*/
package org.sonar.db.user;
-import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
});
}
- /**
- * Keep only authorized user that have the given permission on a given project.
- * Please Note that if the permission is 'Anyone' is NOT taking into account by thie method.
- */
- public Collection<Long> keepAuthorizedUsersForRoleAndProject(final DbSession session, Collection<Long> userIds, String role, final long projectId) {
- return executeLargeInputs(
- userIds,
- partitionOfIds -> session.getMapper(AuthorizationMapper.class).keepAuthorizedUsersForRoleAndProject(role, projectId, partitionOfIds));
- }
-
- public boolean isAuthorizedComponentKey(String componentKey, @Nullable Integer userId, String role) {
- DbSession session = mybatis.openSession(false);
- try {
- return keepAuthorizedComponentKeys(session, componentKey, userId, role).size() == 1;
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
-
- private static List<String> keepAuthorizedComponentKeys(final DbSession session, final String componentKey, @Nullable final Integer userId, final String role) {
- if (userId == null) {
- return session.getMapper(AuthorizationMapper.class).keepAuthorizedComponentKeysForAnonymous(role, Sets.newHashSet(componentKey));
- } else {
- return session.getMapper(AuthorizationMapper.class).keepAuthorizedComponentKeysForUser(userId, role, Sets.newHashSet(componentKey));
- }
- }
-
public Collection<String> selectAuthorizedRootProjectsKeys(@Nullable Integer userId, String role) {
SqlSession session = mybatis.openSession(false);
try {
}
}
- public Collection<String> selectAuthorizedRootProjectsKeys(@Nullable Integer userId, String role, SqlSession session) {
+ private static Collection<String> selectAuthorizedRootProjectsKeys(@Nullable Integer userId, String role, SqlSession session) {
String sql;
Map<String, Object> params = newHashMap();
sql = "selectAuthorizedRootProjectsKeys";
return session.selectList(sql, params);
}
- public Collection<String> selectAuthorizedRootProjectsUuids(@Nullable Integer userId, String role, SqlSession session) {
+ private static Collection<String> selectAuthorizedRootProjectsUuids(@Nullable Integer userId, String role, SqlSession session) {
String sql;
Map<String, Object> params = newHashMap();
sql = "selectAuthorizedRootProjectsUuids";
<mapper namespace="org.sonar.db.user.AuthorizationMapper">
- <select id="keepAuthorizedComponentKeysForUser" parameterType="map" resultType="string">
- SELECT p.kee
- FROM group_roles gr, projects p
- WHERE
- gr.role=#{role}
- and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
- and gr.resource_id = p.id
- and
- <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
- p.kee=#{element}
- </foreach>
- UNION
- SELECT p.kee
- FROM group_roles gr, projects root, projects p
- WHERE
- gr.role=#{role}
- and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
- and gr.resource_id = root.id
- and p.root_uuid = root.uuid
- and
- <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
- p.kee=#{element}
- </foreach>
- UNION
- SELECT p.kee
- FROM user_roles ur
- INNER JOIN projects p on p.id = ur.resource_id
- WHERE
- ur.role=#{role}
- and ur.user_id=#{userId}
- and
- <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
- p.kee=#{element}
- </foreach>
- </select>
-
- <select id="keepAuthorizedComponentKeysForAnonymous" parameterType="map" resultType="string">
- SELECT p.kee
- FROM group_roles gr, projects p
- WHERE
- gr.role=#{role}
- and gr.group_id is null
- and gr.resource_id = p.id
- and
- <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
- p.kee=#{element}
- </foreach>
- UNION
- SELECT p.kee
- FROM group_roles gr, projects root, projects p
- WHERE
- gr.role=#{role}
- and gr.group_id is null
- and gr.resource_id = root.id
- and p.root_uuid = root.uuid
- and
- <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
- p.kee=#{element}
- </foreach>
- </select>
-
<select id="keepAuthorizedProjectIdsForUser" parameterType="map" resultType="long">
SELECT gr.resource_id
FROM group_roles gr
</choose>
</select>
- <select id="keepAuthorizedUsersForRoleAndProject" parameterType="map" resultType="Long">
- SELECT gu.user_id
- FROM groups_users gu
- INNER JOIN group_roles gr ON gr.group_id=gu.group_id
- WHERE
- gr.resource_id=#{componentId}
- AND gr.role=#{role}
- AND gu.user_id in
- <foreach collection="userIds" open="(" close=")" item="id" separator=",">
- #{id}
- </foreach>
- UNION
- SELECT ur.user_id
- FROM user_roles ur
- WHERE
- ur.resource_id=#{componentId}
- AND ur.role=#{role}
- AND ur.user_id IN
- <foreach collection="userIds" open="(" close=")" item="id" separator=",">
- #{id}
- </foreach>
- </select>
-
</mapper>
import static com.google.common.collect.Sets.newHashSet;
import static org.assertj.core.api.Assertions.assertThat;
-
public class AuthorizationDaoTest {
private static final int USER = 100;
private static final Long PROJECT_ID = 300L;
private static final Long PROJECT_ID_WITHOUT_SNAPSHOT = 400L;
private static final String PROJECT = "pj-w-snapshot";
- private static final String PROJECT_WIHOUT_SNAPSHOT = "pj-wo-snapshot";
