import org.sonar.db.component.ResourceDao;
import org.sonar.db.component.ResourceDto;
import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.util.RubyUtils;
public class DefaultRubyComponentService implements RubyComponentService {
private final ResourceDao resourceDao;
private final DefaultComponentFinder finder;
private final ComponentService componentService;
- private final InternalPermissionService permissionService;
+ private final PermissionService permissionService;
- public DefaultRubyComponentService(ResourceDao resourceDao, DefaultComponentFinder finder, ComponentService componentService, InternalPermissionService permissionService) {
+ public DefaultRubyComponentService(ResourceDao resourceDao, DefaultComponentFinder finder, ComponentService componentService, PermissionService permissionService) {
this.resourceDao = resourceDao;
this.finder = finder;
this.componentService = componentService;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
-import org.sonar.db.permission.PermissionFacade;
+import org.sonar.db.permission.PermissionRepository;
import org.sonar.server.computation.component.DbIdsRepository;
import org.sonar.server.computation.component.TreeRootHolder;
import org.sonar.server.issue.index.IssueAuthorizationIndexer;
private final DbClient dbClient;
private final DbIdsRepository dbIdsRepository;
private final IssueAuthorizationIndexer indexer;
- private final PermissionFacade permissionFacade;
+ private final PermissionRepository permissionRepository;
private final TreeRootHolder treeRootHolder;
public ApplyPermissionsStep(DbClient dbClient, DbIdsRepository dbIdsRepository, IssueAuthorizationIndexer indexer,
- PermissionFacade permissionFacade, TreeRootHolder treeRootHolder) {
+ PermissionRepository permissionRepository, TreeRootHolder treeRootHolder) {
this.dbClient = dbClient;
this.dbIdsRepository = dbIdsRepository;
this.indexer = indexer;
- this.permissionFacade = permissionFacade;
+ this.permissionRepository = permissionRepository;
this.treeRootHolder = treeRootHolder;
}
DbSession session = dbClient.openSession(false);
try {
long projectId = dbIdsRepository.getComponentId(treeRootHolder.getRoot());
- if (permissionFacade.countComponentPermissions(session, projectId) == 0) {
- permissionFacade.grantDefaultRoles(session, projectId, Qualifiers.PROJECT);
+ if (dbClient.roleDao().countComponentPermissions(session, projectId) == 0) {
+ permissionRepository.grantDefaultRoles(session, projectId, Qualifiers.PROJECT);
session.commit();
}
// As batch is still apply permission on project, indexing of issue authorization must always been done
+++ /dev/null
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2014 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.server.permission;
-
-import java.util.List;
-import java.util.Map;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-import org.sonar.api.security.DefaultGroups;
-import org.sonar.api.server.ServerSide;
-import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.db.DbClient;
-import org.sonar.db.DbSession;
-import org.sonar.db.component.ComponentDto;
-import org.sonar.db.component.ResourceDto;
-import org.sonar.db.permission.PermissionFacade;
-import org.sonar.db.user.GroupDto;
-import org.sonar.db.user.UserDto;
-import org.sonar.server.component.ComponentFinder;
-import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.exceptions.ForbiddenException;
-import org.sonar.server.issue.index.IssueAuthorizationIndexer;
-import org.sonar.server.user.UserSession;
-
-/**
- * Used by ruby code <pre>Internal.permissions</pre>
- */
-@ServerSide
-public class InternalPermissionService {
-
- private enum Operation {
- ADD, REMOVE
- }
-
- private static final String OBJECT_TYPE_USER = "User";
- private static final String OBJECT_TYPE_GROUP = "Group";
- private static final String NOT_FOUND_FORMAT = "%s %s does not exist";
-
- private final DbClient dbClient;
- private final PermissionFacade permissionFacade;
- private final PermissionFinder finder;
- private final IssueAuthorizationIndexer issueAuthorizationIndexer;
- private final UserSession userSession;
- private final ComponentFinder componentFinder;
-
- public InternalPermissionService(DbClient dbClient, PermissionFacade permissionFacade, PermissionFinder finder,
- IssueAuthorizationIndexer issueAuthorizationIndexer, UserSession userSession, ComponentFinder componentFinder) {
- this.dbClient = dbClient;
- this.permissionFacade = permissionFacade;
- this.finder = finder;
- this.issueAuthorizationIndexer = issueAuthorizationIndexer;
- this.userSession = userSession;
- this.componentFinder = componentFinder;
- }
-
- public List<String> globalPermissions() {
- return GlobalPermissions.ALL;
- }
-
- public UserWithPermissionQueryResult findUsersWithPermission(Map<String, Object> params) {
- return finder.findUsersWithPermission(PermissionQueryParser.toQuery(params));
- }
-
- public UserWithPermissionQueryResult findUsersWithPermissionTemplate(Map<String, Object> params) {
- return finder.findUsersWithPermissionTemplate(PermissionQueryParser.toQuery(params));
- }
-
- public GroupWithPermissionQueryResult findGroupsWithPermission(Map<String, Object> params) {
- return finder.findGroupsWithPermission(PermissionQueryParser.toQuery(params));
- }
-
- /**
- * To be used only by jruby webapp
- */
- public void addPermission(Map<String, Object> params) {
- addPermission(PermissionChange.buildFromParams(params));
- }
-
- public void addPermission(PermissionChange change) {
- DbSession session = dbClient.openSession(false);
- try {
- applyChange(Operation.ADD, change, session);
- } finally {
- dbClient.closeSession(session);
- }
- }
-
- /**
- * To be used only by jruby webapp
- */
- public void removePermission(Map<String, Object> params) {
- removePermission(PermissionChange.buildFromParams(params));
- }
-
- public void removePermission(PermissionChange change) {
- DbSession session = dbClient.openSession(false);
- try {
- applyChange(Operation.REMOVE, change, session);
- } finally {
- session.close();
- }
- }
-
- public void applyDefaultPermissionTemplate(final String componentKey) {
- userSession.checkLoggedIn();
-
- DbSession session = dbClient.openSession(false);
- try {
- ComponentDto component = componentFinder.getByKey(session, componentKey);
- ResourceDto provisioned = dbClient.resourceDao().selectProvisionedProject(session, componentKey);
- if (provisioned == null) {
- checkProjectAdminPermission(componentKey);
- } else {
- userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING);
- }
- permissionFacade.grantDefaultRoles(session, component.getId(), component.qualifier());
- session.commit();
- } finally {
- session.close();
- }
- indexProjectPermissions();
- }
-
- public void applyPermissionTemplate(Map<String, Object> params) {
- userSession.checkLoggedIn();
- ApplyPermissionTemplateQuery query = ApplyPermissionTemplateQuery.buildFromParams(params);
- applyPermissionTemplate(query);
- }
-
- void applyPermissionTemplate(ApplyPermissionTemplateQuery query) {
- query.validate();
-
- boolean projectsChanged = false;
- DbSession session = dbClient.openSession(false);
- try {
- // If only one project is selected, check user has admin permission on it, otherwise we are in the case of a bulk change and only
- // system
- // admin has permission to do it
- if (query.getSelectedComponents().size() == 1) {
- checkProjectAdminPermission(query.getSelectedComponents().get(0));
- } else {
- checkProjectAdminPermission(null);
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
- }
-
- for (String componentKey : query.getSelectedComponents()) {
- ComponentDto component = componentFinder.getByKey(session, componentKey);
- permissionFacade.applyPermissionTemplate(session, query.getTemplateKey(), component.getId());
- projectsChanged = true;
- }
- session.commit();
- } finally {
- session.close();
- }
- if (projectsChanged) {
- indexProjectPermissions();
- }
- }
-
- private void applyChange(Operation operation, PermissionChange change, DbSession session) {
- userSession.checkLoggedIn();
- change.validate();
- boolean changed;
- if (change.user() != null) {
- changed = applyChangeOnUser(session, operation, change);
- } else {
- changed = applyChangeOnGroup(session, operation, change);
- }
- if (changed) {
- session.commit();
- if (change.component() != null) {
- indexProjectPermissions();
- }
- }
- }
-
- private boolean applyChangeOnGroup(DbSession session, Operation operation, PermissionChange permissionChange) {
- Long componentId = getComponentId(session, permissionChange.component());
- checkProjectAdminPermission(permissionChange.component());
-
- List<String> existingPermissions = permissionFacade.selectGroupPermissions(session, permissionChange.group(), componentId);
- if (shouldSkipPermissionChange(operation, existingPermissions, permissionChange)) {
- return false;
- }
-
- Long targetedGroup = getTargetedGroup(session, permissionChange.group());
- if (Operation.ADD == operation) {
- permissionFacade.insertGroupPermission(componentId, targetedGroup, permissionChange.permission(), session);
- } else {
- permissionFacade.deleteGroupPermission(componentId, targetedGroup, permissionChange.permission(), session);
- }
- return true;
- }
-
- private boolean applyChangeOnUser(DbSession session, Operation operation, PermissionChange permissionChange) {
- Long componentId = getComponentId(session, permissionChange.component());
- checkProjectAdminPermission(permissionChange.component());
-
- List<String> existingPermissions = permissionFacade.selectUserPermissions(session, permissionChange.user(), componentId);
- if (shouldSkipPermissionChange(operation, existingPermissions, permissionChange)) {
- return false;
- }
-
- Long targetedUser = getTargetedUser(session, permissionChange.user());
- if (Operation.ADD == operation) {
- permissionFacade.insertUserPermission(componentId, targetedUser, permissionChange.permission(), session);
- } else {
- permissionFacade.deleteUserPermission(componentId, targetedUser, permissionChange.permission(), session);
- }
- return true;
-
- }
-
- private Long getTargetedUser(DbSession session, String userLogin) {
- UserDto user = dbClient.userDao().selectActiveUserByLogin(session, userLogin);
- badRequestIfNullResult(user, OBJECT_TYPE_USER, userLogin);
- return user.getId();
- }
-
- @Nullable
- private Long getTargetedGroup(DbSession session, String group) {
- if (DefaultGroups.isAnyone(group)) {
- return null;
- } else {
- GroupDto groupDto = dbClient.userDao().selectGroupByName(group, session);
- badRequestIfNullResult(groupDto, OBJECT_TYPE_GROUP, group);
- return groupDto.getId();
- }
- }
-
- private boolean shouldSkipPermissionChange(Operation operation, List<String> existingPermissions, PermissionChange permissionChange) {
- return (Operation.ADD == operation && existingPermissions.contains(permissionChange.permission())) ||
- (Operation.REMOVE == operation && !existingPermissions.contains(permissionChange.permission()));
- }
-
- @CheckForNull
- private Long getComponentId(DbSession session, @Nullable String componentKey) {
- if (componentKey == null) {
- return null;
- } else {
- ComponentDto component = componentFinder.getByKey(session, componentKey);
- return component.getId();
- }
- }
-
- private static Object badRequestIfNullResult(@Nullable Object component, String objectType, String objectKey) {
- if (component == null) {
- throw new BadRequestException(String.format(NOT_FOUND_FORMAT, objectType, objectKey));
- }
- return component;
- }
-
- private void checkProjectAdminPermission(@Nullable String projectKey) {
- if (projectKey == null) {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
- } else {
- if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, projectKey)) {
- throw new ForbiddenException("Insufficient privileges");
- }
- }
- }
-
- private void indexProjectPermissions() {
- issueAuthorizationIndexer.index();
- }
-}
+++ /dev/null
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2014 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.server.permission;
-
-import com.google.common.collect.Lists;
-import org.apache.commons.lang.StringUtils;
-import org.sonar.api.server.ServerSide;
-import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.db.permission.PermissionTemplateDao;
-import org.sonar.db.permission.PermissionTemplateDto;
-import org.sonar.db.DbSession;
-import org.sonar.db.MyBatis;
-import org.sonar.db.user.GroupDto;
-import org.sonar.db.user.UserDao;
-import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.exceptions.NotFoundException;
-
-import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
-
-import java.util.List;
-import java.util.Map;
-import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
-import org.sonar.server.user.UserSession;
-
-/**
- * Used by ruby code <pre>Internal.permission_templates</pre>
- */
-@ServerSide
-public class InternalPermissionTemplateService {
-
- private final MyBatis myBatis;
- private final PermissionTemplateDao permissionTemplateDao;
- private final UserDao userDao;
- private final PermissionFinder finder;
- private final UserSession userSession;
-
- public InternalPermissionTemplateService(MyBatis myBatis, PermissionTemplateDao permissionTemplateDao, UserDao userDao, PermissionFinder finder, UserSession userSession) {
- this.myBatis = myBatis;
- this.permissionTemplateDao = permissionTemplateDao;
- this.userDao = userDao;
- this.finder = finder;
- this.userSession = userSession;
- }
-
- public UserWithPermissionQueryResult findUsersWithPermissionTemplate(Map<String, Object> params) {
- return finder.findUsersWithPermissionTemplate(PermissionQueryParser.toQuery(params));
- }
-
- public GroupWithPermissionQueryResult findGroupsWithPermissionTemplate(Map<String, Object> params) {
- return finder.findGroupsWithPermissionTemplate(PermissionQueryParser.toQuery(params));
- }
-
- @CheckForNull
- public PermissionTemplate selectPermissionTemplate(String templateKey) {
- PermissionTemplateUpdater.checkSystemAdminUser(userSession);
- PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectPermissionTemplate(templateKey);
- return PermissionTemplate.create(permissionTemplateDto);
- }
-
- public List<PermissionTemplate> selectAllPermissionTemplates() {
- return selectAllPermissionTemplates(null);
- }
-
- public List<PermissionTemplate> selectAllPermissionTemplates(@Nullable String componentKey) {
- PermissionTemplateUpdater.checkProjectAdminUser(componentKey, userSession);
- List<PermissionTemplate> permissionTemplates = Lists.newArrayList();
- List<PermissionTemplateDto> permissionTemplateDtos = permissionTemplateDao.selectAllPermissionTemplates();
- if (permissionTemplateDtos != null) {
- for (PermissionTemplateDto permissionTemplateDto : permissionTemplateDtos) {
- permissionTemplates.add(PermissionTemplate.create(permissionTemplateDto));
- }
- }
- return permissionTemplates;
- }
-
- public PermissionTemplate createPermissionTemplate(String name, @Nullable String description, @Nullable String keyPattern) {
- PermissionTemplateUpdater.checkSystemAdminUser(userSession);
- validateTemplateName(null, name);
- validateKeyPattern(keyPattern);
- PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.insertPermissionTemplate(name, description, keyPattern);
- return PermissionTemplate.create(permissionTemplateDto);
- }
-
- public void updatePermissionTemplate(Long templateId, String newName, @Nullable String newDescription, @Nullable String newKeyPattern) {
- PermissionTemplateUpdater.checkSystemAdminUser(userSession);
- validateTemplateName(templateId, newName);
- validateKeyPattern(newKeyPattern);
- permissionTemplateDao.updatePermissionTemplate(templateId, newName, newDescription, newKeyPattern);
- }
-
- public void deletePermissionTemplate(Long templateId) {
- PermissionTemplateUpdater.checkSystemAdminUser(userSession);
- permissionTemplateDao.deletePermissionTemplate(templateId);
- }
-
- public void addUserPermission(String templateKey, String permission, String userLogin) {
- PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateKey, permission, userLogin, permissionTemplateDao, userDao, userSession) {
- @Override
- protected void doExecute(Long templateId, String permission) {
- Long userId = getUserId();
- permissionTemplateDao.insertUserPermission(templateId, userId, permission);
- }
- };
- updater.executeUpdate();
- }
-
- public void removeUserPermission(String templateKey, String permission, String userLogin) {
- PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateKey, permission, userLogin, permissionTemplateDao, userDao, userSession) {
- @Override
- protected void doExecute(Long templateId, String permission) {
- Long userId = getUserId();
- permissionTemplateDao.deleteUserPermission(templateId, userId, permission);
- }
- };
- updater.executeUpdate();
- }
-
- public void addGroupPermission(String templateKey, String permission, String groupName) {
- PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateKey, permission, groupName, permissionTemplateDao, userDao, userSession) {
- @Override
- protected void doExecute(Long templateId, String permission) {
- Long groupId = getGroupId();
- permissionTemplateDao.insertGroupPermission(templateId, groupId, permission);
- }
- };
- updater.executeUpdate();
- }
-
- public void removeGroupPermission(String templateKey, String permission, String groupName) {
- PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateKey, permission, groupName, permissionTemplateDao, userDao, userSession) {
- @Override
- protected void doExecute(Long templateId, String permission) {
- Long groupId = getGroupId();
- permissionTemplateDao.deleteGroupPermission(templateId, groupId, permission);
- }
- };
- updater.executeUpdate();
- }
-
- public void removeGroupFromTemplates(String groupName) {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
- DbSession session = myBatis.openSession(false);
- try {
- GroupDto group = userDao.selectGroupByName(groupName, session);
- if (group == null) {
- throw new NotFoundException("Group does not exists : " + groupName);
- }
- permissionTemplateDao.deleteByGroup(session, group.getId());
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- private void validateTemplateName(@Nullable Long templateId, String templateName) {
- if (StringUtils.isEmpty(templateName)) {
- String errorMsg = "Name can't be blank";
- throw new BadRequestException(errorMsg);
- }
- List<PermissionTemplateDto> existingTemplates = permissionTemplateDao.selectAllPermissionTemplates();
- if (existingTemplates != null) {
- for (PermissionTemplateDto existingTemplate : existingTemplates) {
- if ((templateId == null || !existingTemplate.getId().equals(templateId)) && (existingTemplate.getName().equals(templateName))) {
- String errorMsg = "A template with that name already exists";
- throw new BadRequestException(errorMsg);
- }
- }
- }
- }
-
- private void validateKeyPattern(@Nullable String keyPattern) {
- if (StringUtils.isEmpty(keyPattern)) {
- return;
- }
- try {
- Pattern.compile(keyPattern);
- } catch (PatternSyntaxException e) {
- String errorMsg = "Invalid pattern: " + keyPattern + ". Should be a valid Java regular expression.";
- throw new BadRequestException(errorMsg);
- }
- }
-
-}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2014 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.server.permission;
+
+import java.util.List;
+import java.util.Map;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
+import org.sonar.api.security.DefaultGroups;
