From: Simon Brandhof Date: Wed, 11 Jul 2012 22:08:27 +0000 (+0200) Subject: Improve and refactor the ResourcePermissions component X-Git-Tag: 3.2~124 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=21d26b2b4dbc8d47e9972f45d402f86448b47f48;p=sonarqube.git Improve and refactor the ResourcePermissions component --- diff --git a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/CorePlugin.java b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/CorePlugin.java index cad94d72a16..6e8241b91f4 100644 --- a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/CorePlugin.java +++ b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/CorePlugin.java @@ -36,7 +36,7 @@ import org.sonar.plugins.core.filters.MyFavouritesFilter; import org.sonar.plugins.core.filters.ProjectFilter; import org.sonar.plugins.core.filters.TreeMapFilter; import org.sonar.plugins.core.security.ApplyProjectRolesDecorator; -import org.sonar.plugins.core.security.DefaultResourcePermissioning; +import org.sonar.plugins.core.security.DefaultResourcePermissions; import org.sonar.plugins.core.sensors.*; import org.sonar.plugins.core.testdetailsviewer.TestsViewerDefinition; import org.sonar.plugins.core.timemachine.*; @@ -306,7 +306,7 @@ public final class CorePlugin extends SonarPlugin { ItLineCoverageDecorator.class, ItCoverageDecorator.class, ItBranchCoverageDecorator.class, - DefaultResourcePermissioning.class, + DefaultResourcePermissions.class, ApplyProjectRolesDecorator.class, ExcludedResourceFilter.class, CommentDensityDecorator.class, diff --git a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/ApplyProjectRolesDecorator.java b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/ApplyProjectRolesDecorator.java index 332014b1bd0..fc5e21bc95f 100644 --- a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/ApplyProjectRolesDecorator.java +++ b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/ApplyProjectRolesDecorator.java @@ -26,17 +26,17 @@ import org.sonar.api.batch.DecoratorContext; import org.sonar.api.resources.Project; import org.sonar.api.resources.Qualifiers; import org.sonar.api.resources.Resource; -import org.sonar.api.security.ResourcePermissioning; +import org.sonar.api.security.ResourcePermissions; import java.util.Set; public class ApplyProjectRolesDecorator implements Decorator { - private final ResourcePermissioning resourcePermissioning; + private final ResourcePermissions resourcePermissions; private final Set QUALIFIERS = ImmutableSet.of(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.SUBVIEW); - public ApplyProjectRolesDecorator(ResourcePermissioning resourcePermissioning) { - this.resourcePermissioning = resourcePermissioning; + public ApplyProjectRolesDecorator(ResourcePermissions resourcePermissions) { + this.resourcePermissions = resourcePermissions; } public boolean shouldExecuteOnProject(Project project) { @@ -46,12 +46,12 @@ public class ApplyProjectRolesDecorator implements Decorator { public void decorate(Resource resource, DecoratorContext context) { if (shouldDecorateResource(resource)) { LoggerFactory.getLogger(ApplyProjectRolesDecorator.class).info("Grant default permissions to {}", resource.getKey()); - resourcePermissioning.grantDefaultRoles(resource); + resourcePermissions.grantDefaultRoles(resource); } } private boolean shouldDecorateResource(Resource resource) { - return resource.getId() != null && QUALIFIERS.contains(resource.getQualifier()) && !resourcePermissioning.hasRoles(resource); + return resource.getId() != null && QUALIFIERS.contains(resource.getQualifier()) && !resourcePermissions.hasRoles(resource); } } diff --git a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/DefaultResourcePermissioning.java b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/DefaultResourcePermissioning.java deleted file mode 100644 index dbb0313fd3f..00000000000 --- a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/DefaultResourcePermissioning.java +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Sonar, open source software quality management tool. - * Copyright (C) 2008-2012 SonarSource - * mailto:contact AT sonarsource DOT com - * - * Sonar is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * Sonar is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with Sonar; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 - */ -package org.sonar.plugins.core.security; - -import org.apache.ibatis.session.SqlSession; -import org.sonar.api.BatchExtension; -import org.sonar.api.config.Settings; -import org.sonar.api.resources.Resource; -import org.sonar.api.security.DefaultGroups; -import org.sonar.api.security.ResourcePermissioning; -import org.sonar.api.web.UserRole; -import org.sonar.core.persistence.MyBatis; -import org.sonar.core.user.