From 0d6d15e60f0404e39046a1ae1d4f736d4a8ce684 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Thu, 2 Feb 2017 10:11:10 +0100 Subject: [PATCH] SONAR-8716 fix check of permissions in api/quality_gates --- .../server/qualitygate/QualityGates.java | 62 +++------ .../server/qualitygate/ws/AppAction.java | 7 +- .../server/qualitygate/ws/DeselectAction.java | 17 +-- .../server/qualitygate/ws/SelectAction.java | 7 +- .../org/sonar/server/user/DoPrivileged.java | 2 +- .../server/qualitygate/QualityGatesTest.java | 122 ++---------------- .../server/qualitygate/ws/AppActionTest.java | 17 +-- .../qualitygate/ws/DeselectActionTest.java | 63 +++------ .../qualitygate/ws/QualityGatesWsTest.java | 16 ++- .../qualitygate/ws/SelectActionTest.java | 61 +++------ 10 files changed, 110 insertions(+), 264 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java index fcaa6e38ae1..2439d41781c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java @@ -27,11 +27,9 @@ import org.apache.commons.lang.StringUtils; import org.sonar.api.measures.Metric; import org.sonar.api.measures.MetricFinder; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.MyBatis; -import org.sonar.db.component.ComponentDao; import org.sonar.db.component.ComponentDto; import org.sonar.db.property.PropertiesDao; import org.sonar.db.property.PropertyDto; @@ -41,12 +39,14 @@ import org.sonar.db.qualitygate.QualityGateDao; import org.sonar.db.qualitygate.QualityGateDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.Errors; -import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.Message; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.user.UserSession; import org.sonar.server.util.Validation; +import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; +import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException; + /** * Methods from this class should be moved to {@link QualityGateUpdater} and to new classes QualityGateFinder / QualityGateConditionsUpdater / etc. * in order to have classes with clearer responsibilities and more easily testable (without having to use too much mocks) @@ -60,7 +60,6 @@ public class QualityGates { private final QualityGateConditionDao conditionDao; private final MetricFinder metricFinder; private final PropertiesDao propertiesDao; - private final ComponentDao componentDao; private final UserSession userSession; public QualityGates(DbClient dbClient, MetricFinder metricFinder, UserSession userSession) { @@ -69,7 +68,6 @@ public class QualityGates { this.conditionDao = dbClient.gateConditionDao(); this.metricFinder = metricFinder; this.propertiesDao = dbClient.propertiesDao(); - this.componentDao = dbClient.componentDao(); this.userSession = userSession; } @@ -82,7 +80,7 @@ public class QualityGates { } public QualityGateDto rename(long idToRename, String name) { - checkPermission(); + checkRoot(); QualityGateDto toRename = getNonNullQgate(idToRename); validateQualityGate(idToRename, name); toRename.setName(name); @@ -91,7 +89,7 @@ public class QualityGates { } public QualityGateDto copy(long sourceId, String destinationName) { - checkPermission(); + checkRoot(); getNonNullQgate(sourceId); validateQualityGate(null, destinationName); QualityGateDto destinationGate = new QualityGateDto().setName(destinationName); @@ -116,7 +114,7 @@ public class QualityGates { } public void delete(long idToDelete) { - checkPermission(); + checkRoot(); QualityGateDto qGate = getNonNullQgate(idToDelete); DbSession session = dbClient.openSession(false); try { @@ -132,7 +130,7 @@ public class QualityGates { } public void setDefault(DbSession dbSession, @Nullable Long idToUseAsDefault) { - checkPermission(); + checkRoot(); if (idToUseAsDefault == null) { propertiesDao.deleteGlobalProperty(SONAR_QUALITYGATE_PROPERTY, dbSession); } else { @@ -174,30 +172,15 @@ public class QualityGates { } public void deleteCondition(Long condId) { - checkPermission(); + checkRoot(); conditionDao.delete(getNonNullCondition(condId)); } - public void associateProject(Long qGateId, Long projectId) { - DbSession