.build());
UserDto newUser = dbClient.userDao().selectOrFailByLogin(dbSession, userLogin);
syncGroups(dbSession, user, newUser);
- updateRootFlag(dbSession, newUser);
return newUser;
}
.setExternalIdentity(new ExternalIdentity(provider.getKey(), user.getProviderLogin()))
.setPassword(null));
syncGroups(dbSession, user, userDto);
- updateRootFlag(dbSession, userDto);
}
private void syncGroups(DbSession dbSession, UserIdentity userIdentity, UserDto userDto) {
});
}
- private void updateRootFlag(DbSession dbSession, UserDto userDto) {
- dbClient.userDao().updateRootFlagFromPermissions(dbSession, userDto.getId(), defaultOrganizationProvider.get().getUuid());
- dbSession.commit();
- }
-
private enum GroupDtoToName implements Function<GroupDto, String> {
INSTANCE;
import org.sonar.db.DbSession;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.organization.DefaultOrganizationProvider;
import static java.lang.String.format;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
public class GroupPermissionChanger {
private final DbClient dbClient;
- private final DefaultOrganizationProvider defaultOrganizationProvider;
- public GroupPermissionChanger(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) {
+ public GroupPermissionChanger(DbClient dbClient) {
this.dbClient = dbClient;
- this.defaultOrganizationProvider = defaultOrganizationProvider;
}
public boolean apply(DbSession dbSession, GroupPermissionChange change) {
.setGroupId(change.getGroupIdOrAnyone().getId())
.setResourceId(change.getNullableProjectId());
dbClient.groupPermissionDao().insert(dbSession, addedDto);
- updateRootFlag(dbSession, change);
return true;
}
change.getOrganizationUuid(),
change.getGroupIdOrAnyone().getId(),
change.getNullableProjectId());
- updateRootFlag(dbSession, change);
return true;
}
- private void updateRootFlag(DbSession dbSession, GroupPermissionChange change) {
- if (SYSTEM_ADMIN.equals(change.getPermission()) && !change.getGroupIdOrAnyone().isAnyone() && !change.getProjectId().isPresent()) {
- dbClient.groupDao().updateRootFlagOfUsersInGroupFromPermissions(dbSession, change.getGroupIdOrAnyone().getId(), defaultOrganizationProvider.get().getUuid());
- }
- }
-
private List<String> loadExistingPermissions(DbSession dbSession, GroupPermissionChange change) {
Optional<ProjectId> projectId = change.getProjectId();
if (projectId.isPresent()) {
import org.sonar.db.DbSession;
import org.sonar.db.permission.UserPermissionDto;
import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.organization.DefaultOrganizationProvider;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
public class UserPermissionChanger {
private final DbClient dbClient;
- private final DefaultOrganizationProvider defaultOrganizationProvider;
- public UserPermissionChanger(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) {
+ public UserPermissionChanger(DbClient dbClient) {
this.dbClient = dbClient;
- this.defaultOrganizationProvider = defaultOrganizationProvider;
}
public boolean apply(DbSession dbSession, UserPermissionChange change) {
}
UserPermissionDto dto = new UserPermissionDto(change.getOrganizationUuid(), change.getPermission(), change.getUserId().getId(), change.getNullableProjectId());
dbClient.userPermissionDao().insert(dbSession, dto);
- updateRootFlag(dbSession, change);
return true;
}
} else {
dbClient.userPermissionDao().deleteGlobalPermission(dbSession, change.getUserId().getId(), change.getPermission(), change.getOrganizationUuid());
}
- updateRootFlag(dbSession, change);
return true;
}
}
}
}
-
- private void updateRootFlag(DbSession dbSession, UserPermissionChange change) {
- if (SYSTEM_ADMIN.equals(change.getPermission()) && !change.getProjectId().isPresent()) {
- dbClient.userDao().updateRootFlagFromPermissions(dbSession, change.getUserId().getId(), defaultOrganizationProvider.get().getUuid());
- }
- }
}
boolean isLoggedIn();
/**
- * Whether the user has root privileges.
+ * Whether the user has root privileges when organizations are enabled.
+ * Always returns {@code false} when organizations are disabled.
*/
boolean isRoot();
public UserDto create(NewUser newUser) {
try (DbSession dbSession = dbClient.openSession(false)) {
UserDto createdUser = create(dbSession, newUser);
- dbClient.userDao().updateRootFlagFromPermissions(dbSession, createdUser.getId(), defaultOrganizationProvider.get().getUuid());
dbSession.commit();
return createdUser;
}
import org.sonar.db.DbSession;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserGroupDto;
-import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.user.UserSession;
import static java.lang.String.format;
private final DbClient dbClient;
private final UserSession userSession;
private final GroupWsSupport support;
- private final DefaultOrganizationProvider defaultOrganizationProvider;
- public AddUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support, DefaultOrganizationProvider defaultOrganizationProvider) {
+ public AddUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support) {
this.dbClient = dbClient;
this.userSession = userSession;
this.support = support;
- this.defaultOrganizationProvider = defaultOrganizationProvider;
}
@Override
if (!isMemberOf(dbSession, user, groupId)) {
UserGroupDto membershipDto = new UserGroupDto().setGroupId(groupId.getId()).setUserId(user.getId());
dbClient.userGroupDao().insert(dbSession, membershipDto);
- dbClient.userDao().updateRootFlagFromPermissions(dbSession, user.getId(), defaultOrganizationProvider.get().getUuid());
dbSession.commit();
}
checkNotTryingToDeleteLastAdminGroup(dbSession, groupId);
removeGroupPermissions(dbSession, groupId);
removeFromPermissionTemplates(dbSession, groupId);
- updateRootFlagOfMembers(dbSession, groupId);
removeGroupMembers(dbSession, groupId);
dbClient.groupDao().deleteById(dbSession, groupId.getId());
dbClient.permissionTemplateDao().deleteByGroup(dbSession, groupId.getId());
}
- private void updateRootFlagOfMembers(DbSession dbSession, GroupId groupId) {
- dbClient.groupDao().updateRootFlagOfUsersInGroupFromPermissions(dbSession, groupId.getId(), defaultOrganizationProvider.get().getUuid());
- }
-
private void removeGroupMembers(DbSession dbSession, GroupId groupId) {
dbClient.userGroupDao().deleteByGroupId(dbSession, groupId.getId());
}
import org.sonar.db.DbSession;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.user.UserSession;
import static java.lang.String.format;
private final DbClient dbClient;
private final UserSession userSession;
private final GroupWsSupport support;
- private final DefaultOrganizationProvider defaultOrganizationProvider;
- public RemoveUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support, DefaultOrganizationProvider defaultOrganizationProvider) {
+ public RemoveUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support) {
this.dbClient = dbClient;
this.userSession = userSession;
this.support = support;
- this.defaultOrganizationProvider = defaultOrganizationProvider;
}
@Override
ensureLastAdminIsNotRemoved(dbSession, group, user);
dbClient.userGroupDao().delete(dbSession, group.getId(), user.getId());
- dbClient.userDao().updateRootFlagFromPermissions(dbSession, user.getId(), defaultOrganizationProvider.get().getUuid());
dbSession.commit();
response.noContent();
assertThat(user.getEmail()).isEqualTo("john@email.com");
assertThat(user.getExternalIdentity()).isEqualTo("johndoo");
assertThat(user.getExternalIdentityProvider()).isEqualTo("github");
+ assertThat(user.isRoot()).isFalse();
assertThat(db.users().selectGroupIdsOfUser(user)).containsOnly(defaultGroup.getId());
}
Optional<UserDto> user = db.users().selectUserByLogin(USER_LOGIN);
assertThat(user).isPresent();
+ assertThat(user.get().isRoot()).isFalse();
assertThat(db.users().selectGroupIdsOfUser(user.get())).containsOnly(group1.getId(), group2.getId());
}
assertThat(userDto.getEmail()).isEqualTo("john@email.com");
assertThat(userDto.getExternalIdentity()).isEqualTo("johndoo");
assertThat(userDto.getExternalIdentityProvider()).isEqualTo("github");
+ assertThat(userDto.isRoot()).isFalse();
}
@Test
assertThat(userDto.getEmail()).isEqualTo("john@email.com");
assertThat(userDto.getExternalIdentity()).isEqualTo("johndoo");
assertThat(userDto.getExternalIdentityProvider()).isEqualTo("github");
+ assertThat(userDto.isRoot()).isFalse();
}
@Test
assertThat(db.users().selectGroupIdsOfUser(user)).isEmpty();
}
- @Test
- public void authenticate_new_user_and_add_it_to_no_group_sets_root_flag_to_false() {
- authenticate(USER_LOGIN);
-
- db.rootFlag().verify(USER_LOGIN, false);
- }
-
- @Test