*; - -/** - * @since 3.2 - */ -public class DefaultResourcePermissioning implements ResourcePermissioning, BatchExtension { - - private final Settings settings; - private final MyBatis myBatis; - - public DefaultResourcePermissioning(Settings settings, MyBatis myBatis) { - this.settings = settings; - this.myBatis = myBatis; - } - - public boolean hasRoles(Resource resource) { - if (resource.getId() != null) { - SqlSession session = myBatis.openSession(); - try { - RoleMapper roleMapper = session.getMapper(RoleMapper.class); - Long resourceId = Long.valueOf(resource.getId()); - return roleMapper.countGroupRoles(resourceId) + roleMapper.countUserRoles(resourceId) > 0; - - } finally { - MyBatis.closeQuietly(session); - } - } - return false; - } - - public void grantUserRole(Resource resource, String login, String role) { - if (resource.getId() != null) { - SqlSession session = myBatis.openSession(); - try { - UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(login); - if (user != null) { - UserRoleDto userRole = new UserRoleDto() - .setRole(role) - .setUserId(user.getId()) - .setResourceId(Long.valueOf(resource.getId())); - session.getMapper(RoleMapper.class).insertUserRole(userRole); - session.commit(); - } - } finally { - MyBatis.closeQuietly(session); - } - } - } - - public void grantGroupRole(Resource resource, String groupName, String role) { - if (resource.getId() != null) { - SqlSession session = myBatis.openSession(); - try { - GroupRoleDto groupRole = new GroupRoleDto() - .setRole(role) - .setResourceId(Long.valueOf(resource.getId())); - if (DefaultGroups.isAnyone(groupName)) { - session.getMapper(RoleMapper.class).insertGroupRole(groupRole); - session.commit(); - } else { - GroupDto group = session.getMapper(UserMapper.class).selectGroupByName(groupName); - if (group != null) { - session.getMapper(RoleMapper.class).insertGroupRole(groupRole.setGroupId(group.getId())); - session.commit(); - } - } - } finally { - MyBatis.closeQuietly(session); - } - } - } - - public void grantDefaultRoles(Resource resource) { - if (resource.getId() != null) { - SqlSession session = myBatis.openSession(); - try { - removeRoles(resource, session); - grantDefaultRoles(resource, UserRole.ADMIN, session); - grantDefaultRoles(resource, UserRole.USER, session); - grantDefaultRoles(resource, UserRole.CODEVIEWER, session); - session.commit(); - } finally { - MyBatis.closeQuietly(session); - } - } - } - - private void removeRoles(Resource resource, SqlSession session) { - Long resourceId = Long.valueOf(resource.getId()); - RoleMapper mapper = session.getMapper(RoleMapper.class); - mapper.deleteGroupRolesByResourceId(resourceId); - mapper.deleteUserRolesByResourceId(resourceId); - } - - private void grantDefaultRoles(Resource resource, String role, SqlSession session) { - UserMapper userMapper = session.getMapper(UserMapper.class); - RoleMapper roleMapper = session.getMapper(RoleMapper.class); - - String[] groupNames = settings.getStringArrayBySeparator("sonar.role." + role + "." + resource.getQualifier() + ".defaultGroups", ","); - for (String groupName : groupNames) { - GroupRoleDto groupRole = new GroupRoleDto().setRole(role).setResourceId(Long.valueOf(resource.getId())); - if (DefaultGroups.isAnyone(groupName)) { - roleMapper.insertGroupRole(groupRole); - } else { - GroupDto group = userMapper.selectGroupByName(groupName); - if (group != null) { - roleMapper.insertGroupRole(groupRole.setGroupId(group.getId())); - } - } - } - - String[] logins = settings.getStringArrayBySeparator("sonar.role." + role + "." + resource.getQualifier() + ".defaultUsers", ","); - for (String login : logins) { - UserDto user = userMapper.selectUserByLogin(login); - if (user != null) { - roleMapper.insertUserRole(new UserRoleDto().setRole(role).setUserId(user.getId()).setResourceId(Long.valueOf(resource.getId()))); - } - } - } -} diff --git a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/DefaultResourcePermissions.java b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/DefaultResourcePermissions.java new file mode 100644 index 00000000000..67069da3a36 --- /dev/null +++ b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/DefaultResourcePermissions.java @@ -0,0 +1,155 @@ +/* + * Sonar, open source software quality management tool. + * Copyright (C) 2008-2012 SonarSource + * mailto:contact AT sonarsource DOT com + * + * Sonar is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * Sonar is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Sonar; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 + */ +package org.sonar.plugins.core.security; + +import org.apache.ibatis.session.SqlSession; +import org.sonar.api.BatchExtension; +import org.sonar.api.config.Settings; +import org.sonar.api.resources.Resource; +import org.sonar.api.security.DefaultGroups; +import org.sonar.api.security.ResourcePermissions; +import org.sonar.api.web.UserRole; +import org.sonar.core.persistence.MyBatis; +import org.sonar.core.user.