session = dbClient.openSession(false); - try { - getNonNullQgate(qGateId); - checkPermission(projectId, session); - propertiesDao.saveProperty(new PropertyDto().setKey(SONAR_QUALITYGATE_PROPERTY).setResourceId(projectId).setValue(qGateId.toString())); - } finally { - MyBatis.closeQuietly(session); - } - } - - public void dissociateProject(Long qGateId, Long projectId) { - DbSession session = dbClient.openSession(false); - try { - getNonNullQgate(qGateId); - checkPermission(projectId, session); - propertiesDao.deleteProjectProperty(SONAR_QUALITYGATE_PROPERTY, projectId); - } finally { - MyBatis.closeQuietly(session); - } + public void dissociateProject(DbSession dbSession, Long qGateId, ComponentDto project) { + getNonNullQgate(qGateId); + checkProjectAdmin(project); + propertiesDao.deleteProjectProperty(SONAR_QUALITYGATE_PROPERTY, project.getId(), dbSession); + dbSession.commit(); } private boolean isDefault(QualityGateDto qGate) { @@ -208,17 +191,13 @@ public class QualityGates { PropertyDto defaultQgate = propertiesDao.selectGlobalProperty(SONAR_QUALITYGATE_PROPERTY); if (defaultQgate == null || StringUtils.isBlank(defaultQgate.getValue())) { return null; - } else { - return Long.valueOf(defaultQgate.getValue()); } + return Long.valueOf(defaultQgate.getValue()); } private QualityGateDto getNonNullQgate(long id) { - DbSession dbSession = dbClient.openSession(false); - try { + try (DbSession dbSession = dbClient.openSession(false)) { return getNonNullQgate(dbSession, id); - } finally { - dbClient.closeSession(dbSession); } } @@ -264,15 +243,14 @@ public class QualityGates { errors.check(isModifyingCurrentQgate || existingQgate == null, Validation.IS_ALREADY_USED_MESSAGE, "Name"); } - private void checkPermission() { - userSession.checkPermission(GlobalPermissions.QUALITY_GATE_ADMIN); + private void checkRoot() { + userSession.checkIsRoot(); } - private void checkPermission(Long projectId, DbSession session) { - ComponentDto project = componentDao.selectOrFailById(session, projectId); - if (!userSession.hasPermission(GlobalPermissions.QUALITY_GATE_ADMIN) + private void checkProjectAdmin(ComponentDto project) { + if (!userSession.hasOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN) && !userSession.hasComponentPermission(UserRole.ADMIN, project)) { - throw new ForbiddenException("Insufficient privileges"); + throw insufficientPrivilegesException(); } } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java index 90dc4c66cfb..262d028bbaf 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java @@ -27,6 +27,7 @@ import org.sonar.api.server.ws.WebService; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.metric.MetricDto; +import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.user.UserSession; import org.sonarqube.ws.WsQualityGates.AppWsResponse.Metric; @@ -41,10 +42,12 @@ public class AppAction implements QualityGatesWsAction { private final UserSession userSession; private final DbClient dbClient; + private final DefaultOrganizationProvider defaultOrganizationProvider; - public AppAction(UserSession userSession, DbClient dbClient) { + public AppAction(UserSession userSession, DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) { this.userSession = userSession; this.dbClient = dbClient; + this.defaultOrganizationProvider = defaultOrganizationProvider; } @Override @@ -60,7 +63,7 @@ public class AppAction implements QualityGatesWsAction { @Override public void handle(Request request, Response response) { writeProtobuf(AppWsResponse.newBuilder() - .setEdit(userSession.hasPermission(QUALITY_GATE_ADMIN)) + .setEdit(userSession.hasOrganizationPermission(defaultOrganizationProvider.get().getUuid(), QUALITY_GATE_ADMIN)) .addAllMetrics(loadMetrics() .stream() .map(AppAction::toMetric) diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java index b90315ff228..572217a2da5 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java @@ -73,19 +73,16 @@ public class DeselectAction implements QualityGatesWsAction { @Override public void handle(Request