- public void authenticate_new_user_and_add_it_to_admin_group_of_default_organization_sets_root_flag_to_true() {
- GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization());
-
- authenticate(USER_LOGIN, adminGroup.getName());
-
- db.rootFlag().verify(USER_LOGIN, true);
- }
-
- @Test
- public void authenticate_new_user_and_add_it_to_admin_group_of_other_organization_does_not_set_root_flag_to_true() {
- OrganizationDto otherOrganization = db.organizations().insert();
- GroupDto adminGroup = db.users().insertAdminGroup(otherOrganization);
-
- authenticate(USER_LOGIN, adminGroup.getName());
-
- db.rootFlag().verify(USER_LOGIN, false);
- }
-
- @Test
- public void authenticate_existing_user_and_add_it_to_no_group_sets_root_flag_to_false() {
- UserDto userDto = db.users().insertUser();
-
- authenticate(userDto.getLogin());
-
- db.rootFlag().verify(userDto, false);
- }
-
- @Test
- public void authenticate_existing_user_and_add_it_to_admin_group_of_default_organization_sets_root_flag_to_true() {
- GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization());
- UserDto userDto = db.users().insertUser();
-
- authenticate(userDto.getLogin(), adminGroup.getName());
-
- db.rootFlag().verify(userDto, true);
- }
-
- @Test
- public void authenticate_existing_user_and_add_it_to_admin_group_of_other_organization_sets_root_flag_to_false() {
- OrganizationDto otherOrganization = db.organizations().insert();
- GroupDto adminGroup = db.users().insertAdminGroup(otherOrganization);
- UserDto userDto = db.users().insertUser();
-
- authenticate(userDto.getLogin(), adminGroup.getName());
-
- db.rootFlag().verify(userDto, false);
- }
-
- @Test
- public void authenticate_existing_user_and_remove_it_from_admin_group_of_default_organization_sets_root_flag_to_false() {
- GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization());
- UserDto userDto = db.users().makeRoot(db.users().insertUser());
- db.users().insertMembers(adminGroup, userDto);
-
- authenticate(userDto.getLogin());
-
- db.rootFlag().verify(userDto, false);
- }
-
- @Test
- public void authenticate_existing_user_with_user_permission_admin_on_default_organization_with_no_group_does_not_set_root_flag_to_false() {
- UserDto rootUser = db.users().insertRootByUserPermission();
-
- authenticate(rootUser.getLogin());
-
- db.rootFlag().verify(rootUser, true);
- }
-
- @Test
- public void authenticate_existing_user_with_user_permission_admin_on_default_organization_with_non_admin_groups_does_not_set_root_flag_to_false() {
- OrganizationDto otherOrganization = db.organizations().insert();
- GroupDto defaultOrgGroup = db.users().insertGroup(db.getDefaultOrganization());
- GroupDto otherOrgGroup = db.users().insertGroup(otherOrganization);
- UserDto rootUser = db.users().insertRootByUserPermission();
-
- authenticate(rootUser.getLogin(), defaultOrgGroup.getName(), otherOrgGroup.getName());
-
- db.rootFlag().verify(rootUser, true);
- }
-
- @Test
- public void authenticate_user_multiple_times_sets_root_flag_to_true_only_if_at_least_one_group_is_admin() {
- GroupDto defaultAdminGroup = db.users().insertAdminGroup(db.getDefaultOrganization(), "admin_of_default");
- GroupDto defaultSomeGroup = db.users().insertGroup(db.getDefaultOrganization(), "some_group_of_default");
- OrganizationDto otherOrganization = db.organizations().insert();
- GroupDto otherAdminGroup = db.users().insertAdminGroup(otherOrganization, "admin_of_other");
- GroupDto otherSomeGroup = db.users().insertGroup(otherOrganization, "some_group_of_other");
-
- authenticate(USER_LOGIN, defaultAdminGroup.getName(), defaultSomeGroup.getName(), otherAdminGroup.getName(), otherSomeGroup.getName());
- db.rootFlag().verify(USER_LOGIN, true);
-
- authenticate(USER_LOGIN, defaultAdminGroup.getName(), defaultSomeGroup.getName(), otherAdminGroup.getName());
- db.rootFlag().verify(USER_LOGIN, true);
-
- authenticate(USER_LOGIN, otherAdminGroup.getName(), defaultAdminGroup.getName());
- db.rootFlag().verify(USER_LOGIN, true);
-
- authenticate(USER_LOGIN, otherAdminGroup.getName());
- db.rootFlag().verify(USER_LOGIN, false);
-
- authenticate(USER_LOGIN, otherAdminGroup.getName(), otherSomeGroup.getName());
- db.rootFlag().verify(USER_LOGIN, false);
-
- authenticate(USER_LOGIN, otherAdminGroup.getName(), otherSomeGroup.getName());
- db.rootFlag().verify(USER_LOGIN, false);
-
- authenticate(USER_LOGIN, otherAdminGroup.getName(), defaultAdminGroup.getName());
- db.rootFlag().verify(USER_LOGIN, true);
-
- authenticate(USER_LOGIN, defaultSomeGroup.getName(), defaultAdminGroup.getName());
- db.rootFlag().verify(USER_LOGIN, true);
-
- authenticate(USER_LOGIN, otherSomeGroup.getName(), defaultAdminGroup.getName());
- db.rootFlag().verify(USER_LOGIN, true);
-
- authenticate(USER_LOGIN, otherSomeGroup.getName(), defaultSomeGroup.getName());
- db.rootFlag().verify(USER_LOGIN, false);
- }
-
@Test
public void ignore_groups_on_non_default_organizations() throws Exception {
OrganizationDto org = db.organizations().insert();
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
import static org.assertj.core.api.Assertions.assertThat;
@Rule
public ExpectedException expectedException = ExpectedException.none();
- private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient(), TestDefaultOrganizationProvider.from(db));
+ private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient());
private OrganizationDto org;
private GroupDto group;
private ComponentDto project;
@Rule
public ExpectedException expectedException = ExpectedException.none();
- private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);
- private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient(), defaultOrganizationProvider);
+ private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient());
private OrganizationDto org1;
private OrganizationDto org2;
private UserDto user1;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
-import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(ISSUE_ADMIN);
}
-
- @Test
- public void set_root_flag_to_true_on_all_users_in_group_when_admin_permission_to_group_of_default_organization_without_org_param() throws Exception {
- GroupDto group = db.users().insertGroup(db.getDefaultOrganization());
- UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission();
- UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission();
- UserDto notRootUser = db.users().insertUser();
- UserDto notInGroupUser = db.users().insertUser();
- db.users().insertMembers(group, rootByUserPermissionUser, rootByGroupPermissionUser, notRootUser);
- loginAsAdmin(db.getDefaultOrganization());
-
- executeRequest(group, SYSTEM_ADMIN);
-
- db.rootFlag().verify(rootByUserPermissionUser, true);
- db.rootFlag().verify(rootByGroupPermissionUser, true);
- db.rootFlag().verify(notRootUser, true);
- db.rootFlag().verifyUnchanged(notInGroupUser);
- }
-
- @Test
- public void set_root_flag_to_true_on_all_users_in_group_when_admin_permission_to_group_of_default_organization_with_org_param() throws Exception {
- GroupDto group = db.users().insertGroup(db.getDefaultOrganization());
- UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission();
- UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission();
- UserDto notRootUser = db.users().insertUser();
- UserDto notInGroupUser = db.users().insertUser();
- db.users().insertMembers(group, rootByUserPermissionUser, rootByGroupPermissionUser, notRootUser);
- loginAsAdmin(db.getDefaultOrganization());
-
- executeRequest(group, db.getDefaultOrganization(), SYSTEM_ADMIN);
-
- db.rootFlag().verify(rootByUserPermissionUser, true);
- db.rootFlag().verify(rootByGroupPermissionUser, true);
- db.rootFlag().verify(notRootUser, true);
- db.rootFlag().verifyUnchanged(notInGroupUser);
- }
-
- @Test
- public void does_not_set_root_flag_to_true_on_all_users_in_group_when_admin_permission_to_group_of_default_organization() throws Exception {
- OrganizationDto otherOrganization = db.organizations().insert();
- GroupDto group = db.users().insertGroup(otherOrganization);
- UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission();
- UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission();
- UserDto notRootUser = db.users().insertUser();
- UserDto notInGroupUser = db.users().insertUser();
- db.users().insertMembers(group, rootByUserPermissionUser, rootByGroupPermissionUser, notRootUser);
- loginAsAdmin(otherOrganization);
-
- executeRequest(group, otherOrganization, SYSTEM_ADMIN);
-
- db.rootFlag().verify(rootByUserPermissionUser, true);
- db.rootFlag().verify(rootByGroupPermissionUser, true);
- db.rootFlag().verify(notRootUser, false);
