*/
package org.sonar.server.permission.index;
-import com.google.common.base.Predicate;
-import com.google.common.collect.Iterables;
import java.util.Collection;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.utils.System2;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
+import org.sonar.db.component.ComponentDbTester;
+import org.sonar.db.component.ComponentDto;
+import org.sonar.db.user.GroupDto;
+import org.sonar.db.user.UserDbTester;
+import org.sonar.db.user.UserDto;
import static org.assertj.core.api.Assertions.assertThat;
+import static org.sonar.api.security.DefaultGroups.ANYONE;
+import static org.sonar.api.web.UserRole.ADMIN;
+import static org.sonar.api.web.UserRole.USER;
public class AuthorizationDaoTest {
@Rule
public DbTester dbTester = DbTester.create(System2.INSTANCE);
- private AuthorizationDao dao = new AuthorizationDao();
+ DbClient dbClient = dbTester.getDbClient();
+ DbSession dbSession = dbTester.getSession();
- @Test
- public void select_all() {
- dbTester.prepareDbUnit(getClass(), "shared.xml");
-
- Collection<AuthorizationDao.Dto> dtos = dao.selectAfterDate(dbTester.getDbClient(), dbTester.getSession(), 0L);
- assertThat(dtos).hasSize(2);
+ ComponentDbTester componentDbTester = new ComponentDbTester(dbTester);
+ UserDbTester userDbTester = new UserDbTester(dbTester);
- AuthorizationDao.Dto abc = Iterables.find(dtos, new ProjectPredicate("ABC"));
- assertThat(abc.getGroups()).containsOnly("Anyone", "devs");
- assertThat(abc.getUsers()).containsOnly("user1");
- assertThat(abc.getUpdatedAt()).isNotNull();
-
- AuthorizationDao.Dto def = Iterables.find(dtos, new ProjectPredicate("DEF"));
- assertThat(def.getGroups()).containsOnly("Anyone");
- assertThat(def.getUsers()).containsOnly("user1", "user2");
- assertThat(def.getUpdatedAt()).isNotNull();
- }
+ AuthorizationDao underTest = new AuthorizationDao();
@Test
- public void select_after_date() {
- dbTester.prepareDbUnit(getClass(), "shared.xml");
+ public void select_all() {
+ ComponentDto project1 = componentDbTester.insertProject();
+ ComponentDto project2 = componentDbTester.insertProject();
+
+ // user1 can access both projects
+ UserDto user1 = userDbTester.insertUser();
+ userDbTester.insertProjectPermissionOnUser(user1, USER, project1);
+ userDbTester.insertProjectPermissionOnUser(user1, ADMIN, project1);
+ userDbTester.insertProjectPermissionOnUser(user1, USER, project2);
+
+ // user2 has user access on project2 only
+ UserDto user2 = userDbTester.insertUser();
+ userDbTester.insertProjectPermissionOnUser(user2, USER, project2);
+
+ // group1 has user access on project1 only
+ GroupDto group = userDbTester.insertGroup();
+ userDbTester.insertProjectPermissionOnGroup(group, USER, project1);
+ userDbTester.insertProjectPermissionOnGroup(group, ADMIN, project1);
+
+ // Anyone group has user access on both projects
+ userDbTester.insertProjectPermissionOnAnyone(USER, project1);
+ userDbTester.insertProjectPermissionOnAnyone(ADMIN, project1);
+ userDbTester.insertProjectPermissionOnAnyone(USER, project2);
+
+ Collection<AuthorizationDao.Dto> dtos = underTest.selectAfterDate(dbClient, dbSession, 0L);
+ assertThat(dtos).hasSize(2);
- Collection<AuthorizationDao.Dto> dtos = dao.selectAfterDate(dbTester.getDbClient(), dbTester.getSession(), 1500000000L);
+ AuthorizationDao.Dto project1Authorization = getByProjectUuid(project1.uuid(), dtos);
+ assertThat(project1Authorization.getGroups()).containsOnly(ANYONE, group.getName());
+ assertThat(project1Authorization.getUsers()).containsOnly(user1.getLogin());
+ assertThat(project1Authorization.getUpdatedAt()).isNotNull();
- // only project DEF was updated in this period
- assertThat(dtos).hasSize(1);
- AuthorizationDao.Dto def = Iterables.find(dtos, new ProjectPredicate("DEF"));
- assertThat(def).isNotNull();
- assertThat(def.getGroups()).containsOnly("Anyone");
- assertThat(def.getUsers()).containsOnly("user1", "user2");
