import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
+import static org.sonar.db.permission.OrganizationPermission.SCAN;
public class AuthorizationDaoTest {
@Test
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_exist() {
// another user
- db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN);
+ db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, MISSING_ID, SYSTEM_ADMIN);
@Test
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_have_permission_at_all() {
- db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN);
+ db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);
// user is not part of this group
db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION);
@Test
public void selectOrganizationUuidsOfUserWithGlobalPermission_ignores_anonymous_permissions() {
- db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION);
- db.users().insertPermissionOnUser(org, user, QUALITY_GATE_ADMIN);
+ db.users().insertPermissionOnAnyone(org, SCAN);
+ db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_GATES);
- Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN_EXECUTION);
+ Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey());
assertThat(orgUuids).isEmpty();
}
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
+import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
+import static org.sonar.db.permission.OrganizationPermission.SCAN;
public class GroupPermissionDaoTest {
GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2");
GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3");
GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1");
- db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION);
+ db.users().insertPermissionOnAnyone(organizationDto, SCAN);
assertThat(underTest.selectGroupNamesByQuery(dbSession, organizationDto.getUuid(), PermissionQuery.builder().build()))
.containsExactly(ANYONE, group1.getName(), group2.getName(), group3.getName());
GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1");
db.users().insertGroup(organizationDto, "Group-2");
db.users().insertGroup(organizationDto, "Group-3");
- db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION);
- db.users().insertPermissionOnGroup(group1, PROVISIONING);
+ db.users().insertPermissionOnAnyone(organizationDto, SCAN);
+ db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);
assertThat(underTest.countGroupsByQuery(dbSession,
defaultOrganizationUuid, PermissionQuery.builder().build())).isEqualTo(4);
assertThat(underTest.countGroupsByQuery(dbSession,
- defaultOrganizationUuid, PermissionQuery.builder().setPermission(PROVISIONING).build())).isEqualTo(1);
+ defaultOrganizationUuid, PermissionQuery.builder().setPermission(PROVISION_PROJECTS.getKey()).build())).isEqualTo(1);
assertThat(underTest.countGroupsByQuery(dbSession,
defaultOrganizationUuid, PermissionQuery.builder().withAtLeastOnePermission().build())).isEqualTo(2);
assertThat(underTest.countGroupsByQuery(dbSession,
ComponentDto project = db.components().insertComponent(newProjectDto(organizationDto));
- db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION);
- db.users().insertPermissionOnAnyone(organizationDto, PROVISIONING);
- db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION);
- db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN);
+ db.users().insertPermissionOnAnyone(organizationDto, SCAN);
+ db.users().insertPermissionOnAnyone(organizationDto, PROVISION_PROJECTS);
+ db.users().insertPermissionOnGroup(group1, SCAN);
+ db.users().insertPermissionOnGroup(group3, ADMINISTER);
db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project);
assertThat(underTest.selectGroupNamesByQuery(dbSession,
- organizationDto.getUuid(), PermissionQuery.builder().setPermission(SCAN_EXECUTION).build())).containsExactly(ANYONE, group1.getName());
+ organizationDto.getUuid(), PermissionQuery.builder().setPermission(SCAN.getKey()).build())).containsExactly(ANYONE, group1.getName());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
- organizationDto.getUuid(), PermissionQuery.builder().setPermission(SYSTEM_ADMIN).build())).containsExactly(group3.getName());
+ organizationDto.getUuid(), PermissionQuery.builder().setPermission(ADMINISTER.getKey()).build())).containsExactly(group3.getName());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
- organizationDto.getUuid(), PermissionQuery.builder().setPermission(PROVISIONING).build())).containsExactly(ANYONE);
+ organizationDto.getUuid(), PermissionQuery.builder().setPermission(PROVISION_PROJECTS.getKey()).build())).containsExactly(ANYONE);
}
@Test
db.users().insertProjectPermissionOnGroup(group1, SYSTEM_ADMIN, anotherProject);
db.users().insertProjectPermissionOnAnyone(SYSTEM_ADMIN, anotherProject);
db.users().insertProjectPermissionOnGroup(group3, SCAN_EXECUTION, anotherProject);
- db.users().insertPermissionOnGroup(group2, SCAN_EXECUTION);
+ db.users().insertPermissionOnGroup(group2, SCAN);
PermissionQuery.Builder builderOnComponent = PermissionQuery.builder().setComponentUuid(project.uuid());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
public void selectGroupNamesByQuery_with_search_query() {
GroupDto group = db.users().insertGroup(db.getDefaultOrganization(), "group-anyone");
