From: Teryk Bellahsene Date: Tue, 11 Aug 2015 12:40:19 +0000 (+0200) Subject: SONAR-6487 WS permissions/groups with project permissions X-Git-Tag: 5.2-RC1~766 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=38c3e2b09e351696e994001495a0587eb5c2b5a6;p=sonarqube.git SONAR-6487 WS permissions/groups with project permissions --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java index a8850b6fb62..3343ade3b26 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java @@ -20,33 +20,40 @@ package org.sonar.server.permission.ws; +import com.google.common.base.Optional; +import com.google.common.collect.ImmutableSortedSet; import com.google.common.io.Resources; import java.util.List; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; -import org.sonar.api.utils.text.JsonWriter; +import org.sonar.api.server.ws.WebService.Param; +import org.sonar.api.server.ws.WebService.SelectionMode; +import org.sonar.core.permission.ComponentPermissions; import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.permission.GroupWithPermission; -import org.sonar.core.util.ProtobufJsonFormat; +import org.sonar.db.component.ComponentDto; import org.sonar.db.permission.PermissionQuery; import org.sonar.server.permission.GroupWithPermissionQueryResult; import org.sonar.server.permission.PermissionFinder; -import org.sonar.server.plugins.MimeTypes; -import org.sonar.server.user.UserSession; import org.sonarqube.ws.Common; import org.sonarqube.ws.Permissions; import static com.google.common.base.Objects.firstNonNull; +import static org.sonar.core.permission.GlobalPermissions.DASHBOARD_SHARING; import static org.sonar.server.permission.PermissionQueryParser.toMembership; +import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PERMISSION; +import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PROJECT_KEY; +import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PROJECT_UUID; +import static org.sonar.server.ws.WsUtils.writeProtobuf; public class GroupsAction implements PermissionsWsAction { - private final UserSession userSession; private final PermissionFinder permissionFinder; + private final PermissionWsCommons permissionWsCommons; - public GroupsAction(UserSession userSession, PermissionFinder permissionFinder) { - this.userSession = userSession; + public GroupsAction(PermissionFinder permissionFinder, PermissionWsCommons permissionWsCommons) { this.permissionFinder = permissionFinder; + this.permissionWsCommons = permissionWsCommons; } @Override @@ -55,45 +62,48 @@ public class GroupsAction implements PermissionsWsAction { .setSince("5.2") .setInternal(true) .setDescription(String.format("List permission's groups.
" + + "If the project id or project key is provided, groups with project permissions are returned.
" + "If the query parameter '%s' is specified, the '%s' parameter is '%s'.", - WebService.Param.TEXT_QUERY, WebService.Param.SELECTED, WebService.SelectionMode.ALL.value())) + Param.TEXT_QUERY, Param.SELECTED, SelectionMode.ALL.value())) .addPagingParams(100) .addSearchQuery("sonar", "names") .addSelectionModeParam() .setResponseExample(Resources.getResource(getClass(), "groups-example.json")) .setHandler(this); - action.createParam("permission") - .setExampleValue("scan") + action.createParam(PARAM_PERMISSION) + .setExampleValue(DASHBOARD_SHARING) .setRequired(true) - .setPossibleValues(GlobalPermissions.ALL); + .setPossibleValues(ImmutableSortedSet.naturalOrder() + .addAll(GlobalPermissions.ALL) + .addAll(ComponentPermissions.ALL) + .build()); + + action.createParam(PARAM_PROJECT_UUID) + .setExampleValue("ce4c03d6-430f-40a9-b777-ad877c00aa4d") + .setDescription("Project id"); + + action.createParam(PARAM_PROJECT_KEY) + .setExampleValue("org.apache.hbas:hbase") + .setDescription("Project key"); } @Override - public void handle(Request request, Response response) throws Exception { - String permission = request.mandatoryParam("permission"); - String selected = request.param(WebService.Param.SELECTED); - int page = request.mandatoryParamAsInt(WebService.Param.PAGE); - int pageSize = request.mandatoryParamAsInt(WebService.Param.PAGE_SIZE); - String query = request.param(WebService.Param.TEXT_QUERY); - if (query != null) { - selected = WebService.SelectionMode.ALL.value(); - } + public void handle(Request wsRequest, Response wsResponse) throws Exception { + int page = wsRequest.mandatoryParamAsInt(Param.PAGE); + int pageSize = wsRequest.mandatoryParamAsInt(Param.PAGE_SIZE); - userSession - .checkLoggedIn() - .checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + Optional project = permissionWsCommons.searchProject(wsRequest); + permissionWsCommons.checkPermissions(project); - PermissionQuery.Builder permissionQuery = PermissionQuery.builder() - .permission(permission) - .pageIndex(page) - .pageSize(pageSize) - .membership(toMembership(firstNonNull(selected, WebService.SelectionMode.SELECTED.value()))); - if (query != null) { - permissionQuery.search(query); - } + PermissionQuery permissionQuery = buildPermissionQuery(wsRequest, project); + Permissions.GroupsResponse groupsResponse = groupsResponse(permissionQuery, page, pageSize); + + writeProtobuf(groupsResponse, wsRequest, wsResponse); + } - GroupWithPermissionQueryResult groupsResult = permissionFinder.findGroupsWithPermission(permissionQuery.build()); + private Permissions.GroupsResponse groupsResponse(PermissionQuery permissionQuery, int page, int pageSize) { + GroupWithPermissionQueryResult groupsResult = permissionFinder.findGroupsWithPermission(permissionQuery); List groupsWithPermission = groupsResult.groups(); Permissions.GroupsResponse.Builder groupsResponse = Permissions.GroupsResponse.newBuilder(); @@ -123,9 +133,31 @@ public class GroupsAction implements PermissionsWsAction { .setTotal(groupsResult.total()) ); - response.stream().setMediaType(MimeTypes.JSON); - JsonWriter json = response.newJsonWriter(); - ProtobufJsonFormat.write(groupsResponse.build(), json); - json.close(); + return groupsResponse.build(); + } + + private static PermissionQuery buildPermissionQuery(Request wsRequest, Optional project) { + String permission = wsRequest.mandatoryParam("permission"); + String selected = wsRequest.param(Param.SELECTED); + int page = wsRequest.mandatoryParamAsInt(Param.PAGE); + int pageSize = wsRequest.mandatoryParamAsInt(Param.PAGE_SIZE); + String query = wsRequest.param(Param.TEXT_QUERY); + if (query != null) { + selected = SelectionMode.ALL.value(); + } + + PermissionQuery.Builder permissionQuery = PermissionQuery.builder() + .permission(permission) + .pageIndex(page) + .pageSize(pageSize) + .membership(toMembership(firstNonNull(selected, SelectionMode.SELECTED.value()))); + if (query != null) { + permissionQuery.search(query); + } + if (project.isPresent()) { + permissionQuery.component(project.get().getKey()); + } + + return permissionQuery.build(); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionWsCommons.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionWsCommons.java index 445622364a3..1c76b21d769 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionWsCommons.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionWsCommons.java @@ -20,8 +20,13 @@ package org.sonar.server.permission.ws; +import com.google.common.base.Joiner; +import com.google.common.base.Optional; import javax.annotation.Nullable; import org.sonar.api.server.ws.Request; +import org.sonar.api.web.UserRole; +import org.sonar.core.permission.ComponentPermissions; +import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -30,6 +35,9 @@ import org.sonar.server.component.ComponentFinder; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.permission.PermissionChange; +import org.sonar.server.user.UserSession; + +import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; public class PermissionWsCommons { @@ -39,13 +47,17 @@ public class PermissionWsCommons { public static final String PARAM_PROJECT_UUID = "projectId"; public static final String PARAM_PROJECT_KEY = "projectKey"; public static final String PARAM_USER_LOGIN = "login"; + private static final String PROJECT_PERMISSIONS_ONE_LINE = Joiner.on(",").join(ComponentPermissions.ALL); + private static final String GLOBAL_PERMISSIONS_ONE_LINE = Joiner.on(",").join(GlobalPermissions.ALL); private final DbClient dbClient; private final ComponentFinder componentFinder; + private final UserSession userSession; - public PermissionWsCommons(DbClient dbClient, ComponentFinder componentFinder) { + public PermissionWsCommons(DbClient dbClient, ComponentFinder componentFinder, UserSession userSession) { this.dbClient = dbClient; this.componentFinder = componentFinder; + this.userSession = userSession; } public String searchGroupName(DbSession dbSession, @Nullable String groupNameParam, @Nullable Long groupId) { @@ -112,7 +124,36 @@ public class PermissionWsCommons { throw new