*/
package org.sonar.plugins.core.security;
-import com.google.common.annotations.VisibleForTesting;
import org.apache.ibatis.session.SqlSession;
import org.sonar.api.BatchExtension;
-import org.sonar.api.Properties;
-import org.sonar.api.Property;
import org.sonar.api.config.Settings;
-import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.Resource;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.security.ResourcePermissioning;
/**
* @since 3.2
*/
-@Properties({
- @Property(key = "sonar.role." + UserRole.ADMIN + ".TRK.defaultGroups",
- name = "Default groups for project administrators",
- defaultValue = DefaultGroups.ADMINISTRATORS,
- global = false,
- project = false),
- @Property(key = "sonar.role." + UserRole.USER + ".TRK.defaultGroups",
- name = "Default groups for project users",
- defaultValue = DefaultGroups.USERS + "," + DefaultGroups.ANYONE,
- global = false,
- project = false),
- @Property(key = "sonar.role." + UserRole.CODEVIEWER + ".TRK.defaultGroups",
- name = "Default groups for project code viewers",
- defaultValue = DefaultGroups.USERS + "," + DefaultGroups.ANYONE,
- global = false,
- project = false)
-})
public class DefaultResourcePermissioning implements ResourcePermissioning, BatchExtension {
private final Settings settings;
UserMapper userMapper = session.getMapper(UserMapper.class);
RoleMapper roleMapper = session.getMapper(RoleMapper.class);
- String strategy = getStrategy(resource);
- String[] groupNames = settings.getStringArrayBySeparator("sonar.role." + role + "." + strategy + ".defaultGroups", ",");
+ String[] groupNames = settings.getStringArrayBySeparator("sonar.role." + role + "." + resource.getQualifier() + ".defaultGroups", ",");
for (String groupName : groupNames) {
GroupRoleDto groupRole = new GroupRoleDto().setRole(role).setResourceId(new Long(resource.getId()));
if (DefaultGroups.isAnyone(groupName)) {
}
}
- String[] logins = settings.getStringArrayBySeparator("sonar.role." + role + "." + strategy + ".defaultUsers", ",");
+ String[] logins = settings.getStringArrayBySeparator("sonar.role." + role + "." + resource.getQualifier() + ".defaultUsers", ",");
for (String login : logins) {
UserDto user = userMapper.selectUserByLogin(login);
if (user != null) {
}
}
}
-
- /**
- * This is workaround to support old versions of the Views plugin.
- * If the Views plugin does not define default permissions, then the standard permissions are re-used for new views.
- */
- @VisibleForTesting
- String getStrategy(Resource resource) {
- String qualifier = resource.getQualifier();
- String result;
- if (Qualifiers.PROJECT.equals(qualifier)) {
- result = qualifier;
-
- } else if (hasRoleSettings(UserRole.ADMIN, qualifier) || hasRoleSettings(UserRole.USER, qualifier) || hasRoleSettings(UserRole.CODEVIEWER, qualifier)) {
- result = qualifier;
- } else {
- result = Qualifiers.PROJECT;
- }
- return result;
- }
-
- private boolean hasRoleSettings(String role, String qualifier) {
- return settings.getString("sonar.role." + role + "." + qualifier + ".defaultGroups") != null
- || settings.getString("sonar.role." + role + "." + qualifier + ".defaultUsers") != null;
- }
}
package org.sonar.plugins.core.security;
import org.junit.Test;
-import org.sonar.api.Properties;
-import org.sonar.api.Property;
-import org.sonar.api.config.PropertyDefinitions;
import org.sonar.api.config.Settings;
import org.sonar.api.resources.Project;
-import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.Resource;
import org.sonar.api.security.DefaultGroups;
import org.sonar.core.persistence.AbstractDaoTestCase;
import static org.fest.assertions.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
public class DefaultResourcePermissioningTest extends AbstractDaoTestCase {
public void grantDefaultRoles() {
setupData("grantDefaultRoles");