*; + +/** + * @since 3.2 + */ +public class DefaultResourcePermissions implements ResourcePermissions, BatchExtension { + + private final Settings settings; + private final MyBatis myBatis; + + public DefaultResourcePermissions(Settings settings, MyBatis myBatis) { + this.settings = settings; + this.myBatis = myBatis; + } + + public boolean hasRoles(Resource resource) { + if (resource.getId() != null) { + SqlSession session = myBatis.openSession(); + try { + RoleMapper roleMapper = session.getMapper(RoleMapper.class); + Long resourceId = Long.valueOf(resource.getId()); + return roleMapper.countGroupRoles(resourceId) + roleMapper.countUserRoles(resourceId) > 0; + + } finally { + MyBatis.closeQuietly(session); + } + } + return false; + } + + public void grantUserRole(Resource resource, String login, String role) { + if (resource.getId() != null) { + SqlSession session = myBatis.openSession(); + try { + UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(login); + if (user != null) { + UserRoleDto userRole = new UserRoleDto() + .setRole(role) + .setUserId(user.getId()) + .setResourceId(Long.valueOf(resource.getId())); + RoleMapper roleMapper = session.getMapper(RoleMapper.class); + roleMapper.deleteUserRole(userRole); + roleMapper.insertUserRole(userRole); + session.commit(); + } + } finally { + MyBatis.closeQuietly(session); + } + } + } + + public void grantGroupRole(Resource resource, String groupName, String role) { + if (resource.getId() != null) { + SqlSession session = myBatis.openSession(); + try { + GroupRoleDto groupRole = new GroupRoleDto() + .setRole(role) + .setResourceId(Long.valueOf(resource.getId())); + RoleMapper roleMapper = session.getMapper(RoleMapper.class); + if (DefaultGroups.isAnyone(groupName)) { + roleMapper.deleteGroupRole(groupRole); + roleMapper.insertGroupRole(groupRole); + session.commit(); + } else { + GroupDto group = session.getMapper(UserMapper.class).selectGroupByName(groupName); + if (group != null) { + groupRole.setGroupId(group.getId()); + roleMapper.deleteGroupRole(groupRole); + roleMapper.insertGroupRole(groupRole); + session.commit(); + } + } + } finally { + MyBatis.closeQuietly(session); + } + } + } + + public void grantDefaultRoles(Resource resource) { + if (resource.getId() != null) { + SqlSession session = myBatis.openSession(); + try { + removeRoles(resource, session); + grantDefaultRoles(resource, UserRole.ADMIN, session); + grantDefaultRoles(resource, UserRole.USER, session); + grantDefaultRoles(resource, UserRole.CODEVIEWER, session); + session.commit(); + } finally { + MyBatis.closeQuietly(session); + } + } + } + + private void removeRoles(Resource resource, SqlSession session) { + Long resourceId = Long.valueOf(resource.getId()); + RoleMapper mapper = session.getMapper(RoleMapper.class); + mapper.deleteGroupRolesByResourceId(resourceId); + mapper.deleteUserRolesByResourceId(resourceId); + } + + private void grantDefaultRoles(Resource resource, String role, SqlSession session) { + UserMapper userMapper = session.getMapper(UserMapper.class); + RoleMapper roleMapper = session.getMapper(RoleMapper.class); + + String[] groupNames = settings.getStringArrayBySeparator("sonar.role." + role + "." + resource.getQualifier() + ".defaultGroups", ","); + for (String groupName : groupNames) { + GroupRoleDto groupRole = new GroupRoleDto().setRole(role).setResourceId(Long.valueOf(resource.getId())); + if (DefaultGroups.isAnyone(groupName)) { + roleMapper.insertGroupRole(groupRole); + } else { + GroupDto group = userMapper.selectGroupByName(groupName); + if (group != null) { + roleMapper.insertGroupRole(groupRole.setGroupId(group.getId())); + } + } + } + + String[] logins = settings.getStringArrayBySeparator("sonar.role." + role + "." + resource.getQualifier() + ".defaultUsers", ","); + for (String login : logins) { + UserDto user = userMapper.selectUserByLogin(login); + if (user != null) { + roleMapper.insertUserRole(new UserRoleDto().setRole(role).setUserId(user.getId()).setResourceId(Long.valueOf(resource.getId()))); + } + } + } +} diff --git a/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/ApplyProjectRolesDecoratorTest.java b/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/ApplyProjectRolesDecoratorTest.java index beccb6585cf..fae6c26ce5d 100644 --- a/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/ApplyProjectRolesDecoratorTest.java +++ b/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/ApplyProjectRolesDecoratorTest.java @@ -22,20 +22,20 @@ package org.sonar.plugins.core.security; import org.junit.Before; import org.junit.Test; import org.sonar.api.resources.Project; -import org.sonar.api.security.ResourcePermissioning; +import org.sonar.api.security.ResourcePermissions; import static org.fest.assertions.Assertions.assertThat; import static org.mockito.Mockito.