db.users().insertGroup(db.getDefaultOrganization(), "unknown");
- db.users().insertPermissionOnGroup(group, SCAN_EXECUTION);
+ db.users().insertPermissionOnGroup(group, SCAN);
assertThat(underTest.selectGroupNamesByQuery(dbSession,
defaultOrganizationUuid, PermissionQuery.builder().setSearchQuery("any").build())).containsOnlyOnce(ANYONE, group.getName());
OrganizationDto organizationDto = db.organizations().insert();
GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1");
- db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION);
+ db.users().insertPermissionOnGroup(group1, SCAN);
GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2");
ComponentDto project = db.components().insertComponent(newProjectDto(organizationDto));
db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project);
GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3");
- db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(group3, ADMINISTER);
// Anyone
- db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION);
- db.users().insertPermissionOnAnyone(organizationDto, PROVISIONING);
+ db.users().insertPermissionOnAnyone(organizationDto, SCAN);
+ db.users().insertPermissionOnAnyone(organizationDto, PROVISION_PROJECTS);
assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(group1.getId()), null))
.extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId)
public void selectByGroupIds_on_projects() {
OrganizationDto org = db.organizations().insert();
GroupDto group1 = db.users().insertGroup(org, "Group-1");
- db.users().insertPermissionOnGroup(group1, PROVISIONING);
+ db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);
GroupDto group2 = db.users().insertGroup(org, "Group-2");
ComponentDto project = db.components().insertComponent(newProjectDto(org));
db.users().insertProjectPermissionOnGroup(group3, USER, project);
// Anyone group
- db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION);
+ db.users().insertPermissionOnAnyone(org, SCAN);
db.users().insertProjectPermissionOnAnyone(PROVISIONING, project);
assertThat(underTest.selectByGroupIds(dbSession, defaultOrganizationUuid, singletonList(group1.getId()), project.getId())).isEmpty();
import org.junit.Test;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import static org.assertj.core.api.Assertions.assertThat;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
public class RoleDaoTest {
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project1);
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2);
// global permission - not returned
- db.users().insertPermissionOnUser(user1, UserRole.ADMIN);
+ db.users().insertPermissionOnUser(user1, ADMINISTER);
// project permission on another user id - not returned
db.users().insertProjectPermissionOnUser(user2, UserRole.ADMIN, project1);
// project permission on another permission - not returned
db.users().insertMember(group1, user1);
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2);
// global permission - not returned
- db.users().insertPermissionOnUser(user1, GlobalPermissions.SYSTEM_ADMIN);
- db.users().insertPermissionOnGroup(group1, GlobalPermissions.SYSTEM_ADMIN);
+ db.users().insertPermissionOnUser(user1, ADMINISTER);
+ db.users().insertPermissionOnGroup(group1, ADMINISTER);
// project permission on another user id - not returned
- db.users().insertPermissionOnGroup(group2, GlobalPermissions.SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(group2, ADMINISTER);
db.users().insertMember(group2, user2);
// project permission on another permission - not returned
db.users().insertProjectPermissionOnGroup(group1, UserRole.ISSUE_ADMIN, project1);
import static org.junit.Assert.fail;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.user.GroupMembershipQuery.IN;
import static org.sonar.db.user.GroupMembershipQuery.builder;
import static org.sonar.db.user.GroupTesting.newGroupDto;
public void deactivate_user() throws Exception {
UserDto user = newActiveUser();
PropertyDto property = insertProperty(user);
- db.users().insertPermissionOnUser(user, "perm");
+ db.users().insertPermissionOnUser(user, ADMINISTER);
insertUserGroup(user);
UserDto otherUser = newActiveUser();
import java.util.function.Consumer;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
-import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.core.util.stream.Collectors;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.GroupPermissionDto;
+import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.permission.UserPermissionDto;
import static com.google.common.base.Preconditions.checkArgument;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.user.GroupTesting.newGroupDto;
import static org.sonar.db.user.UserTesting.newUserDto;
public UserDto insertAdminByUserPermission(OrganizationDto org) {
UserDto user = insertUser();
- insertPermissionOnUser(org, user, GlobalPermissions.SYSTEM_ADMIN);
+ insertPermissionOnUser(org, user, ADMINISTER);
return user;
}
return dto;
}
+ public GroupPermissionDto insertPermissionOnAnyone(OrganizationDto org, OrganizationPermission permission) {
+ return insertPermissionOnAnyone(org, permission.getKey());
+ }
+
public GroupPermissionDto insertPermissionOnGroup(GroupDto group, String permission) {
GroupPermissionDto dto = new GroupPermissionDto()