- Settings settings = new Settings(new PropertyDefinitions(DefaultResourcePermissioning.class));
+ Settings settings = new Settings();
+ settings.setProperty("sonar.role.admin.TRK.defaultGroups", "sonar-administrators");
+ settings.setProperty("sonar.role.admin.TRK.defaultUsers", "");
+ settings.setProperty("sonar.role.user.TRK.defaultGroups", "Anyone,sonar-users");
+ settings.setProperty("sonar.role.user.TRK.defaultUsers", "");
+ settings.setProperty("sonar.role.codeviewer.TRK.defaultGroups", "Anyone,sonar-users");
+ settings.setProperty("sonar.role.codeviewer.TRK.defaultUsers", "");
DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis());
+
permissioning.grantDefaultRoles(project);
checkTables("grantDefaultRoles", "user_roles", "group_roles");
// does not exist
assertThat(permissioning.hasRoles(new Project("not_found"))).isFalse();
}
-
- @Test
- public void use_default_project_roles_when_old_version_of_views_plugin() {
- DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis());
- Resource view = mock(Resource.class);
- when(view.getQualifier()).thenReturn(Qualifiers.VIEW);
-
- assertThat(permissioning.getStrategy(view)).isEqualTo(Qualifiers.PROJECT);
- }
-
- @Test
- public void use_existing_view_roles() {
- Settings settings = new Settings();
- settings.setProperty("sonar.role.admin.VW.defaultUsers", "sonar-administrators");
-
- DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis());
- Resource view = mock(Resource.class);
- when(view.getQualifier()).thenReturn(Qualifiers.VIEW);
-
- assertThat(permissioning.getStrategy(view)).isEqualTo(Qualifiers.VIEW);
- }
-
- @Test
- public void use_existing_default_view_roles() {
- Settings settings = new Settings(new PropertyDefinitions(RecentViewPlugin.class));
-
- DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis());
- Resource view = mock(Resource.class);
- when(view.getQualifier()).thenReturn(Qualifiers.VIEW);
-
- assertThat(permissioning.getStrategy(view)).isEqualTo(Qualifiers.VIEW);
- }
-
- @Properties({
- @Property(key = "sonar.role.user.VW.defaultUsers", defaultValue = "sonar-users", name = "")
- })
- static class RecentViewPlugin {
-
- }
}
\ No newline at end of file
new rows : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer),
-->
<group_roles id="3" group_id="100" resource_id="123" role="admin"/>
- <group_roles id="4" group_id="101" resource_id="123" role="user"/>
- <group_roles id="5" group_id="[null]" resource_id="123" role="user"/>
- <group_roles id="6" group_id="101" resource_id="123" role="codeviewer"/>
- <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
+ <group_roles id="4" group_id="[null]" resource_id="123" role="user"/>
+ <group_roles id="5" group_id="101" resource_id="123" role="user"/>
+ <group_roles id="6" group_id="[null]" resource_id="123" role="codeviewer"/>
+ <group_roles id="7" group_id="101" resource_id="123" role="codeviewer"/>
</dataset>
\ No newline at end of file
INSERT INTO GROUPS_USERS(USER_ID, GROUP_ID) VALUES (1, 1);
INSERT INTO GROUPS_USERS(USER_ID, GROUP_ID) VALUES (1, 2);
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (1, 'sonar.role.admin.TRK.defaultGroups', 'sonar-administrators');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (2, 'sonar.role.admin.TRK.defaultUsers', '');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (3, 'sonar.role.user.TRK.defaultGroups', 'Anyone,sonar-users');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (4, 'sonar.role.user.TRK.defaultUsers', '');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (5, 'sonar.role.codeviewer.TRK.defaultGroups', 'Anyone,sonar-users');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (6, 'sonar.role.codeviewer.TRK.defaultUsers', '');
+
+-- COMPATIBILITY WITH OLD VERSIONS OF VIEWS PLUGIN -> see migration 320
