From c37884c9e56dc9793dd6cb761f22605f6e66fc07 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Tue, 21 Feb 2017 15:42:20 +0100 Subject: [PATCH] Support OrganizationPermission in UserDbTester --- .../db/permission/AuthorizationDaoTest.java | 12 +++-- .../db/permission/GroupPermissionDaoTest.java | 41 ++++++++------- .../java/org/sonar/db/user/RoleDaoTest.java | 10 ++-- .../java/org/sonar/db/user/UserDaoTest.java | 3 +- .../java/org/sonar/db/user/UserDbTester.java | 46 ++++++++++++---- .../ws/SearchMyOrganizationsActionTest.java | 16 +++--- .../GroupPermissionChangerTest.java | 31 ++++++----- .../permission/UserPermissionChangerTest.java | 37 ++++++------- .../permission/ws/AddUserActionTest.java | 11 ++-- .../permission/ws/GroupsActionTest.java | 23 ++++---- .../permission/ws/RemoveGroupActionTest.java | 34 ++++++------ .../permission/ws/RemoveUserActionTest.java | 12 +++-- .../ws/SearchGlobalPermissionsActionTest.java | 30 ++++++----- .../SearchProjectPermissionsActionTest.java | 4 +- .../server/permission/ws/UsersActionTest.java | 21 ++++---- .../server/user/ServerUserSessionTest.java | 52 ++++++++++--------- .../server/user/ws/DeactivateActionTest.java | 7 +-- 17 files changed, 220 insertions(+), 170 deletions(-) diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java index 432d00c2cb4..cb1565e177c 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java @@ -39,6 +39,8 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; +import static org.sonar.db.permission.OrganizationPermission.SCAN; public class AuthorizationDaoTest { @@ -432,7 +434,7 @@ public class AuthorizationDaoTest { @Test public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_exist() { // another user - db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN); + db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); Set orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, MISSING_ID, SYSTEM_ADMIN); @@ -441,7 +443,7 @@ public class AuthorizationDaoTest { @Test public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_have_permission_at_all() { - db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN); + db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); // user is not part of this group db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION); @@ -486,10 +488,10 @@ public class AuthorizationDaoTest { @Test public void selectOrganizationUuidsOfUserWithGlobalPermission_ignores_anonymous_permissions() { - db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION); - db.users().insertPermissionOnUser(org, user, QUALITY_GATE_ADMIN); + db.users().insertPermissionOnAnyone(org, SCAN); + db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_GATES); - Set orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN_EXECUTION); + Set orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey()); assertThat(orgUuids).isEmpty(); } diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/GroupPermissionDaoTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/GroupPermissionDaoTest.java index bb609fa0092..63231c85b49 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/GroupPermissionDaoTest.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/GroupPermissionDaoTest.java @@ -46,6 +46,9 @@ import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newProjectDto; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; +import static org.sonar.db.permission.OrganizationPermission.SCAN; public class GroupPermissionDaoTest { @@ -98,7 +101,7 @@ public class GroupPermissionDaoTest { GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2"); GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3"); GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); - db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION); + db.users().insertPermissionOnAnyone(organizationDto, SCAN); assertThat(underTest.selectGroupNamesByQuery(dbSession, organizationDto.getUuid(), PermissionQuery.builder().build())) .containsExactly(ANYONE, group1.getName(), group2.getName(), group3.getName()); @@ -110,13 +113,13 @@ public class GroupPermissionDaoTest { GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); db.users().insertGroup(organizationDto, "Group-2"); db.users().insertGroup(organizationDto, "Group-3"); - db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION); - db.users().insertPermissionOnGroup(group1, PROVISIONING); + db.users().insertPermissionOnAnyone(organizationDto, SCAN); + db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS); assertThat(underTest.countGroupsByQuery(dbSession, defaultOrganizationUuid, PermissionQuery.builder().build())).isEqualTo(4); assertThat(underTest.countGroupsByQuery(dbSession, - defaultOrganizationUuid, PermissionQuery.builder().setPermission(PROVISIONING).build())).isEqualTo(1); + defaultOrganizationUuid, PermissionQuery.builder().setPermission(PROVISION_PROJECTS.getKey()).build())).isEqualTo(1); assertThat(underTest.countGroupsByQuery(dbSession, defaultOrganizationUuid, PermissionQuery.builder().withAtLeastOnePermission().build())).isEqualTo(2); assertThat(underTest.countGroupsByQuery(dbSession, @@ -134,20 +137,20 @@ public class GroupPermissionDaoTest { ComponentDto project = db.components().insertComponent(newProjectDto(organizationDto)); - db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION); - db.users().insertPermissionOnAnyone(organizationDto, PROVISIONING); - db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION); - db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN); + db.users().insertPermissionOnAnyone(organizationDto, SCAN); + db.users().insertPermissionOnAnyone(organizationDto, PROVISION_PROJECTS); + db.users().insertPermissionOnGroup(group1, SCAN); + db.users().insertPermissionOnGroup(group3, ADMINISTER); db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project); assertThat(underTest.selectGroupNamesByQuery(dbSession, - organizationDto.getUuid(), PermissionQuery.builder().setPermission(SCAN_EXECUTION).build())).containsExactly(ANYONE, group1.getName()); + organizationDto.getUuid(), PermissionQuery.builder().setPermission(SCAN.getKey()).build())).containsExactly(ANYONE, group1.getName()); assertThat(underTest.selectGroupNamesByQuery(dbSession, - organizationDto.getUuid(), PermissionQuery.builder().setPermission(SYSTEM_ADMIN).build())).containsExactly(group3.getName()); + organizationDto.getUuid(), PermissionQuery.builder().setPermission(ADMINISTER.getKey()).build())).containsExactly(group3.getName()); assertThat(underTest.selectGroupNamesByQuery(dbSession, - organizationDto.getUuid(), PermissionQuery.builder().setPermission(PROVISIONING).build())).containsExactly(ANYONE); + organizationDto.getUuid(), PermissionQuery.builder().setPermission(PROVISION_PROJECTS.getKey()).build())).containsExactly(ANYONE); } @Test @@ -166,7 +169,7 @@ public class GroupPermissionDaoTest { db.users().insertProjectPermissionOnGroup(group1, SYSTEM_ADMIN, anotherProject); db.users().insertProjectPermissionOnAnyone(SYSTEM_ADMIN, anotherProject); db.users().insertProjectPermissionOnGroup(group3, SCAN_EXECUTION, anotherProject); - db.users().insertPermissionOnGroup(group2, SCAN_EXECUTION); + db.users().insertPermissionOnGroup(group2, SCAN); PermissionQuery.Builder builderOnComponent = PermissionQuery.builder().setComponentUuid(project.uuid()); assertThat(underTest.selectGroupNamesByQuery(dbSession, @@ -190,7 +193,7 @@ public class GroupPermissionDaoTest { public void selectGroupNamesByQuery_with_search_query() { GroupDto group = db.users().insertGroup(db.getDefaultOrganization(), "group-anyone"); db.users().insertGroup(db.getDefaultOrganization(), "unknown"); - db.users().insertPermissionOnGroup(group, SCAN_EXECUTION); + db.users().insertPermissionOnGroup(group, SCAN); assertThat(underTest.selectGroupNamesByQuery(dbSession, defaultOrganizationUuid, PermissionQuery.builder().setSearchQuery("any").build())).containsOnlyOnce(ANYONE, group.getName()); @@ -211,18 +214,18 @@ public class GroupPermissionDaoTest { OrganizationDto organizationDto = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); - db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION); + db.users().insertPermissionOnGroup(group1, SCAN); GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2"); ComponentDto project = db.components().insertComponent(newProjectDto(organizationDto)); db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project); GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3"); - db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN); + db.users().insertPermissionOnGroup(group3, ADMINISTER); // Anyone - db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION); - db.users().insertPermissionOnAnyone(organizationDto, PROVISIONING); + db.users().insertPermissionOnAnyone(organizationDto, SCAN); + db.users().insertPermissionOnAnyone(organizationDto, PROVISION_PROJECTS); assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(group1.getId()), null)) .extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId) @@ -249,7 +252,7 @@ public class GroupPermissionDaoTest { public void selectByGroupIds_on_projects() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org, "Group-1"); - db.users().insertPermissionOnGroup(group1, PROVISIONING); + db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS); GroupDto group2 = db.users().insertGroup(org, "Group-2"); ComponentDto project = db.components().insertComponent(newProjectDto(org)); @@ -259,7 +262,7 @@ public class GroupPermissionDaoTest { db.users().insertProjectPermissionOnGroup(group3, USER, project); // Anyone group - db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION); + db.users().insertPermissionOnAnyone(org, SCAN); db.users().insertProjectPermissionOnAnyone(PROVISIONING, project); assertThat(underTest.selectByGroupIds(dbSession, defaultOrganizationUuid, singletonList(group1.getId()), project.getId())).isEmpty(); diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/user/RoleDaoTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/user/RoleDaoTest.java index 580b26956aa..64055a59bd0 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/user/RoleDaoTest.