- db.rootFlag().verifyUnchanged(notInGroupUser);
- }
-
private void executeRequest(GroupDto groupDto, OrganizationDto organizationDto, String permission) throws Exception {
newRequest()
.setParam(PARAM_GROUP_NAME, groupDto.getName())
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(ISSUE_ADMIN);
}
- @Test
- public void sets_root_flag_to_true_when_adding_user_admin_permission_without_org_parameter() throws Exception {
- UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission();
- UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission();
- UserDto notRootUser = db.users().insertUser();
- loginAsAdmin(db.getDefaultOrganization());
-
- executeRequest(notRootUser, SYSTEM_ADMIN);
- db.rootFlag().verify(notRootUser, true);
- db.rootFlag().verifyUnchanged(rootByUserPermissionUser);
- db.rootFlag().verifyUnchanged(rootByGroupPermissionUser);
-
- executeRequest(rootByUserPermissionUser, SYSTEM_ADMIN);
- db.rootFlag().verify(notRootUser, true);
- db.rootFlag().verifyUnchanged(rootByUserPermissionUser); // because already has specified user permission
- db.rootFlag().verifyUnchanged(rootByGroupPermissionUser);
-
- executeRequest(rootByGroupPermissionUser, SYSTEM_ADMIN);
- db.rootFlag().verify(notRootUser, true);
- db.rootFlag().verifyUnchanged(rootByUserPermissionUser);
- db.rootFlag().verify(rootByGroupPermissionUser, true);
- }
-
- @Test
- public void sets_root_flag_to_true_when_adding_user_admin_permission_with_default_organization_uuid() throws Exception {
- UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission();
- UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission();
- UserDto notRootUser = db.users().insertUser();
- loginAsAdmin(db.getDefaultOrganization());
-
- executeRequest(notRootUser, SYSTEM_ADMIN, db.getDefaultOrganization());
- db.rootFlag().verify(notRootUser, true);
- db.rootFlag().verifyUnchanged(rootByUserPermissionUser);
- db.rootFlag().verifyUnchanged(rootByGroupPermissionUser);
-
- executeRequest(rootByUserPermissionUser, SYSTEM_ADMIN, db.getDefaultOrganization());
- db.rootFlag().verify(notRootUser, true);
- db.rootFlag().verifyUnchanged(rootByUserPermissionUser); // because already has specified user permission
- db.rootFlag().verifyUnchanged(rootByGroupPermissionUser);
-
- executeRequest(rootByGroupPermissionUser, SYSTEM_ADMIN, db.getDefaultOrganization());
- db.rootFlag().verify(notRootUser, true);
- db.rootFlag().verifyUnchanged(rootByUserPermissionUser);
- db.rootFlag().verify(rootByGroupPermissionUser, true);
- }
-
- @Test
- public void does_not_set_root_flag_when_adding_user_admin_permission_with_other_organization_uuid() throws Exception {
- OrganizationDto otherOrganization = db.organizations().insert();
- UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission();
- UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission();
- UserDto notRootUser = db.users().insertUser();
- loginAsAdmin(otherOrganization);
-
- executeRequest(notRootUser, SYSTEM_ADMIN, otherOrganization);
- db.rootFlag().verify(notRootUser, false);
- db.rootFlag().verifyUnchanged(rootByUserPermissionUser);
- db.rootFlag().verifyUnchanged(rootByGroupPermissionUser);
-
- executeRequest(rootByUserPermissionUser, SYSTEM_ADMIN, otherOrganization);
- db.rootFlag().verify(notRootUser, false);
- db.rootFlag().verify(rootByUserPermissionUser, true);
- db.rootFlag().verifyUnchanged(rootByGroupPermissionUser);
-
- executeRequest(rootByGroupPermissionUser, SYSTEM_ADMIN, otherOrganization);
- db.rootFlag().verify(notRootUser, false);
- db.rootFlag().verify(rootByUserPermissionUser, true);
- db.rootFlag().verify(rootByGroupPermissionUser, true);
- }
-
- @Test
+@Test
public void organization_parameter_must_not_be_set_on_project_permissions() {
ComponentDto project = db.components().insertProject();
loginAsAdmin(db.getDefaultOrganization());
protected PermissionUpdater newPermissionUpdater() {
return new PermissionUpdater(db.getDbClient(),
mock(PermissionIndexer.class),
- new UserPermissionChanger(db.getDbClient(), defaultOrganizationProvider),
- new GroupPermissionChanger(db.getDbClient(), defaultOrganizationProvider));
+ new UserPermissionChanger(db.getDbClient()),
+ new GroupPermissionChanger(db.getDbClient()));
}
protected TestRequest newRequest() {
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
-import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
.execute();
}
- @Test
- public void sets_root_flag_to_false_on_all_users_in_group_when_removing_admin_permission_from_group_of_default_organization_without_org_param() throws Exception {
- UserDto lastAdminUser = db.users().insertRootByUserPermission();
- GroupDto adminGroup = db.users().insertAdminGroup();
- UserDto user1 = db.users().insertRootByGroupPermission("user1", adminGroup);
- UserDto user2 = db.users().insertRootByGroupPermission("user2", adminGroup);
- loginAsAdmin(db.getDefaultOrganization());
-
- executeRequest(adminGroup, SYSTEM_ADMIN);
-
- db.rootFlag().verify(user1, false);
- db.rootFlag().verify(user2, false);
- db.rootFlag().verifyUnchanged(lastAdminUser);
- }
-
- @Test
- public void sets_root_flag_to_false_on_all_users_in_group_when_removing_admin_permission_from_group_of_default_organization_with_org_param() throws Exception {
- UserDto lastAdminUser = db.users().insertRootByUserPermission();
- GroupDto adminGroup = db.users().insertAdminGroup();
- UserDto user1 = db.users().insertRootByGroupPermission("user1", adminGroup);
- UserDto user2 = db.users().insertRootByGroupPermission("user2", adminGroup);
- loginAsAdmin(db.getDefaultOrganization());
-
- executeRequest(adminGroup, db.getDefaultOrganization(), SYSTEM_ADMIN);
-
- db.rootFlag().verify(user1, false);
- db.rootFlag().verify(user2, false);
- db.rootFlag().verifyUnchanged(lastAdminUser);
- }
-
- @Test
- public void does_not_set_root_flag_to_false_on_all_users_in_group_when_removing_admin_permission_from_group_of_other_organization() throws Exception {
- OrganizationDto otherOrganization = db.organizations().insert();
- UserDto lastAdmin = db.users().insertUser();
- db.users().insertPermissionOnUser(otherOrganization, lastAdmin, SYSTEM_ADMIN);
- GroupDto adminGroup = db.users().insertAdminGroup(otherOrganization);
- UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission();
- UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission();
- UserDto inAdminGroupUser = db.users().insertUser();
- UserDto notInGroupUser = db.users().insertUser();
- db.users().insertMembers(adminGroup, rootByUserPermissionUser, rootByGroupPermissionUser, inAdminGroupUser);
- loginAsAdmin(otherOrganization);
-
- executeRequest(adminGroup, otherOrganization, SYSTEM_ADMIN);
-
- db.rootFlag().verify(rootByUserPermissionUser, true);
- db.rootFlag().verify(rootByGroupPermissionUser, true);
- db.rootFlag().verify(inAdminGroupUser, false);
- db.rootFlag().verifyUnchanged(notInGroupUser);
- }
-
private void executeRequest(GroupDto groupDto, String permission) throws Exception {
newRequest()
.setParam(PARAM_GROUP_NAME, groupDto.getName())
import org.junit.Test;
import org.sonar.api.web.UserRole;
import org.sonar.db.component.ComponentDto;
-import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.component.ComponentTesting.newView;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
.execute();
}
- @Test
- public void sets_root_flag_to_false_when_removing_user_admin_permission_of_default_organization_without_org_parameter() throws Exception {
- UserDto lastAdminUser = db.users().insertRootByUserPermission();
- UserDto adminUser = db.users().insertRootByUserPermission();
- loginAsAdmin(db.getDefaultOrganization());
-
- executeRequest(adminUser, SYSTEM_ADMIN);
-
- db.rootFlag().verify(adminUser, false);
- }
-
- @Test
- public void sets_root_flag_to_false_when_removing_user_admin_permission_of_default_organization_with_org_parameter() throws Exception {
- UserDto lastAdminUser = db.users().insertRootByUserPermission();
- UserDto adminUser = db.users().insertRootByUserPermission();
- loginAsAdmin(db.getDefaultOrganization());
-
- executeRequest(adminUser, db.getDefaultOrganization(), SYSTEM_ADMIN);
-
- db.rootFlag().verify(adminUser, false);
- }
-
- @Test
- public void does_not_set_root_flag_to_false_when_removing_user_admin_permission_of_other_organization() throws Exception {
- UserDto rootUser = db.users().insertRootByUserPermission();
- UserDto notRootUser = db.users().insertUser();
- OrganizationDto otherOrganization = db.organizations().insert();
- db.users().insertPermissionOnUser(otherOrganization, rootUser, SYSTEM_ADMIN);
- db.users().insertPermissionOnUser(otherOrganization, notRootUser, SYSTEM_ADMIN);
