From: Simon Brandhof Date: Fri, 27 Jan 2017 15:10:40 +0000 (+0100) Subject: SONAR-8704 new boolean field authorization/allowAnyone X-Git-Tag: 6.3-RC1~316 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=057a46c17a3b610ca6c4874dcb9d7f82f01eed9d;p=sonarqube.git SONAR-8704 new boolean field authorization/allowAnyone This field drops the need for hardcoded group name "Anyone" --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java index 665d6bd5651..526a92361b0 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java @@ -19,6 +19,7 @@ */ package org.sonar.server.component; +import java.util.Collection; import java.util.List; import org.sonar.api.ce.ComputeEngineSide; import org.sonar.api.resources.ResourceType; @@ -38,9 +39,9 @@ public class ComponentCleanerService { private final DbClient dbClient; private final ResourceTypes resourceTypes; - private final List projectIndexers; + private final Collection projectIndexers; - public ComponentCleanerService(DbClient dbClient, ResourceTypes resourceTypes, ProjectIndexer[] projectIndexers) { + public ComponentCleanerService(DbClient dbClient, ResourceTypes resourceTypes, ProjectIndexer... projectIndexers) { this.dbClient = dbClient; this.resourceTypes = resourceTypes; this.projectIndexers = asList(projectIndexers); diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java index be731da5b71..18f973d2c1c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java @@ -49,7 +49,7 @@ public class ComponentService { private final UserSession userSession; private final ProjectIndexer[] projectIndexers; - public ComponentService(DbClient dbClient, UserSession userSession, ProjectIndexer[] projectIndexers) { + public ComponentService(DbClient dbClient, UserSession userSession, ProjectIndexer... projectIndexers) { this.dbClient = dbClient; this.userSession = userSession; this.projectIndexers = projectIndexers; diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentUpdater.java index d87345898bf..abcbd67309e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentUpdater.java +++ b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentUpdater.java @@ -20,6 +20,7 @@ package org.sonar.server.component; +import java.util.Collection; import java.util.Date; import java.util.List; import java.util.Locale; @@ -33,10 +34,12 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; import org.sonar.server.es.ProjectIndexer; +import org.sonar.server.es.ProjectIndexer.Cause; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.favorite.FavoriteUpdater; import org.sonar.server.permission.PermissionTemplateService; +import static java.util.Arrays.asList; import static org.sonar.api.resources.Qualifiers.PROJECT; import static org.sonar.core.component.ComponentKeys.isValidModuleKey; import static org.sonar.server.ws.WsUtils.checkRequest; @@ -48,17 +51,17 @@ public class ComponentUpdater { private final System2 system2; private final PermissionTemplateService permissionTemplateService; private final FavoriteUpdater favoriteUpdater; - private final ProjectIndexer[] projectIndexers; + private final Collection projectIndexers; public ComponentUpdater(DbClient dbClient, I18n i18n, System2 system2, PermissionTemplateService permissionTemplateService, FavoriteUpdater favoriteUpdater, - ProjectIndexer[] projectIndexers) { + ProjectIndexer... projectIndexers) { this.dbClient = dbClient; this.i18n = i18n; this.system2 = system2; this.permissionTemplateService = permissionTemplateService; this.favoriteUpdater = favoriteUpdater; - this.projectIndexers = projectIndexers; + this.projectIndexers = asList(projectIndexers); } /** @@ -142,8 +145,6 @@ public class ComponentUpdater { } private void index(ComponentDto project) { - for (ProjectIndexer projectIndexer : projectIndexers) { - projectIndexer.indexProject(project.uuid(), ProjectIndexer.Cause.PROJECT_CREATION); - } + projectIndexers.forEach(i -> i.indexProject(project.uuid(), Cause.PROJECT_CREATION)); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java b/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java index 1ae73cab55c..a33262a47a4 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java @@ -31,7 +31,6 @@ import org.sonar.server.es.NewIndex; import org.sonar.server.user.UserSession; import static org.elasticsearch.index.query.QueryBuilders.boolQuery; -import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery; import static org.elasticsearch.index.query.QueryBuilders.termQuery; @ServerSide @@ -43,6 +42,13 @@ public class AuthorizationTypeSupport { public static final String FIELD_USER_LOGINS = "users"; public static final String FIELD_UPDATED_AT = "updatedAt"; + /** + * When true, then anybody can access to the project. In that case + * it's useless to store granted groups and users. The related + * fields are empty. + */ + public static final String FIELD_ALLOW_ANYONE = "allowAnyone"; + private final UserSession userSession; public AuthorizationTypeSupport(UserSession userSession) { @@ -69,6 +75,7 @@ public class AuthorizationTypeSupport { authType.createDateTimeField(FIELD_UPDATED_AT); authType.stringFieldBuilder(FIELD_GROUP_NAMES).disableNorms().build(); authType.stringFieldBuilder(FIELD_USER_LOGINS).disableNorms().build(); + authType.createBooleanField(FIELD_ALLOW_ANYONE); authType.setEnableSource(false); return type; } @@ -80,16 +87,21 @@ public class AuthorizationTypeSupport { public QueryBuilder createQueryFilter() { Integer userLogin = userSession.getUserId(); Set userGroupNames = userSession.getUserGroups(); - BoolQueryBuilder groupsAndUser = boolQuery(); + BoolQueryBuilder filter = boolQuery(); + + // anyone + filter.should(QueryBuilders.termQuery(FIELD_ALLOW_ANYONE, true)); + // users Optional.ofNullable(userLogin) .map(Integer::longValue) - .ifPresent(userId -> groupsAndUser.should(termQuery(FIELD_USER_LOGINS, userId))); + .ifPresent(userId -> filter.should(termQuery(FIELD_USER_LOGINS, userId))); - userGroupNames - .forEach(group -> groupsAndUser.should(termQuery(FIELD_GROUP_NAMES, group))); + // groups + userGroupNames.forEach( + group -> filter.should(termQuery(FIELD_GROUP_NAMES, group))); return QueryBuilders.hasParentQuery(TYPE_AUTHORIZATION, - QueryBuilders.boolQuery().must(matchAllQuery()).filter(groupsAndUser)); + QueryBuilders.boolQuery().filter(filter)); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexer.java b/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexer.java index bb0d717aa0e..51461d5584c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexer.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexer.java @@ -21,11 +21,11 @@ package org.sonar.server.permission.index; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Throwables; -import com.google.common.collect.ImmutableMap; import com.google.common.util.concurrent.Uninterruptibles; import java.util.Arrays; import java.util.Collection; import java.util.Date; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.concurrent.ExecutionException; @@ -66,7 +66,7 @@ public class PermissionIndexer implements ProjectIndexer, Startable { private final ThreadPoolExecutor executor; private final DbClient dbClient; private final EsClient esClient; - private final List authorizationScopes; + private final Collection authorizationScopes; public PermissionIndexer(DbClient dbClient, EsClient esClient, NeedAuthorizationIndexer[] needAuthorizationIndexers) { this(dbClient, esClient, Arrays.stream(needAuthorizationIndexers) @@ -75,7 +75,7 @@ public class PermissionIndexer implements ProjectIndexer, Startable { } @VisibleForTesting - public PermissionIndexer(DbClient dbClient, EsClient esClient, List authorizationScopes) { + public PermissionIndexer(DbClient dbClient, EsClient esClient, Collection authorizationScopes) { this.executor = new ThreadPoolExecutor(0, 1, 0L, TimeUnit.SECONDS, new LinkedBlockingQueue<>()); this.dbClient = dbClient; this.esClient = esClient; @@ -90,8 +90,9 @@ public class PermissionIndexer implements ProjectIndexer, Startable { if (isEmpty) { Future submit = executor.submit(() -> { - - authorizationScopes.forEach(scope -> truncateAuthorizationType(scope.getIndexName())); + authorizationScopes.stream() + .map(AuthorizationScope::getIndexName) + .forEach(this::truncateAuthorizationType); try (DbSession dbSession = dbClient.openSession(false)) { index(new