--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.auth.github;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.stream.Collectors;
+import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.sonar.db.provisioning.GithubPermissionsMappingDto;
+
+import static java.util.function.Function.identity;
+import static java.util.stream.Collectors.toMap;
+import static org.sonar.server.permission.PermissionServiceImpl.ALL_PROJECT_PERMISSIONS;
+
+public class GithubPermissionConverter {
+ private static final Logger LOG = LoggerFactory.getLogger(GithubPermissionConverter.class);
+ private static final String PULL_GROUP_PERMISSION = "pull";
+ private static final String TRIAGE_GROUP_PERMISSION = "triage";
+ private static final String PUSH_GROUP_PERMISSION = "push";
+ private static final String MAINTAIN_GROUP_PERMISSION = "maintain";
+ private static final String ADMIN_GROUP_PERMISSION = "admin";
+ private static final String READ_GITHUB_ROLE = "read";
+ private static final String TRIAGE_GITHUB_ROLE = "triage";
+ private static final String WRITE_GITHUB_ROLE = "write";
+ private static final String MAINTAIN_GITHUB_ROLE = "maintain";
+ private static final String ADMIN_GITHUB_ROLE = "admin";
+
+ private static final Map<String, String> GITHUB_GROUP_PERMISSION_TO_ROLE_NAME = Map.of(
+ PULL_GROUP_PERMISSION, READ_GITHUB_ROLE,
+ TRIAGE_GROUP_PERMISSION, TRIAGE_GITHUB_ROLE,
+ PUSH_GROUP_PERMISSION, WRITE_GITHUB_ROLE,
+ MAINTAIN_GROUP_PERMISSION, MAINTAIN_GITHUB_ROLE,
+ ADMIN_GROUP_PERMISSION, ADMIN_GITHUB_ROLE);
+
+ private static final Map<GsonRepositoryPermissions, String> GITHUB_PERMISSION_TO_GITHUB_BASE_ROLE = Map.of(
+ new GsonRepositoryPermissions(false, false, false, false, false), "none",
+ new GsonRepositoryPermissions(false, false, false, false, true), READ_GITHUB_ROLE,
+ new GsonRepositoryPermissions(false, false, false, true, true), TRIAGE_GITHUB_ROLE,
+ new GsonRepositoryPermissions(false, false, true, true, true), WRITE_GITHUB_ROLE,
+ new GsonRepositoryPermissions(false, true, true, true, true), MAINTAIN_GITHUB_ROLE,
+ new GsonRepositoryPermissions(true, true, true, true, true), ADMIN_GITHUB_ROLE
+ );
+
+ public Map<String, Boolean> toSonarqubeRolesToHasPermissions(Set<String> sonarqubeRoles) {
+ return ALL_PROJECT_PERMISSIONS.stream()
+ .collect(toMap(identity(), sonarqubeRoles::contains));
+ }
+
+ public Set<String> toSonarqubeRolesWithFallbackOnRepositoryPermissions(Set<GithubPermissionsMappingDto> allPermissionsMappings,
+ String githubRoleOrPermission, GsonRepositoryPermissions repositoryPermissions) {
+ String roleName = toRoleName(githubRoleOrPermission);
+ return toSonarqubeRoles(allPermissionsMappings, roleName, repositoryPermissions);
+ }
+
+ private static String toRoleName(String permission) {
+ return GITHUB_GROUP_PERMISSION_TO_ROLE_NAME.getOrDefault(permission, permission);
+ }
+
+ public Set<String> toSonarqubeRolesForDefaultRepositoryPermission(Set<GithubPermissionsMappingDto> allPermissionsMappings, String roleName) {
+ return toSonarqubeRoles(allPermissionsMappings, roleName, null);
+ }
+
+ private static Set<String> toSonarqubeRoles(Set<GithubPermissionsMappingDto> allPermissionsMappings, String githubRoleName,
+ @Nullable GsonRepositoryPermissions repositoryPermissions) {
+ Map<String, List<GithubPermissionsMappingDto>> permissionMappings = allPermissionsMappings.stream()
+ .collect(Collectors.groupingBy(GithubPermissionsMappingDto::githubRole));
+
+ Set<String> sonarqubePermissions = Optional.ofNullable(permissionMappings.get(githubRoleName))
+ .orElse(GithubPermissionConverter.computeBaseRoleAndGetSqPermissions(permissionMappings, repositoryPermissions))
+ .stream()
+ .map(GithubPermissionsMappingDto::sonarqubePermission)
+ .collect(Collectors.toSet());
+
+ if (sonarqubePermissions.isEmpty()) {
+ LOG.warn("No permission found matching role:{}, and permissions {}", githubRoleName, repositoryPermissions);
+ }
+ return sonarqubePermissions;
+ }
+
+ private static List<GithubPermissionsMappingDto> computeBaseRoleAndGetSqPermissions(Map<String, List<GithubPermissionsMappingDto>> permissionMappings,
