From: Viktor Vorona <viktor.vorona@sonarsource.com>
Date: Wed, 27 Sep 2023 15:18:35 +0000 (+0200)
Subject: SONAR-20532 Do not allow custom roles without any permissions
X-Git-Tag: 10.3.0.82913~334
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=47b3d65a2d95748dc032f9a4b0156eb12c7a5a8d;p=sonarqube.git

SONAR-20532 Do not allow custom roles without any permissions
---

diff --git a/server/sonar-web/src/main/js/apps/settings/components/authentication/GitHubMappingModal.tsx b/server/sonar-web/src/main/js/apps/settings/components/authentication/GitHubMappingModal.tsx
index 02006c9c4d1..92700f3ea03 100644
--- a/server/sonar-web/src/main/js/apps/settings/components/authentication/GitHubMappingModal.tsx
+++ b/server/sonar-web/src/main/js/apps/settings/components/authentication/GitHubMappingModal.tsx
@@ -46,7 +46,7 @@ interface PermissionCellProps {
 }
 
 const DEFAULT_CUSTOM_ROLE_PERMISSIONS: GitHubMapping['permissions'] = {
-  user: false,
+  user: true,
   codeViewer: false,
   issueAdmin: false,
   securityHotspotAdmin: false,
@@ -140,8 +140,18 @@ export default function GitHubMappingModal({ mapping, setMapping, onClose }: Rea
     }
   };
 
+  const haveEmptyCustomRoles = !!mapping?.some(
+    (el) => !el.isBaseRole && !Object.values(el.permissions).some(Boolean),
+  );
+
   return (
-    <Modal contentLabel={header} onRequestClose={onClose} shouldCloseOnEsc size="medium">
+    <Modal
+      contentLabel={header}
+      onRequestClose={onClose}
+      shouldCloseOnOverlayClick={false}
+      shouldCloseOnEsc={false}
+      size="medium"
+    >
       <div className="modal-head">
         <h2>{header}</h2>
       </div>
@@ -234,7 +244,17 @@ export default function GitHubMappingModal({ mapping, setMapping, onClose }: Rea
         <Spinner loading={isLoading} />
       </div>
       <div className="modal-foot">
-        <SubmitButton onClick={onClose}>{translate('close')}</SubmitButton>
+        <div className="sw-flex sw-items-center sw-justify-end sw-h-8">
+          <Alert variant="error" className="sw-inline-block sw-mb-0 sw-mr-2">
+            {haveEmptyCustomRoles &&
+              translate(
+                'settings.authentication.github.configuration.roles_mapping.empty_custom_role',
+              )}
+          </Alert>
+          <SubmitButton disabled={haveEmptyCustomRoles} onClick={onClose}>
+            {translate('close')}
+          </SubmitButton>
+        </div>
       </div>
     </Modal>
   );
diff --git a/server/sonar-web/src/main/js/apps/settings/components/authentication/GithubAuthenticationTab.tsx b/server/sonar-web/src/main/js/apps/settings/components/authentication/GithubAuthenticationTab.tsx
index 6ba0fc587bc..7bf81e1fc5d 100644
--- a/server/sonar-web/src/main/js/apps/settings/components/authentication/GithubAuthenticationTab.tsx
+++ b/server/sonar-web/src/main/js/apps/settings/components/authentication/GithubAuthenticationTab.tsx
@@ -375,7 +375,7 @@ export default function GithubAuthenticationTab(props: GithubAuthenticationProps
                   >
                     {translate('cancel')}
                   </ResetButtonLink>
-                  <Alert variant="warning" className="sw-w-[300px] sw-mb-0">
+                  <Alert variant="warning" className="sw-mb-0">
                     {hasGithubProvisioningConfigChange &&
                       translate('settings.authentication.github.configuration.unsaved_changes')}
                   </Alert>
diff --git a/server/sonar-web/src/main/js/apps/settings/components/authentication/__tests__/Authentication-it.tsx b/server/sonar-web/src/main/js/apps/settings/components/authentication/__tests__/Authentication-it.tsx
index 77a94494869..d2a216a92d2 100644
--- a/server/sonar-web/src/main/js/apps/settings/components/authentication/__tests__/Authentication-it.tsx
+++ b/server/sonar-web/src/main/js/apps/settings/components/authentication/__tests__/Authentication-it.tsx
@@ -163,6 +163,9 @@ const ui = {
     roleExistsError: byRole('dialog', {
       name: 'settings.authentication.github.configuration.roles_mapping.dialog.title',
     }).byText('settings.authentication.github.configuration.roles_mapping.role_exists'),
+    emptyRoleError: byRole('dialog', {
+      name: 'settings.authentication.github.configuration.roles_mapping.dialog.title',
+    }).byText('settings.authentication.github.configuration.roles_mapping.empty_custom_role'),
     deleteCustomRoleCustom2: byRole('button', {
       name: 'settings.authentication.github.configuration.roles_mapping.dialog.delete_custom_role.custom2',
     }),
@@ -1006,13 +1009,18 @@ describe('Github tab', () => {
       await user.click(github.customRoleAddBtn.get());
 
       let custom3Checkboxes = github.mappingCheckbox.getAll(github.getMappingRowByRole('custom3'));
-      expect(custom3Checkboxes[0]).not.toBeChecked();
+      expect(custom3Checkboxes[0]).toBeChecked();
       expect(custom3Checkboxes[1]).not.toBeChecked();
       expect(custom3Checkboxes[2]).not.toBeChecked();
       expect(custom3Checkboxes[3]).not.toBeChecked();
       expect(custom3Checkboxes[4]).not.toBeChecked();
       expect(custom3Checkboxes[5]).not.toBeChecked();
+      await user.click(custom3Checkboxes[0]);
+      expect(await github.emptyRoleError.find()).toBeInTheDocument();
+      expect(github.mappingDialogClose.get()).toBeDisabled();
       await user.click(custom3Checkboxes[1]);
+      expect(github.emptyRoleError.query()).not.toBeInTheDocument();
+      expect(github.mappingDialogClose.get()).toBeEnabled();
       await user.click(github.mappingDialogClose.get());
 
       expect(await github.saveGithubProvisioning.find()).toBeEnabled();
diff --git a/sonar-core/src/main/resources/org/sonar/l10n/core.properties b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
index 5cf3a651a65..8c409b5a0da 100644
--- a/sonar-core/src/main/resources/org/sonar/l10n/core.properties
+++ b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
@@ -1540,9 +1540,10 @@ settings.authentication.github.configuration.roles_mapping.button_label=Edit map
 settings.authentication.github.configuration.roles_mapping.dialog.title=GitHub Roles Mapping
 settings.authentication.github.configuration.roles_mapping.dialog.roles_column=Roles
 settings.authentication.github.configuration.roles_mapping.dialog.add_custom_role=Add custom role:
-settings.authentication.github.configuration.roles_mapping.role_exists=Role already exists
 settings.authentication.github.configuration.roles_mapping.dialog.custom_roles_description=When a custom role name added here matches an existing GitHub custom role in any of your organizations, the mapping applies to all users with this custom role. If an existing GitHub custom role has no exact match in this list, the permissions of its inherited base role are mapped.
 settings.authentication.github.configuration.roles_mapping.dialog.delete_custom_role=Delete custom role {0}
+settings.authentication.github.configuration.roles_mapping.role_exists=Role already exists.
+settings.authentication.github.configuration.roles_mapping.empty_custom_role=Custom roles should have some permissions.
 settings.authentication.github.configuration.unsaved_changes=You have unsaved changes.
 
 # SAML