.setOrganizationUuid(group.getOrganizationUuid())
return dto;
}
+ public GroupPermissionDto insertPermissionOnGroup(GroupDto group, OrganizationPermission permission) {
+ return insertPermissionOnGroup(group, permission.getKey());
+ }
+
public void deletePermissionFromGroup(GroupDto group, String permission) {
db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, group.getOrganizationUuid(), group.getId(), null);
db.commit();
org.getUuid(), null);
}
checkArgument(org.getUuid().equals(project.getOrganizationUuid()), "Different organizations");
- return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(),
- org.getUuid(), null, project.getId());
+ return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), org.getUuid(), null, project.getId());
}
// USER PERMISSIONS
/**
- * Grant global permission on default organization
+ * Grant permission on default organization
*/
- public UserPermissionDto insertPermissionOnUser(UserDto user, String permission) {
+ public UserPermissionDto insertPermissionOnUser(UserDto user, OrganizationPermission permission) {
return insertPermissionOnUser(db.getDefaultOrganization(), user, permission);
}
/**
* Grant global permission
+ * @deprecated use {@link #insertPermissionOnUser(OrganizationDto, UserDto, OrganizationPermission)}
*/
+ @Deprecated
public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, String permission) {
UserPermissionDto dto = new UserPermissionDto(org.getUuid(), permission, user.getId(), null);
db.getDbClient().userPermissionDao().insert(db.getSession(), dto);
return dto;
}
- public void deletePermissionFromUser(OrganizationDto org, UserDto user, String permission) {
- db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getId(), permission, org.getUuid());
+ /**
+ * Grant organization permission to user
+ */
+ public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, OrganizationPermission permission) {
+ return insertPermissionOnUser(org, user, permission.getKey());
+ }
+
+ public void deletePermissionFromUser(OrganizationDto org, UserDto user, OrganizationPermission permission) {
+ db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getId(), permission.getKey(), org.getUuid());
db.commit();
}
return dto;
}
- public List<String> selectGlobalPermissionsOfUser(UserDto user, OrganizationDto organization) {
- return db.getDbClient().userPermissionDao().selectGlobalPermissionsOfUser(db.getSession(), user.getId(), organization.getUuid());
+ public List<OrganizationPermission> selectPermissionsOfUser(UserDto user, OrganizationDto organization) {
+ return toListOfOrganizationPermissions(db.getDbClient().userPermissionDao()
+ .selectGlobalPermissionsOfUser(db.getSession(), user.getId(), organization.getUuid()));
}
public List<String> selectProjectPermissionsOfUser(UserDto user, ComponentDto project) {
return db.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(db.getSession(), user.getId(), project.getId());
}
+
+ private static List<OrganizationPermission> toListOfOrganizationPermissions(List<String> keys) {
+ return keys
+ .stream()
+ .map(OrganizationPermission::fromKey)
+ .collect(Collectors.toList());
+ }
}
*/
package org.sonar.server.organization.ws;
+import java.util.Arrays;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.System2;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.organization.OrganizationDto;
+import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.tester.UserSessionRule;
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.test.JsonAssert.assertJson;
public class SearchMyOrganizationsActionTest {
public void returns_organizations_of_authenticated_user_when_user_has_ADMIN_group_permission_on_some_organization() {
UserDto user = dbTester.users().insertUser();
GroupDto defaultGroup = dbTester.users().insertGroup(dbTester.getDefaultOrganization());
- dbTester.users().insertPermissionOnGroup(defaultGroup, SYSTEM_ADMIN);
+ dbTester.users().insertPermissionOnGroup(defaultGroup, ADMINISTER);
dbTester.users().insertMember(defaultGroup, user);
OrganizationDto organization1 = dbTester.organizations().insert();
GroupDto group1 = dbTester.users().insertGroup(organization1);
- dbTester.users().insertPermissionOnGroup(group1, SYSTEM_ADMIN);
+ dbTester.users().insertPermissionOnGroup(group1, ADMINISTER);
dbTester.users().insertMember(group1, user);
UserDto otherUser = dbTester.users().insertUser();
OrganizationDto organization2 = dbTester.organizations().insert();
GroupDto group2 = dbTester.users().insertGroup(organization2);
- dbTester.users().insertPermissionOnGroup(group2, SYSTEM_ADMIN);
+ dbTester.users().insertPermissionOnGroup(group2, ADMINISTER);
dbTester.users().insertMember(group2, otherUser);
userSessionRule.logIn(user);
OrganizationDto organization2 = dbTester.organizations().insert();
GroupDto group = dbTester.users().insertGroup(organization2);
dbTester.users().insertMember(group, user);
- GlobalPermissions.ALL.stream()
- .filter(s -> !s.equals(SYSTEM_ADMIN))
+ Arrays.stream(OrganizationPermission.values())
+ .filter(s -> s != ADMINISTER)
.forEach(s -> {
dbTester.users().insertPermissionOnUser(organization1, user, s);
dbTester.users().insertPermissionOnGroup(group, s);
UserDto user = dbTester.users().insertUser();
OrganizationDto organization = dbTester.organizations().insert();