+import org.sonar.api.server.ServerSide;
+import org.sonar.api.web.UserRole;
+import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbSession;
+import org.sonar.db.component.ComponentDto;
+import org.sonar.db.component.ResourceDto;
+import org.sonar.db.permission.PermissionRepository;
+import org.sonar.db.user.GroupDto;
+import org.sonar.db.user.UserDto;
+import org.sonar.server.component.ComponentFinder;
+import org.sonar.server.exceptions.BadRequestException;
+import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.issue.index.IssueAuthorizationIndexer;
+import org.sonar.server.user.UserSession;
+
+/**
+ * Used by ruby code <pre>Internal.permissions</pre>
+ */
+@ServerSide
+public class PermissionService {
+
+ private enum Operation {
+ ADD, REMOVE
+ }
+
+ private static final String OBJECT_TYPE_USER = "User";
+ private static final String OBJECT_TYPE_GROUP = "Group";
+ private static final String NOT_FOUND_FORMAT = "%s %s does not exist";
+
+ private final DbClient dbClient;
+ private final PermissionRepository permissionRepository;
+ private final PermissionFinder finder;
+ private final IssueAuthorizationIndexer issueAuthorizationIndexer;
+ private final UserSession userSession;
+ private final ComponentFinder componentFinder;
+
+ public PermissionService(DbClient dbClient, PermissionRepository permissionRepository, PermissionFinder finder,
+ IssueAuthorizationIndexer issueAuthorizationIndexer, UserSession userSession, ComponentFinder componentFinder) {
+ this.dbClient = dbClient;
+ this.permissionRepository = permissionRepository;
+ this.finder = finder;
+ this.issueAuthorizationIndexer = issueAuthorizationIndexer;
+ this.userSession = userSession;
+ this.componentFinder = componentFinder;
+ }
+
+ public List<String> globalPermissions() {
+ return GlobalPermissions.ALL;
+ }
+
+ public UserWithPermissionQueryResult findUsersWithPermission(Map<String, Object> params) {
+ return finder.findUsersWithPermission(PermissionQueryParser.toQuery(params));
+ }
+
+ public UserWithPermissionQueryResult findUsersWithPermissionTemplate(Map<String, Object> params) {
+ return finder.findUsersWithPermissionTemplate(PermissionQueryParser.toQuery(params));
+ }
+
+ public GroupWithPermissionQueryResult findGroupsWithPermission(Map<String, Object> params) {
+ return finder.findGroupsWithPermission(PermissionQueryParser.toQuery(params));
+ }
+
+ /**
+ * To be used only by jruby webapp
+ */
+ public void addPermission(Map<String, Object> params) {
+ addPermission(PermissionChange.buildFromParams(params));
+ }
+
+ public void addPermission(PermissionChange change) {
+ DbSession session = dbClient.openSession(false);
+ try {
+ applyChange(Operation.ADD, change, session);
+ } finally {
+ dbClient.closeSession(session);
+ }
+ }
+
+ /**
+ * To be used only by jruby webapp
+ */
+ public void removePermission(Map<String, Object> params) {
+ removePermission(PermissionChange.buildFromParams(params));
+ }
+
+ public void removePermission(PermissionChange change) {
+ DbSession session = dbClient.openSession(false);
+ try {
+ applyChange(Operation.REMOVE, change, session);
+ } finally {
+ session.close();
+ }
+ }
+
+ public void applyDefaultPermissionTemplate(final String componentKey) {
+ userSession.checkLoggedIn();
+
+ DbSession session = dbClient.openSession(false);
+ try {
+ ComponentDto component = componentFinder.getByKey(session, componentKey);
+ ResourceDto provisioned = dbClient.resourceDao().selectProvisionedProject(session, componentKey);
+ if (provisioned == null) {
+ checkProjectAdminPermission(componentKey);
+ } else {
+ userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING);
+ }
+ permissionRepository.grantDefaultRoles(session, component.getId(), component.qualifier());
+ session.commit();
+ } finally {
+ session.close();
+ }
+ indexProjectPermissions();
+ }
+
+ public void applyPermissionTemplate(Map<String, Object> params) {
+ userSession.checkLoggedIn();
+ ApplyPermissionTemplateQuery query = ApplyPermissionTemplateQuery.buildFromParams(params);
+ applyPermissionTemplate(query);
+ }
+
+ void applyPermissionTemplate(ApplyPermissionTemplateQuery query) {
+ query.validate();
+
+ boolean projectsChanged = false;
+ DbSession session = dbClient.openSession(false);
+ try {
+ // If only one project is selected, check user has admin permission on it, otherwise we are in the case of a bulk change and only
+ // system
+ // admin has permission to do it
+ if (query.getSelectedComponents().size() == 1) {
+ checkProjectAdminPermission(query.getSelectedComponents().get(0));
+ } else {
+ checkProjectAdminPermission(null);
+ userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ }
+
+ for (String componentKey : query.getSelectedComponents()) {
+ ComponentDto component = componentFinder.getByKey(session, componentKey);
+ permissionRepository.applyPermissionTemplate(session, query.getTemplateKey(), component.getId());
+ projectsChanged = true;
+ }
+ session.commit();
+ } finally {
+ session.close();
+ }
+ if (projectsChanged) {
+ indexProjectPermissions();
+ }
+ }
+
+ private void applyChange(Operation operation, PermissionChange change, DbSession session) {
+ userSession.checkLoggedIn();
+ change.validate();
+ boolean changed;
+ if (change.user() != null) {
+ changed = applyChangeOnUser(session, operation, change);
+ } else {
+ changed = applyChangeOnGroup(session, operation, change);
+ }
+ if (changed) {
+ session.commit();
+ if (change.component() != null) {
+ indexProjectPermissions();
+ }
+ }
+ }
+
+ private boolean applyChangeOnGroup(DbSession session, Operation operation, PermissionChange permissionChange) {
+ Long componentId = getComponentId(session, permissionChange.component());
+ checkProjectAdminPermission(permissionChange.component());
+
+ List<String> existingPermissions = dbClient.roleDao().selectGroupPermissions(session, permissionChange.group(), componentId);
+ if (shouldSkipPermissionChange(operation, existingPermissions, permissionChange)) {
+ return false;
+ }
+
+ Long targetedGroup = getTargetedGroup(session, permissionChange.group());
+ if (Operation.ADD == operation) {
+ permissionRepository.insertGroupPermission(componentId, targetedGroup, permissionChange.permission(), session);
+ } else {
+ permissionRepository.deleteGroupPermission(componentId, targetedGroup, permissionChange.permission(), session);
+ }
+ return true;
+ }
+
+ private boolean applyChangeOnUser(DbSession session, Operation operation, PermissionChange permissionChange) {
+ Long componentId = getComponentId(session, permissionChange.component());
+ checkProjectAdminPermission(permissionChange.component());
+
+ List<String> existingPermissions = dbClient.roleDao().selectUserPermissions(session, permissionChange.user(), componentId);
+ if (shouldSkipPermissionChange(operation, existingPermissions, permissionChange)) {
+ return false;
+ }
+
+ Long targetedUser = getTargetedUser(session, permissionChange.user());
+ if (Operation.ADD == operation) {
+ permissionRepository.insertUserPermission(componentId, targetedUser, permissionChange.permission(), session);
+ } else {
+ permissionRepository.deleteUserPermission(componentId, targetedUser, permissionChange.permission(), session);
+ }
+ return true;
+
+ }
+
+ private Long getTargetedUser(DbSession session, String userLogin) {
+ UserDto user = dbClient.userDao().selectActiveUserByLogin(session, userLogin);
+ badRequestIfNullResult(user, OBJECT_TYPE_USER, userLogin);
+ return user.getId();
+ }
+
+ @Nullable
+ private Long getTargetedGroup(DbSession session, String group) {
+ if (DefaultGroups.isAnyone(group)) {
+ return null;
+ } else {
+ GroupDto groupDto = dbClient.userDao().selectGroupByName(group, session);
+ badRequestIfNullResult(groupDto, OBJECT_TYPE_GROUP, group);
+ return groupDto.getId();
+ }
+ }
+
+ private boolean shouldSkipPermissionChange(Operation operation, List<String> existingPermissions, PermissionChange permissionChange) {
+ return (Operation.ADD == operation && existingPermissions.contains(permissionChange.permission())) ||
+ (Operation.REMOVE == operation && !existingPermissions.contains(permissionChange.permission()));
+ }
+
+ @CheckForNull
+ private Long getComponentId(DbSession session, @Nullable String componentKey) {
+ if (componentKey == null) {
+ return null;
+ } else {
+ ComponentDto component = componentFinder.getByKey(session, componentKey);
+ return component.getId();
+ }
+ }
+
+ private static Object badRequestIfNullResult(@Nullable Object component, String objectType, String objectKey) {
+ if (component == null) {
+ throw new BadRequestException(String.format(NOT_FOUND_FORMAT, objectType, objectKey));
+ }
+ return component;
+ }
+
+ private void checkProjectAdminPermission(@Nullable String projectKey) {
+ if (projectKey == null) {
+ userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ } else {
+ if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, projectKey)) {
+ throw new ForbiddenException("Insufficient privileges");
+ }
+ }
+ }
+
+ private void indexProjectPermissions() {
+ issueAuthorizationIndexer.index();
+ }
+}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2014 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.server.permission;
+
+import com.google.common.collect.Lists;
+import org.apache.commons.lang.StringUtils;
+import org.sonar.api.server.ServerSide;
+import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.db.permission.PermissionTemplateDao;
+import org.sonar.db.permission.PermissionTemplateDto;
+import org.sonar.db.DbSession;
+import org.sonar.db.MyBatis;
+import org.sonar.db.user.GroupDto;
+import org.sonar.db.user.UserDao;
+import org.sonar.server.exceptions.BadRequestException;
+import org.sonar.server.exceptions.NotFoundException;
+
+import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
+
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+import org.sonar.server.user.UserSession;
+
+/**
+ * Used by ruby code <pre>Internal.permission_templates</pre>
+ */
+@ServerSide
+public class PermissionTemplateService {
+
+ private final MyBatis myBatis;
+ private final PermissionTemplateDao permissionTemplateDao;
+ private final UserDao userDao;
+ private final PermissionFinder finder;
+ private final UserSession userSession;
+
+ public PermissionTemplateService(MyBatis myBatis, PermissionTemplateDao permissionTemplateDao, UserDao userDao, PermissionFinder finder, UserSession userSession) {
+ this.myBatis = myBatis;
+ this.permissionTemplateDao = permissionTemplateDao;
+ this.userDao = userDao;
+ this.finder = finder;
+ this.userSession = userSession;
+ }
+
+ public UserWithPermissionQueryResult findUsersWithPermissionTemplate(Map<String, Object> params) {
+ return finder.findUsersWithPermissionTemplate(PermissionQueryParser.toQuery(params));
+ }
+
+ public GroupWithPermissionQueryResult findGroupsWithPermissionTemplate(Map<String, Object> params) {
+ return finder.findGroupsWithPermissionTemplate(PermissionQueryParser.toQuery(params));
+ }
+
+ @CheckForNull
+ public PermissionTemplate selectPermissionTemplate(String templateKey) {
+ PermissionTemplateUpdater.checkSystemAdminUser(userSession);
+ PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectPermissionTemplate(templateKey);
+ return PermissionTemplate.create(permissionTemplateDto);
+ }
+
+ public List<PermissionTemplate> selectAllPermissionTemplates() {
+ return selectAllPermissionTemplates(null);
+ }
+
+ public List<PermissionTemplate> selectAllPermissionTemplates(@Nullable String componentKey) {
+ PermissionTemplateUpdater.checkProjectAdminUser(componentKey, userSession);
+ List<PermissionTemplate> permissionTemplates = Lists.newArrayList();
+ List<PermissionTemplateDto> permissionTemplateDtos = permissionTemplateDao.selectAllPermissionTemplates();
+ if (permissionTemplateDtos != null) {
+ for (PermissionTemplateDto permissionTemplateDto : permissionTemplateDtos) {
+ permissionTemplates.add(PermissionTemplate.create(permissionTemplateDto));
+ }
+ }
+ return permissionTemplates;
+ }
+
+ public PermissionTemplate createPermissionTemplate(String name, @Nullable String description, @Nullable String keyPattern) {
+ PermissionTemplateUpdater.checkSystemAdminUser(userSession);
+ validateTemplateName(null, name);
+ validateKeyPattern(keyPattern);
+ PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.insertPermissionTemplate(name, description, keyPattern);
+ return PermissionTemplate.create(permissionTemplateDto);
+ }
+
+ public void updatePermissionTemplate(Long templateId, String newName, @Nullable String newDescription, @Nullable String newKeyPattern) {
+ PermissionTemplateUpdater.checkSystemAdminUser(userSession);
+ validateTemplateName(templateId, newName);
+ validateKeyPattern(newKeyPattern);
+ permissionTemplateDao.updatePermissionTemplate(templateId, newName, newDescription, newKeyPattern);
+ }
+
+ public void deletePermissionTemplate(Long templateId) {
+ PermissionTemplateUpdater.checkSystemAdminUser(userSession);
+ permissionTemplateDao.deletePermissionTemplate(templateId);
+ }
+
+ public void addUserPermission(String templateKey, String permission, String userLogin) {
+ PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateKey, permission, userLogin, permissionTemplateDao, userDao, userSession) {
+ @Override
+ protected void doExecute(Long templateId, String permission) {
+ Long userId = getUserId();
+ permissionTemplateDao.insertUserPermission(templateId, userId, permission);
+ }
+ };
+ updater.executeUpdate();
+ }
+
+ public void removeUserPermission(String templateKey, String permission, String userLogin) {
+ PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateKey, permission, userLogin, permissionTemplateDao, userDao, userSession) {
+ @Override
+ protected void doExecute(Long templateId, String permission) {
+ Long userId = getUserId();
+ permissionTemplateDao.deleteUserPermission(templateId, userId, permission);
+ }
+ };
+ updater.executeUpdate();
+ }
+
+ public void addGroupPermission(String templateKey, String permission, String groupName) {
+ PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateKey, permission, groupName, permissionTemplateDao, userDao, userSession) {
+ @Override
+ protected void doExecute(Long templateId, String permission) {
+ Long groupId = getGroupId();
+ permissionTemplateDao.insertGroupPermission(templateId, groupId, permission);
+ }
+ };
+ updater.executeUpdate();
+ }
+
+ public void removeGroupPermission(String templateKey, String permission, String groupName) {
+ PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateKey, permission, groupName, permissionTemplateDao, userDao, userSession) {
+ @Override
+ protected void doExecute(Long templateId, String permission) {
+ Long groupId = getGroupId();
+ permissionTemplateDao.deleteGroupPermission(templateId, groupId, permission);
+ }
+ };
+ updater.executeUpdate();
+ }
+
+ public void removeGroupFromTemplates(String groupName) {
+ userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ DbSession session = myBatis.openSession(false);
+ try {
+ GroupDto group = userDao.selectGroupByName(groupName, session);
+ if (group == null) {
+ throw new NotFoundException("Group does not exists : " + groupName);
+ }
+ permissionTemplateDao.deleteByGroup(session, group.getId());
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ private void validateTemplateName(@Nullable Long templateId, String templateName) {
+ if (StringUtils.isEmpty(templateName)) {
+ String errorMsg = "Name can't be blank";
+ throw new BadRequestException(errorMsg);
+ }
+ List<PermissionTemplateDto> existingTemplates = permissionTemplateDao.selectAllPermissionTemplates();
+ if (existingTemplates != null) {
+ for (PermissionTemplateDto existingTemplate : existingTemplates) {
+ if ((templateId == null || !existingTemplate.getId().equals(templateId)) && (existingTemplate.getName().equals(templateName))) {
+ String errorMsg = "A template with that name already exists";
+ throw new BadRequestException(errorMsg);
+ }
+ }
+ }
+ }
+
+ private void validateKeyPattern(@Nullable String keyPattern) {
+ if (StringUtils.isEmpty(keyPattern)) {
+ return;
+ }
+ try {
+ Pattern.compile(keyPattern);
+ } catch (PatternSyntaxException e) {
+ String errorMsg = "Invalid pattern: " + keyPattern + ". Should be a valid Java regular expression.";
+ throw new BadRequestException(errorMsg);
+ }
+ }
+
+}
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
public class AddGroupAction implements PermissionsWsAction {
public static final String PARAM_PERMISSION = "permission";
public static final String PARAM_GROUP_NAME = "groupName";
- private final InternalPermissionService permissionService;
+ private final PermissionService permissionService;
- public AddGroupAction(InternalPermissionService permissionService) {
+ public AddGroupAction(PermissionService permissionService) {
this.permissionService = permissionService;
}
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
public class AddUserAction implements PermissionsWsAction {
public static final String PARAM_PERMISSION = "permission";
public static final String PARAM_USER_LOGIN = "login";
- private final InternalPermissionService permissionService;
+ private final PermissionService permissionService;
- public AddUserAction(InternalPermissionService permissionService) {
+ public AddUserAction(PermissionService permissionService) {
this.permissionService = permissionService;
}
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
public class RemoveGroupAction implements PermissionsWsAction {
public static final String PARAM_PERMISSION = "permission";
public static final String PARAM_GROUP_NAME = "groupName";
- private final InternalPermissionService permissionService;
+ private final PermissionService permissionService;
- public RemoveGroupAction(InternalPermissionService permissionService) {
+ public RemoveGroupAction(PermissionService permissionService) {
this.permissionService = permissionService;
}
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
public class RemoveUserAction implements PermissionsWsAction {
public static final String PARAM_PERMISSION = "permission";
public static final String PARAM_USER_LOGIN = "login";
- private final InternalPermissionService permissionService;
+ private final PermissionService permissionService;
- public RemoveUserAction(InternalPermissionService permissionService) {
+ public RemoveUserAction(PermissionService permissionService) {
this.permissionService = permissionService;
}
import org.sonar.core.timemachine.Periods;
import org.sonar.core.user.DefaultUserFinder;
import org.sonar.core.user.DeprecatedUserFinder;
-import org.sonar.db.permission.PermissionFacade;
+import org.sonar.db.permission.PermissionRepository;
import org.sonar.db.purge.period.DefaultPeriodCleaner;
import org.sonar.db.qualitygate.ProjectQgateAssociationDao;
import org.sonar.db.qualitygate.QualityGateConditionDao;
import org.sonar.server.notification.NotificationService;
import org.sonar.server.notification.email.AlertsEmailTemplate;
import org.sonar.server.notification.email.EmailNotificationChannel;
-import org.sonar.server.permission.InternalPermissionService;
-import org.sonar.server.permission.InternalPermissionTemplateService;
+import org.sonar.server.permission.PermissionService;
+import org.sonar.server.permission.PermissionTemplateService;
import org.sonar.server.permission.PermissionFinder;
import org.sonar.server.permission.ws.PermissionsWsModule;
import org.sonar.server.platform.BackendCleanup;
UserGroupsModule.class,
// permissions
- PermissionFacade.class,
