From: Janos Gyerik Date: Fri, 20 Jul 2018 12:40:48 +0000 (+0200) Subject: Add security hotspot admin for project creators in default templates X-Git-Tag: 7.5~751 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=94d19361e79451ca22da50229bff94769fae79ef;p=sonarqube.git Add security hotspot admin for project creators in default templates --- diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java index 1d17020b7ef..cf6e30fbe44 100644 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java @@ -37,6 +37,7 @@ public class DbVersion73 implements DbVersion { .add(2207, "Populate SUBSCRIPTION in ORGANIZATIONS", PopulateSubscriptionOnOrganizations.class) .add(2208, "Add rules.security_standards", AddSecurityStandardsToRules.class) .add(2209, "Fix missing quality profiles on organizations", FixMissingQualityProfilesOnOrganizations.class) + .add(2210, "Add 'securityhotspotadmin' permission to templates characteristics already having 'issueadmin'", PopulateHotspotAdminPermissionOnTemplatesCharacteristics.class) ; } } diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristics.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristics.java new file mode 100644 index 00000000000..c6eb4ad3e85 --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristics.java @@ -0,0 +1,74 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v73; + +import java.sql.SQLException; +import java.util.Date; +import org.sonar.api.utils.System2; +import org.sonar.db.Database; +import org.sonar.server.platform.db.migration.SupportsBlueGreen; +import org.sonar.server.platform.db.migration.step.DataChange; +import org.sonar.server.platform.db.migration.step.MassUpdate; +import org.sonar.server.platform.db.migration.step.Select; +import org.sonar.server.platform.db.migration.step.SqlStatement; + +@SupportsBlueGreen +public class PopulateHotspotAdminPermissionOnTemplatesCharacteristics extends DataChange { + private static final String ISSUE_ADMIN_ROLE = "issueadmin"; + private static final String HOTSPOT_ADMIN_ROLE = "securityhotspotadmin"; + private final System2 system2; + + public PopulateHotspotAdminPermissionOnTemplatesCharacteristics(Database db, System2 system2) { + super(db); + this.system2 = system2; + } + + @Override + protected void execute(Context context) throws SQLException { + Date now = new Date(system2.now()); + MassUpdate massUpdate = context.prepareMassUpdate(); + massUpdate.select("SELECT template_id" + + " FROM perm_tpl_characteristics c1" + + " WHERE permission_key = ?" + + " AND with_project_creator = ?" + + " AND NOT EXISTS (" + + " SELECT id" + + " FROM perm_tpl_characteristics c2" + + " WHERE permission_key = ?" + + " AND c1.template_id = c2.template_id)") + .setString(1, ISSUE_ADMIN_ROLE) + .setBoolean(2, true) + .setString(3, HOTSPOT_ADMIN_ROLE); + massUpdate.update("INSERT INTO perm_tpl_characteristics (template_id, permission_key, with_project_creator, created_at, updated_at) values (?,?,?,?,?)"); + massUpdate.rowPluralName("permission templates characteristics"); + massUpdate.execute((row, update) -> handle(row, update, now.getTime())); + } + + private static boolean handle(Select.Row row, SqlStatement update, long now) throws SQLException { + int templateId = row.getInt(1); + + update.setInt(1, templateId); + update.setString(2, HOTSPOT_ADMIN_ROLE); + update.setBoolean(3, true); + update.setLong(4, now); + update.setLong(5, now); + return true; + } +} diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73Test.