From: Sébastien Lesaint Date: Thu, 16 Feb 2017 16:38:40 +0000 (+0100) Subject: SONAR-8710 add SCAN permission to template of new organizations X-Git-Tag: 6.3.0.18587 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=3b673b37f88fc38b84244bd541d20ee9ac510486;p=sonarqube.git SONAR-8710 add SCAN permission to template of new organizations --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationCreation.java b/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationCreation.java index 017ca85465b..f1a67078ede 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationCreation.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationCreation.java @@ -44,16 +44,21 @@ public interface OrganizationCreation { * This method does several operations at once: *
    *
  1. create an ungarded organization with the specified details
    2. - *
  2. create a group called {@link #OWNERS_GROUP_NAME Owners} with Administer Organization permission
    3. + *
  3. create a group called {@link #OWNERS_GROUP_NAME Owners} with all organization wide permissions
    4. *
  4. make the specified user a member of this group
    5. - *
  5. create a default template for the organization (which name and description will follow patterns - * {@link #OWNERS_GROUP_NAME} and {@link #OWNERS_GROUP_DESCRIPTION_PATTERN} based on the organization name)
    6. - *
  6. this group defines the specified permissions (which effectively makes projects public): + *
  7. create a default template for the organization + *
      + *
    • name is {@link #PERM_TEMPLATE_NAME Default template}
      • + *
    • description follows pattern {@link #PERM_TEMPLATE_DESCRIPTION_PATTERN} based on the organization name
      • + *
    + *
    8. + *
  8. this permission template defines the specified permissions (which effectively makes projects public): *
      *
    • group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#ADMIN ADMIN}
      • *
    • group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#ISSUE_ADMIN ISSUE_ADMIN}
      • - *
    • any one : {@link UserRole#USER USER}
      • - *
    • any one : {@link UserRole#CODEVIEWER CODEVIEWER}
      • + *
    • group {@link #OWNERS_GROUP_NAME Owners} : {@link GlobalPermissions#SCAN_EXECUTION SCAN_EXECUTION}
      • + *
    • anyone : {@link UserRole#USER USER}
      • + *
    • anyone : {@link UserRole#CODEVIEWER CODEVIEWER}
      • *
    *
    9. *
diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationCreationImpl.java b/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationCreationImpl.java index 849ebf69f4b..c87d394ffd9 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationCreationImpl.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationCreationImpl.java @@ -168,6 +168,7 @@ public class OrganizationCreationImpl implements OrganizationCreation { insertGroupPermission(dbSession, permissionTemplateDto, UserRole.ADMIN, group); insertGroupPermission(dbSession, permissionTemplateDto, UserRole.ISSUE_ADMIN, group); + insertGroupPermission(dbSession, permissionTemplateDto, GlobalPermissions.SCAN_EXECUTION, group); insertGroupPermission(dbSession, permissionTemplateDto, UserRole.USER, null); insertGroupPermission(dbSession, permissionTemplateDto, UserRole.CODEVIEWER, null); diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/OrganizationCreationImplTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/OrganizationCreationImplTest.java index 5afe163a4da..390532f1c84 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/OrganizationCreationImplTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/OrganizationCreationImplTest.java @@ -61,12 +61,12 @@ public class OrganizationCreationImplTest { private static final long ANYONE_GROUP_ID = 0L; private OrganizationCreation.NewOrganization FULL_POPULATED_NEW_ORGANIZATION = newOrganizationBuilder() - .setName("a-name") - .setKey("a-key") - .setDescription("a-description") - .setUrl("a-url") - .setAvatarUrl("a-avatar") - .build(); + .setName("a-name") + .setKey("a-key") + .setDescription("a-description") + .setUrl("a-url") + .setAvatarUrl("a-avatar") + .build(); private System2 system2 = mock(System2.class); @@ -96,7 +96,7 @@ public class OrganizationCreationImplTest { @Test public void create_throws_exception_thrown_by_checkValidKey() throws OrganizationCreation.KeyConflictException { when(organizationValidation.checkKey(FULL_POPULATED_NEW_ORGANIZATION.getKey())) - .thenThrow(exceptionThrownByOrganizationValidation); + .thenThrow(exceptionThrownByOrganizationValidation); createThrowsExceptionThrownByOrganizationValidation(); } @@ -176,9 +176,9 @@ public class OrganizationCreationImplTest { mockForSuccessfulInsert(SOME_UUID, SOME_DATE); underTest.create(dbSession, SOME_USER_ID, newOrganizationBuilder() - .setKey("key") - .setName("name") - .build()); + .setKey("key") + .setName("name") + .build()); OrganizationDto organization = dbClient.organizationDao().selectByKey(dbSession, "key").get(); assertThat(organization.getKey()).isEqualTo("key"); @@ -205,10 +205,10 @@ public class OrganizationCreationImplTest { assertThat(defaultTemplates.getProjectUuid()).isEqualTo(defaultTemplate.getUuid()); assertThat(defaultTemplates.getViewUuid()).isNull(); assertThat(dbClient.permissionTemplateDao().selectGroupPermissionsByTemplateId(dbSession, defaultTemplate.getId())) - .extracting(PermissionTemplateGroupDto::getGroupId, PermissionTemplateGroupDto::getPermission) - .containsOnly( - tuple(ownersGroup.getId(), UserRole.ADMIN), tuple(ownersGroup.getId(), UserRole.ISSUE_ADMIN), - tuple(ANYONE_GROUP_ID, UserRole.USER), tuple(ANYONE_GROUP_ID, UserRole.CODEVIEWER)); + .extracting(PermissionTemplateGroupDto::getGroupId, PermissionTemplateGroupDto::getPermission) + .containsOnly( + tuple(ownersGroup.getId(), UserRole.ADMIN), tuple(ownersGroup.getId(), UserRole.ISSUE_ADMIN), tuple(ownersGroup.getId(), GlobalPermissions.SCAN_EXECUTION), + tuple(ANYONE_GROUP_ID, UserRole.USER), tuple(ANYONE_GROUP_ID, UserRole.CODEVIEWER)); } @Test @@ -272,7 +272,7 @@ public class OrganizationCreationImplTest { expectedException.expect(IllegalStateException.class); expectedException.expectMessage("Can't create organization with key '" + SLUG_OF_A_LOGIN + "' for new user '" + A_LOGIN - + "' because an organization with this key already exists"); + + "' because an organization with this key already exists"); underTest.createForUser(dbSession, user); } @@ -288,7 +288,7 @@ public class OrganizationCreationImplTest { OrganizationDto organization = dbClient.organizationDao().selectByKey(dbSession, SLUG_OF_A_LOGIN).get(); assertThat(dbClient.userPermissionDao().selectGlobalPermissionsOfUser(dbSession, user.getId(), organization.getUuid())) - .containsOnly(GlobalPermissions.ALL.toArray(new String[GlobalPermissions.ALL.size()])); + .containsOnly(GlobalPermissions.ALL.toArray(new String[GlobalPermissions.ALL.size()])); } @Test @@ -308,18 +308,18 @@ public class OrganizationCreationImplTest { OrganizationDto organization = dbClient.organizationDao().selectByKey(dbSession, organizationKey).get(); List groups = dbClient.groupDao().selectByOrganizationUuid(dbSession, organization.getUuid()); assertThat(groups) - .extracting(GroupDto::getName) - .containsOnly("Owners"); + .extracting(GroupDto::getName) + .containsOnly("Owners"); GroupDto groupDto = groups.iterator().next(); assertThat(groupDto.getDescription()).isEqualTo("Owners of organization " + organizationName); assertThat(dbClient.groupPermissionDao().selectGlobalPermissionsOfGroup(dbSession, groupDto.getOrganizationUuid(), groupDto.getId())) - .containsOnly(GlobalPermissions.ALL.toArray(new String[GlobalPermissions.ALL.size()])); + .containsOnly(GlobalPermissions.ALL.toArray(new