+++ /dev/null
-/*
- * SonarQube
- * Copyright (C) 2009-2023 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonar.core.permission;
-
-import com.google.common.base.Joiner;
-import java.util.List;
-import org.sonar.db.permission.GlobalPermission;
-
-/**
- * Holds the constants representing the various global permissions that can be assigned to users & groups
- *
- * @deprecated replaced by enum {@link GlobalPermission}
- */
-@Deprecated
-public final class GlobalPermissions {
- public static final String SYSTEM_ADMIN = "admin";
- public static final String QUALITY_PROFILE_ADMIN = "profileadmin";
- public static final String QUALITY_GATE_ADMIN = "gateadmin";
- public static final String SCAN_EXECUTION = "scan";
- public static final String PROVISIONING = "provisioning";
-
- /**
- * All the global permissions values, ordered from {@link #SYSTEM_ADMIN} to {@link #PROVISIONING}.
- */
- public static final List<String> ALL = List.of(
- SYSTEM_ADMIN,
- QUALITY_PROFILE_ADMIN,
- QUALITY_GATE_ADMIN,
- SCAN_EXECUTION,
- PROVISIONING
- );
- public static final String ALL_ON_ONE_LINE = Joiner.on(", ").join(GlobalPermissions.ALL);
-
- private GlobalPermissions() {
- // only static methods
- }
-}
*/
package org.sonar.db.permission;
+import java.util.Arrays;
+import java.util.stream.Collectors;
+
public enum GlobalPermission {
ADMINISTER("admin"),
APPLICATION_CREATOR("applicationcreator"),
PORTFOLIO_CREATOR("portfoliocreator");
+ public static final String ALL_ON_ONE_LINE = Arrays.stream(values()).map(GlobalPermission::getKey).collect(Collectors.joining(", "));
+
private final String key;
GlobalPermission(String key) {
}
throw new IllegalArgumentException("Unsupported permission: " + key);
}
+
+ public static boolean contains(String key) {
+ return Arrays.stream(values()).anyMatch(v -> v.getKey().equals(key));
+ }
}
import static com.google.common.collect.Sets.newHashSet;
import static java.util.Collections.singleton;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_PROFILES;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
public class AuthorizationDaoTest {
private static final String PROJECT_UUID = "uuid";
- private static final int MISSING_ID = -1;
private static final String MISSING_UUID = "unknown";
private static final String A_PERMISSION = "a-permission";
private static final String DOES_NOT_EXIST = "does-not-exist";
db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);
db.users().insertMember(group1, user1);
db.users().insertMember(group1, user2);
- db.users().insertPermissionOnUser(user3, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user3, ADMINISTER);
db.users().insertPermissionOnAnyone(ADMINISTER);
assertThat(underTest.selectUserUuidsWithGlobalPermission(db.getSession(), ADMINISTER.getKey()))
@Test
public void selectQualityProfileAdministratorLogins_return_users_with_quality_profile_administrator_permission() {
UserDto user1 = db.users().insertUser(withEmail("user1"));
- db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertGlobalPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES);
UserDto user2 = db.users().insertUser(withEmail("user2"));
- db.users().insertPermissionOnUser(user2, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertGlobalPermissionOnUser(user2, ADMINISTER_QUALITY_PROFILES);
Set<EmailSubscriberDto> subscribers = underTest.selectQualityProfileAdministratorLogins(dbSession);
@Test
public void selectQualityProfileAdministratorLogins_does_not_return_non_quality_profile_administrator() {
UserDto user1 = db.users().insertUser(withEmail("user1"));
- db.users().insertPermissionOnUser(user1, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user1, ADMINISTER);
db.users().insertUser(withoutEmail("user2"));
Set<EmailSubscriberDto> subscribers = underTest.selectQualityProfileAdministratorLogins(dbSession);
@Test
public void selectQualityProfileAdministratorLogins_does_not_return_quality_profile_administrator_without_email() {
UserDto user1NoEmail = db.users().insertUser(withoutEmail("user1NoEmail"));
- db.users().insertPermissionOnUser(user1NoEmail, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertGlobalPermissionOnUser(user1NoEmail, ADMINISTER_QUALITY_PROFILES);
UserDto user1WithEmail = db.users().insertUser(withEmail("user1WithEmail"));
- db.users().insertPermissionOnUser(user1WithEmail, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertGlobalPermissionOnUser(user1WithEmail, ADMINISTER_QUALITY_PROFILES);
GroupDto qualityProfileAdministratorGroup1 = db.users().insertGroup();
db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup1, ADMINISTER_QUALITY_PROFILES);
UserDto user2NoEmail = db.users().insertUser(withoutEmail("user2NoEmail"));
UserDto user3WithEmail = db.users().insertUser(withEmail("user3WithEmail"));
db.users().insertMember(qualityProfileAdministratorGroup2, user3WithEmail);
UserDto user4NoEmail = db.users().insertUser(withoutEmail("user4NoEmail"));
- db.users().insertPermissionOnUser(user4NoEmail, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertGlobalPermissionOnUser(user4NoEmail, ADMINISTER_QUALITY_PROFILES);
UserDto user4WithEmail = db.users().insertUser(withEmail("user4WithEmail"));
- db.users().insertPermissionOnUser(user4WithEmail, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertGlobalPermissionOnUser(user4WithEmail, ADMINISTER_QUALITY_PROFILES);
UserDto user5NoEmail = db.users().insertUser(withoutEmail("user5NoEmail"));
- db.users().insertPermissionOnUser(user5NoEmail, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertGlobalPermissionOnUser(user5NoEmail, ADMINISTER_QUALITY_PROFILES);
UserDto user5WithEmail = db.users().insertUser(withEmail("user5WithEmail"));
- db.users().insertPermissionOnUser(user5WithEmail, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertGlobalPermissionOnUser(user5WithEmail, ADMINISTER_QUALITY_PROFILES);
db.users().insertUser(withoutEmail("user6NoEmail"));
db.users().insertUser(withEmail("user6WithEmail"));
@Test
public void selectGlobalAdministerEmailSubscribers_returns_only_global_administers() {
UserDto user1 = db.users().insertUser(withEmail("user1"));
- db.users().insertPermissionOnUser(user1, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user1, ADMINISTER);
UserDto user2 = db.users().insertUser(withEmail("user2"));
- db.users().insertPermissionOnUser(user2, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user2, ADMINISTER);
// user3 is global administer via a group
GroupDto administratorGroup2 = db.users().insertGroup();
db.users().insertMember(administratorGroup2, user3);
// user4 has another global permission via a group
GroupDto administratorGroup3 = db.users().insertGroup();
- db.users().insertPermissionOnGroup(administratorGroup3, QUALITY_PROFILE_ADMIN);
+ db.users().insertPermissionOnGroup(administratorGroup3, ADMINISTER_QUALITY_PROFILES);
UserDto user4 = db.users().insertUser(withEmail("user4"));
db.users().insertMember(administratorGroup3, user4);
db.users().insertProjectPermissionOnUser(user5, "admin", project);
// user6 has other global permission
UserDto user6 = db.users().insertUser(withEmail("user6"));
- db.users().insertPermissionOnUser(user6, ADMINISTER_QUALITY_PROFILES);
+ db.users().insertGlobalPermissionOnUser(user6, ADMINISTER_QUALITY_PROFILES);
// user7 has no permission
db.users().insertUser(withEmail("user7"));
public void selectGlobalAdministerEmailSubscribers_ignores_global_administers_without_email() {
// user1 and user1NoEmail are global administers
UserDto user1 = db.users().insertUser(withEmail("user1"));
- db.users().insertPermissionOnUser(user1, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user1, ADMINISTER);
UserDto user1NoEmail = db.users().insertUser(withoutEmail("user1NoEmail"));
- db.users().insertPermissionOnUser(user1NoEmail, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user1NoEmail, ADMINISTER);
// user2 and user2NoEmail are global administers
UserDto user2 = db.users().insertUser(withEmail("user2"));
- db.users().insertPermissionOnUser(user2, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user2, ADMINISTER);
UserDto user2NoEmail = db.users().insertUser(withoutEmail("user2NoEmail"));
- db.users().insertPermissionOnUser(user2NoEmail, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user2NoEmail, ADMINISTER);
// user3 and user3NoEmail are global administer via a group
GroupDto administratorGroup2 = db.users().insertGroup();
*/
package org.sonar.db.permission;
+import java.util.Arrays;
import org.junit.Test;
import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
public class GlobalPermissionTest {
assertThat(GlobalPermission.fromKey(p.getKey())).isEqualTo(p);
}
}
+
+ @Test
+ public void fromKey_throws_exception_for_non_existing_keys() {
+ String non_existing_permission = "non_existing";
+ assertThatThrownBy(() -> GlobalPermission.fromKey(non_existing_permission))
+ .isInstanceOf(IllegalArgumentException.class);
+ }
+
+ @Test
+ public void contains_returns_true_for_existing_permissions() {
+ Arrays.stream(GlobalPermission.values())
+ .map(GlobalPermission::getKey)
+ .forEach(key -> {
+ assertThat(GlobalPermission.contains(key)).isTrue();
+ });
+ }
+
+ @Test
+ public void contains_returns_false_for_non_existing_permissions() {
+ String non_existing_permission = "non_existing";
+ assertThat(GlobalPermission.contains(non_existing_permission)).isFalse();
+ }
+
+ @Test
+ public void all_in_one_line_contains_all_permissions() {
+ assertThat(GlobalPermission.ALL_ON_ONE_LINE).isEqualTo("admin, gateadmin, profileadmin, provisioning, scan, applicationcreator, portfoliocreator");
+ }
}
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.api.security.DefaultGroups.ANYONE;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
-import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE;
public class GroupPermissionDaoTest {
ComponentDto project2 = db.components().insertPrivateProject();
ComponentDto project3 = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnGroup(group1, ISSUE_ADMIN, project1);
- db.users().insertProjectPermissionOnGroup(group1, ADMIN, project2);
- db.users().insertProjectPermissionOnGroup(group2, ADMIN, project2);
- db.users().insertProjectPermissionOnGroup(group3, ADMIN, project2);
- db.users().insertProjectPermissionOnGroup(group1, USER, project2);
- db.users().insertProjectPermissionOnGroup(group1, USER, project3);
+ db.users().insertProjectPermissionOnGroup(group1, UserRole.ISSUE_ADMIN, project1);
+ db.users().insertProjectPermissionOnGroup(group1, UserRole.ADMIN, project2);
+ db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project2);
+ db.users().insertProjectPermissionOnGroup(group3, UserRole.ADMIN, project2);
+ db.users().insertProjectPermissionOnGroup(group1, UserRole.USER, project2);
+ db.users().insertProjectPermissionOnGroup(group1, UserRole.USER, project3);
final List<CountPerProjectPermission> result = new ArrayList<>();
underTest.groupsCountByComponentUuidAndPermission(dbSession, asList(project2.uuid(), project3.uuid(), "789"),
context -> result.add(context.getResultObject()));
assertThat(result).hasSize(3);
- assertThat(result).extracting("permission").containsOnly(ADMIN, USER);
+ assertThat(result).extracting("permission").containsOnly(UserRole.ADMIN, UserRole.USER);
assertThat(result).extracting("componentUuid").containsOnly(project2.uuid(), project3.uuid());
assertThat(result).extracting("count").containsOnly(3, 1);
}
GroupDto group2 = db.users().insertGroup("Group-2");
GroupDto group3 = db.users().insertGroup("Group-3");
GroupDto group1 = db.users().insertGroup("Group-1");
- db.users().insertPermissionOnAnyone(SCAN);
- db.users().insertPermissionOnGroup(group3, SCAN);
+ db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
+ db.users().insertPermissionOnGroup(group3, GlobalPermission.SCAN);
assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().build()))
.containsExactly(ANYONE, group3.getName(), group1.getName(), group2.getName());
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> {
GroupDto group = db.users().insertGroup("Group-" + i);
// Add permission on project to be sure projects are excluded
- db.users().insertProjectPermissionOnGroup(group, SCAN.getKey(), project);
+ db.users().insertProjectPermissionOnGroup(group, GlobalPermission.SCAN.getKey(), project);
});
String lastGroupName = "Group-" + (DEFAULT_PAGE_SIZE + 1);
- db.users().insertPermissionOnGroup(db.users().selectGroup(lastGroupName).get(), SCAN);
+ db.users().insertPermissionOnGroup(db.users().selectGroup(lastGroupName).get(), GlobalPermission.SCAN);
assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().build()))
.hasSize(DEFAULT_PAGE_SIZE)
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> {
GroupDto group = db.users().insertGroup("Group-" + i);
// Add global permission to be sure they are excluded
- db.users().insertPermissionOnGroup(group, SCAN.getKey());
+ db.users().insertPermissionOnGroup(group, GlobalPermission.SCAN.getKey());
});
ComponentDto project = db.components().insertPrivateProject();
String lastGroupName = "Group-" + (DEFAULT_PAGE_SIZE + 1);
- db.users().insertProjectPermissionOnGroup(db.users().selectGroup(lastGroupName).get(), SCAN.getKey(), project);
+ db.users().insertProjectPermissionOnGroup(db.users().selectGroup(lastGroupName).get(), GlobalPermission.SCAN.getKey(), project);
assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery()
.setComponent(project)
GroupDto group1 = db.users().insertGroup("Group-1");
db.users().insertGroup("Group-2");
db.users().insertGroup("Group-3");
- db.users().insertPermissionOnAnyone(SCAN);
- db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);
+ db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
+ db.users().insertPermissionOnGroup(group1, GlobalPermission.PROVISION_PROJECTS);
assertThat(underTest.countGroupsByQuery(dbSession,
newQuery().build())).isEqualTo(4);
assertThat(underTest.countGroupsByQuery(dbSession,
- newQuery().setPermission(PROVISION_PROJECTS.getKey()).build())).isOne();
+ newQuery().setPermission(GlobalPermission.PROVISION_PROJECTS.getKey()).build())).isOne();
assertThat(underTest.countGroupsByQuery(dbSession,
newQuery().withAtLeastOnePermission().build())).isEqualTo(2);
assertThat(underTest.countGroupsByQuery(dbSession,
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertPermissionOnAnyone(SCAN);
- db.users().insertPermissionOnAnyone(PROVISION_PROJECTS);
- db.users().insertPermissionOnGroup(group1, SCAN);
- db.users().insertPermissionOnGroup(group3, ADMINISTER);
+ db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
+ db.users().insertPermissionOnAnyone(GlobalPermission.PROVISION_PROJECTS);
+ db.users().insertPermissionOnGroup(group1, GlobalPermission.SCAN);
+ db.users().insertPermissionOnGroup(group3, GlobalPermission.ADMINISTER);
db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project);
assertThat(underTest.selectGroupNamesByQuery(dbSession,
- newQuery().setPermission(SCAN.getKey()).build())).containsExactly(ANYONE, group1.getName());
+ newQuery().setPermission(GlobalPermission.SCAN.getKey()).build())).containsExactly(ANYONE, group1.getName());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
- newQuery().setPermission(ADMINISTER.getKey()).build())).containsExactly(group3.getName());
+ newQuery().setPermission(GlobalPermission.ADMINISTER.getKey()).build())).containsExactly(group3.getName());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
- newQuery().setPermission(PROVISION_PROJECTS.getKey()).build())).containsExactly(ANYONE);
+ newQuery().setPermission(GlobalPermission.PROVISION_PROJECTS.getKey()).build())).containsExactly(ANYONE);
}
@Test
ComponentDto project = db.components().insertPrivateProject();
ComponentDto anotherProject = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnGroup(group1, SCAN.getKey(), project);
- db.users().insertProjectPermissionOnGroup(group1, PROVISION_PROJECTS.getKey(), project);
+ db.users().insertProjectPermissionOnGroup(group1, GlobalPermission.SCAN.getKey(), project);
+ db.users().insertProjectPermissionOnGroup(group1, GlobalPermission.PROVISION_PROJECTS.getKey(), project);
- db.users().insertProjectPermissionOnGroup(group1, ADMIN, anotherProject);
+ db.users().insertProjectPermissionOnGroup(group1, UserRole.ADMIN, anotherProject);
db.users().insertProjectPermissionOnGroup(group3, UserRole.SCAN, anotherProject);
- db.users().insertPermissionOnGroup(group2, SCAN);
+ db.users().insertPermissionOnGroup(group2, GlobalPermission.SCAN);
PermissionQuery.Builder builderOnComponent = newQuery()
.setComponent(project);
assertThat(underTest.selectGroupNamesByQuery(dbSession,
builderOnComponent.withAtLeastOnePermission().build())).containsOnlyOnce(group1.getName());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
- builderOnComponent.setPermission(SCAN_EXECUTION).build())).containsOnlyOnce(group1.getName());
+ builderOnComponent.setPermission(GlobalPermission.SCAN.getKey()).build())).containsOnlyOnce(group1.getName());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
- builderOnComponent.setPermission(USER).build())).isEmpty();
+ builderOnComponent.setPermission(UserRole.USER).build())).isEmpty();
}
@Test
public void selectGroupNamesByQuery_with_search_query() {
GroupDto group = db.users().insertGroup("group-anyone");
db.users().insertGroup("unknown");
- db.users().insertPermissionOnGroup(group, SCAN);
+ db.users().insertPermissionOnGroup(group, GlobalPermission.SCAN);
assertThat(underTest.selectGroupNamesByQuery(dbSession,
newQuery().setSearchQuery("any").build())).containsOnlyOnce(ANYONE, group.getName());
@Test
public void selectByGroupUuids_on_global_permissions() {
GroupDto group1 = db.users().insertGroup("Group-1");
- db.users().insertPermissionOnGroup(group1, SCAN);
+ db.users().insertPermissionOnGroup(group1, GlobalPermission.SCAN);
GroupDto group2 = db.users().insertGroup("Group-2");
ComponentDto project = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project);
GroupDto group3 = db.users().insertGroup("Group-3");
- db.users().insertPermissionOnGroup(group3, ADMINISTER);
+ db.users().insertPermissionOnGroup(group3, GlobalPermission.ADMINISTER);
// Anyone
- db.users().insertPermissionOnAnyone(SCAN);
- db.users().insertPermissionOnAnyone(PROVISION_PROJECTS);
+ db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
+ db.users().insertPermissionOnAnyone(GlobalPermission.PROVISION_PROJECTS);
assertThat(underTest.selectByGroupUuids(dbSession, asList(group1.getUuid()), null))
.extracting(GroupPermissionDto::getGroupUuid, GroupPermissionDto::getRole, GroupPermissionDto::getComponentUuid)
- .containsOnly(tuple(group1.getUuid(), SCAN_EXECUTION, null));
+ .containsOnly(tuple(group1.getUuid(), GlobalPermission.SCAN.getKey(), null));
assertThat(underTest.selectByGroupUuids(dbSession, asList(group2.getUuid()), null)).isEmpty();
assertThat(underTest.selectByGroupUuids(dbSession, asList(group3.getUuid()), null))
.extracting(GroupPermissionDto::getGroupUuid, GroupPermissionDto::getRole, GroupPermissionDto::getComponentUuid)
- .containsOnly(tuple(group3.getUuid(), ADMINISTER.getKey(), null));
+ .containsOnly(tuple(group3.getUuid(), GlobalPermission.ADMINISTER.getKey(), null));
assertThat(underTest.selectByGroupUuids(dbSession, asList(ANYONE_UUID), null))
.extracting(GroupPermissionDto::getGroupUuid, GroupPermissionDto::getRole, GroupPermissionDto::getComponentUuid)
.containsOnly(
- tuple(ANYONE_UUID, SCAN.getKey(), null),
- tuple(ANYONE_UUID, PROVISION_PROJECTS.getKey(), null));
+ tuple(ANYONE_UUID, GlobalPermission.SCAN.getKey(), null),
+ tuple(ANYONE_UUID, GlobalPermission.PROVISION_PROJECTS.getKey(), null));
assertThat(underTest.selectByGroupUuids(dbSession, asList(group1.getUuid(), group2.getUuid(), ANYONE_UUID), null)).hasSize(3);
assertThat(underTest.selectByGroupUuids(dbSession, asList(MISSING_UUID), null)).isEmpty();
@Test
public void selectByGroupUuids_on_private_projects() {
GroupDto group1 = db.users().insertGroup("Group-1");
- db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);
+ db.users().insertPermissionOnGroup(group1, GlobalPermission.PROVISION_PROJECTS);
GroupDto group2 = db.users().insertGroup("Group-2");
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnGroup(group2, USER, project);
+ db.users().insertProjectPermissionOnGroup(group2, UserRole.USER, project);
GroupDto group3 = db.users().insertGroup("Group-3");
- db.users().insertProjectPermissionOnGroup(group3, USER, project);
+ db.users().insertProjectPermissionOnGroup(group3, UserRole.USER, project);
// Anyone group
- db.users().insertPermissionOnAnyone(SCAN);
+ db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
assertThat(underTest.selectByGroupUuids(dbSession, singletonList(group1.getUuid()), project.uuid())).isEmpty();
assertThat(underTest.selectByGroupUuids(dbSession, singletonList(group2.getUuid()), project.uuid()))
.extracting(GroupPermissionDto::getGroupUuid, GroupPermissionDto::getRole, GroupPermissionDto::getComponentUuid)
- .containsOnly(tuple(group2.getUuid(), USER, project.uuid()));
+ .containsOnly(tuple(group2.getUuid(), UserRole.USER, project.uuid()));
assertThat(underTest.selectByGroupUuids(dbSession, singletonList(group3.getUuid()), project.uuid()))
.extracting(GroupPermissionDto::getGroupUuid, GroupPermissionDto::getRole, GroupPermissionDto::getComponentUuid)
- .containsOnly(tuple(group3.getUuid(), USER, project.uuid()));
+ .containsOnly(tuple(group3.getUuid(), UserRole.USER, project.uuid()));
assertThat(underTest.selectByGroupUuids(dbSession, singletonList(ANYONE_UUID), project.uuid()))
.isEmpty();
import static java.util.Collections.singletonList;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.tuple;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
-import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
-import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE;
public class UserPermissionDaoTest {
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com"));
ComponentDto project = db.components().insertPrivateProject();
- UserPermissionDto global1 = addGlobalPermission(SYSTEM_ADMIN, user1);
- UserPermissionDto global2 = addGlobalPermission(SYSTEM_ADMIN, user2);
- UserPermissionDto global3 = addGlobalPermission(PROVISIONING, user2);
- UserPermissionDto project1Perm = addProjectPermission(USER, user3, project);
+ UserPermissionDto global1 = addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user1);
+ UserPermissionDto global2 = addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user2);
+ UserPermissionDto global3 = addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user2);
+ UserPermissionDto project1Perm = addProjectPermission(UserRole.USER, user3, project);
// global permissions of users who has at least one global permission, ordered by user name then permission
PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().build();
expectPermissions(query, asList(user2.getUuid(), user1.getUuid(), user3.getUuid()), global2, global3, global1, project1Perm);
// global permissions "admin"
- query = PermissionQuery.builder().setPermission(SYSTEM_ADMIN).build();
+ query = PermissionQuery.builder().setPermission(GlobalPermission.ADMINISTER.getKey()).build();
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global1);
// empty if nobody has the specified global permission
query = PermissionQuery.builder().setPermission("missing").build();
expectPermissions(query, emptyList());
- // search by user name (matches 2 users)
+ // search by username (matches 2 users)