- // another admin is required so that admin permission can be dropped
- UserDto anotherAdmin = db.users().insertUser();
- db.users().insertPermissionOnUser(otherOrganization, anotherAdmin, SYSTEM_ADMIN);
-
- loginAsAdmin(otherOrganization);
-
- executeRequest(rootUser, otherOrganization, SYSTEM_ADMIN);
- db.rootFlag().verify(rootUser, true);
- db.rootFlag().verifyUnchanged(notRootUser);
-
- executeRequest(notRootUser, otherOrganization, SYSTEM_ADMIN);
- db.rootFlag().verify(rootUser, true);
- db.rootFlag().verify(notRootUser, false);
- }
-
- private void executeRequest(UserDto userDto, OrganizationDto organizationDto, String permission) throws Exception {
- newRequest()
- .setParam(PARAM_USER_LOGIN, userDto.getLogin())
- .setParam(PARAM_PERMISSION, permission)
- .setParam(PARAM_ORGANIZATION, organizationDto.getKey())
- .execute();
- }
-
- private void executeRequest(UserDto userDto, String permission) throws Exception {
- newRequest()
- .setParam(PARAM_USER_LOGIN, userDto.getLogin())
- .setParam(PARAM_PERMISSION, permission)
- .execute();
- }
-
@Test
public void removing_global_permission_fails_if_not_administrator_of_organization() throws Exception {
userSession.logIn();
// exists in db
Optional<UserDto> dbUser = db.users().selectUserByLogin("john");
assertThat(dbUser).isPresent();
+ assertThat(dbUser.get().isRoot()).isFalse();
// member of default group in default organization
assertThat(db.users().selectGroupIdsOfUser(dbUser.get())).containsOnly(defaultGroupInDefaultOrg.getId());
.build());
assertThat(db.users().selectUserByLogin("john").get())
- .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity)
- .containsOnly(true, "sonarqube", "john");
+ .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity, UserDto::isRoot)
+ .containsOnly(true, "sonarqube", "john", false);
}
@Test
.build());
assertThat(db.users().selectUserByLogin("john").get())
- .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity)
- .containsOnly(false, "sonarqube", "john");
+ .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity, UserDto::isRoot)
+ .containsOnly(false, "sonarqube", "john", false);
}
@Test
assertThat(db.users().selectUserByLogin("john").get().isActive()).isTrue();
}
- @Test
- public void create_user_with_root_flag_to_false_if_default_group_is_unset() throws Exception {
- unsetDefaultGroupProperty();
- logInAsRoot();
-
- executeRequest("john");
-
- db.rootFlag().verify("john", false);
- }
-
- @Test
- public void create_user_with_root_flag_to_false_if_default_group_is_non_admin_on_default_organization() throws Exception {
- GroupDto adminGroup = db.users().insertGroup(db.getDefaultOrganization());
- setDefaultGroupProperty(adminGroup);
- logInAsRoot();
-
- executeRequest("foo");
-
- db.rootFlag().verify("foo", false);
- }
-
@Test
public void request_fails_with_ServerException_when_default_group_belongs_to_another_organization() throws Exception {
OrganizationDto otherOrganization = db.organizations().insert();
executeRequest("bar");
}
- @Test
- public void create_user_with_root_flag_to_true_if_default_group_is_admin_on_default_organization() throws Exception {
- GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization());
- setDefaultGroupProperty(adminGroup);
- logInAsRoot();
-
- executeRequest("doh");
-
- db.rootFlag().verify("doh", true);
- }
-
@Test
public void fail_when_missing_login() throws Exception {
logInAsRoot();
executeRequest("john");
}
- private void unsetDefaultGroupProperty() {
- settings.setProperty("sonar.defaultGroup", (String) null);
- }
-
private void setDefaultGroupProperty(GroupDto adminGroup) {
settings.setProperty("sonar.defaultGroup", adminGroup.getName());
}
@Before
public void setUp() {
- ws = new WsTester(new UserGroupsWs(new AddUserAction(db.getDbClient(), userSession, newGroupWsSupport(), defaultOrganizationProvider)));
+ ws = new WsTester(new UserGroupsWs(new AddUserAction(db.getDbClient(), userSession, newGroupWsSupport())));
}
@Test
executeRequest(group, user);
}
- @Test
- public void set_root_flag_to_true_when_adding_user_to_group_of_default_organization_with_admin_permission() throws Exception {
- GroupDto group = db.users().insertAdminGroup();
- UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser("falselyRootUser"));
- UserDto notRootUser = db.users().insertUser("notRootUser");
- loginAsAdminOnDefaultOrganization();
-
- executeRequest(group, falselyRootUser);
- verifyUserInGroup(falselyRootUser, group);
- db.rootFlag().verify(falselyRootUser, true);
- verifyUserNotInGroup(notRootUser, group);
- db.rootFlag().verifyUnchanged(notRootUser);
-
- executeRequest(group, notRootUser);
- verifyUserInGroup(falselyRootUser, group);
- db.rootFlag().verify(falselyRootUser, true);
- verifyUserInGroup(notRootUser, group);
- db.rootFlag().verify(notRootUser, true);
- }
-
- @Test
- public void does_not_set_root_flag_to_true_when_adding_user_to_group_of_other_organization_with_admin_permission() throws Exception {
- OrganizationDto otherOrganization = db.organizations().insert();
- GroupDto group = db.users().insertAdminGroup(otherOrganization);
- UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser("falselyRootUser"));
- UserDto notRootUser = db.users().insertUser("notRootUser");
- loginAsAdmin(otherOrganization);
-
- executeRequest(group, falselyRootUser);
- verifyUserInGroup(falselyRootUser, group);
- db.rootFlag().verify(falselyRootUser, false);
- verifyUserNotInGroup(notRootUser, group);
- db.rootFlag().verifyUnchanged(notRootUser);
-
- executeRequest(group, notRootUser);
- verifyUserInGroup(falselyRootUser, group);
- db.rootFlag().verify(falselyRootUser, false);
- verifyUserInGroup(notRootUser, group);
- db.rootFlag().verify(notRootUser, false);
- }
-
private void executeRequest(GroupDto groupDto, UserDto userDto) throws Exception {
newRequest()
.setParam("id", groupDto.getId().toString())
return new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider);
}
- private void verifyUserInGroup(UserDto userDto, GroupDto groupDto) {
- assertThat(isUserInGroup(userDto, groupDto))
- .as("user '%s' is a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid())
- .isTrue();
- }
-
- private void verifyUserNotInGroup(UserDto userDto, GroupDto groupDto) {
- assertThat(isUserInGroup(userDto, groupDto))
- .as("user '%s' is not a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid())
- .isFalse();
- }
-
private boolean isUserInGroup(UserDto userDto, GroupDto groupDto) {
List<UserMembershipDto> members = db.getDbClient().groupMembershipDao()
.selectMembers(db.getSession(), UserMembershipQuery.builder().groupId(groupDto.getId()).membership(UserMembershipQuery.IN).build(), 0, Integer.MAX_VALUE);
assertThat(db.users().selectGroupPermissions(adminGroup2, null)).hasSize(1);
}
- @Test
- public void deleting_a_group_of_default_organization_with_admin_permissions_updates_root_flag_of_its_members() throws Exception {
- UserDto rootByUserPermission1 = db.users().insertRootByUserPermission("root1");
- UserDto rootByUserPermission2 = db.users().insertRootByUserPermission("root2");
- UserDto rootByUserPermission3 = db.users().insertRootByUserPermission("root3");
- GroupDto adminGroup1 = db.users().insertAdminGroup(db.getDefaultOrganization());
- GroupDto adminGroup2 = db.users().insertAdminGroup(db.getDefaultOrganization());
- // member of admin group 1
- UserDto rootByGroupPermission1 = db.users().insertRootByGroupPermission(adminGroup1);
- UserDto rootByGroupPermission2 = db.users().insertRootByGroupPermission(adminGroup1);
- db.users().insertMembers(adminGroup1, rootByUserPermission1);
- db.users().insertMembers(adminGroup1, rootByUserPermission3);
- // members of admin group 2
- UserDto rootByGroupPermission3 = db.users().insertRootByGroupPermission(adminGroup2);
- db.users().insertMembers(adminGroup2, rootByUserPermission2);
- db.users().insertMembers(adminGroup2, rootByUserPermission3);
- db.users().insertMembers(adminGroup2, rootByGroupPermission2);
- loginAsAdmin(db.getDefaultOrganization());
-
- executeDeleteGroupRequest(adminGroup1);
- db.rootFlag().verify(rootByUserPermission1, true);
- db.rootFlag().verifyUnchanged(rootByUserPermission2);
- db.rootFlag().verify(rootByUserPermission3, true);
- db.rootFlag().verify(rootByGroupPermission1, false);
- db.rootFlag().verify(rootByGroupPermission2, true);
- db.rootFlag().verifyUnchanged(rootByGroupPermission3);
-
- executeDeleteGroupRequest(adminGroup2);
- db.rootFlag().verify(rootByUserPermission1, true);
- db.rootFlag().verify(rootByUserPermission2, true);
- db.rootFlag().verify(rootByUserPermission3, true);
- db.rootFlag().verify(rootByGroupPermission1, false);
