*/
package org.sonar.server.computation.task.projectanalysis.step;
+import java.util.List;
+import java.util.Map;
+import org.elasticsearch.search.SearchHit;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
dbSession.commit();
assertThat(dbClient.componentDao().selectOrFailByKey(dbSession, ROOT_KEY).getAuthorizationUpdatedAt()).isNotNull();
- assertThat(dbClient.roleDao().selectGroupPermissions(dbSession, DefaultGroups.ANYONE, projectDto.getId())).containsOnly(UserRole.USER);
+ assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession,
+ dbTester.getDefaultOrganization().getUuid(), null, projectDto.getId())).containsOnly(UserRole.USER);
authorizationIndexerTester.verifyProjectExistsWithPermission(ROOT_UUID, singletonList(DefaultGroups.ANYONE), emptyList());
}
dbSession.commit();
assertThat(dbClient.componentDao().selectOrFailByKey(dbSession, ROOT_KEY).getAuthorizationUpdatedAt()).isNotNull();
- assertThat(dbClient.roleDao().selectGroupPermissions(dbSession, DefaultGroups.ANYONE, viewDto.getId())).containsOnly(permission);
+ assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession,
+ dbTester.getDefaultOrganization().getUuid(), null, viewDto.getId())).containsOnly(permission);
}
@Test
}
private void createDefaultPermissionTemplate(String permission) {
- PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().insert(dbSession, newPermissionTemplateDto().setName("Default"));
- settings.setProperty("sonar.permission.template.default", permissionTemplateDto.getKee());
- dbClient.permissionTemplateDao().insertGroupPermission(dbSession, permissionTemplateDto.getId(), null, permission);
+ PermissionTemplateDto defaultTemplate = newPermissionTemplateDto()
+ .setOrganizationUuid(dbTester.getDefaultOrganization().getUuid())
+ .setName("Default");
+ dbClient.permissionTemplateDao().insert(dbSession, defaultTemplate);
+ settings.setProperty("sonar.permission.template.default", defaultTemplate.getKee());
+ dbClient.permissionTemplateDao().insertGroupPermission(dbSession, defaultTemplate.getId(), null, permission);
dbSession.commit();
}
import java.util.Collection;
import java.util.List;
-import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import org.apache.ibatis.session.RowBounds;
import org.sonar.db.DbSession;
import static com.google.common.base.Preconditions.checkArgument;
-import static java.util.Arrays.asList;
import static java.util.Collections.emptyList;
import static org.sonar.db.DatabaseUtils.executeLargeInputs;
.collect(Collectors.toList());
}
- /**
- * Shortcut over {@link #select(DbSession, PermissionQuery, Collection)}
- * @param userLogin the non-null user login
- * @param projectUuid if null, then return global permissions, else return permissions of user on this project
- */
- public Set<String> selectPermissionsByLogin(DbSession dbSession, String userLogin, @Nullable String projectUuid) {
- PermissionQuery query = PermissionQuery.builder()
- .withAtLeastOnePermission()
- .setComponentUuid(projectUuid)
- .build();
- return select(dbSession, query, asList(userLogin)).stream()
- .map(ExtendedUserPermissionDto::getPermission)
- .collect(Collectors.toSet());
- }
-
-
/**
* @see UserPermissionMapper#countUsersByQuery(PermissionQuery, Collection)
*/
package org.sonar.db.user;
import java.util.List;
-import javax.annotation.Nullable;
-import org.sonar.api.security.DefaultGroups;
import org.sonar.db.Dao;
import org.sonar.db.DbSession;
return mapper(dbSession).selectComponentIdsByPermissionAndUserId(permission, userId);
}
- /**
- * @deprecated replaced by {@link org.sonar.db.permission.GroupPermissionDao#selectGroupPermissions(DbSession, long, Long)}