query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("mari").build();
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global3, global1);
expectPermissions(query, singletonList(user2.getUuid()), global2, global3);
// search by user name (matches 2 users) and global permission
- query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(PROVISIONING).build();
+ query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(GlobalPermission.PROVISION_PROJECTS.getKey()).build();
expectPermissions(query, singletonList(user2.getUuid()), global3);
// search by user name (no match)
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com"));
- addGlobalPermission(SYSTEM_ADMIN, user1);
+ addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user1);
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
- UserPermissionDto perm1 = addProjectPermission(USER, user1, project1);
- UserPermissionDto perm2 = addProjectPermission(ISSUE_ADMIN, user1, project1);
- UserPermissionDto perm3 = addProjectPermission(ISSUE_ADMIN, user2, project1);
- addProjectPermission(ISSUE_ADMIN, user3, project2);
+ UserPermissionDto perm1 = addProjectPermission(UserRole.USER, user1, project1);
+ UserPermissionDto perm2 = addProjectPermission(UserRole.ISSUE_ADMIN, user1, project1);
+ UserPermissionDto perm3 = addProjectPermission(UserRole.ISSUE_ADMIN, user2, project1);
+ addProjectPermission(UserRole.ISSUE_ADMIN, user3, project2);
// project permissions of users who has at least one permission on this project
PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().setComponent(project1).build();
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2, perm1);
// search by user name (matches 2 users) and project permission
- query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(ISSUE_ADMIN).setComponent(project1).build();
+ query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(UserRole.ISSUE_ADMIN).setComponent(project1).build();
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2);
// search by user name (no match)
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com"));
UserDto user3 = insertUser(u -> u.setLogin("login3").setName("Z").setEmail("zanother3@another.com"));
UserDto user4 = insertUser(u -> u.setLogin("login4").setName("A").setEmail("zanother3@another.com"));
- addGlobalPermission(SYSTEM_ADMIN, user1);
- addGlobalPermission(QUALITY_PROFILE_ADMIN, user2);
+ addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user1);
+ addGlobalPermission(GlobalPermission.ADMINISTER_QUALITY_PROFILES.getKey(), user2);
PermissionQuery query = PermissionQuery.builder().build();
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> {
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i));
// Add permission on project to be sure projects are excluded
- db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project);
+ db.users().insertProjectPermissionOnUser(user, GlobalPermission.SCAN.getKey(), project);
});
String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1);
UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin);
- addGlobalPermission(SYSTEM_ADMIN, lastUser);
+ addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), lastUser);
PermissionQuery query = PermissionQuery.builder().build();
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> {
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i));
// Add global permission to be sure they are excluded
- addGlobalPermission(SYSTEM_ADMIN, user);
+ addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user);
});
String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1);
UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin);
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnUser(lastUser, SCAN.getKey(), project);
+ db.users().insertProjectPermissionOnUser(lastUser, GlobalPermission.SCAN.getKey(), project);
PermissionQuery query = PermissionQuery.builder()
.setComponent(project)
public void selectUserUuidsByQuery_is_not_ordering_by_number_of_permissions() {
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com"));
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com"));
- addGlobalPermission(SYSTEM_ADMIN, user1);
+ addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user1);
ComponentDto project1 = db.components().insertPrivateProject();
- addProjectPermission(USER, user2, project1);
- addProjectPermission(USER, user1, project1);
- addProjectPermission(ADMIN, user1, project1);
+ addProjectPermission(UserRole.USER, user2, project1);
+ addProjectPermission(UserRole.USER, user1, project1);
+ addProjectPermission(UserRole.ADMIN, user1, project1);
PermissionQuery query = PermissionQuery.builder().build();
UserDto user2 = insertUser();
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
- addGlobalPermission(SYSTEM_ADMIN, user1);
- addProjectPermission(USER, user1, project1);
- addProjectPermission(ISSUE_ADMIN, user1, project1);
- addProjectPermission(ISSUE_ADMIN, user2, project1);
- addProjectPermission(ISSUE_ADMIN, user2, project2);
+ addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user1);
+ addProjectPermission(UserRole.USER, user1, project1);
+ addProjectPermission(UserRole.ISSUE_ADMIN, user1, project1);
+ addProjectPermission(UserRole.ISSUE_ADMIN, user2, project1);
+ addProjectPermission(UserRole.ISSUE_ADMIN, user2, project2);
// no projects -> return empty list
assertThat(underTest.countUsersByProjectPermission(dbSession, emptyList())).isEmpty();
// one project
expectCount(singletonList(project1.uuid()),
- new CountPerProjectPermission(project1.uuid(), USER, 1),
- new CountPerProjectPermission(project1.uuid(), ISSUE_ADMIN, 2));
+ new CountPerProjectPermission(project1.uuid(), UserRole.USER, 1),
+ new CountPerProjectPermission(project1.uuid(), UserRole.ISSUE_ADMIN, 2));
// multiple projects
expectCount(asList(project1.uuid(), project2.uuid(), "invalid"),
- new CountPerProjectPermission(project1.uuid(), USER, 1),
- new CountPerProjectPermission(project1.uuid(), ISSUE_ADMIN, 2),
- new CountPerProjectPermission(project2.uuid(), ISSUE_ADMIN, 1));
+ new CountPerProjectPermission(project1.uuid(), UserRole.USER, 1),
+ new CountPerProjectPermission(project1.uuid(), UserRole.ISSUE_ADMIN, 2),
+ new CountPerProjectPermission(project2.uuid(), UserRole.ISSUE_ADMIN, 1));
}
@Test
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
- addProjectPermission(USER, user1, project1);
- addProjectPermission(USER, user2, project1);
- addProjectPermission(ISSUE_ADMIN, user2, project1);
+ addProjectPermission(UserRole.USER, user1, project1);
+ addProjectPermission(UserRole.USER, user2, project1);
+ addProjectPermission(UserRole.ISSUE_ADMIN, user2, project1);
// logins are ordered by user name: user2 ("Marie") then user1 ("Marius")
PermissionQuery query = PermissionQuery.builder().setComponent(project1).withAtLeastOnePermission().build();
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
- addProjectPermission(USER, user1, project1);
- addGlobalPermission(PROVISIONING, user1);
- addProjectPermission(ISSUE_ADMIN, user2, project2);
+ addProjectPermission(UserRole.USER, user1, project1);
+ addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user1);
+ addProjectPermission(UserRole.ISSUE_ADMIN, user2, project2);
PermissionQuery query = PermissionQuery.builder().build();
List<String> result = underTest.selectUserUuidsByQueryAndScope(dbSession, query);
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
- addProjectPermission(USER, user1, project1);
- addGlobalPermission(PROVISIONING, user1);
- addProjectPermission(ISSUE_ADMIN, user2, project2);
+ addProjectPermission(UserRole.USER, user1, project1);
+ addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user1);
+ addProjectPermission(UserRole.ISSUE_ADMIN, user2, project2);
PermissionQuery query = PermissionQuery.builder()
.setComponent(project1)
.build();
for (int i = 0; i < 10; i++) {
String name = "user-" + i;
UserDto user = insertUser(u -> u.setName(name));
- addGlobalPermission(PROVISIONING, user);
- addGlobalPermission(SYSTEM_ADMIN, user);
+ addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user);
+ addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user);
userUuids.add(user.getUuid());
}
@Test
public void selectUserUuidsByQuery_is_sorted_by_insensitive_name() {
UserDto user1 = insertUser(u -> u.setName("user1"));
- addGlobalPermission(PROVISIONING, user1);
+ addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user1);
UserDto user3 = insertUser(u -> u.setName("user3"));
- addGlobalPermission(SYSTEM_ADMIN, user3);
+ addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user3);
UserDto user2 = insertUser(u -> u.setName("User2"));
- addGlobalPermission(PROVISIONING, user2);
+ addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user2);
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().build()))
.containsExactly(user1.getUuid(), user2.getUuid(), user3.getUuid());
UserDto user1 = insertUser();
UserDto user2 = insertUser();
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertPermissionOnUser(user1, SCAN);
- db.users().insertPermissionOnUser(user1, ADMINISTER);
- db.users().insertProjectPermissionOnUser(user1, ADMINISTER_QUALITY_GATES.getKey(), project);
- db.users().insertPermissionOnUser(user2, SCAN);
- db.users().insertProjectPermissionOnUser(user2, ADMINISTER_QUALITY_GATES.getKey(), project);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER);
+ db.users().insertProjectPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), project);
+ db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.SCAN);
+ db.users().insertProjectPermissionOnUser(user2, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), project);
underTest.deleteByUserUuid(dbSession, user1);
dbSession.commit();
assertThat(db.select("select user_uuid as \"userUuid\", component_uuid as \"projectUuid\", role as \"permission\" from user_roles"))
.extracting((row) -> row.get("userUuid"), (row) -> row.get("projectUuid"), (row) -> row.get("permission"))
- .containsOnly(tuple(user2.getUuid(), null, SCAN.getKey()), tuple(user2.getUuid(), project.uuid(), ADMINISTER_QUALITY_GATES.getKey()));
+ .containsOnly(tuple(user2.getUuid(), null, GlobalPermission.SCAN.getKey()), tuple(user2.getUuid(), project.uuid(), GlobalPermission.ADMINISTER_QUALITY_GATES.getKey()));
}
@Test
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_exist() {
UserDto user = insertUser();
- db.users().insertPermissionOnUser(user, SCAN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
ComponentDto component = newPrivateProjectDto();
- int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), component);
+ int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, GlobalPermission.SCAN.getKey(), component);
assertThat(deletedCount).isZero();
- assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey());
+ assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
}
@Test
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_has_no_permission_at_all() {
UserDto user = insertUser();
- db.users().insertPermissionOnUser(user, SCAN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
ComponentDto project = randomPublicOrPrivateProject();
- int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), project);
+ int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, GlobalPermission.SCAN.getKey(), project);
assertThat(deletedCount).isZero();
- assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey());
+ assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
}
@Test
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_have_specified_permission() {
UserDto user = insertUser();
- db.users().insertPermissionOnUser(user, SCAN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
ComponentDto project = randomPublicOrPrivateProject();
- db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project);
+ db.users().insertProjectPermissionOnUser(user, GlobalPermission.SCAN.getKey(), project);
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, "p1", project);
assertThat(deletedCount).isZero();
- assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey());
- assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user.getUuid(), project.uuid())).containsOnly(SCAN.getKey());
+ assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
+ assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user.getUuid(), project.uuid())).containsOnly(GlobalPermission.SCAN.getKey());
}
@Test
public void deleteProjectPermissionOfAnyUser_deletes_specified_permission_for_any_user_on_the_specified_component() {
UserDto user1 = insertUser();
UserDto user2 = insertUser();
- db.users().insertPermissionOnUser(user1, SCAN);
- db.users().insertPermissionOnUser(user2, SCAN);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.SCAN);
ComponentDto project1 = randomPublicOrPrivateProject();
ComponentDto project2 = randomPublicOrPrivateProject();
- db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project1);
- db.users().insertProjectPermissionOnUser(user2, SCAN.getKey(), project1);
- db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project2);
- db.users().insertProjectPermissionOnUser(user2, SCAN.getKey(), project2);
- db.users().insertProjectPermissionOnUser(user2, PROVISION_PROJECTS.getKey(), project2);
+ db.users().insertProjectPermissionOnUser(user1, GlobalPermission.SCAN.getKey(), project1);
+ db.users().insertProjectPermissionOnUser(user2, GlobalPermission.SCAN.getKey(), project1);
+ db.users().insertProjectPermissionOnUser(user1, GlobalPermission.SCAN.getKey(), project2);
+ db.users().insertProjectPermissionOnUser(user2, GlobalPermission.SCAN.getKey(), project2);
+ db.users().insertProjectPermissionOnUser(user2, GlobalPermission.PROVISION_PROJECTS.getKey(), project2);
- int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), project1);
+ int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, GlobalPermission.SCAN.getKey(), project1);
assertThat(deletedCount).isEqualTo(2);
- assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(SCAN.getKey());
- assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(SCAN.getKey());
+ assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
+ assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty();
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty();
- assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly(SCAN.getKey());
- assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(SCAN.getKey(), PROVISION_PROJECTS.getKey());
+ assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly(GlobalPermission.SCAN.getKey());
+ assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(GlobalPermission.SCAN.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
- deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), project2);
+ deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, GlobalPermission.SCAN.getKey(), project2);
assertThat(deletedCount).isEqualTo(2);
- assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(SCAN.getKey());
- assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(SCAN.getKey());
+ assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
+ assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty();
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty();
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly();
- assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(PROVISION_PROJECTS.getKey());
+ assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(GlobalPermission.PROVISION_PROJECTS.getKey());
}
private ComponentDto randomPublicOrPrivateProject() {
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
+import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
+import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
public class UserPermissionDaoWithPersisterTest {
@Test
public void userGlobalPermissionInsertAndDeleteArePersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
- UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), null);
+ UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), null);
underTest.insert(dbSession, dto, null, user, null);
verify(auditPersister).addUserPermission(eq(dbSession), newValueCaptor.capture());
assertNewValue(newValue, dto.getUuid(), user.getUuid(), user.getLogin(), null, dto.getPermission(), null, null, null);
assertThat(newValue.toString()).doesNotContain("projectUuid");
- underTest.deleteGlobalPermission(dbSession, user, SYSTEM_ADMIN);
+ underTest.deleteGlobalPermission(dbSession, user, ADMINISTER.getKey());
verify(auditPersister).deleteUserPermission(eq(dbSession), newValueCaptor.capture());
newValue = newValueCaptor.getValue();
PermissionTemplateDto templateDto = newPermissionTemplateDto();
db.getDbClient().permissionTemplateDao().insert(db.getSession(), templateDto);
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
- UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), null);
+ UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), null);
underTest.insert(dbSession, dto, null, user, templateDto);
verify(auditPersister).addUserPermission(eq(dbSession), newValueCaptor.capture());
public void userProjectPermissionInsertAndDeleteArePersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto project = db.components().insertPrivateProject();
- UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), project.uuid());
+ UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), project.uuid());
underTest.insert(dbSession, dto, project, user, null);
verify(auditPersister).addUserPermission(eq(dbSession), newValueCaptor.capture());
project.getKey(), project.name(), "TRK");
assertThat(newValue.toString()).contains("componentUuid");
- underTest.deleteProjectPermission(dbSession, user, SYSTEM_ADMIN, project);
+ underTest.deleteProjectPermission(dbSession, user, ADMINISTER.getKey(), project);
verify(auditPersister).deleteUserPermission(eq(dbSession), newValueCaptor.capture());
newValue = newValueCaptor.getValue();
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto project = db.components().insertPrivateProject();
- underTest.deleteProjectPermission(dbSession, user, SYSTEM_ADMIN, project);
+ underTest.deleteProjectPermission(dbSession, user, ADMINISTER.getKey(), project);
verify(auditPersister).addUser(any(), any());
verify(auditPersister).addComponent(any(), any());
public void userPortfolioPermissionIsPersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto portfolio = db.components().insertPublicPortfolio();
- UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), portfolio.uuid());
+ UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), portfolio.uuid());
underTest.insert(dbSession, dto, portfolio, user, null);
verify(auditPersister).addUserPermission(eq(dbSession), newValueCaptor.capture());
public void userApplicationPermissionIsPersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto application = db.components().insertPublicApplication();
- UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), application.uuid());
+ UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), application.uuid());
underTest.insert(dbSession, dto, application, user, null);
verify(auditPersister).addUserPermission(eq(dbSession), newValueCaptor.capture());
public void deleteUserPermissionOfAnyUserIsPersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto project = db.components().insertPrivateProject();
- UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SCAN_EXECUTION, user.getUuid(), project.uuid());
+ UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SCAN.getKey(), user.getUuid(), project.uuid());
underTest.insert(dbSession, dto, project, user, null);
- underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN_EXECUTION, project);
+ underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), project);
verify(auditPersister).deleteUserPermission(eq(dbSession), newValueCaptor.capture());
UserPermissionNewValue newValue = newValueCaptor.getValue();
public void deleteUserPermissionOfAnyUserWithoutAffectedRowsIsNotPersisted() {
ComponentDto project = db.components().insertPrivateProject();
- underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN_EXECUTION, project);
+ underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), project);
verify(auditPersister).addComponent(any(), any());
verifyNoMoreInteractions(auditPersister);
public void deleteUserPermissionByUserUuidIsPersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto project = db.components().insertPrivateProject();
- UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), project.uuid());
+ UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), project.uuid());
underTest.insert(dbSession, dto, project, user, null);
underTest.deleteByUserUuid(dbSession, user);
import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
+import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE;
import static org.sonar.db.permission.PermissionQuery.builder;
import static org.sonar.db.user.GroupTesting.newGroupDto;
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN, template.getName(), group1.getName());
- permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING, template.getName(), group2.getName());
+ permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISION_PROJECTS.getKey(), template.getName(), group2.getName());
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER, anotherTemplate.getName(), null);
- permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING, anotherTemplate.getName(), group1.getName());
+ permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISION_PROJECTS.getKey(), anotherTemplate.getName(), group1.getName());
assertThat(selectGroupNamesByQueryAndTemplate(builder(), template))
.containsOnly("Group-1", "Group-2", "Group-3", "Anyone");
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN, template.getName(), group1.getName());
- permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING, template.getName(), group2.getName());
+ permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISION_PROJECTS.getKey(), template.getName(), group2.getName());
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER, anotherTemplate.getName(), null);
- permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING, anotherTemplate.getName(), group1.getName());
+ permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISION_PROJECTS.getKey(), anotherTemplate.getName(), group1.getName());
assertThat(countGroupNamesByQueryAndTemplate(builder(), template))
.isEqualTo(4);
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN, template.getName(), group1.getName());
- permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING, template.getName(), group2.getName());
+ permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISION_PROJECTS.getKey(), template.getName(), group2.getName());
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER, anotherTemplate.getName(), null);
- permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING, anotherTemplate.getName(), group1.getName());
+ permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISION_PROJECTS.getKey(), anotherTemplate.getName(), group1.getName());
assertThat(underTest.selectGroupPermissionsByTemplateIdAndGroupNames(session, template.getUuid(), asList("Group-1")))
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getGroupName, PermissionTemplateGroupDto::getPermission)
assertThat(underTest.selectGroupPermissionsByTemplateIdAndGroupNames(session, anotherTemplate.getUuid(), asList("Group-1")))