+ AuthorizationDao.Dto project2Authorization = getByProjectUuid(project2.uuid(), dtos);
+ assertThat(project2Authorization.getGroups()).containsOnly(ANYONE);
+ assertThat(project2Authorization.getUsers()).containsOnly(user1.getLogin(), user2.getLogin());
+ assertThat(project2Authorization.getUpdatedAt()).isNotNull();
}
@Test
public void no_authorization() {
- dbTester.prepareDbUnit(getClass(), "no_authorization.xml");
+ ComponentDto project1 = componentDbTester.insertProject();
+ // no authorizations project1
- Collection<AuthorizationDao.Dto> dtos = dao.selectAfterDate(dbTester.getDbClient(), dbTester.getSession(), 0L);
+ ComponentDto project2 = componentDbTester.insertProject();
+ UserDto user = userDbTester.insertUser();
+ userDbTester.insertProjectPermissionOnUser(user, USER, project2);
+ GroupDto group = userDbTester.insertGroup();
+ userDbTester.insertProjectPermissionOnGroup(group, USER, project2);
- assertThat(dtos).hasSize(1);
- AuthorizationDao.Dto abc = Iterables.find(dtos, new ProjectPredicate("ABC"));
- assertThat(abc.getGroups()).isEmpty();
- assertThat(abc.getUsers()).isEmpty();
- assertThat(abc.getUpdatedAt()).isNotNull();
- }
-
- private static class ProjectPredicate implements Predicate<AuthorizationDao.Dto> {
-
- private final String projectUuid;
-
- ProjectPredicate(String projectUuid) {
- this.projectUuid = projectUuid;
- }
+ Collection<AuthorizationDao.Dto> dtos = underTest.selectAfterDate(dbClient, dbSession, 0L);
- @Override
- public boolean apply(AuthorizationDao.Dto input) {
- return input.getProjectUuid().equals(projectUuid);
- }
+ assertThat(dtos).hasSize(2);
+ AuthorizationDao.Dto project1Authorization = getByProjectUuid(project1.uuid(), dtos);
+ assertThat(project1Authorization.getGroups()).isEmpty();
+ assertThat(project1Authorization.getUsers()).isEmpty();
+ assertThat(project1Authorization.getUpdatedAt()).isNotNull();
+ }
- @Override
- public boolean equals(Object object) {
- return true;
- }
+ private static AuthorizationDao.Dto getByProjectUuid(String projectUuid, Collection<AuthorizationDao.Dto> dtos) {
+ return dtos.stream().filter(dto -> dto.getProjectUuid().equals(projectUuid)).findFirst().orElseThrow(IllegalArgumentException::new);
}
+
}
import org.junit.Test;
import org.sonar.api.config.MapSettings;
import org.sonar.api.utils.System2;
-import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
+import org.sonar.db.component.ComponentDbTester;
+import org.sonar.db.component.ComponentDto;
+import org.sonar.db.user.GroupDto;
+import org.sonar.db.user.UserDbTester;
+import org.sonar.db.user.UserDto;
import org.sonar.server.es.EsTester;
import org.sonar.server.issue.index.IssueIndexDefinition;
import static org.assertj.core.api.Assertions.assertThat;
-
+import static org.sonar.api.security.DefaultGroups.ANYONE;
+import static org.sonar.api.web.UserRole.ADMIN;
+import static org.sonar.api.web.UserRole.USER;
public class AuthorizationIndexerTest {
@Rule
public EsTester esTester = new EsTester(new IssueIndexDefinition(new MapSettings()));
+ ComponentDbTester componentDbTester = new ComponentDbTester(dbTester);
+ UserDbTester userDbTester = new UserDbTester(dbTester);
+
+ AuthorizationIndexer underTest = new AuthorizationIndexer(dbTester.getDbClient(), esTester.client());
+
@Test
public void index_nothing() {
- AuthorizationIndexer indexer = createIndexer();
- indexer.index();
+ underTest.index();
assertThat(esTester.countDocuments("issues", "authorization")).isZero();
}
@Test
public void index() {
- dbTester.prepareDbUnit(getClass(), "index.xml");
+ ComponentDto project = componentDbTester.insertProject();
+ UserDto user = userDbTester.insertUser();
+ userDbTester.insertProjectPermissionOnUser(user, USER, project);
+ userDbTester.insertProjectPermissionOnUser(user, ADMIN, project);
+ GroupDto group = userDbTester.insertGroup();
+ userDbTester.insertProjectPermissionOnGroup(group, USER, project);