- * and {@link org.sonar.db.permission.GroupPermissionDao#selectAnyonePermissions(DbSession, Long)}
- */
- @Deprecated
- public List<String> selectGroupPermissions(DbSession session, String groupName, @Nullable Long resourceId) {
- return session.getMapper(RoleMapper.class).selectGroupPermissions(groupName, resourceId, DefaultGroups.isAnyone(groupName));
- }
-
-
public void deleteGroupRolesByGroupId(DbSession session, long groupId) {
mapper(session).deleteGroupRolesByGroupId(groupId);
}
- /**
- * @deprecated does not support organizations
- */
- @Deprecated
- public int countUserPermissions(DbSession session, String permission, @Nullable Long allGroupsExceptThisGroupId) {
- return mapper(session).countUsersWithPermission(permission, allGroupsExceptThisGroupId);
- }
-
private static RoleMapper mapper(DbSession session) {
return session.getMapper(RoleMapper.class);
}
package org.sonar.db.user;
import java.util.List;
-import javax.annotation.Nullable;
import org.apache.ibatis.annotations.Param;
-/**
- * @since 3.2
- */
public interface RoleMapper {
List<Long> selectComponentIdsByPermissionAndUserId(@Param("permission") String permission, @Param("userId") long userId);
- /**
- * @return permissions from to a group
- */
- List<String> selectGroupPermissions(@Param("groupName") String groupName, @Nullable @Param("resourceId") Long resourceId, @Param("isAnyOneGroup") Boolean isAnyOneGroup);
-
void deleteGroupRolesByGroupId(long groupId);
- int countUsersWithPermission(@Param("permission") String permission, @Nullable @Param("groupId") Long groupId);
}
ORDER by resource_id
</select>
- <select id="selectGroupPermissions" parameterType="map" resultType="String">
- SELECT gr.role
- FROM group_roles gr
- <if test="isAnyOneGroup != true">
- INNER JOIN groups g ON g.id = gr.group_id
- </if>
- <where>
- <choose>
- <when test="isAnyOneGroup != true">
- AND g.name = #{groupName}
- </when>
- <otherwise>
- AND gr.group_id IS NULL
- </otherwise>
- </choose>
- <choose>
- <when test="resourceId != null">
- AND resource_id=#{resourceId}
- </when>
- <otherwise>
- AND resource_id IS NULL
- </otherwise>
- </choose>
- </where>
- </select>
-
- <select id="countUsersWithPermission" parameterType="map" resultType="int">
- SELECT count(c.id)
- FROM (
- SELECT DISTINCT ur.user_id as id
- FROM user_roles ur
- INNER JOIN users u ON u.id=ur.user_id AND u.active=${_true}
- WHERE
- ur.role = #{permission} and ur.resource_id IS NULL
- UNION ALL
- SELECT DISTINCT u.id as id
- FROM users u
- INNER JOIN groups_users gu ON gu.user_id = u.id
- INNER JOIN group_roles gr ON gr.group_id = gu.group_id
- INNER JOIN groups g ON g.id = gu.group_id
- WHERE
- gr.role = #{permission}
- AND gr.resource_id IS NULL
- AND u.active=${_true}
- <if test="groupId!=null">
- AND g.id!=#{groupId}
- </if>
- ) c
- </select>
-
<delete id="deleteGroupRolesByGroupId" parameterType="long">
delete from group_roles where group_id=#{id}
</delete>
*/
package org.sonar.db.permission;
+import java.util.List;
import javax.annotation.Nullable;
import org.junit.Before;
import org.junit.Rule;
import org.sonar.db.permission.template.PermissionTemplateDbTester;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.user.GroupDto;
-import org.sonar.db.user.RoleDao;
import org.sonar.db.user.UserDto;
import static org.assertj.core.api.Assertions.assertThat;
public void apply_permission_template() {
dbTester.prepareDbUnit(getClass(), "should_apply_permission_template.xml");
- UserDto marius = dbTester.users().selectUserByLogin("marius").get();
- RoleDao roleDao = dbTester.getDbClient().roleDao();
- assertThat(roleDao.selectGroupPermissions(session, "sonar-administrators", PROJECT.getId())).isEmpty();