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getGroupName, PermissionTemplateGroupDto::getPermission)
.containsOnly(
- tuple(group1.getUuid(), "Group-1", PROVISIONING));
+ tuple(group1.getUuid(), "Group-1", PROVISION_PROJECTS.getKey()));
assertThat(underTest.selectGroupPermissionsByTemplateIdAndGroupNames(session, anotherTemplate.getUuid(), asList("Anyone")))
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getGroupName, PermissionTemplateGroupDto::getPermission)
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN, template.getName(), group1.getName());
- permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING, template.getName(), group2.getName());
+ permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISION_PROJECTS.getKey(), template.getName(), group2.getName());
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER, anotherTemplate.getName(), null);
- permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING, anotherTemplate.getName(), group1.getName());
+ permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISION_PROJECTS.getKey(), anotherTemplate.getName(), group1.getName());
assertThat(underTest.selectGroupPermissionsByTemplateUuid(session, template.getUuid()))
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getGroupName, PermissionTemplateGroupDto::getPermission)
.containsOnly(
tuple(group1.getUuid(), "Group-1", USER),
tuple(group1.getUuid(), "Group-1", ADMIN),
- tuple(group2.getUuid(), "Group-2", PROVISIONING));
+ tuple(group2.getUuid(), "Group-2", PROVISION_PROJECTS.getKey()));
assertThat(underTest.selectGroupPermissionsByTemplateUuid(session, anotherTemplate.getUuid()))
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getGroupName, PermissionTemplateGroupDto::getPermission)
.containsOnly(
- tuple(group1.getUuid(), "Group-1", PROVISIONING),
+ tuple(group1.getUuid(), "Group-1", PROVISION_PROJECTS.getKey()),
tuple("Anyone", "Anyone", USER));
assertThat(underTest.selectGroupPermissionsByTemplateUuid(session, "321")).isEmpty();
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.audit.NoOpAuditPersister;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import static org.assertj.core.api.Assertions.tuple;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.api.web.UserRole.CODEVIEWER;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
import static org.sonar.db.user.GroupTesting.newGroupDto;
GroupDto group1 = db.users().insertGroup(newGroupDto());
GroupDto group2 = db.users().insertGroup(newGroupDto());
GroupDto group3 = db.users().insertGroup(newGroupDto());
- templateDb.addGroupToTemplate(template1.getUuid(), group1.getUuid(), CODEVIEWER, template1.getName(), group1.getName());
- templateDb.addGroupToTemplate(template1.getUuid(), group2.getUuid(), CODEVIEWER, template1.getName(), group2.getName());
- templateDb.addGroupToTemplate(template1.getUuid(), group3.getUuid(), CODEVIEWER, template1.getName(), group3.getName());
- templateDb.addGroupToTemplate(template1.getUuid(), null, CODEVIEWER, template1.getName(), null);
- templateDb.addGroupToTemplate(template1.getUuid(), group1.getUuid(), ADMIN, template1.getName(), group1.getName());
- templateDb.addGroupToTemplate(template2.getUuid(), group1.getUuid(), ADMIN, template2.getName(), group1.getName());
- templateDb.addGroupToTemplate(template4.getUuid(), group1.getUuid(), ISSUE_ADMIN, template4.getName(), group1.getName());
+ templateDb.addGroupToTemplate(template1.getUuid(), group1.getUuid(), UserRole.CODEVIEWER, template1.getName(), group1.getName());
+ templateDb.addGroupToTemplate(template1.getUuid(), group2.getUuid(), UserRole.CODEVIEWER, template1.getName(), group2.getName());
+ templateDb.addGroupToTemplate(template1.getUuid(), group3.getUuid(), UserRole.CODEVIEWER, template1.getName(), group3.getName());
+ templateDb.addGroupToTemplate(template1.getUuid(), null, UserRole.CODEVIEWER, template1.getName(), null);
+ templateDb.addGroupToTemplate(template1.getUuid(), group1.getUuid(), UserRole.ADMIN, template1.getName(), group1.getName());
+ templateDb.addGroupToTemplate(template2.getUuid(), group1.getUuid(), UserRole.ADMIN, template2.getName(), group1.getName());
+ templateDb.addGroupToTemplate(template4.getUuid(), group1.getUuid(), UserRole.ISSUE_ADMIN, template4.getName(), group1.getName());
final List<CountByTemplateAndPermissionDto> result = new ArrayList<>();
underTest.groupsCountByTemplateUuidAndPermission(dbSession, asList(template1.getUuid(), template2.getUuid(), template3.getUuid()),
context -> result.add(context.getResultObject()));
assertThat(result).extracting(CountByTemplateAndPermissionDto::getPermission, CountByTemplateAndPermissionDto::getTemplateUuid, CountByTemplateAndPermissionDto::getCount)
- .containsOnly(tuple(ADMIN, template1.getUuid(), 1), tuple(CODEVIEWER, template1.getUuid(), 4), tuple(ADMIN, template2.getUuid(), 1));
+ .containsOnly(tuple(UserRole.ADMIN, template1.getUuid(), 1), tuple(UserRole.CODEVIEWER, template1.getUuid(), 4), tuple(UserRole.ADMIN, template2.getUuid(), 1));
}
@Test
UserDto user2 = db.users().insertUser();
UserDto user3 = db.users().insertUser();
- templateDb.addUserToTemplate(template1.getUuid(), user1.getUuid(), ADMIN, template1.getName(), user1.getLogin());
- templateDb.addUserToTemplate(template1.getUuid(), user2.getUuid(), ADMIN, template1.getName(), user2.getLogin());
- templateDb.addUserToTemplate(template1.getUuid(), user3.getUuid(), ADMIN, template1.getName(), user3.getLogin());
- templateDb.addUserToTemplate(template1.getUuid(), user1.getUuid(), USER, template1.getName(), user1.getLogin());
- templateDb.addUserToTemplate(template2.getUuid(), user1.getUuid(), USER, template2.getName(), user1.getLogin());
- templateDb.addUserToTemplate(anotherTemplate.getUuid(), user1.getUuid(), ISSUE_ADMIN, anotherTemplate.getName(), user1.getLogin());
+ templateDb.addUserToTemplate(template1.getUuid(), user1.getUuid(), UserRole.ADMIN, template1.getName(), user1.getLogin());
+ templateDb.addUserToTemplate(template1.getUuid(), user2.getUuid(), UserRole.ADMIN, template1.getName(), user2.getLogin());
+ templateDb.addUserToTemplate(template1.getUuid(), user3.getUuid(), UserRole.ADMIN, template1.getName(), user3.getLogin());
+ templateDb.addUserToTemplate(template1.getUuid(), user1.getUuid(), UserRole.USER, template1.getName(), user1.getLogin());
+ templateDb.addUserToTemplate(template2.getUuid(), user1.getUuid(), UserRole.USER, template2.getName(), user1.getLogin());
+ templateDb.addUserToTemplate(anotherTemplate.getUuid(), user1.getUuid(), UserRole.ISSUE_ADMIN, anotherTemplate.getName(), user1.getLogin());
final List<CountByTemplateAndPermissionDto> result = new ArrayList<>();
underTest.usersCountByTemplateUuidAndPermission(dbSession, asList(template1.getUuid(), template2.getUuid(), template3.getUuid()),
assertThat(result)
.extracting(CountByTemplateAndPermissionDto::getPermission, CountByTemplateAndPermissionDto::getTemplateUuid, CountByTemplateAndPermissionDto::getCount)
.containsExactlyInAnyOrder(
- tuple(ADMIN, template1.getUuid(), 3),
- tuple(USER, template1.getUuid(), 1),
- tuple(USER, template2.getUuid(), 1));
+ tuple(UserRole.ADMIN, template1.getUuid(), 3),
+ tuple(UserRole.USER, template1.getUuid(), 1),
+ tuple(UserRole.USER, template2.getUuid(), 1));
}
@Test
GroupDto group = db.users().insertGroup(newGroupDto());
db.users().insertMember(group, user);
PermissionTemplateDto template = templateDb.insertTemplate();
- templateDb.addProjectCreatorToTemplate(template.getUuid(), SCAN_EXECUTION, template.getName());
+ templateDb.addProjectCreatorToTemplate(template.getUuid(), GlobalPermission.SCAN.getKey(), template.getName());
templateDb.addProjectCreatorToTemplate(template.getUuid(), UserRole.ADMIN, template.getName());
templateDb.addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.USER, template.getName(), user.getLogin());
templateDb.addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.ADMIN, template.getName(), user.getLogin());
List<String> resultWithUser = underTest.selectPotentialPermissionsByUserUuidAndTemplateUuid(dbSession, user.getUuid(), template.getUuid());
List<String> resultWithoutUser = underTest.selectPotentialPermissionsByUserUuidAndTemplateUuid(dbSession, null, template.getUuid());
- assertThat(resultWithUser).containsOnlyOnce(SCAN_EXECUTION, UserRole.ADMIN, UserRole.USER, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN);
+ assertThat(resultWithUser).containsOnlyOnce(GlobalPermission.SCAN.getKey(), UserRole.ADMIN, UserRole.USER, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN);
// only permission from anyone group
assertThat(resultWithoutUser).containsOnly(UserRole.ISSUE_ADMIN);
}
UserDto user = dbTester.users().insertUser();
dbTester.users().insertProjectPermissionOnUser(user, "doh", root);
- dbTester.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
+ dbTester.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
assertThat(dbTester.countRowsOfTable("group_roles")).isEqualTo(root.isPrivate() ? 2 : 4);
assertThat(dbTester.countRowsOfTable("user_roles")).isEqualTo(2);
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project1);
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2);
// global permission - not returned
- db.users().insertPermissionOnUser(user1, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user1, ADMINISTER);
// project permission on another user id - not returned
db.users().insertProjectPermissionOnUser(user2, UserRole.ADMIN, project1);
// project permission on another permission - not returned
db.users().insertMember(group1, user1);
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2);
// global permission - not returned
- db.users().insertPermissionOnUser(user1, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user1, ADMINISTER);
db.users().insertPermissionOnGroup(group1, ADMINISTER);
// project permission on another user id - not returned
db.users().insertPermissionOnGroup(group2, ADMINISTER);
*/
package org.sonar.db.permission;
-import com.google.common.collect.ImmutableSet;
import java.util.Set;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
+
+import static org.sonar.db.permission.GlobalPermission.APPLICATION_CREATOR;
+import static org.sonar.db.permission.GlobalPermission.PORTFOLIO_CREATOR;
+import static org.sonar.db.permission.GlobalPermission.SCAN;
public class PermissionsTestHelper {
- public static final Set<String> ALL_PERMISSIONS = ImmutableSet.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN,
- GlobalPermissions.SCAN_EXECUTION, UserRole.USER, GlobalPermission.APPLICATION_CREATOR.getKey(), GlobalPermission.PORTFOLIO_CREATOR.getKey());
+ public static final Set<String> ALL_PERMISSIONS = Set.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN,
+ SCAN.getKey(), UserRole.USER, APPLICATION_CREATOR.getKey(), PORTFOLIO_CREATOR.getKey());
private PermissionsTestHelper() {
}
*/
package org.sonar.db.user;
-import com.google.common.collect.ImmutableSet;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import static org.sonar.db.user.GroupTesting.newGroupDto;
public class UserDbTester {
- private static final Set<String> PUBLIC_PERMISSIONS = ImmutableSet.of(UserRole.USER, UserRole.CODEVIEWER); // FIXME to check with Simon
+ private static final Set<String> PUBLIC_PERMISSIONS = Set.of(UserRole.USER, UserRole.CODEVIEWER);
+ public static final String PERMISSIONS_CANT_BE_GRANTED_ON_BRANCHES = "Permissions can't be granted on branches";
private final DbTester db;
private final DbClient dbClient;
public UserDto insertAdminByUserPermission() {
UserDto user = insertUser();
- insertPermissionOnUser(user, ADMINISTER);
+ insertGlobalPermissionOnUser(user, ADMINISTER);
return user;
}
checkArgument(!project.isPrivate(), "No permission to group AnyOne can be granted on a private project");
checkArgument(!PUBLIC_PERMISSIONS.contains(permission),
"permission %s can't be granted on a public project", permission);
- checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches");
+ checkArgument(project.getMainBranchProjectUuid() == null, PERMISSIONS_CANT_BE_GRANTED_ON_BRANCHES);
GroupPermissionDto dto = new GroupPermissionDto()
.setUuid(Uuids.createFast())
.setGroupUuid(null)
public GroupPermissionDto insertProjectPermissionOnGroup(GroupDto group, String permission, ComponentDto project) {
checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission),
"%s can't be granted on a public project", permission);
- checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches");
+ checkArgument(project.getMainBranchProjectUuid() == null, PERMISSIONS_CANT_BE_GRANTED_ON_BRANCHES);
GroupPermissionDto dto = new GroupPermissionDto()
.setUuid(Uuids.createFast())
.setGroupUuid(group.getUuid())
// USER PERMISSIONS
/**
- * Grant permission
+ * Grant global permission
*/
- public UserPermissionDto insertPermissionOnUser(UserDto user, GlobalPermission permission) {
+ public UserPermissionDto insertGlobalPermissionOnUser(UserDto user, GlobalPermission permission) {
return insertPermissionOnUser(user, permission.getKey());
}
/**
- * Grant global permission
- * @deprecated use {@link #insertPermissionOnUser(UserDto, GlobalPermission)}
+ * Grant permission
*/
- @Deprecated
public UserPermissionDto insertPermissionOnUser(UserDto user, String permission) {
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), null);
db.getDbClient().userPermissionDao().insert(db.getSession(), dto, null, user, null);
public UserPermissionDto insertProjectPermissionOnUser(UserDto user, String permission, ComponentDto project) {
checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission),
"%s can't be granted on a public project", permission);
- checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches");
+ checkArgument(project.getMainBranchProjectUuid() == null, PERMISSIONS_CANT_BE_GRANTED_ON_BRANCHES);
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), project.uuid());
db.getDbClient().userPermissionDao().insert(db.getSession(), dto, project, user, null);
db.commit();
// Users granted admin permission directly
UserDto admin1 = db.users().insertUser(u -> u.setEmail("admin1"));
UserDto adminWithNoEmail = db.users().insertUser(u -> u.setEmail(null));
- db.users().insertPermissionOnUser(admin1, ADMINISTER);
- db.users().insertPermissionOnUser(adminWithNoEmail, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(admin1, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(adminWithNoEmail, ADMINISTER);
// User granted admin permission by group membership
UserDto admin2 = db.users().insertUser(u -> u.setEmail("admin2"));
GroupDto adminGroup = db.users().insertGroup();
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import static java.util.Arrays.asList;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.api.web.UserRole.CODEVIEWER;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newChildComponent;
import static org.sonar.db.component.ComponentTesting.newProjectCopy;
import static org.sonar.db.component.ComponentTesting.newSubPortfolio;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
-import static org.sonar.db.permission.GlobalPermission.SCAN;
public class ServerUserSessionTest {
public void checkComponentUuidPermission_fails_with_FE_when_user_has_not_permission_for_specified_uuid_in_db() {
UserDto user = db.users().insertUser();
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnUser(user, USER, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, project);
UserSession session = newUserSession(user);
- assertThatForbiddenExceptionIsThrown(() -> session.checkComponentUuidPermission(USER, "another-uuid"));
+ assertThatForbiddenExceptionIsThrown(() -> session.checkComponentUuidPermission(UserRole.USER, "another-uuid"));
}
@Test
public void checkChildProjectsPermission_succeeds_if_user_has_permissions_on_all_application_child_projects() {
UserDto user = db.users().insertUser();
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnUser(user, USER, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, project);
ComponentDto application = db.components().insertPrivateApplication();
db.components().addApplicationProject(application, project);
UserSession underTest = newUserSession(user);
- assertThat(underTest.checkChildProjectsPermission(USER, application)).isSameAs(underTest);
+ assertThat(underTest.checkChildProjectsPermission(UserRole.USER, application)).isSameAs(underTest);
}
@Test
UserSession underTest = newUserSession(user);
- assertThat(underTest.checkChildProjectsPermission(USER, project)).isSameAs(underTest);
+ assertThat(underTest.checkChildProjectsPermission(UserRole.USER, project)).isSameAs(underTest);
}
@Test
UserSession underTest = newUserSession(user);
- assertThatForbiddenExceptionIsThrown(() -> underTest.checkChildProjectsPermission(USER, application));
+ assertThatForbiddenExceptionIsThrown(() -> underTest.checkChildProjectsPermission(UserRole.USER, application));
}
@Test
public void checkPermission_throws_ForbiddenException_when_user_doesnt_have_the_specified_permission() {
UserDto user = db.users().insertUser();
- assertThatForbiddenExceptionIsThrown(() -> newUserSession(user).checkPermission(PROVISION_PROJECTS));
+ assertThatForbiddenExceptionIsThrown(() -> newUserSession(user).checkPermission(GlobalPermission.PROVISION_PROJECTS));
}
@Test
public void checkPermission_succeeds_when_user_has_the_specified_permission() {
UserDto adminUser = db.users().insertAdminByUserPermission();
- db.users().insertPermissionOnUser(adminUser, PROVISIONING);
+ db.users().insertGlobalPermissionOnUser(adminUser, GlobalPermission.PROVISION_PROJECTS);
- newUserSession(adminUser).checkPermission(PROVISION_PROJECTS);
+ newUserSession(adminUser).checkPermission(GlobalPermission.PROVISION_PROJECTS);
}
@Test
public void test_hasPermission_for_logged_in_user() {
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(user, PROVISION_PROJECTS);
- db.users().insertProjectPermissionOnUser(user, ADMIN, project);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project);
UserSession session = newUserSession(user);
- assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
- assertThat(session.hasPermission(ADMINISTER)).isFalse();
+ assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
+ assertThat(session.hasPermission(GlobalPermission.ADMINISTER)).isFalse();
}
@Test
public void test_hasPermission_for_anonymous_user() {
- db.users().insertPermissionOnAnyone(PROVISION_PROJECTS);
+ db.users().insertPermissionOnAnyone(GlobalPermission.PROVISION_PROJECTS);
UserSession session = newAnonymousSession();
- assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
- assertThat(session.hasPermission(ADMINISTER)).isFalse();
+ assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
+ assertThat(session.hasPermission(GlobalPermission.ADMINISTER)).isFalse();
}
@Test
public void hasPermission_keeps_cache_of_permissions_of_logged_in_user() {
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(user, PROVISIONING);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
UserSession session = newUserSession(user);
// feed the cache
- assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
+ assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
// change permissions without updating the cache
- db.users().deletePermissionFromUser(user, PROVISION_PROJECTS);
- db.users().insertPermissionOnUser(user, SCAN);
- assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
- assertThat(session.hasPermission(ADMINISTER)).isFalse();
- assertThat(session.hasPermission(SCAN)).isFalse();
+ db.users().deletePermissionFromUser(user, GlobalPermission.PROVISION_PROJECTS);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
+ assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
+ assertThat(session.hasPermission(GlobalPermission.ADMINISTER)).isFalse();
+ assertThat(session.hasPermission(GlobalPermission.SCAN)).isFalse();
}
@Test
public void hasPermission_keeps_cache_of_permissions_of_anonymous_user() {
- db.users().insertPermissionOnAnyone(PROVISION_PROJECTS);
+ db.users().insertPermissionOnAnyone(GlobalPermission.PROVISION_PROJECTS);
UserSession session = newAnonymousSession();
// feed the cache
- assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
+ assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
// change permissions without updating the cache
- db.users().insertPermissionOnAnyone(SCAN);
- assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
- assertThat(session.hasPermission(SCAN)).isFalse();
+ db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
+ assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
+ assertThat(session.hasPermission(GlobalPermission.SCAN)).isFalse();
}
@Test
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
UserDto user = db.users().insertUser();
- db.users().insertProjectPermissionOnUser(user, USER, project1);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, project1);
ComponentDto application = db.components().insertPrivateApplication();
db.components().addApplicationProject(application, project1);
db.components().insertComponent(newProjectCopy(project1, application));
UserSession session = newUserSession(user);
- assertThat(session.hasChildProjectsPermission(USER, application)).isTrue();
+ assertThat(session.hasChildProjectsPermission(UserRole.USER, application)).isTrue();
db.components().addApplicationProject(application, project2);
db.components().insertComponent(newProjectCopy(project2, application));
- assertThat(session.hasChildProjectsPermission(USER, application)).isFalse();
+ assertThat(session.hasChildProjectsPermission(UserRole.USER, application)).isFalse();
}
@Test
public void test_hasChildProjectsPermission_for_anonymous_user() {
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertPermissionOnAnyone(USER);
+ db.users().insertPermissionOnAnyone(UserRole.USER);
ComponentDto application = db.components().insertPrivateApplication();
db.components().addApplicationProject(application, project);
// add computed project
db.components().insertComponent(newProjectCopy(project, application));
UserSession session = newAnonymousSession();
- assertThat(session.hasChildProjectsPermission(USER, application)).isFalse();
+ assertThat(session.hasChildProjectsPermission(UserRole.USER, application)).isFalse();
}
@Test
public void hasChildProjectsPermission_keeps_cache_of_permissions_of_anonymous_user() {
- db.users().insertPermissionOnAnyone(USER);
+ db.users().insertPermissionOnAnyone(UserRole.USER);
ComponentDto project = db.components().insertPublicProject();
ComponentDto application = db.components().insertPublicApplication();
UserSession session = newAnonymousSession();
// feed the cache
- assertThat(session.hasChildProjectsPermission(USER, application)).isTrue();
+ assertThat(session.hasChildProjectsPermission(UserRole.USER, application)).isTrue();
// change privacy of the project without updating the cache
db.getDbClient().componentDao().setPrivateForBranchUuidWithoutAudit(db.getSession(), project.uuid(), true);
- assertThat(session.hasChildProjectsPermission(USER, application)).isTrue();
+ assertThat(session.hasChildProjectsPermission(UserRole.USER, application)).isTrue();
}
@Test
db.components().addPortfolioProject(portfolio, project1);
db.components().insertComponent(newProjectCopy(project1, portfolio));
- assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue();
+ assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, portfolio)).isTrue();
// Add private project2 with USER permissions to private portfolio
- db.users().insertProjectPermissionOnUser(user, USER, project2);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, project2);