@Rule
public DbTester dbTester = DbTester.create(System2.INSTANCE);
- AuthorizationDao authorization = dbTester.getDbClient().authorizationDao();
+ private AuthorizationDao authorization = dbTester.getDbClient().authorizationDao();
@Test
public void user_should_be_authorized() {
assertThat(componentIds).isEmpty();
assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(),
- Collections.<Long>emptySet(),
+ Collections.emptySet(),
USER, "admin")).isEmpty();
}
assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), newHashSet(PROJECT_ID), USER, "admin")).isEmpty();
// Empty list
- assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), Collections.<Long>emptySet(), USER, "admin")).isEmpty();
+ assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), Collections.emptySet(), USER, "admin")).isEmpty();
}
@Test
assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), newHashSet(PROJECT_ID), USER, "admin")).isEmpty();
// Empty list
- assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), Collections.<Long>emptySet(), USER, "admin")).isEmpty();
+ assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), Collections.emptySet(), USER, "admin")).isEmpty();
}
@Test
assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), newHashSet(PROJECT_ID), null, "admin")).isEmpty();
// Empty list
- assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), Collections.<Long>emptySet(), null, "admin")).isEmpty();
- }
-
- @Test
- public void is_authorized_component_key_for_user() {
- dbTester.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_user.xml");
-
- assertThat(authorization.isAuthorizedComponentKey(PROJECT, USER, "user")).isTrue();
- assertThat(authorization.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, USER, "user")).isFalse();
-
- // user does not have the role "admin"
- assertThat(authorization.isAuthorizedComponentKey(PROJECT, USER, "admin")).isFalse();
- }
-
- @Test
- public void is_authorized_component_key_for_group() {
- dbTester.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_group.xml");
-
- assertThat(authorization.isAuthorizedComponentKey(PROJECT, USER, "user")).isTrue();
- assertThat(authorization.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, USER, "user")).isFalse();
-
- // user does not have the role "admin"
- assertThat(authorization.isAuthorizedComponentKey(PROJECT, USER, "admin")).isFalse();
- }
-
- @Test
- public void is_authorized_component_key_for_anonymous() {
- dbTester.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_anonymous.xml");
-
- assertThat(authorization.isAuthorizedComponentKey(PROJECT, null, "user")).isTrue();
- assertThat(authorization.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, null, "user")).isFalse();
- assertThat(authorization.isAuthorizedComponentKey(PROJECT, null, "admin")).isFalse();
+ assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), Collections.emptySet(), null, "admin")).isEmpty();
}
@Test
assertThat(authorization.selectGlobalPermissions("anyone_user")).containsOnly("user", "profileadmin");
}
- @Test
- public void keep_authorized_users_for_role_and_project_for_user() {
- dbTester.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_user.xml");
-
- assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(),
- // Only 100 and 101 has 'user' role on project
- newHashSet(100L, 101L, 102L), "user", PROJECT_ID)).containsOnly(100L, 101L);
-
- assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(),
- // Only 100 and 101 has 'user' role on project
- newHashSet(100L), "user", PROJECT_ID)).containsOnly(100L);
-
- // user does not have the role "admin"
- assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), newHashSet(100L), "admin", PROJECT_ID)).isEmpty();
-
- // Empty list
- assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), Collections.<Long>emptySet(), "user", PROJECT_ID)).isEmpty();
- }
-
- @Test
- public void keep_authorized_users_for_role_and_project_for_group() {
- dbTester.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_group.xml");
-
- assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(),
- // Only 100 and 101 has 'user' role on project
- newHashSet(100L, 101L, 102L), "user", PROJECT_ID)).containsOnly(100L, 101L);
-
- assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(),
- newHashSet(100L), "user", PROJECT_ID)).containsOnly(100L);
-
- // user does not have the role "admin"
- assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), newHashSet(100L), "admin", PROJECT_ID)).isEmpty();
-
- // Empty list
- assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), Collections.<Long>emptySet(), "user", PROJECT_ID)).isEmpty();
- }
-
- @Test
- public void keep_authorized_users_returns_empty_list_for_role_and_project_for_anonymous() {
- dbTester.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_anonymous.xml");
-
- assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(),
- // Only 100 and 101 has 'user' role on project
- newHashSet(100L, 101L, 102L), "user", PROJECT_ID)).isEmpty();
- }
-
}