- assertThat(roleDao.selectGroupPermissions(session, "sonar-users", PROJECT.getId())).isEmpty();
- assertThat(roleDao.selectGroupPermissions(session, "Anyone", PROJECT.getId())).isEmpty();
- assertThat(dbTester.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(session, marius.getId(), PROJECT.getId())).isEmpty();
+ assertThat(selectProjectPermissionsOfGroup("org1", 100L, PROJECT)).isEmpty();
+ assertThat(selectProjectPermissionsOfGroup("org1", 101L, PROJECT)).isEmpty();
+ assertThat(selectProjectPermissionsOfGroup("org1", null, PROJECT)).isEmpty();
+ assertThat(selectProjectPermissionsOfUser(200L, PROJECT)).isEmpty();
PermissionTemplateDto template = dbTester.getDbClient().permissionTemplateDao().selectByUuid(session, "default_20130101_010203");
underTest.apply(session, template, PROJECT, null);
- assertThat(roleDao.selectGroupPermissions(session, "sonar-administrators", PROJECT.getId())).containsOnly("admin", "issueadmin");
- assertThat(roleDao.selectGroupPermissions(session, "sonar-users", PROJECT.getId())).containsOnly("user", "codeviewer");
- assertThat(roleDao.selectGroupPermissions(session, "Anyone", PROJECT.getId())).containsOnly("user", "codeviewer");
- assertThat(dbTester.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(session, marius.getId(), PROJECT.getId())).containsOnly("admin");
+ assertThat(selectProjectPermissionsOfGroup("org1", 100L, PROJECT)).containsOnly("admin", "issueadmin");
+ assertThat(selectProjectPermissionsOfGroup("org1", 101L, PROJECT)).containsOnly("user", "codeviewer");
+ assertThat(selectProjectPermissionsOfGroup("org1", null, PROJECT)).containsOnly("user", "codeviewer");
+ assertThat(selectProjectPermissionsOfUser(200L, PROJECT)).containsOnly("admin");
checkAuthorizationUpdatedAtIsUpdated();
}
+ private List<String> selectProjectPermissionsOfGroup(String organizationUuid, @Nullable Long groupId, ComponentDto project) {
+ return dbTester.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(session,
+ organizationUuid, groupId != null ? groupId : null, project.getId());
+ }
+
+ private List<String> selectProjectPermissionsOfUser(long userId, ComponentDto project) {
+ return dbTester.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(session,
+ userId, project.getId());
+ }
+
@Test
public void apply_default_permission_template_from_component_id() {
dbTester.prepareDbUnit(getClass(), "apply_default_permission_template_by_component_id.xml");
assertThat(underTest.selectLogins(dbSession, query)).isEmpty();
}
- @Test
- public void selectPermissionsByLogin() {
- addGlobalPermissionOnDefaultOrganization(SYSTEM_ADMIN, user1);
- addProjectPermissionOnDefaultOrganization(USER, user1, project1);
- addProjectPermissionOnDefaultOrganization(USER, user2, project1);
- addProjectPermissionOnDefaultOrganization(ISSUE_ADMIN, user2, project1);
- addProjectPermissionOnDefaultOrganization(ISSUE_ADMIN, user2, project2);
-
- // user1 has one global permission and user2 has no global permissions
- assertThat(underTest.selectPermissionsByLogin(dbSession, user1.getLogin(), null)).hasSize(1);
- assertThat(underTest.selectPermissionsByLogin(dbSession, user2.getLogin(), null)).hasSize(0);
-
- // user1 has one permission on project1, user2 has 2
- assertThat(underTest.selectPermissionsByLogin(dbSession, user1.getLogin(), project1.uuid())).hasSize(1);
- assertThat(underTest.selectPermissionsByLogin(dbSession, user2.getLogin(), project1.uuid())).hasSize(2);
-
- // nobody has permissions on a project that does not exist!
- assertThat(underTest.selectPermissionsByLogin(dbSession, user1.getLogin(), "missing")).hasSize(0);
-
- // users who do not exist don't have permissions!