db.components().addPortfolioProject(portfolio, project2);
db.components().insertComponent(newProjectCopy(project2, portfolio));
- assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue();
+ assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, portfolio)).isTrue();
// Add private project4 with USER permissions to sub-portfolio
- db.users().insertProjectPermissionOnUser(user, USER, project4);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, project4);
db.components().addPortfolioProject(subPortfolio, project4);
db.components().insertComponent(newProjectCopy(project4, subPortfolio));
db.components().addPortfolioReference(portfolio, subPortfolio.uuid());
// The predicate should work both on view and subview components
- assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue();
- assertThat(session.hasPortfolioChildProjectsPermission(USER, subPortfolio)).isTrue();
+ assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, portfolio)).isTrue();
+ assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, subPortfolio)).isTrue();
// Add private project3 without permissions to private portfolio
db.components().addPortfolioProject(portfolio, project3);
db.components().insertComponent(newProjectCopy(project3, portfolio));
- assertThat(session.hasChildProjectsPermission(USER, portfolio)).isFalse();
+ assertThat(session.hasChildProjectsPermission(UserRole.USER, portfolio)).isFalse();
// Add private project5 without permissions to sub-portfolio
db.components().addPortfolioProject(subPortfolio, project5);
db.components().insertComponent(newProjectCopy(project5, subPortfolio));
- assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isFalse();
- assertThat(session.hasPortfolioChildProjectsPermission(USER, subPortfolio)).isFalse();
+ assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, portfolio)).isFalse();
+ assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, subPortfolio)).isFalse();
}
@Test
public void test_hasPortfolioChildProjectsPermission_for_anonymous_user() {
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertPermissionOnAnyone(USER);
+ db.users().insertPermissionOnAnyone(UserRole.USER);
ComponentDto portfolio = db.components().insertPrivatePortfolio();
db.components().insertComponent(newProjectCopy(project, portfolio));
UserSession session = newAnonymousSession();
- assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isFalse();
+ assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, portfolio)).isFalse();
}
@Test
public void hasPortfolioChildProjectsPermission_keeps_cache_of_permissions_of_anonymous_user() {
- db.users().insertPermissionOnAnyone(USER);
+ db.users().insertPermissionOnAnyone(UserRole.USER);
ComponentDto project = db.components().insertPublicProject();
ComponentDto portfolio = db.components().insertPublicPortfolio();
UserSession session = newAnonymousSession();
// feed the cache
- assertThat(session.hasChildProjectsPermission(USER, portfolio)).isTrue();
+ assertThat(session.hasChildProjectsPermission(UserRole.USER, portfolio)).isTrue();
// change privacy of the project without updating the cache
db.getDbClient().componentDao().setPrivateForBranchUuidWithoutAudit(db.getSession(), project.uuid(), true);
- assertThat(session.hasChildProjectsPermission(USER, portfolio)).isTrue();
+ assertThat(session.hasChildProjectsPermission(UserRole.USER, portfolio)).isTrue();
}
@Test
ServerUserSession underTest = newAnonymousSession();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();
}
@Test
ServerUserSession underTest = newAnonymousSession();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();
}
@Test
ServerUserSession underTest = newAnonymousSession();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();
}
@Test
ServerUserSession underTest = newAnonymousSession();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();
}
@Test
ServerUserSession underTest = newUserSession(user);
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, privateProject)).isFalse();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, privateProject)).isFalse();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse();
}
@Test
ServerUserSession underTest = newUserSession(user);
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, privateProject)).isFalse();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, privateProject)).isFalse();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse();
}
@Test
ServerUserSession underTest = newUserSession(user);
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, privateProject)).isFalse();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, privateProject)).isFalse();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse();
}
@Test
public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_logged_in_user() {
UserDto user = db.users().insertUser();
ComponentDto publicProject = db.components().insertPublicProject();
- db.users().insertProjectPermissionOnUser(user, ADMIN, publicProject);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, publicProject);
UserSession underTest = newUserSession(user);
// feed the cache
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();
// change permissions without updating the cache
- db.users().deletePermissionFromUser(publicProject, user, ADMIN);
- db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, publicProject);
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, ISSUE_ADMIN, publicProject)).isFalse();
+ db.users().deletePermissionFromUser(publicProject, user, UserRole.ADMIN);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, publicProject);
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ISSUE_ADMIN, publicProject)).isFalse();
}
@Test
public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_anonymous_user() {
ComponentDto publicProject = db.components().insertPublicProject();
- db.users().insertProjectPermissionOnAnyone(ADMIN, publicProject);
+ db.users().insertProjectPermissionOnAnyone(UserRole.ADMIN, publicProject);
UserSession underTest = newAnonymousSession();
// feed the cache
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();
// change permissions without updating the cache
- db.users().deleteProjectPermissionFromAnyone(publicProject, ADMIN);
- db.users().insertProjectPermissionOnAnyone(ISSUE_ADMIN, publicProject);
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue();
- assertThat(hasComponentPermissionByDtoOrUuid(underTest, ISSUE_ADMIN, publicProject)).isFalse();
+ db.users().deleteProjectPermissionFromAnyone(publicProject, UserRole.ADMIN);
+ db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject);
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();
+ assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ISSUE_ADMIN, publicProject)).isFalse();
}
private boolean hasComponentPermissionByDtoOrUuid(UserSession underTest, String permission, ComponentDto component) {
UserSession underTest = newAnonymousSession();
- assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty();
+ assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty();
}
@Test
public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_anonymous() {
ComponentDto publicProject = db.components().insertPublicProject();
ComponentDto privateProject = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnAnyone(ISSUE_ADMIN, publicProject);
+ db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject);
UserSession underTest = newAnonymousSession();
- assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty();
- assertThat(underTest.keepAuthorizedComponents(ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(publicProject);
+ assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty();
+ assertThat(underTest.keepAuthorizedComponents(UserRole.ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(publicProject);
}
@Test
public void keepAuthorizedComponents_on_branches() {
UserDto user = db.users().insertUser();
ComponentDto privateProject = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnUser(user, ADMIN, privateProject);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject);
ComponentDto privateBranchProject = db.components().insertProjectBranch(privateProject);
UserSession underTest = newUserSession(user);
- assertThat(underTest.keepAuthorizedComponents(ADMIN, asList(privateProject, privateBranchProject)))
+ assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, asList(privateProject, privateBranchProject)))
.containsExactlyInAnyOrder(privateProject, privateBranchProject);
}
UserSession underTest = newUserSession(user);
ComponentDto portfolio = db.components().insertPrivatePortfolio();
- db.users().insertProjectPermissionOnUser(user, USER, portfolio);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, portfolio);
ComponentDto subPortfolio = db.components().insertComponent(newSubPortfolio(portfolio));
- db.users().insertProjectPermissionOnUser(user, USER, subPortfolio);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, subPortfolio);
ComponentDto app = db.components().insertPrivateApplication();
- db.users().insertProjectPermissionOnUser(user, USER, app);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, app);
ComponentDto app2 = db.components().insertPrivateApplication();
var copyProject1 = db.components().insertComponent(newProjectCopy(project1, portfolio));
// Add private project2 with USER permissions to private portfolio
- db.users().insertProjectPermissionOnUser(user, USER, project2);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, project2);
db.components().addPortfolioProject(portfolio, project2);
var copyProject2 = db.components().insertComponent(newProjectCopy(project2, portfolio));
// Add private project4 with USER permissions to sub-portfolio
- db.users().insertProjectPermissionOnUser(user, USER, project4);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, project4);
db.components().addPortfolioProject(subPortfolio, project4);
var copyProject4 = db.components().insertComponent(newProjectCopy(project4, subPortfolio));
db.components().addPortfolioReference(portfolio, subPortfolio.uuid());
var copyProject3 = db.components().insertComponent(newProjectCopy(project3, portfolio));
// Add private project5 with USER permissions to app
- db.users().insertProjectPermissionOnUser(user, USER, project5);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, project5);
db.components().addApplicationProject(app, project5);
var copyProject5 = db.components().insertComponent(newProjectCopy(project5, app));
db.components().addPortfolioReference(portfolio, app.uuid());
var copyProject6 = db.components().insertComponent(newProjectCopy(project6, app2));
db.components().addPortfolioReference(portfolio, app2.uuid());
- assertThat(underTest.keepAuthorizedComponents(ADMIN, List.of(portfolio))).isEmpty();
- assertThat(underTest.keepAuthorizedComponents(USER, List.of(portfolio))).containsExactly(portfolio);
+ assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, List.of(portfolio))).isEmpty();
+ assertThat(underTest.keepAuthorizedComponents(UserRole.USER, List.of(portfolio))).containsExactly(portfolio);
- assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(app, subPortfolio, app2))).isEmpty();
- assertThat(underTest.keepAuthorizedComponents(USER, Arrays.asList(app, subPortfolio, app2))).containsExactly(app, subPortfolio);
+ assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(app, subPortfolio, app2))).isEmpty();
+ assertThat(underTest.keepAuthorizedComponents(UserRole.USER, Arrays.asList(app, subPortfolio, app2))).containsExactly(app, subPortfolio);
- assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(project1, project2, project3, project4, project5, project6))).isEmpty();
- assertThat(underTest.keepAuthorizedComponents(USER, Arrays.asList(project1, project2, project3, project4, project5, project6))).containsExactly(project1, project2, project4, project5);
+ assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(project1, project2, project3, project4, project5, project6))).isEmpty();
+ assertThat(underTest.keepAuthorizedComponents(UserRole.USER, Arrays.asList(project1, project2, project3, project4, project5, project6))).containsExactly(project1, project2, project4, project5);
- assertThat(underTest.keepAuthorizedComponents(USER, Arrays.asList(copyProject1, copyProject2, copyProject3, copyProject4, copyProject5, copyProject6)))
+ assertThat(underTest.keepAuthorizedComponents(UserRole.USER, Arrays.asList(copyProject1, copyProject2, copyProject3, copyProject4, copyProject5, copyProject6)))
.containsExactly(copyProject1, copyProject2, copyProject4, copyProject5);
}
@Test
public void isSystemAdministrator_returns_true_if_user_is_administrator() {
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(user, SYSTEM_ADMIN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
UserSession session = newUserSession(user);
@Test
public void isSystemAdministrator_returns_false_if_user_is_not_administrator() {
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(user, PROVISIONING);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
UserSession session = newUserSession(user);
@Test
public void keep_isSystemAdministrator_flag_in_cache() {
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(user, SYSTEM_ADMIN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
UserSession session = newUserSession(user);
ComponentDto privateProject = db.components().insertPrivateProject();
Set<ProjectDto> projectDto = Set.of(getProjectDto(publicProject), getProjectDto(privateProject));
- List<ProjectDto> projectDtos = newUserSession(null).keepAuthorizedProjects(USER, projectDto);
+ List<ProjectDto> projectDtos = newUserSession(null).keepAuthorizedProjects(UserRole.USER, projectDto);
assertThat(projectDtos).containsExactly(db.components().getProjectDto(publicProject));
}
ComponentDto privateProject = db.components().insertPrivateProject();
Set<ProjectDto> projectDto = Set.of(getProjectDto(publicProject), getProjectDto(privateProject));
- List<ProjectDto> projectDtos = newUserSession(userDto).keepAuthorizedProjects(USER, projectDto);
+ List<ProjectDto> projectDtos = newUserSession(userDto).keepAuthorizedProjects(UserRole.USER, projectDto);
assertThat(projectDtos).containsExactly(db.components().getProjectDto(publicProject));
}
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
TokenUserSession userSession = mockProjectAnalysisTokenUserSession(user,project1);
@Test
public void test_hasGlobalPermission_for_UserToken() {
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
TokenUserSession userSession = mockTokenUserSession(user);
db.users().insertProjectPermissionOnUser(user, SCAN, project1);
db.users().insertProjectPermissionOnUser(user, SCAN, project2);
- db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
TokenUserSession userSession = mockProjectAnalysisTokenUserSession(user,project1);
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);
public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsTrueIfUserIsGranted() {
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
- db.users().insertPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);
public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsFalseIfUserIsNotGranted() {
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);
public void test_hasAdministerGlobalPermission_for_GlobalAnalysisToken_returnsFalse() {
UserDto user = db.users().insertUser();
- db.users().insertPermissionOnUser(user, GlobalPermission.ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);
import java.util.List;
import java.util.Optional;
-import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.api.web.UserRole;
import org.sonar.core.util.UuidFactory;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.ComponentDto;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.db.user.GroupDto;
import static com.google.common.base.Preconditions.checkNotNull;
import static java.lang.String.format;
-import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.server.exceptions.BadRequestException.checkRequest;
import static org.sonar.server.permission.PermissionChange.Operation.ADD;
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;
private static boolean isAttemptToAddPublicPermissionToPublicComponent(GroupPermissionChange change, ComponentDto project) {
return !project.isPrivate()
&& change.getOperation() == ADD
- && PUBLIC_PERMISSIONS.contains(change.getPermission());
+ && UserRole.PUBLIC_PERMISSIONS.contains(change.getPermission());
}
private static boolean isAttemptToRemovePermissionFromAnyoneOnPrivateComponent(GroupPermissionChange change, ComponentDto project) {
private static boolean isAttemptToRemovePublicPermissionFromPublicComponent(GroupPermissionChange change, ComponentDto project) {
return !project.isPrivate()
&& change.getOperation() == REMOVE
- && PUBLIC_PERMISSIONS.contains(change.getPermission());
+ && UserRole.PUBLIC_PERMISSIONS.contains(change.getPermission());
}
private boolean addPermission(DbSession dbSession, GroupPermissionChange change) {
}
private static void validateNotAnyoneAndAdminPermission(String permission, GroupUuidOrAnyone group) {
- checkRequest(!GlobalPermissions.SYSTEM_ADMIN.equals(permission) || !group.isAnyone(),
+ checkRequest(!GlobalPermission.ADMINISTER.getKey().equals(permission) || !group.isAnyone(),
format("It is not possible to add the '%s' permission to group 'Anyone'.", permission));
}
private void checkIfRemainingGlobalAdministrators(DbSession dbSession, GroupPermissionChange change) {
GroupUuidOrAnyone groupUuidOrAnyone = change.getGroupUuidOrAnyone();
- if (SYSTEM_ADMIN.equals(change.getPermission()) &&
+ if (GlobalPermission.ADMINISTER.getKey().equals(change.getPermission()) &&
!groupUuidOrAnyone.isAnyone() &&
change.getProjectUuid() == null) {
String groupUuid = checkNotNull(groupUuidOrAnyone.getUuid());
// removing global admin permission from group
- int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroup(dbSession, SYSTEM_ADMIN, groupUuid);
- checkRequest(remaining > 0, "Last group with permission '%s'. Permission cannot be removed.", SYSTEM_ADMIN);
+ int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroup(dbSession, GlobalPermission.ADMINISTER.getKey(), groupUuid);
+ checkRequest(remaining > 0, "Last group with permission '%s'. Permission cannot be removed.", GlobalPermission.ADMINISTER.getKey());
}
}
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
-import org.sonar.db.component.ComponentDto;
import org.sonar.db.permission.GlobalPermission;
+import org.sonar.db.component.ComponentDto;
import static java.util.Objects.requireNonNull;
import static org.sonar.core.util.stream.MoreCollectors.toList;
import javax.annotation.Nullable;
import org.sonar.api.resources.ResourceType;
import org.sonar.api.resources.ResourceTypes;
-import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.server.exceptions.BadRequestException;
import static com.google.common.base.Strings.isNullOrEmpty;
}
public static void validateGlobalPermission(String permission) {
- checkRequest(GlobalPermissions.ALL.contains(permission),
- format("The '%s' parameter for global permissions must be one of %s. '%s' was passed.", PARAM_PERMISSION, GlobalPermissions.ALL_ON_ONE_LINE, permission));
+ checkRequest(GlobalPermission.contains(permission),
+ format("The '%s' parameter for global permissions must be one of %s. '%s' was passed.", PARAM_PERMISSION, GlobalPermission.ALL_ON_ONE_LINE, permission));
}
public static void validateQualifier(@Nullable String qualifier, ResourceTypes resourceTypes) {
package org.sonar.server.permission;
import java.util.List;
+import org.sonar.api.web.UserRole;
import org.sonar.core.util.UuidFactory;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.ComponentDto;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.permission.UserPermissionDto;
-import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.server.exceptions.BadRequestException.checkRequest;
import static org.sonar.server.permission.PermissionChange.Operation.ADD;
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;
private static boolean isAttemptToAddPublicPermissionToPublicComponent(UserPermissionChange change, ComponentDto project) {
return !project.isPrivate()
&& change.getOperation() == ADD
- && PUBLIC_PERMISSIONS.contains(change.getPermission());
+ && UserRole.PUBLIC_PERMISSIONS.contains(change.getPermission());
}
private static void ensureConsistencyWithVisibility(UserPermissionChange change) {
private static boolean isAttemptToRemovePublicPermissionFromPublicComponent(UserPermissionChange change, ComponentDto projectUuid) {
return !projectUuid.isPrivate()
&& change.getOperation() == REMOVE
- && PUBLIC_PERMISSIONS.contains(change.getPermission());
+ && UserRole.PUBLIC_PERMISSIONS.contains(change.getPermission());
}
private boolean addPermission(DbSession dbSession, UserPermissionChange change) {
}
private void checkOtherAdminsExist(DbSession dbSession, UserPermissionChange change) {
- if (SYSTEM_ADMIN.equals(change.getPermission()) && change.getProjectUuid() == null) {
+ if (GlobalPermission.ADMINISTER.getKey().equals(change.getPermission()) && change.getProjectUuid() == null) {
int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUserPermission(dbSession, change.getPermission(), change.getUserId().getUuid());
- checkRequest(remaining > 0, "Last user with permission '%s'. Permission cannot be removed.", SYSTEM_ADMIN);
+ checkRequest(remaining > 0, "Last user with permission '%s'. Permission cannot be removed.", GlobalPermission.ADMINISTER.getKey());
}
}
}
import com.google.common.base.Joiner;
import org.sonar.api.server.ws.WebService;
-import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.server.permission.PermissionService;
import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01;
"<li>Possible values for global permissions: %s</li>" +
"<li>Possible values for project permissions %s</li>" +
"</ul>",
- GlobalPermissions.ALL_ON_ONE_LINE,
+ GlobalPermission.ALL_ON_ONE_LINE,
allProjectsPermissionsOnOneLine);
projectPermissionParamDescription = String.format("Permission" +
"<ul>" +
import org.sonar.server.user.UserSession;
import static java.lang.String.format;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
+import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.server.exceptions.BadRequestException.checkRequest;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
import static org.sonar.server.permission.ws.WsParameters.createGroupNameParameter;
try (DbSession dbSession = dbClient.openSession(false)) {
String permission = request.mandatoryParam(PARAM_PERMISSION);
GroupUuidOrAnyone group = support.findGroup(dbSession, request);
- checkRequest(!SYSTEM_ADMIN.equals(permission) || !group.isAnyone(),
+ checkRequest(!ADMINISTER.getKey().equals(permission) || !group.isAnyone(),
format("It is not possible to add the '%s' permission to the group 'Anyone'.", permission));
PermissionTemplateDto template = support.findTemplate(dbSession, fromRequest(request));
import java.net.UnknownHostException;
import okhttp3.HttpUrl;
import org.sonar.api.config.Configuration;
+import org.sonar.api.web.UserRole;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.server.user.UserSession;
import static org.sonar.api.CoreProperties.SONAR_VALIDATE_WEBHOOKS_DEFAULT_VALUE;
import static org.sonar.api.CoreProperties.SONAR_VALIDATE_WEBHOOKS_PROPERTY;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