+ userDbTester.insertProjectPermissionOnAnyone(USER, project);
- AuthorizationIndexer indexer = createIndexer();
- indexer.doIndex(0L);
+ underTest.doIndex(0L);
List<SearchHit> docs = esTester.getDocuments("issues", "authorization");
assertThat(docs).hasSize(1);
SearchHit doc = docs.get(0);
- assertThat(doc.getSource().get("project")).isEqualTo("ABC");
- assertThat((Collection) doc.getSource().get("groups")).containsOnly("devs", "Anyone");
- assertThat((Collection) doc.getSource().get("users")).containsOnly("user1");
+ assertThat(doc.getSource().get("project")).isEqualTo(project.uuid());
+ assertThat((Collection) doc.getSource().get("groups")).containsOnly(group.getName(), ANYONE);
+ assertThat((Collection) doc.getSource().get("users")).containsOnly(user.getLogin());
+ }
+
+ @Test
+ public void delete_project() {
+ AuthorizationDao.Dto authorization = new AuthorizationDao.Dto("ABC", System.currentTimeMillis());
+ authorization.addUser("guy");
+ authorization.addGroup("dev");
+ underTest.index(Arrays.asList(authorization));
- // delete project
- indexer.deleteProject("ABC", true);
+ underTest.deleteProject("ABC", true);
- assertThat(esTester.countDocuments("issues", "issueAuthorization")).isZero();
+ assertThat(esTester.countDocuments("issues", "authorization")).isZero();
}
@Test
public void do_not_fail_when_deleting_unindexed_project() {
- AuthorizationIndexer indexer = createIndexer();
- indexer.deleteProject("UNKNOWN", true);
+ underTest.deleteProject("UNKNOWN", true);
+
assertThat(esTester.countDocuments("issues", "authorization")).isZero();
}
@Test
public void delete_permissions() {
- AuthorizationIndexer indexer = createIndexer();
AuthorizationDao.Dto authorization = new AuthorizationDao.Dto("ABC", System.currentTimeMillis());
authorization.addUser("guy");
authorization.addGroup("dev");
- indexer.index(Arrays.asList(authorization));
+ underTest.index(Arrays.asList(authorization));
// has permissions
assertThat(esTester.countDocuments("issues", "authorization")).isEqualTo(1);
// remove permissions -> dto has no users nor groups
authorization = new AuthorizationDao.Dto("ABC", System.currentTimeMillis());
- indexer.index(Arrays.asList(authorization));
+ underTest.index(Arrays.asList(authorization));
List<SearchHit> docs = esTester.getDocuments("issues", "authorization");
assertThat(docs).hasSize(1);
- assertThat((Collection)docs.get(0).sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_USERS)).hasSize(0);
- assertThat((Collection)docs.get(0).sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_GROUPS)).hasSize(0);
+ assertThat((Collection) docs.get(0).sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_USERS)).hasSize(0);
+ assertThat((Collection) docs.get(0).sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_GROUPS)).hasSize(0);
}
- private AuthorizationIndexer createIndexer() {
- return new AuthorizationIndexer(new DbClient(dbTester.database(), dbTester.myBatis()), esTester.client());
- }
}
+++ /dev/null
-<dataset>
-
- <projects uuid="ABC"
- uuid_path="NOT_USED"
- project_uuid="ABC"
- module_uuid="[null]"
- module_uuid_path="."
- root_uuid="ABC"
- scope="PRJ"
- qualifier="TRK"
- kee="org.struts:struts"
- name="Struts"
- description="the description"
- long_name="Apache Struts"
- enabled="[true]"
- language="java"
- path="[null]"
- authorization_updated_at="123456789"
- id="1"/>
-
- <!-- no authorizations project ABC. -->
-
- <users id="10"
- login="user1"
- name="User 1"
- email="user1@company.net"
- active="[true]"
- is_root="[false]"/>
- <groups id="100"
- name="devs"
- organization_uuid="org1"/>
-
- <user_roles id="1"
- user_id="10"
- resource_id="2"
- role="user"
- organization_uuid="org1"/>
- <group_roles id="1"
- group_id="100"
- resource_id="2"
- role="admin"
- organization_uuid="org1"/>
-</dataset>
+++ /dev/null
-<dataset>
-
- <projects uuid="ABC"
- uuid_path="NOT_USED"
- project_uuid="ABC"
- module_uuid="[null]"
- module_uuid_path="."