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73Test.java index 2bb8434ebef..3b3f4486ecd 100644 --- a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73Test.java +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73Test.java @@ -35,6 +35,6 @@ public class DbVersion73Test { @Test public void verify_migration_count() { - verifyMigrationCount(underTest, 10); + verifyMigrationCount(underTest, 11); } } diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest.java new file mode 100644 index 00000000000..cfd4dd152c6 --- /dev/null +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest.java @@ -0,0 +1,95 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v73; + +import java.sql.SQLException; +import java.util.stream.Collectors; +import org.assertj.core.groups.Tuple; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; +import org.sonar.api.utils.System2; +import org.sonar.db.CoreDbTester; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.groups.Tuple.tuple; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +public class PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest { + + private static final long PAST = 100_000_000_000L; + private static final long NOW = 500_000_000_000L; + + @Rule + public ExpectedException expectedException = ExpectedException.none(); + + @Rule + public CoreDbTester db = CoreDbTester.createForSchema(PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest.class, "perm_tpl_characteristics.sql"); + + private System2 system2 = mock(System2.class); + + private PopulateHotspotAdminPermissionOnTemplatesCharacteristics underTest = new PopulateHotspotAdminPermissionOnTemplatesCharacteristics(db.database(), system2); + + @Test + public void insert_missing_permission() throws SQLException { + when(system2.now()).thenReturn(NOW); + insertPermTemplateCharacteristic(1, "noissueadmin", true); + insertPermTemplateCharacteristic(3, "issueadmin", true); + insertPermTemplateCharacteristic(3, "another", true); + insertPermTemplateCharacteristic(5, "securityhotspotadmin", true); + insertPermTemplateCharacteristic(11, "noissueadmin", false); + insertPermTemplateCharacteristic(13, "issueadmin", false); + insertPermTemplateCharacteristic(13, "another", false); + insertPermTemplateCharacteristic(15, "securityhotspotadmin", false); + + underTest.execute(); + + assertPermTemplateCharacteristics( + tuple(1L, "noissueadmin", true, PAST, PAST), + tuple(3L, "issueadmin", true, PAST, PAST), + tuple(3L, "another", true, PAST, PAST), + tuple(3L, "securityhotspotadmin", true, NOW, NOW), + tuple(5L, "securityhotspotadmin", true, PAST, PAST), + tuple(11L, "noissueadmin", false, PAST, PAST), + tuple(13L, "issueadmin", false, PAST, PAST), + tuple(13L, "another", false, PAST, PAST), + tuple(15L, "securityhotspotadmin", false, PAST, PAST)); + } + + private void insertPermTemplateCharacteristic(int templateId, String perm, boolean withProjectCreator) { + db.executeInsert( + "PERM_TPL_CHARACTERISTICS", + "TEMPLATE_ID", templateId, + "PERMISSION_KEY", perm, + "WITH_PROJECT_CREATOR", withProjectCreator, + "CREATED_AT", PAST, + "UPDATED_AT", PAST); + } + + private void assertPermTemplateCharacteristics(Tuple... expectedTuples) { + assertThat(db.select("SELECT TEMPLATE_ID, PERMISSION_KEY, WITH_PROJECT_CREATOR, CREATED_AT, UPDATED_AT FROM PERM_TPL_CHARACTERISTICS") + .stream() + .map(map -> new Tuple(map.get("TEMPLATE_ID"), map.get("PERMISSION_KEY"), map.get("WITH_PROJECT_CREATOR"), map.get("CREATED_AT"), map.get("UPDATED_AT"))) + .collect(Collectors.toList())) + .containsExactlyInAnyOrder(expectedTuples); + } + +} diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest/perm_tpl_characteristics.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest/perm_tpl_characteristics.sql new file mode 100644 index 00000000000..df0d57b9ebc --- /dev/null +++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest/perm_tpl_characteristics.sql @@ -0,0 +1,9 @@ +CREATE TABLE "PERM_TPL_CHARACTERISTICS" ( + "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), + "TEMPLATE_ID" INTEGER NOT NULL, + "PERMISSION_KEY" VARCHAR(64) NOT NULL, + "WITH_PROJECT_CREATOR" BOOLEAN NOT NULL DEFAULT FALSE, + "CREATED_AT" BIGINT NOT NULL, + "UPDATED_AT" BIGINT NOT NULL +); +CREATE UNIQUE INDEX "UNIQ_PERM_TPL_CHARAC" ON "PERM_TPL_CHARACTERISTICS" ("TEMPLATE_ID", "PERMISSION_KEY");