- InternalPermissionService.class,
- InternalPermissionTemplateService.class,
+ PermissionRepository.class,
+ PermissionService.class,
+ PermissionTemplateService.class,
PermissionFinder.class,
PermissionsWsModule.class,
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ResourceDao;
import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import static com.google.common.collect.Lists.newArrayList;
import static com.google.common.collect.Maps.newHashMap;
ResourceDao resourceDao = mock(ResourceDao.class);
DefaultComponentFinder finder = mock(DefaultComponentFinder.class);
ComponentService componentService = mock(ComponentService.class);
- InternalPermissionService permissionService = mock(InternalPermissionService.class);
+ PermissionService permissionService = mock(PermissionService.class);
DefaultRubyComponentService service;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
-import org.sonar.db.permission.PermissionFacade;
+import org.sonar.db.permission.PermissionRepository;
import org.sonar.db.permission.PermissionTemplateDto;
import org.sonar.db.user.GroupRoleDto;
import org.sonar.server.component.ComponentTesting;
dbIdsRepository = new DbIdsRepository();
- step = new ApplyPermissionsStep(dbClient, dbIdsRepository, issueAuthorizationIndexer, new PermissionFacade(dbClient, settings), treeRootHolder);
+ step = new ApplyPermissionsStep(dbClient, dbIdsRepository, issueAuthorizationIndexer, new PermissionRepository(dbClient, settings), treeRootHolder);
}
@After
import org.sonar.server.component.ComponentTesting;
import org.sonar.server.component.SnapshotTesting;
import org.sonar.server.issue.index.IssueIndexer;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.rule.db.RuleDao;
import org.sonar.server.tester.ServerTester;
// project can be seen by anyone
session.commit();
userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
- tester.get(InternalPermissionService.class).addPermission(new PermissionChange().setComponentKey(project.getKey()).setGroup(DefaultGroups.ANYONE).setPermission(UserRole.USER));
+ tester.get(PermissionService.class).addPermission(new PermissionChange().setComponentKey(project.getKey()).setGroup(DefaultGroups.ANYONE).setPermission(UserRole.USER));
userSession = userSessionRule.login("john")
.addProjectPermissions(UserRole.USER, project.key());
import org.sonar.server.component.ComponentTesting;
import org.sonar.server.component.SnapshotTesting;
import org.sonar.server.issue.index.IssueIndexer;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.rule.db.RuleDao;
import org.sonar.server.search.IndexClient;
// project can be seen by anyone
session.commit();
userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
- tester.get(InternalPermissionService.class).addPermission(new PermissionChange().setComponentKey(project.getKey()).setGroup(DefaultGroups.ANYONE).setPermission(UserRole.USER));
+ tester.get(PermissionService.class).addPermission(new PermissionChange().setComponentKey(project.getKey()).setGroup(DefaultGroups.ANYONE).setPermission(UserRole.USER));
userSessionRule.login("gandalf");
import org.sonar.server.issue.index.IssueDoc;
import org.sonar.server.issue.index.IssueIndex;
import org.sonar.server.issue.index.IssueIndexer;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.rule.db.RuleDao;
import org.sonar.server.source.index.FileSourcesUpdaterHelper;
session.commit();
// project can be seen by group "anyone"
- tester.get(InternalPermissionService.class).addPermission(new PermissionChange().setComponentKey(project.getKey()).setGroup(DefaultGroups.ANYONE).setPermission(UserRole.USER));
+ tester.get(PermissionService.class).addPermission(new PermissionChange().setComponentKey(project.getKey()).setGroup(DefaultGroups.ANYONE).setPermission(UserRole.USER));
userSessionRule.login();
return project;
import org.sonar.server.issue.IssueTesting;
import org.sonar.server.issue.filter.IssueFilterParameters;
import org.sonar.server.issue.index.IssueIndexer;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.rule.db.RuleDao;
import org.sonar.server.tester.ServerTester;
private void setAnyoneProjectPermission(ComponentDto project, String permission) {
userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
- tester.get(InternalPermissionService.class).addPermission(new PermissionChange().setComponentKey(project.getKey()).setGroup(DefaultGroups.ANYONE).setPermission(permission));
+ tester.get(PermissionService.class).addPermission(new PermissionChange().setComponentKey(project.getKey()).setGroup(DefaultGroups.ANYONE).setPermission(permission));
}
private IssueDto insertIssue(IssueDto issue) {
import org.sonar.server.issue.IssueTesting;
import org.sonar.server.issue.filter.IssueFilterParameters;
import org.sonar.server.issue.index.IssueIndexer;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.rule.db.RuleDao;
import org.sonar.server.search.QueryContext;
private void setDefaultProjectPermission(ComponentDto project) {
// project can be seen by anyone and by code viewer
userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
- tester.get(InternalPermissionService.class).addPermission(new PermissionChange().setComponentKey(project.getKey()).setGroup(DefaultGroups.ANYONE).setPermission(UserRole.USER));
+ tester.get(PermissionService.class).addPermission(new PermissionChange().setComponentKey(project.getKey()).setGroup(DefaultGroups.ANYONE).setPermission(UserRole.USER));
userSessionRule.login();
}
+++ /dev/null
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2014 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.server.permission;
-
-import com.google.common.collect.Maps;
-import java.util.Collection;
-import java.util.Map;
-import javax.annotation.Nullable;
-import org.elasticsearch.action.search.SearchResponse;
-import org.elasticsearch.search.SearchHit;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.sonar.api.web.UserRole;
-import org.sonar.db.component.ComponentDto;
-import org.sonar.db.DbSession;
-import org.sonar.db.user.GroupDto;
-import org.sonar.db.user.RoleDao;
-import org.sonar.db.user.UserDto;
-import org.sonar.server.component.ComponentTesting;
-import org.sonar.server.db.DbClient;
-import org.sonar.server.es.EsClient;
-import org.sonar.server.issue.index.IssueIndexDefinition;
-import org.sonar.server.tester.ServerTester;
-import org.sonar.server.tester.UserSessionRule;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-/**
- * New tests should be added in order to be able to remove InternalPermissionServiceTest
- */
-public class InternalPermissionServiceMediumTest {
-
- @ClassRule
- public static ServerTester tester = new ServerTester().withStartupTasks().withEsIndexes();
- @Rule
- public UserSessionRule userSessionRule = UserSessionRule.forServerTester(tester);
-
- DbClient db;
- DbSession session;
- InternalPermissionService service;
-
- ComponentDto project;
-
- @Before
- public void setUp() {
- tester.clearDbAndIndexes();
- db = tester.get(DbClient.class);
- session = db.openSession(false);
- service = tester.get(InternalPermissionService.class);
-
- project = ComponentTesting.newProjectDto();
- db.componentDao().insert(session, project);
- session.commit();
- }
-
- @After
- public void after() {
- session.close();
- }
-
- @Test
- public void add_project_permission_to_user() {
- // init
- userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, project.key());
- UserDto user = new UserDto().setLogin("john").setName("John");
- db.userDao().insert(session, user);
- session.commit();
- assertThat(tester.get(RoleDao.class).selectUserPermissions(session, user.getLogin(), project.getId())).isEmpty();
- assertThat(countIssueAuthorizationDocs()).isZero();
-
- // add permission
- service.addPermission(params(user.getLogin(), null, project.key(), UserRole.USER));
- session.commit();
-
- // Check db
- assertThat(tester.get(RoleDao.class).selectUserPermissions(session, user.getLogin(), project.getId())).hasSize(1);
-
- // Check index of issue authorizations
- assertThat(countIssueAuthorizationDocs()).isEqualTo(1);
- }
-
- @Test
- public void remove_project_permission_to_user() {
- userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, project.key());
-
- UserDto user1 = new UserDto().setLogin("user1").setName("User1");
- db.userDao().insert(session, user1);
-
- UserDto user2 = new UserDto().setLogin("user2").setName("User2");
- db.userDao().insert(session, user2);
- session.commit();
-
- service.addPermission(params(user1.getLogin(), null, project.key(), UserRole.USER));
- service.addPermission(params(user2.getLogin(), null, project.key(), UserRole.USER));
- service.removePermission(params(user1.getLogin(), null, project.key(), UserRole.USER));
- session.commit();
-
- // Check in db
- assertThat(tester.get(RoleDao.class).selectUserPermissions(session, user1.getLogin(), project.getId())).isEmpty();
- assertThat(tester.get(RoleDao.class).selectUserPermissions(session, user2.getLogin(), project.getId())).hasSize(1);
-
- // Check index of issue authorizations
- assertThat(countIssueAuthorizationDocs()).isEqualTo(1);
- }
-
- @Test
- public void remove_all_component_user_permissions() {
- userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, project.key());
-
- UserDto user = new UserDto().setLogin("user1").setName("User1");
- db.userDao().insert(session, user);
- session.commit();
-
- service.addPermission(params(user.getLogin(), null, project.key(), UserRole.USER));
- service.removePermission(params(user.getLogin(), null, project.key(), UserRole.USER));
- session.commit();
-
- // Check in db
- assertThat(tester.get(RoleDao.class).selectUserPermissions(session, user.getLogin(), project.getId())).isEmpty();
-
- // Check index of issue authorizations
- SearchResponse docs = getAllIndexDocs();
- assertThat(docs.getHits().getTotalHits()).isEqualTo(1L);
- SearchHit doc = docs.getHits().getAt(0);
- assertThat((Collection) doc.sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_USERS)).hasSize(0);
- assertThat((Collection) doc.sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_GROUPS)).hasSize(0);
- }
-
- private SearchResponse getAllIndexDocs() {
- return tester.get(EsClient.class).prepareSearch(IssueIndexDefinition.INDEX).setTypes(IssueIndexDefinition.TYPE_AUTHORIZATION).get();
- }
-
- @Test
- public void add_and_remove_permission_to_group() {
- // init
- userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, project.key());
- GroupDto group = new GroupDto().setName("group1");
- db.groupDao().insert(session, group);
- session.commit();
- assertThat(tester.get(RoleDao.class).selectGroupPermissions(session, group.getName(), project.getId())).isEmpty();
-
- // add permission
- PermissionChange change = new PermissionChange().setPermission(UserRole.USER).setGroup(group.getName()).setComponentKey(project.key());
- service.addPermission(change);
- session.commit();
-
- // Check db
- assertThat(tester.get(RoleDao.class).selectGroupPermissions(session, group.getName(), project.getId())).hasSize(1);
-
- // Check index of issue authorizations
- assertThat(countIssueAuthorizationDocs()).isEqualTo(1);
-
- // remove permission
- service.removePermission(change);
- session.commit();
- assertThat(tester.get(RoleDao.class).selectGroupPermissions(session, group.getName(), project.getId())).hasSize(0);
-
- SearchResponse docs = getAllIndexDocs();
- assertThat(docs.getHits().getTotalHits()).isEqualTo(1L);
- SearchHit doc = docs.getHits().getAt(0);
- assertThat((Collection) doc.sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_USERS)).hasSize(0);
- assertThat((Collection) doc.sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_GROUPS)).hasSize(0);
- }
-
- private Map<String, Object> params(@Nullable String login, @Nullable String group, @Nullable String component, String permission) {
- Map<String, Object> params = Maps.newHashMap();
- params.put("user", login);
- params.put("group", group);
- params.put("component", component);
- params.put("permission", permission);
- return params;
- }
-
- private long countIssueAuthorizationDocs() {
- return tester.get(EsClient.class).prepareCount(IssueIndexDefinition.INDEX).setTypes(IssueIndexDefinition.TYPE_AUTHORIZATION).get().getCount();
- }
-}
+++ /dev/null
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2014 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.server.permission;
-
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.Lists;
-import java.util.List;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.rules.ExpectedException;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
-import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.db.permission.PermissionQuery;
-import org.sonar.db.permission.PermissionTemplateDao;
-import org.sonar.db.permission.PermissionTemplateDto;
-import org.sonar.db.permission.PermissionTemplateGroupDto;
-import org.sonar.db.permission.PermissionTemplateUserDto;
-import org.sonar.db.DbSession;
-import org.sonar.db.MyBatis;
-import org.sonar.db.property.PropertiesDao;
-import org.sonar.db.user.GroupDto;
-import org.sonar.db.user.UserDao;
-import org.sonar.db.user.UserDto;
-import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.tester.UserSessionRule;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.any;
-import static org.mockito.Mockito.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
-
-@RunWith(MockitoJUnitRunner.class)
-public class InternalPermissionTemplateServiceTest {
-
- private static final String DEFAULT_KEY = "my_template";
- private static final String DEFAULT_DESC = "my description";
- private static final String DEFAULT_PATTERN = "com.foo.(.*)";
- private static final String DEFAULT_PERMISSION = UserRole.USER;
- private static final PermissionTemplateDto DEFAULT_TEMPLATE =
- new PermissionTemplateDto().setId(1L).setName(DEFAULT_KEY).setDescription(DEFAULT_DESC).setKeyPattern(DEFAULT_PATTERN);
-
- @Rule
- public UserSessionRule userSessionRule = UserSessionRule.standalone();
-
- @Mock
- PermissionTemplateDao permissionTemplateDao;
-
- @Mock
- UserDao userDao;
-
- @Mock
- PermissionFinder finder;
-
- @Mock
- PropertiesDao propertiesDao;
-
- @Mock
- DbSession session;
-
- InternalPermissionTemplateService service;
-
- @Rule
- public ExpectedException expected = ExpectedException.none();
-
- @Before
- public void setUp() {
- userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
-
- MyBatis myBatis = mock(MyBatis.class);
- when(myBatis.openSession(false)).thenReturn(session);
- service = new InternalPermissionTemplateService(myBatis, permissionTemplateDao, userDao, finder, userSessionRule);
- }
-
- @Test
- public void find_users_with_permission_template() {
- service.findUsersWithPermissionTemplate(ImmutableMap.<String, Object>of(
- "permission", "user",
- "template", "my_template",
- "selected", "all"));
- verify(finder).findUsersWithPermissionTemplate(any(PermissionQuery.class));
- }
-
- @Test
- public void find_groups_with_permission_template() {
- service.findGroupsWithPermissionTemplate(ImmutableMap.<String, Object>of(
- "permission", "user",
- "template", "my_template",
- "selected", "all"));
-
- verify(finder).findGroupsWithPermissionTemplate(any(PermissionQuery.class));
- }
-
- @Test
- public void should_create_permission_template() {
- when(permissionTemplateDao.insertPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, DEFAULT_PATTERN)).thenReturn(DEFAULT_TEMPLATE);
-
- PermissionTemplate permissionTemplate = service.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, DEFAULT_PATTERN);
-
- assertThat(permissionTemplate.getId()).isEqualTo(1L);
- assertThat(permissionTemplate.getName()).isEqualTo(DEFAULT_KEY);
- assertThat(permissionTemplate.getDescription()).isEqualTo(DEFAULT_DESC);
- assertThat(permissionTemplate.getKeyPattern()).isEqualTo(DEFAULT_PATTERN);
- }
-
- @Test
- public void should_enforce_unique_template_name() {
- expected.expect(BadRequestException.class);
- expected.expectMessage("A template with that name already exists");
-
- when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(DEFAULT_TEMPLATE));
-
- service.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, null);
- }
-
- @Test
- public void should_reject_empty_name_on_creation() {
- expected.expect(BadRequestException.class);
- expected.expectMessage("Name can't be blank");
-
- service.createPermissionTemplate("", DEFAULT_DESC, null);
- }
-
- @Test
- public void should_reject_invalid_key_pattern_on_creation() {
- expected.expect(BadRequestException.class);
- expected.expectMessage("Invalid pattern: [azerty. Should be a valid Java regular expression.");
-
- service.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, "[azerty");
- }
-
- @Test
- public void should_delete_permission_template() {
- when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
-
- service.deletePermissionTemplate(1L);
-
- verify(permissionTemplateDao, times(1)).deletePermissionTemplate(1L);
- }
-
- @Test
- public void should_retrieve_permission_template() {
-
- List<PermissionTemplateUserDto> usersPermissions = Lists.newArrayList(
- buildUserPermission("user_scan", GlobalPermissions.SCAN_EXECUTION),
- buildUserPermission("user_dry_run", GlobalPermissions.PREVIEW_EXECUTION),
- buildUserPermission("user_scan_and_dry_run", GlobalPermissions.SCAN_EXECUTION),
- buildUserPermission("user_scan_and_dry_run", GlobalPermissions.PREVIEW_EXECUTION)
- );
-
- List<PermissionTemplateGroupDto> groupsPermissions = Lists.newArrayList(
- buildGroupPermission("admin_group", GlobalPermissions.SYSTEM_ADMIN),
- buildGroupPermission("scan_group", GlobalPermissions.SCAN_EXECUTION),
- buildGroupPermission(null, GlobalPermissions.PREVIEW_EXECUTION)
- );
-
- PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto()
- .setId(1L)
- .setName("my template")
- .setDescription("my description")
- .setUsersPermissions(usersPermissions)
- .setGroupsByPermission(groupsPermissions);
-
- when(permissionTemplateDao.selectPermissionTemplate("my template")).thenReturn(permissionTemplateDto);
-
- PermissionTemplate permissionTemplate = service.selectPermissionTemplate("my template");
-
- assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.DASHBOARD_SHARING)).isEmpty();
- assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.SCAN_EXECUTION)).extracting("userName").containsOnly("user_scan", "user_scan_and_dry_run");
- assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.PREVIEW_EXECUTION)).extracting("userName").containsOnly("user_dry_run", "user_scan_and_dry_run");
- assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.DASHBOARD_SHARING)).isEmpty();
- assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.SCAN_EXECUTION)).extracting("groupName").containsOnly("scan_group");
- assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.SYSTEM_ADMIN)).extracting("groupName").containsOnly("admin_group");
- }
-
- @Test
- public void should_retrieve_all_permission_templates() {
- PermissionTemplateDto template1 =
- new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
- PermissionTemplateDto template2 =
- new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
- when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
-
- List<PermissionTemplate> templates = service.selectAllPermissionTemplates();
-
- assertThat(templates).hasSize(2);
- assertThat(templates).extracting("id").containsOnly(1L, 2L);
- assertThat(templates).extracting("name").containsOnly("template1", "template2");
- assertThat(templates).extracting("description").containsOnly("template1", "template2");
- }
-
- @Test