GroupDto group1 = dbTester.users().insertGroup(organization);
- dbTester.users().insertPermissionOnGroup(group1, SYSTEM_ADMIN);
+ dbTester.users().insertPermissionOnGroup(group1, ADMINISTER);
dbTester.users().insertPermissionOnUser(organization, user, SYSTEM_ADMIN);
userSessionRule.logIn(user);
import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
import static org.assertj.core.api.Assertions.assertThat;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
+import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
public class GroupPermissionChangerTest {
@Test
public void do_nothing_when_adding_permission_that_already_exists() {
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group);
- db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN);
+ db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES);
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId));
+ apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupId));
- assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
+ assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey());
}
@Test
@Test
public void remove_permission_from_group() {
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group);
- db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN);
- db.users().insertPermissionOnGroup(group, GlobalPermissions.PROVISIONING);
+ db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES);
+ db.users().insertPermissionOnGroup(group, PROVISION_PROJECTS);
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId));
+ apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupId));
- assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.PROVISIONING);
+ assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(PROVISION_PROJECTS.getKey());
}
@Test
public void remove_project_permission_from_group() {
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group);
- db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN);
+ db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES);
db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, project);
apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(project), groupId));
- assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
+ assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey());
assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(UserRole.CODEVIEWER);
}
@Test
public void fail_to_remove_admin_permission_if_no_more_admins() {
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group);
- db.users().insertPermissionOnGroup(group, GlobalPermissions.SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(group, ADMINISTER);
expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed.");
- underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.SYSTEM_ADMIN, null, groupId));
+ underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId));
}
@Test
public void remove_admin_group_if_still_other_admins() {
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group);
- db.users().insertPermissionOnGroup(group, GlobalPermissions.SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(group, ADMINISTER);
UserDto admin = db.users().insertUser();
- db.users().insertPermissionOnUser(org, admin, GlobalPermissions.SYSTEM_ADMIN);
+ db.users().insertPermissionOnUser(org, admin, ADMINISTER);
- apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.SYSTEM_ADMIN, null, groupId));
+ apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId));
assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
}
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
-import org.sonar.server.organization.DefaultOrganizationProvider;
-import org.sonar.server.organization.TestDefaultOrganizationProvider;
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
+import static org.sonar.db.permission.OrganizationPermission.SCAN;
import static org.sonar.server.permission.PermissionChange.Operation.ADD;
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;
UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), SCAN_EXECUTION, null, UserId.from(user1));
apply(change);
- assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).containsOnly(SCAN_EXECUTION);
- assertThat(db.users().selectGlobalPermissionsOfUser(user1, org2)).isEmpty();
+ assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN);
+ assertThat(db.users().selectPermissionsOfUser(user1, org2)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).isEmpty();
- assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).isEmpty();
+ assertThat(db.users().selectPermissionsOfUser(user2, org1)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user2, project)).isEmpty();
}
UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), ISSUE_ADMIN, new ProjectId(project), UserId.from(user1));
apply(change);
- assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty();
+ assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).contains(ISSUE_ADMIN);
- assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).isEmpty();
+ assertThat(db.users().selectPermissionsOfUser(user2, org1)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user2, project)).isEmpty();
}
@Test
public void do_nothing_when_adding_global_permission_that_already_exists() {
- db.users().insertPermissionOnUser(org1, user1, QUALITY_GATE_ADMIN);