*; public class ApplyProjectRolesDecoratorTest { - private ResourcePermissioning resourcePermissioning; + private ResourcePermissions resourcePermissions; private ApplyProjectRolesDecorator decorator; @Before public void init() { - resourcePermissioning = mock(ResourcePermissioning.class); - decorator = new ApplyProjectRolesDecorator(resourcePermissioning); + resourcePermissions = mock(ResourcePermissions.class); + decorator = new ApplyProjectRolesDecorator(resourcePermissions); } @Test @@ -47,11 +47,11 @@ public class ApplyProjectRolesDecoratorTest { public void doNotGrantDefaultRolesWhenExistingPermissions() { Project project = new Project("project"); project.setId(10); - when(resourcePermissioning.hasRoles(project)).thenReturn(true); + when(resourcePermissions.hasRoles(project)).thenReturn(true); decorator.decorate(project, null); - verify(resourcePermissioning, never()).grantDefaultRoles(project); + verify(resourcePermissions, never()).grantDefaultRoles(project); } @Test @@ -59,22 +59,22 @@ public class ApplyProjectRolesDecoratorTest { Project project = new Project("project"); Project module = new Project("module").setParent(project); module.setId(10); - when(resourcePermissioning.hasRoles(project)).thenReturn(false); + when(resourcePermissions.hasRoles(project)).thenReturn(false); decorator.decorate(module, null); - verify(resourcePermissioning, never()).grantDefaultRoles(module); + verify(resourcePermissions, never()).grantDefaultRoles(module); } @Test public void grantDefaultRolesWhenNoPermissions() { Project project = new Project("project"); project.setId(10); - when(resourcePermissioning.hasRoles(project)).thenReturn(false); + when(resourcePermissions.hasRoles(project)).thenReturn(false); decorator.decorate(project, null); - verify(resourcePermissioning).grantDefaultRoles(project); + verify(resourcePermissions).grantDefaultRoles(project); } } diff --git a/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/DefaultResourcePermissioningTest.java b/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/DefaultResourcePermissioningTest.java deleted file mode 100644 index 50afeaaf526..00000000000 --- a/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/DefaultResourcePermissioningTest.java +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Sonar, open source software quality management tool. - * Copyright (C) 2008-2012 SonarSource - * mailto:contact AT sonarsource DOT com - * - * Sonar is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * Sonar is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with Sonar; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 - */ -package org.sonar.plugins.core.security; - -import org.junit.Test; -import org.sonar.api.config.Settings; -import org.sonar.api.resources.Project; -import org.sonar.api.resources.Resource; -import org.sonar.api.security.DefaultGroups; -import org.sonar.core.persistence.AbstractDaoTestCase; - -import static org.fest.assertions.Assertions.assertThat; - -public class DefaultResourcePermissioningTest extends AbstractDaoTestCase { - - private Resource project = new Project("project").setId(123); - - @Test - public void grantGroupRole() { - setupData("grantGroupRole"); - - DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis()); - permissioning.grantGroupRole(project, "sonar-administrators", "admin"); - - checkTables("grantGroupRole", "group_roles"); - } - - @Test - public void grantGroupRole_anyone() { - setupData("grantGroupRole_anyone"); - - DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis()); - permissioning.grantGroupRole(project, DefaultGroups.ANYONE, "admin"); - - checkTables("grantGroupRole_anyone", "group_roles"); - } - - @Test - public void grantGroupRole_ignore_if_group_not_found() { - setupData("grantGroupRole_ignore_if_group_not_found"); - - DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis()); - permissioning.grantGroupRole(project, "not_found", "admin"); - - checkTables("grantGroupRole_ignore_if_group_not_found", "group_roles"); - } - - @Test - public void grantGroupRole_ignore_if_not_persisted() { - setupData("grantGroupRole_ignore_if_not_persisted"); - - DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis()); - Project resourceWithoutId = new Project(""); - permissioning.grantGroupRole(resourceWithoutId, "sonar-users", "admin"); - - checkTables("grantGroupRole_ignore_if_not_persisted", "group_roles"); - } - - @Test - public void grantDefaultRoles() { - setupData("grantDefaultRoles"); - - Settings