- public void should_retrieve_all_permission_templates_from_project() {
- userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, "org.sample.Sample");
-
- PermissionTemplateDto template1 =
- new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
- PermissionTemplateDto template2 =
- new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
- when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
-
- List<PermissionTemplate> templates = service.selectAllPermissionTemplates("org.sample.Sample");
-
- assertThat(templates).hasSize(2);
- assertThat(templates).extracting("id").containsOnly(1L, 2L);
- assertThat(templates).extracting("name").containsOnly("template1", "template2");
- assertThat(templates).extracting("description").containsOnly("template1", "template2");
- }
-
- @Test
- public void should_update_permission_template() {
-
- service.updatePermissionTemplate(1L, "new_name", "new_description", null);
-
- verify(permissionTemplateDao).updatePermissionTemplate(1L, "new_name", "new_description", null);
- }
-
- @Test
- public void should_validate_template_name_on_update_if_applicable() {
- expected.expect(BadRequestException.class);
- expected.expectMessage("A template with that name already exists");
-
- PermissionTemplateDto template1 =
- new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
- PermissionTemplateDto template2 =
- new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
- when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
-
- service.updatePermissionTemplate(1L, "template2", "template1", null);
- }
-
- @Test
- public void should_validate_template_key_pattern_on_update_if_applicable() {
- expected.expect(BadRequestException.class);
- expected.expectMessage("Invalid pattern: [azerty. Should be a valid Java regular expression.");
-
- PermissionTemplateDto template1 = new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
- when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1));
-
- service.updatePermissionTemplate(1L, "template1", "template1", "[azerty");
- }
-
- @Test
- public void should_skip_name_validation_where_not_applicable() {
- PermissionTemplateDto template1 =
- new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
- PermissionTemplateDto template2 =
- new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
- when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
-
- service.updatePermissionTemplate(1L, "template1", "new_description", null);
-
- verify(permissionTemplateDao).updatePermissionTemplate(1L, "template1", "new_description", null);
- }
-
- @Test
- public void should_add_user_permission() {
- UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user");
- when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto);
- when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
-
- service.addUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "user");
-
- verify(permissionTemplateDao, times(1)).insertUserPermission(1L, 1L, DEFAULT_PERMISSION);
- }
-
- @Test
- public void should_validate_provided_user_login() {
- expected.expect(BadRequestException.class);
- expected.expectMessage("Unknown user:");
-
- when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
- when(userDao.selectActiveUserByLogin("unknown")).thenReturn(null);
-
- service.addUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "unknown");
- }
-
- @Test
- public void should_remove_user_permission() {
- UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user");
- when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto);
- when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
-
- service.removeUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "user");
-
- verify(permissionTemplateDao, times(1)).deleteUserPermission(1L, 1L, DEFAULT_PERMISSION);
- }
-
- @Test
- public void should_add_group_permission() {
- GroupDto groupDto = new GroupDto().setId(1L).setName("group");
- when(userDao.selectGroupByName("group")).thenReturn(groupDto);
- when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
-
- service.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "group");
-
- verify(permissionTemplateDao, times(1)).insertGroupPermission(1L, 1L, DEFAULT_PERMISSION);
- }
-
- @Test
- public void should_validate_provided_group_name() {
- expected.expect(BadRequestException.class);
- expected.expectMessage("Unknown group:");
-
- when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
- when(userDao.selectGroupByName("unknown")).thenReturn(null);
-
- service.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "unknown");
- }
-
- @Test
- public void should_remove_group_permission() {
- GroupDto groupDto = new GroupDto().setId(1L).setName("group");
- when(userDao.selectGroupByName("group")).thenReturn(groupDto);
- when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
-
- service.removeGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "group");
-
- verify(permissionTemplateDao, times(1)).deleteGroupPermission(1L, 1L, DEFAULT_PERMISSION);
- }
-
- @Test
- public void should_add_permission_to_anyone_group() {
- when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
-
- service.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "Anyone");
-
- verify(permissionTemplateDao).insertGroupPermission(1L, null, DEFAULT_PERMISSION);
- verifyZeroInteractions(userDao);
- }
-
- @Test
- public void should_remove_permission_from_anyone_group() {
- when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
-
- service.removeGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "Anyone");
-
- verify(permissionTemplateDao).deleteGroupPermission(1L, null, DEFAULT_PERMISSION);
- verifyZeroInteractions(userDao);
- }
-
- @Test
- public void should_remove_group_from_templates() {
- GroupDto groupDto = new GroupDto().setId(1L).setName("group");
- when(userDao.selectGroupByName("group", session)).thenReturn(groupDto);
-
- service.removeGroupFromTemplates("group");
-
- verify(permissionTemplateDao).deleteByGroup(eq(session), eq(1L));
- }
-
- private PermissionTemplateUserDto buildUserPermission(String userName, String permission) {
- return new PermissionTemplateUserDto().setUserName(userName).setPermission(permission);
- }
-
- private PermissionTemplateGroupDto buildGroupPermission(String groupName, String permission) {
- return new PermissionTemplateGroupDto().setGroupName(groupName).setPermission(permission);
- }
-}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2014 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.server.permission;
+
+import com.google.common.collect.Maps;
+import java.util.Collection;
+import java.util.Map;
+import javax.annotation.Nullable;
+import org.elasticsearch.action.search.SearchResponse;
+import org.elasticsearch.search.SearchHit;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.sonar.api.web.UserRole;
+import org.sonar.db.DbSession;
+import org.sonar.db.component.ComponentDto;
+import org.sonar.db.user.GroupDto;
+import org.sonar.db.user.RoleDao;
+import org.sonar.db.user.UserDto;
+import org.sonar.server.component.ComponentTesting;
+import org.sonar.server.db.DbClient;
+import org.sonar.server.es.EsClient;
+import org.sonar.server.issue.index.IssueIndexDefinition;
+import org.sonar.server.tester.ServerTester;
+import org.sonar.server.tester.UserSessionRule;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * New tests should be added in order to be able to remove PermissionServiceTest
+ */
+public class PermissionServiceMediumTest {
+
+ @ClassRule
+ public static ServerTester tester = new ServerTester().withStartupTasks().withEsIndexes();
+ @Rule
+ public UserSessionRule userSessionRule = UserSessionRule.forServerTester(tester);
+
+ DbClient db;
+ DbSession session;
+ PermissionService service;
+
+ ComponentDto project;
+
+ @Before
+ public void setUp() {
+ tester.clearDbAndIndexes();
+ db = tester.get(DbClient.class);
+ session = db.openSession(false);
+ service = tester.get(PermissionService.class);
+
+ project = ComponentTesting.newProjectDto();
+ db.componentDao().insert(session, project);
+ session.commit();
+ }
+
+ @After
+ public void after() {
+ session.close();
+ }
+
+ @Test
+ public void add_project_permission_to_user() {
+ // init
+ userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, project.key());
+ UserDto user = new UserDto().setLogin("john").setName("John");
+ db.userDao().insert(session, user);
+ session.commit();
+ assertThat(tester.get(RoleDao.class).selectUserPermissions(session, user.getLogin(), project.getId())).isEmpty();
+ assertThat(countIssueAuthorizationDocs()).isZero();
+
+ // add permission
+ service.addPermission(params(user.getLogin(), null, project.key(), UserRole.USER));
+ session.commit();
+
+ // Check db
+ assertThat(tester.get(RoleDao.class).selectUserPermissions(session, user.getLogin(), project.getId())).hasSize(1);
+
+ // Check index of issue authorizations
+ assertThat(countIssueAuthorizationDocs()).isEqualTo(1);
+ }
+
+ @Test
+ public void remove_project_permission_to_user() {
+ userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, project.key());
+
+ UserDto user1 = new UserDto().setLogin("user1").setName("User1");
+ db.userDao().insert(session, user1);
+
+ UserDto user2 = new UserDto().setLogin("user2").setName("User2");
+ db.userDao().insert(session, user2);
+ session.commit();
+
+ service.addPermission(params(user1.getLogin(), null, project.key(), UserRole.USER));
+ service.addPermission(params(user2.getLogin(), null, project.key(), UserRole.USER));
+ service.removePermission(params(user1.getLogin(), null, project.key(), UserRole.USER));
+ session.commit();
+
+ // Check in db
+ assertThat(tester.get(RoleDao.class).selectUserPermissions(session, user1.getLogin(), project.getId())).isEmpty();
+ assertThat(tester.get(RoleDao.class).selectUserPermissions(session, user2.getLogin(), project.getId())).hasSize(1);
+
+ // Check index of issue authorizations
+ assertThat(countIssueAuthorizationDocs()).isEqualTo(1);
+ }
+
+ @Test
+ public void remove_all_component_user_permissions() {
+ userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, project.key());
+
+ UserDto user = new UserDto().setLogin("user1").setName("User1");
+ db.userDao().insert(session, user);
+ session.commit();
+
+ service.addPermission(params(user.getLogin(), null, project.key(), UserRole.USER));
+ service.removePermission(params(user.getLogin(), null, project.key(), UserRole.USER));
+ session.commit();
+
+ // Check in db
+ assertThat(tester.get(RoleDao.class).selectUserPermissions(session, user.getLogin(), project.getId())).isEmpty();
+
+ // Check index of issue authorizations
+ SearchResponse docs = getAllIndexDocs();
+ assertThat(docs.getHits().getTotalHits()).isEqualTo(1L);
+ SearchHit doc = docs.getHits().getAt(0);
+ assertThat((Collection) doc.sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_USERS)).hasSize(0);
+ assertThat((Collection) doc.sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_GROUPS)).hasSize(0);
+ }
+
+ private SearchResponse getAllIndexDocs() {
+ return tester.get(EsClient.class).prepareSearch(IssueIndexDefinition.INDEX).setTypes(IssueIndexDefinition.TYPE_AUTHORIZATION).get();
+ }
+
+ @Test
+ public void add_and_remove_permission_to_group() {
+ // init
+ userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, project.key());
+ GroupDto group = new GroupDto().setName("group1");
+ db.groupDao().insert(session, group);
+ session.commit();
+ assertThat(tester.get(RoleDao.class).selectGroupPermissions(session, group.getName(), project.getId())).isEmpty();
+
+ // add permission
+ PermissionChange change = new PermissionChange().setPermission(UserRole.USER).setGroup(group.getName()).setComponentKey(project.key());
+ service.addPermission(change);
+ session.commit();
+
+ // Check db
+ assertThat(tester.get(RoleDao.class).selectGroupPermissions(session, group.getName(), project.getId())).hasSize(1);
+
+ // Check index of issue authorizations
+ assertThat(countIssueAuthorizationDocs()).isEqualTo(1);
+
+ // remove permission
+ service.removePermission(change);
+ session.commit();
+ assertThat(tester.get(RoleDao.class).selectGroupPermissions(session, group.getName(), project.getId())).hasSize(0);
+
+ SearchResponse docs = getAllIndexDocs();
+ assertThat(docs.getHits().getTotalHits()).isEqualTo(1L);
+ SearchHit doc = docs.getHits().getAt(0);
+ assertThat((Collection) doc.sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_USERS)).hasSize(0);
+ assertThat((Collection) doc.sourceAsMap().get(IssueIndexDefinition.FIELD_AUTHORIZATION_GROUPS)).hasSize(0);
+ }
+
+ private Map<String, Object> params(@Nullable String login, @Nullable String group, @Nullable String component, String permission) {
+ Map<String, Object> params = Maps.newHashMap();
+ params.put("user", login);
+ params.put("group", group);
+ params.put("component", component);
+ params.put("permission", permission);
+ return params;
+ }
+
+ private long countIssueAuthorizationDocs() {
+ return tester.get(EsClient.class).prepareCount(IssueIndexDefinition.INDEX).setTypes(IssueIndexDefinition.TYPE_AUTHORIZATION).get().getCount();
+ }
+}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2014 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.server.permission;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Lists;
+import java.util.List;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.sonar.api.web.UserRole;
+import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.db.permission.PermissionQuery;
+import org.sonar.db.permission.PermissionTemplateDao;
+import org.sonar.db.permission.PermissionTemplateDto;
+import org.sonar.db.permission.PermissionTemplateGroupDto;
+import org.sonar.db.permission.PermissionTemplateUserDto;
+import org.sonar.db.DbSession;
+import org.sonar.db.MyBatis;
+import org.sonar.db.property.PropertiesDao;
+import org.sonar.db.user.GroupDto;
+import org.sonar.db.user.UserDao;
+import org.sonar.db.user.UserDto;
+import org.sonar.server.exceptions.BadRequestException;
+import org.sonar.server.tester.UserSessionRule;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.any;
+import static org.mockito.Mockito.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class PermissionTemplateServiceTest {
+
+ private static final String DEFAULT_KEY = "my_template";
+ private static final String DEFAULT_DESC = "my description";
+ private static final String DEFAULT_PATTERN = "com.foo.(.*)";
+ private static final String DEFAULT_PERMISSION = UserRole.USER;
+ private static final PermissionTemplateDto DEFAULT_TEMPLATE =
+ new PermissionTemplateDto().setId(1L).setName(DEFAULT_KEY).setDescription(DEFAULT_DESC).setKeyPattern(DEFAULT_PATTERN);
+
+ @Rule
+ public UserSessionRule userSessionRule = UserSessionRule.standalone();
+
+ @Mock
+ PermissionTemplateDao permissionTemplateDao;
+
+ @Mock
+ UserDao userDao;
+
+ @Mock
+ PermissionFinder finder;
+
+ @Mock
+ PropertiesDao propertiesDao;
+
+ @Mock
+ DbSession session;
+
+ PermissionTemplateService service;
+
+ @Rule
+ public ExpectedException expected = ExpectedException.none();
+
+ @Before
+ public void setUp() {
+ userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+
+ MyBatis myBatis = mock(MyBatis.class);
+ when(myBatis.openSession(false)).thenReturn(session);
+ service = new PermissionTemplateService(myBatis, permissionTemplateDao, userDao, finder, userSessionRule);
+ }
+
+ @Test
+ public void find_users_with_permission_template() {
+ service.findUsersWithPermissionTemplate(ImmutableMap.<String, Object>of(
+ "permission", "user",
+ "template", "my_template",
+ "selected", "all"));
+ verify(finder).findUsersWithPermissionTemplate(any(PermissionQuery.class));
+ }
+
+ @Test
+ public void find_groups_with_permission_template() {
+ service.findGroupsWithPermissionTemplate(ImmutableMap.<String, Object>of(
+ "permission", "user",
+ "template", "my_template",
+ "selected", "all"));
+
+ verify(finder).findGroupsWithPermissionTemplate(any(PermissionQuery.class));
+ }
+
+ @Test
+ public void should_create_permission_template() {
+ when(permissionTemplateDao.insertPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, DEFAULT_PATTERN)).thenReturn(DEFAULT_TEMPLATE);
+
+ PermissionTemplate permissionTemplate = service.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, DEFAULT_PATTERN);
+
+ assertThat(permissionTemplate.getId()).isEqualTo(1L);
+ assertThat(permissionTemplate.getName()).isEqualTo(DEFAULT_KEY);
+ assertThat(permissionTemplate.getDescription()).isEqualTo(DEFAULT_DESC);
+ assertThat(permissionTemplate.getKeyPattern()).isEqualTo(DEFAULT_PATTERN);
+ }
+
+ @Test
+ public void should_enforce_unique_template_name() {
+ expected.expect(BadRequestException.class);
+ expected.expectMessage("A template with that name already exists");
+
+ when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(DEFAULT_TEMPLATE));
+
+ service.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, null);
+ }
+
+ @Test
+ public void should_reject_empty_name_on_creation() {
+ expected.expect(BadRequestException.class);
+ expected.expectMessage("Name can't be blank");
+
+ service.createPermissionTemplate("", DEFAULT_DESC, null);
+ }
+
+ @Test
+ public void should_reject_invalid_key_pattern_on_creation() {
+ expected.expect(BadRequestException.class);
+ expected.expectMessage("Invalid pattern: [azerty. Should be a valid Java regular expression.");
+
+ service.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, "[azerty");
+ }
+
+ @Test
+ public void should_delete_permission_template() {
+ when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
+
+ service.deletePermissionTemplate(1L);
+
+ verify(permissionTemplateDao, times(1)).deletePermissionTemplate(1L);
+ }
+
+ @Test
+ public void should_retrieve_permission_template() {
+
+ List<PermissionTemplateUserDto> usersPermissions = Lists.newArrayList(
+ buildUserPermission("user_scan", GlobalPermissions.SCAN_EXECUTION),
+ buildUserPermission("user_dry_run", GlobalPermissions.PREVIEW_EXECUTION),
+ buildUserPermission("user_scan_and_dry_run", GlobalPermissions.SCAN_EXECUTION),
+ buildUserPermission("user_scan_and_dry_run", GlobalPermissions.PREVIEW_EXECUTION)
+ );
+
+ List<PermissionTemplateGroupDto> groupsPermissions = Lists.newArrayList(
+ buildGroupPermission("admin_group", GlobalPermissions.SYSTEM_ADMIN),
+ buildGroupPermission("scan_group", GlobalPermissions.SCAN_EXECUTION),
+ buildGroupPermission(null, GlobalPermissions.PREVIEW_EXECUTION)
+ );
+
+ PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto()
+ .setId(1L)
+ .setName("my template")
+ .setDescription("my description")
+ .setUsersPermissions(usersPermissions)
+ .setGroupsByPermission(groupsPermissions);
+
+ when(permissionTemplateDao.selectPermissionTemplate("my template")).thenReturn(permissionTemplateDto);
+
+ PermissionTemplate permissionTemplate = service.selectPermissionTemplate("my template");
+
+ assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.DASHBOARD_SHARING)).isEmpty();
+ assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.SCAN_EXECUTION)).extracting("userName").containsOnly("user_scan", "user_scan_and_dry_run");
+ assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.PREVIEW_EXECUTION)).extracting("userName").containsOnly("user_dry_run", "user_scan_and_dry_run");
+ assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.DASHBOARD_SHARING)).isEmpty();
+ assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.SCAN_EXECUTION)).extracting("groupName").containsOnly("scan_group");
+ assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.SYSTEM_ADMIN)).extracting("groupName").containsOnly("admin_group");
+ }
+