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/user/RoleDaoTest.java @@ -25,12 +25,12 @@ import org.junit.Rule; import org.junit.Test; import org.sonar.api.utils.System2; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbSession; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; public class RoleDaoTest { @@ -58,7 +58,7 @@ public class RoleDaoTest { db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project1); db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2); // global permission - not returned - db.users().insertPermissionOnUser(user1, UserRole.ADMIN); + db.users().insertPermissionOnUser(user1, ADMINISTER); // project permission on another user id - not returned db.users().insertProjectPermissionOnUser(user2, UserRole.ADMIN, project1); // project permission on another permission - not returned @@ -77,10 +77,10 @@ public class RoleDaoTest { db.users().insertMember(group1, user1); db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2); // global permission - not returned - db.users().insertPermissionOnUser(user1, GlobalPermissions.SYSTEM_ADMIN); - db.users().insertPermissionOnGroup(group1, GlobalPermissions.SYSTEM_ADMIN); + db.users().insertPermissionOnUser(user1, ADMINISTER); + db.users().insertPermissionOnGroup(group1, ADMINISTER); // project permission on another user id - not returned - db.users().insertPermissionOnGroup(group2, GlobalPermissions.SYSTEM_ADMIN); + db.users().insertPermissionOnGroup(group2, ADMINISTER); db.users().insertMember(group2, user2); // project permission on another permission - not returned db.users().insertProjectPermissionOnGroup(group1, UserRole.ISSUE_ADMIN, project1); diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDaoTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDaoTest.java index c1a8623223c..54e49e3b0c7 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDaoTest.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDaoTest.java @@ -42,6 +42,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.fail; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; import static org.sonar.db.user.GroupMembershipQuery.IN; import static org.sonar.db.user.GroupMembershipQuery.builder; import static org.sonar.db.user.GroupTesting.newGroupDto; @@ -390,7 +391,7 @@ public class UserDaoTest { public void deactivate_user() throws Exception { UserDto user = newActiveUser(); PropertyDto property = insertProperty(user); - db.users().insertPermissionOnUser(user, "perm"); + db.users().insertPermissionOnUser(user, ADMINISTER); insertUserGroup(user); UserDto otherUser = newActiveUser(); diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java b/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java index 8f8c2e49c84..c500bd4cdc2 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java @@ -25,15 +25,17 @@ import java.util.Optional; import java.util.function.Consumer; import javax.annotation.CheckForNull; import javax.annotation.Nullable; -import org.sonar.core.permission.GlobalPermissions; +import org.sonar.core.util.stream.Collectors; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.GroupPermissionDto; +import org.sonar.db.permission.OrganizationPermission; import org.sonar.db.permission.UserPermissionDto; import static com.google.common.base.Preconditions.checkArgument; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; import static org.sonar.db.user.GroupTesting.newGroupDto; import static org.sonar.db.user.UserTesting.newUserDto; @@ -83,7 +85,7 @@ public class UserDbTester { public UserDto insertAdminByUserPermission(OrganizationDto org) { UserDto user = insertUser(); - insertPermissionOnUser(org, user, GlobalPermissions.SYSTEM_ADMIN); + insertPermissionOnUser(org, user, ADMINISTER); return user; } @@ -166,6 +168,10 @@ public class UserDbTester { return dto; } + public GroupPermissionDto insertPermissionOnAnyone(OrganizationDto org, OrganizationPermission permission) { + return insertPermissionOnAnyone(org, permission.getKey()); + } + public GroupPermissionDto insertPermissionOnGroup(GroupDto group, String permission) { GroupPermissionDto dto = new GroupPermissionDto() .setOrganizationUuid(group.getOrganizationUuid()) @@ -176,6 +182,10 @@ public class UserDbTester { return dto; } + public GroupPermissionDto insertPermissionOnGroup(GroupDto group, OrganizationPermission permission) { + return insertPermissionOnGroup(group, permission.getKey()); + } + public void deletePermissionFromGroup(GroupDto group, String permission) { db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, group.getOrganizationUuid(), group.getId(), null); db.commit(); @@ -219,22 +229,23 @@ public class UserDbTester { org.getUuid(), null); } checkArgument(org.getUuid().equals(project.getOrganizationUuid()), "Different organizations"); - return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), - org.getUuid(), null, project.getId()); + return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), org.getUuid(), null, project.getId()); } // USER PERMISSIONS /** - * Grant global permission on default organization + * Grant permission on default organization */ - public UserPermissionDto insertPermissionOnUser(UserDto user, String