From: Simon Brandhof Date: Wed, 2 Dec 2015 13:15:38 +0000 (+0100) Subject: Add IT ScanPermissionTest X-Git-Tag: 5.3-RC1~103 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=f150c047ae04641c69dc7e3a07ac874958d6b88f;p=sonarqube.git Add IT ScanPermissionTest --- diff --git a/it/it-tests/src/test/java/it/Category1Suite.java b/it/it-tests/src/test/java/it/Category1Suite.java index 77c9d9913cd..4608ad5b899 100644 --- a/it/it-tests/src/test/java/it/Category1Suite.java +++ b/it/it-tests/src/test/java/it/Category1Suite.java @@ -45,6 +45,7 @@ import it.administration.UsersUITest; import it.authorisation.AuthenticationTest; import it.authorisation.IssuePermissionTest; import it.authorisation.PermissionTest; +import it.authorisation.ScanPermissionTest; import it.i18n.I18nTest; import it.measureHistory.DifferentialPeriodsTest; import it.measureHistory.HistoryUiTest; @@ -93,6 +94,7 @@ import static util.ItUtils.xooPlugin; AuthenticationTest.class, PermissionTest.class, IssuePermissionTest.class, + ScanPermissionTest.class, // measure history DifferentialPeriodsTest.class, HistoryUiTest.class, diff --git a/it/it-tests/src/test/java/it/authorisation/ScanPermissionTest.java b/it/it-tests/src/test/java/it/authorisation/ScanPermissionTest.java new file mode 100644 index 00000000000..141c10eed9c --- /dev/null +++ b/it/it-tests/src/test/java/it/authorisation/ScanPermissionTest.java @@ -0,0 +1,116 @@ +/* + * SonarQube, open source software quality management tool. + * Copyright (C) 2008-2014 SonarSource + * mailto:contact AT sonarsource DOT com + * + * SonarQube is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * SonarQube is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package it.authorisation; + +import com.sonar.orchestrator.Orchestrator; +import com.sonar.orchestrator.build.BuildFailureException; +import it.Category1Suite; +import org.junit.After; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Test; +import org.sonar.wsclient.SonarClient; +import org.sonar.wsclient.user.UserParameters; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.Assert.fail; +import static util.ItUtils.runProjectAnalysis; + +/** + * SONAR-4397 + */ +public class ScanPermissionTest { + + @ClassRule + public static Orchestrator orchestrator = Category1Suite.ORCHESTRATOR; + + private final static String USER_LOGIN = "scanperm"; + + private static SonarClient adminClient; + + @Before + public void setUp() { + orchestrator.resetData(); + adminClient = orchestrator.getServer().adminWsClient(); + adminClient.userClient().create(UserParameters.create().login(USER_LOGIN).name(USER_LOGIN).password("thewhite").passwordConfirmation("thewhite")); + } + + @After + public void teraDown() { + addPermission("anyone", "scan"); + addPermission("anyone", "dryRunScan"); + adminClient.userClient().deactivate(USER_LOGIN); + } + + @Test + public void should_fail_if_no_scan_permission() throws Exception { + runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite"); + + removeGroupPermission("anyone", "scan"); + try { + runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite"); + fail(); + } catch (BuildFailureException e) { + assertThat(e.getResult().getLogs()).contains( + "You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. Please contact your SonarQube administrator."); + } + + // Remove Anyone from dryrun permission + removeGroupPermission("anyone", "dryRunScan"); + try { + runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite"); + fail(); + } catch (BuildFailureException e) { + assertThat(e.getResult().getLogs()).contains( + "You're not authorized to execute any SonarQube analysis. Please contact your SonarQube administrator."); + } + } + + @Test + public void no_need_for_browse_permission_to_scan() throws Exception { + // Do a first analysis, no error + runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite"); + + // Remove browse permission for groups Anyone on the project + removeGroupPermission("anyone", "sample", "user"); + + // still no error + runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite"); + } + + private static void addPermission(String groupName, String permission) { + adminClient.post("api/permissions/add_group", + "groupName", groupName, + "permission", permission); + } + + private static void removeGroupPermission(String groupName, String permission) { + adminClient.post("api/permissions/remove_group", + "groupName", groupName, + "permission", permission); + } + + private static void removeGroupPermission(String groupName, String projectKey, String permission) { + adminClient.post("api/permissions/remove_group", + "groupName", groupName, + "projectKey", projectKey, + "permission", permission); + } +}