- db.rootFlag().verify(rootByGroupPermission2, false);
- db.rootFlag().verify(rootByGroupPermission3, false);
- }
-
- @Test
- public void deleting_a_group_of_other_organization_with_admin_permissions_does_not_update_root_flag_of_its_members() throws Exception {
- OrganizationDto otherOrganization = db.organizations().insert();
- UserDto rootByUserPermission1 = db.users().insertRootByUserPermission("root1");
- UserDto rootByUserPermission2 = db.users().insertRootByUserPermission("root2");
- UserDto rootByUserPermission3 = db.users().insertRootByUserPermission("root3");
- db.users().insertPermissionOnUser(otherOrganization, rootByUserPermission1, SYSTEM_ADMIN);
- db.users().insertPermissionOnUser(otherOrganization, rootByUserPermission2, SYSTEM_ADMIN);
- db.users().insertPermissionOnUser(otherOrganization, rootByUserPermission3, SYSTEM_ADMIN);
- GroupDto adminGroup1 = db.users().insertAdminGroup(otherOrganization);
- GroupDto adminGroup2 = db.users().insertAdminGroup(otherOrganization);
- // member of admin group 1
- UserDto falselyRootByGroupPermission1 = db.users().makeRoot(db.users().insertUser());
- UserDto falselyRootByGroupPermission2 = db.users().makeRoot(db.users().insertUser());
- db.users().insertMembers(adminGroup1, falselyRootByGroupPermission1);
- db.users().insertMembers(adminGroup1, falselyRootByGroupPermission2);
- db.users().insertMembers(adminGroup1, rootByUserPermission1);
- db.users().insertMembers(adminGroup1, rootByUserPermission3);
- // members of admin group 2
- UserDto falselyRootByGroupPermission3 = db.users().makeRoot(db.users().insertUser());
- db.users().insertMembers(adminGroup2, falselyRootByGroupPermission3);
- db.users().insertMembers(adminGroup2, rootByUserPermission2);
- db.users().insertMembers(adminGroup2, rootByUserPermission3);
- db.users().insertMembers(adminGroup2, falselyRootByGroupPermission2);
- loginAsAdmin(otherOrganization);
-
- executeDeleteGroupRequest(adminGroup1);
- db.rootFlag().verify(rootByUserPermission1, true);
- db.rootFlag().verifyUnchanged(rootByUserPermission2);
- db.rootFlag().verify(rootByUserPermission3, true);
- db.rootFlag().verify(falselyRootByGroupPermission1, false);
- db.rootFlag().verify(falselyRootByGroupPermission2, false);
- db.rootFlag().verifyUnchanged(falselyRootByGroupPermission3);
-
- executeDeleteGroupRequest(adminGroup2);
- db.rootFlag().verify(rootByUserPermission1, true);
- db.rootFlag().verify(rootByUserPermission2, true);
- db.rootFlag().verify(rootByUserPermission3, true);
- db.rootFlag().verify(falselyRootByGroupPermission1, false);
- db.rootFlag().verify(falselyRootByGroupPermission2, false);
- db.rootFlag().verify(falselyRootByGroupPermission3, false);
- }
-
private WsTester.Result executeDeleteGroupRequest(GroupDto adminGroup1) throws Exception {
return newRequest()
.setParam(PARAM_GROUP_ID, adminGroup1.getId().toString())
*/
package org.sonar.server.usergroups.ws;
-import java.util.List;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
-import org.sonar.db.user.UserMembershipDto;
-import org.sonar.db.user.UserMembershipQuery;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
@Before
public void setUp() {
GroupWsSupport groupSupport = new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider);
- ws = new WsTester(new UserGroupsWs(new RemoveUserAction(db.getDbClient(), userSession, groupSupport, defaultOrganizationProvider)));
+ ws = new WsTester(new UserGroupsWs(new RemoveUserAction(db.getDbClient(), userSession, groupSupport)));
}
@Test
.execute();
}
- @Test
- public void sets_root_flag_to_false_when_removing_user_from_group_of_default_organization_with_admin_permission() throws Exception {
- // keep an administrator
- insertAnAdministratorInDefaultOrganization();
-
- GroupDto adminGroup = db.users().insertAdminGroup();
- UserDto user1 = db.users().insertRootByGroupPermission("user1", adminGroup);
- UserDto user2 = db.users().insertRootByGroupPermission("user2", adminGroup);
- loginAsAdminOnDefaultOrganization();
-
- executeRequest(adminGroup, user1);
- verifyUserNotInGroup(user1, adminGroup);
- verifyRootFlagUpdated(user1, false);
- verifyUserInGroup(user2, adminGroup);
- verifyUnchanged(user2);
-
- executeRequest(adminGroup, user2);
- verifyUserNotInGroup(user1, adminGroup);
- verifyRootFlag(user1, false);
- verifyUserNotInGroup(user2, adminGroup);
- verifyRootFlagUpdated(user2, false);
- }
-
- @Test
- public void does_not_set_root_flag_to_false_when_removing_user_from_group_of_default_organization_and_user_is_admin_of_default_organization_another_way()
- throws Exception {
- GroupDto adminGroup1 = db.users().insertAdminGroup();
- UserDto adminUserByUserPermission = db.users().insertRootByUserPermission("adminUserByUserPermission");
- UserDto adminUserByTwoGroups = db.users().insertRootByGroupPermission("adminUserByTwoGroups", adminGroup1);
- UserDto adminUserBySingleGroup = db.users().insertUser("adminUserBySingleGroup");
- GroupDto adminGroup2 = db.users().insertAdminGroup();
- db.users().insertMembers(adminGroup2, adminUserByUserPermission, adminUserByTwoGroups, adminUserBySingleGroup);
- loginAsAdminOnDefaultOrganization();
-
- executeRequest(adminGroup2, adminUserByUserPermission);
- verifyUserNotInGroup(adminUserByUserPermission, adminGroup2);
- verifyRootFlagUpdated(adminUserByUserPermission, true);
- verifyUserInGroup(adminUserByTwoGroups, adminGroup2);
- verifyUserInGroup(adminUserByTwoGroups, adminGroup1);
- verifyUnchanged(adminUserByTwoGroups);
- verifyUserInGroup(adminUserBySingleGroup, adminGroup2);
- verifyUnchanged(adminUserBySingleGroup);
-
- executeRequest(adminGroup2, adminUserByTwoGroups);
- verifyUserNotInGroup(adminUserByUserPermission, adminGroup2);
- verifyRootFlag(adminUserByUserPermission, true);
- verifyUserNotInGroup(adminUserByTwoGroups, adminGroup2);
- verifyUserInGroup(adminUserByTwoGroups, adminGroup1);
- verifyRootFlagUpdated(adminUserByTwoGroups, true);
- verifyUserInGroup(adminUserBySingleGroup, adminGroup2);
- verifyUnchanged(adminUserBySingleGroup);
-
- executeRequest(adminGroup2, adminUserBySingleGroup);
- verifyUserNotInGroup(adminUserByUserPermission, adminGroup2);
- verifyRootFlag(adminUserByUserPermission, true);
- verifyUserNotInGroup(adminUserByTwoGroups, adminGroup2);
- verifyUserInGroup(adminUserByTwoGroups, adminGroup1);
- verifyRootFlagUpdated(adminUserByTwoGroups, true);
- verifyUserNotInGroup(adminUserBySingleGroup, adminGroup2);
- verifyRootFlagUpdated(adminUserBySingleGroup, false);
- }
-
@Test
public void throw_ForbiddenException_if_not_administrator_of_organization() throws Exception {
OrganizationDto org = db.organizations().insert();
.execute();
}
- private void executeRequest(GroupDto group, UserDto user) throws Exception {
- newRequest()
- .setParam("id", group.getId().toString())
- .setParam("login", user.getLogin())
- .execute();
- }
-
private WsTester.TestRequest newRequest() {
return ws.newPostRequest("api/user_groups", "remove_user");
}
userSession.logIn("admin").addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN);
}
- private void verifyUnchanged(UserDto user) {
- db.rootFlag().verifyUnchanged(user);
- }
-
- private void verifyRootFlagUpdated(UserDto userDto, boolean root) {
- db.rootFlag().verify(userDto, root);
- }
-
- private void verifyRootFlag(UserDto userDto, boolean root) {
- db.rootFlag().verify(userDto, root);
- }
-
- private void verifyUserInGroup(UserDto userDto, GroupDto groupDto) {
- assertThat(isUserInGroup(userDto, groupDto))
- .as("user '%s' is a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid())
- .isTrue();
- }
-
- private void verifyUserNotInGroup(UserDto userDto, GroupDto groupDto) {
- assertThat(isUserInGroup(userDto, groupDto))
- .as("user '%s' is not a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid())
- .isFalse();
- }
-
- private boolean isUserInGroup(UserDto userDto, GroupDto groupDto) {
- List<UserMembershipDto> members = db.getDbClient().groupMembershipDao()
- .selectMembers(db.getSession(), UserMembershipQuery.builder().groupId(groupDto.getId()).membership(UserMembershipQuery.IN).build(), 0, Integer.MAX_VALUE);
- return members
- .stream()
- .anyMatch(dto -> dto.getLogin().equals(userDto.getLogin()));
- }
-
private UserDto insertAnAdministratorInDefaultOrganization() {
return db.users().insertAdminByUserPermission(db.getDefaultOrganization());
}
return mapper(dbSession).selectByOrganizationUuid(organizationUuid);
}
- /**
- * Ensures all users of the specified group have its root flag set or unset depending on whether each of them have the
- * 'admin' permission in the default organization or not.
