From: Simon Brandhof <simon.brandhof@gmail.com>
Date: Mon, 15 Apr 2013 06:37:32 +0000 (+0200)
Subject: SONAR-3755 add missing files
X-Git-Tag: 3.6~702
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=d3afc03e9cde2bb52ed3471889c5f1bb2a319350;p=sonarqube.git

SONAR-3755 add missing files
---

diff --git a/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml b/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml
new file mode 100644
index 00000000000..f2338f3bddc
--- /dev/null
+++ b/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="org.sonar.core.user.AuthorizationMapper">
+
+  <select id="keepAuthorizedComponentIdsForUser" parameterType="map" resultType="int">
+    SELECT s.project_id
+    FROM group_roles gr, snapshots s
+    WHERE
+      gr.role=#{role}
+      and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
+      and gr.resource_id = s.root_project_id
+      and s.project_id in <foreach item="componentId" index="index" collection="componentIds" open="(" separator="," close=")">#{componentId}</foreach>
+      and s.islast = ${_true}
+    UNION DISTINCT
+    SELECT s.project_id
+    FROM user_roles ur, snapshots s
+    WHERE
+      ur.role=#{role}
+      and ur.user_id=#{userId}
+      and s.project_id in <foreach item="componentId" index="index" collection="componentIds" open="(" separator="," close=")">#{componentId}</foreach>
+      and s.islast = ${_true}
+  </select>
+
+  <select id="keepAuthorizedComponentIdsForAnonymous" parameterType="map" resultType="int">
+      SELECT s.project_id
+      FROM group_roles gr, snapshots s
+      WHERE
+        gr.role=#{role}
+        and gr.group_id is null
+        and gr.resource_id = s.root_project_id
+        and s.project_id in <foreach item="componentId" index="index" collection="componentIds" open="(" separator="," close=")">#{componentId}</foreach>
+    </select>
+
+</mapper>
diff --git a/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java b/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java
new file mode 100644
index 00000000000..13f2a89b46a
--- /dev/null
+++ b/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java
@@ -0,0 +1,109 @@
+/*
+ * Sonar, open source software quality management tool.
+ * Copyright (C) 2008-2012 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * Sonar is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * Sonar is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with Sonar; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
+ */
+package org.sonar.core.user;
+
+import com.google.common.collect.Sets;
+import org.junit.Test;
+import org.sonar.core.persistence.AbstractDaoTestCase;
+
+import java.util.Set;
+
+import static org.fest.assertions.Assertions.assertThat;
+
+public class AuthorizationDaoTest extends AbstractDaoTestCase {
+
+  private static final int USER = 100;
+  private static final int PROJECT = 300, PACKAGE = 301, FILE = 302, FILE_IN_OTHER_PROJECT = 999;
+
+  @Test
+  public void user_should_be_authorized() {
+    // but user is not in an authorized group
+    setupData("user_should_be_authorized");
+
+    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
+    Set<Integer> componentIds = authorization.keepAuthorizedComponentIds(
+      Sets.<Integer>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      USER, "user");
+
+    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE);
+
+    // user does not have the role "admin"
+    componentIds = authorization.keepAuthorizedComponentIds(
+      Sets.<Integer>newHashSet(PROJECT, PACKAGE, FILE),
+      USER, "admin");
+    assertThat(componentIds).isEmpty();
+  }
+
+  @Test
+  public void group_should_be_authorized() {
+    // user is in an authorized group
+    setupData("group_should_be_authorized");
+
+    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
+    Set<Integer> componentIds = authorization.keepAuthorizedComponentIds(
+      Sets.<Integer>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      USER, "user");
+
+    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE);
+
+    // group does not have the role "admin"
+    componentIds = authorization.keepAuthorizedComponentIds(
+      Sets.<Integer>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      USER, "admin");
+    assertThat(componentIds).isEmpty();
+  }
+
+  @Test
+  public void group_should_have_global_authorization() {
+    // user is in a group that has authorized access to all projects
+    setupData("group_should_have_global_authorization");
+
+    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
+    Set<Integer> componentIds = authorization.keepAuthorizedComponentIds(
+      Sets.<Integer>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      USER, "user");
+