BadRequestException("Group name or group id must be provided, not both"); } - private static boolean isProjectUuidOrProjectKeyProvided(@Nullable String projectUuid, @Nullable String projectKey) { + static boolean isProjectUuidOrProjectKeyProvided(@Nullable String projectUuid, @Nullable String projectKey) { return projectUuid != null || projectKey != null; } + + Optional searchProject(Request request) { + String projectUuid = request.param(PARAM_PROJECT_UUID); + String projectKey = request.param(PARAM_PROJECT_KEY); + + DbSession dbSession = dbClient.openSession(false); + try { + if (isProjectUuidOrProjectKeyProvided(projectUuid, projectKey)) { + return Optional.of(componentFinder.getProjectByUuidOrKey(dbSession, projectUuid, projectKey)); + } + return Optional.absent(); + } finally { + dbClient.closeSession(dbSession); + } + } + + void checkPermissions(Optional project) { + userSession.checkLoggedIn(); + + if (userSession.hasGlobalPermission(SYSTEM_ADMIN) || projectPresentAndAdminPermissionsOnIt(project)) { + return; + } + + userSession.checkGlobalPermission(SYSTEM_ADMIN); + } + + boolean projectPresentAndAdminPermissionsOnIt(Optional project) { + return project.isPresent() && userSession.hasProjectPermissionByUuid(UserRole.ADMIN, project.get().projectUuid()); + } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java index e6681f9488e..05d0f9783aa 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java @@ -20,34 +20,38 @@ package org.sonar.server.permission.ws; -import com.google.common.io.Resources; +import com.google.common.base.Optional; import java.util.List; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.WebService; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.server.ws.WebService.SelectionMode; -import org.sonar.api.utils.text.JsonWriter; import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.permission.UserWithPermission; -import org.sonar.core.util.ProtobufJsonFormat; +import org.sonar.db.component.ComponentDto; import org.sonar.db.permission.PermissionQuery; import org.sonar.server.permission.PermissionFinder; import org.sonar.server.permission.UserWithPermissionQueryResult; -import org.sonar.server.plugins.MimeTypes; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Common; -import org.sonarqube.ws.Permissions; +import org.sonarqube.ws.Permissions.UsersResponse; import static com.google.common.base.Objects.firstNonNull; import static org.sonar.server.permission.PermissionQueryParser.toMembership; +import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PERMISSION; +import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PROJECT_KEY; +import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PROJECT_UUID; +import static org.sonar.server.ws.WsUtils.writeProtobuf; public class UsersAction implements PermissionsWsAction { private final UserSession userSession; private final PermissionFinder permissionFinder; + private final PermissionWsCommons permissionWsCommons; - public UsersAction(UserSession userSession, PermissionFinder permissionFinder) { + public UsersAction(UserSession userSession, PermissionFinder permissionFinder, PermissionWsCommons permissionWsCommons) { + this.permissionWsCommons = permissionWsCommons; this.userSession = userSession; this.permissionFinder = permissionFinder; } @@ -57,50 +61,49 @@ public class UsersAction implements PermissionsWsAction { WebService.NewAction action = context.createAction("users") .setSince("5.2") .setDescription(String.format("List permission's users.
" + + "If the project id or project key is provided, users with project permissions are returned.
" + "If the query parameter '%s' is specified, the '%s' parameter is '%s'.", Param.TEXT_QUERY, Param.SELECTED, SelectionMode.ALL.value())) .addPagingParams(100) .addSearchQuery("stas", "names") .addSelectionModeParam() .setInternal(true) - .setResponseExample(Resources.getResource(getClass(), "users-example.json")) + .setResponseExample(getClass().getResource("users-example.json")) .setHandler(this); - action.createParam("permission") + action.createParam(PARAM_PERMISSION) .setExampleValue("scan") .setRequired(true) .setPossibleValues(GlobalPermissions.ALL); + + action.createParam(PARAM_PROJECT_UUID) + .setExampleValue("ce4c03d6-430f-40a9-b777-ad877c00aa4d") + .setDescription("Project id"); + + action.createParam(PARAM_PROJECT_KEY) + .setExampleValue("org.apache.hbas:hbase") + .setDescription("Project key"); } @Override - public void