- */
- public void updateRootFlagOfUsersInGroupFromPermissions(DbSession dbSession, long groupId, String defaultOrganizationUuid) {
- long now = system.now();
- GroupMapper mapper = mapper(dbSession);
- mapper.updateRootUsersOfGroup(groupId, defaultOrganizationUuid, now);
- mapper.updateNonRootUsersOfGroup(groupId, defaultOrganizationUuid, now);
- }
-
private static GroupMapper mapper(DbSession session) {
return session.getMapper(GroupMapper.class);
}
List<GroupDto> selectByOrganizationUuid(@Param("organizationUuid") String organizationUuid);
- int updateRootUsersOfGroup(@Param("groupId") long groupId,
- @Param("defaultOrganizationUuid") String defaultOrganizationUuid,
- @Param("now") long now);
-
- int updateNonRootUsersOfGroup(@Param("groupId") long groupId,
- @Param("defaultOrganizationUuid") String defaultOrganizationUuid,
- @Param("now") long now);
-
List<GroupDto> selectByIds(@Param("ids") List<Long> ids);
}
return mapper(dbSession).countByEmail(email.toLowerCase(Locale.ENGLISH)) > 0;
}
- /**
- * Ensures the specified user has its root flag set or unset depending on whether the user has the 'admin' permission
- * in the default organization or not.
- */
- public void updateRootFlagFromPermissions(DbSession dbSession, long userId, String defaultOrganizationUuid) {
- long now = system2.now();
- UserMapper mapper = mapper(dbSession);
- mapper.updateRootUser(userId, defaultOrganizationUuid, now);
- mapper.updateNonRootUser(userId, defaultOrganizationUuid, now);
- }
-
protected UserMapper mapper(DbSession session) {
return session.getMapper(UserMapper.class);
}
void deactivateUser(@Param("id") long userId, @Param("now") long now);
- int updateRootUser(@Param("userId") long userId, @Param("defaultOrganizationUuid") String defaultOrganizationUuid, @Param("now") long now);
-
- int updateNonRootUser(@Param("userId") long userId, @Param("defaultOrganizationUuid") String defaultOrganizationUuid, @Param("now") long now);
-
}
order by upper(g.name)
</select>
- <update id="updateRootUsersOfGroup">
- update users u set
- is_root = ${_true},
- updated_at = #{now,jdbcType=BIGINT}
- where
- u.id in (<include refid="userIdsForGroupId"/>)
- and exists (
- <include refid="userPermissionAdminInDefaultOrganizationForUser"/>
- union
- <include refid="groupPermissionAdminInDefaultOrganizationForUser"/>
- )
- </update>
-
- <update id="updateRootUsersOfGroup" databaseId="mssql">
- update u set
- is_root = ${_true},
- updated_at = #{now,jdbcType=BIGINT}
- from users u
- where
- u.id in (<include refid="userIdsForGroupId"/>)
- and exists (
- <include refid="userPermissionAdminInDefaultOrganizationForUser"/>
- union
- <include refid="groupPermissionAdminInDefaultOrganizationForUser"/>
- )
- </update>
-
- <update id="updateNonRootUsersOfGroup">
- update users u set
- is_root = ${_false},
- updated_at = #{now,jdbcType=BIGINT}
- where
- u.id in (<include refid="userIdsForGroupId"/>)
- and not exists (
- <include refid="userPermissionAdminInDefaultOrganizationForUser"/>
- union
- <include refid="groupPermissionAdminInDefaultOrganizationForUser"/>
- )
- </update>
-
- <update id="updateNonRootUsersOfGroup" databaseId="mssql">
- update u set
- is_root = ${_false},
- updated_at = #{now,jdbcType=BIGINT}
- from users u
- where
- u.id in (<include refid="userIdsForGroupId"/>)
- and not exists (
- <include refid="userPermissionAdminInDefaultOrganizationForUser"/>
- union
- <include refid="groupPermissionAdminInDefaultOrganizationForUser"/>
- )
- </update>
-
- <sql id="userIdsForGroupId">
- select
- gu.user_id
- from
- groups_users gu
- where
- gu.group_id = #{groupId,jdbcType=BIGINT}
- </sql>
-
- <sql id="userPermissionAdminInDefaultOrganizationForUser">
- select
- 1
- from
- user_roles ur
- where
- ur.user_id = u.id
- and ur.role = 'admin'
- and ur.resource_id is null
- and ur.organization_uuid = #{defaultOrganizationUuid,jdbcType=VARCHAR}
- </sql>
-
- <sql id="groupPermissionAdminInDefaultOrganizationForUser">
- select
- 1
- from
- groups_users gu,
- group_roles gr
- where
- gu.user_id = u.id
- and gu.group_id = gr.group_id
- and gr.role = 'admin'
- and gr.resource_id is null
- and gr.organization_uuid = #{defaultOrganizationUuid,jdbcType=VARCHAR}
- </sql>
</mapper>
login = #{login}
</insert>
- <update id="updateRootUser">
- update users u set
- is_root = ${_true},
- updated_at = #{now,jdbcType=BIGINT}
- where
- u.id = #{userId,jdbcType=BIGINT}
- and exists (
- <include refid="userPermissionAdminInDefaultOrganizationForUser"/>
- union
- <include refid="groupPermissionAdminInDefaultOrganizationForUser"/>
- )
- </update>
-
- <update id="updateRootUser" databaseId="mssql">
- update u set
- is_root = ${_true},
- updated_at = #{now,jdbcType=BIGINT}
- from users u
- where
- u.id = #{userId,jdbcType=BIGINT}
- and exists (
- <include refid="userPermissionAdminInDefaultOrganizationForUser"/>
- union
- <include refid="groupPermissionAdminInDefaultOrganizationForUser"/>
- )
- </update>
-
- <update id="updateNonRootUser">
- update users u set
- is_root = ${_false},
- updated_at = #{now,jdbcType=BIGINT}
- where
- u.id = #{userId,jdbcType=BIGINT}
- and not exists (
- <include refid="userPermissionAdminInDefaultOrganizationForUser"/>
- union
- <include refid="groupPermissionAdminInDefaultOrganizationForUser"/>
- )
- </update>
-
- <update id="updateNonRootUser" databaseId="mssql">
- update u set
- is_root = ${_false},
- updated_at = #{now,jdbcType=BIGINT}
- from users u
- where
- u.id = #{userId,jdbcType=BIGINT}
- and not exists (
- <include refid="userPermissionAdminInDefaultOrganizationForUser"/>
- union
- <include refid="groupPermissionAdminInDefaultOrganizationForUser"/>
- )
- </update>
-
- <sql id="userPermissionAdminInDefaultOrganizationForUser">
- select
- 1
- from
- user_roles ur
- where
- ur.user_id = u.id
- and ur.role = 'admin'
- and ur.resource_id is null
- and ur.organization_uuid = #{defaultOrganizationUuid,jdbcType=VARCHAR}
- </sql>
-
- <sql id="groupPermissionAdminInDefaultOrganizationForUser">
- select
- 1
- from
- groups_users gu,
- group_roles gr
- where
- gu.user_id = u.id
- and gu.group_id = gr.group_id
- and gr.role = 'admin'
- and gr.resource_id is null
- and gr.organization_uuid = #{defaultOrganizationUuid,jdbcType=VARCHAR}
- </sql>
-
</mapper>
import org.sonar.db.organization.OrganizationDto;
import static java.util.Arrays.asList;
-import static java.util.Arrays.stream;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.user.GroupTesting.newGroupDto;
public class GroupDaoTest {
.setKey("an-org")
.setName("An Org")
.setUuid("abcde");
- private static final long DATE_1 = 8_776_543L;
- private static final long DATE_2 = 4_776_898L;
private System2 system2 = mock(System2.class);
assertThat(db.countRowsOfTable(dbSession, "groups")).isEqualTo(0);
}
- @Test
- public void updateRootFlagOfUsersInGroupFromPermissions_sets_root_flag_to_false_if_users_have_no_permission_at_all() {
- UserDto[] usersInGroup1 = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- UserDto[] usersInGroup2 = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- UserDto[] usersNotInGroup = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- GroupDto group1 = db.users().insertGroup();
- stream(usersInGroup1).forEach(user -> db.users().insertMember(group1, user));
- GroupDto group2 = db.users().insertGroup();
- stream(usersInGroup2).forEach(user -> db.users().insertMember(group2, user));
-
- call_updateRootFlagFromPermissions(group1, DATE_1);
- stream(usersInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1));
- stream(usersInGroup2).forEach(db.rootFlag()::verifyUnchanged);
- stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged);
-
- call_updateRootFlagFromPermissions(group2, DATE_2);
- stream(usersInGroup2).forEach(user -> db.rootFlag().verify(user, false, DATE_2));
- stream(usersInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1));
- stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged);
- }
-
- @Test