+ @Nullable GsonRepositoryPermissions repositoryPermissions) {
+ return Optional.ofNullable(repositoryPermissions)
+ .map(GITHUB_PERMISSION_TO_GITHUB_BASE_ROLE::get)
+ .map(permissionMappings::get)
+ .orElse(List.of());
+ }
+
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.auth.github;
+
+import com.google.gson.annotations.SerializedName;
+
+public record GsonRepositoryPermissions(
+ @SerializedName("admin") boolean admin,
+ @SerializedName("maintain") boolean maintain,
+ @SerializedName("push") boolean push,
+ @SerializedName("triage") boolean triage,
+ @SerializedName("pull") boolean pull) {
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.auth.github;
+
+import java.util.Arrays;
+import java.util.Set;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Suite;
+import org.sonar.db.provisioning.GithubPermissionsMappingDto;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+@RunWith(Suite.class)
+@Suite.SuiteClasses({
+ GithubPermissionConverterTest.ToSonarqubeRolesForDefaultRepositoryPermissionTest.class,
+ GithubPermissionConverterTest.ToSonarqubeRolesWithFallbackOnRepositoryPermissionsTest.class
+})
+public class GithubPermissionConverterTest {
+
+ private static final Set<GithubPermissionsMappingDto> ALL_PERMISSIONS_MAPPING_FROM_DB = Set.of(
+ new GithubPermissionsMappingDto("uuid1", "read", "roleRead"),
+ new GithubPermissionsMappingDto("uuid2", "triage", "roleTriage"),
+ new GithubPermissionsMappingDto("uuid3", "write", "roleWrite"),
+ new GithubPermissionsMappingDto("uuid4", "maintain", "roleMaintain"),
+ new GithubPermissionsMappingDto("uuid5", "admin", "roleAdmin")
+ ) ;
+
+ private static final GsonRepositoryPermissions NO_PERMS = new GsonRepositoryPermissions(false, false, false, false, false);
+ private static final GsonRepositoryPermissions READ_PERMS = new GsonRepositoryPermissions(false, false, false, false, true);
+ private static final GsonRepositoryPermissions TRIAGE_PERMS = new GsonRepositoryPermissions(false, false, false, true, true);
+ private static final GsonRepositoryPermissions WRITE_PERMS = new GsonRepositoryPermissions(false, false, true, true, true);
+ private static final GsonRepositoryPermissions MAINTAIN_PERMS = new GsonRepositoryPermissions(false, true, true, true, true);
+ private static final GsonRepositoryPermissions ADMIN_PERMS = new GsonRepositoryPermissions(true, true, true, true, true);
+
+ @RunWith(Parameterized.class)
+ public static class ToSonarqubeRolesWithFallbackOnRepositoryPermissionsTest {
+ private final GithubPermissionConverter githubPermissionConverter = new GithubPermissionConverter();
+ private final String role;
+ private final GsonRepositoryPermissions repositoryPermissions;
+ private final Set<String> expectedSqPermissions;
+
+ @Parameterized.Parameters(name = "GH role:{0}, GH perms:{1}, Expected SQ perms:{2}")
+ public static Iterable<Object[]> testData() {
+ return Arrays.asList(new Object[][] {
+ {"none", NO_PERMS, Set.of()},
+ {"read", NO_PERMS, Set.of("roleRead")},
+ {"read", READ_PERMS, Set.of("roleRead")},
+ {"pull", NO_PERMS, Set.of("roleRead")},
+ {"triage", NO_PERMS, Set.of("roleTriage")},
+ {"write", NO_PERMS, Set.of("roleWrite")},
+ {"push", NO_PERMS, Set.of("roleWrite")},
+ {"maintain", NO_PERMS, Set.of("roleMaintain")},
+ {"admin", NO_PERMS, Set.of("roleAdmin")},
+ {"custom_role_extending_read", READ_PERMS, Set.of("roleRead")},
+ {"custom_role_extending_triage", TRIAGE_PERMS, Set.of("roleTriage")},
+ {"custom_role_extending_write", WRITE_PERMS, Set.of("roleWrite")},
+ {"custom_role_extending_maintain", MAINTAIN_PERMS, Set.of("roleMaintain")},
+ {"custom_role_extending_admin", ADMIN_PERMS, Set.of("roleAdmin")},
+ });
+ }
+
+ public ToSonarqubeRolesWithFallbackOnRepositoryPermissionsTest(String role, GsonRepositoryPermissions repositoryPermissions, Set<String> expectedSqPermissions) {
+ this.role = role;
+ this.repositoryPermissions = repositoryPermissions;
+ this.expectedSqPermissions = expectedSqPermissions;
+ }
+
+ @Test
+ public void toGithubRepositoryPermissions_convertsCorrectly() {