+    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE);
+
+    // group does not have the role "admin"
+    componentIds = authorization.keepAuthorizedComponentIds(
+      Sets.<Integer>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      USER, "admin");
+    assertThat(componentIds).isEmpty();
+  }
+
+  @Test
+  public void anonymous_should_be_authorized() {
+    setupData("anonymous_should_be_authorized");
+
+    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
+    Set<Integer> componentIds = authorization.keepAuthorizedComponentIds(
+      Sets.<Integer>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      null, "user");
+
+    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE);
+
+    // group does not have the role "admin"
+    componentIds = authorization.keepAuthorizedComponentIds(
+      Sets.<Integer>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      null, "admin");
+    assertThat(componentIds).isEmpty();
+  }
+}
diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/anonymous_should_be_authorized.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/anonymous_should_be_authorized.xml
new file mode 100644
index 00000000000..58cca91d8f1
--- /dev/null
+++ b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/anonymous_should_be_authorized.xml
@@ -0,0 +1,12 @@
+<dataset>
+
+  <user_roles id="1" user_id="100" resource_id="999" role="user"/>
+  <groups_users user_id="100" group_id="200"/>
+  <group_roles id="1" group_id="[null]" resource_id="300" role="user"/>
+
+  <snapshots id="1" project_id="300" root_project_id="300" islast="[true]"/>
+  <snapshots id="2" project_id="301" root_project_id="300" islast="[true]"/>
+  <snapshots id="3" project_id="302" root_project_id="300" islast="[true]"/>
+  <snapshots id="4" project_id="303" root_project_id="300" islast="[true]"/>
+
+</dataset>
diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_be_authorized.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_be_authorized.xml
new file mode 100644
index 00000000000..b85ea3765d6
--- /dev/null
+++ b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_be_authorized.xml
@@ -0,0 +1,14 @@
+<dataset>
+
+  <!-- user 100 has no direct grant access, but is in the group 200 that has the role "user"
+  on the project 300  -->
+  <user_roles id="1" user_id="100" resource_id="999" role="user"/>
+  <groups_users user_id="100" group_id="200"/>
+  <group_roles id="1" group_id="200" resource_id="300" role="user"/>
+
+  <snapshots id="1" project_id="300" root_project_id="300" islast="[true]"/>
+  <snapshots id="2" project_id="301" root_project_id="300" islast="[true]"/>
+  <snapshots id="3" project_id="302" root_project_id="300" islast="[true]"/>
+  <snapshots id="4" project_id="303" root_project_id="300" islast="[true]"/>
+
+</dataset>
diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_have_global_authorization.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_have_global_authorization.xml
new file mode 100644
index 00000000000..f79a1a2b08f
--- /dev/null
+++ b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_have_global_authorization.xml
@@ -0,0 +1,14 @@
+<dataset>
+
+  <!-- user 100 has no direct grant access, but is in the group 200 that has the role "user"
+  on the all the projects  -->
+  <user_roles id="1" user_id="100" resource_id="999" role="user"/>
+  <groups_users user_id="100" group_id="200"/>
+  <group_roles id="1" group_id="200" resource_id="[null]" role="user"/>
+
+  <snapshots id="1" project_id="300" root_project_id="300" islast="[true]"/>
+  <snapshots id="2" project_id="301" root_project_id="300" islast="[true]"/>
+  <snapshots id="3" project_id="302" root_project_id="300" islast="[true]"/>
+  <snapshots id="4" project_id="303" root_project_id="300" islast="[true]"/>
+
+</dataset>
diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/user_should_be_authorized.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/user_should_be_authorized.xml
new file mode 100644
index 00000000000..7448058b9d6
--- /dev/null
+++ b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/user_should_be_authorized.xml
@@ -0,0 +1,13 @@
+<dataset>
+
+  <!-- user 100 has the role "user" on the project 300 and in group 200 -->
+  <user_roles id="1" user_id="100" resource_id="300" role="user"/>
+  <groups_users user_id="100" group_id="200"/>
+  <group_roles id="1" group_id="200" resource_id="999" role="user"/>
+
+  <snapshots id="1" project_id="300" root_project_id="300" islast="[true]"/>
+  <snapshots id="2" project_id="301" root_project_id="300" islast="[true]"/>
+  <snapshots id="3" project_id="302" root_project_id="300" islast="[true]"/>
+  <snapshots id="4" project_id="303" root_project_id="300" islast="[true]"/>
+
+</dataset>