+ db.users().insertPermissionOnUser(org1, user1, ADMINISTER_QUALITY_GATES);
UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
apply(change);
- assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).hasSize(1).containsOnly(QUALITY_GATE_ADMIN);
+ assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(ADMINISTER_QUALITY_GATES);
}
@Test
UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
apply(change);
- assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).containsOnly(SCAN_EXECUTION);
- assertThat(db.users().selectGlobalPermissionsOfUser(user1, org2)).containsOnly(QUALITY_GATE_ADMIN);
- assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).containsOnly(QUALITY_GATE_ADMIN);
+ assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN);
+ assertThat(db.users().selectPermissionsOfUser(user1, org2)).containsOnly(ADMINISTER_QUALITY_GATES);
+ assertThat(db.users().selectPermissionsOfUser(user2, org1)).containsOnly(ADMINISTER_QUALITY_GATES);
assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).containsOnly(ISSUE_ADMIN);
}
@Test
public void remove_project_permission_from_user() {
ComponentDto project2 = db.components().insertProject(org1);
- db.users().insertPermissionOnUser(user1, QUALITY_GATE_ADMIN);
+ db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);
db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnUser(user1, USER, project);
db.users().insertProjectPermissionOnUser(user2, ISSUE_ADMIN, project);
UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
apply(change);
- assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty();
+ assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty();
}
@Test
@Test
public void remove_admin_user_if_still_other_admins() {
- db.users().insertPermissionOnUser(org1, user1, SYSTEM_ADMIN);
+ db.users().insertPermissionOnUser(org1, user1, ADMINISTER);
GroupDto admins = db.users().insertGroup(org1, "admins");
db.users().insertMember(admins, user2);
- db.users().insertPermissionOnGroup(admins, SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(admins, ADMINISTER);
- UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), SYSTEM_ADMIN, null, UserId.from(user1));
+ UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1));
underTest.apply(db.getSession(), change);
- assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty();
+ assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty();
}
private void apply(UserPermissionChange change) {
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.component.ComponentTesting.newView;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.execute();
- assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(ADMINISTER);
}
@Test
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.execute();
- assertThat(db.users().selectGlobalPermissionsOfUser(user, organization)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectPermissionsOfUser(user, organization)).containsOnly(ADMINISTER);
}
@Test
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.execute();
- assertThat(db.users().selectGlobalPermissionsOfUser(user, organization)).isEmpty();
+ assertThat(db.users().selectPermissionsOfUser(user, organization)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN);
}
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.execute();
- assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty();
+ assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN);
}
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.execute();
- assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty();
+ assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(SYSTEM_ADMIN);
}
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.component.ComponentTesting.newView;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
+import static org.sonar.db.permission.OrganizationPermission.SCAN;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
group1 = db.users().insertGroup(defOrg, "group-1-name");
group2 = db.users().insertGroup(defOrg, "group-2-name");
group3 = db.users().insertGroup(defOrg, "group-3-name");
- db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION);
- db.users().insertPermissionOnGroup(group2, SCAN_EXECUTION);
- db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN);
- db.users().insertPermissionOnAnyone(defOrg, SCAN_EXECUTION);
+ db.users().insertPermissionOnGroup(group1, SCAN);
+ db.users().insertPermissionOnGroup(group2, SCAN);
+ db.users().insertPermissionOnGroup(group3, ADMINISTER);
+ db.users().insertPermissionOnAnyone(defOrg, SCAN);
db.commit();
}
loginAsAdmin(db.getDefaultOrganization());
String json = newRequest()
- .setParam(PARAM_PERMISSION, SCAN_EXECUTION)
+ .setParam(PARAM_PERMISSION, SCAN.getKey())
.execute()
.getInput();
assertJson(json).isSimilarTo("{\n" +
public void search_with_selection() throws Exception {
loginAsAdmin(db.getDefaultOrganization());
String result = newRequest()
- .setParam(PARAM_PERMISSION, SCAN_EXECUTION)
+ .setParam(PARAM_PERMISSION, SCAN.getKey())
.execute()
.getInput();
public void search_groups_with_pagination() throws Exception {
loginAsAdmin(db.getDefaultOrganization());
String result = newRequest()
- .setParam(PARAM_PERMISSION, SCAN_EXECUTION)
+ .setParam(PARAM_PERMISSION, SCAN.getKey())