handle(Request request, Response response) throws Exception { - String permission = request.mandatoryParam("permission"); - String selected = request.param(Param.SELECTED); - int page = request.mandatoryParamAsInt(Param.PAGE); - int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); - String query = request.param(Param.TEXT_QUERY); - if (query != null) { - selected = SelectionMode.ALL.value(); - } + public void handle(Request wsRequest, Response wsResponse) throws Exception { + int page = wsRequest.mandatoryParamAsInt(Param.PAGE); + int pageSize = wsRequest.mandatoryParamAsInt(Param.PAGE_SIZE); - userSession - .checkLoggedIn() - .checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + Optional project = permissionWsCommons.searchProject(wsRequest); + permissionWsCommons.checkPermissions(project); + PermissionQuery permissionQuery = buildPermissionQuery(wsRequest, project); + UsersResponse usersResponse = usersResponse(permissionQuery, page, pageSize); - PermissionQuery.Builder permissionQuery = PermissionQuery.builder() - .permission(permission) - .pageIndex(page) - .pageSize(pageSize) - .membership(toMembership(firstNonNull(selected, SelectionMode.SELECTED.value()))); - if (query != null) { - permissionQuery.search(query); - } + writeProtobuf(usersResponse, wsRequest, wsResponse); + } - UserWithPermissionQueryResult usersResult = permissionFinder.findUsersWithPermission(permissionQuery.build()); + private UsersResponse usersResponse(PermissionQuery permissionQuery, int page, int pageSize) { + UserWithPermissionQueryResult usersResult = permissionFinder.findUsersWithPermission(permissionQuery); List usersWithPermission = usersResult.users(); - Permissions.UsersResponse.Builder userResponse = Permissions.UsersResponse.newBuilder(); - Permissions.UsersResponse.User.Builder user = Permissions.UsersResponse.User.newBuilder(); + UsersResponse.Builder userResponse = UsersResponse.newBuilder(); + UsersResponse.User.Builder user = UsersResponse.User.newBuilder(); Common.Paging.Builder paging = Common.Paging.newBuilder(); for (UserWithPermission userWithPermission : usersWithPermission) { userResponse.addUsers( @@ -118,9 +121,31 @@ public class UsersAction implements PermissionsWsAction { ); } - response.stream().setMediaType(MimeTypes.JSON); - JsonWriter json = response.newJsonWriter(); - ProtobufJsonFormat.write(userResponse.build(), json); - json.close(); + return userResponse.build(); + } + + private static PermissionQuery buildPermissionQuery(Request request, Optional project) { + String permission = request.mandatoryParam(PARAM_PERMISSION); + String selected = request.param(Param.SELECTED); + int page = request.mandatoryParamAsInt(Param.PAGE); + int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); + String query = request.param(Param.TEXT_QUERY); + if (query != null) { + selected = SelectionMode.ALL.value(); + } + + PermissionQuery.Builder permissionQuery = PermissionQuery.builder() + .permission(permission) + .pageIndex(page) + .pageSize(pageSize) + .membership(toMembership(firstNonNull(selected, SelectionMode.SELECTED.value()))); + if (query != null) { + permissionQuery.search(query); + } + if (project.isPresent()) { + permissionQuery.component(project.get().getKey()); + } + + return permissionQuery.build(); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java index ef502ec36ae..ddf3e2581d2 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java @@ -72,7 +72,7 @@ public class AddGroupActionTest { permissionChangeCaptor = ArgumentCaptor.forClass(PermissionChange.class); dbClient = db.getDbClient(); ws = new WsTester(new PermissionsWs( - new AddGroupAction(dbClient, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient)), permissionUpdater))); + new AddGroupAction(dbClient, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient), userSession), permissionUpdater))); userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java index b11fbabb852..feb0334deb0 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java @@ -72,7 +72,7 @@ public class AddUserActionTest { dbClient = db.getDbClient(); dbSession = db.getSession(); ws = new WsTester(new PermissionsWs( - new AddUserAction(permissionUpdater, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient))))); + new AddUserAction(permissionUpdater, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient), userSession)))); userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java