+ Set<String> actualPermissions = githubPermissionConverter.toSonarqubeRolesWithFallbackOnRepositoryPermissions(ALL_PERMISSIONS_MAPPING_FROM_DB, role, repositoryPermissions);
+ assertThat(actualPermissions).isEqualTo(expectedSqPermissions);
+ }
+ }
+
+ @RunWith(Parameterized.class)
+ public static class ToSonarqubeRolesForDefaultRepositoryPermissionTest {
+ private final GithubPermissionConverter githubPermissionConverter = new GithubPermissionConverter();
+ private final String role;
+ private final Set<String> expectedSqPermissions;
+
+ @Parameterized.Parameters(name = "GH role:{0}, GH perms:{1}, Expected SQ perms:{2}")
+ public static Iterable<Object[]> testData() {
+ return Arrays.asList(new Object[][] {
+ {"none", Set.of()},
+ {"read", Set.of("roleRead")},
+ {"triage", Set.of("roleTriage")},
+ {"write", Set.of("roleWrite")},
+ {"maintain", Set.of("roleMaintain")},
+ {"admin", Set.of("roleAdmin")}
+ });
+ }
+
+ public ToSonarqubeRolesForDefaultRepositoryPermissionTest(String role, Set<String> expectedSqPermissions) {
+ this.role = role;
+ this.expectedSqPermissions = expectedSqPermissions;
+ }
+
+ @Test
+ public void toGithubRepositoryPermissions_convertsCorrectly() {
+ Set<String> actualPermissions = githubPermissionConverter.toSonarqubeRolesForDefaultRepositoryPermission(ALL_PERMISSIONS_MAPPING_FROM_DB, role);
+ assertThat(actualPermissions).isEqualTo(expectedSqPermissions);
+ }
+ }
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.permission;
+
+import java.util.List;
+import org.sonar.db.permission.GlobalPermission;
+
+public interface PermissionService {
+
+ List<GlobalPermission> getGlobalPermissions();
+ List<String> getAllProjectPermissions();
+
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.permission;
+
+import java.util.Collections;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Set;
+import javax.annotation.concurrent.Immutable;
+import org.sonar.api.resources.Qualifiers;
+import org.sonar.api.resources.ResourceTypes;
+import org.sonar.api.web.UserRole;
+import org.sonar.db.permission.GlobalPermission;
+
+@Immutable
+public class PermissionServiceImpl implements PermissionService {
+ public static final Set<String> ALL_PROJECT_PERMISSIONS = Collections.unmodifiableSet(new LinkedHashSet<>(List.of(
+ UserRole.ADMIN,
+ UserRole.CODEVIEWER,
+ UserRole.ISSUE_ADMIN,
+ UserRole.SECURITYHOTSPOT_ADMIN,
+ UserRole.SCAN,
+ UserRole.USER
+ )));
+
+ private static final List<GlobalPermission> ALL_GLOBAL_PERMISSIONS = List.of(GlobalPermission.values());
+
+ private final List<GlobalPermission> globalPermissions;
+ private final List<String> projectPermissions;
+
+ public PermissionServiceImpl(ResourceTypes resourceTypes) {
+ globalPermissions = List.copyOf(ALL_GLOBAL_PERMISSIONS.stream()
+ .filter(s -> !s.equals(GlobalPermission.APPLICATION_CREATOR) || resourceTypes.isQualifierPresent(Qualifiers.APP))
+ .filter(s -> !s.equals(GlobalPermission.PORTFOLIO_CREATOR) || resourceTypes.isQualifierPresent(Qualifiers.VIEW))
+ .toList());
+ projectPermissions = List.copyOf(ALL_PROJECT_PERMISSIONS.stream()
+ .filter(s -> !s.equals(GlobalPermission.APPLICATION_CREATOR.getKey()) || resourceTypes.isQualifierPresent(Qualifiers.APP))
+ .filter(s -> !s.equals(GlobalPermission.PORTFOLIO_CREATOR.getKey()) || resourceTypes.isQualifierPresent(Qualifiers.VIEW))
+ .toList());
+ }
+
+ /**
+ * Return an immutable Set of all permissions
+ */
+ @Override
+ public List<GlobalPermission> getGlobalPermissions() {
+ return globalPermissions;
+ }
+
+ /**
+ * Return an immutable Set of all project permissions
+ */
+ @Override
+ public List<String> getAllProjectPermissions() {
+ return projectPermissions;
+ }
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+@ParametersAreNonnullByDefault
+package org.sonar.server.permission;
+
+import javax.annotation.ParametersAreNonnullByDefault;
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.permission;
+
+import org.junit.Test;
+import org.sonar.db.component.ResourceTypesRule;
+import org.sonar.db.permission.GlobalPermission;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class PermissionServiceImplTest {
+
+ private ResourceTypesRule resourceTypesRule = new ResourceTypesRule().setRootQualifiers("APP", "VW");
