From 4074d3d4b31a6ea015089c103151080c1bc5f904 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Thu, 3 Jan 2013 23:10:25 +0100 Subject: [PATCH] SONAR-4050 The roles on each project are re-initialized with the default values as soon as the project is analyzed --- .../batch/index/DefaultResourcePersister.java | 12 +++++- .../index/DefaultResourcePersisterTest.java | 42 ++++++++++++++++--- .../api/security/ResourcePermissions.java | 3 ++ 3 files changed, 49 insertions(+), 8 deletions(-) diff --git a/sonar-batch/src/main/java/org/sonar/batch/index/DefaultResourcePersister.java b/sonar-batch/src/main/java/org/sonar/batch/index/DefaultResourcePersister.java index 77b97879ced..93b48113c92 100644 --- a/sonar-batch/src/main/java/org/sonar/batch/index/DefaultResourcePersister.java +++ b/sonar-batch/src/main/java/org/sonar/batch/index/DefaultResourcePersister.java @@ -25,12 +25,18 @@ import org.apache.commons.lang.StringUtils; import org.sonar.api.database.DatabaseSession; import org.sonar.api.database.model.ResourceModel; import org.sonar.api.database.model.Snapshot; -import org.sonar.api.resources.*; +import org.sonar.api.resources.Library; +import org.sonar.api.resources.Project; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.Resource; +import org.sonar.api.resources.ResourceUtils; +import org.sonar.api.resources.Scopes; import org.sonar.api.security.ResourcePermissions; import org.sonar.api.utils.SonarException; import javax.persistence.NonUniqueResultException; import javax.persistence.Query; + import java.util.Date; import java.util.Iterator; import java.util.List; @@ -88,7 +94,9 @@ public final class DefaultResourcePersister implements ResourcePersister { snapshot = session.save(snapshot); session.commit(); - permissions.grantDefaultRoles(project); + if (!permissions.hasRoles(project)) { + permissions.grantDefaultRoles(project); + } return snapshot; } diff --git a/sonar-batch/src/test/java/org/sonar/batch/index/DefaultResourcePersisterTest.java b/sonar-batch/src/test/java/org/sonar/batch/index/DefaultResourcePersisterTest.java index 3d35e195e0a..a9ea3b30b51 100644 --- a/sonar-batch/src/test/java/org/sonar/batch/index/DefaultResourcePersisterTest.java +++ b/sonar-batch/src/test/java/org/sonar/batch/index/DefaultResourcePersisterTest.java @@ -38,6 +38,9 @@ import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.notNullValue; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase { @@ -72,7 +75,7 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase { ResourcePersister persister = new DefaultResourcePersister(getSession(), mock(ResourcePermissions.class)); persister.saveProject(singleProject, null); - checkTables("shouldSaveNewProject", new String[] {"build_date", "created_at"}, "projects", "snapshots"); + checkTables("shouldSaveNewProject", new String[]{"build_date", "created_at"}, "projects", "snapshots"); // SONAR-3636 : created_at must be fed when inserting a new entry in the 'projects' table ResourceModel model = getSession().getSingleResult(ResourceModel.class, "key", singleProject.getKey()); @@ -89,7 +92,7 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase { persister.saveProject(moduleB, multiModuleProject); persister.saveProject(moduleB1, moduleB); - checkTables("shouldSaveNewMultiModulesProject", new String[] {"build_date", "created_at"}, "projects", "snapshots"); + checkTables("shouldSaveNewMultiModulesProject", new String[]{"build_date", "created_at"}, "projects", "snapshots"); } @Test @@ -101,8 +104,9 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase { persister.saveResource(singleProject, new JavaPackage("org.foo").setEffectiveKey("foo:org.foo")); // check that the directory is attached to the project - checkTables("shouldSaveNewDirectory", new String[] {"build_date", "created_at"}, "projects", "snapshots"); + checkTables("shouldSaveNewDirectory", new String[]{"build_date", "created_at"}, "projects", "snapshots"); } + @Test public void shouldSaveNewLibrary() { setupData("shared"); @@ -113,7 +117,7 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase { persister.saveResource(singleProject, new Library("junit:junit", "4.8.2").setEffectiveKey("junit:junit"));// do nothing, already saved persister.saveResource(singleProject, new Library("junit:junit", "3.2").setEffectiveKey("junit:junit")); - checkTables("shouldSaveNewLibrary", new String[] {"build_date", "created_at"}, "projects", "snapshots"); + checkTables("shouldSaveNewLibrary", new String[]{"build_date", "created_at"}, "projects", "snapshots"); } @Test @@ -141,7 +145,7 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase { singleProject.setDescription("new description"); persister.saveProject(singleProject, null); - checkTables("shouldUpdateExistingResource", new String[] {"build_date", "created_at"}, "projects", "snapshots"); + checkTables("shouldUpdateExistingResource", new String[]{"build_date", "created_at"}, "projects", "snapshots"); } // SONAR-1700 @@ -152,7 +156,33 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase { ResourcePersister persister = new DefaultResourcePersister(getSession(), mock(ResourcePermissions.class)); persister.saveProject(singleProject, null); - checkTables("shouldRemoveRootIndexIfResourceIsProject", new String[] {"build_date", "created_at"}, "projects", "snapshots"); + checkTables("shouldRemoveRootIndexIfResourceIsProject", new String[]{"build_date", "created_at"}, "projects", "snapshots"); + } + + @Test + public void shouldGrantDefaultPermissionsIfNewProject() { + setupData("shared"); + + ResourcePermissions permissions = mock(ResourcePermissions.class); + when(permissions.hasRoles(singleProject)).thenReturn(false); + + ResourcePersister persister = new DefaultResourcePersister(getSession(), permissions); + persister.saveProject(singleProject, null); + + verify(permissions).grantDefaultRoles(singleProject); + } + + @Test + public void shouldNotGrantDefaultPermissionsIfExistingProject() { + setupData("shared"); + + ResourcePermissions permissions = mock(ResourcePermissions.class); + when(permissions.hasRoles(singleProject)).thenReturn(true); + + ResourcePersister persister = new DefaultResourcePersister(getSession(), permissions); + persister.saveProject(singleProject, null); + + verify(permissions, never()).grantDefaultRoles(singleProject); } private static Project newProject(String key, String language) { diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissions.java b/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissions.java index 7c20de3883f..b3eff260a25 100644 --- a/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissions.java +++ b/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissions.java @@ -39,6 +39,9 @@ public interface ResourcePermissions extends BatchComponent, ServerComponent { /** * Limitation - the resource id is used instead of logical key. + * Important note : the existing roles are overridden by default ones, so it's recommended + * to check that {@link ResourcePermissions#hasRoles(org.sonar.api.resources.Resource)} is + * false before executing this method. */ void grantDefaultRoles(Resource resource); -- 2.39.5