request, Response response) { - ComponentDto project = getProject(request.param(PARAM_PROJECT_ID), request.param(PARAM_PROJECT_KEY)); - qualityGates.dissociateProject(QualityGatesWs.parseId(request, QualityGatesWsParameters.PARAM_GATE_ID), project.getId()); - response.noContent(); + try (DbSession dbSession = dbClient.openSession(false)) { + ComponentDto project = getProject(dbSession, request.param(PARAM_PROJECT_ID), request.param(PARAM_PROJECT_KEY)); + qualityGates.dissociateProject(dbSession, QualityGatesWs.parseId(request, QualityGatesWsParameters.PARAM_GATE_ID), project); + response.noContent(); + } } - private ComponentDto getProject(@Nullable String projectId, @Nullable String projectKey) { - DbSession dbSession = dbClient.openSession(false); - try { - return selectProjectById(dbSession, projectId) + private ComponentDto getProject(DbSession dbSession, @Nullable String projectId, @Nullable String projectKey) { + return selectProjectById(dbSession, projectId) .or(() -> componentFinder.getByUuidOrKey(dbSession, projectId, projectKey, ComponentFinder.ParamNames.PROJECT_ID_AND_KEY)); - } finally { - dbClient.closeSession(dbSession); - } } private Optional selectProjectById(DbSession dbSession, @Nullable String projectId) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java index b44cdc1f5fb..8f6dea62a8c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java @@ -91,8 +91,7 @@ public class SelectAction implements QualityGatesWsAction { } private void doHandle(SelectWsRequest request) { - DbSession dbSession = dbClient.openSession(false); - try { + try (DbSession dbSession = dbClient.openSession(false)) { checkQualityGate(dbClient, request.getGateId()); ComponentDto project = getProject(dbSession, request.getProjectId(), request.getProjectKey()); @@ -102,8 +101,6 @@ public class SelectAction implements QualityGatesWsAction { .setValue(String.valueOf(request.getGateId()))); dbSession.commit(); - } finally { - dbClient.closeSession(dbSession); } } @@ -118,7 +115,7 @@ public class SelectAction implements QualityGatesWsAction { ComponentDto project = selectProjectById(dbSession, projectId) .or(() -> componentFinder.getByUuidOrKey(dbSession, projectId, projectKey, ParamNames.PROJECT_ID_AND_KEY)); - if (!userSession.hasPermission(GlobalPermissions.QUALITY_GATE_ADMIN) && + if (!userSession.hasOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.QUALITY_GATE_ADMIN) && !userSession.hasComponentPermission(UserRole.ADMIN, project)) { throw insufficientPrivilegesException(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java index 935f08e73be..e1ca5997e35 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java @@ -94,7 +94,7 @@ public final class DoPrivileged { @Override public boolean isRoot() { - return false; + return true; } @Override diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGatesTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGatesTest.java index c71db28aee4..074b4ed3cd1 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGatesTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGatesTest.java @@ -24,8 +24,6 @@ import com.google.common.collect.Lists; import java.util.Collection; import java.util.Iterator; import java.util.List; -import org.apache.commons.lang.RandomStringUtils; -import org.apache.commons.lang.math.RandomUtils; import org.junit.Before; import org.junit.Rule; import org.junit.Test; @@ -38,8 +36,6 @@ import org.sonar.api.measures.CoreMetrics; import org.sonar.api.measures.Metric; import org.sonar.api.measures.Metric.ValueType; import org.sonar.api.measures.MetricFinder; -import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.util.Uuids; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -53,10 +49,7 @@ import org.sonar.db.qualitygate.QualityGateDao; import org.sonar.db.qualitygate.QualityGateDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.NotFoundException; -import org.sonar.server.tester.AnonymousMockUserSession; -import org.sonar.server.tester.MockUserSession; import org.sonar.server.tester.UserSessionRule; -import