- public void updateRootFlagOfUsersInGroupFromPermissions_sets_root_flag_to_true_if_users_has_admin_user_permission_on_default_organization() {
- UserDto[] usersWithAdminInGroup1 = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser(),
- };
- UserDto[] usersWithoutAdminInGroup1 = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser(),
- };
- UserDto[] usersWithAdminInGroup2 = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- UserDto[] usersWithoutAdminInGroup2 = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- UserDto[] usersNotInGroup = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- GroupDto group1 = db.users().insertGroup();
- stream(usersWithAdminInGroup1).forEach(user -> db.users().insertMember(group1, user));
- stream(usersWithoutAdminInGroup1).forEach(user -> db.users().insertMember(group1, user));
- stream(usersWithAdminInGroup1).forEach(user -> db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SYSTEM_ADMIN));
- GroupDto group2 = db.users().insertGroup();
- stream(usersWithAdminInGroup2).forEach(user -> db.users().insertMember(group2, user));
- stream(usersWithoutAdminInGroup2).forEach(user -> db.users().insertMember(group2, user));
- stream(usersWithAdminInGroup2).forEach(user -> db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SYSTEM_ADMIN));
-
- call_updateRootFlagFromPermissions(group1, DATE_1);
- stream(usersWithAdminInGroup1).forEach(user -> db.rootFlag().verify(user, true, DATE_1));
- stream(usersWithoutAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1));
- stream(usersWithAdminInGroup2).forEach(db.rootFlag()::verifyUnchanged);
- stream(usersWithoutAdminInGroup2).forEach(db.rootFlag()::verifyUnchanged);
- stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged);
-
- call_updateRootFlagFromPermissions(group2, DATE_2);
- stream(usersWithAdminInGroup1).forEach(user -> db.rootFlag().verify(user, true, DATE_1));
- stream(usersWithoutAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1));
- stream(usersWithAdminInGroup2).forEach(user -> db.rootFlag().verify(user, true, DATE_2));
- stream(usersWithoutAdminInGroup2).forEach(user -> db.rootFlag().verify(user, false, DATE_2));
- stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged);
- }
-
- @Test
- public void updateRootFlagOfUsersInGroupFromPermissions_ignores_permissions_on_anyone_on_default_organization() {
- UserDto[] usersWithAdminInGroup1 = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser(),
- };
- UserDto[] usersWithoutAdminInGroup1 = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser(),
- };
- UserDto[] usersWithAdminInGroup2 = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- UserDto[] usersWithoutAdminInGroup2 = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- UserDto[] usersNotInGroup = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- GroupDto group1 = db.users().insertGroup();
- stream(usersWithAdminInGroup1).forEach(user -> db.users().insertMember(group1, user));
- stream(usersWithoutAdminInGroup1).forEach(user -> db.users().insertMember(group1, user));
- GroupDto group2 = db.users().insertGroup();
- stream(usersWithAdminInGroup2).forEach(user -> db.users().insertMember(group2, user));
- stream(usersWithoutAdminInGroup2).forEach(user -> db.users().insertMember(group2, user));
- db.users().insertPermissionOnAnyone(db.getDefaultOrganization(), SYSTEM_ADMIN);
-
- call_updateRootFlagFromPermissions(group1, DATE_1);
- stream(usersWithAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1));
- stream(usersWithoutAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1));
- stream(usersWithAdminInGroup2).forEach(db.rootFlag()::verifyUnchanged);
- stream(usersWithoutAdminInGroup2).forEach(db.rootFlag()::verifyUnchanged);
- stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged);
-
- call_updateRootFlagFromPermissions(group2, DATE_2);
- stream(usersWithAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1));
- stream(usersWithoutAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1));
- stream(usersWithAdminInGroup2).forEach(user -> db.rootFlag().verify(user, false, DATE_2));
- stream(usersWithoutAdminInGroup2).forEach(user -> db.rootFlag().verify(user, false, DATE_2));
- stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged);
- }
-
- @Test
- public void updateRootFlagOfUsersInGroupFromPermissions_ignores_permissions_on_anyone_on_other_organization() {
- UserDto[] usersInGroup = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser(),
- };
- UserDto[] usersInOtherGroup = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- UserDto[] usersNotInGroup = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- GroupDto group = db.users().insertGroup();
- stream(usersInGroup).forEach(user -> db.users().insertMember(group, user));
- OrganizationDto otherOrganization = db.organizations().insert();
- GroupDto otherGroup = db.users().insertGroup(otherOrganization);
- stream(usersInOtherGroup).forEach(user -> db.users().insertMember(otherGroup, user));
- db.users().insertPermissionOnAnyone(otherOrganization, SYSTEM_ADMIN);
-
- call_updateRootFlagFromPermissions(group, DATE_1);
- stream(usersInGroup).forEach(user -> db.rootFlag().verify(user, false, DATE_1));
- stream(usersInOtherGroup).forEach(db.rootFlag()::verifyUnchanged);
- stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged);
-
- call_updateRootFlagFromPermissions(otherGroup, DATE_2);
- stream(usersInGroup).forEach(user -> db.rootFlag().verify(user, false, DATE_1));
- stream(usersInOtherGroup).forEach(user -> db.rootFlag().verify(user, false, DATE_2));
- stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged);
- }
-
- @Test
- public void updateRootFlagOfUsersInGroupFromPermissions_set_root_flag_to_false_on_users_of_group_of_non_default_organization() {
- UserDto[] nonAdminUsers = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser()
- };
- UserDto[] adminPerUserPermissionUsers = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser() // incorrectly not root
- };
- UserDto[] adminPerGroupPermissionUsers = {
- db.users().makeRoot(db.users().insertUser()),
- db.users().insertUser() // incorrectly not root
- };
- OrganizationDto otherOrganization = db.organizations().insert();
- GroupDto nonAdminGroup = db.users().insertGroup(otherOrganization);
- db.users().insertMembers(nonAdminGroup, nonAdminUsers);
- db.users().insertMembers(nonAdminGroup, adminPerUserPermissionUsers);
- stream(adminPerUserPermissionUsers).forEach(user -> db.users().insertPermissionOnUser(otherOrganization, user, SYSTEM_ADMIN));
- GroupDto adminGroup = db.users().insertAdminGroup(otherOrganization);
- db.users().insertMembers(adminGroup, adminPerGroupPermissionUsers);
-
- call_updateRootFlagFromPermissions(nonAdminGroup, DATE_2);
- stream(nonAdminUsers).forEach(user -> db.rootFlag().verify(user, false, DATE_2));
- stream(adminPerUserPermissionUsers).forEach(user -> db.rootFlag().verify(user, false, DATE_2));
- stream(adminPerGroupPermissionUsers).forEach(db.rootFlag()::verifyUnchanged);
-
- call_updateRootFlagFromPermissions(adminGroup, DATE_1);
- stream(nonAdminUsers).forEach(user -> db.rootFlag().verify(user, false, DATE_2));
- stream(adminPerUserPermissionUsers).forEach(user -> db.rootFlag().verify(user, false, DATE_2));
- stream(adminPerGroupPermissionUsers).forEach(user -> db.rootFlag().verify(user, false, DATE_1));
- }
-
@Test
public void deleteByOrganization_does_not_fail_when_table_is_empty() {
underTest.deleteByOrganization(dbSession, "some uuid");
.extracting(row -> (String) row.get("organizationUuid"))
.containsOnly(organizationUuids);
}
-
- private void call_updateRootFlagFromPermissions(GroupDto groupDto, long now) {
- when(system2.now()).thenReturn(now);
- underTest.updateRootFlagOfUsersInGroupFromPermissions(db.getSession(), groupDto.getId(), db.getDefaultOrganization().getUuid());
- db.commit();
- }
}
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.RowNotFoundException;
-import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.property.PropertyDto;