PermissionIndexerDao().selectAll(dbClient, dbSession)); @@ -173,10 +174,16 @@ public class PermissionIndexer implements ProjectIndexer, Startable { } private static IndexRequest newIndexRequest(PermissionIndexerDao.Dto dto, String indexName) { - Map doc = ImmutableMap.of( - AuthorizationTypeSupport.FIELD_GROUP_NAMES, dto.getGroups(), - AuthorizationTypeSupport.FIELD_USER_LOGINS, dto.getUsers(), - AuthorizationTypeSupport.FIELD_UPDATED_AT, new Date(dto.getUpdatedAt())); + Map doc = new HashMap<>(); + doc.put(AuthorizationTypeSupport.FIELD_UPDATED_AT, new Date(dto.getUpdatedAt())); + if (dto.isAllowAnyone()) { + doc.put(AuthorizationTypeSupport.FIELD_ALLOW_ANYONE, true); + // no need to feed users and groups + } else { + doc.put(AuthorizationTypeSupport.FIELD_ALLOW_ANYONE, false); + doc.put(AuthorizationTypeSupport.FIELD_GROUP_NAMES, dto.getGroups()); + doc.put(AuthorizationTypeSupport.FIELD_USER_LOGINS, dto.getUsers()); + } return new IndexRequest(indexName, TYPE_AUTHORIZATION, dto.getProjectUuid()) .routing(dto.getProjectUuid()) .source(doc); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java b/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java index badf3fe3963..37029337337 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java @@ -47,6 +47,7 @@ public class PermissionIndexerDao { private final String qualifier; private final List users = Lists.newArrayList(); private final List groups = Lists.newArrayList(); + private boolean allowAnyone = false; public Dto(String projectUuid, long updatedAt, String qualifier) { this.projectUuid = projectUuid; @@ -83,6 +84,14 @@ public class PermissionIndexerDao { public List getGroups() { return groups; } + + public void allowAnyone() { + this.allowAnyone = true; + } + + public boolean isAllowAnyone() { + return allowAnyone; + } } /** @@ -90,7 +99,12 @@ public class PermissionIndexerDao { */ private static final int NB_OF_CONDITION_PLACEHOLDERS = 3; + private enum RowKind { + USER, GROUP, ANYONE + } + private static final String SQL_TEMPLATE = "SELECT " + + " project_authorization.kind as kind, " + " project_authorization.project as project, " + " project_authorization.user_id as user_id, " + " project_authorization.permission_group as permission_group, " + @@ -100,7 +114,7 @@ public class PermissionIndexerDao { // users - " SELECT " + + " SELECT '" + RowKind.USER + "' as kind," + " projects.uuid AS project, " + " projects.authorization_updated_at AS updated_at, " + " projects.qualifier AS qualifier, " + @@ -116,7 +130,7 @@ public class PermissionIndexerDao { // groups - " SELECT " + + " SELECT '" + RowKind.GROUP + "' as kind," + " projects.uuid AS project, " + " projects.authorization_updated_at AS updated_at, " + " projects.qualifier AS qualifier, " + @@ -134,12 +148,12 @@ public class PermissionIndexerDao { // Anyone virtual group - " SELECT " + + " SELECT '" + RowKind.ANYONE + "' as kind," + " projects.uuid AS project, " + " projects.authorization_updated_at AS updated_at, " + " projects.qualifier AS qualifier, " + " NULL AS user_id, " + - " 'Anyone' AS permission_group " + + " NULL AS permission_group " + " FROM projects " + " INNER JOIN group_roles ON group_roles.resource_id = projects.id AND group_roles.role='user' " + " WHERE " + @@ -180,41 +194,49 @@ public class PermissionIndexerDao { private static PreparedStatement createStatement(DbClient dbClient, DbSession session, List projectUuids) throws SQLException { String sql; - if (!projectUuids.isEmpty()) { - sql = StringUtils.replace(SQL_TEMPLATE, "{projectsCondition}", " AND (" + repeatCondition("projects.uuid = ?", projectUuids.size(), "OR") + ")"); - } else { + if (projectUuids.isEmpty()) { sql = StringUtils.replace(SQL_TEMPLATE, "{projectsCondition}", ""); + } else { + sql = StringUtils.replace(SQL_TEMPLATE, "{projectsCondition}", " AND (" + repeatCondition("projects.uuid = ?", projectUuids.size(), "OR") + ")"); } PreparedStatement stmt = dbClient.getMyBatis().newScrollingSelectStatement(session, sql); - if (!projectUuids.isEmpty()) { - int index = 1; - for (int i = 1; i <= NB_OF_CONDITION_PLACEHOLDERS; i++) { - for (int