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (7, 'sonar.role.admin.VW.defaultGroups', 'sonar-administrators');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (8, 'sonar.role.admin.VW.defaultUsers', '');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (9, 'sonar.role.user.VW.defaultGroups', 'Anyone,sonar-users');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (10, 'sonar.role.user.VW.defaultUsers', '');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (11, 'sonar.role.codeviewer.VW.defaultGroups', 'Anyone,sonar-users');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (12, 'sonar.role.codeviewer.VW.defaultUsers', '');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (13, 'sonar.role.admin.SVW.defaultGroups', 'sonar-administrators');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (14, 'sonar.role.admin.SVW.defaultUsers', '');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (15, 'sonar.role.user.SVW.defaultGroups', 'Anyone,sonar-users');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (16, 'sonar.role.user.SVW.defaultUsers', '');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (17, 'sonar.role.codeviewer.SVW.defaultGroups', 'Anyone,sonar-users');
+INSERT INTO PROPERTIES(ID, PROP_KEY, TEXT_VALUE) VALUES (18, 'sonar.role.codeviewer.SVW.defaultUsers', '');
+ALTER TABLE PROPERTIES ALTER COLUMN ID RESTART WITH 19;
+
INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('1');
INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('2');
INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('10');
end
def default_project_group_names(role, qualifier)
- property_value=(controller.java_facade.getConfigurationValue("sonar.role.#{role}.#{qualifier}.defaultGroups")||'')
- Api::Utils.insensitive_sort(property_value.split(','))
+ group_names=(controller.java_facade.getConfigurationValue("sonar.role.#{role}.#{qualifier}.defaultGroups")||'').split(',')
+
+ # verify that groups still exist
+ result = []
+ if group_names.size>0
+ groups = Group.find(:all, :conditions => ['name in (?)', group_names])
+ result = Api::Utils.insensitive_sort(groups.map{|g| g.name})
+ result = ['Anyone'].concat(result) if group_names.include? 'Anyone'
+ end
+ result
end
def default_project_users(role, qualifier)
- property_value=(controller.java_facade.getConfigurationValue("sonar.role.#{role}.#{qualifier}.defaultUsers") || '')
- logins=property_value.split(',')
+ logins=(controller.java_facade.getConfigurationValue("sonar.role.#{role}.#{qualifier}.defaultUsers") || '').split(',')
users = User.find(:all, :conditions => ['login in (?) and active=?', logins, true])
Api::Utils.insensitive_sort(users) { |user| user.name }
end
# upgrade from version < 3.2.
move_groups
move_users
+ else
+ create_default_groups('admin', 'TRK', 'sonar-administrators')
+ create_default_groups('user', 'TRK', 'Anyone,sonar-users')
+ create_default_groups('codeviewer', 'TRK', 'Anyone,sonar-users')
+
+ # Support old versions of Views plugin
+ create_default_groups('admin', 'VW', 'sonar-administrators')
+ create_default_groups('user', 'VW', 'Anyone,sonar-users')
+ create_default_groups('codeviewer', 'VW', 'Anyone,sonar-users')
+ create_default_groups('admin', 'SVW', 'sonar-administrators')
+ create_default_groups('user', 'SVW', 'Anyone,sonar-users')
+ create_default_groups('codeviewer', 'SVW', 'Anyone,sonar-users')
end
end
private
+ def self.create_default_groups(role, qualifier, groups)
+ Property.create(:prop_key => "sonar.role.#{role}.#{qualifier}.defaultGroups", :text_value => groups)
+ Property.create(:prop_key => "sonar.role.#{role}.#{qualifier}.defaultUsers", :text_value => '')
+ end
+
def self.move_groups
groups_per_role={}
group_roles = GroupRole.find(:all, :conditions => ['resource_id is null and role like ?', 'default-%'])
projects / sonarqube.git / commitdiff