import org.sonar.db.property.PropertyQuery;
import static org.junit.Assert.fail;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.user.GroupMembershipQuery.IN;
import static org.sonar.db.user.GroupMembershipQuery.builder;
import static org.sonar.db.user.GroupTesting.newGroupDto;
public class UserDaoTest {
private static final long NOW = 1_500_000_000_000L;
- private static final long DATE_1 = 1_222_001L;
- private static final long DATE_2 = 4_333_555L;
private System2 system2 = mock(System2.class);
assertThat(underTest.selectByLogin(session, inactiveRootUser.getLogin()).isRoot()).isTrue();
}
- @Test
- public void updateRootFlagFromPermissions_sets_root_flag_to_false_if_user_has_no_permission_at_all() {
- UserDto rootUser = db.users().makeRoot(db.users().insertUser());
- UserDto notRootUser = db.users().insertUser();
-
- call_updateRootFlagFromPermissions(rootUser, DATE_1);
- db.rootFlag().verify(rootUser, false, DATE_1);
- db.rootFlag().verify(notRootUser, false, notRootUser.getUpdatedAt());
-
- call_updateRootFlagFromPermissions(notRootUser, DATE_2);
- db.rootFlag().verify(rootUser, false, DATE_1);
- db.rootFlag().verify(notRootUser, false, DATE_2);
- }
-
- @Test
- public void updateRootFlagFromPermissions_sets_root_flag_to_true_if_user_has_admin_user_permission_on_default_organization() {
- UserDto rootUser = db.users().insertRootByUserPermission();
- UserDto incorrectlyNotRootUser = db.users().insertUser();
- db.users().insertPermissionOnUser(db.getDefaultOrganization(), incorrectlyNotRootUser, SYSTEM_ADMIN);
-
- call_updateRootFlagFromPermissions(rootUser, DATE_1);
- db.rootFlag().verify(rootUser, true, DATE_1);
- db.rootFlag().verify(incorrectlyNotRootUser, false, incorrectlyNotRootUser.getUpdatedAt());
-
- call_updateRootFlagFromPermissions(incorrectlyNotRootUser, DATE_2);
- db.rootFlag().verify(rootUser, true, DATE_1);
- db.rootFlag().verify(incorrectlyNotRootUser, true, DATE_2);
- }
-
- @Test
- public void updateRootFlagFromPermissions_ignores_permissions_on_anyone_on_default_organization() {
- UserDto rootUser = db.users().makeRoot(db.users().insertUser());
- UserDto incorrectlyNotRootUser = db.users().insertUser();
- db.users().insertPermissionOnAnyone(db.getDefaultOrganization(), SYSTEM_ADMIN);
-
- call_updateRootFlagFromPermissions(rootUser, DATE_1);
- db.rootFlag().verify(rootUser, false, DATE_1);
- db.rootFlag().verify(incorrectlyNotRootUser, false, incorrectlyNotRootUser.getUpdatedAt());
-
- call_updateRootFlagFromPermissions(incorrectlyNotRootUser, DATE_2);
- db.rootFlag().verify(rootUser, false, DATE_1);
- db.rootFlag().verify(incorrectlyNotRootUser, false, DATE_2);
- }
-
- @Test
- public void updateRootFlagFromPermissions_ignores_permissions_on_anyone_on_other_organization() {
- UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser());
- UserDto notRootUser = db.users().insertUser();
- OrganizationDto otherOrganization = db.organizations().insert();
- db.users().insertPermissionOnAnyone(otherOrganization, SYSTEM_ADMIN);
-
- call_updateRootFlagFromPermissions(falselyRootUser, DATE_2);
- db.rootFlag().verify(falselyRootUser, false, DATE_2);
- db.rootFlag().verify(notRootUser, false, notRootUser.getUpdatedAt());
-
- call_updateRootFlagFromPermissions(notRootUser, DATE_1);
- db.rootFlag().verify(falselyRootUser, false, DATE_2);
- db.rootFlag().verify(notRootUser, false, DATE_1);
- }
-
- @Test
- public void updateRootFlagFromPermissions_sets_root_flag_to_false_if_user_has_admin_user_permission_on_other_organization() {
- UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser());
- UserDto notRootUser = db.users().insertUser();
- OrganizationDto otherOrganization = db.organizations().insert();
- db.users().insertPermissionOnUser(otherOrganization, falselyRootUser, SYSTEM_ADMIN);
- db.users().insertPermissionOnUser(otherOrganization, notRootUser, SYSTEM_ADMIN);
-
- call_updateRootFlagFromPermissions(falselyRootUser, DATE_1);
- db.rootFlag().verify(falselyRootUser, false, DATE_1);
- db.rootFlag().verify(notRootUser, false, notRootUser.getUpdatedAt());
-
- call_updateRootFlagFromPermissions(notRootUser, DATE_2);
- db.rootFlag().verify(falselyRootUser, false, DATE_1);
- db.rootFlag().verify(notRootUser, false, DATE_2);
- }
-
- @Test
- public void updateRootFlagFromPermissions_sets_root_flag_to_true_if_user_has_admin_group_permission_on_default_organization() {
- UserDto rootUser = db.users().makeRoot(db.users().insertUser());
- UserDto incorrectlyNotRootUser = db.users().insertUser();
- GroupDto groupDto = db.users().insertAdminGroup(db.getDefaultOrganization());
- db.users().insertMembers(groupDto, rootUser, incorrectlyNotRootUser);
-
- call_updateRootFlagFromPermissions(rootUser, DATE_1);
- db.rootFlag().verify(rootUser, true, DATE_1);
- db.rootFlag().verify(incorrectlyNotRootUser, false, incorrectlyNotRootUser.getUpdatedAt());
-
- call_updateRootFlagFromPermissions(incorrectlyNotRootUser, DATE_2);
- db.rootFlag().verify(rootUser, true, DATE_1);
- db.rootFlag().verify(incorrectlyNotRootUser, true, DATE_2);
- }
-
- @Test
- public void updateRootFlagFromPermissions_sets_root_flag_to_false_if_user_has_admin_group_permission_on_other_organization() {
- UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser());
- UserDto notRootUser = db.users().insertUser();
- GroupDto otherOrganizationGroupDto = db.users().insertGroup(db.organizations().insert());
- db.users().insertPermissionOnGroup(otherOrganizationGroupDto, SYSTEM_ADMIN);
- db.users().insertMembers(otherOrganizationGroupDto, falselyRootUser, notRootUser);
-
- call_updateRootFlagFromPermissions(falselyRootUser, DATE_2);
- db.rootFlag().verify(falselyRootUser, false, DATE_2);
- db.rootFlag().verify(notRootUser, false, notRootUser.getUpdatedAt());
-
- call_updateRootFlagFromPermissions(notRootUser, DATE_1);
- db.rootFlag().verify(falselyRootUser, false, DATE_2);
- db.rootFlag().verify(notRootUser, false, DATE_1);
- }
-
private void commit(Runnable runnable) {
runnable.run();
session.commit();
dbClient.userGroupDao().insert(session, dto);
return dto;
}
-
- private void call_updateRootFlagFromPermissions(UserDto userDto, long now) {
- when(system2.now()).thenReturn(now);
- underTest.updateRootFlagFromPermissions(db.getSession(), userDto.getId(), db.getDefaultOrganization().getUuid());
- db.commit();
- }
-
}
return insertRootByUserPermissionImpl(requireNonNull(login));
}
- public UserDto insertRootByUserPermission() {
- return insertRootByUserPermissionImpl(null);
- }
-
private UserDto insertRootByUserPermissionImpl(@Nullable String login) {
UserDto rootByUserPermissionUser = makeRoot(login == null ? insertUser() : insertUser(login));
insertPermissionOnUser(db.getDefaultOrganization(), rootByUserPermissionUser, SYSTEM_ADMIN);
return rootByUserPermissionUser;
}
- public UserDto insertRootByGroupPermission(String login) {
- return insertRootByGroupPermissionImpl(requireNonNull(login), null);
- }
-
- /**
- * @see #insertAdminGroup()
- */
- public UserDto insertRootByGroupPermission(String login, GroupDto adminGroupDto) {
- return insertRootByGroupPermissionImpl(requireNonNull(login), adminGroupDto);
- }
-
- /**
- * @see #insertAdminGroup()
- */
- public UserDto insertRootByGroupPermission(GroupDto adminGroupDto) {
- return insertRootByGroupPermissionImpl(null, adminGroupDto);
- }
-
- public UserDto insertRootByGroupPermission() {
- return insertRootByGroupPermissionImpl(null, null);
- }
-
- public UserDto insertRootByGroupPermissionImpl(@Nullable String login, @Nullable GroupDto groupDto) {
- UserDto rootByGroupPermissionUser = db.users().makeRoot(login == null ? insertUser() : insertUser(login));
- GroupDto adminGroup = createOrCheckAdminGroup(groupDto);
- insertMember(adminGroup, rootByGroupPermissionUser);
- return rootByGroupPermissionUser;
- }
public UserDto insertAdminByUserPermission(OrganizationDto org) {
UserDto user = db.users().insertUser();
projects / sonarqube.git / commitdiff