uuidIndex = 0; uuidIndex < projectUuids.size(); uuidIndex++) { - stmt.setString(index, projectUuids.get(uuidIndex)); - index++; - } + int index = 1; + for (int i = 1; i <= NB_OF_CONDITION_PLACEHOLDERS; i++) { + for (String projectUuid : projectUuids) { + stmt.setString(index, projectUuid); + index++; } } return stmt; } private static void processRow(ResultSet rs, Map dtosByProjectUuid) throws SQLException { - String projectUuid = rs.getString(1); - String group = rs.getString(3); + RowKind rowKind = RowKind.valueOf(rs.getString(1)); + String projectUuid = rs.getString(2); Dto dto = dtosByProjectUuid.get(projectUuid); if (dto == null) { - long updatedAt = rs.getLong(4); - String qualifier = rs.getString(5); + long updatedAt = rs.getLong(5); + String qualifier = rs.getString(6); dto = new Dto(projectUuid, updatedAt, qualifier); dtosByProjectUuid.put(projectUuid, dto); } - Long userId = rs.getLong(2); - if (!rs.wasNull()) { - dto.addUser(userId); - } - if (StringUtils.isNotBlank(group)) { - dto.addGroup(group); + switch (rowKind) { + case USER: + Long userId = rs.getLong(3); + if (!rs.wasNull()) { + dto.addUser(userId); + } + break; + case GROUP: + String group = rs.getString(4); + if (!rs.wasNull()) { + dto.addGroup(group); + } + break; + case ANYONE: + dto.allowAnyone(); + break; } } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java index a435e63aa1f..a644c7a44b9 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java @@ -64,7 +64,7 @@ public class ComponentCleanerServiceTest { private DbSession dbSession = db.getSession(); private ProjectIndexer projectIndexer = mock(ProjectIndexer.class); private ResourceTypes mockResourceTypes = mock(ResourceTypes.class); - private ComponentCleanerService underTest = new ComponentCleanerService(dbClient, mockResourceTypes, new ProjectIndexer[] {projectIndexer}); + private ComponentCleanerService underTest = new ComponentCleanerService(dbClient, mockResourceTypes, projectIndexer); @Test public void delete_project_from_db_and_index() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceTest.java index e22fd6d91ca..b024080d096 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceTest.java @@ -53,7 +53,7 @@ public class ComponentServiceTest { private DbSession dbSession = dbTester.getSession(); private ProjectIndexer projectIndexer = mock(ProjectIndexer.class); - private ComponentService underTest = new ComponentService(dbClient, userSession, new ProjectIndexer[] {projectIndexer}); + private ComponentService underTest = new ComponentService(dbClient, userSession, projectIndexer); @Test public void should_fail_silently_on_components_not_found_if_told_so() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceUpdateKeyTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceUpdateKeyTest.java index 62e1ee7484a..92500b50f1e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceUpdateKeyTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceUpdateKeyTest.java @@ -59,7 +59,7 @@ public class ComponentServiceUpdateKeyTest { private DbClient dbClient = db.getDbClient(); private DbSession dbSession = db.getSession(); private ProjectIndexer projectIndexer = mock(ProjectIndexer.class); - private ComponentService underTest = new ComponentService(dbClient, userSession, new ProjectIndexer[] {projectIndexer}); + private ComponentService underTest = new ComponentService(dbClient, userSession, projectIndexer); @Test public void update_project_key() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentUpdaterTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentUpdaterTest.java index 289f8d538d4..d3ca2eea18f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentUpdaterTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentUpdaterTest.java @@ -63,7 +63,7 @@ public class ComponentUpdaterTest { private ComponentUpdater underTest = new ComponentUpdater(db.getDbClient(), i18n, system2, permissionTemplateService, new FavoriteUpdater(db.getDbClient()), - new ProjectIndexer[] {projectIndexer}); + projectIndexer); @Test public void should_persist_and_index_when_creating_project() throws Exception { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java