").system().restart();
WsResponse wsResponse = newAdminWsClient(orchestrator).wsConnector().call(new GetRequest("/api/system/status")).failIfNotSuccessful();
assertThat(wsResponse.content()).contains("RESTARTING");
}
}
- private void createRootUser(String login, String password) {
+ private void createSystemAdministrator(String login, String password) {
WsClient wsClient = newAdminWsClient(orchestrator);
- createNonRootUser(wsClient, login, password);
- wsClient.rootService().setRoot(login);
+ createNonSystemAdministrator(wsClient, login, password);
+ wsClient.permissions().addUser(new AddUserWsRequest().setLogin(login).setPermission("admin"));
}
- private void createNonRootUser(String login, String password) {
- createNonRootUser(newAdminWsClient(orchestrator), login, password);
+ private void createNonSystemAdministrator(String login, String password) {
+ createNonSystemAdministrator(newAdminWsClient(orchestrator), login, password);
}
- private static void createNonRootUser(WsClient wsClient, String login, String password) {
+ private static void createNonSystemAdministrator(WsClient wsClient, String login, String password) {
wsClient.wsConnector().call(
new PostRequest("api/users/create")
.setParam("login", login)
}
private boolean hasAdminPermission(Optional<ComponentDto> component) {
- return component.isPresent() ? userSession.hasComponentPermission(ADMIN, component.get()) : userSession.isRoot();
+ return component
+ .map(c -> userSession.hasComponentPermission(ADMIN, c))
+ .orElse(userSession.isSystemAdministrator());
}
private List<PropertyDto> loadGlobalSettings(DbSession dbSession, Optional<String> key) {
@Override
public void handle(Request request, Response response) throws Exception {
- boolean isRoot = userSession.isRoot();
+ boolean isSysAdmin = userSession.isSystemAdministrator();
JsonWriter json = response.newJsonWriter().beginObject();
- json.prop("showUpdateCenter", isRoot && settings.getBoolean(WebConstants.SONAR_UPDATECENTER_ACTIVATE));
+ json.prop("showUpdateCenter", isSysAdmin && settings.getBoolean(WebConstants.SONAR_UPDATECENTER_ACTIVATE));
json.name("extensions").beginArray();
- if (isRoot) {
+ if (isSysAdmin) {
for (Page page : pageRepository.getGlobalPages(true)) {
json.beginObject()
.prop("key", page.getKey())
}
private void writeGroupsIfNeeded(JsonWriter json, Collection<String> groups, @Nullable Collection<String> fields) {
- if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.isRoot()) {
+ if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.isSystemAdministrator()) {
json.name(FIELD_GROUPS).beginArray();
for (String groupName : groups) {
json.value(groupName);
static void validate(UserSession userSession, @Nullable String requestLogin) {
userSession.checkLoggedIn();
- if (!userSession.isRoot() && !isLoggedInUser(userSession, requestLogin)) {
+ if (!userSession.isSystemAdministrator() && !isLoggedInUser(userSession, requestLogin)) {
throw insufficientPrivilegesException();
}
}
return this;
}
+ public UserSessionRule setSystemAdministrator() {
+ ensureMockUserSession().setSystemAdministrator(true);
+ return this;
+ }
+
+ public UserSessionRule setNonSystemAdministrator() {
+ ensureMockUserSession().setSystemAdministrator(false);
+ return this;
+ }
+
@Override
public Statement apply(Statement statement, Description description) {
return this.statement(statement);
@Test
public void json_example() {
- userSession.logIn().setRoot();
+ logInAsSystemAdministrator();
String response = ws.newRequest()
.setMediaType(MediaTypes.JSON)
@Test
public void fail_if_name_is_longer_than_100_characters() {
- userSession.logIn().setRoot();
+ logInAsSystemAdministrator();
expectedException.expect(IllegalArgumentException.class);
expectedException.expectMessage("Token name length (101) is longer than the maximum authorized (100)");
@Test
public void fail_if_login_does_not_exist() {
- userSession.logIn().setRoot();
+ logInAsSystemAdministrator();
expectedException.expect(ForbiddenException.class);
@Test
public void fail_if_name_is_blank() {
- userSession.logIn().setRoot();
+ logInAsSystemAdministrator();
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("The 'name' parameter must not be blank");
@Test
public void fail_if_token_with_same_login_and_name_exists() {
- userSession.logIn().setRoot();
+ logInAsSystemAdministrator();
newRequest(GRACE_HOPPER, TOKEN_NAME);
expectedException.expect(BadRequestException.class);
@Test
public void fail_if_token_hash_already_exists_in_db() {
- userSession.logIn().setRoot();
+ logInAsSystemAdministrator();
when(tokenGenerator.hash(anyString())).thenReturn("987654321");
db.getDbClient().userTokenDao().insert(db.getSession(), newUserToken().setTokenHash("987654321"));
@Test
public void throw_ForbiddenException_if_non_administrator_creates_token_for_someone_else() {
- userSession.logIn().setNonRoot();
+ userSession.logIn().setNonSystemAdministrator();
expectedException.expect(ForbiddenException.class);
throw propagate(e);
}
}
+
+ private void logInAsSystemAdministrator() {
+ userSession.logIn().setSystemAdministrator();
+ }
}
@Test
public void delete_token_in_db() {
- userSession.logIn().setRoot();
+ logInAsSystemAdministrator();
insertUserToken(newUserToken().setLogin(GRACE_HOPPER).setName("token-to-delete"));
insertUserToken(newUserToken().setLogin(GRACE_HOPPER).setName("token-to-keep-1"));
insertUserToken(newUserToken().setLogin(GRACE_HOPPER).setName("token-to-keep-2"));
@Test
public void does_not_fail_when_incorrect_login_or_name() {
- userSession.logIn().setRoot();
+ logInAsSystemAdministrator();
insertUserToken(newUserToken().setLogin(GRACE_HOPPER).setName(TOKEN_NAME));
newRequest(ADA_LOVELACE, "another-token-name");
dbClient.userTokenDao().insert(dbSession, userToken);
dbSession.commit();
}
+
+ private void logInAsSystemAdministrator() {
+ userSession.logIn().setSystemAdministrator();
+ }
}
@Test
public void search_json_example() {
- userSession.logIn().setRoot();
+ logInAsSystemAdministrator();
dbClient.userTokenDao().insert(dbSession, newUserToken()
.setCreatedAt(1448523067221L)
@Test
public void fail_when_login_does_not_exist() {
- userSession.logIn().setRoot();
+ logInAsSystemAdministrator();
expectedException.expect(NotFoundException.class);
expectedException.expectMessage("User with login 'unknown-login' not found");
throw new IllegalStateException("unreachable");
}
+
+ private void logInAsSystemAdministrator() {
+ userSession.logIn().setSystemAdministrator();
+ }
}
projects / sonarqube.git / commitdiff