public class WebhookSupport {
}
void checkPermission(ProjectDto projectDto) {
- userSession.checkProjectPermission(ADMIN, projectDto);
+ userSession.checkProjectPermission(UserRole.ADMIN, projectDto);
}
void checkPermission() {
- userSession.checkPermission(ADMINISTER);
+ userSession.checkPermission(GlobalPermission.ADMINISTER);
}
void checkUrlPattern(String url, String message, Object... messageArguments) {
import java.util.Collections;
import java.util.List;
import java.util.Optional;
-import java.util.stream.Collectors;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Rule;
import org.junit.Test;
-import org.sonar.api.config.internal.MapSettings;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.Scopes;
import org.sonar.core.util.Uuids;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.component.ComponentTesting.newFileDto;
+import static org.sonar.db.permission.GlobalPermission.SCAN;
public class ProjectDataLoaderTest {
@Rule
private DbClient dbClient = db.getDbClient();
private DbSession dbSession = db.getSession();
- private int uuidCounter = 0;
private ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
- private MapSettings settings = new MapSettings();
private ProjectDataLoader underTest = new ProjectDataLoader(dbClient, userSession, new ComponentFinder(dbClient, resourceTypes));
@Test
public void throws_NotFoundException_when_branch_does_not_exist() {
ComponentDto project = db.components().insertPrivateProject();
- userSession.logIn().addProjectPermission(SCAN_EXECUTION, project);
+ userSession.logIn().addProjectPermission(SCAN.getKey(), project);
assertThatThrownBy(() -> {
underTest.load(ProjectDataQuery.create()
@Test
public void return_file_data_from_single_project() {
ComponentDto project = db.components().insertPrivateProject();
- userSession.logIn().addProjectPermission(SCAN_EXECUTION, project);
+ userSession.logIn().addProjectPermission(SCAN.getKey(), project);
ComponentDto file = db.components().insertComponent(newFileDto(project));
dbClient.fileSourceDao().insert(dbSession, newFileSourceDto(file).setSrcHash("123456"));
db.commit();
public void return_file_data_from_branch() {
ComponentDto project = db.components().insertPrivateProject();
ComponentDto branch = db.components().insertProjectBranch(project, b -> b.setKey("my_branch"));
- userSession.logIn().addProjectPermission(SCAN_EXECUTION, project);
+ userSession.logIn().addProjectPermission(SCAN.getKey(), project);
// File on branch
ComponentDto projectFile = db.components().insertComponent(newFileDto(branch));
dbClient.fileSourceDao().insert(dbSession, newFileSourceDto(projectFile).setSrcHash("123456"));
import static org.sonar.api.utils.DateUtils.dateToLong;
import static org.sonar.api.utils.DateUtils.parseDateTime;
import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.component.BranchDto.DEFAULT_MAIN_BRANCH_NAME;
import static org.sonar.db.component.BranchType.BRANCH;
import static org.sonar.db.component.SnapshotTesting.newAnalysis;
+import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.test.JsonAssert.assertJson;
public class ListActionTest {
db.issues().insert(rule, branch, branch, i -> i.setType(BUG).setResolution(null));
indexIssues();
- userSession.logIn().addProjectPermission(SCAN_EXECUTION, project);
+ userSession.logIn().addProjectPermission(SCAN.getKey(), project);
String json = ws.newRequest()
.setParam("project", project.getKey())
import static org.mockito.Mockito.verifyNoInteractions;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
import static org.sonar.db.component.ComponentTesting.newBranchDto;
import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
public void submit_does_not_use_delegate_if_characteristics_are_empty() {
ComponentDto project = db.components().insertPublicProject();
UserDto user = db.users().insertUser();
- userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, project);
+ userSession.logIn(user).addProjectPermission(SCAN.getKey(), project);
mockSuccessfulPrepareSubmitCall();
InputStream reportInput = IOUtils.toInputStream("{binary}", StandardCharsets.UTF_8);
ComponentDto project = db.components().insertPublicProject();
ComponentDto branch = db.components().insertProjectBranch(project, b -> b.setKey("branch1"));
UserDto user = db.users().insertUser();
- userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, project);
+ userSession.logIn(user).addProjectPermission(SCAN.getKey(), project);
Map<String, String> randomCharacteristics = randomNonEmptyMap();
BranchSupport.ComponentKey componentKey = createComponentKeyOfBranch(project.getKey(), "branch1");
when(branchSupportDelegate.createComponentKey(project.getKey(), randomCharacteristics)).thenReturn(componentKey);
ComponentDto existingProject = db.components().insertPublicProject();
BranchDto exitingProjectMainBranch = db.getDbClient().branchDao().selectByUuid(db.getSession(), existingProject.uuid()).get();
UserDto user = db.users().insertUser();
- userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, existingProject);
+ userSession.logIn(user).addProjectPermission(SCAN.getKey(), existingProject);
Map<String, String> randomCharacteristics = randomNonEmptyMap();
ComponentDto createdBranch = createButDoNotInsertBranch(existingProject);
BranchSupport.ComponentKey componentKey = createComponentKeyOfBranch(existingProject.getKey(), "branch1");
public void submit_fails_if_branch_support_delegate_createComponentKey_throws_an_exception() {
ComponentDto project = db.components().insertPublicProject();
UserDto user = db.users().insertUser();
- userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, project);
+ userSession.logIn(user).addProjectPermission(SCAN.getKey(), project);
Map<String, String> randomCharacteristics = randomNonEmptyMap();
InputStream reportInput = IOUtils.toInputStream("{binary}", StandardCharsets.UTF_8);
RuntimeException expected = new RuntimeException("Faking an exception thrown by branchSupportDelegate");
public void submit_report_on_missing_branch_of_missing_project_fails_with_ForbiddenException_if_only_scan_permission() {
ComponentDto nonExistingProject = newPrivateProjectDto();
UserDto user = db.users().insertUser();
- userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, nonExistingProject);
+ userSession.logIn(user).addProjectPermission(SCAN.getKey(), nonExistingProject);
Map<String, String> randomCharacteristics = randomNonEmptyMap();
ComponentDto createdBranch = createButDoNotInsertBranch(nonExistingProject);
BranchSupport.ComponentKey componentKey = createComponentKeyOfBranch(nonExistingProject.getKey());
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoInteractions;
import static org.mockito.Mockito.when;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
import static org.sonar.db.component.BranchDto.DEFAULT_MAIN_BRANCH_NAME;
import static org.sonar.db.component.ComponentTesting.newDirectory;
public void submit_a_report_on_existing_project() {
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser();
- userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, project);
+ userSession.logIn(user).addProjectPermission(SCAN.getKey(), project);
mockSuccessfulPrepareSubmitCall();
underTest.submit(project.getKey(), project.name(), emptyMap(), IOUtils.toInputStream("{binary}", StandardCharsets.UTF_8));
@Test
public void submit_a_report_on_existing_project_with_project_scan_permission() {
ComponentDto project = db.components().insertPrivateProject();
- userSession.addProjectPermission(SCAN_EXECUTION, project);
+ userSession.addProjectPermission(SCAN.getKey(), project);
mockSuccessfulPrepareSubmitCall();
underTest.submit(project.getKey(), project.name(), emptyMap(), IOUtils.toInputStream("{binary}"));
@Test
public void fail_if_component_is_not_a_project() {
ComponentDto component = db.components().insertPublicPortfolio();
- userSession.logIn().addProjectPermission(SCAN_EXECUTION, component);
+ userSession.logIn().addProjectPermission(SCAN.getKey(), component);
mockSuccessfulPrepareSubmitCall();
String dbKey = component.getKey();
public void fail_if_project_key_already_exists_as_other_component() {
ComponentDto project = db.components().insertPrivateProject();
ComponentDto dir = db.components().insertComponent(newDirectory(project, "path"));
- userSession.logIn().addProjectPermission(SCAN_EXECUTION, project);
+ userSession.logIn().addProjectPermission(SCAN.getKey(), project);
mockSuccessfulPrepareSubmitCall();
String dirDbKey = dir.getKey();
@Test
public void fail_with_forbidden_exception_on_new_project_when_only_project_scan_permission() {
ComponentDto component = db.components().insertPrivateProject(PROJECT_UUID);
- userSession.addProjectPermission(SCAN_EXECUTION, component);
+ userSession.addProjectPermission(SCAN.getKey(), component);
mockSuccessfulPrepareSubmitCall();
Map<String, String> emptyMap = emptyMap();
import org.junit.Test;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.util.CloseableIterator;
import org.sonar.core.util.UuidFactoryFast;
import org.sonar.core.util.Uuids;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.SCAN;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.ce.CeTaskCharacteristicDto.BRANCH_KEY;
import static org.sonar.db.ce.CeTaskCharacteristicDto.BRANCH_TYPE_KEY;
import static org.sonar.db.component.BranchType.BRANCH;
@Test
public void get_project_queue_task_with_scan_permission_on_project() {
UserDto user = db.users().insertUser();
- userSession.logIn(user).addProjectPermission(GlobalPermissions.SCAN_EXECUTION, privateProject);
+ userSession.logIn(user).addProjectPermission(GlobalPermission.SCAN.getKey(), privateProject);
CeQueueDto task = createAndPersistQueueTask(privateProject, user);
call(task.getUuid());
@Test
public void get_project_queue_task_on_public_project() {
UserDto user = db.users().insertUser();
- userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, privateProject);
+ userSession.logIn(user).addProjectPermission(GlobalPermission.SCAN.getKey(), privateProject);
CeQueueDto task = createAndPersistQueueTask(privateProject, user);
call(task.getUuid());
@Test
public void get_project_archived_task_with_scan_permission_on_project() {
- userSession.logIn().addProjectPermission(GlobalPermissions.SCAN_EXECUTION, privateProject);
+ userSession.logIn().addProjectPermission(GlobalPermission.SCAN.getKey(), privateProject);
CeActivityDto task = createAndPersistArchivedTask(privateProject);
call(task.getUuid());
@Test
public void get_warnings_on_private_project_archived_task_if_scan() {
- userSession.logIn().addProjectPermission(SCAN_EXECUTION, privateProject);
+ userSession.logIn().addProjectPermission(GlobalPermission.SCAN.getKey(), privateProject);
getWarningsImpl(createAndPersistArchivedTask(privateProject));
}
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.util.SequenceUuidFactory;
import org.sonar.core.util.Uuids;
import org.sonar.db.DbTester;
import static org.assertj.core.api.Assertions.fail;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
+import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_PROFILES;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
public class GroupPermissionChangerTest {
public void apply_adds_global_permission_to_group() {
GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupUuid, permissionService));
+ apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_PROFILES.getKey(), null, groupUuid, permissionService));
- assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
+ assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_PROFILES.getKey());
}
@Test
public void apply_adds_global_permission_to_group_AnyOne() {
GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupUuid, permissionService));
+ apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_PROFILES.getKey(), null, groupUuid, permissionService));
- assertThat(db.users().selectAnyonePermissions(null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
+ assertThat(db.users().selectAnyonePermissions(null)).containsOnly(ADMINISTER_QUALITY_PROFILES.getKey());
}
@Test
@Test
public void apply_adds_permission_SCAN_EXECUTION_to_group_on_private_project() {
- applyAddsPermissionToGroupOnPrivateProject(GlobalPermissions.SCAN_EXECUTION);
+ applyAddsPermissionToGroupOnPrivateProject(GlobalPermission.SCAN.getKey());
}
private void applyAddsPermissionToGroupOnPrivateProject(String permission) {
@Test
public void apply_removes_permission_SCAN_EXECUTION_from_on_private_project() {
- applyRemovesPermissionFromGroupOnPrivateProject(GlobalPermissions.SCAN_EXECUTION);
+ applyRemovesPermissionFromGroupOnPrivateProject(GlobalPermission.SCAN.getKey());
}
private void applyRemovesPermissionFromGroupOnPrivateProject(String permission) {
public void apply_adds_permission_SCAN_EXECUTION_to_group_AnyOne_on_a_public_project() {
GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.SCAN_EXECUTION, publicProject, groupUuid, permissionService));
+ apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermission.SCAN.getKey(), publicProject, groupUuid, permissionService));
- assertThat(db.users().selectAnyonePermissions(publicProject)).containsOnly(GlobalPermissions.SCAN_EXECUTION);
+ assertThat(db.users().selectAnyonePermissions(publicProject)).containsOnly(GlobalPermission.SCAN.getKey());
}
@Test
@Test
public void apply_removes_SCAN_EXECUTION_permission_from_group_AnyOne_on_a_public_project() {
- applyRemovesPermissionFromGroupAnyOneOnAPublicProject(GlobalPermissions.SCAN_EXECUTION);
+ applyRemovesPermissionFromGroupAnyOneOnAPublicProject(GlobalPermission.SCAN.getKey());
}
private void applyRemovesPermissionFromGroupAnyOneOnAPublicProject(String permission) {
public void add_permission_to_anyone() {
GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();
- apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupUuid, permissionService));
+ apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_PROFILES.getKey(), null, groupUuid, permissionService));
assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
- assertThat(db.users().selectAnyonePermissions(null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
+ assertThat(db.users().selectAnyonePermissions(null)).containsOnly(ADMINISTER_QUALITY_PROFILES.getKey());
}
@Test
permissionService.getGlobalPermissions().stream()
.map(GlobalPermission::getKey)
- .filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm))
+ .filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermission.SCAN.getKey().equals(perm))
.forEach(perm -> {
try {
new GroupPermissionChange(PermissionChange.Operation.ADD, perm, privateProject, groupUuid, permissionService);
permissionService.getGlobalPermissions().stream()
.map(GlobalPermission::getKey)
- .filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm))
+ .filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermission.SCAN.getKey().equals(perm))
.forEach(perm -> {
try {
new GroupPermissionChange(PermissionChange.Operation.ADD, perm, publicProject, groupUuid, permissionService);
permissionService.getAllProjectPermissions()
.stream()
- .filter(perm -> !GlobalPermissions.SCAN_EXECUTION.equals(perm) && !GlobalPermission.ADMINISTER.getKey().equals(perm))
+ .filter(perm -> !GlobalPermission.SCAN.getKey().equals(perm) && !GlobalPermission.ADMINISTER.getKey().equals(perm))
.forEach(permission -> {
try {
new GroupPermissionChange(PermissionChange.Operation.ADD, permission, null, groupUuid, permissionService);
GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);
db.users().insertPermissionOnGroup(group, ADMINISTER);
UserDto admin = db.users().insertUser();
- db.users().insertPermissionOnUser(admin, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(admin, ADMINISTER);
apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupUuid, permissionService));
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ResourceTypesRule;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.permission.template.PermissionTemplateDbTester;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.user.GroupDto;
import static org.sonar.api.resources.Qualifiers.APP;
import static org.sonar.api.resources.Qualifiers.PROJECT;
import static org.sonar.api.resources.Qualifiers.VIEW;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
-import static org.sonar.db.permission.GlobalPermission.SCAN;
public class PermissionTemplateServiceTest {
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
assertThat(selectProjectPermissionsOfGroup(null, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
underTest.applyDefaultToNewComponent(session, publicProject, null);
assertThat(selectProjectPermissionsOfGroup(null, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
assertThat(selectProjectPermissionsOfGroup(group, privateProject))
- .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
underTest.applyDefaultToNewComponent(session, privateProject, null);
assertThat(selectProjectPermissionsOfGroup(group, privateProject))
- .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
assertThat(selectProjectPermissionsOfGroup(group, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
underTest.applyDefaultToNewComponent(session, publicProject, null);
assertThat(selectProjectPermissionsOfGroup(group, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
assertThat(selectProjectPermissionsOfUser(user, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
underTest.applyDefaultToNewComponent(session, publicProject, null);
assertThat(selectProjectPermissionsOfUser(user, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
underTest.applyDefaultToNewComponent(session, privateProject, null);
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
underTest.applyDefaultToNewComponent(session, publicProject, user.getUuid());
assertThat(selectProjectPermissionsOfUser(user, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
underTest.applyDefaultToNewComponent(session, privateProject, user.getUuid());
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}
@Test
ComponentDto portfolio = dbTester.components().insertPrivatePortfolio();
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
- dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, ADMINISTER.getKey());
- dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, PROVISION_PROJECTS.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
underTest.applyDefaultToNewComponent(session, portfolio, null);
assertThat(selectProjectPermissionsOfGroup(group, portfolio))
- .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
+ .containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
}
@Test
PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
PermissionTemplateDto appPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
- dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, ADMINISTER.getKey());
- dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, PROVISION_PROJECTS.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, appPermissionTemplate, null);
underTest.applyDefaultToNewComponent(session, view, null);
assertThat(selectProjectPermissionsOfGroup(group, view))
- .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
+ .containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
}
@Test
PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
PermissionTemplateDto portPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
- dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, ADMINISTER.getKey());
- dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, PROVISION_PROJECTS.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, portPermissionTemplate);
underTest.applyDefaultToNewComponent(session, view, null);
assertThat(selectProjectPermissionsOfGroup(group, view))
- .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
+ .containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
}
@Test
ComponentDto view = dbTester.components().insertPrivatePortfolio();
PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
- dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, PROVISION_PROJECTS.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, null);
underTest.applyDefaultToNewComponent(session, view, null);
- assertThat(selectProjectPermissionsOfGroup(group, view)).containsOnly(PROVISION_PROJECTS.getKey());
+ assertThat(selectProjectPermissionsOfGroup(group, view)).containsOnly(GlobalPermission.PROVISION_PROJECTS.getKey());
}
@Test
ComponentDto application = dbTester.components().insertPublicApplication();
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
- dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, ADMINISTER.getKey());
- dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, PROVISION_PROJECTS.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);
underTest.applyDefaultToNewComponent(session, application, null);
assertThat(selectProjectPermissionsOfGroup(group, application))
- .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
+ .containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
}
@Test
PermissionTemplateDto appPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
PermissionTemplateDto portPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
- dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, ADMINISTER.getKey());
- dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, PROVISION_PROJECTS.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, appPermissionTemplate, portPermissionTemplate);
underTest.applyDefaultToNewComponent(session, application, null);
assertThat(selectProjectPermissionsOfGroup(group, application))
- .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
+ .containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
}
@Test
ComponentDto application = dbTester.components().insertPublicApplication();
PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
- dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, PROVISION_PROJECTS.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, null);
underTest.applyDefaultToNewComponent(session, application, null);
- assertThat(selectProjectPermissionsOfGroup(group, application)).containsOnly(PROVISION_PROJECTS.getKey());
+ assertThat(selectProjectPermissionsOfGroup(group, application)).containsOnly(GlobalPermission.PROVISION_PROJECTS.getKey());
}
@Test
ComponentDto project = dbTester.components().insertPrivateProject();
GroupDto adminGroup = dbTester.users().insertGroup();
GroupDto userGroup = dbTester.users().insertGroup();
- dbTester.users().insertPermissionOnGroup(adminGroup, "admin");
- dbTester.users().insertPermissionOnGroup(userGroup, "user");
- dbTester.users().insertPermissionOnUser(user, "admin");
+ dbTester.users().insertPermissionOnGroup(adminGroup, GlobalPermission.ADMINISTER.getKey());
+ dbTester.users().insertPermissionOnGroup(userGroup, UserRole.USER);
+ dbTester.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
- dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, "admin");
- dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, "issueadmin");
- dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, "user");
- dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, "codeviewer");
- dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "user");
- dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "codeviewer");
- dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "admin");
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, GlobalPermission.ADMINISTER.getKey());
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, UserRole.ISSUE_ADMIN);
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, UserRole.USER);