- assertThat(underTest.selectPermissionsByLogin(dbSession, "missing", null)).hasSize(0);
- }
-
@Test
public void deleteGlobalPermission() {
addGlobalPermissionOnDefaultOrganization("perm1", user1);
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
-import org.sonar.api.security.DefaultGroups;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
assertThat(result).containsExactly(project1.getId(), project2.getId());
}
- @Test
- public void retrieve_global_group_permissions() {
- db.prepareDbUnit(getClass(), "globalGroupPermissions.xml");
-
- assertThat(underTest.selectGroupPermissions(db.getSession(), "sonar-administrators", null)).containsOnly(GlobalPermissions.SYSTEM_ADMIN,
- GlobalPermissions.QUALITY_PROFILE_ADMIN,
- GlobalPermissions.QUALITY_GATE_ADMIN);
- assertThat(underTest.selectGroupPermissions(db.getSession(), "sonar-users", null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
- assertThat(underTest.selectGroupPermissions(db.getSession(), DefaultGroups.ANYONE, null)).containsOnly(GlobalPermissions.PROVISIONING,
- GlobalPermissions.SCAN_EXECUTION);
- assertThat(underTest.selectGroupPermissions(db.getSession(), "anyone", null)).containsOnly(GlobalPermissions.PROVISIONING, GlobalPermissions.SCAN_EXECUTION);
- assertThat(underTest.selectGroupPermissions(db.getSession(), "AnYoNe", null)).containsOnly(GlobalPermissions.PROVISIONING, GlobalPermissions.SCAN_EXECUTION);
- }
-
- @Test
- public void retrieve_resource_group_permissions() {
- db.prepareDbUnit(getClass(), "resourceGroupPermissions.xml");
-
- assertThat(underTest.selectGroupPermissions(db.getSession(), "sonar-administrators", 1L)).containsOnly(UserRole.ADMIN, UserRole.CODEVIEWER);
- assertThat(underTest.selectGroupPermissions(db.getSession(), "sonar-users", 1L)).containsOnly(UserRole.CODEVIEWER);
- }
-
@Test
public void delete_all_group_permissions_by_group_id() {
db.prepareDbUnit(getClass(), "deleteGroupPermissionsByGroupId.xml");
db.assertDbUnit(getClass(), "deleteGroupPermissionsByGroupId-result.xml", "group_roles");
}
-
- @Test
- public void countUserPermissions() {
- db.users().insertProjectPermissionOnUser(user1, GlobalPermissions.SYSTEM_ADMIN, project1);
- db.users().insertPermissionOnUser(user1, GlobalPermissions.SYSTEM_ADMIN);
- db.users().insertPermissionOnUser(user1, GlobalPermissions.SCAN_EXECUTION);
-
- int result = underTest.countUserPermissions(db.getSession(), GlobalPermissions.SYSTEM_ADMIN, null);
-
- assertThat(result).isEqualTo(1);
- }
-
- @Test
- public void countUserPermissions_counts_users_with_one_permission_when_the_last_one_is_in_a_group() {
- GroupDto group1 = db.users().insertGroup(newGroupDto());
- db.users().insertMember(group1, user1);
- db.users().insertPermissionOnGroup(group1, GlobalPermissions.SYSTEM_ADMIN);
-
- int resultWithoutExcludingGroup = underTest.countUserPermissions(db.getSession(), GlobalPermissions.SYSTEM_ADMIN, null);
- assertThat(resultWithoutExcludingGroup).isEqualTo(1);
-
- int resultWithGroupExclusion = underTest.countUserPermissions(db.getSession(), GlobalPermissions.SYSTEM_ADMIN, group1.getId());
- assertThat(resultWithGroupExclusion).isEqualTo(0);
- }
-
- @Test
- public void countUserPermissions_counts_user_twice_when_both_user_and_group_permission() {
- GroupDto group1 = db.users().insertGroup(newGroupDto());
- db.users().insertMember(group1, user1);
- db.users().insertPermissionOnGroup(group1, GlobalPermissions.SYSTEM_ADMIN);
- db.users().insertPermissionOnUser(user1, GlobalPermissions.SYSTEM_ADMIN);
-
- int result = underTest.countUserPermissions(db.getSession(), GlobalPermissions.SYSTEM_ADMIN, null);
-
- assertThat(result).isEqualTo(2);
- }
}
MeasureFilterDto measureFilter = insertMeasureFilter(user, false);
MeasureFilterFavouriteDto measureFilterFavourite = insertMeasureFilterFavourite(measureFilter, user);
PropertyDto property = insertProperty(user);
- insertUserPermission(user);
+ db.users().insertPermissionOnUser(user, "perm");
insertUserGroup(user);
UserDto otherUser = newActiveUser();
assertThat(dbClient.measureFilterDao().selectById(session, measureFilter.getId())).isNull();
assertThat(dbClient.measureFilterFavouriteDao().selectById(session, measureFilterFavourite.getId())).isNull();
assertThat(dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setKey(property.getKey()).build(), session)).isEmpty();
- assertThat(dbClient.userPermissionDao().selectPermissionsByLogin(session, user.getLogin(), null)).isEmpty();