settings = new Settings(); - settings.setProperty("sonar.role.admin.TRK.defaultGroups", "sonar-administrators"); - settings.setProperty("sonar.role.admin.TRK.defaultUsers", ""); - settings.setProperty("sonar.role.user.TRK.defaultGroups", "Anyone,sonar-users"); - settings.setProperty("sonar.role.user.TRK.defaultUsers", ""); - settings.setProperty("sonar.role.codeviewer.TRK.defaultGroups", "Anyone,sonar-users"); - settings.setProperty("sonar.role.codeviewer.TRK.defaultUsers", ""); - DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis()); - - permissioning.grantDefaultRoles(project); - - checkTables("grantDefaultRoles", "user_roles", "group_roles"); - } - - @Test - public void grantDefaultRoles_unknown_group() { - setupData("grantDefaultRoles_unknown_group"); - - Settings settings = new Settings(); - settings.setProperty("sonar.role.admin.TRK.defaultGroups", "sonar-administrators,unknown"); - DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis()); - permissioning.grantDefaultRoles(project); - - checkTables("grantDefaultRoles_unknown_group", "group_roles"); - } - - @Test - public void grantDefaultRoles_users() { - setupData("grantDefaultRoles_users"); - - Settings settings = new Settings(); - settings.setProperty("sonar.role.admin.TRK.defaultUsers", "marius,disabled,notfound"); - DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis()); - permissioning.grantDefaultRoles(project); - - checkTables("grantDefaultRoles_users", "user_roles"); - } - - @Test - public void hasRoles() { - setupData("hasRoles"); - DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis()); - - // no groups and at least one user - assertThat(permissioning.hasRoles(new Project("only_users").setId(1))).isTrue(); - - // no users and at least one group - assertThat(permissioning.hasRoles(new Project("only_groups").setId(2))).isTrue(); - - // groups and users - assertThat(permissioning.hasRoles(new Project("groups_and_users").setId(3))).isTrue(); - - // no groups, no users - assertThat(permissioning.hasRoles(new Project("no_groups_no_users").setId(4))).isFalse(); - - // does not exist - assertThat(permissioning.hasRoles(new Project("not_found"))).isFalse(); - } -} \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/DefaultResourcePermissionsTest.java b/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/DefaultResourcePermissionsTest.java new file mode 100644 index 00000000000..319c9b1d27e --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/DefaultResourcePermissionsTest.java @@ -0,0 +1,154 @@ +/* + * Sonar, open source software quality management tool. + * Copyright (C) 2008-2012 SonarSource + * mailto:contact AT sonarsource DOT com + * + * Sonar is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * Sonar is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Sonar; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 + */ +package org.sonar.plugins.core.security; + +import org.junit.Test; +import org.sonar.api.config.Settings; +import org.sonar.api.resources.Project; +import org.sonar.api.resources.Resource; +import org.sonar.api.security.DefaultGroups; +import org.sonar.core.persistence.AbstractDaoTestCase; + +import static org.fest.assertions.Assertions.assertThat; + +public class DefaultResourcePermissionsTest extends AbstractDaoTestCase { + + private Resource project = new Project("project").setId(123); + + @Test + public void grantGroupRole() { + setupData("grantGroupRole"); + + DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis()); + permissions.grantGroupRole(project, "sonar-administrators", "admin"); + + // do not insert duplicated rows + permissions.grantGroupRole(project, "sonar-administrators", "admin"); + + checkColumns("grantGroupRole", "group_roles", "group_id", "resource_id", "role"); + } + + @Test + public void grantGroupRole_anyone() { + setupData("grantGroupRole_anyone"); + + DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis()); + permissions.grantGroupRole(project, DefaultGroups.ANYONE, "admin"); + + checkTables("grantGroupRole_anyone", "group_roles"); + } + + @Test + public void grantGroupRole_ignore_if_group_not_found() { + setupData("grantGroupRole_ignore_if_group_not_found"); + + DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis()); + permissions.grantGroupRole(project, "not_found", "admin"); + + checkTables("grantGroupRole_ignore_if_group_not_found", "group_roles"); + } + + @Test + public void grantGroupRole_ignore_if_not_persisted() { + setupData("grantGroupRole_ignore_if_not_persisted"); + + DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis()); + Project resourceWithoutId = new Project(""); + permissions.grantGroupRole(resourceWithoutId, "sonar-users", "admin"); + + checkTables("grantGroupRole_ignore_if_not_persisted", "group_roles"); + } + + @Test + public void grantUserRole() { + setupData("grantUserRole"); + + DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis()); + permissions.grantUserRole(project, "marius", "admin"); + + // do not insert duplicated rows + permissions.grantUserRole(project, "marius", "admin"); + + checkColumns("grantUserRole", "user_roles", "user_id", "resource_id", "role"); + } + + @Test + public void grantDefaultRoles() { + setupData("grantDefaultRoles"); + + Settings settings = new Settings(); + settings.setProperty("sonar.role.admin.TRK.defaultGroups", "sonar-administrators"); + settings.setProperty("sonar.role.admin.TRK.defaultUsers", ""); + settings.setProperty("sonar.role.user.TRK.defaultGroups", "Anyone,sonar-users"); + settings.setProperty("sonar.role.user.TRK.defaultUsers", ""); + settings.setProperty("sonar.role.codeviewer.TRK.defaultGroups", "Anyone,sonar-users"); + settings.setProperty("sonar.role.codeviewer.TRK.defaultUsers", ""); + DefaultResourcePermissions permissions = new DefaultResourcePermissions(settings, getMyBatis()); + + permissions.grantDefaultRoles(project); + + checkTables("grantDefaultRoles", "user_roles", "group_roles"); + } + + @Test + public void grantDefaultRoles_unknown_group() { + setupData("grantDefaultRoles_unknown_group"); + + Settings settings = new Settings(); + settings.setProperty("sonar.role.admin.TRK.defaultGroups", "sonar-administrators,unknown"); + DefaultResourcePermissions permissions = new DefaultResourcePermissions(settings, getMyBatis()); + permissions.grantDefaultRoles(project); + + checkTables("grantDefaultRoles_unknown_group", "group_roles"); + } + + @Test + public void grantDefaultRoles_users() { + setupData("grantDefaultRoles_users"); + + Settings settings = new Settings(); + settings.setProperty("sonar.role.admin.TRK.defaultUsers", "marius,disabled,notfound"); + DefaultResourcePermissions permissions = new DefaultResourcePermissions(settings, getMyBatis()); + permissions.grantDefaultRoles(project); + + checkTables("grantDefaultRoles_users", "user_roles"); + } + + @Test + public void hasRoles() { + setupData("hasRoles"); + DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis()); + + // no groups and at least one user + assertThat(permissions.hasRoles(new Project("only_users").setId(1))).isTrue(); + + // no users and at least one group + assertThat(permissions.hasRoles(new Project("only_groups").setId(2))).isTrue(); + + // groups and users + assertThat(permissions.hasRoles(new Project("groups_and_users").setId(3))).isTrue(); + + // no groups, no users + assertThat(permissions.hasRoles(new Project("no_groups_no_users").setId(4))).isFalse(); + + // does not exist + assertThat(permissions.hasRoles(new Project("not_found"))).isFalse(); + } +} \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles-result.xml deleted file mode 100644 index f4154d15024..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles-result.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles.xml deleted file mode 100644 index 21a4dda2ccf..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - - - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_unknown_group-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_unknown_group-result.xml deleted file mode 100644 index ef56a12934c..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_unknown_group-result.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - - - - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_unknown_group.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_unknown_group.xml deleted file mode 100644 index 21a4dda2ccf..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_unknown_group.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - - - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_users-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_users-result.xml deleted file mode 100644 index caff65f9e21..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_users-result.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - - - - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_users.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_users.xml deleted file mode 100644 index 7c5f6c5d347..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultRoles_users.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole-result.xml deleted file mode 100644 index db7b21199a5..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole-result.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole.xml deleted file mode 100644 index 6a4d9c92410..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole.xml +++ /dev/null @@ -1,4 +0,0 @@ - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_anyone-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_anyone-result.xml deleted file mode 100644 index 4b48bf9e59a..