index 094df809f61..90e08c50a1e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java @@ -30,12 +30,14 @@ import org.sonar.api.security.DefaultGroups; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.server.ws.WebService.SelectionMode; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; +import org.sonar.api.web.UserRole; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; +import org.sonar.db.component.ComponentDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.GroupRoleDto; +import org.sonar.server.component.ComponentFinder; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.permission.PermissionFinder; @@ -44,6 +46,12 @@ import org.sonar.server.ws.WsActionTester; import org.sonar.test.DbTests; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.api.web.UserRole.ISSUE_ADMIN; +import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; +import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.component.ComponentTesting.newProjectDto; +import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PERMISSION; +import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PROJECT_UUID; import static org.sonar.test.JsonAssert.assertJson; @Category(DbTests.class) @@ -59,7 +67,6 @@ public class GroupsActionTest { DbClient dbClient; DbSession dbSession; WsActionTester ws; - PermissionFinder permissionFinder; GroupsAction underTest; @@ -67,36 +74,25 @@ public class GroupsActionTest { public void setUp() { dbClient = db.getDbClient(); dbSession = db.getSession(); - permissionFinder = new PermissionFinder(dbClient); - userSession.login("login").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); - underTest = new GroupsAction(userSession, permissionFinder); + PermissionFinder permissionFinder = new PermissionFinder(dbClient); + PermissionWsCommons permissionWsCommons = new PermissionWsCommons(dbClient, new ComponentFinder(dbClient), userSession); + underTest = new GroupsAction(permissionFinder, permissionWsCommons); ws = new WsActionTester(underTest); - GroupDto group1 = dbClient.groupDao().insert(dbSession, new GroupDto() - .setName("group-1-name") - .setDescription("group-1-description")); - GroupDto group2 = dbClient.groupDao().insert(dbSession, new GroupDto() - .setName("group-2-name") - .setDescription("group-2-description")); - GroupDto group3 = dbClient.groupDao().insert(dbSession, new GroupDto() - .setName("group-3-name") - .setDescription("group-3-description")); - dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto() - .setGroupId(group1.getId()) - .setRole(GlobalPermissions.SCAN_EXECUTION)); - dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto() - .setGroupId(group2.getId()) - .setRole(GlobalPermissions.SCAN_EXECUTION)); - dbClient.roleDao().insertGroupRole(dbSession, new GroupRoleDto() - .setGroupId(group3.getId()) - .setRole(GlobalPermissions.SYSTEM_ADMIN)); - dbSession.commit(); + userSession.login("login").setGlobalPermissions(SYSTEM_ADMIN); + + GroupDto group1 = insertGroup(new GroupDto().setName("group-1-name").setDescription("group-1-description")); + GroupDto group2 = insertGroup(new GroupDto().setName("group-2-name").setDescription("group-2-description")); + GroupDto group3 = insertGroup(new GroupDto().setName("group-3-name").setDescription("group-3-description")); + insertGroupRole(new GroupRoleDto().setGroupId(group1.getId()).setRole(SCAN_EXECUTION)); + insertGroupRole(new GroupRoleDto().setGroupId(group2.getId()).setRole(SCAN_EXECUTION)); + insertGroupRole(new GroupRoleDto().setGroupId(group3.getId()).setRole(SYSTEM_ADMIN)); } @Test public void search_for_groups_with_one_permission() { String result = ws.newRequest() - .setParam("permission", "scan") + .setParam(PARAM_PERMISSION, SCAN_EXECUTION) .execute().getInput(); assertJson(result).isSimilarTo(Resources.getResource(getClass(), "GroupsActionTest/groups.json")); @@ -135,7 +131,28 @@ public class GroupsActionTest { assertThat(result) .contains("group-1", "group-2", "group-3") .doesNotContain(DefaultGroups.ANYONE); + } + + @Test + public void search_groups_with_project_permissions() { + dbClient.componentDao().insert(dbSession, newProjectDto("project-uuid").setKey("project-key")); + ComponentDto project = dbClient.componentDao().selectOrFailByUuid(dbSession, "project-uuid"); + GroupDto group = insertGroup(new GroupDto().setName("project-group-name")); + insertGroupRole(new