+ @Test
+ public void should_retrieve_all_permission_templates() {
+ PermissionTemplateDto template1 =
+ new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
+ PermissionTemplateDto template2 =
+ new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
+ when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
+
+ List<PermissionTemplate> templates = service.selectAllPermissionTemplates();
+
+ assertThat(templates).hasSize(2);
+ assertThat(templates).extracting("id").containsOnly(1L, 2L);
+ assertThat(templates).extracting("name").containsOnly("template1", "template2");
+ assertThat(templates).extracting("description").containsOnly("template1", "template2");
+ }
+
+ @Test
+ public void should_retrieve_all_permission_templates_from_project() {
+ userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, "org.sample.Sample");
+
+ PermissionTemplateDto template1 =
+ new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
+ PermissionTemplateDto template2 =
+ new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
+ when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
+
+ List<PermissionTemplate> templates = service.selectAllPermissionTemplates("org.sample.Sample");
+
+ assertThat(templates).hasSize(2);
+ assertThat(templates).extracting("id").containsOnly(1L, 2L);
+ assertThat(templates).extracting("name").containsOnly("template1", "template2");
+ assertThat(templates).extracting("description").containsOnly("template1", "template2");
+ }
+
+ @Test
+ public void should_update_permission_template() {
+
+ service.updatePermissionTemplate(1L, "new_name", "new_description", null);
+
+ verify(permissionTemplateDao).updatePermissionTemplate(1L, "new_name", "new_description", null);
+ }
+
+ @Test
+ public void should_validate_template_name_on_update_if_applicable() {
+ expected.expect(BadRequestException.class);
+ expected.expectMessage("A template with that name already exists");
+
+ PermissionTemplateDto template1 =
+ new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
+ PermissionTemplateDto template2 =
+ new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
+ when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
+
+ service.updatePermissionTemplate(1L, "template2", "template1", null);
+ }
+
+ @Test
+ public void should_validate_template_key_pattern_on_update_if_applicable() {
+ expected.expect(BadRequestException.class);
+ expected.expectMessage("Invalid pattern: [azerty. Should be a valid Java regular expression.");
+
+ PermissionTemplateDto template1 = new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
+ when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1));
+
+ service.updatePermissionTemplate(1L, "template1", "template1", "[azerty");
+ }
+
+ @Test
+ public void should_skip_name_validation_where_not_applicable() {
+ PermissionTemplateDto template1 =
+ new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
+ PermissionTemplateDto template2 =
+ new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
+ when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2));
+
+ service.updatePermissionTemplate(1L, "template1", "new_description", null);
+
+ verify(permissionTemplateDao).updatePermissionTemplate(1L, "template1", "new_description", null);
+ }
+
+ @Test
+ public void should_add_user_permission() {
+ UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user");
+ when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto);
+ when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
+
+ service.addUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "user");
+
+ verify(permissionTemplateDao, times(1)).insertUserPermission(1L, 1L, DEFAULT_PERMISSION);
+ }
+
+ @Test
+ public void should_validate_provided_user_login() {
+ expected.expect(BadRequestException.class);
+ expected.expectMessage("Unknown user:");
+
+ when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
+ when(userDao.selectActiveUserByLogin("unknown")).thenReturn(null);
+
+ service.addUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "unknown");
+ }
+
+ @Test
+ public void should_remove_user_permission() {
+ UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user");
+ when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto);
+ when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
+
+ service.removeUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "user");
+
+ verify(permissionTemplateDao, times(1)).deleteUserPermission(1L, 1L, DEFAULT_PERMISSION);
+ }
+
+ @Test
+ public void should_add_group_permission() {
+ GroupDto groupDto = new GroupDto().setId(1L).setName("group");
+ when(userDao.selectGroupByName("group")).thenReturn(groupDto);
+ when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
+
+ service.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "group");
+
+ verify(permissionTemplateDao, times(1)).insertGroupPermission(1L, 1L, DEFAULT_PERMISSION);
+ }
+
+ @Test
+ public void should_validate_provided_group_name() {
+ expected.expect(BadRequestException.class);
+ expected.expectMessage("Unknown group:");
+
+ when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
+ when(userDao.selectGroupByName("unknown")).thenReturn(null);
+
+ service.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "unknown");
+ }
+
+ @Test
+ public void should_remove_group_permission() {
+ GroupDto groupDto = new GroupDto().setId(1L).setName("group");
+ when(userDao.selectGroupByName("group")).thenReturn(groupDto);
+ when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
+
+ service.removeGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "group");
+
+ verify(permissionTemplateDao, times(1)).deleteGroupPermission(1L, 1L, DEFAULT_PERMISSION);
+ }
+
+ @Test
+ public void should_add_permission_to_anyone_group() {
+ when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
+
+ service.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "Anyone");
+
+ verify(permissionTemplateDao).insertGroupPermission(1L, null, DEFAULT_PERMISSION);
+ verifyZeroInteractions(userDao);
+ }
+
+ @Test
+ public void should_remove_permission_from_anyone_group() {
+ when(permissionTemplateDao.selectTemplateByKey(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
+
+ service.removeGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "Anyone");
+
+ verify(permissionTemplateDao).deleteGroupPermission(1L, null, DEFAULT_PERMISSION);
+ verifyZeroInteractions(userDao);
+ }
+
+ @Test
+ public void should_remove_group_from_templates() {
+ GroupDto groupDto = new GroupDto().setId(1L).setName("group");
+ when(userDao.selectGroupByName("group", session)).thenReturn(groupDto);
+
+ service.removeGroupFromTemplates("group");
+
+ verify(permissionTemplateDao).deleteByGroup(eq(session), eq(1L));
+ }
+
+ private PermissionTemplateUserDto buildUserPermission(String userName, String permission) {
+ return new PermissionTemplateUserDto().setUserName(userName).setPermission(permission);
+ }
+
+ private PermissionTemplateGroupDto buildGroupPermission(String groupName, String permission) {
+ return new PermissionTemplateGroupDto().setGroupName(groupName).setPermission(permission);
+ }
+}
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.server.exceptions.ServerException;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.WsTester;
public DbTester db = DbTester.create(System2.INSTANCE);
@Rule
public ExpectedException expectedException = ExpectedException.none();
- private InternalPermissionService permissionService;
+ private PermissionService permissionService;
@Before
public void setUp() {
- permissionService = mock(InternalPermissionService.class);
+ permissionService = mock(PermissionService.class);
ws = new WsTester(new PermissionsWs(
new AddGroupAction(permissionService)));
userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN);
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.server.exceptions.ServerException;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.WsTester;
public DbTester db = DbTester.create(System2.INSTANCE);
@Rule
public ExpectedException expectedException = ExpectedException.none();
- private InternalPermissionService permissionService;
+ private PermissionService permissionService;
@Before
public void setUp() {
- permissionService = mock(InternalPermissionService.class);
+ permissionService = mock(PermissionService.class);
ws = new WsTester(new PermissionsWs(
new AddUserAction(permissionService)));
userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN);
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.server.exceptions.ServerException;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.WsTester;
public DbTester db = DbTester.create(System2.INSTANCE);
@Rule
public ExpectedException expectedException = ExpectedException.none();
- private InternalPermissionService permissionService;
+ private PermissionService permissionService;
@Before
public void setUp() {
- permissionService = mock(InternalPermissionService.class);
+ permissionService = mock(PermissionService.class);
ws = new WsTester(new PermissionsWs(
new RemoveGroupAction(permissionService)));
userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN);
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.server.exceptions.ServerException;
-import org.sonar.server.permission.InternalPermissionService;
+import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.WsTester;
public DbTester db = DbTester.create(System2.INSTANCE);
@Rule
public ExpectedException expectedException = ExpectedException.none();
- private InternalPermissionService permissionService;
+ private PermissionService permissionService;
@Before
public void setUp() {
- permissionService = mock(InternalPermissionService.class);
+ permissionService = mock(PermissionService.class);
ws = new WsTester(new PermissionsWs(
new RemoveUserAction(permissionService)));
userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN);
import org.sonar.api.web.UserRole;
import org.sonar.db.component.ComponentDto;
import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.db.permission.PermissionFacade;
+import org.sonar.db.permission.PermissionRepository;
import org.sonar.db.DbSession;
import org.sonar.db.qualityprofile.QualityProfileDto;
import org.sonar.db.user.UserDto;
// Create a user having user permission on the two projects and the global quality profile admin permission
UserDto user = new UserDto().setLogin("john").setName("John").setEmail("jo@hn.com").setCreatedAt(System.currentTimeMillis()).setUpdatedAt(System.currentTimeMillis());
db.userDao().insert(dbSession, user);
- tester.get(PermissionFacade.class).insertUserPermission(project1.getId(), user.getId(), UserRole.USER, dbSession);
- tester.get(PermissionFacade.class).insertUserPermission(project2.getId(), user.getId(), UserRole.USER, dbSession);
+ tester.get(PermissionRepository.class).insertUserPermission(project1.getId(), user.getId(), UserRole.USER, dbSession);
+ tester.get(PermissionRepository.class).insertUserPermission(project2.getId(), user.getId(), UserRole.USER, dbSession);
UserSession userSession = userSessionRule.login("john").setUserId(user.getId().intValue()).setName("John")
.setGlobalPermissions(GlobalPermissions.QUALITY_PROFILE_ADMIN);
end
def self.permissions
- component(Java::OrgSonarServerPermission::InternalPermissionService.java_class)
+ component(Java::OrgSonarServerPermission::PermissionService.java_class)
end
def self.permission_templates
- component(Java::OrgSonarServerPermission::InternalPermissionTemplateService.java_class)
+ component(Java::OrgSonarServerPermission::PermissionTemplateService.java_class)
end
def self.debt
+++ /dev/null
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2014 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.db.permission;
-
-import com.google.common.annotations.VisibleForTesting;
-import java.text.MessageFormat;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import javax.annotation.Nullable;
-import org.apache.commons.lang.StringUtils;
-import org.sonar.api.config.Settings;
-import org.sonar.api.security.DefaultGroups;
-import org.sonar.api.server.ServerSide;
-import org.sonar.db.DbClient;
-import org.sonar.db.DbSession;
-import org.sonar.db.component.ResourceDao;
-import org.sonar.db.component.ResourceDto;
-import org.sonar.db.user.GroupDto;
-import org.sonar.db.user.GroupRoleDto;
-import org.sonar.db.user.RoleDao;
-import org.sonar.db.user.UserDao;
-import org.sonar.db.user.UserRoleDto;
-
-/**
- * This facade wraps db operations related to permissions
- * <p/>
- * Should be removed when batch will no more create permission, and be replaced by a new PermissionService in module server (probably be a merge with InternalPermissionService)
- * <p/>
- * WARNING, this class is called by Views to apply default permission template on new views
- */
-@ServerSide
-public class PermissionFacade {
-
- private final RoleDao roleDao;
- private final UserDao userDao;
- private final PermissionTemplateDao permissionTemplateDao;
- private final Settings settings;
- private final ResourceDao resourceDao;
-
- public PermissionFacade(DbClient dbClient, Settings settings) {
- this.roleDao = dbClient.roleDao();
- this.userDao = dbClient.userDao();
- this.resourceDao = dbClient.resourceDao();
- this.permissionTemplateDao = dbClient.permissionTemplateDao();
- this.settings = settings;
- }
-
- /**
- * @param updateProjectAuthorizationDate is false when doing bulk action in order to not update the same project multiple times for nothing
- */
- private void insertUserPermission(@Nullable Long resourceId, Long userId, String permission, boolean updateProjectAuthorizationDate, DbSession session) {
- UserRoleDto userRoleDto = new UserRoleDto()
- .setRole(permission)
- .setUserId(userId)
- .setResourceId(resourceId);
- if (updateProjectAuthorizationDate) {
- updateProjectAuthorizationDate(resourceId, session);
- }
- roleDao.insertUserRole(userRoleDto, session);
- }
-
- public void insertUserPermission(@Nullable Long resourceId, Long userId, String permission, DbSession session) {
- insertUserPermission(resourceId, userId, permission, true, session);
- }
-
- public void deleteUserPermission(@Nullable Long resourceId, Long userId, String permission, DbSession session) {
- UserRoleDto userRoleDto = new UserRoleDto()
- .setRole(permission)
- .setUserId(userId)
- .setResourceId(resourceId);
- updateProjectAuthorizationDate(resourceId, session);
- roleDao.deleteUserRole(userRoleDto, session);
- }
-
- private void insertGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, boolean updateProjectAuthorizationDate, DbSession session) {
- GroupRoleDto groupRole = new GroupRoleDto()
- .setRole(permission)
- .setGroupId(groupId)
- .setResourceId(resourceId);
- updateProjectAuthorizationDate(resourceId, session);
- roleDao.insertGroupRole(groupRole, session);
- }
-
- public void insertGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, DbSession session) {
- insertGroupPermission(resourceId, groupId, permission, true, session);
- }
-
- public void insertGroupPermission(@Nullable Long resourceId, String groupName, String permission, DbSession session) {
- if (DefaultGroups.isAnyone(groupName)) {
- insertGroupPermission(resourceId, (Long) null, permission, session);
- } else {
- GroupDto group = userDao.selectGroupByName(groupName, session);
- if (group != null) {
- insertGroupPermission(resourceId, group.getId(), permission, session);
- }
- }
- }
-
- public void deleteGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, DbSession session) {
- GroupRoleDto groupRole = new GroupRoleDto()
- .setRole(permission)
- .setGroupId(groupId)
- .setResourceId(resourceId);
- updateProjectAuthorizationDate(resourceId, session);
- roleDao.deleteGroupRole(groupRole, session);
- }
-
- public void deleteGroupPermission(@Nullable Long resourceId, String groupName, String permission, DbSession session) {
- if (DefaultGroups.isAnyone(groupName)) {
- deleteGroupPermission(resourceId, (Long) null, permission, session);
- } else {
- GroupDto group = userDao.selectGroupByName(groupName, session);
- if (group != null) {
- deleteGroupPermission(resourceId, group.getId(), permission, session);
- }
- }
- }
-
- /**
- * For each modification of permission on a project, update the authorization_updated_at to help ES reindex only relevant changes
- */
- private void updateProjectAuthorizationDate(@Nullable Long projectId, DbSession session) {
- if (projectId != null) {
- resourceDao.updateAuthorizationDate(projectId, session);
- }
- }
-
- /**
- * Load permission template and load associated collections of users and groups permissions
- */
- @VisibleForTesting
- PermissionTemplateDto getPermissionTemplateWithPermissions(DbSession session, String templateKey) {
- PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectTemplateByKey(session, templateKey);
- if (permissionTemplateDto == null) {
- throw new IllegalArgumentException("Could not retrieve permission template with key " + templateKey);
- }
- PermissionTemplateDto templateWithPermissions = permissionTemplateDao.selectPermissionTemplate(session, permissionTemplateDto.getKee());
- if (templateWithPermissions == null) {
- throw new IllegalArgumentException("Could not retrieve permissions for template with key " + templateKey);
- }
- return templateWithPermissions;
- }
-
- public void applyPermissionTemplate(DbSession session, String templateKey, Long resourceId) {
- PermissionTemplateDto permissionTemplate = getPermissionTemplateWithPermissions(session, templateKey);
- updateProjectAuthorizationDate(resourceId, session);
- removeAllPermissions(resourceId, session);
- List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions();
- if (usersPermissions != null) {
- for (PermissionTemplateUserDto userPermission : usersPermissions) {
- insertUserPermission(resourceId, userPermission.getUserId(), userPermission.getPermission(), false, session);
- }
- }
- List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions();
- if (groupsPermissions != null) {
- for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
- Long groupId = groupPermission.getGroupId() == null ? null : groupPermission.getGroupId();
- insertGroupPermission(resourceId, groupId, groupPermission.getPermission(), false, session);
- }
- }
- }
-
- public int countComponentPermissions(DbSession session, Long resourceId) {
- return roleDao.countResourceGroupRoles(session, resourceId) + roleDao.countResourceUserRoles(session, resourceId);
- }
-
- protected void removeAllPermissions(Long resourceId, DbSession session) {
- roleDao.deleteGroupRolesByResourceId(resourceId, session);
- roleDao.deleteUserRolesByResourceId(resourceId, session);
- }
-
- public List<String> selectGroupPermissions(DbSession session, String group, @Nullable Long componentId) {
- return roleDao.selectGroupPermissions(session, group, componentId);
- }
-
- public List<String> selectUserPermissions(DbSession session, String user, @Nullable Long componentId) {
- return roleDao.selectUserPermissions(session, user, componentId);
- }
-
- public void grantDefaultRoles(DbSession session, Long componentId, String qualifier) {
- ResourceDto resource = resourceDao.selectResource(componentId, session);
- String applicablePermissionTemplateKey = getApplicablePermissionTemplateKey(session, resource.getKey(), qualifier);
- applyPermissionTemplate(session, applicablePermissionTemplateKey, componentId);
- }
-
- /**
- * Return the permission template for the given componentKey. If no template key pattern match then consider default
- * permission template for the resource qualifier.