index d18a9a66478..ec2f9955097 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java @@ -44,7 +44,6 @@ import static java.util.Arrays.asList; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.resources.Qualifiers.PROJECT; import static org.sonar.api.resources.Qualifiers.VIEW; -import static org.sonar.api.security.DefaultGroups.ANYONE; import static org.sonar.api.web.UserRole.ADMIN; import static org.sonar.api.web.UserRole.USER; @@ -88,25 +87,29 @@ public class PermissionIndexerDaoTest { assertThat(dtos).hasSize(4); PermissionIndexerDao.Dto project1Authorization = getByProjectUuid(project1.uuid(), dtos); - assertThat(project1Authorization.getGroups()).containsOnly(ANYONE, group.getName()); + assertThat(project1Authorization.getGroups()).containsOnly(group.getName()); + assertThat(project1Authorization.isAllowAnyone()).isTrue(); assertThat(project1Authorization.getUsers()).containsOnly(user1.getId()); assertThat(project1Authorization.getUpdatedAt()).isNotNull(); assertThat(project1Authorization.getQualifier()).isEqualTo(PROJECT); PermissionIndexerDao.Dto view1Authorization = getByProjectUuid(view1.uuid(), dtos); - assertThat(view1Authorization.getGroups()).containsOnly(ANYONE, group.getName()); + assertThat(view1Authorization.getGroups()).containsOnly(group.getName()); + assertThat(view1Authorization.isAllowAnyone()).isTrue(); assertThat(view1Authorization.getUsers()).containsOnly(user1.getId()); assertThat(view1Authorization.getUpdatedAt()).isNotNull(); assertThat(view1Authorization.getQualifier()).isEqualTo(VIEW); PermissionIndexerDao.Dto project2Authorization = getByProjectUuid(project2.uuid(), dtos); - assertThat(project2Authorization.getGroups()).containsOnly(ANYONE); + assertThat(project2Authorization.getGroups()).isEmpty(); + assertThat(project2Authorization.isAllowAnyone()).isTrue(); assertThat(project2Authorization.getUsers()).containsOnly(user1.getId(), user2.getId()); assertThat(project2Authorization.getUpdatedAt()).isNotNull(); assertThat(project2Authorization.getQualifier()).isEqualTo(PROJECT); PermissionIndexerDao.Dto view2Authorization = getByProjectUuid(view2.uuid(), dtos); - assertThat(view2Authorization.getGroups()).containsOnly(ANYONE); + assertThat(view2Authorization.getGroups()).isEmpty(); + assertThat(view2Authorization.isAllowAnyone()).isTrue(); assertThat(view2Authorization.getUsers()).containsOnly(user1.getId(), user2.getId()); assertThat(view2Authorization.getUpdatedAt()).isNotNull(); assertThat(view2Authorization.getQualifier()).isEqualTo(VIEW); @@ -122,25 +125,29 @@ public class PermissionIndexerDaoTest { assertThat(dtos).hasSize(4); PermissionIndexerDao.Dto project1Authorization = dtos.get(project1.uuid()); - assertThat(project1Authorization.getGroups()).containsOnly(ANYONE, group.getName()); + assertThat(project1Authorization.getGroups()).containsOnly(group.getName()); + assertThat(project1Authorization.isAllowAnyone()).isTrue(); assertThat(project1Authorization.getUsers()).containsOnly(user1.getId()); assertThat(project1Authorization.getUpdatedAt()).isNotNull(); assertThat(project1Authorization.getQualifier()).isEqualTo(PROJECT); PermissionIndexerDao.Dto view1Authorization = dtos.get(view1.uuid()); - assertThat(view1Authorization.getGroups()).containsOnly(ANYONE, group.getName()); + assertThat(view1Authorization.getGroups()).containsOnly(group.getName()); + assertThat(view1Authorization.isAllowAnyone()).isTrue(); assertThat(view1Authorization.getUsers()).containsOnly(user1.getId()); assertThat(view1Authorization.getUpdatedAt()).isNotNull(); assertThat(view1Authorization.getQualifier()).isEqualTo(VIEW); PermissionIndexerDao.Dto project2Authorization = dtos.get(project2.uuid()); - assertThat(project2Authorization.getGroups()).containsOnly(ANYONE); + assertThat(project2Authorization.getGroups()).isEmpty(); + assertThat(project2Authorization.isAllowAnyone()).isTrue(); assertThat(project2Authorization.getUsers()).containsOnly(user1.getId(), user2.getId()); assertThat(project2Authorization.getUpdatedAt()).isNotNull(); assertThat(project2Authorization.getQualifier()).isEqualTo(PROJECT); PermissionIndexerDao.Dto