.setParam(PAGE_SIZE, "1")
.setParam(PAGE, "3")
.execute()
public void search_groups_with_query() throws Exception {
loginAsAdmin(db.getDefaultOrganization());
String result = newRequest()
- .setParam(PARAM_PERMISSION, SCAN_EXECUTION)
+ .setParam(PARAM_PERMISSION, SCAN.getKey())
.setParam(TEXT_QUERY, "group-")
.execute()
.getInput();
userSession.anonymous();
newRequest()
- .setParam(PARAM_PERMISSION, "scan")
+ .setParam(PARAM_PERMISSION, SCAN.getKey())
.execute();
}
userSession.logIn("login");
newRequest()
- .setParam(PARAM_PERMISSION, "scan")
+ .setParam(PARAM_PERMISSION, SCAN.getKey())
.execute();
}
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
+import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
@Test
public void remove_permission_using_group_name() throws Exception {
- db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
- db.users().insertPermissionOnGroup(aGroup, PROVISIONING);
+ db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
+ db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS);
loginAsAdmin(db.getDefaultOrganization());
newRequest()
.setParam(PARAM_PERMISSION, PROVISIONING)
.execute();
- assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
}
@Test
public void remove_permission_using_group_id() throws Exception {
- db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
- db.users().insertPermissionOnGroup(aGroup, PROVISIONING);
+ db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
+ db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS);
loginAsAdmin(db.getDefaultOrganization());
newRequest()
.setParam(PARAM_GROUP_ID, aGroup.getId().toString())
- .setParam(PARAM_PERMISSION, PROVISIONING)
+ .setParam(PARAM_PERMISSION, PROVISION_PROJECTS.getKey())
.execute();
- assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
}
@Test
public void remove_project_permission() throws Exception {
ComponentDto project = db.components().insertProject();
- db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, project);
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project);
loginAsAdmin(db.getDefaultOrganization());
.setParam(PARAM_PERMISSION, ADMIN)
.execute();
- assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(ISSUE_ADMIN);
}
@Test
public void remove_with_view_uuid() throws Exception {
ComponentDto view = db.components().insertView();
- db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, view);
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, view);
loginAsAdmin(db.getDefaultOrganization());
.setParam(PARAM_PERMISSION, ADMIN)
.execute();
- assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, view)).containsOnly(ISSUE_ADMIN);
}
@Test
public void remove_with_project_key() throws Exception {
ComponentDto project = db.components().insertProject();
- db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, project);
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project);
loginAsAdmin(db.getDefaultOrganization());
.setParam(PARAM_PERMISSION, ADMIN)
.execute();
- assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(ISSUE_ADMIN);
}
@Test
public void fail_to_remove_last_admin_permission() throws Exception {
- db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
- db.users().insertPermissionOnGroup(aGroup, PROVISIONING);
+ db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
+ db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS);
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(BadRequestException.class);
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, "unknown-project-uuid")
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, ADMINISTER.getKey())
.execute();
}
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.component.ComponentTesting.newView;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
+import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
@Test
public void remove_permission_from_user() throws Exception {
- db.users().insertPermissionOnUser(user, PROVISIONING);
- db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN);
+ db.users().insertPermissionOnUser(user, PROVISION_PROJECTS);
+ db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);
loginAsAdmin(db.getDefaultOrganization());
newRequest()
.setParam(PARAM_PERMISSION, QUALITY_GATE_ADMIN)
.execute();
- assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(PROVISIONING);
+ assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(PROVISION_PROJECTS);
}
@Test
public void fail_to_remove_admin_permission_if_last_admin() throws Exception {
- db.users().insertPermissionOnUser(user, CODEVIEWER);
- db.users().insertPermissionOnUser(user, ADMIN);
+ db.users().insertPermissionOnUser(user, ADMINISTER);
loginAsAdmin(db.getDefaultOrganization());
expectedException.expect(BadRequestException.class);
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;
+import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
+import static org.sonar.db.permission.OrganizationPermission.SCAN;
import static org.sonar.test.JsonAssert.assertJson;
public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest<SearchGlobalPermissionsAction> {
loginAsAdmin(org);
GroupDto adminGroup = db.users().insertGroup(newGroup(org, "sonar-admins", "Administrators"));
GroupDto userGroup = db.users().insertGroup(newGroup(org, "sonar-users", "Users"));