org.sonar.server.user.UserSession; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Matchers.any; @@ -71,31 +64,23 @@ import static org.sonar.db.component.ComponentTesting.newProjectDto; @RunWith(MockitoJUnitRunner.class) public class QualityGatesTest { - static final long QUALITY_GATE_ID = 42L; - static final int METRIC_ID = 10; + private static final long QUALITY_GATE_ID = 42L; + private static final String PROJECT_KEY = "SonarQube"; + private static final String PROJECT_UUID = Uuids.UUID_EXAMPLE_01; @Rule public ExpectedException expectedException = ExpectedException.none(); @Rule - public UserSessionRule userSessionRule = UserSessionRule.standalone(); + public UserSessionRule userSession = UserSessionRule.standalone(); - DbSession dbSession = mock(DbSession.class); - DbClient dbClient = mock(DbClient.class); - QualityGateDao dao = mock(QualityGateDao.class); - QualityGateConditionDao conditionDao = mock(QualityGateConditionDao.class); - PropertiesDao propertiesDao = mock(PropertiesDao.class); - ComponentDao componentDao = mock(ComponentDao.class); - MetricFinder metricFinder = mock(MetricFinder.class); - - QualityGates underTest; - - static final String PROJECT_KEY = "SonarQube"; - static final String PROJECT_UUID = Uuids.UUID_EXAMPLE_01; - - UserSession authorizedProfileAdminUserSession = new MockUserSession("gaudol").setName("Olivier").setGlobalPermissions(GlobalPermissions.QUALITY_GATE_ADMIN); - UserSession authorizedProjectAdminUserSession = new MockUserSession("gaudol").setName("Olivier").addProjectUuidPermissions(UserRole.ADMIN, PROJECT_UUID); - UserSession unauthorizedUserSession = new MockUserSession("polop").setName("Polop"); - UserSession unauthenticatedUserSession = new AnonymousMockUserSession(); + private DbSession dbSession = mock(DbSession.class); + private DbClient dbClient = mock(DbClient.class); + private QualityGateDao dao = mock(QualityGateDao.class); + private QualityGateConditionDao conditionDao = mock(QualityGateConditionDao.class); + private PropertiesDao propertiesDao = mock(PropertiesDao.class); + private ComponentDao componentDao = mock(ComponentDao.class); + private MetricFinder metricFinder = mock(MetricFinder.class); + private QualityGates underTest; @Before public void initialize() { @@ -108,9 +93,9 @@ public class QualityGatesTest { when(componentDao.selectOrFailById(eq(dbSession), anyLong())).thenReturn( newProjectDto(OrganizationTesting.newOrganizationDto(), PROJECT_UUID).setId(1L).setKey(PROJECT_KEY)); - underTest = new QualityGates(dbClient, metricFinder, userSessionRule); + underTest = new QualityGates(dbClient, metricFinder, userSession); - userSessionRule.set(authorizedProfileAdminUserSession); + userSession.login().setRoot(); } @Test @@ -314,60 +299,6 @@ public class QualityGatesTest { underTest.deleteCondition(QUALITY_GATE_ID); } - @Test - public void should_associate_project() { - Long qGateId = QUALITY_GATE_ID; - Long projectId = 24L; - when(dao.selectById(dbSession, qGateId)).thenReturn(new QualityGateDto().setId(qGateId)); - underTest.associateProject(qGateId, projectId); - verify(dao).selectById(dbSession, qGateId); - ArgumentCaptor propertyCaptor = ArgumentCaptor.forClass(PropertyDto.class); - verify(propertiesDao).saveProperty(propertyCaptor.capture()); - PropertyDto property = propertyCaptor.getValue(); - assertThat(property.getKey()).isEqualTo("sonar.qualitygate"); - assertThat(property.getResourceId()).isEqualTo(projectId); - assertThat(property.getValue()).isEqualTo("42"); - } - - @Test - public void associate_project_with_project_admin_permission() { - userSessionRule.set(authorizedProjectAdminUserSession); - - Long qGateId = QUALITY_GATE_ID; - Long projectId = 24L; - when(dao.selectById(dbSession, qGateId)).thenReturn(new QualityGateDto().setId(qGateId)); - underTest.associateProject(qGateId, projectId); - verify(dao).selectById(dbSession, qGateId); - ArgumentCaptor propertyCaptor = ArgumentCaptor.forClass(PropertyDto.class); - verify(propertiesDao).saveProperty(propertyCaptor.capture()); - PropertyDto