+ private PermissionServiceImpl underTest = new PermissionServiceImpl(resourceTypesRule);
+
+ @Test
+ public void globalPermissions_must_be_ordered() {
+ assertThat(underTest.getGlobalPermissions())
+ .extracting(GlobalPermission::getKey)
+ .containsExactly("admin", "gateadmin", "profileadmin", "provisioning", "scan", "applicationcreator", "portfoliocreator");
+ }
+
+ @Test
+ public void projectPermissions_must_be_ordered() {
+ assertThat(underTest.getAllProjectPermissions())
+ .containsExactly("admin", "codeviewer", "issueadmin", "securityhotspotadmin", "scan", "user");
+ }
+}
+++ /dev/null
-/*
- * SonarQube
- * Copyright (C) 2009-2023 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonar.server.permission;
-
-import java.util.List;
-import org.sonar.db.permission.GlobalPermission;
-
-public interface PermissionService {
-
- List<GlobalPermission> getGlobalPermissions();
- List<String> getAllProjectPermissions();
-
-}
+++ /dev/null
-/*
- * SonarQube
- * Copyright (C) 2009-2023 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonar.server.permission;
-
-import java.util.Collections;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Set;
-import javax.annotation.concurrent.Immutable;
-import org.sonar.api.resources.Qualifiers;
-import org.sonar.api.resources.ResourceTypes;
-import org.sonar.api.web.UserRole;
-import org.sonar.db.permission.GlobalPermission;
-
-@Immutable
-public class PermissionServiceImpl implements PermissionService {
- public static final Set<String> ALL_PROJECT_PERMISSIONS = Collections.unmodifiableSet(new LinkedHashSet<>(List.of(
- UserRole.ADMIN,
- UserRole.CODEVIEWER,
- UserRole.ISSUE_ADMIN,
- UserRole.SECURITYHOTSPOT_ADMIN,
- UserRole.SCAN,
- UserRole.USER
- )));
-
- private static final List<GlobalPermission> ALL_GLOBAL_PERMISSIONS = List.of(GlobalPermission.values());
-
- private final List<GlobalPermission> globalPermissions;
- private final List<String> projectPermissions;
-
- public PermissionServiceImpl(ResourceTypes resourceTypes) {
- globalPermissions = List.copyOf(ALL_GLOBAL_PERMISSIONS.stream()
- .filter(s -> !s.equals(GlobalPermission.APPLICATION_CREATOR) || resourceTypes.isQualifierPresent(Qualifiers.APP))
- .filter(s -> !s.equals(GlobalPermission.PORTFOLIO_CREATOR) || resourceTypes.isQualifierPresent(Qualifiers.VIEW))
- .toList());
- projectPermissions = List.copyOf(ALL_PROJECT_PERMISSIONS.stream()
- .filter(s -> !s.equals(GlobalPermission.APPLICATION_CREATOR.getKey()) || resourceTypes.isQualifierPresent(Qualifiers.APP))
- .filter(s -> !s.equals(GlobalPermission.PORTFOLIO_CREATOR.getKey()) || resourceTypes.isQualifierPresent(Qualifiers.VIEW))
- .toList());
- }
-
- /**
- * Return an immutable Set of all permissions
- */
- @Override
- public List<GlobalPermission> getGlobalPermissions() {
- return globalPermissions;
- }
-
- /**
- * Return an immutable Set of all project permissions
- */
- @Override
- public List<String> getAllProjectPermissions() {
- return projectPermissions;
- }
-}
+++ /dev/null
-/*
- * SonarQube
- * Copyright (C) 2009-2023 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonar.server.permission;
-
-import org.junit.Test;
-import org.sonar.db.component.ResourceTypesRule;
-import org.sonar.db.permission.GlobalPermission;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-public class PermissionServiceImplTest {
-
- private ResourceTypesRule resourceTypesRule = new ResourceTypesRule().setRootQualifiers("APP", "VW");
- private PermissionServiceImpl underTest = new PermissionServiceImpl(resourceTypesRule);
-
- @Test
- public void globalPermissions_must_be_ordered() {
- assertThat(underTest.getGlobalPermissions())
- .extracting(GlobalPermission::getKey)
- .containsExactly("admin", "gateadmin", "profileadmin", "provisioning", "scan", "applicationcreator", "portfoliocreator");
- }
-
- @Test
- public void projectPermissions_must_be_ordered() {
- assertThat(underTest.getAllProjectPermissions())
- .containsExactly("admin", "codeviewer", "issueadmin", "securityhotspotadmin", "scan", "user");
- }
-}
projects / sonarqube.git / commitdiff