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_anyone-result.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_anyone.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_anyone.xml deleted file mode 100644 index 6a4d9c92410..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_anyone.xml +++ /dev/null @@ -1,4 +0,0 @@ - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_group_not_found-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_group_not_found-result.xml deleted file mode 100644 index 78695dd52b2..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_group_not_found-result.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_group_not_found.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_group_not_found.xml deleted file mode 100644 index 78695dd52b2..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_group_not_found.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_not_persisted-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_not_persisted-result.xml deleted file mode 100644 index 78695dd52b2..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_not_persisted-result.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_not_persisted.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_not_persisted.xml deleted file mode 100644 index 78695dd52b2..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantGroupRole_ignore_if_not_persisted.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/hasRoles.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/hasRoles.xml deleted file mode 100644 index 3d5f9a5ecf2..00000000000 --- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/hasRoles.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles-result.xml new file mode 100644 index 00000000000..f4154d15024 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles-result.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles.xml new file mode 100644 index 00000000000..21a4dda2ccf --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles.xml @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_unknown_group-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_unknown_group-result.xml new file mode 100644 index 00000000000..ef56a12934c --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_unknown_group-result.xml @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_unknown_group.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_unknown_group.xml new file mode 100644 index 00000000000..21a4dda2ccf --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_unknown_group.xml @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_users-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_users-result.xml new file mode 100644 index 00000000000..caff65f9e21 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_users-result.xml @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_users.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_users.xml new file mode 100644 index 00000000000..7c5f6c5d347 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantDefaultRoles_users.xml @@ -0,0 +1,11 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole-result.xml new file mode 100644 index 00000000000..9d3ae472eb6 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole-result.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole.xml new file mode 100644 index 00000000000..6a4d9c92410 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_anyone-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_anyone-result.xml new file mode 100644 index 00000000000..4b48bf9e59a --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_anyone-result.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_anyone.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_anyone.xml new file mode 100644 index 00000000000..6a4d9c92410 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_anyone.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_group_not_found-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_group_not_found-result.xml new file mode 100644 index 00000000000..78695dd52b2 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_group_not_found-result.xml @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_group_not_found.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_group_not_found.xml new file mode 100644 index 00000000000..78695dd52b2 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_group_not_found.xml @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_not_persisted-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_not_persisted-result.xml new file mode 100644 index 00000000000..78695dd52b2 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_not_persisted-result.xml @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_not_persisted.