- */
- private String getApplicablePermissionTemplateKey(DbSession session, final String componentKey, String qualifier) {
- List<PermissionTemplateDto> allPermissionTemplates = permissionTemplateDao.selectAllPermissionTemplates(session);
- List<PermissionTemplateDto> matchingTemplates = new ArrayList<>();
- for (PermissionTemplateDto permissionTemplateDto : allPermissionTemplates) {
- String keyPattern = permissionTemplateDto.getKeyPattern();
- if (StringUtils.isNotBlank(keyPattern) && componentKey.matches(keyPattern)) {
- matchingTemplates.add(permissionTemplateDto);
- }
- }
- checkAtMostOneMatchForComponentKey(componentKey, matchingTemplates);
- if (matchingTemplates.size() == 1) {
- return matchingTemplates.get(0).getKee();
- }
- String qualifierTemplateKey = settings.getString("sonar.permission.template." + qualifier + ".default");
- if (!StringUtils.isBlank(qualifierTemplateKey)) {
- return qualifierTemplateKey;
- }
-
- String defaultTemplateKey = settings.getString("sonar.permission.template.default");
- if (StringUtils.isBlank(defaultTemplateKey)) {
- throw new IllegalStateException("At least one default permission template should be defined");
- }
- return defaultTemplateKey;
- }
-
- private void checkAtMostOneMatchForComponentKey(final String componentKey, List<PermissionTemplateDto> matchingTemplates) {
- if (matchingTemplates.size() > 1) {
- StringBuilder templatesNames = new StringBuilder();
- for (Iterator<PermissionTemplateDto> it = matchingTemplates.iterator(); it.hasNext(); ) {
- templatesNames.append("\"").append(it.next().getName()).append("\"");
- if (it.hasNext()) {
- templatesNames.append(", ");
- }
- }
- throw new IllegalStateException(MessageFormat.format(
- "The \"{0}\" key matches multiple permission templates: {1}."
- + " A system administrator must update these templates so that only one of them matches the key.", componentKey,
- templatesNames.toString()));
- }
- }
-}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2014 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.db.permission;
+
+import java.text.MessageFormat;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import javax.annotation.Nullable;
+import org.apache.commons.lang.StringUtils;
+import org.sonar.api.config.Settings;
+import org.sonar.api.security.DefaultGroups;
+import org.sonar.api.server.ServerSide;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbSession;
+import org.sonar.db.component.ResourceDto;
+import org.sonar.db.user.GroupDto;
+import org.sonar.db.user.GroupRoleDto;
+import org.sonar.db.user.UserRoleDto;
+
+/**
+ * This facade wraps db operations related to permissions
+ * <p/>
+ * Should be removed when batch will no more create permission, and be replaced by a new PermissionService in module server (probably be a merge with InternalPermissionService)
+ * <p/>
+ * WARNING, this class is called by Views to apply default permission template on new views
+ */
+@ServerSide
+public class PermissionRepository {
+
+ private final DbClient dbClient;
+ private final Settings settings;
+
+ public PermissionRepository(DbClient dbClient, Settings settings) {
+ this.dbClient = dbClient;
+ this.settings = settings;
+ }
+
+ /**
+ * @param updateProjectAuthorizationDate is false when doing bulk action in order to not update the same project multiple times for nothing
+ */
+ private void insertUserPermission(@Nullable Long resourceId, Long userId, String permission, boolean updateProjectAuthorizationDate, DbSession session) {
+ UserRoleDto userRoleDto = new UserRoleDto()
+ .setRole(permission)
+ .setUserId(userId)
+ .setResourceId(resourceId);
+ if (updateProjectAuthorizationDate) {
+ updateProjectAuthorizationDate(session, resourceId);
+ }
+ dbClient.roleDao().insertUserRole(userRoleDto, session);
+ }
+
+ public void insertUserPermission(@Nullable Long resourceId, Long userId, String permission, DbSession session) {
+ insertUserPermission(resourceId, userId, permission, true, session);
+ }
+
+ public void deleteUserPermission(@Nullable Long resourceId, Long userId, String permission, DbSession session) {
+ UserRoleDto userRoleDto = new UserRoleDto()
+ .setRole(permission)
+ .setUserId(userId)
+ .setResourceId(resourceId);
+ updateProjectAuthorizationDate(session, resourceId);
+ dbClient.roleDao().deleteUserRole(userRoleDto, session);
+ }
+
+ private void insertGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, boolean updateProjectAuthorizationDate, DbSession session) {
+ GroupRoleDto groupRole = new GroupRoleDto()
+ .setRole(permission)
+ .setGroupId(groupId)
+ .setResourceId(resourceId);
+ updateProjectAuthorizationDate(session, resourceId);
+ dbClient.roleDao().insertGroupRole(groupRole, session);
+ }
+
+ public void insertGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, DbSession session) {
+ insertGroupPermission(resourceId, groupId, permission, true, session);
+ }
+
+ public void insertGroupPermission(@Nullable Long resourceId, String groupName, String permission, DbSession session) {
+ if (DefaultGroups.isAnyone(groupName)) {
+ insertGroupPermission(resourceId, (Long) null, permission, session);
+ } else {
+ GroupDto group = dbClient.userDao().selectGroupByName(groupName, session);
+ if (group != null) {
+ insertGroupPermission(resourceId, group.getId(), permission, session);
+ }
+ }
+ }
+
+ public void deleteGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, DbSession session) {
+ GroupRoleDto groupRole = new GroupRoleDto()
+ .setRole(permission)
+ .setGroupId(groupId)
+ .setResourceId(resourceId);
+ updateProjectAuthorizationDate(session, resourceId);
+ dbClient.roleDao().deleteGroupRole(groupRole, session);
+ }
+
+ public void deleteGroupPermission(@Nullable Long resourceId, String groupName, String permission, DbSession session) {
+ if (DefaultGroups.isAnyone(groupName)) {
+ deleteGroupPermission(resourceId, (Long) null, permission, session);
+ } else {
+ GroupDto group = dbClient.userDao().selectGroupByName(groupName, session);
+ if (group != null) {
+ deleteGroupPermission(resourceId, group.getId(), permission, session);
+ }
+ }
+ }
+
+ /**
+ * For each modification of permission on a project, update the authorization_updated_at to help ES reindex only relevant changes
+ */
+ private void updateProjectAuthorizationDate(DbSession session, @Nullable Long projectId) {
+ if (projectId != null) {
+ dbClient.resourceDao().updateAuthorizationDate(projectId, session);
+ }
+ }
+
+ public void applyPermissionTemplate(DbSession session, String templateKey, Long resourceId) {
+ PermissionTemplateDto permissionTemplate = dbClient.permissionTemplateDao().selectPermissionTemplateWithPermissions(session, templateKey);
+ updateProjectAuthorizationDate(session, resourceId);
+ dbClient.roleDao().removeAllPermissions(session, resourceId);
+ List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions();
+ if (usersPermissions != null) {
+ for (PermissionTemplateUserDto userPermission : usersPermissions) {
+ insertUserPermission(resourceId, userPermission.getUserId(), userPermission.getPermission(), false, session);
+ }
+ }
+ List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions();
+ if (groupsPermissions != null) {
+ for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
+ Long groupId = groupPermission.getGroupId() == null ? null : groupPermission.getGroupId();
+ insertGroupPermission(resourceId, groupId, groupPermission.getPermission(), false, session);
+ }
+ }
+ }
+
+ public void grantDefaultRoles(DbSession session, Long componentId, String qualifier) {
+ ResourceDto resource = dbClient.resourceDao().selectResource(componentId, session);
+ String applicablePermissionTemplateKey = getApplicablePermissionTemplateKey(session, resource.getKey(), qualifier);
+ applyPermissionTemplate(session, applicablePermissionTemplateKey, componentId);
+ }
+
+ /**
+ * Return the permission template for the given componentKey. If no template key pattern match then consider default
+ * permission template for the resource qualifier.
+ */
+ private String getApplicablePermissionTemplateKey(DbSession session, final String componentKey, String qualifier) {
+ List<PermissionTemplateDto> allPermissionTemplates = dbClient.permissionTemplateDao().selectAllPermissionTemplates(session);
+ List<PermissionTemplateDto> matchingTemplates = new ArrayList<>();
+ for (PermissionTemplateDto permissionTemplateDto : allPermissionTemplates) {
+ String keyPattern = permissionTemplateDto.getKeyPattern();
+ if (StringUtils.isNotBlank(keyPattern) && componentKey.matches(keyPattern)) {
+ matchingTemplates.add(permissionTemplateDto);
+ }
+ }
+ checkAtMostOneMatchForComponentKey(componentKey, matchingTemplates);
+ if (matchingTemplates.size() == 1) {
+ return matchingTemplates.get(0).getKee();
+ }
+ String qualifierTemplateKey = settings.getString("sonar.permission.template." + qualifier + ".default");
+ if (!StringUtils.isBlank(qualifierTemplateKey)) {
+ return qualifierTemplateKey;
+ }
+
+ String defaultTemplateKey = settings.getString("sonar.permission.template.default");
+ if (StringUtils.isBlank(defaultTemplateKey)) {
+ throw new IllegalStateException("At least one default permission template should be defined");
+ }
+ return defaultTemplateKey;
+ }
+
+ private void checkAtMostOneMatchForComponentKey(final String componentKey, List<PermissionTemplateDto> matchingTemplates) {
+ if (matchingTemplates.size() > 1) {
+ StringBuilder templatesNames = new StringBuilder();
+ for (Iterator<PermissionTemplateDto> it = matchingTemplates.iterator(); it.hasNext();) {
+ templatesNames.append("\"").append(it.next().getName()).append("\"");
+ if (it.hasNext()) {
+ templatesNames.append(", ");
+ }
+ }
+ throw new IllegalStateException(MessageFormat.format(
+ "The \"{0}\" key matches multiple permission templates: {1}."
+ + " A system administrator must update these templates so that only one of them matches the key.", componentKey,
+ templatesNames.toString()));
+ }
+ }
+}
}
}
+ /**
+ * Load permission template and load associated collections of users and groups permissions
+ */
+ @VisibleForTesting
+ PermissionTemplateDto selectPermissionTemplateWithPermissions(DbSession session, String templateKey) {
+ PermissionTemplateDto permissionTemplateDto = selectTemplateByKey(session, templateKey);
+ if (permissionTemplateDto == null) {
+ throw new IllegalArgumentException("Could not retrieve permission template with key " + templateKey);
+ }
+ PermissionTemplateDto templateWithPermissions = selectPermissionTemplate(session, permissionTemplateDto.getKee());
+ if (templateWithPermissions == null) {
+ throw new IllegalArgumentException("Could not retrieve permissions for template with key " + templateKey);
+ }
+ return templateWithPermissions;
+ }
+
/**
* Remove a group from all templates (used when removing a group)
*/
mapper(session).deleteGroupRole(groupRole);
}
- public void deleteGroupRolesByResourceId(Long resourceId, SqlSession session) {
+ public void deleteGroupRolesByResourceId(DbSession session, Long resourceId) {
mapper(session).deleteGroupRolesByResourceId(resourceId);
}
- public void deleteUserRolesByResourceId(Long resourceId, SqlSession session) {
+ public void deleteUserRolesByResourceId(DbSession session, Long resourceId) {
mapper(session).deleteUserRolesByResourceId(resourceId);
}
mapper(session).deleteGroupRolesByGroupId(groupId);
}
+ public int countComponentPermissions(DbSession session, Long componentId) {
+ return countResourceGroupRoles(session, componentId) + countResourceUserRoles(session, componentId);
+ }
+
+ public void removeAllPermissions(DbSession session, Long resourceId) {
+ deleteGroupRolesByResourceId(session, resourceId);
+ deleteUserRolesByResourceId(session, resourceId);
+ }
+
private static RoleMapper mapper(SqlSession session) {
return session.getMapper(RoleMapper.class);
}
+++ /dev/null
-/*
- * SonarQube, open source software quality management tool.