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, UserRole.CODEVIEWER);
+ dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, UserRole.USER);
+ dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, UserRole.CODEVIEWER);
+ dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, GlobalPermission.ADMINISTER.getKey());
assertThat(selectProjectPermissionsOfGroup(adminGroup, project)).isEmpty();
assertThat(selectProjectPermissionsOfGroup(userGroup, project)).isEmpty();
underTest.applyAndCommit(session, permissionTemplate, singletonList(project));
- assertThat(selectProjectPermissionsOfGroup(adminGroup, project)).containsOnly("admin", "issueadmin");
- assertThat(selectProjectPermissionsOfGroup(userGroup, project)).containsOnly("user", "codeviewer");
+ assertThat(selectProjectPermissionsOfGroup(adminGroup, project)).containsOnly(GlobalPermission.ADMINISTER.getKey(), UserRole.ISSUE_ADMIN);
+ assertThat(selectProjectPermissionsOfGroup(userGroup, project)).containsOnly(UserRole.USER, UserRole.CODEVIEWER);
assertThat(selectProjectPermissionsOfGroup(null, project)).isEmpty();
- assertThat(selectProjectPermissionsOfUser(user, project)).containsOnly("admin");
+ assertThat(selectProjectPermissionsOfUser(user, project)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}
private List<String> selectProjectPermissionsOfGroup(@Nullable GroupDto groupDto, ComponentDto project) {
dbTester.users().insertMember(group, user);
PermissionTemplateDto template = templateDb.insertTemplate();
dbTester.permissionTemplates().setDefaultTemplates(template, null, null);
- templateDb.addProjectCreatorToTemplate(template.getUuid(), SCAN.getKey(), template.getName());
+ templateDb.addProjectCreatorToTemplate(template.getUuid(), GlobalPermission.SCAN.getKey(), template.getName());
templateDb.addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.USER, template.getName(), user.getLogin());
templateDb.addGroupToTemplate(template.getUuid(), group.getUuid(), UserRole.CODEVIEWER, template.getName(), group.getName());
templateDb.addGroupToTemplate(template.getUuid(), null, UserRole.ISSUE_ADMIN, template.getName(), null);
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
import org.sonar.core.util.SequenceUuidFactory;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.api.web.UserRole.CODEVIEWER;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
-import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.server.permission.PermissionChange.Operation.ADD;
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;
@Test
public void apply_removes_any_global_permission_to_user() {
// give ADMIN perm to user2 so that user1 is not the only one with this permission and it can be removed from user1
- db.users().insertPermissionOnUser(user2, GlobalPermission.ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.ADMINISTER);
permissionService.getGlobalPermissions()
- .forEach(perm -> db.users().insertPermissionOnUser(user1, perm));
+ .forEach(perm -> db.users().insertGlobalPermissionOnUser(user1, perm));
assertThat(db.users().selectPermissionsOfUser(user1))
.containsOnly(permissionService.getGlobalPermissions().toArray(new GlobalPermission[0]));
@Test
public void apply_has_no_effect_when_adding_permission_USER_on_a_public_project() {
- UserPermissionChange change = new UserPermissionChange(ADD, USER, publicProject, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(ADD, UserRole.USER, publicProject, UserIdDto.from(user1), permissionService);
apply(change);
- assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).doesNotContain(USER);
+ assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).doesNotContain(UserRole.USER);
}
@Test
public void apply_has_no_effect_when_adding_permission_CODEVIEWER_on_a_public_project() {
- UserPermissionChange change = new UserPermissionChange(ADD, CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(ADD, UserRole.CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);
apply(change);
- assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).doesNotContain(CODEVIEWER);
+ assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).doesNotContain(UserRole.CODEVIEWER);
}
@Test
public void apply_adds_permission_ADMIN_on_a_public_project() {
- applyAddsPermissionOnAPublicProject(ADMIN);
+ applyAddsPermissionOnAPublicProject(UserRole.ADMIN);
}
@Test
public void apply_adds_permission_ISSUE_ADMIN_on_a_public_project() {
- applyAddsPermissionOnAPublicProject(ISSUE_ADMIN);
+ applyAddsPermissionOnAPublicProject(UserRole.ISSUE_ADMIN);
}
@Test
public void apply_adds_permission_SCAN_EXECUTION_on_a_public_project() {
- applyAddsPermissionOnAPublicProject(SCAN_EXECUTION);
+ applyAddsPermissionOnAPublicProject(GlobalPermission.SCAN.getKey());
}
private void applyAddsPermissionOnAPublicProject(String permission) {
@Test
public void apply_fails_with_BadRequestException_when_removing_permission_USER_from_a_public_project() {
- UserPermissionChange change = new UserPermissionChange(REMOVE, USER, publicProject, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.USER, publicProject, UserIdDto.from(user1), permissionService);
assertThatThrownBy(() -> apply(change))
.isInstanceOf(BadRequestException.class)
@Test
public void apply_fails_with_BadRequestException_when_removing_permission_CODEVIEWER_from_a_public_project() {
- UserPermissionChange change = new UserPermissionChange(REMOVE, CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);
assertThatThrownBy(() -> apply(change))
.isInstanceOf(BadRequestException.class)
@Test
public void apply_removes_permission_ADMIN_from_a_public_project() {
- applyRemovesPermissionFromPublicProject(ADMIN);
+ applyRemovesPermissionFromPublicProject(UserRole.ADMIN);
}
@Test
public void apply_removes_permission_ISSUE_ADMIN_from_a_public_project() {
- applyRemovesPermissionFromPublicProject(ISSUE_ADMIN);
+ applyRemovesPermissionFromPublicProject(UserRole.ISSUE_ADMIN);
}
@Test
public void apply_removes_permission_SCAN_EXECUTION_from_a_public_project() {
- applyRemovesPermissionFromPublicProject(SCAN_EXECUTION);
+ applyRemovesPermissionFromPublicProject(GlobalPermission.SCAN.getKey());
}
private void applyRemovesPermissionFromPublicProject(String permission) {
@Test
public void add_global_permission_to_user() {
- UserPermissionChange change = new UserPermissionChange(ADD, SCAN_EXECUTION, null, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(ADD, GlobalPermission.SCAN.getKey(), null, UserIdDto.from(user1), permissionService);
apply(change);
- assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(SCAN);
+ assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(GlobalPermission.SCAN);
assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).isEmpty();
assertThat(db.users().selectPermissionsOfUser(user2)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).isEmpty();
@Test
public void add_project_permission_to_user() {
- UserPermissionChange change = new UserPermissionChange(ADD, ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(ADD, UserRole.ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
apply(change);
assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();
- assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).contains(ISSUE_ADMIN);
+ assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).contains(UserRole.ISSUE_ADMIN);
assertThat(db.users().selectPermissionsOfUser(user2)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).isEmpty();
}
@Test
public void do_nothing_when_adding_global_permission_that_already_exists() {
- db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES);
- UserPermissionChange change = new UserPermissionChange(ADD, QUALITY_GATE_ADMIN, null, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(ADD, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), null, UserIdDto.from(user1), permissionService);
apply(change);
- assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(ADMINISTER_QUALITY_GATES);
+ assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(GlobalPermission.ADMINISTER_QUALITY_GATES);
}
@Test
public void fail_to_add_global_permission_on_project() {
assertThatThrownBy(() -> {
- UserPermissionChange change = new UserPermissionChange(ADD, QUALITY_GATE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(ADD, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), privateProject, UserIdDto.from(user1), permissionService);
apply(change);
})
.isInstanceOf(BadRequestException.class)
@Test
public void fail_to_add_project_permission() {
assertThatThrownBy(() -> {
- UserPermissionChange change = new UserPermissionChange(ADD, ISSUE_ADMIN, null, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(ADD, UserRole.ISSUE_ADMIN, null, UserIdDto.from(user1), permissionService);
apply(change);
})
.isInstanceOf(BadRequestException.class)
@Test
public void remove_global_permission_from_user() {
- db.users().insertPermissionOnUser(user1, QUALITY_GATE_ADMIN);
- db.users().insertPermissionOnUser(user1, SCAN_EXECUTION);
- db.users().insertPermissionOnUser(user2, QUALITY_GATE_ADMIN);
- db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, privateProject);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.ADMINISTER_QUALITY_GATES);
+ db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, privateProject);
- UserPermissionChange change = new UserPermissionChange(REMOVE, QUALITY_GATE_ADMIN, null, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), null, UserIdDto.from(user1), permissionService);
apply(change);
- assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(SCAN);
- assertThat(db.users().selectPermissionsOfUser(user2)).containsOnly(ADMINISTER_QUALITY_GATES);
- assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(ISSUE_ADMIN);
+ assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(GlobalPermission.SCAN);
+ assertThat(db.users().selectPermissionsOfUser(user2)).containsOnly(GlobalPermission.ADMINISTER_QUALITY_GATES);
+ assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(UserRole.ISSUE_ADMIN);
}
@Test
public void remove_project_permission_from_user() {
ComponentDto project2 = db.components().insertPrivateProject();
- db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);
- db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, privateProject);
- db.users().insertProjectPermissionOnUser(user1, USER, privateProject);
- db.users().insertProjectPermissionOnUser(user2, ISSUE_ADMIN, privateProject);
- db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, project2);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES);
+ db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, privateProject);
+ db.users().insertProjectPermissionOnUser(user1, UserRole.USER, privateProject);
+ db.users().insertProjectPermissionOnUser(user2, UserRole.ISSUE_ADMIN, privateProject);
+ db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, project2);
- UserPermissionChange change = new UserPermissionChange(REMOVE, ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
apply(change);
- assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(USER);
- assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).containsOnly(ISSUE_ADMIN);
- assertThat(db.users().selectProjectPermissionsOfUser(user1, project2)).containsOnly(ISSUE_ADMIN);
+ assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(UserRole.USER);
+ assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).containsOnly(UserRole.ISSUE_ADMIN);
+ assertThat(db.users().selectProjectPermissionsOfUser(user1, project2)).containsOnly(UserRole.ISSUE_ADMIN);
}
@Test
public void do_not_fail_if_removing_a_global_permission_that_does_not_exist() {
- UserPermissionChange change = new UserPermissionChange(REMOVE, QUALITY_GATE_ADMIN, null, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), null, UserIdDto.from(user1), permissionService);
apply(change);
assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();
@Test
public void do_not_fail_if_removing_a_project_permission_that_does_not_exist() {
- UserPermissionChange change = new UserPermissionChange(REMOVE, ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
apply(change);
assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).isEmpty();
@Test
public void fail_to_remove_admin_global_permission_if_no_more_admins() {
- db.users().insertPermissionOnUser(user1, SYSTEM_ADMIN);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER);
assertThatThrownBy(() -> {
- UserPermissionChange change = new UserPermissionChange(REMOVE, SYSTEM_ADMIN, null, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER.getKey(), null, UserIdDto.from(user1), permissionService);
underTest.apply(db.getSession(), change);
})
.isInstanceOf(BadRequestException.class)
@Test
public void remove_admin_user_if_still_other_admins() {
- db.users().insertPermissionOnUser(user1, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER);
GroupDto admins = db.users().insertGroup("admins");
db.users().insertMember(admins, user2);
- db.users().insertPermissionOnGroup(admins, ADMINISTER);
+ db.users().insertPermissionOnGroup(admins, GlobalPermission.ADMINISTER);
- UserPermissionChange change = new UserPermissionChange(REMOVE, ADMINISTER.getKey(), null, UserIdDto.from(user1), permissionService);
+ UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER.getKey(), null, UserIdDto.from(user1), permissionService);
underTest.apply(db.getSession(), change);
assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.component.ResourceTypesRule;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.Assertions.fail;
import static org.assertj.core.api.Assertions.tuple;
-import static org.sonar.api.web.UserRole.CODEVIEWER;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newDirectory;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
import static org.sonar.db.component.ComponentTesting.newSubPortfolio;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
-import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
newRequest()
.setParam(PARAM_GROUP_NAME, "sonar-administrators")
- .setParam(PARAM_PERMISSION, ADMINISTER.getKey())
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly("admin");
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
- .setParam(PARAM_PERMISSION, PROVISION_PROJECTS.getKey())
+ .setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.execute();
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly("provisioning");
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, A_PROJECT_UUID)
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
- assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}
@Test
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_KEY, A_PROJECT_KEY)
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
- assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}
@Test
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, portfolio.uuid())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
- assertThat(db.users().selectGroupPermissions(group, portfolio)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectGroupPermissions(group, portfolio)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}
@Test
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, "not-found")
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class);
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, file.uuid())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class)
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, file.uuid())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class);
newRequest()
.setMethod("GET")
.setParam(PARAM_GROUP_NAME, "sonar-administrators")
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(ServerException.class);
assertThatThrownBy(() -> {
newRequest()
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(IllegalArgumentException.class)
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
@Test
public void adding_global_permission_fails_if_not_administrator() {
GroupDto group = db.users().insertGroup("sonar-administrators");
- userSession.logIn().addPermission(SCAN);
+ userSession.logIn().addPermission(GlobalPermission.SCAN);
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
- .setParam(PARAM_PERMISSION, PROVISION_PROJECTS.getKey())
+ .setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
- .setParam(PARAM_PERMISSION, PROVISION_PROJECTS.getKey())
+ .setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
})
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
- assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(ISSUE_ADMIN);
+ assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(UserRole.ISSUE_ADMIN);
}
@Test
newRequest()
.setParam(PARAM_GROUP_NAME, "anyone")
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, USER)
+ .setParam(PARAM_PERMISSION, UserRole.USER)
.execute();
assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
newRequest()
.setParam(PARAM_GROUP_NAME, "anyone")
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, CODEVIEWER)
+ .setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();
assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, USER)
+ .setParam(PARAM_PERMISSION, UserRole.USER)
.execute();
assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, CODEVIEWER)
+ .setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();
assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
newRequest()
.setParam(PARAM_PROJECT_ID, branch.uuid())
.setParam(PARAM_GROUP_NAME, group.getName())
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
})
.isInstanceOf(NotFoundException.class)
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.component.ResourceTypesRule;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.Mockito.mock;
-import static org.sonar.api.web.UserRole.CODEVIEWER;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newDirectory;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newSubPortfolio;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
- assertThat(db.users().selectPermissionsOfUser(user)).containsOnly(ADMINISTER);
+ assertThat(db.users().selectPermissionsOfUser(user)).containsOnly(GlobalPermission.ADMINISTER);
}
@Test
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
assertThat(db.users().selectPermissionsOfUser(user)).isEmpty();
- assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}
@Test
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_KEY, project.getKey())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
assertThat(db.users().selectPermissionsOfUser(user)).isEmpty();
- assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}
@Test
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, view.uuid())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
assertThat(db.users().selectPermissionsOfUser(user)).isEmpty();
- assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(SYSTEM_ADMIN);
+ assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}
@Test
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, "unknown-project-uuid")
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class);
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, file.uuid())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class)
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, "file-uuid")
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class);
newRequest()
.setMethod("GET")
.setParam(PARAM_USER_LOGIN, "george.orwell")
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(ServerException.class);
assertThatThrownBy(() -> {
newRequest()
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(IllegalArgumentException.class);
assertThatThrownBy(() -> {
newRequest()
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, "project-uuid")
.setParam(PARAM_PROJECT_KEY, "project-key")
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
TestRequest request = newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_KEY, project.getKey());
assertThatThrownBy(() -> request.execute())
TestRequest request = newRequest()
.setParam(PARAM_USER_LOGIN, "unknown")
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_KEY, project.getKey());
assertThatThrownBy(() -> request.execute())
.isInstanceOf(ForbiddenException.class);
userSession.logIn();
TestRequest request = newRequest()
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_KEY, project.getKey());
assertThatThrownBy(() -> request.execute())
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
- assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(ISSUE_ADMIN);
+ assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(UserRole.ISSUE_ADMIN);
}
@Test
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, USER)
+ .setParam(PARAM_PERMISSION, UserRole.USER)
.execute();
assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, CODEVIEWER)
+ .setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();
assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
TestRequest request = newRequest()
.setParam(PARAM_PROJECT_ID, branch.uuid())
.setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN);
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey());
assertThatThrownBy(() -> request.execute())
.isInstanceOf(NotFoundException.class)
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.WebService.Action;
+import org.sonar.api.web.UserRole;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.component.ResourceTypesRule;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import static org.sonar.api.server.ws.WebService.Param.PAGE;
import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
group1 = db.users().insertGroup("group-1-name");
group2 = db.users().insertGroup("group-2-name");
GroupDto group3 = db.users().insertGroup("group-3-name");
- db.users().insertPermissionOnGroup(group1, SCAN);
- db.users().insertPermissionOnGroup(group2, SCAN);
- db.users().insertPermissionOnGroup(group3, ADMINISTER);
- db.users().insertPermissionOnAnyone(SCAN);
+ db.users().insertPermissionOnGroup(group1, GlobalPermission.SCAN);
+ db.users().insertPermissionOnGroup(group2, GlobalPermission.SCAN);
+ db.users().insertPermissionOnGroup(group3, GlobalPermission.ADMINISTER);
+ db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
db.commit();
}
loginAsAdmin();
String json = newRequest()
- .setParam(PARAM_PERMISSION, SCAN.getKey())
+ .setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.execute()
.getInput();
assertJson(json).isSimilarTo("{\n" +
public void search_with_selection() {
loginAsAdmin();
String result = newRequest()
- .setParam(PARAM_PERMISSION, SCAN.getKey())
+ .setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.execute()
.getInput();
public void search_groups_with_pagination() {
loginAsAdmin();
String result = newRequest()
- .setParam(PARAM_PERMISSION, SCAN.getKey())
+ .setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.setParam(PAGE_SIZE, "1")
.setParam(PAGE, "3")
.execute()
public void search_groups_with_query() {
loginAsAdmin();
String result = newRequest()
- .setParam(PARAM_PERMISSION, SCAN.getKey())
+ .setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.setParam(TEXT_QUERY, "group-")
.execute()
.getInput();
public void search_groups_with_project_permissions() {
ComponentDto project = db.components().insertPrivateProject();
GroupDto group = db.users().insertGroup("project-group-name");
- db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);
ComponentDto anotherProject = db.components().insertPrivateProject();
GroupDto anotherGroup = db.users().insertGroup("another-project-group-name");
