import javax.annotation.Nullable;
-import java.util.*;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
import static com.google.common.collect.Maps.newHashMap;
public boolean isAuthorizedComponentKey(String componentKey, @Nullable Integer userId, String role) {
DbSession session = mybatis.openSession(false);
try {
- return keepAuthorizedComponentKeys(session, Sets.newHashSet(componentKey), userId, role).size() == 1;
+ return keepAuthorizedComponentKeys(session, componentKey, userId, role).size() == 1;
} finally {
MyBatis.closeQuietly(session);
}
}
- private Set<String> keepAuthorizedComponentKeys(final DbSession session, final Set<String> componentKeys, @Nullable final Integer userId, final String role) {
- if (componentKeys.isEmpty()) {
- return Collections.emptySet();
+ private List<String> keepAuthorizedComponentKeys(final DbSession session, final String componentKey, @Nullable final Integer userId, final String role) {
+ if (userId == null) {
+ return session.getMapper(AuthorizationMapper.class).keepAuthorizedComponentKeysForAnonymous(role, Sets.newHashSet(componentKey));
+ } else {
+ return session.getMapper(AuthorizationMapper.class).keepAuthorizedComponentKeysForUser(userId, role, Sets.newHashSet(componentKey));
}
- return Sets.newHashSet(DaoUtils.executeLargeInputs(componentKeys, new Function<List<String>, List<String>>() {
- @Override
- public List<String> apply(List<String> partition) {
- if (userId == null) {
- return session.getMapper(AuthorizationMapper.class).keepAuthorizedComponentKeysForAnonymous(role, componentKeys);
- } else {
- return session.getMapper(AuthorizationMapper.class).keepAuthorizedComponentKeysForUser(userId, role, componentKeys);
- }
- }
- }));
}
public Collection<String> selectAuthorizedRootProjectsKeys(@Nullable Integer userId, String role) {
import org.sonar.core.persistence.DbSession;
import java.util.Collection;
+import java.util.Collections;
import static org.assertj.core.api.Assertions.assertThat;
Sets.newHashSet(PROJECT_ID),
USER, "admin");
assertThat(componentIds).isEmpty();
+
+ assertThat(authorization.keepAuthorizedProjectIds(session,
+ Collections.<Long>emptySet(),
+ USER, "admin")).isEmpty();
}
@Test
assertThat(authorization.isAuthorizedComponentKey(PROJECT, USER, "admin")).isFalse();
}
+ @Test
+ public void is_authorized_component_key_for_anonymous() {
+ setupData("anonymous_should_be_authorized");
+
+ AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
+
+ assertThat(authorization.isAuthorizedComponentKey(PROJECT, null, "user")).isTrue();
+ assertThat(authorization.isAuthorizedComponentKey(PROJECT, null, "admin")).isFalse();
+ }
+
@Test
public void group_should_be_authorized() {
// user is in an authorized group
--- /dev/null
+<dataset>
+
+ <!-- user 100 has no direct grant access, but is in the group 200 that has the role "user"
+ on the all the projects -->
+ <user_roles id="1" user_id="100" resource_id="999" role="user"/>
+ <groups_users user_id="100" group_id="200"/>
+ <group_roles id="1" group_id="200" resource_id="[null]" role="user"/>
+
+ <projects id="301" kee="pj-w-snapshot:package" root_id="300" uuid="ABCD" module_uuid="DEFG"/>
+ <projects id="302" kee="pj-w-snapshot:file" root_id="300" uuid="BCDE" module_uuid="DEFG"/>
+ <projects id="303" kee="pj-w-snapshot:other" root_id="300" uuid="CDEF" module_uuid="DEFG"/>
+ <projects id="300" kee="pj-w-snapshot" uuid="DEFG" module_uuid="[null]"/>
+ <projects id="400" kee="pj-wo-snapshot" uuid="EFGH" module_uuid="[null]"/>
+
+</dataset>
projects / sonarqube.git / commitdiff