- * Copyright (C) 2008-2014 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * SonarQube is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * SonarQube is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.sonar.db.permission;
-
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.rules.ExpectedException;
-import org.sonar.api.config.Settings;
-import org.sonar.api.utils.System2;
-import org.sonar.api.web.UserRole;
-import org.sonar.db.DbClient;
-import org.sonar.db.DbTester;
-import org.sonar.test.DbTests;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-@Category(DbTests.class)
-public class PermissionFacadeTest {
-
- @Rule
- public ExpectedException throwable = ExpectedException.none();
-
- System2 system2 = mock(System2.class);
-
- @Rule
- public DbTester dbTester = DbTester.create(system2);
-
- PermissionFacade permissionFacade;
-
- @Before
- public void setUp() {
- when(system2.now()).thenReturn(123456789L);
-
- Settings settings = new Settings();
- permissionFacade = new PermissionFacade(dbTester.getDbClient(), settings);
- }
-
- @Test
- public void should_apply_permission_template() {
- dbTester.prepareDbUnit(getClass(), "should_apply_permission_template.xml");
-
- assertThat(permissionFacade.selectGroupPermissions(dbTester.getSession(), "sonar-administrators", 123L)).isEmpty();
- assertThat(permissionFacade.selectGroupPermissions(dbTester.getSession(), "sonar-users", 123L)).isEmpty();
- assertThat(permissionFacade.selectGroupPermissions(dbTester.getSession(), "Anyone", 123L)).isEmpty();
- assertThat(permissionFacade.selectUserPermissions(dbTester.getSession(), "marius", 123L)).isEmpty();
-
- permissionFacade.applyPermissionTemplate(dbTester.getSession(), "default_20130101_010203", 123L);
-
- assertThat(permissionFacade.selectGroupPermissions(dbTester.getSession(), "sonar-administrators", 123L)).containsOnly("admin", "issueadmin");
- assertThat(permissionFacade.selectGroupPermissions(dbTester.getSession(), "sonar-users", 123L)).containsOnly("user", "codeviewer");
- assertThat(permissionFacade.selectGroupPermissions(dbTester.getSession(), "Anyone", 123L)).containsOnly("user", "codeviewer");
-
- assertThat(permissionFacade.selectUserPermissions(dbTester.getSession(), "marius", 123L)).containsOnly("admin");
-
- assertThat(dbTester.getDbClient().resourceDao().selectResource(123L, dbTester.getSession()).getAuthorizationUpdatedAt()).isEqualTo(123456789L);
- }
-
- @Test
- public void should_count_component_permissions() {
- dbTester.prepareDbUnit(getClass(), "should_count_component_permissions.xml");
-
- assertThat(permissionFacade.countComponentPermissions(dbTester.getSession(), 123L)).isEqualTo(2);
- }
-
- @Test
- public void should_add_user_permission() {
- dbTester.prepareDbUnit(getClass(), "should_add_user_permission.xml");
-
- permissionFacade.insertUserPermission(123L, 200L, UserRole.ADMIN, dbTester.getSession());
- dbTester.getSession().commit();
-
- dbTester.assertDbUnitTable(getClass(), "should_add_user_permission-result.xml", "user_roles", "user_id", "resource_id", "role");
- dbTester.assertDbUnitTable(getClass(), "should_add_user_permission-result.xml", "projects", "authorization_updated_at");
- }
-
- @Test
- public void should_delete_user_permission() {
- dbTester.prepareDbUnit(getClass(), "should_delete_user_permission.xml");
-
- permissionFacade.deleteUserPermission(123L, 200L, UserRole.ADMIN, dbTester.getSession());
- dbTester.getSession().commit();
-
- dbTester.assertDbUnitTable(getClass(), "should_delete_user_permission-result.xml", "user_roles", "user_id", "resource_id", "role");
- dbTester.assertDbUnitTable(getClass(), "should_delete_user_permission-result.xml", "projects", "authorization_updated_at");
- }
-
- @Test
- public void should_insert_group_permission() {
- dbTester.prepareDbUnit(getClass(), "should_insert_group_permission.xml");
-
- permissionFacade.insertGroupPermission(123L, 100L, UserRole.USER, dbTester.getSession());
- dbTester.getSession().commit();
-
- dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
- dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "projects", "authorization_updated_at");
- }
-
- @Test
- public void should_insert_group_name_permission() {
- dbTester.prepareDbUnit(getClass(), "should_insert_group_permission.xml");
-
- permissionFacade.insertGroupPermission(123L, "devs", UserRole.USER, dbTester.getSession());
- dbTester.getSession().commit();
-
- dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
- dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "projects", "authorization_updated_at");
- }
-
- @Test
- public void should_insert_anyone_group_permission() {
- dbTester.prepareDbUnit(getClass(), "should_insert_anyone_group_permission.xml");
-
- permissionFacade.insertGroupPermission(123L, "Anyone", UserRole.USER, dbTester.getSession());
- dbTester.getSession().commit();
-
- dbTester.assertDbUnitTable(getClass(), "should_insert_anyone_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
- dbTester.assertDbUnitTable(getClass(), "should_insert_anyone_group_permission-result.xml", "projects", "authorization_updated_at");
- }
-
- @Test
- public void should_delete_group_permission() {
- dbTester.prepareDbUnit(getClass(), "should_delete_group_permission.xml");
-
- permissionFacade.deleteGroupPermission(123L, 100L, UserRole.USER, dbTester.getSession());
- dbTester.getSession().commit();
-
- dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
- dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "projects", "authorization_updated_at");
- }
-
- @Test
- public void should_delete_group_name_permission() {
- dbTester.prepareDbUnit(getClass(), "should_delete_group_permission.xml");
-
- permissionFacade.deleteGroupPermission(123L, "devs", UserRole.USER, dbTester.getSession());
- dbTester.getSession().commit();
-
- dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
- dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "projects", "authorization_updated_at");
- }
-
- @Test
- public void should_retrieve_permission_template() {
- dbTester.truncateTables();
-
- PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto().setName("Test template").setKee("test_template");
- PermissionTemplateDto templateWithPermissions = new PermissionTemplateDto().setKee("test_template");
- PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class);
- when(permissionTemplateDao.selectTemplateByKey(dbTester.getSession(), "test_template")).thenReturn(permissionTemplateDto);
- when(permissionTemplateDao.selectPermissionTemplate(dbTester.getSession(), "test_template")).thenReturn(templateWithPermissions);
-
- DbClient dbClient = mock(DbClient.class);
- when(dbClient.permissionTemplateDao()).thenReturn(permissionTemplateDao);
- permissionFacade = new PermissionFacade(dbClient, null);
-
- PermissionTemplateDto permissionTemplate = permissionFacade.getPermissionTemplateWithPermissions(dbTester.getSession(), "test_template");
-
- assertThat(permissionTemplate).isSameAs(templateWithPermissions);
- }
-
- @Test
- public void should_fail_on_unmatched_template() {
- dbTester.truncateTables();
-
- throwable.expect(IllegalArgumentException.class);
-
- PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class);
-
- DbClient dbClient = mock(DbClient.class);
- when(dbClient.permissionTemplateDao()).thenReturn(permissionTemplateDao);
- permissionFacade = new PermissionFacade(dbClient, null);
- permissionFacade.getPermissionTemplateWithPermissions(dbTester.getSession(), "unmatched");
- }
-
- @Test
- public void should_remove_all_permissions() {
- dbTester.prepareDbUnit(getClass(), "should_remove_all_permissions.xml");
-
- assertThat(permissionFacade.selectGroupPermissions(dbTester.getSession(), "devs", 123L)).hasSize(1);
- assertThat(permissionFacade.selectGroupPermissions(dbTester.getSession(), "other", 123L)).isEmpty();
- assertThat(permissionFacade.selectUserPermissions(dbTester.getSession(), "dave.loper", 123L)).hasSize(1);
- assertThat(permissionFacade.selectUserPermissions(dbTester.getSession(), "other.user", 123L)).isEmpty();
-
- permissionFacade.removeAllPermissions(123L, dbTester.getSession());
- dbTester.getSession().commit();
-
- dbTester.assertDbUnitTable(getClass(), "should_remove_all_permissions-result.xml", "group_roles", "group_id", "resource_id", "role");
- dbTester.assertDbUnitTable(getClass(), "should_remove_all_permissions-result.xml", "user_roles", "user_id", "resource_id", "role");
-
- assertThat(permissionFacade.selectGroupPermissions(dbTester.getSession(), "devs", 123L)).isEmpty();
- assertThat(permissionFacade.selectUserPermissions(dbTester.getSession(), "dave.loper", 123L)).isEmpty();
- }
-}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2014 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.db.permission;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.ExpectedException;
+import org.sonar.api.config.Settings;
+import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
+import org.sonar.db.DbTester;
+import org.sonar.db.user.RoleDao;
+import org.sonar.test.DbTests;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+@Category(DbTests.class)
+public class PermissionRepositoryTest {
+
+ @Rule
+ public ExpectedException throwable = ExpectedException.none();
+
+ System2 system2 = mock(System2.class);
+
+ @Rule
+ public DbTester dbTester = DbTester.create(system2);
+
+ PermissionRepository underTest;
+
+ @Before
+ public void setUp() {
+ when(system2.now()).thenReturn(123456789L);
+
+ Settings settings = new Settings();
+ underTest = new PermissionRepository(dbTester.getDbClient(), settings);
+ }
+
+ @Test
+ public void should_apply_permission_template() {
+ dbTester.prepareDbUnit(getClass(), "should_apply_permission_template.xml");
+
+ RoleDao roleDao = dbTester.getDbClient().roleDao();
+ assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "sonar-administrators", 123L)).isEmpty();
+ assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "sonar-users", 123L)).isEmpty();
+ assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "Anyone", 123L)).isEmpty();
+ assertThat(roleDao.selectUserPermissions(dbTester.getSession(), "marius", 123L)).isEmpty();
+
+ underTest.applyPermissionTemplate(dbTester.getSession(), "default_20130101_010203", 123L);
+
+ assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "sonar-administrators", 123L)).containsOnly("admin", "issueadmin");
+ assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "sonar-users", 123L)).containsOnly("user", "codeviewer");
+ assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "Anyone", 123L)).containsOnly("user", "codeviewer");
+
+ assertThat(roleDao.selectUserPermissions(dbTester.getSession(), "marius", 123L)).containsOnly("admin");
+
+ assertThat(dbTester.getDbClient().resourceDao().selectResource(123L, dbTester.getSession()).getAuthorizationUpdatedAt()).isEqualTo(123456789L);
+ }
+
+ @Test
+ public void should_add_user_permission() {
+ dbTester.prepareDbUnit(getClass(), "should_add_user_permission.xml");
+
+ underTest.insertUserPermission(123L, 200L, UserRole.ADMIN, dbTester.getSession());
+ dbTester.getSession().commit();
+
+ dbTester.assertDbUnitTable(getClass(), "should_add_user_permission-result.xml", "user_roles", "user_id", "resource_id", "role");
+ dbTester.assertDbUnitTable(getClass(), "should_add_user_permission-result.xml", "projects", "authorization_updated_at");
+ }
+
+ @Test
+ public void should_delete_user_permission() {
+ dbTester.prepareDbUnit(getClass(), "should_delete_user_permission.xml");
+
+ underTest.deleteUserPermission(123L, 200L, UserRole.ADMIN, dbTester.getSession());
+ dbTester.getSession().commit();
+
+ dbTester.assertDbUnitTable(getClass(), "should_delete_user_permission-result.xml", "user_roles", "user_id", "resource_id", "role");
+ dbTester.assertDbUnitTable(getClass(), "should_delete_user_permission-result.xml", "projects", "authorization_updated_at");
+ }
+
+ @Test
+ public void should_insert_group_permission() {
+ dbTester.prepareDbUnit(getClass(), "should_insert_group_permission.xml");
+
+ underTest.insertGroupPermission(123L, 100L, UserRole.USER, dbTester.getSession());
+ dbTester.getSession().commit();
+
+ dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
+ dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "projects", "authorization_updated_at");
+ }
+
+ @Test
+ public void should_insert_group_name_permission() {
+ dbTester.prepareDbUnit(getClass(), "should_insert_group_permission.xml");
+
+ underTest.insertGroupPermission(123L, "devs", UserRole.USER, dbTester.getSession());
+ dbTester.getSession().commit();
+
+ dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
+ dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "projects", "authorization_updated_at");
+ }
+
+ @Test
+ public void should_insert_anyone_group_permission() {
+ dbTester.prepareDbUnit(getClass(), "should_insert_anyone_group_permission.xml");
+
+ underTest.insertGroupPermission(123L, "Anyone", UserRole.USER, dbTester.getSession());
+ dbTester.getSession().commit();
+
+ dbTester.assertDbUnitTable(getClass(), "should_insert_anyone_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
+ dbTester.assertDbUnitTable(getClass(), "should_insert_anyone_group_permission-result.xml", "projects", "authorization_updated_at");
+ }
+
+ @Test
+ public void should_delete_group_permission() {
+ dbTester.prepareDbUnit(getClass(), "should_delete_group_permission.xml");
+
+ underTest.deleteGroupPermission(123L, 100L, UserRole.USER, dbTester.getSession());
+ dbTester.getSession().commit();
+
+ dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
+ dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "projects", "authorization_updated_at");
+ }
+
+ @Test
+ public void should_delete_group_name_permission() {
+ dbTester.prepareDbUnit(getClass(), "should_delete_group_permission.xml");
+
+ underTest.deleteGroupPermission(123L, "devs", UserRole.USER, dbTester.getSession());
+ dbTester.getSession().commit();
+
+ dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
+ dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "projects", "authorization_updated_at");
+ }
+}
import java.util.List;
import org.junit.Rule;
import org.junit.Test;
+import org.junit.rules.ExpectedException;
import org.sonar.api.utils.System2;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
System2 system = mock(System2.class);
@Rule
- public DbTester db = DbTester.create(system);
+ public DbTester dbTester = DbTester.create(system);
+ @Rule
+ public ExpectedException expectedException = ExpectedException.none();
- PermissionTemplateDao permissionTemplateDao = db.getDbClient().permissionTemplateDao();
+ PermissionTemplateDao underTest = dbTester.getDbClient().permissionTemplateDao();
@Test
public void should_create_permission_template() throws ParseException {
- db.prepareDbUnit(getClass(), "createPermissionTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "createPermissionTemplate.xml");
Date now = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse("2013-01-02 01:04:05");
when(system.now()).thenReturn(now.getTime());
- PermissionTemplateDto permissionTemplate = permissionTemplateDao.insertPermissionTemplate("my template", "my description", "myregexp");
+ PermissionTemplateDto permissionTemplate = underTest.insertPermissionTemplate("my template", "my description", "myregexp");
assertThat(permissionTemplate).isNotNull();
assertThat(permissionTemplate.getId()).isEqualTo(1L);
- db.assertDbUnitTable(getClass(), "createPermissionTemplate-result.xml", "permission_templates", "id", "name", "kee", "description");
+ dbTester.assertDbUnitTable(getClass(), "createPermissionTemplate-result.xml", "permission_templates", "id", "name", "kee", "description");
}
@Test
public void should_normalize_kee_on_template_creation() throws ParseException {
- db.prepareDbUnit(getClass(), "createNonAsciiPermissionTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "createNonAsciiPermissionTemplate.xml");
Date now = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse("2013-01-02 01:04:05");
when(system.now()).thenReturn(now.getTime());
- PermissionTemplateDto permissionTemplate = permissionTemplateDao.insertPermissionTemplate("Môü Gnô Gnèçà ß", "my description", null);
+ PermissionTemplateDto permissionTemplate = underTest.insertPermissionTemplate("Môü Gnô Gnèçà ß", "my description", null);
assertThat(permissionTemplate).isNotNull();
assertThat(permissionTemplate.getId()).isEqualTo(1L);
- db.assertDbUnitTable(getClass(), "createNonAsciiPermissionTemplate-result.xml", "permission_templates", "id", "name", "kee", "description");
+ dbTester.assertDbUnitTable(getClass(), "createNonAsciiPermissionTemplate-result.xml", "permission_templates", "id", "name", "kee", "description");
}
@Test
public void should_skip_key_normalization_on_default_template() {
- db.truncateTables();
+ dbTester.truncateTables();
PermissionTemplateMapper mapper = mock(PermissionTemplateMapper.class);
MyBatis myBatis = mock(MyBatis.class);
when(myBatis.openSession(false)).thenReturn(session);
- permissionTemplateDao = new PermissionTemplateDao(myBatis, system);
- PermissionTemplateDto permissionTemplate = permissionTemplateDao.insertPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), null, null);
+ underTest = new PermissionTemplateDao(myBatis, system);
+ PermissionTemplateDto permissionTemplate = underTest.insertPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), null, null);
verify(mapper).insert(permissionTemplate);
verify(session).commit();
@Test
public void should_select_permission_template() {
- db.prepareDbUnit(getClass(), "selectPermissionTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "selectPermissionTemplate.xml");
- PermissionTemplateDto permissionTemplate = permissionTemplateDao.selectPermissionTemplate("my_template_20130102_030405");
+ PermissionTemplateDto permissionTemplate = underTest.selectPermissionTemplate("my_template_20130102_030405");
assertThat(permissionTemplate).isNotNull();
assertThat(permissionTemplate.getName()).isEqualTo("my template");
@Test
public void should_select_empty_permission_template() {
- db.prepareDbUnit(getClass(), "selectEmptyPermissionTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "selectEmptyPermissionTemplate.xml");
- PermissionTemplateDto permissionTemplate = permissionTemplateDao.selectPermissionTemplate("my_template_20130102_030405");
+ PermissionTemplateDto permissionTemplate = underTest.selectPermissionTemplate("my_template_20130102_030405");
assertThat(permissionTemplate).isNotNull();
assertThat(permissionTemplate.getName()).isEqualTo("my template");
@Test
public void should_select_permission_template_by_key() {
- db.prepareDbUnit(getClass(), "selectPermissionTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "selectPermissionTemplate.xml");
- PermissionTemplateDto permissionTemplate = permissionTemplateDao.selectTemplateByKey("my_template_20130102_030405");
+ PermissionTemplateDto permissionTemplate = underTest.selectTemplateByKey("my_template_20130102_030405");
assertThat(permissionTemplate).isNotNull();
assertThat(permissionTemplate.getId()).isEqualTo(1L);
@Test
public void should_select_all_permission_templates() {
- db.prepareDbUnit(getClass(), "selectAllPermissionTemplates.xml");
+ dbTester.prepareDbUnit(getClass(), "selectAllPermissionTemplates.xml");
- List<PermissionTemplateDto> permissionTemplates = permissionTemplateDao.selectAllPermissionTemplates();
+ List<PermissionTemplateDto> permissionTemplates = underTest.selectAllPermissionTemplates();
assertThat(permissionTemplates).hasSize(3);
assertThat(permissionTemplates).extracting("id").containsOnly(1L, 2L, 3L);
@Test
public void should_update_permission_template() {
- db.prepareDbUnit(getClass(), "updatePermissionTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "updatePermissionTemplate.xml");
- permissionTemplateDao.updatePermissionTemplate(1L, "new_name", "new_description", "new_regexp");
+ underTest.updatePermissionTemplate(1L, "new_name", "new_description", "new_regexp");
- db.assertDbUnitTable(getClass(), "updatePermissionTemplate-result.xml", "permission_templates", "id", "name", "kee", "description");
+ dbTester.assertDbUnitTable(getClass(), "updatePermissionTemplate-result.xml", "permission_templates", "id", "name", "kee", "description");
}
@Test
public void should_delete_permission_template() {
- db.prepareDbUnit(getClass(), "deletePermissionTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "deletePermissionTemplate.xml");
- permissionTemplateDao.deletePermissionTemplate(1L);
+ underTest.deletePermissionTemplate(1L);
checkTemplateTables("deletePermissionTemplate-result.xml");
}
@Test
public void should_add_user_permission_to_template() {
- db.prepareDbUnit(getClass(), "addUserPermissionToTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "addUserPermissionToTemplate.xml");
- permissionTemplateDao.insertUserPermission(1L, 1L, "new_permission");
+ underTest.insertUserPermission(1L, 1L, "new_permission");
checkTemplateTables("addUserPermissionToTemplate-result.xml");
}
@Test
public void should_remove_user_permission_from_template() {
- db.prepareDbUnit(getClass(), "removeUserPermissionFromTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "removeUserPermissionFromTemplate.xml");