- db.users().insertProjectPermissionOnGroup(anotherGroup, ISSUE_ADMIN, anotherProject);
+ db.users().insertProjectPermissionOnGroup(anotherGroup, UserRole.ISSUE_ADMIN, anotherProject);
GroupDto groupWithoutPermission = db.users().insertGroup("group-without-permission");
- userSession.logIn().addProjectPermission(ADMIN, project);
+ userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
String result = newRequest()
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, project.uuid())
.execute()
.getInput();
public void return_also_groups_without_permission_when_search_query() {
ComponentDto project = db.components().insertPrivateProject();
GroupDto group = db.users().insertGroup("group-with-permission");
- db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);
GroupDto groupWithoutPermission = db.users().insertGroup("group-without-permission");
GroupDto anotherGroup = db.users().insertGroup("another-group");
loginAsAdmin();
String result = newRequest()
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(TEXT_QUERY, "group-with")
.execute()
public void return_only_groups_with_permission_when_no_search_query() {
ComponentDto project = db.components().insertComponent(newPrivateProjectDto("project-uuid"));
GroupDto group = db.users().insertGroup("project-group-name");
- db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);
GroupDto groupWithoutPermission = db.users().insertGroup("group-without-permission");
loginAsAdmin();
String result = newRequest()
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, project.uuid())
.execute()
.getInput();
public void return_anyone_group_when_search_query_and_no_param_permission() {
ComponentDto project = db.components().insertPrivateProject();
GroupDto group = db.users().insertGroup("group-with-permission");
- db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);
loginAsAdmin();
String result = newRequest()
public void search_groups_on_views() {
ComponentDto view = db.components().insertComponent(ComponentTesting.newPortfolio("view-uuid").setKey("view-key"));
GroupDto group = db.users().insertGroup("project-group-name");
- db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, view);
+ db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, view);
loginAsAdmin();
String result = newRequest()
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, "view-uuid")
.execute()
.getInput();
userSession.anonymous();
newRequest()
- .setParam(PARAM_PERMISSION, SCAN.getKey())
+ .setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.execute();
})
.isInstanceOf(UnauthorizedException.class);
assertThatThrownBy(() -> {
userSession.logIn("login");
newRequest()
- .setParam(PARAM_PERMISSION, SCAN.getKey())
+ .setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
assertThatThrownBy(() -> {
loginAsAdmin();
newRequest()
- .setParam(PARAM_PERMISSION, SCAN_EXECUTION)
+ .setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
ComponentDto project = db.components().insertPublicProject();
ComponentDto branch = db.components().insertProjectBranch(project);
GroupDto group = db.users().insertGroup();
- db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);
loginAsAdmin();
assertThatThrownBy(() -> {
newRequest()
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, branch.uuid())
.execute();
})
import org.sonar.core.util.Uuids;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ResourceTypesRule;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.db.user.GroupDto;
import org.sonar.server.exceptions.BadRequestException;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.Assertions.tuple;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.api.web.UserRole.CODEVIEWER;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newDirectory;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newSubPortfolio;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
@Test
public void remove_permission_using_group_name() {
- db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
- db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS);
+ db.users().insertPermissionOnGroup(aGroup, GlobalPermission.ADMINISTER);
+ db.users().insertPermissionOnGroup(aGroup, GlobalPermission.PROVISION_PROJECTS);
loginAsAdmin();
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
- .setParam(PARAM_PERMISSION, PROVISIONING)
+ .setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.execute();
- assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
+ assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}
@Test
public void remove_project_permission() {
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
- db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, project);
- db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project);
+ db.users().insertPermissionOnGroup(aGroup, GlobalPermission.ADMINISTER);
+ db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ADMIN, project);
+ db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ISSUE_ADMIN, project);
loginAsAdmin();
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ADMIN)
.execute();
- assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
- assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(ISSUE_ADMIN);
+ assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(GlobalPermission.ADMINISTER.getKey());
+ assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(UserRole.ISSUE_ADMIN);
}
@Test
public void remove_with_view_uuid() {
ComponentDto view = db.components().insertPrivatePortfolio();
- db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
- db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, view);
- db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, view);
+ db.users().insertPermissionOnGroup(aGroup, GlobalPermission.ADMINISTER);
+ db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ADMIN, view);
+ db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ISSUE_ADMIN, view);
loginAsAdmin();
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, view.uuid())
- .setParam(PARAM_PERMISSION, ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ADMIN)
.execute();
- assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
- assertThat(db.users().selectGroupPermissions(aGroup, view)).containsOnly(ISSUE_ADMIN);
+ assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(GlobalPermission.ADMINISTER.getKey());
+ assertThat(db.users().selectGroupPermissions(aGroup, view)).containsOnly(UserRole.ISSUE_ADMIN);
}
@Test
public void remove_with_project_key() {
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
- db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, project);
- db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project);
+ db.users().insertPermissionOnGroup(aGroup, GlobalPermission.ADMINISTER);
+ db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ADMIN, project);
+ db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ISSUE_ADMIN, project);
loginAsAdmin();
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_KEY, project.getKey())
- .setParam(PARAM_PERMISSION, ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ADMIN)
.execute();
- assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
- assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(ISSUE_ADMIN);
+ assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(GlobalPermission.ADMINISTER.getKey());
+ assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(UserRole.ISSUE_ADMIN);
}
@Test
public void fail_to_remove_last_admin_permission() {
- db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
- db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS);
+ db.users().insertPermissionOnGroup(aGroup, GlobalPermission.ADMINISTER);
+ db.users().insertPermissionOnGroup(aGroup, GlobalPermission.PROVISION_PROJECTS);
loginAsAdmin();
assertThatThrownBy(() -> {
- executeRequest(aGroup, SYSTEM_ADMIN);
+ executeRequest(aGroup, GlobalPermission.ADMINISTER.getKey());
})
.isInstanceOf(BadRequestException.class)
.hasMessage("Last group with permission 'admin'. Permission cannot be removed.");
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, "unknown-project-uuid")
- .setParam(PARAM_PERMISSION, ADMINISTER.getKey())
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class)
public void fail_when_project_project_permission_without_project() {
loginAsAdmin();
- assertThatThrownBy(() -> executeRequest(aGroup, ISSUE_ADMIN))
+ assertThatThrownBy(() -> executeRequest(aGroup, UserRole.ISSUE_ADMIN))
.isInstanceOf(BadRequestException.class)
.hasMessage("Invalid global permission 'issueadmin'. Valid values are [admin, gateadmin, profileadmin, provisioning, scan]");
}
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, file.uuid())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class)
assertThatThrownBy(() -> {
newRequest()
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(IllegalArgumentException.class)
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
- .setParam(PARAM_PERMISSION, PROVISIONING)
+ .setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
- .setParam(PARAM_PERMISSION, PROVISIONING)
+ .setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
})
@Test
public void removing_project_permission_is_allowed_to_project_administrators() {
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnGroup(aGroup, CODEVIEWER, project);
- db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnGroup(aGroup, UserRole.CODEVIEWER, project);
+ db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ISSUE_ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
- assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(CODEVIEWER);
+ assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(UserRole.CODEVIEWER);
}
@Test
newRequest()
.setParam(PARAM_GROUP_NAME, "anyone")
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, USER)
+ .setParam(PARAM_PERMISSION, UserRole.USER)
.execute();
})
.isInstanceOf(BadRequestException.class)
newRequest()
.setParam(PARAM_GROUP_NAME, "anyone")
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, CODEVIEWER)
+ .setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();
})
.isInstanceOf(BadRequestException.class)
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, USER)
+ .setParam(PARAM_PERMISSION, UserRole.USER)
.execute();
})
.isInstanceOf(BadRequestException.class)
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, CODEVIEWER)
+ .setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();
})
.isInstanceOf(BadRequestException.class)
newRequest()
.setParam(PARAM_PROJECT_ID, branch.uuid())
.setParam(PARAM_GROUP_NAME, group.getName())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class)
import org.sonar.api.web.UserRole;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ResourceTypesRule;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.api.web.UserRole.CODEVIEWER;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newDirectory;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newSubPortfolio;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
-import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
@Test
public void remove_permission_from_user() {
- db.users().insertPermissionOnUser(user, PROVISION_PROJECTS);
- db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER_QUALITY_GATES);
loginAsAdmin();
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, QUALITY_GATE_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey())
.execute();
- assertThat(db.users().selectPermissionsOfUser(user)).containsOnly(PROVISION_PROJECTS);
+ assertThat(db.users().selectPermissionsOfUser(user)).containsOnly(GlobalPermission.PROVISION_PROJECTS);
}
@Test
public void admin_can_not_remove_his_global_admin_right() {
- db.users().insertPermissionOnUser(user, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
loginAsAdmin();
UserDto admin = db.users().insertUser(userSession.getLogin());
- db.users().insertPermissionOnUser(admin, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(admin, GlobalPermission.ADMINISTER);
TestRequest request = newRequest()
.setParam(PARAM_USER_LOGIN, userSession.getLogin())
- .setParam(PARAM_PERMISSION, ADMINISTER.getKey());
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey());
assertThatThrownBy(() -> request.execute())
.isInstanceOf(BadRequestException.class)
loginAsAdmin();
UserDto admin = db.users().insertUser(userSession.getLogin());
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnUser(admin, ADMINISTER.getKey(), project);
+ db.users().insertProjectPermissionOnUser(admin, GlobalPermission.ADMINISTER.getKey(), project);
TestRequest request = newRequest()
.setParam(PARAM_USER_LOGIN, userSession.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, ADMINISTER.getKey());
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey());
assertThatThrownBy(() -> request.execute())
.isInstanceOf(BadRequestException.class)
@Test
public void fail_to_remove_admin_permission_if_last_admin() {
- db.users().insertPermissionOnUser(user, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
loginAsAdmin();
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ADMIN)
.execute();
})
.isInstanceOf(BadRequestException.class)
@Test
public void remove_permission_from_project() {
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);
- db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
loginAsAdmin();
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, CODEVIEWER)
+ .setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();
- assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(ISSUE_ADMIN);
+ assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(UserRole.ISSUE_ADMIN);
}
@Test
public void remove_with_project_key() {
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
- db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project);
loginAsAdmin();
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_KEY, project.getKey())
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
- assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(CODEVIEWER);
+ assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(UserRole.CODEVIEWER);
}
@Test
public void remove_with_view_uuid() {
ComponentDto view = db.components().insertPrivatePortfolio();
- db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, view);
- db.users().insertProjectPermissionOnUser(user, ADMIN, view);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, view);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, view);
loginAsAdmin();
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_KEY, view.getKey())
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
- assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(ADMIN);
+ assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(UserRole.ADMIN);
}
@Test
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, "unknown-project-uuid")
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
})
.isInstanceOf(NotFoundException.class);
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
})
.isInstanceOf(BadRequestException.class);
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, file.uuid())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class)
newRequest()
.setMethod("GET")
.setParam(PARAM_USER_LOGIN, "george.orwell")
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(ServerException.class);
assertThatThrownBy(() -> {
newRequest()
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(IllegalArgumentException.class);
assertThatThrownBy(() -> {
newRequest()
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PROJECT_KEY, project.getKey())
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, PROVISIONING)
+ .setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
})
@Test
public void removing_project_permission_is_allowed_to_project_administrators() {
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);
- db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
- assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(CODEVIEWER);
+ assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(UserRole.CODEVIEWER);
}
@Test
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, USER)
+ .setParam(PARAM_PERMISSION, UserRole.USER)
.execute();
})
.isInstanceOf(BadRequestException.class)
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
- .setParam(PARAM_PERMISSION, CODEVIEWER)
+ .setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();
})
.isInstanceOf(BadRequestException.class)
newRequest()
.setParam(PARAM_PROJECT_ID, branch.uuid())
.setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class)
import org.sonar.api.web.UserRole;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ResourceTypesRule;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import static org.sonar.api.server.ws.WebService.Param.PAGE;
import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_PROFILES;
-import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
-import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.user.UserTesting.newUserDto;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
UserDto user1 = db.users().insertUser(newUserDto().setLogin("admin").setName("Administrator").setEmail("admin@admin.com"));
UserDto user2 = db.users().insertUser(newUserDto().setLogin("adam.west").setName("Adam West").setEmail("adamwest@adamwest.com"));
UserDto user3 = db.users().insertUser(newUserDto().setLogin("george.orwell").setName("George Orwell").setEmail("george.orwell@1984.net"));
- db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES);
- db.users().insertPermissionOnUser(user1, ADMINISTER);
- db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);
- db.users().insertPermissionOnUser(user3, SCAN);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_PROFILES);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES);
+ db.users().insertGlobalPermissionOnUser(user3, GlobalPermission.SCAN);
loginAsAdmin();
String result = newRequest().execute().getInput();
// User has permission on project
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser(newUserDto());
- db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
// User has permission on another project
ComponentDto anotherProject = db.components().insertPrivateProject();
UserDto userHavePermissionOnAnotherProject = db.users().insertUser(newUserDto());
- db.users().insertProjectPermissionOnUser(userHavePermissionOnAnotherProject, ISSUE_ADMIN, anotherProject);
+ db.users().insertProjectPermissionOnUser(userHavePermissionOnAnotherProject, UserRole.ISSUE_ADMIN, anotherProject);
// User has no permission
UserDto withoutPermission = db.users().insertUser(newUserDto());
- userSession.logIn().addProjectPermission(SYSTEM_ADMIN, project);
+ userSession.logIn().addProjectPermission(GlobalPermission.ADMINISTER.getKey(), project);
String result = newRequest()
- .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+ .setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, project.uuid())
.execute()
.getInput();
// User with permission on project
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser(newUserDto("with-permission-login", "with-permission-name", "with-permission-email"));
- db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
// User without permission
UserDto withoutPermission = db.users().insertUser(newUserDto("without-permission-login", "without-permission-name", "without-permission-email"));
// User with permission on project
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser(newUserDto("with-permission-login", "with-permission-name", "with-permission-email"));
- db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
// User without permission
UserDto withoutPermission = db.users().insertUser(newUserDto("without-permission-login", "without-permission-name", "without-permission-email"));
// User with permission on project
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser(newUserDto("with-permission-login", "with-permission-name", "with-permission-email"));
- db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
// User without permission
UserDto withoutPermission = db.users().insertUser(newUserDto("without-permission-login", "without-permission-name", "without-permission-email"));
public void search_for_users_is_paginated() {
for (int i = 9; i >= 0; i--) {
UserDto user = db.users().insertUser(newUserDto().setName("user-" + i));
- db.users().insertPermissionOnUser(user, ADMINISTER);
- db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER_QUALITY_GATES);
}
loginAsAdmin();
loginAsAdmin();
for (int i = 0; i < 30; i++) {
UserDto user = db.users().insertUser(newUserDto().setLogin("user-" + i));
- db.users().insertPermissionOnUser(user, SCAN);
- db.users().insertPermissionOnUser(user, PROVISION_PROJECTS);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
}
String result = newRequest()
assertThatThrownBy(() -> {
newRequest()
- .setParam("permission", SYSTEM_ADMIN)
+ .setParam("permission", GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
assertThatThrownBy(() -> {
newRequest()
- .setParam("permission", SYSTEM_ADMIN)
+ .setParam("permission", GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(UnauthorizedException.class);
assertThatThrownBy(() -> {
newRequest()
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
UserDto user = db.users().insertUser(newUserDto());
ComponentDto project = db.components().insertPublicProject();
ComponentDto branch = db.components().insertProjectBranch(project);
- db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PROJECT_ID, branch.uuid())
.setParam(PARAM_USER_LOGIN, user.getLogin())
- .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+ .setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class)
UserDto user1 = db.users().insertUser(newUserDto("login-1", "name-1", "email-1"));
UserDto user2 = db.users().insertUser(newUserDto("login-2", "name-2", "email-2"));
UserDto user3 = db.users().insertUser(newUserDto("login-3", "name-3", "email-3"));
- db.users().insertPermissionOnUser(user1, SCAN);
- db.users().insertPermissionOnUser(user2, SCAN);
- db.users().insertPermissionOnUser(user3, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user3, GlobalPermission.ADMINISTER);
}
}
import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.WebService.Action;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.template.PermissionTemplateDto;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
+import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
public void fail_if_not_a_project_permission() {
loginAsAdmin();
- assertThatThrownBy(() -> newRequest(group.getName(), template.getUuid(), GlobalPermissions.PROVISIONING))
+ assertThatThrownBy(() -> newRequest(group.getName(), template.getUuid(), PROVISION_PROJECTS.getKey()))
.isInstanceOf(IllegalArgumentException.class);
}
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.when;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
assertThatThrownBy(() -> {
newRequest()
- .setParam(PARAM_PERMISSION, QUALITY_GATE_ADMIN)
+ .setParam(PARAM_PERMISSION, ADMINISTER_QUALITY_GATES.getKey())
.setParam(PARAM_TEMPLATE_ID, template.getUuid())
.execute();
})
import org.junit.Test;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.template.PermissionTemplateDto;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_PROFILES;
+import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
loginAsAdmin();
assertThatThrownBy(() -> {
- newRequest(user.getLogin(), permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
+ newRequest(user.getLogin(), permissionTemplate.getUuid(), PROVISION_PROJECTS.getKey());