- db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION);
- db.users().insertPermissionOnGroup(userGroup, SCAN_EXECUTION);
+ db.users().insertPermissionOnAnyone(org, SCAN);
+ db.users().insertPermissionOnGroup(userGroup, SCAN);
db.users().insertPermissionOnGroup(userGroup, PROVISIONING);
- db.users().insertPermissionOnGroup(adminGroup, SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(adminGroup, ADMINISTER);
UserDto user = db.users().insertUser(newUserDto("user", "user-name"));
UserDto adminUser = db.users().insertUser(newUserDto("admin", "admin-name"));
- db.users().insertPermissionOnUser(org, user, PROVISIONING);
- db.users().insertPermissionOnUser(org, user, QUALITY_PROFILE_ADMIN);
- db.users().insertPermissionOnUser(org, adminUser, QUALITY_PROFILE_ADMIN);
- db.users().insertPermissionOnUser(org, user, QUALITY_GATE_ADMIN);
- db.users().insertPermissionOnUser(org, adminUser, QUALITY_GATE_ADMIN);
+ db.users().insertPermissionOnUser(org, user, PROVISION_PROJECTS);
+ db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertPermissionOnUser(org, adminUser, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_GATES);
+ db.users().insertPermissionOnUser(org, adminUser, ADMINISTER_QUALITY_GATES);
// to be excluded, permission on another organization (the default one)
- db.users().insertPermissionOnUser(db.getDefaultOrganization(), adminUser, QUALITY_GATE_ADMIN);
+ db.users().insertPermissionOnUser(db.getDefaultOrganization(), adminUser, ADMINISTER_QUALITY_GATES);
String result = newRequest()
.setParam("organization", org.getKey())
loginAsAdmin(org, db.getDefaultOrganization());
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SCAN_EXECUTION);
+ db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SCAN);
// to be ignored, by default organization is used when searching for permissions
- db.users().insertPermissionOnUser(org, user, QUALITY_GATE_ADMIN);
+ db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_GATES);
WsPermissions.WsSearchGlobalPermissionsResponse result = WsPermissions.WsSearchGlobalPermissionsResponse.parseFrom(
newRequest()
import org.junit.Test;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ResourceTypesRule;
import static org.sonar.db.component.ComponentTesting.newProjectCopy;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.component.ComponentTesting.newView;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_QUALIFIER;
db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, dev);
db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, view);
// global permission
- db.users().insertPermissionOnUser(user1, GlobalPermissions.SYSTEM_ADMIN);
+ db.users().insertPermissionOnUser(user1, ADMINISTER);
GroupDto group1 = db.users().insertGroup();
GroupDto group2 = db.users().insertGroup();
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;
+import static org.sonar.db.permission.OrganizationPermission.SCAN;
import static org.sonar.db.user.UserTesting.newUserDto;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
public void search_for_users_with_response_example() throws Exception {
UserDto user1 = db.users().insertUser(newUserDto().setLogin("admin").setName("Administrator").setEmail("admin@admin.com"));
UserDto user2 = db.users().insertUser(newUserDto().setLogin("george.orwell").setName("George Orwell").setEmail("george.orwell@1984.net"));
- db.users().insertPermissionOnUser(user1, SYSTEM_ADMIN);
- db.users().insertPermissionOnUser(user1, QUALITY_GATE_ADMIN);
- db.users().insertPermissionOnUser(user1, QUALITY_PROFILE_ADMIN);
- db.users().insertPermissionOnUser(user2, SCAN_EXECUTION);
+ db.users().insertPermissionOnUser(user1, ADMINISTER);
+ db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);
+ db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertPermissionOnUser(user2, SCAN);
loginAsAdmin(db.getDefaultOrganization());
String result = newRequest().execute().getInput();
UserDto user1 = db.users().insertUser(newUserDto("login-1", "name-1", "email-1"));
UserDto user2 = db.users().insertUser(newUserDto("login-2", "name-2", "email-2"));
UserDto user3 = db.users().insertUser(newUserDto("login-3", "name-3", "email-3"));
- db.users().insertPermissionOnUser(user1, SCAN_EXECUTION);
- db.users().insertPermissionOnUser(user2, SCAN_EXECUTION);
- db.users().insertPermissionOnUser(user3, SYSTEM_ADMIN);
+ db.users().insertPermissionOnUser(user1, SCAN);
+ db.users().insertPermissionOnUser(user2, SCAN);
+ db.users().insertPermissionOnUser(user3, ADMINISTER);
}
}
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.organization.OrganizationDto;
+import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.organization.TestOrganizationFlags;
-import org.sonar.db.permission.OrganizationPermission;
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
+import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
+import static org.sonar.db.permission.OrganizationPermission.SCAN;
import static org.sonar.db.user.UserTesting.newUserDto;
public class ServerUserSessionTest {
expectInsufficientPrivilegesForbiddenException();
- newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org);
+ newUserSession(NON_ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org);
}
@Test