GroupRoleDto() + .setGroupId(group.getId()) + .setRole(ISSUE_ADMIN) + .setResourceId(project.getId())); + userSession.login().addProjectUuidPermissions(UserRole.ADMIN, "project-uuid"); + String result = ws.newRequest() + .setParam(PARAM_PERMISSION, ISSUE_ADMIN) + .setParam(PARAM_PROJECT_UUID, "project-uuid") + .execute().getInput(); + + assertThat(result).contains("project-group-name") + .doesNotContain("group-1") + .doesNotContain("group-2") + .doesNotContain("group-3"); } @Test @@ -165,4 +182,20 @@ public class GroupsActionTest { ws.newRequest() .execute(); } + + private GroupDto insertGroup(GroupDto group) { + GroupDto result = dbClient.groupDao().insert(dbSession, group); + commit(); + + return result; + } + + private void insertGroupRole(GroupRoleDto groupRole) { + dbClient.roleDao().insertGroupRole(dbSession, groupRole); + commit(); + } + + private void commit() { + dbSession.commit(); + } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java index 2b4e7388f4e..6d7b22b7aa1 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java @@ -70,7 +70,7 @@ public class RemoveGroupActionTest { public void setUp() { permissionUpdater = mock(PermissionUpdater.class); ws = new WsTester(new PermissionsWs( - new RemoveGroupAction(db.getDbClient(), new PermissionWsCommons(db.getDbClient(), new ComponentFinder(db.getDbClient())), permissionUpdater))); + new RemoveGroupAction(db.getDbClient(), new PermissionWsCommons(db.getDbClient(), new ComponentFinder(db.getDbClient()), userSession), permissionUpdater))); userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java index 87ad2504993..9fa33c0034b 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java @@ -72,7 +72,7 @@ public class RemoveUserActionTest { dbClient = db.getDbClient(); dbSession = db.getSession(); ws = new WsTester(new PermissionsWs( - new RemoveUserAction(permissionUpdater, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient))))); + new RemoveUserAction(permissionUpdater, new PermissionWsCommons(dbClient, new ComponentFinder(dbClient), userSession)))); userSession.login("admin").setGlobalPermissions(SYSTEM_ADMIN); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java index f3bb7874ce7..f3fc0c3ac03 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java @@ -20,7 +20,6 @@ package org.sonar.server.permission.ws; -import com.google.common.io.Resources; import org.junit.Before; import org.junit.Rule; import org.junit.Test; @@ -29,12 +28,13 @@ import org.junit.rules.ExpectedException; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.server.ws.WebService.SelectionMode; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; +import org.sonar.db.component.ComponentDto; import org.sonar.db.user.UserDto; import org.sonar.db.user.UserRoleDto; +import org.sonar.server.component.ComponentFinder; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.permission.PermissionFinder; @@ -43,6 +43,11 @@ import org.sonar.server.ws.WsActionTester; import org.sonar.test.DbTests; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; +import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.server.component.ComponentTesting.newProjectDto; +import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PERMISSION; +import static org.sonar.server.permission.ws.PermissionWsCommons.PARAM_PROJECT_UUID; import static org.sonar.test.JsonAssert.assertJson; @Category(DbTests.class) @@ -57,70 +62,64 @@ public class UsersActionTest { DbClient dbClient = db.getDbClient(); DbSession dbSession = db.getSession(); WsActionTester ws; - PermissionFinder permissionFinder; UsersAction underTest; @Before public void setUp() { - permissionFinder = new PermissionFinder(dbClient); - userSession.login("login").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); - underTest = new UsersAction(userSession, permissionFinder); + PermissionFinder permissionFinder = new PermissionFinder(dbClient); + PermissionWsCommons permissionWsCommons = new PermissionWsCommons(dbClient, new ComponentFinder(dbClient), userSession); + underTest = new UsersAction(userSession, permissionFinder, permissionWsCommons); ws = new WsActionTester(underTest); - UserDto user1 = dbClient.userDao().insert(dbSession, new UserDto() - .setActive(true) - .setLogin("login-1") - .setName("name-1")); - UserDto user2 = dbClient.userDao().insert(dbSession, new UserDto() - .setActive(true) - .setLogin("login-2") - .setName("name-2")); - UserDto user3 = dbClient.userDao().insert(dbSession, new