view2Authorization = dtos.get(view2.uuid()); - assertThat(view2Authorization.getGroups()).containsOnly(ANYONE); + assertThat(view2Authorization.getGroups()).isEmpty(); + assertThat(view2Authorization.isAllowAnyone()).isTrue(); assertThat(view2Authorization.getUsers()).containsOnly(user1.getId(), user2.getId()); assertThat(view2Authorization.getUpdatedAt()).isNotNull(); assertThat(view2Authorization.getQualifier()).isEqualTo(VIEW); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java index 7b82ad35145..60bb699a576 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java @@ -28,6 +28,7 @@ import org.sonar.api.utils.System2; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDbTester; import org.sonar.db.component.ComponentDto; +import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDbTester; import org.sonar.db.user.UserDto; @@ -90,7 +91,7 @@ public class PermissionIndexerTest { underTest.indexAllIfEmpty(); // anonymous - verifyAnonymousNotAuthorized(project); + verifyAnyoneNotAuthorized(project); // user1 has access verifyAuthorized(project, user1); @@ -113,7 +114,7 @@ public class PermissionIndexerTest { underTest.indexAllIfEmpty(); // anonymous - verifyAnonymousNotAuthorized(project); + verifyAnyoneNotAuthorized(project); // group1 has access verifyAuthorized(project, user1, group1); @@ -138,7 +139,7 @@ public class PermissionIndexerTest { underTest.indexAllIfEmpty(); // anonymous - verifyAnonymousNotAuthorized(project); + verifyAnyoneNotAuthorized(project); // has direct access verifyAuthorized(project, user1); @@ -158,7 +159,7 @@ public class PermissionIndexerTest { underTest.indexAllIfEmpty(); - verifyAnonymousNotAuthorized(project); + verifyAnyoneNotAuthorized(project); verifyNotAuthorized(project, user); verifyNotAuthorized(project, user, group); } @@ -172,7 +173,7 @@ public class PermissionIndexerTest { underTest.indexAllIfEmpty(); - verifyAnonymousAuthorized(project); + verifyAnyoneAuthorized(project); verifyAuthorized(project, user); verifyAuthorized(project, user, group); } @@ -189,7 +190,7 @@ public class PermissionIndexerTest { underTest.indexAllIfEmpty(); - verifyAnonymousNotAuthorized(project); + verifyAnyoneNotAuthorized(project); verifyAuthorized(project, user1); verifyNotAuthorized(project, user2); } @@ -226,10 +227,26 @@ public class PermissionIndexerTest { underTest.indexAllIfEmpty(); - verifyAnonymousNotAuthorized(project); + verifyAnyoneNotAuthorized(project); verifyNotAuthorized(project, user1); } + @Test + public void permissions_on_anyone_should_not_conflict_between_organizations() { + ComponentDto projectOnOrg1 = createAndIndexProject(dbTester.organizations().insert()); + ComponentDto projectOnOrg2 = createAndIndexProject(dbTester.organizations().insert()); + UserDto user = userDbTester.insertUser(); + userDbTester.insertProjectPermissionOnAnyone(USER, projectOnOrg1); + userDbTester.insertProjectPermissionOnUser(user, USER, projectOnOrg2); + + underTest.indexAllIfEmpty(); + + verifyAnyoneAuthorized(projectOnOrg1); + verifyAnyoneNotAuthorized(projectOnOrg2); + verifyAuthorized(projectOnOrg1, user);// because anyone + verifyAuthorized(projectOnOrg2, user); + } + private void verifyAuthorized(ComponentDto project, UserDto user) { logIn(user); verifyAuthorized(project, true); @@ -250,12 +267,12 @@ public class PermissionIndexerTest { verifyAuthorized(project, false); } - private void verifyAnonymousAuthorized(ComponentDto project) { + private void verifyAnyoneAuthorized(ComponentDto project) { userSession.anonymous(); verifyAuthorized(project, true); } - private void verifyAnonymousNotAuthorized(ComponentDto project) { + private void verifyAnyoneNotAuthorized(ComponentDto project) { userSession.anonymous(); verifyAuthorized(project, false); } @@ -274,4 +291,10 @@ public class PermissionIndexerTest { fooIndexer.indexProject(project.uuid(), ProjectIndexer.Cause.PROJECT_CREATION); return project; } + + private ComponentDto createAndIndexProject(OrganizationDto org) { + ComponentDto project = componentDbTester.insertProject(org); + fooIndexer.indexProject(project.uuid(), ProjectIndexer.Cause.PROJECT_CREATION); + return project; + } }