+ assertThat(dbClient.userPermissionDao().selectGlobalPermissionsOfUser(session, user.getId(), db.getDefaultOrganization().getUuid())).isEmpty();
assertThat(dbClient.groupMembershipDao().countGroups(session, builder().login(user.getLogin()).membership(IN).build(), user.getId())).isZero();
}
return dto;
}
- private org.sonar.db.permission.UserPermissionDto insertUserPermission(UserDto user) {
- String permission = randomAlphanumeric(64);
- UserPermissionDto dto = new UserPermissionDto(db.getDefaultOrganization().getUuid(), permission, user.getId(), null);
- dbClient.userPermissionDao().insert(session, dto);
- return dto;
- }
-
private UserGroupDto insertUserGroup(UserDto user) {
GroupDto group = newGroupDto().setName(randomAlphanumeric(30));
dbClient.groupDao().insert(session, group);
+++ /dev/null
-<dataset>
-
- <groups id="100"
- name="sonar-administrators"
- organization_uuid="org1"/>
- <groups id="101"
- name="sonar-users"
- organization_uuid="org1"/>
-
- <group_roles id="1"
- group_id="100"
- role="admin"
- resource_id="[null]"
- organization_uuid="org1"/>
- <group_roles id="3"
- group_id="100"
- role="gateadmin"
- resource_id="[null]"
- organization_uuid="org1"/>
- <group_roles id="4"
- group_id="101"
- role="gateadmin"
- resource_id="[null]"
- organization_uuid="org1"/>
-
- <!-- Group 'anyone' has a NULL group_id -->
- <group_roles id="5"
- group_id="[null]"
- role="scan"
- resource_id="[null]"
- organization_uuid="org1"/>
- <group_roles id="6"
- group_id="[null]"
- role="provisioning"
- resource_id="[null]"
- organization_uuid="org1"/>
-
- <group_roles id="7"
- group_id="102"
- role="admin"
- resource_id="1"
- organization_uuid="org1"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <groups id="100"
- name="sonar-administrators"
- organization_uuid="org1"/>
- <groups id="101"
- name="sonar-users"
- organization_uuid="org1"/>
-
- <group_roles id="1"
- group_id="100"
- role="admin"
- resource_id="[null]"
- organization_uuid="org1"/>
- <group_roles id="2"
- group_id="100"
- role="profileadmin"
- resource_id="[null]"
- organization_uuid="org1"/>
- <group_roles id="3"
- group_id="100"
- role="gateadmin"
- resource_id="[null]"
- organization_uuid="org1"/>
- <group_roles id="4"
- group_id="101"
- role="gateadmin"
- resource_id="[null]"
- organization_uuid="org1"/>
-
- <!-- Group 'anyone' has a NULL group_id -->
- <group_roles id="5"
- group_id="[null]"
- role="scan"
- resource_id="[null]"
- organization_uuid="org1"/>
- <group_roles id="6"
- group_id="[null]"
- role="provisioning"
- resource_id="[null]"
- organization_uuid="org1"/>
-
- <!-- Component permission, it should not be returned with global permissions -->
- <group_roles id="7"
- group_id="102"
- role="admin"
- resource_id="1"
- organization_uuid="org1"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <groups id="100"
- name="sonar-administrators"
- organization_uuid="org1"/>
- <groups id="101"
- name="sonar-users"
- organization_uuid="org1"/>
-
- <group_roles id="1"
- group_id="100"
- role="admin"
- resource_id="1"
- organization_uuid="org1"/>
- <group_roles id="3"
- group_id="101"
- role="codeviewer"
- resource_id="1"
- organization_uuid="org1"/>
-
- <!-- Group 'anyone' has a NULL group_id -->
- <group_roles id="4"
- group_id="[null]"
- role="user"
- resource_id="1"
- organization_uuid="org1"/>
-
- <group_roles id="5"
- group_id="100"
- role="admin"
- resource_id="[null]"
- organization_uuid="org1"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <groups id="100"
- name="sonar-administrators"
- organization_uuid="org1"/>
- <groups id="101"
- name="sonar-users"
- organization_uuid="org1"/>
-
- <group_roles id="1"
- group_id="100"
- role="admin"
- resource_id="1"
- organization_uuid="org1"/>
- <group_roles id="2"
- group_id="100"
- role="codeviewer"
- resource_id="1"
- organization_uuid="org1"/>
- <group_roles id="3"
- group_id="101"
- role="codeviewer"
- resource_id="1"
- organization_uuid="org1"/>
-
- <!-- Group 'anyone' has a NULL group_id -->
- <group_roles id="4"
- group_id="[null]"
- role="user"
- resource_id="1"
- organization_uuid="org1"/>
-
- <!-- Global permission, it should not be returned with component permissions -->
- <group_roles id="5"
- group_id="100"
- role="admin"
- resource_id="[null]"
- organization_uuid="org1"/>
-
-</dataset>
projects / sonarqube.git / commitdiff