- root_uuid="ABC"
- scope="PRJ"
- qualifier="TRK"
- kee="org.struts:struts"
- name="Struts"
- description="the description"
- long_name="Apache Struts"
- enabled="[true]"
- language="java"
- path="[null]"
- authorization_updated_at="1000000000"
- id="1"/>
-
- <projects uuid="DEF"
- uuid_path="NOT_USED"
- project_uuid="DEF"
- module_uuid="[null]"
- module_uuid_path="."
- root_uuid="ABC"
- scope="PRJ"
- qualifier="TRK"
- kee="org.sonar.sample"
- name="Sample"
- description="the description"
- long_name="Sample"
- enabled="[true]"
- language="java"
- path="[null]"
- authorization_updated_at="2000000000"
- id="2"/>
-
- <!-- user1 can access both projects -->
- <users id="10"
- login="user1"
- name="User 1"
- email="user1@company.net"
- active="[true]"
- is_root="[false]"/>
- <user_roles id="1"
- user_id="10"
- resource_id="1"
- role="user"
- organization_uuid="org1"/>
- <user_roles id="2"
- user_id="10"
- resource_id="1"
- role="admin"
- organization_uuid="org1"/>
- <user_roles id="3"
- user_id="10"
- resource_id="2"
- role="user"
- organization_uuid="org1"/>
-
- <!-- group devs has user access on ABC only -->
- <groups id="100"
- name="devs"
- organization_uuid="org1"/>
- <group_roles id="1"
- group_id="100"
- resource_id="1"
- role="user"
- organization_uuid="org1"/>
- <group_roles id="2"
- group_id="100"
- resource_id="1"
- role="admin"
- organization_uuid="org1"/>
-
- <!-- Anyone group has user access on both projects -->
- <group_roles id="4"
- group_id="[null]"
- resource_id="1"
- role="user"
- organization_uuid="org1"/>
- <group_roles id="5"
- group_id="[null]"
- resource_id="1"
- role="admin"
- organization_uuid="org1"/>
- <group_roles id="6"
- group_id="[null]"
- resource_id="2"
- role="user"
- organization_uuid="org1"/>
-
- <!-- user2 has user access on DEF only -->
- <users id="11"
- login="user2"
- name="User 2"
- email="user2@company.net"
- active="[true]"
- is_root="[false]"/>
- <user_roles id="4"
- user_id="11"
- resource_id="1"
- role="admin"
- organization_uuid="org1"/>
- <user_roles id="5"
- user_id="11"
- resource_id="2"
- role="user"
- organization_uuid="org1"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <projects uuid="ABC"
- uuid_path="NOT_USED"
- project_uuid="ABC"
- module_uuid="[null]"
- module_uuid_path="."
- root_uuid="ABC"
- scope="PRJ"
- qualifier="TRK"
- kee="org.struts:struts"
- name="Struts"
- description="the description"
- long_name="Apache Struts"
- enabled="[true]"
- language="java"
- path="[null]"
- authorization_updated_at="123456789"
- id="1"/>
-
- <users id="10"
- login="user1"
- name="User 1"
- email="user1@company.net"
- active="[true]"
- is_root="[false]"/>
- <user_roles id="1"
- user_id="10"
- resource_id="1"
- role="user"
- organization_uuid="org1"/>
- <user_roles id="2"
- user_id="10"
- resource_id="1"
- role="admin"
- organization_uuid="org1"/>
- <user_roles id="3"
- user_id="10"
- resource_id="2"
- role="admin"
- organization_uuid="org1"/>
-
- <groups id="100"
- name="devs"
- organization_uuid="org1"/>
- <group_roles id="1"
- group_id="100"
- resource_id="1"
- role="user"
- organization_uuid="org1"/>
- <group_roles id="2"
- group_id="100"
- resource_id="2"
- role="admin"
- organization_uuid="org1"/>
-
- <!-- Anyone group -->
- <group_roles id="3"
- group_id="[null]"
- resource_id="1"
- role="user"
- organization_uuid="org1"/>
- <group_roles id="4"
- group_id="[null]"
- resource_id="2"
- role="admin"
- organization_uuid="org1"/>
-
-</dataset>
projects / sonarqube.git / commitdiff