property = propertyCaptor.getValue(); - assertThat(property.getKey()).isEqualTo("sonar.qualitygate"); - assertThat(property.getResourceId()).isEqualTo(projectId); - assertThat(property.getValue()).isEqualTo("42"); - } - - @Test - public void should_dissociate_project() { - Long qGateId = QUALITY_GATE_ID; - Long projectId = 24L; - when(dao.selectById(dbSession, qGateId)).thenReturn(new QualityGateDto().setId(qGateId)); - underTest.dissociateProject(qGateId, projectId); - verify(dao).selectById(dbSession, qGateId); - verify(propertiesDao).deleteProjectProperty("sonar.qualitygate", projectId); - } - - @Test - public void dissociate_project_with_project_admin_permission() { - userSessionRule.set(authorizedProjectAdminUserSession); - - Long qGateId = QUALITY_GATE_ID; - Long projectId = 24L; - when(dao.selectById(dbSession, qGateId)).thenReturn(new QualityGateDto().setId(qGateId)); - underTest.dissociateProject(qGateId, projectId); - verify(dao).selectById(dbSession, qGateId); - verify(propertiesDao).deleteProjectProperty("sonar.qualitygate", projectId); - } - @Test public void should_copy_qgate() { String name = "Atlantis"; @@ -410,29 +341,4 @@ public class QualityGatesTest { dataMetric, hiddenMetric, nullHiddenMetric, alertMetric, ratingMetric, classicMetric)); } - private Metric addMetric(String metricKey, String metricName) { - Metric metric = Mockito.spy(CoreMetrics.COVERAGE); - when(metric.getId()).thenReturn(METRIC_ID); - when(metric.getName()).thenReturn(metricName); - when(metricFinder.findByKey(metricKey)).thenReturn(metric); - return metric; - } - - private QualityGateConditionDto newCondition(String metricKey, int metricId) { - return new QualityGateConditionDto() - .setId(RandomUtils.nextLong()) - .setMetricKey(metricKey) - .setMetricId(metricId) - .setQualityGateId(QUALITY_GATE_ID) - .setOperator("GT") - .setWarningThreshold(RandomStringUtils.randomAlphanumeric(15)) - .setErrorThreshold(RandomStringUtils.randomAlphanumeric(15)) - .setPeriod(RandomUtils.nextBoolean() ? 1 : null); - } - - private QualityGateConditionDto insertQualityGateConditionDto(QualityGateConditionDto conditionDto) { - when(conditionDao.selectById(conditionDto.getId())).thenReturn(conditionDto); - return conditionDto; - } - } diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java index e76e7c6a17f..8ec7b8a4e0f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java @@ -25,11 +25,12 @@ import org.junit.Rule; import org.junit.Test; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; import org.sonar.db.metric.MetricDto; +import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.organization.TestDefaultOrganizationProvider; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.WsActionTester; import org.sonarqube.ws.MediaTypes; @@ -55,11 +56,11 @@ public class AppActionTest { @Rule public DbTester db = DbTester.create(System2.INSTANCE); - DbClient dbClient = db.getDbClient(); - DbSession dbSession = db.getSession(); - - AppAction underTest = new AppAction(userSession, dbClient); - WsActionTester ws = new WsActionTester(underTest); + private DbClient dbClient = db.getDbClient(); + private DbSession dbSession = db.getSession(); + private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); + private AppAction underTest = new AppAction(userSession, dbClient, defaultOrganizationProvider); + private WsActionTester ws = new WsActionTester(underTest); @Test public void return_metrics() throws Exception { @@ -163,7 +164,7 @@ public class AppActionTest { @Test public void return_edit_to_false_when_not_quality_gate_permission() throws Exception { - userSession.logIn("not-admin").