From: Julien Lancelot Date: Thu, 7 Jan 2016 15:47:31 +0000 (+0100) Subject: SONAR-7174 Add IT to check Execute Analysis perm on project X-Git-Tag: 5.4-M5~31 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F708%2Fhead;p=sonarqube.git SONAR-7174 Add IT to check Execute Analysis perm on project --- diff --git a/it/it-tests/src/test/java/it/Category1Suite.java b/it/it-tests/src/test/java/it/Category1Suite.java index d0e6bf73ecd..2168fcb2aa5 100644 --- a/it/it-tests/src/test/java/it/Category1Suite.java +++ b/it/it-tests/src/test/java/it/Category1Suite.java @@ -42,9 +42,9 @@ import it.actionPlan.ActionPlanTest; import it.actionPlan.ActionPlanUiTest; import it.administration.UsersUITest; import it.authorisation.AuthenticationTest; +import it.authorisation.ExecuteAnalysisPermissionTest; import it.authorisation.IssuePermissionTest; import it.authorisation.PermissionTest; -import it.authorisation.ScanPermissionTest; import it.i18n.I18nTest; import it.measureHistory.DifferentialPeriodsTest; import it.measureHistory.HistoryUiTest; @@ -96,7 +96,7 @@ import static util.ItUtils.xooPlugin; AuthenticationTest.class, PermissionTest.class, IssuePermissionTest.class, - ScanPermissionTest.class, + ExecuteAnalysisPermissionTest.class, // measure history DifferentialPeriodsTest.class, HistoryUiTest.class, diff --git a/it/it-tests/src/test/java/it/authorisation/ExecuteAnalysisPermissionTest.java b/it/it-tests/src/test/java/it/authorisation/ExecuteAnalysisPermissionTest.java new file mode 100644 index 00000000000..7aec9daf701 --- /dev/null +++ b/it/it-tests/src/test/java/it/authorisation/ExecuteAnalysisPermissionTest.java @@ -0,0 +1,134 @@ +/* + * SonarQube Integration Tests :: Tests + * Copyright (C) 2009-2016 SonarSource SA + * mailto:contact AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package it.authorisation; + +import com.sonar.orchestrator.Orchestrator; +import com.sonar.orchestrator.build.BuildFailureException; +import it.Category1Suite; +import org.junit.After; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Test; +import org.sonar.wsclient.SonarClient; +import org.sonar.wsclient.user.UserParameters; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.Assert.fail; +import static util.ItUtils.runProjectAnalysis; + +/** + * SONAR-4397 + */ +public class ExecuteAnalysisPermissionTest { + + @ClassRule + public static Orchestrator orchestrator = Category1Suite.ORCHESTRATOR; + + private final static String USER_LOGIN = "scanperm"; + private final static String PROJECT_KEY = "sample"; + + private static SonarClient adminClient; + + @Before + public void setUp() { + orchestrator.resetData(); + adminClient = orchestrator.getServer().adminWsClient(); + adminClient.userClient().create(UserParameters.create().login(USER_LOGIN).name(USER_LOGIN).password("thewhite").passwordConfirmation("thewhite")); + orchestrator.getServer().provisionProject(PROJECT_KEY, "Sample"); + } + + @After + public void tearDown() { + addGlobalPermission("anyone", "scan"); + addGlobalPermission("anyone", "dryRunScan"); + adminClient.userClient().deactivate(USER_LOGIN); + } + + @Test + public void should_fail_if_no_scan_permission() throws Exception { + runProjectAnalysis(orchestrator, "shared/xoo-sample"); + + removeGlobalPermission("anyone", "scan"); + try { + runProjectAnalysis(orchestrator, "shared/xoo-sample"); + fail(); + } catch (BuildFailureException e) { + assertThat(e.getResult().getLogs()).contains( + "You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. Please contact your SonarQube administrator."); + } + + // Remove Anyone from dryrun permission + removeGlobalPermission("anyone", "dryRunScan"); + try { + runProjectAnalysis(orchestrator, "shared/xoo-sample"); + fail(); + } catch (BuildFailureException e) { + assertThat(e.getResult().getLogs()).contains( + "You're not authorized to execute any SonarQube analysis. Please contact your SonarQube administrator."); + } + } + + @Test + public void no_need_for_browse_permission_to_scan() throws Exception { + // Do a first analysis, no error + runProjectAnalysis(orchestrator, "shared/xoo-sample"); + + // Remove browse permission for groups Anyone on the project + removeProjectPermission("anyone", "sample", "user"); + + // still no error + runProjectAnalysis(orchestrator, "shared/xoo-sample"); + } + + @Test + public void execute_analysis_permission_only_on_project() throws Exception { + removeGlobalPermission("anyone", "scan"); + addProjectPermission("anyone", PROJECT_KEY, "scan"); + addGlobalPermission("anyone", "dryRunScan"); + + runProjectAnalysis(orchestrator, "shared/xoo-sample"); + } + + private static void addProjectPermission(String groupName, String projectKey, String permission) { + adminClient.post("api/permissions/add_group", + "groupName", groupName, + "projectKey", projectKey, + "permission", permission); + } + + private static void addGlobalPermission(String groupName, String permission) { + adminClient.post("api/permissions/add_group", + "groupName", groupName, + "permission", permission); + } + + private static void removeProjectPermission(String groupName, String projectKey, String permission) { + adminClient.post("api/permissions/remove_group", + "groupName", groupName, + "projectKey", projectKey, + "permission", permission); + } + + private static void removeGlobalPermission(String groupName, String permission) { + adminClient.post("api/permissions/remove_group", + "groupName", groupName, + "permission", permission); + } +} diff --git a/it/it-tests/src/test/java/it/authorisation/ScanPermissionTest.java b/it/it-tests/src/test/java/it/authorisation/ScanPermissionTest.java deleted file mode 100644 index 4e50d601e26..00000000000 --- a/it/it-tests/src/test/java/it/authorisation/ScanPermissionTest.java +++ /dev/null @@ -1,116 +0,0 @@ -/* - * SonarQube Integration Tests :: Tests - * Copyright (C) 2009-2016 SonarSource SA - * mailto:contact AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package it.authorisation; - -import com.sonar.orchestrator.Orchestrator; -import com.sonar.orchestrator.build.BuildFailureException; -import it.Category1Suite; -import org.junit.After; -import org.junit.Before; -import org.junit.ClassRule; -import org.junit.Test; -import org.sonar.wsclient.SonarClient; -import org.sonar.wsclient.user.UserParameters; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.Assert.fail; -import static util.ItUtils.runProjectAnalysis; - -/** - * SONAR-4397 - */ -public class ScanPermissionTest { - - @ClassRule - public static Orchestrator orchestrator = Category1Suite.ORCHESTRATOR; - - private final static String USER_LOGIN = "scanperm"; - - private static SonarClient adminClient; - - @Before - public void setUp() { - orchestrator.resetData(); - adminClient = orchestrator.getServer().adminWsClient(); - adminClient.userClient().create(UserParameters.create().login(USER_LOGIN).name(USER_LOGIN).password("thewhite").passwordConfirmation("thewhite")); - } - - @After - public void teraDown() { - addPermission("anyone", "scan"); - addPermission("anyone", "dryRunScan"); - adminClient.userClient().deactivate(USER_LOGIN); - } - - @Test - public void should_fail_if_no_scan_permission() throws Exception { - runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite"); - - removeGroupPermission("anyone", "scan"); - try { - runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite"); - fail(); - } catch (BuildFailureException e) { - assertThat(e.getResult().getLogs()).contains( - "You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. Please contact your SonarQube administrator."); - } - - // Remove Anyone from dryrun permission - removeGroupPermission("anyone", "dryRunScan"); - try { - runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite"); - fail(); - } catch (BuildFailureException e) { - assertThat(e.getResult().getLogs()).contains( - "You're not authorized to execute any SonarQube analysis. Please contact your SonarQube administrator."); - } - } - - @Test - public void no_need_for_browse_permission_to_scan() throws Exception { - // Do a first analysis, no error - runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite"); - - // Remove browse permission for groups Anyone on the project - removeGroupPermission("anyone", "sample", "user"); - - // still no error - runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite"); - } - - private static void addPermission(String groupName, String permission) { - adminClient.post("api/permissions/add_group", - "groupName", groupName, - "permission", permission); - } - - private static void removeGroupPermission(String groupName, String permission) { - adminClient.post("api/permissions/remove_group", - "groupName", groupName, - "permission", permission); - } - - private static void removeGroupPermission(String groupName, String projectKey, String permission) { - adminClient.post("api/permissions/remove_group", - "groupName", groupName, - "projectKey", projectKey, - "permission", permission); - } -}