db.users().insertUser(NON_ROOT_USER_DTO);
db.users().insertPermissionOnUser(org, NON_ROOT_USER_DTO, PROVISIONING);
- newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org);
+ newUserSession(NON_ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org);
}
@Test
public void checkPermission_succeeds_when_user_is_root() {
OrganizationDto org = db.organizations().insert();
- newUserSession(ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org);
+ newUserSession(ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org);
}
@Test
public void test_hasPermission_on_organization_for_logged_in_user() {
OrganizationDto org = db.organizations().insert();
ComponentDto project = db.components().insertProject(org);
- db.users().insertPermissionOnUser(org, userDto, PROVISIONING);
+ db.users().insertPermissionOnUser(org, userDto, PROVISION_PROJECTS);
db.users().insertProjectPermissionOnUser(userDto, UserRole.ADMIN, project);
UserSession session = newUserSession(userDto);
- assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
- assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse();
- assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse();
+ assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();
+ assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse();
+ assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse();
}
@Test
public void test_hasPermission_on_organization_for_anonymous_user() {
OrganizationDto org = db.organizations().insert();
- db.users().insertPermissionOnAnyone(org, PROVISIONING);
+ db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS);
UserSession session = newAnonymousSession();
- assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
- assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse();
- assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse();
+ assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();
+ assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse();
+ assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse();
}
@Test
UserSession session = newUserSession(userDto);
// feed the cache
- assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
+ assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();
// change permissions without updating the cache
- db.users().deletePermissionFromUser(org, userDto, PROVISIONING);
- db.users().insertPermissionOnUser(org, userDto, SCAN_EXECUTION);
- assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
- assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse();
- assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse();
+ db.users().deletePermissionFromUser(org, userDto, PROVISION_PROJECTS);
+ db.users().insertPermissionOnUser(org, userDto, SCAN);
+ assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();
+ assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse();
+ assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse();
}
@Test
public void hasPermission_on_organization_keeps_cache_of_permissions_of_anonymous_user() {
OrganizationDto org = db.organizations().insert();
- db.users().insertPermissionOnAnyone(org, PROVISIONING);
+ db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS);
UserSession session = newAnonymousSession();
// feed the cache
- assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
+ assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();
// change permissions without updating the cache
- db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION);
- assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
- assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse();
+ db.users().insertPermissionOnAnyone(org, SCAN);
+ assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();
+ assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse();
}
@Test
private void addPermissions(@Nullable ComponentDto component, String... permissions) {
for (String permission : permissions) {
if (component == null) {
- db.users().insertPermissionOnUser(userDto, permission);
+ db.users().insertPermissionOnUser(userDto, OrganizationPermission.fromKey(permission));
} else {
db.users().insertProjectPermissionOnUser(userDto, permission, component);
}
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.organization.OrganizationTesting.newOrganizationDto;
+import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.user.UserTesting.newUserDto;
import static org.sonar.db.user.UserTokenTesting.newUserToken;
import static org.sonar.test.JsonAssert.assertJson;
@Test
public void fail_to_deactivate_last_administrator_of_default_organization() throws Exception {
UserDto admin = createUser();
- db.users().insertPermissionOnUser(admin, SYSTEM_ADMIN);
+ db.users().insertPermissionOnUser(admin, ADMINISTER);
logInAsSystemAdministrator();
expectedException.expect(BadRequestException.class);
public void administrators_can_be_deactivated_if_there_are_still_other_administrators() throws Exception {
UserDto admin = createUser();
UserDto anotherAdmin = createUser();
- db.users().insertPermissionOnUser(admin, SYSTEM_ADMIN);
- db.users().insertPermissionOnUser(anotherAdmin, SYSTEM_ADMIN);
+ db.users().insertPermissionOnUser(admin, ADMINISTER);
+ db.users().insertPermissionOnUser(anotherAdmin, ADMINISTER);
db.commit();
logInAsSystemAdministrator();