})
.isInstanceOf(IllegalArgumentException.class);
}
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.WebService.Action;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.template.PermissionTemplateDto;
import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.api.security.DefaultGroups.ANYONE;
import static org.sonar.api.web.UserRole.CODEVIEWER;
+import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
@Test
public void fail_if_not_a_project_permission() {
- assertThatThrownBy(() -> newRequest(group.getName(), template.getUuid(), GlobalPermissions.PROVISIONING))
+ assertThatThrownBy(() -> newRequest(group.getName(), template.getUuid(), PROVISION_PROJECTS.getKey()))
.isInstanceOf(IllegalArgumentException.class);
}
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.util.Uuids;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
public void fail_if_permission_is_not_a_project_permission() {
assertThatThrownBy(() -> {
newRequest()
- .setParam(PARAM_PERMISSION, GlobalPermissions.QUALITY_GATE_ADMIN)
+ .setParam(PARAM_PERMISSION, ADMINISTER_QUALITY_GATES.getKey())
.setParam(PARAM_TEMPLATE_ID, template.getUuid())
.execute();
})
import org.junit.Test;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.template.PermissionTemplateDto;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
+import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
loginAsAdmin();
assertThatThrownBy(() -> {
- newRequest(user.getLogin(), template.getUuid(), GlobalPermissions.PROVISIONING);
+ newRequest(user.getLogin(), template.getUuid(), PROVISION_PROJECTS.getKey());
})
.isInstanceOf(IllegalArgumentException.class);
}
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.permission.template.PermissionTemplateGroupDto;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
+import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE;
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateGroupDto;
import static org.sonar.db.user.GroupTesting.newGroupDto;
assertThatThrownBy(() -> {
newRequest()
- .setParam(PARAM_PERMISSION, GlobalPermissions.QUALITY_GATE_ADMIN)
+ .setParam(PARAM_PERMISSION, ADMINISTER_QUALITY_GATES.getKey())
.setParam(PARAM_TEMPLATE_ID, template1.getUuid())
.execute();
})
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.user.UserDto;
import org.sonar.db.webhook.WebhookDbTester;
import org.sonar.server.component.ComponentCleanerService;
import org.sonar.server.es.TestProjectIndexers;
import org.sonar.server.exceptions.ForbiddenException;
-import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.project.Project;
import org.sonar.server.project.ProjectLifeCycleListeners;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.user.UserTesting.newUserDto;
import static org.sonar.server.component.TestComponentFinder.from;
import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_PROJECT;
@Test
public void global_administrator_deletes_project_by_key() {
ComponentDto project = componentDbTester.insertPrivateProject();
- userSessionRule.logIn().addPermission(ADMINISTER);
+ userSessionRule.logIn().addPermission(GlobalPermission.ADMINISTER);
call(tester.newRequest().setParam(PARAM_PROJECT, project.getKey()));
@Test
public void project_administrator_deletes_the_project_by_key() {
ComponentDto project = componentDbTester.insertPrivateProject();
- userSessionRule.logIn().addProjectPermission(ADMIN, project);
+ userSessionRule.logIn().addProjectPermission(UserRole.ADMIN, project);
call(tester.newRequest().setParam(PARAM_PROJECT, project.getKey()));
UserDto insert = dbClient.userDao().insert(dbSession,
newUserDto().setHomepageType("PROJECT").setHomepageParameter(project.uuid()));
dbSession.commit();
- userSessionRule.logIn().addProjectPermission(ADMIN, project);
+ userSessionRule.logIn().addProjectPermission(UserRole.ADMIN, project);
DeleteAction underTest = new DeleteAction(
new ComponentCleanerService(dbClient, mockResourceTypes, new TestProjectIndexers()),
from(db), dbClient, userSessionRule, projectLifeCycleListeners);
webhookDbTester.insertWebhook(project);
webhookDbTester.insertWebhook(project);
- userSessionRule.logIn().addProjectPermission(ADMIN, project);
+ userSessionRule.logIn().addProjectPermission(UserRole.ADMIN, project);
DeleteAction underTest = new DeleteAction(
new ComponentCleanerService(dbClient, mockResourceTypes, new TestProjectIndexers()),
from(db), dbClient, userSessionRule, projectLifeCycleListeners);
.forEach(globalPermission -> {
dbTester.users().insertPermissionOnAnyone(globalPermission);
dbTester.users().insertPermissionOnGroup(group, globalPermission);
- dbTester.users().insertPermissionOnUser(user, globalPermission);
+ dbTester.users().insertGlobalPermissionOnUser(user, globalPermission);
});
permissionService.getAllProjectPermissions()
.forEach(permission -> {
import org.sonar.api.server.ws.WebService;
import org.sonar.api.server.ws.WebService.Param;
import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.server.component.TestComponentFinder;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.groups.Tuple.tuple;
import static org.sonar.api.resources.Qualifiers.PROJECT;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.api.web.UserRole.CODEVIEWER;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonarqube.ws.MediaTypes.JSON;
import static org.sonarqube.ws.Settings.Definition.CategoryOneOfCase.CATEGORYONEOF_NOT_SET;
import static org.sonarqube.ws.Settings.Definition.DefaultValueOneOfCase.DEFAULTVALUEONEOF_NOT_SET;
@Test
public void return_secured_settings_when_not_authenticated_but_with_scan_permission() {
- userSession.anonymous().addPermission(SCAN);
+ userSession.anonymous().addPermission(GlobalPermission.SCAN);
propertyDefinitions.addComponents(asList(
PropertyDefinition.builder("foo").build(),
PropertyDefinition.builder("secret.secured").build()));
@Test
public void fail_when_user_has_not_project_browse_permission() {
- userSession.logIn("project-admin").addProjectPermission(CODEVIEWER, project);
+ userSession.logIn("project-admin").addProjectPermission(UserRole.CODEVIEWER, project);
propertyDefinitions.addComponent(PropertyDefinition.builder("foo").build());
assertThatThrownBy(() -> executeRequest(project.getKey()))
}
private void logInAsProjectUser() {
- userSession.logIn().addProjectPermission(USER, project);
+ userSession.logIn().addProjectPermission(UserRole.USER, project);
}
private void logInAsAdmin() {
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
}
private void logInAsProjectAdmin() {
userSession.logIn()
- .addProjectPermission(ADMIN, project)
- .addProjectPermission(USER, project);
+ .addProjectPermission(UserRole.ADMIN, project)
+ .addProjectPermission(UserRole.USER, project);
}
}
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.groups.Tuple.tuple;
-import static org.sonar.api.resources.Qualifiers.FILE;
import static org.sonar.api.resources.Qualifiers.PROJECT;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.property.PropertyTesting.newComponentPropertyDto;
public void return_component_secured_settings_when_not_authenticated_but_with_project_scan_permission() {
userSession
.addProjectPermission(USER, project)
- .addProjectPermission(SCAN_EXECUTION, project);
+ .addProjectPermission(SCAN.getKey(), project);
definitions.addComponents(asList(
PropertyDefinition.builder("foo").onQualifiers(PROJECT).build(),
PropertyDefinition.builder("global.secret.secured").build(),
public void return_component_secured_settings_even_if_not_defined_when_not_authenticated_but_with_scan_permission() {
userSession
.addProjectPermission(USER, project)
- .addProjectPermission(SCAN_EXECUTION, project);
+ .addProjectPermission(SCAN.getKey(), project);
db.properties().insertProperties(null, project.getKey(), project.name(), project.qualifier(),
newComponentPropertyDto(project).setKey("not-defined.secured").setValue("123"));
private UserDto createAdminUser() {
UserDto admin = db.users().insertUser();
- db.users().insertPermissionOnUser(admin, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(admin, ADMINISTER);
db.commit();
return admin;
}
import org.junit.Test;
import org.sonar.api.impl.utils.AlwaysIncreasingSystem2;
import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.alm.setting.AlmSettingDto;
import org.sonar.db.ce.CeTaskMessageType;
import org.sonar.db.component.ComponentDto;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.permission.template.PermissionTemplateUserDto;
import org.sonar.db.project.ProjectDto;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.elasticsearch.index.query.QueryBuilders.boolQuery;
import static org.elasticsearch.index.query.QueryBuilders.termQuery;
-import static org.sonar.api.web.UserRole.CODEVIEWER;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_PROFILES;
-import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.property.PropertyTesting.newUserPropertyDto;
import static org.sonar.server.user.index.UserIndexDefinition.FIELD_ACTIVE;
import static org.sonar.server.user.index.UserIndexDefinition.FIELD_UUID;
logInAsSystemAdministrator();
UserDto user = db.users().insertUser();
ComponentDto project = db.components().insertPrivateProject();
- db.users().insertPermissionOnUser(user, SCAN);
- db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_PROFILES);
- db.users().insertProjectPermissionOnUser(user, USER, project);
- db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
+ db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER_QUALITY_PROFILES);
+ db.users().insertProjectPermissionOnUser(user, UserRole.USER, project);
+ db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project);
deactivate(user.getLogin());
UserDto user = db.users().insertUser();
PermissionTemplateDto template = db.permissionTemplates().insertTemplate();
PermissionTemplateDto anotherTemplate = db.permissionTemplates().insertTemplate();
- db.permissionTemplates().addUserToTemplate(template.getUuid(), user.getUuid(), USER, template.getName(), user.getLogin());
- db.permissionTemplates().addUserToTemplate(anotherTemplate.getUuid(), user.getUuid(), CODEVIEWER, anotherTemplate.getName(), user.getLogin());
+ db.permissionTemplates().addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.USER, template.getName(), user.getLogin());
+ db.permissionTemplates().addUserToTemplate(anotherTemplate.getUuid(), user.getUuid(), UserRole.CODEVIEWER, anotherTemplate.getName(), user.getLogin());
deactivate(user.getLogin());
@Test
public void fail_to_deactivate_last_administrator() {
UserDto admin = db.users().insertUser();
- db.users().insertPermissionOnUser(admin, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(admin, GlobalPermission.ADMINISTER);
logInAsSystemAdministrator();
assertThatThrownBy(() -> {
private UserDto createAdminUser() {
UserDto admin = db.users().insertUser();
- db.users().insertPermissionOnUser(admin, ADMINISTER);
+ db.users().insertGlobalPermissionOnUser(admin, GlobalPermission.ADMINISTER);
db.commit();
return admin;
}
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.Assertions.tuple;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME;
public void cannot_delete_last_system_admin_group() {
insertDefaultGroup();
GroupDto group = db.users().insertGroup();
- db.users().insertPermissionOnGroup(group, SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(group, ADMINISTER.getKey());
loginAsAdmin();
TestRequest request = newRequest()
.setParam(PARAM_GROUP_NAME, group.getName());
// admin users are part of the group to be deleted
db.users().insertDefaultGroup();
GroupDto adminGroup = db.users().insertGroup("admins");
- db.users().insertPermissionOnGroup(adminGroup, SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(adminGroup, ADMINISTER.getKey());
UserDto bigBoss = db.users().insertUser();
db.users().insertMember(adminGroup, bigBoss);
loginAsAdmin();
public void delete_admin_group_succeeds_if_other_groups_have_administrators() {
db.users().insertDefaultGroup();
GroupDto adminGroup1 = db.users().insertGroup("admins");
- db.users().insertPermissionOnGroup(adminGroup1, SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(adminGroup1, ADMINISTER.getKey());
GroupDto adminGroup2 = db.users().insertGroup("admins2");
- db.users().insertPermissionOnGroup(adminGroup2, SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(adminGroup2, ADMINISTER.getKey());
UserDto bigBoss = db.users().insertUser();
db.users().insertMember(adminGroup2, bigBoss);
loginAsAdmin();
private void addAdmin() {
UserDto admin = db.users().insertUser();
- db.users().insertPermissionOnUser(admin, SYSTEM_ADMIN);
+ db.users().insertGlobalPermissionOnUser(admin, ADMINISTER);
}
private void loginAsAdmin() {
import org.sonar.api.impl.utils.AlwaysIncreasingSystem2;
import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.WebService.Action;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbTester;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
public void fail_to_remove_the_last_administrator() {
db.users().insertDefaultGroup();
GroupDto adminGroup = db.users().insertGroup("sonar-admins");
- db.users().insertPermissionOnGroup(adminGroup, GlobalPermissions.SYSTEM_ADMIN);
+ db.users().insertPermissionOnGroup(adminGroup, ADMINISTER);
UserDto adminUser = db.users().insertUser("the-single-admin");
db.users().insertMember(adminGroup, adminUser);
loginAsAdmin();
import org.sonar.api.config.Configuration;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
import org.sonar.core.util.UuidFactory;
import org.sonar.core.util.UuidFactoryFast;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.webhook.WebhookDbTester;
import org.sonar.server.component.ComponentFinder;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.AssertionsForClassTypes.tuple;
import static org.mockito.Mockito.mock;
-import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.db.DbTester.create;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.server.tester.UserSessionRule.standalone;
import static org.sonar.server.webhook.ws.WebhooksWsParameters.NAME_PARAM;
import static org.sonar.server.webhook.ws.WebhooksWsParameters.PROJECT_KEY_PARAM;
String longProjectKey = generateStringWithLength(400);
ComponentDto project = componentDbTester.insertPrivateProject(componentDto -> componentDto.setKey(longProjectKey));
- userSession.logIn().addProjectPermission(ADMIN, project);
+ userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
CreateWsResponse response = wsActionTester.newRequest()
.setParam("project", longProjectKey)
@Test
public void create_a_webhook_with_secret() {
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
CreateWsResponse response = wsActionTester.newRequest()
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)
@Test
public void create_a_global_webhook() {
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
CreateWsResponse response = wsActionTester.newRequest()
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)
public void create_a_webhook_on_project() {
ComponentDto project = componentDbTester.insertPrivateProject();
- userSession.logIn().addProjectPermission(ADMIN, project);
+ userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
CreateWsResponse response = wsActionTester.newRequest()
.setParam("project", project.getKey())
for (int i = 0; i < 10; i++) {
webhookDbTester.insertWebhook(project);
}
- userSession.logIn().addProjectPermission(ADMIN, project);
+ userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
TestRequest request = wsActionTester.newRequest()
.setParam(PROJECT_KEY_PARAM, project.getKey())
.setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)
for (int i = 0; i < 10; i++) {
webhookDbTester.insertGlobalWebhook();
}
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)
.setParam(URL_PARAM, URL_WEBHOOK_EXAMPLE_001);
@Test
public void fail_if_url_is_not_valid() {
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)
.setParam(URL_PARAM, "htp://www.wrong-protocol.com/");
@Test
public void fail_if_credential_in_url_is_have_a_wrong_format() {
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)
.setParam(URL_PARAM, "http://:www.wrong-protocol.com/");
@Test
public void throw_IllegalArgumentException_if_project_key_greater_than_400() {
String longProjectKey = generateStringWithLength(401);
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam("project", longProjectKey)
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)
import org.junit.Test;
import org.sonar.api.config.Configuration;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.webhook.WebhookDbTester;
import org.sonar.db.webhook.WebhookDeliveryDao;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.AssertionsForClassTypes.tuple;
import static org.mockito.Mockito.mock;
-import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.db.DbTester.create;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.webhook.WebhookDeliveryTesting.newDto;
import static org.sonar.server.tester.UserSessionRule.standalone;
import static org.sonar.server.webhook.ws.WebhooksWsParameters.KEY_PARAM;
webhookDeliveryDbTester.insert(newDto().setWebhookUuid(dto.getUuid()));
webhookDeliveryDbTester.insert(newDto().setWebhookUuid(dto.getUuid()));
- userSession.logIn().addProjectPermission(ADMIN, project);
+ userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
TestResponse response = wsActionTester.newRequest()
.setParam(KEY_PARAM, dto.getUuid())
WebhookDto dto = webhookDbTester.insertGlobalWebhook();
webhookDeliveryDbTester.insert(newDto().setWebhookUuid(dto.getUuid()));
webhookDeliveryDbTester.insert(newDto().setWebhookUuid(dto.getUuid()));
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestResponse response = wsActionTester.newRequest()
.setParam(KEY_PARAM, dto.getUuid())
.execute();
@Test
public void fail_if_webhook_does_not_exist() {
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam(KEY_PARAM, "inexistent-webhook-uuid");
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.server.ws.WebService.Param;
+import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.webhook.WebhookDbTester;
import org.sonar.db.webhook.WebhookDeliveryDbTester;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.AssertionsForClassTypes.tuple;
import static org.mockito.Mockito.mock;
-import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.db.DbTester.create;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.webhook.WebhookDeliveryTesting.newDto;
import static org.sonar.db.webhook.WebhookTesting.newGlobalWebhook;
import static org.sonar.server.tester.UserSessionRule.standalone;
webhookDeliveryDbTester.insert(newDto("WH2-DELIVERY-1-UUID", webhook2.getUuid(), "COMPONENT_1", "TASK_1").setCreatedAt(BEFORE));
webhookDeliveryDbTester.insert(newDto("WH2-DELIVERY-2-UUID", webhook2.getUuid(), "COMPONENT_1", "TASK_2").setCreatedAt(NOW));
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
ListResponse response = wsActionTester.newRequest().executeProtobuf(ListResponse.class);
WebhookDto webhook1 = webhookDbTester.insert(newGlobalWebhook("aaa"), null, null);
WebhookDto webhook2 = webhookDbTester.insert(newGlobalWebhook("bbb"), null, null);
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
ListResponse response = wsActionTester.newRequest().executeProtobuf(ListResponse.class);
webhookDeliveryDbTester.insert(newDto("WH1-DELIVERY-2-UUID", webhook1.getUuid(), "COMPONENT_1", "TASK_2").setCreatedAt(NOW));
webhookDbTester.insert(newGlobalWebhook("bbb", t -> t.setUrl(url)), null, null);
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
ListResponse response = wsActionTester.newRequest().executeProtobuf(ListResponse.class);
// insert a project-specific webhook, that should not be returned when listing global webhooks
webhookDbTester.insertWebhook(componentDbTester.insertPrivateProjectDto());
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
ListResponse response = wsActionTester.newRequest()
.executeProtobuf(ListResponse.class);
@Test
public void list_project_webhooks_when_project_key_param_is_provided() {
ProjectDto project1 = componentDbTester.insertPrivateProjectDto();
- userSession.logIn().addProjectPermission(ADMIN, project1);
+ userSession.logIn().addProjectPermission(UserRole.ADMIN, project1);
WebhookDto dto1 = webhookDbTester.insertWebhook(project1);
WebhookDto dto2 = webhookDbTester.insertWebhook(project1);
public void list_global_webhooks_if_project_key_param_missing() {
WebhookDto dto1 = webhookDbTester.insertGlobalWebhook();
WebhookDto dto2 = webhookDbTester.insertGlobalWebhook();
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
ListResponse response = wsActionTester.newRequest()
.executeProtobuf(ListResponse.class);
import org.sonar.api.config.Configuration;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
+import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.webhook.WebhookDbTester;
import org.sonar.db.webhook.WebhookDto;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.AssertionsForClassTypes.tuple;
import static org.mockito.Mockito.mock;
-import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.db.DbTester.create;
-import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.server.tester.UserSessionRule.standalone;
import static org.sonar.server.ws.KeyExamples.NAME_WEBHOOK_EXAMPLE_001;
import static org.sonar.server.ws.KeyExamples.URL_WEBHOOK_EXAMPLE_001;
public void update_a_project_webhook_with_required_fields() {
ProjectDto project = componentDbTester.insertPrivateProjectDto();
WebhookDto dto = webhookDbTester.insertWebhook(project);
- userSession.logIn().addProjectPermission(ADMIN, project);
+ userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
TestResponse response = wsActionTester.newRequest()
.setParam("webhook", dto.getUuid())
public void update_a_project_webhook_with_all_fields() {
ProjectDto project = componentDbTester.insertPrivateProjectDto();
WebhookDto dto = webhookDbTester.insertWebhook(project);
- userSession.logIn().addProjectPermission(ADMIN, project);
+ userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
TestResponse response = wsActionTester.newRequest()
.setParam("webhook", dto.getUuid())
@Test
public void update_a_global_webhook() {
WebhookDto dto = webhookDbTester.insertGlobalWebhook();
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestResponse response = wsActionTester.newRequest()
.setParam("webhook", dto.getUuid())
@Test
public void fail_if_webhook_does_not_exist() {
- userSession.logIn().addPermission(ADMINISTER);
+ userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam("webhook", "inexistent-webhook-uuid")
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)
public void fail_if_url_is_not_valid() {
ProjectDto project = componentDbTester.insertPrivateProjectDto();
WebhookDto dto = webhookDbTester.insertWebhook(project);
- userSession.logIn().addProjectPermission(ADMIN, project);
+ userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
TestRequest request = wsActionTester.newRequest()
.setParam("webhook", dto.getUuid())
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)
public void fail_if_credential_in_url_is_have_a_wrong_format() {
ProjectDto project = componentDbTester.insertPrivateProjectDto();
WebhookDto dto = webhookDbTester.insertWebhook(project);
- userSession.logIn().addProjectPermission(ADMIN, project);
+ userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
TestRequest request = wsActionTester.newRequest()
.setParam("webhook", dto.getUuid())
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)
projects / sonarqube.git / commitdiff