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); + userSession.logIn(); AppWsResponse response = executeRequest(); @@ -172,7 +173,7 @@ public class AppActionTest { @Test public void return_edit_to_true_when_quality_gate_permission() throws Exception { - userSession.logIn("admin").setGlobalPermissions(QUALITY_GATE_ADMIN); + userSession.logIn().addOrganizationPermission(db.getDefaultOrganization(), QUALITY_GATE_ADMIN); AppWsResponse response = executeRequest(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java index 0147a42704d..f430aea4eb9 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java @@ -30,7 +30,6 @@ import org.sonar.api.web.UserRole; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; -import org.sonar.db.component.ComponentDbTester; import org.sonar.db.component.ComponentDto; import org.sonar.db.property.PropertyDto; import org.sonar.db.qualitygate.QualityGateDto; @@ -43,10 +42,8 @@ import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; -import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.server.qualitygate.QualityGates.SONAR_QUALITYGATE_PROPERTY; public class DeselectActionTest { @@ -59,15 +56,14 @@ public class DeselectActionTest { @Rule public DbTester db = DbTester.create(System2.INSTANCE); - DbClient dbClient = db.getDbClient(); - DbSession dbSession = db.getSession(); - ComponentDbTester componentDb = new ComponentDbTester(db); - QualityGates qualityGates = new QualityGates(dbClient, mock(MetricFinder.class), userSession); - - WsActionTester ws; - - DeselectAction underTest; + private DbClient dbClient = db.getDbClient(); + private DbSession dbSession = db.getSession(); + private QualityGates qualityGates = new QualityGates(dbClient, mock(MetricFinder.class), userSession); + private WsActionTester ws; + private ComponentDto project; + private QualityGateDto gate; + private DeselectAction underTest; @Before public void setUp() { @@ -75,14 +71,15 @@ public class DeselectActionTest { underTest = new DeselectAction(qualityGates, dbClient, componentFinder); ws = new WsActionTester(underTest); - userSession.logIn("login").setGlobalPermissions(QUALITY_GATE_ADMIN); + project = db.components().insertProject(); + gate = insertQualityGate(); } @Test public void deselect_by_id() throws Exception { - ComponentDto project = insertProject(); - ComponentDto anotherProject = componentDb.insertProject(); - QualityGateDto gate = insertQualityGate(); + userSession.logIn().setRoot(); + + ComponentDto anotherProject = db.components().insertProject(); String gateId = String.valueOf(gate.getId()); associateProjectToQualityGate(project.getId(), gateId); associateProjectToQualityGate(anotherProject.getId(), gateId); @@ -95,8 +92,8 @@ public class DeselectActionTest { @Test public void deselect_by_uuid() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); + userSession.logIn().setRoot(); + String gateId = String.valueOf(gate.getId()); associateProjectToQualityGate(project.getId(), gateId); @@ -107,8 +104,8 @@ public class DeselectActionTest { @Test public void deselect_by_key() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); + userSession.logIn().setRoot(); + String gateId = String.valueOf(gate.getId()); associateProjectToQualityGate(project.getId(), gateId); @@ -119,12 +116,10 @@ public class DeselectActionTest { @Test public void project_admin() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); associateProjectToQualityGate(project.getId(), gateId); - userSession.logIn("login").addProjectUuidPermissions(UserRole.ADMIN, project.uuid()); + userSession.logIn().addProjectUuidPermissions(UserRole.ADMIN, project.uuid()); callByKey(gateId, project.getKey()); @@ -133,12 +128,10 @@ public class DeselectActionTest { @Test public void system_admin() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); associateProjectToQualityGate(project.getId(), gateId); - userSession.logIn("login").setGlobalPermissions(SYSTEM_ADMIN); + userSession.logIn().setGlobalPermissions(SYSTEM_ADMIN); callByKey(gateId, project.getKey()); @@ -147,16 +140,13 @@ public class DeselectActionTest { @Test public void fail_when_no_quality_gate() throws Exception { - ComponentDto project = insertProject(); - expectedException.expect(NotFoundException.class); - callByKey("1", project.getKey()); + callByKey("-1", project.getKey()); } @Test public void fail_when_no_project_id() throws Exception { - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); expectedException.expect(NotFoundException.class); @@ -166,7 +156,6 @@ public class DeselectActionTest { @Test public void fail_when_no_project_key() throws Exception { - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); expectedException.expect(NotFoundException.class); @@ -176,8 +165,6 @@ public class DeselectActionTest { @Test public void fail_when_anonymous() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); userSession.anonymous(); @@ -187,11 +174,9 @@ public class DeselectActionTest { @Test public void fail_when_not_project_admin() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); - userSession.logIn("login").addProjectUuidPermissions(UserRole.ISSUE_ADMIN, project.uuid()); + userSession.logIn().addProjectUuidPermissions(UserRole.ISSUE_ADMIN, project.uuid()); expectedException.expect(ForbiddenException.class); @@ -200,21 +185,15 @@ public class DeselectActionTest { @Test public void fail_when_not_quality_gates_admin() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); - userSession.logIn("login").setGlobalPermissions(QUALITY_PROFILE_ADMIN); + userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), QUALITY_PROFILE_ADMIN); expectedException.expect(ForbiddenException.class); callByKey(gateId, project.getKey()); } - private ComponentDto insertProject() { - return componentDb.insertComponent(newProjectDto(db.organizations().insert())); - } - private QualityGateDto insertQualityGate() { QualityGateDto gate = new QualityGateDto().setName("Custom"); dbClient.qualityGateDao().insert(dbSession, gate); diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/QualityGatesWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/QualityGatesWsTest.java index bfdbee6307e..57adc7d6519 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/QualityGatesWsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/QualityGatesWsTest.java @@ -69,11 +69,19 @@ public class QualityGatesWsTest { SelectAction selectAction = new SelectAction(mock(DbClient.class), mock(UserSessionRule.class), mock(ComponentFinder.class)); tester = new WsTester(new QualityGatesWs( - new ListAction(qGates), new ShowAction(qGates), new SearchAction(projectFinder), - new CreateAction(null, null, null), new CopyAction(qGates), new DestroyAction(qGates), new RenameAction(qGates), + new ListAction(qGates), + new ShowAction(qGates), + new SearchAction(projectFinder), + new CreateAction(null, null, null), + new CopyAction(qGates), + new DestroyAction(qGates), new RenameAction(qGates), new SetAsDefaultAction(qGates), new UnsetDefaultAction(qGates), - new CreateConditionAction(null, null, null), new UpdateConditionAction(null, null, null), new DeleteConditionAction(qGates), - selectAction, new DeselectAction(qGates, mock(DbClient.class), mock(ComponentFinder.class)), new AppAction(null, null))); + new CreateConditionAction(null, null, null), + new UpdateConditionAction(null, null, null), + new DeleteConditionAction(qGates), + selectAction, + new DeselectAction(qGates, mock(DbClient.class), mock(ComponentFinder.class)), + new AppAction(null, null, null))); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java index c8b0e9daace..03d32fd8712 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java @@ -28,7 +28,6 @@ import org.sonar.api.web.UserRole; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; -import org.sonar.db.component.ComponentDbTester; import org.sonar.db.component.ComponentDto; import org.sonar.db.qualitygate.QualityGateDto; import org.sonar.server.component.ComponentFinder; @@ -40,7 +39,6 @@ import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.qualitygate.QualityGates.SONAR_QUALITYGATE_PROPERTY; public class SelectActionTest { @@ -53,27 +51,26 @@ public class SelectActionTest { @Rule public DbTester db = DbTester.create(System2.INSTANCE); - DbClient dbClient = db.getDbClient(); - DbSession dbSession = db.getSession(); - ComponentDbTester componentDb = new ComponentDbTester(db); - WsActionTester ws; - - SelectAction underTest; + private DbClient dbClient = db.getDbClient(); + private DbSession dbSession = db.getSession(); + private WsActionTester ws; + private ComponentDto project; + private QualityGateDto gate; + private SelectAction underTest; @Before public void setUp() { ComponentFinder componentFinder = new ComponentFinder(dbClient); underTest = new SelectAction(dbClient, userSession, componentFinder); ws = new WsActionTester(underTest); - - userSession.logIn("login").setGlobalPermissions(QUALITY_GATE_ADMIN); + project = db.components().insertProject(); + gate = insertQualityGate(); } @Test public void select_by_id() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); + userSession.logIn().setRoot(); String gateId = String.valueOf(gate.getId()); callById(gateId, project.getId()); @@ -83,8 +80,7 @@ public class SelectActionTest { @Test public void select_by_uuid() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); + userSession.logIn().setRoot(); String gateId = String.valueOf(gate.getId()); callByUuid(gateId, project.uuid()); @@ -94,50 +90,42 @@ public class SelectActionTest { @Test public void select_by_key() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); + userSession.logIn().setRoot(); String gateId = String.valueOf(gate.getId()); callByKey(gateId, project.getKey()); + assertSelected(gateId, project.getId()); } @Test public void project_admin() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); + userSession.logIn().addProjectUuidPermissions(UserRole.ADMIN, project.uuid()); String gateId = String.valueOf(gate.getId()); - userSession.logIn("login").addProjectUuidPermissions(UserRole.ADMIN, project.uuid()); - callByKey(gateId, project.getKey()); + assertSelected(gateId, project.getId()); } @Test - public void system_admin() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); + public void gate_administrator_can_associate_a_gate_to_a_project() throws Exception { + userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN); String gateId = String.valueOf(gate.getId()); - userSession.logIn("login").setGlobalPermissions(SYSTEM_ADMIN); - callByKey(gateId, project.getKey()); + assertSelected(gateId, project.getId()); - ; } @Test public void fail_when_no_quality_gate() throws Exception { - ComponentDto project = insertProject(); - expectedException.expect(NotFoundException.class); callByKey("1", project.getKey()); } @Test public void fail_when_no_project_id() throws Exception { - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); expectedException.expect(NotFoundException.class); @@ -146,7 +134,6 @@ public class SelectActionTest { @Test public void fail_when_no_project_key() throws Exception { - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); expectedException.expect(NotFoundException.class); @@ -155,8 +142,6 @@ public class SelectActionTest { @Test public void fail_when_anonymous() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); userSession.anonymous(); @@ -167,11 +152,9 @@ public class SelectActionTest { @Test public void fail_when_not_project_admin() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); - userSession.logIn("login").addProjectUuidPermissions(UserRole.ISSUE_ADMIN, project.uuid()); + userSession.logIn().addProjectUuidPermissions(UserRole.ISSUE_ADMIN, project.uuid()); expectedException.expect(ForbiddenException.class); callByKey(gateId, project.getKey()); @@ -179,20 +162,14 @@ public class SelectActionTest { @Test public void fail_when_not_quality_gates_admin() throws Exception { - ComponentDto project = insertProject(); - QualityGateDto gate = insertQualityGate(); String gateId = String.valueOf(gate.getId()); - userSession.logIn("login").setGlobalPermissions(QUALITY_PROFILE_ADMIN); + userSession.logIn().setGlobalPermissions(QUALITY_PROFILE_ADMIN); expectedException.expect(ForbiddenException.class); callByKey(gateId, project.getKey()); } - private ComponentDto insertProject() { - return componentDb.insertProject(db.organizations().insert()); - } - private QualityGateDto insertQualityGate() { QualityGateDto gate = new QualityGateDto().setName("Custom"); dbClient.qualityGateDao().insert(dbSession, gate); -- 2.39.5