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_not_persisted.xml new file mode 100644 index 00000000000..78695dd52b2 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantGroupRole_ignore_if_not_persisted.xml @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantUserRole-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantUserRole-result.xml new file mode 100644 index 00000000000..7f154cd1915 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantUserRole-result.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantUserRole.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantUserRole.xml new file mode 100644 index 00000000000..d513321d554 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/grantUserRole.xml @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/hasRoles.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/hasRoles.xml new file mode 100644 index 00000000000..3d5f9a5ecf2 --- /dev/null +++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissionsTest/hasRoles.xml @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java b/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java index 79e83c766be..9b7abc5a9bc 100644 --- a/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java +++ b/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java @@ -28,6 +28,10 @@ public interface RoleMapper { void insertUserRole(UserRoleDto userRole); + void deleteUserRole(UserRoleDto userRole); + + void deleteGroupRole(GroupRoleDto groupRole); + void deleteGroupRolesByResourceId(Long resourceId); void deleteUserRolesByResourceId(Long resourceId); diff --git a/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml b/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml index 720a7690d4e..bbef4611eed 100644 --- a/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml +++ b/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml @@ -31,6 +31,22 @@ VALUES (#{id}, #{userId}, #{resourceId}, #{role}) + + delete from group_roles where resource_id=#{resourceId} and role=#{role} + + + and group_id=#{groupId} + + + and group_id is null + + + + + + delete from user_roles where resource_id=#{resourceId} and user_id=#{userId} and role=#{role} + + delete from group_roles where resource_id=#{id} diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissioning.java b/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissioning.java deleted file mode 100644 index 270dd52f8d3..00000000000 --- a/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissioning.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Sonar, open source software quality management tool. - * Copyright (C) 2008-2012 SonarSource - * mailto:contact AT sonarsource DOT com - * - * Sonar is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * Sonar is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with Sonar; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 - */ -package org.sonar.api.security; - -import org.sonar.api.BatchComponent; -import org.sonar.api.resources.Resource; - -/** - * Grant access to newly created projects. - * - *

This component is not supposed to be called by standard plugins.

- * - * @since 3.2 - */ -public interface ResourcePermissioning extends BatchComponent { - - boolean hasRoles(Resource resource); - - void grantDefaultRoles(Resource resource); - - void grantUserRole(Resource resource, String login, String role); - - void grantGroupRole(Resource resource, String groupName, String role); -} diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissions.java b/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissions.java new file mode 100644 index 00000000000..e63d963455d --- /dev/null +++ b/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissions.java @@ -0,0 +1,41 @@ +/* + * Sonar, open source software quality management tool. + * Copyright (C) 2008-2012 SonarSource + * mailto:contact AT sonarsource DOT com + * + * Sonar is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * Sonar is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Sonar; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02 + */ +package org.sonar.api.security; + +import org.sonar.api.BatchComponent; +import org.sonar.api.resources.Resource; + +/** + * Grant access to newly created projects. + * + *

This component is not supposed to be called by standard plugins.

+ * + * @since 3.2 + */ +public interface ResourcePermissions extends BatchComponent { + + boolean hasRoles(Resource resource); + + void grantDefaultRoles(Resource resource); + + void grantUserRole(Resource resource, String login, String role); + + void grantGroupRole(Resource resource, String groupName, String role); +}