UserDto() - .setActive(true) - .setLogin("login-3") - .setName("name-3")); - dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto() - .setRole(GlobalPermissions.SCAN_EXECUTION) - .setUserId(user1.getId())); - dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto() - .setRole(GlobalPermissions.SCAN_EXECUTION) - .setUserId(user2.getId())); - dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto() - .setRole(GlobalPermissions.SYSTEM_ADMIN) - .setUserId(user3.getId())); - dbSession.commit(); + userSession.login("login").setGlobalPermissions(SYSTEM_ADMIN); + + UserDto user1 = insertUser(new UserDto().setLogin("login-1").setName("name-1")); + UserDto user2 = insertUser(new UserDto().setLogin("login-2").setName("name-2")); + UserDto user3 = insertUser(new UserDto().setLogin("login-3").setName("name-3")); + insertUserRole(new UserRoleDto().setRole(SCAN_EXECUTION).setUserId(user1.getId())); + insertUserRole(new UserRoleDto().setRole(SCAN_EXECUTION).setUserId(user2.getId())); + insertUserRole(new UserRoleDto().setRole(SYSTEM_ADMIN).setUserId(user3.getId())); + commit(); + } + + @Test + public void search_for_users_with_response_example() { + db.truncateTables(); + UserDto user1 = insertUser(new UserDto().setLogin("admin").setName("Administrator")); + UserDto user2 = insertUser(new UserDto().setLogin("george.orwell").setName("George Orwell")); + insertUserRole(new UserRoleDto().setRole(SCAN_EXECUTION).setUserId(user1.getId())); + insertUserRole(new UserRoleDto().setRole(SCAN_EXECUTION).setUserId(user2.getId())); + commit(); + + String result = ws.newRequest().setParam("permission", "scan").execute().getInput(); + + assertJson(result).isSimilarTo(getClass().getResource("users-example.json")); } @Test public void search_for_users_with_one_permission() { String result = ws.newRequest().setParam("permission", "scan").execute().getInput(); - assertJson(result).isSimilarTo(Resources.getResource(getClass(), "UsersActionTest/users.json")); + assertJson(result).isSimilarTo(getClass().getResource("UsersActionTest/users.json")); } @Test - public void search_for_users_with_response_example() { - db.truncateTables(); - UserDto user1 = dbClient.userDao().insert(dbSession, new UserDto() - .setActive(true) - .setLogin("admin") - .setName("Administrator")); - UserDto user2 = dbClient.userDao().insert(dbSession, new UserDto() - .setActive(true) - .setLogin("george.orwell") - .setName("George Orwell")); - dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto() - .setRole(GlobalPermissions.SCAN_EXECUTION) - .setUserId(user1.getId())); - dbClient.roleDao().insertUserRole(dbSession, new UserRoleDto() - .setRole(GlobalPermissions.SCAN_EXECUTION) - .setUserId(user2.getId())); - dbSession.commit(); + public void search_for_users_with_permission_on_project() { + dbClient.componentDao().insert(dbSession, newProjectDto("project-uuid").setKey("project-key")); + ComponentDto project = dbClient.componentDao().selectOrFailByUuid(dbSession, "project-uuid"); + UserDto user = insertUser(new UserDto().setLogin("project-user-login").setName("project-user-name")); + insertUserRole(new UserRoleDto().setRole(SCAN_EXECUTION).setUserId(user.getId()).setResourceId(project.getId())); + commit(); + userSession.login().addProjectUuidPermissions(SYSTEM_ADMIN, "project-uuid"); - String result = ws.newRequest().setParam("permission", "scan").execute().getInput(); + String result = ws.newRequest() + .setParam(PARAM_PERMISSION, SCAN_EXECUTION) + .setParam(PARAM_PROJECT_UUID, "project-uuid") + .execute().getInput(); - assertJson(result).isSimilarTo(Resources.getResource(getClass(), "users-example.json")); + assertThat(result).contains("project-user-login") + .doesNotContain("login-1"); } @Test @@ -159,7 +158,7 @@ public class UsersActionTest { userSession.login("login"); ws.newRequest() - .setParam("permission", GlobalPermissions.SYSTEM_ADMIN) + .setParam("permission", SYSTEM_ADMIN) .execute(); } @@ -169,7 +168,22 @@ public class UsersActionTest { userSession.anonymous(); ws.newRequest() - .setParam("permission", GlobalPermissions.SYSTEM_ADMIN) + .setParam("permission", SYSTEM_ADMIN) .execute(); } + + private UserDto insertUser(UserDto userDto) { + UserDto user = dbClient.userDao().insert(dbSession, userDto.setActive(true)); + commit(); + return user; + } + + private void insertUserRole(UserRoleDto userRoleDto) { + dbClient.roleDao().insertUserRole(dbSession, userRoleDto); + commit(); + } + + private void commit() { + dbSession.commit(); + } }