String[GlobalPermissions.ALL.size()])); List members = dbClient.groupMembershipDao().selectMembers( - dbSession, - UserMembershipQuery.builder().groupId(groupDto.getId()).membership(UserMembershipQuery.IN).build(), 0, Integer.MAX_VALUE); + dbSession, + UserMembershipQuery.builder().groupId(groupDto.getId()).membership(UserMembershipQuery.IN).build(), 0, Integer.MAX_VALUE); assertThat(members) - .extracting(UserMembershipDto::getLogin) - .containsOnly(user.getLogin()); + .extracting(UserMembershipDto::getLogin) + .containsOnly(user.getLogin()); } @Test @@ -339,12 +339,12 @@ public class OrganizationCreationImplTest { assertThat(defaultTemplates.getProjectUuid()).isEqualTo(defaultTemplate.getUuid()); assertThat(defaultTemplates.getViewUuid()).isNull(); assertThat(dbClient.permissionTemplateDao().selectGroupPermissionsByTemplateId(dbSession, defaultTemplate.getId())) - .extracting(PermissionTemplateGroupDto::getGroupId, PermissionTemplateGroupDto::getPermission) - .containsOnly(tuple(ANYONE_GROUP_ID, UserRole.USER), tuple(ANYONE_GROUP_ID, UserRole.CODEVIEWER)); + .extracting(PermissionTemplateGroupDto::getGroupId, PermissionTemplateGroupDto::getPermission) + .containsOnly(tuple(ANYONE_GROUP_ID, UserRole.USER), tuple(ANYONE_GROUP_ID, UserRole.CODEVIEWER)); assertThat(dbClient.permissionTemplateCharacteristicDao().selectByTemplateIds(dbSession, Collections.singletonList(defaultTemplate.getId()))) - .extracting(PermissionTemplateCharacteristicDto::getWithProjectCreator, PermissionTemplateCharacteristicDto::getPermission) - .containsOnly( - tuple(true, UserRole.ADMIN), tuple(true, UserRole.ISSUE_ADMIN), tuple(true, GlobalPermissions.SCAN_EXECUTION)); + .extracting(PermissionTemplateCharacteristicDto::getWithProjectCreator, PermissionTemplateCharacteristicDto::getPermission) + .containsOnly( + tuple(true, UserRole.ADMIN), tuple(true, UserRole.ISSUE_ADMIN), tuple(true, GlobalPermissions.SCAN_EXECUTION)); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/CreateActionTest.java index 96f8cb318bd..7060bca6362 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/CreateActionTest.java @@ -32,7 +32,6 @@ import org.sonar.api.config.MapSettings; import org.sonar.api.config.Settings; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; -import org.sonar.api.utils.internal.AlwaysIncreasingSystem2; import org.sonar.api.web.UserRole; import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.util.UuidFactory; @@ -92,7 +91,8 @@ public class CreateActionTest { private OrganizationValidation organizationValidation = new OrganizationValidationImpl(); private OrganizationCreation organizationCreation = new OrganizationCreationImpl(dbClient, system2, uuidFactory, organizationValidation, settings); private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone().setEnabled(true); - private CreateAction underTest = new CreateAction(settings, userSession, dbClient, new OrganizationsWsSupport(organizationValidation), organizationValidation, organizationCreation, organizationFlags); + private CreateAction underTest = new CreateAction(settings, userSession, dbClient, new OrganizationsWsSupport(organizationValidation), organizationValidation, + organizationCreation, organizationFlags); private WsActionTester wsTester = new WsActionTester(underTest); @Test @@ -487,7 +487,7 @@ public class CreateActionTest { assertThat(dbClient.permissionTemplateDao().selectGroupPermissionsByTemplateId(dbSession, defaultTemplate.getId())) .extracting(PermissionTemplateGroupDto::getGroupId, PermissionTemplateGroupDto::getPermission) .containsOnly( - tuple(ownersGroup.getId(), UserRole.ADMIN), tuple(ownersGroup.getId(), UserRole.ISSUE_ADMIN), + tuple(ownersGroup.getId(), UserRole.ADMIN), tuple(ownersGroup.getId(), UserRole.ISSUE_ADMIN), tuple(ownersGroup.getId(), GlobalPermissions.SCAN_EXECUTION), tuple(0L, UserRole.USER), tuple(0L, UserRole.CODEVIEWER)); }