- permissionTemplateDao.deleteUserPermission(1L, 2L, "permission_to_remove");
+ underTest.deleteUserPermission(1L, 2L, "permission_to_remove");
checkTemplateTables("removeUserPermissionFromTemplate-result.xml");
}
@Test
public void should_add_group_permission_to_template() {
- db.prepareDbUnit(getClass(), "addGroupPermissionToTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "addGroupPermissionToTemplate.xml");
- permissionTemplateDao.insertGroupPermission(1L, 1L, "new_permission");
+ underTest.insertGroupPermission(1L, 1L, "new_permission");
checkTemplateTables("addGroupPermissionToTemplate-result.xml");
}
@Test
public void should_remove_group_permission_from_template() {
- db.prepareDbUnit(getClass(), "removeGroupPermissionFromTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "removeGroupPermissionFromTemplate.xml");
- permissionTemplateDao.deleteGroupPermission(1L, 2L, "permission_to_remove");
+ underTest.deleteGroupPermission(1L, 2L, "permission_to_remove");
checkTemplateTables("removeGroupPermissionFromTemplate-result.xml");
}
@Test
public void remove_by_group() {
- db.prepareDbUnit(getClass(), "remove_by_group.xml");
+ dbTester.prepareDbUnit(getClass(), "remove_by_group.xml");
- permissionTemplateDao.deleteByGroup(db.getSession(), 2L);
- db.getSession().commit();
+ underTest.deleteByGroup(dbTester.getSession(), 2L);
+ dbTester.getSession().commit();
- db.assertDbUnitTable(getClass(), "remove_by_group-result.xml", "permission_templates", "id", "name", "kee", "description");
+ dbTester.assertDbUnitTable(getClass(), "remove_by_group-result.xml", "permission_templates", "id", "name", "kee", "description");
}
@Test
public void should_add_group_permission_with_null_name() {
- db.prepareDbUnit(getClass(), "addNullGroupPermissionToTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "addNullGroupPermissionToTemplate.xml");
- permissionTemplateDao.insertGroupPermission(1L, null, "new_permission");
+ underTest.insertGroupPermission(1L, null, "new_permission");
checkTemplateTables("addNullGroupPermissionToTemplate-result.xml");
}
@Test
public void should_remove_group_permission_with_null_name() {
- db.prepareDbUnit(getClass(), "removeNullGroupPermissionFromTemplate.xml");
+ dbTester.prepareDbUnit(getClass(), "removeNullGroupPermissionFromTemplate.xml");
- permissionTemplateDao.deleteGroupPermission(1L, null, "permission_to_remove");
+ underTest.deleteGroupPermission(1L, null, "permission_to_remove");
checkTemplateTables("removeNullGroupPermissionFromTemplate-result.xml");
}
+ @Test
+ public void should_retrieve_permission_template() {
+ dbTester.truncateTables();
+
+ PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto().setName("Test template").setKee("test_template");
+ PermissionTemplateDto templateWithPermissions = new PermissionTemplateDto().setKee("test_template");
+ underTest = mock(PermissionTemplateDao.class);
+ when(underTest.selectTemplateByKey(dbTester.getSession(), "test_template")).thenReturn(permissionTemplateDto);
+ when(underTest.selectPermissionTemplate(dbTester.getSession(), "test_template")).thenReturn(templateWithPermissions);
+ when(underTest.selectPermissionTemplateWithPermissions(dbTester.getSession(), "test_template")).thenCallRealMethod();
+
+ PermissionTemplateDto permissionTemplate = underTest.selectPermissionTemplateWithPermissions(dbTester.getSession(), "test_template");
+
+ assertThat(permissionTemplate).isSameAs(templateWithPermissions);
+ }
+
+ @Test
+ public void should_fail_on_unmatched_template() {
+ dbTester.truncateTables();
+
+ expectedException.expect(IllegalArgumentException.class);
+
+ underTest.selectPermissionTemplateWithPermissions(dbTester.getSession(), "unmatched");
+ }
+
private void checkTemplateTables(String fileName) {
- db.assertDbUnitTable(getClass(), fileName, "permission_templates", "id", "name", "description");
- db.assertDbUnitTable(getClass(), fileName, "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
- db.assertDbUnitTable(getClass(), fileName, "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
+ dbTester.assertDbUnitTable(getClass(), fileName, "permission_templates", "id", "name", "description");
+ dbTester.assertDbUnitTable(getClass(), fileName, "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ dbTester.assertDbUnitTable(getClass(), fileName, "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
}
}
@Rule
public DbTester dbTester = DbTester.create(System2.INSTANCE);
- RoleDao dao = dbTester.getDbClient().roleDao();
+ RoleDao underTest = dbTester.getDbClient().roleDao();
@Test
public void retrieve_global_user_permissions() {
dbTester.prepareDbUnit(getClass(), "globalUserPermissions.xml");
- assertThat(dao.selectUserPermissions(dbTester.getSession(), "admin_user", null)).containsOnly(GlobalPermissions.SYSTEM_ADMIN, GlobalPermissions.QUALITY_PROFILE_ADMIN);
- assertThat(dao.selectUserPermissions(dbTester.getSession(), "profile_admin_user", null)).containsOnly(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ assertThat(underTest.selectUserPermissions(dbTester.getSession(), "admin_user", null)).containsOnly(GlobalPermissions.SYSTEM_ADMIN, GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ assertThat(underTest.selectUserPermissions(dbTester.getSession(), "profile_admin_user", null)).containsOnly(GlobalPermissions.QUALITY_PROFILE_ADMIN);
}
@Test
public void retrieve_resource_user_permissions() {
dbTester.prepareDbUnit(getClass(), "resourceUserPermissions.xml");
- assertThat(dao.selectUserPermissions(dbTester.getSession(), "admin_user", 1L)).containsOnly(UserRole.ADMIN, UserRole.USER);
- assertThat(dao.selectUserPermissions(dbTester.getSession(), "browse_admin_user", 1L)).containsOnly(UserRole.USER);
+ assertThat(underTest.selectUserPermissions(dbTester.getSession(), "admin_user", 1L)).containsOnly(UserRole.ADMIN, UserRole.USER);
+ assertThat(underTest.selectUserPermissions(dbTester.getSession(), "browse_admin_user", 1L)).containsOnly(UserRole.USER);
}
@Test
public void retrieve_global_group_permissions() {
dbTester.prepareDbUnit(getClass(), "globalGroupPermissions.xml");
- assertThat(dao.selectGroupPermissions(dbTester.getSession(), "sonar-administrators", null)).containsOnly(GlobalPermissions.SYSTEM_ADMIN, GlobalPermissions.QUALITY_PROFILE_ADMIN,
+ assertThat(underTest.selectGroupPermissions(dbTester.getSession(), "sonar-administrators", null)).containsOnly(GlobalPermissions.SYSTEM_ADMIN, GlobalPermissions.QUALITY_PROFILE_ADMIN,
GlobalPermissions.DASHBOARD_SHARING);
- assertThat(dao.selectGroupPermissions(dbTester.getSession(), "sonar-users", null)).containsOnly(GlobalPermissions.DASHBOARD_SHARING);
- assertThat(dao.selectGroupPermissions(dbTester.getSession(), DefaultGroups.ANYONE, null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION, GlobalPermissions.SCAN_EXECUTION);
- assertThat(dao.selectGroupPermissions(dbTester.getSession(), "anyone", null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION, GlobalPermissions.SCAN_EXECUTION);
- assertThat(dao.selectGroupPermissions(dbTester.getSession(), "AnYoNe", null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION, GlobalPermissions.SCAN_EXECUTION);
+ assertThat(underTest.selectGroupPermissions(dbTester.getSession(), "sonar-users", null)).containsOnly(GlobalPermissions.DASHBOARD_SHARING);
+ assertThat(underTest.selectGroupPermissions(dbTester.getSession(), DefaultGroups.ANYONE, null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION, GlobalPermissions.SCAN_EXECUTION);
+ assertThat(underTest.selectGroupPermissions(dbTester.getSession(), "anyone", null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION, GlobalPermissions.SCAN_EXECUTION);
+ assertThat(underTest.selectGroupPermissions(dbTester.getSession(), "AnYoNe", null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION, GlobalPermissions.SCAN_EXECUTION);
}
@Test
public void retrieve_resource_group_permissions() {
dbTester.prepareDbUnit(getClass(), "resourceGroupPermissions.xml");
- assertThat(dao.selectGroupPermissions(dbTester.getSession(), "sonar-administrators", 1L)).containsOnly(UserRole.ADMIN, UserRole.CODEVIEWER);
- assertThat(dao.selectGroupPermissions(dbTester.getSession(), "sonar-users", 1L)).containsOnly(UserRole.CODEVIEWER);
+ assertThat(underTest.selectGroupPermissions(dbTester.getSession(), "sonar-administrators", 1L)).containsOnly(UserRole.ADMIN, UserRole.CODEVIEWER);
+ assertThat(underTest.selectGroupPermissions(dbTester.getSession(), "sonar-users", 1L)).containsOnly(UserRole.CODEVIEWER);
}
@Test
UserRoleDto userRoleToDelete = new UserRoleDto().setUserId(200L).setRole(GlobalPermissions.QUALITY_PROFILE_ADMIN);
- dao.deleteUserRole(userRoleToDelete, dbTester.getSession());
+ underTest.deleteUserRole(userRoleToDelete, dbTester.getSession());
dbTester.getSession().commit();
dbTester.assertDbUnit(getClass(), "globalUserPermissions-result.xml", "user_roles");
UserRoleDto userRoleToDelete = new UserRoleDto().setUserId(200L).setRole(UserRole.USER).setResourceId(1L);
- dao.deleteUserRole(userRoleToDelete, dbTester.getSession());
+ underTest.deleteUserRole(userRoleToDelete, dbTester.getSession());
dbTester.getSession().commit();
dbTester.assertDbUnit(getClass(), "resourceUserPermissions-result.xml", "user_roles");
GroupRoleDto groupRoleToDelete = new GroupRoleDto().setGroupId(100L).setRole(GlobalPermissions.QUALITY_PROFILE_ADMIN);
- dao.deleteGroupRole(groupRoleToDelete, dbTester.getSession());
+ underTest.deleteGroupRole(groupRoleToDelete, dbTester.getSession());
dbTester.getSession().commit();
dbTester.assertDbUnit(getClass(), "globalGroupPermissions-result.xml", "group_roles");
GroupRoleDto groupRoleToDelete = new GroupRoleDto().setGroupId(100L).setRole(UserRole.CODEVIEWER).setResourceId(1L);
- dao.deleteGroupRole(groupRoleToDelete, dbTester.getSession());
+ underTest.deleteGroupRole(groupRoleToDelete, dbTester.getSession());
dbTester.getSession().commit();
dbTester.assertDbUnit(getClass(), "resourceGroupPermissions-result.xml", "group_roles");
public void delete_all_group_permissions_by_group_id() {
dbTester.prepareDbUnit(getClass(), "deleteGroupPermissionsByGroupId.xml");
- dao.deleteGroupRolesByGroupId(dbTester.getSession(), 100L);
+ underTest.deleteGroupRolesByGroupId(dbTester.getSession(), 100L);
dbTester.getSession().commit();
dbTester.assertDbUnit(getClass(), "deleteGroupPermissionsByGroupId-result.xml", "group_roles");
}
+
+ @Test
+ public void should_count_component_permissions() {
+ dbTester.prepareDbUnit(getClass(), "should_count_component_permissions.xml");
+
+ assertThat(underTest.countComponentPermissions(dbTester.getSession(), 123L)).isEqualTo(2);
+ }
+
+ @Test
+ public void should_remove_all_permissions() {
+ dbTester.prepareDbUnit(getClass(), "should_remove_all_permissions.xml");
+
+ assertThat(underTest.selectGroupPermissions(dbTester.getSession(), "devs", 123L)).hasSize(1);
+ assertThat(underTest.selectGroupPermissions(dbTester.getSession(), "other", 123L)).isEmpty();
+ assertThat(underTest.selectUserPermissions(dbTester.getSession(), "dave.loper", 123L)).hasSize(1);
+ assertThat(underTest.selectUserPermissions(dbTester.getSession(), "other.user", 123L)).isEmpty();
+
+ underTest.removeAllPermissions(dbTester.getSession(), 123L);
+ dbTester.getSession().commit();
+
+ dbTester.assertDbUnitTable(getClass(), "should_remove_all_permissions-result.xml", "group_roles", "group_id", "resource_id", "role");
+ dbTester.assertDbUnitTable(getClass(), "should_remove_all_permissions-result.xml", "user_roles", "user_id", "resource_id", "role");
+
+ assertThat(underTest.selectGroupPermissions(dbTester.getSession(), "devs", 123L)).isEmpty();
+ assertThat(underTest.selectUserPermissions(dbTester.getSession(), "dave.loper", 123L)).isEmpty();
+ }
}
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
- <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
-
- <projects id="100" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="123456789"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
-
- <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="123456789"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <groups id="100" name="sonar-administrators"/>
- <groups id="101" name="sonar-users"/>
-
- <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
-
- <!-- on other resources -->
- <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="2" group_id="101" resource_id="1" role="user"/>
- <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
-
- <!-- new groups permissions : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer) -->
- <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
- <group_roles id="4" group_id="101" resource_id="123" role="user"/>
- <group_roles id="5" group_id="[null]" resource_id="123" role="user"/>
- <group_roles id="6" group_id="101" resource_id="123" role="codeviewer"/>
- <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
- <group_roles id="8" group_id="100" resource_id="123" role="issueadmin"/>
-
- <!-- new user permission : marius (admin) -->
- <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
-
- <!-- default permission template for all qualifiers -->
- <permission_templates id="1" name="default" kee="default_20130101_010203"/>
-
- <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
- <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
- <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
- <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
- <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
- <perm_templates_groups id="6" template_id="1" group_id="100" permission_reference="issueadmin"/>
-
- <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="123456789"/>
-
- <groups id="100" name="sonar-administrators"/>
- <groups id="101" name="sonar-users"/>
-
- <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
-
- <!-- on other resources -->
- <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="2" group_id="101" resource_id="1" role="user"/>
- <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
-
-
- <!-- default permission template for all qualifiers -->
- <permission_templates id="1" name="default" kee="default_20130101_010203"/>
-
- <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
- <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
- <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
- <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
- <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
- <perm_templates_groups id="6" template_id="1" group_id="100" permission_reference="issueadmin"/>
-
- <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <groups id="100" name="devs"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <groups id="100" name="devs"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
-
- <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="123456789"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <groups id="100" name="devs"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
- <group_roles id="2" group_id="100" resource_id="123" role="user"/>
-
- <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="123456789"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
-
- <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="123456789"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
- <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
-
- <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="123456789"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <groups id="100" name="devs"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
- <group_roles id="2" group_id="[null]" resource_id="123" role="user"/>
-
- <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="123456789"/>
-
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <groups id="100" name="devs"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
-
- <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="123456789"/>
-
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <groups id="100" name="devs"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
- <group_roles id="2" group_id="100" resource_id="123" role="user"/>
-
- <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="123456789"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <groups id="100" name="devs"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
-
- <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="123456789"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <groups id="100" name="devs"/>
-
- <user_roles/>
-
- <group_roles/>
-
-</dataset>
\ No newline at end of file
+++ /dev/null
-<dataset>
-
- <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
-
- <groups id="100" name="devs"/>
-
- <user_roles id="1" user_id="200" resource_id="123" role="user"/>
-
- <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
-
-</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+ <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+
+ <projects id="100" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="123456789"/>
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+
+ <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="123456789"/>
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <groups id="100" name="sonar-administrators"/>
+ <groups id="101" name="sonar-users"/>
+
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+ <!-- new groups permissions : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer) -->
+ <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
+ <group_roles id="4" group_id="101" resource_id="123" role="user"/>
+ <group_roles id="5" group_id="[null]" resource_id="123" role="user"/>
+ <group_roles id="6" group_id="101" resource_id="123" role="codeviewer"/>
+ <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
+ <group_roles id="8" group_id="100" resource_id="123" role="issueadmin"/>
+
+ <!-- new user permission : marius (admin) -->
+ <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+
+ <!-- default permission template for all qualifiers -->
+ <permission_templates id="1" name="default" kee="default_20130101_010203"/>
+
+ <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
+ <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
+ <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
+ <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
+ <perm_templates_groups id="6" template_id="1" group_id="100" permission_reference="issueadmin"/>
+
+ <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="123456789"/>
+
+ <groups id="100" name="sonar-administrators"/>
+ <groups id="101" name="sonar-users"/>
+
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+
+ <!-- default permission template for all qualifiers -->
+ <permission_templates id="1" name="default" kee="default_20130101_010203"/>
+
+ <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
+ <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
+ <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
+ <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
+ <perm_templates_groups id="6" template_id="1" group_id="100" permission_reference="issueadmin"/>
+
+ <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <groups id="100" name="devs"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+
+ <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="123456789"/>
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+ <group_roles id="2" group_id="100" resource_id="123" role="user"/>
+
+ <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="123456789"/>
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+
+ <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="123456789"/>
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+ <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+
+ <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="123456789"/>
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+ <group_roles id="2" group_id="[null]" resource_id="123" role="user"/>
+
+ <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="123456789"/>
+
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+
+ <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="123456789"/>
+
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+ <group_roles id="2" group_id="100" resource_id="123" role="user"/>
+
+ <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="123456789"/>
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+
+ <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="123456789"/>
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <groups id="100" name="devs"/>
+
+ <user_roles/>
+
+ <group_roles/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <groups id="100" name="devs"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <groups id="100" name="devs"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <groups id="100" name="devs"/>
+
+ <user_roles/>
+
+ <group_roles/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <users id="200" login="dave.loper" name="Dave Loper" email="dave.loper@company.net" active="[true]"/>
+
+ <groups id="100" name="devs"/>
+
+ <user_roles id="1" user_id="200" resource_id="123" role="user"/>
+
+ <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/>
+
+</dataset>
\ No newline at end of file