permission) { + public UserPermissionDto insertPermissionOnUser(UserDto user, OrganizationPermission permission) { return insertPermissionOnUser(db.getDefaultOrganization(), user, permission); } /** * Grant global permission + * @deprecated use {@link #insertPermissionOnUser(OrganizationDto, UserDto, OrganizationPermission)} */ + @Deprecated public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, String permission) { UserPermissionDto dto = new UserPermissionDto(org.getUuid(), permission, user.getId(), null); db.getDbClient().userPermissionDao().insert(db.getSession(), dto); @@ -242,8 +253,15 @@ public class UserDbTester { return dto; } - public void deletePermissionFromUser(OrganizationDto org, UserDto user, String permission) { - db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getId(), permission, org.getUuid()); + /** + * Grant organization permission to user + */ + public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, OrganizationPermission permission) { + return insertPermissionOnUser(org, user, permission.getKey()); + } + + public void deletePermissionFromUser(OrganizationDto org, UserDto user, OrganizationPermission permission) { + db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getId(), permission.getKey(), org.getUuid()); db.commit(); } @@ -262,11 +280,19 @@ public class UserDbTester { return dto; } - public List selectGlobalPermissionsOfUser(UserDto user, OrganizationDto organization) { - return db.getDbClient().userPermissionDao().selectGlobalPermissionsOfUser(db.getSession(), user.getId(), organization.getUuid()); + public List selectPermissionsOfUser(UserDto user, OrganizationDto organization) { + return toListOfOrganizationPermissions(db.getDbClient().userPermissionDao() + .selectGlobalPermissionsOfUser(db.getSession(), user.getId(), organization.getUuid())); } public List selectProjectPermissionsOfUser(UserDto user, ComponentDto project) { return db.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(db.getSession(), user.getId(), project.getId()); } + + private static List toListOfOrganizationPermissions(List keys) { + return keys + .stream() + .map(OrganizationPermission::fromKey) + .collect(Collectors.toList()); + } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchMyOrganizationsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchMyOrganizationsActionTest.java index b25d9c98880..90a04317e14 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchMyOrganizationsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchMyOrganizationsActionTest.java @@ -19,14 +19,15 @@ */ package org.sonar.server.organization.ws; +import java.util.Arrays; import org.junit.Rule; import org.junit.Test; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; -import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; +import org.sonar.db.permission.OrganizationPermission; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; import org.sonar.server.tester.UserSessionRule; @@ -35,6 +36,7 @@ import org.sonar.server.ws.WsActionTester; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; import static org.sonar.test.JsonAssert.assertJson; public class SearchMyOrganizationsActionTest { @@ -125,16 +127,16 @@ public class SearchMyOrganizationsActionTest { public void returns_organizations_of_authenticated_user_when_user_has_ADMIN_group_permission_on_some_organization() { UserDto user = dbTester.users().insertUser(); GroupDto defaultGroup = dbTester.users().insertGroup(dbTester.getDefaultOrganization()); - dbTester.users().insertPermissionOnGroup(defaultGroup, SYSTEM_ADMIN); + dbTester.users().insertPermissionOnGroup(defaultGroup, ADMINISTER); dbTester.users().insertMember(defaultGroup, user); OrganizationDto organization1 = dbTester.organizations().insert(); GroupDto group1 = dbTester.users().insertGroup(organization1); - dbTester.users().insertPermissionOnGroup(group1, SYSTEM_ADMIN); + dbTester.users().insertPermissionOnGroup(group1, ADMINISTER); dbTester.users().insertMember(group1, user); UserDto otherUser = dbTester.users().insertUser(); OrganizationDto organization2 = dbTester.organizations().insert(); GroupDto group2 = dbTester.users().insertGroup(organization2); - dbTester.users().insertPermissionOnGroup(group2, SYSTEM_ADMIN); + dbTester.users().insertPermissionOnGroup(group2, ADMINISTER); dbTester.users().insertMember(group2, otherUser); userSessionRule.logIn(user); @@ -159,8 +161,8 @@ public class SearchMyOrganizationsActionTest { OrganizationDto organization2 = dbTester.organizations().insert(); GroupDto group = dbTester.users().insertGroup(organization2); dbTester.users().insertMember(group, user); - GlobalPermissions.ALL.stream() - .filter(s -> !s.equals(SYSTEM_ADMIN)) + Arrays.stream(OrganizationPermission.values()) + .filter(s -> s != ADMINISTER) .forEach(s -> { dbTester.users().insertPermissionOnUser(organization1, user, s); dbTester.users().insertPermissionOnGroup(group, s); @@ -175,7 +177,7 @@ public class SearchMyOrganizationsActionTest { UserDto user = dbTester.users().insertUser(); OrganizationDto organization = dbTester.organizations().insert(); GroupDto group1 = dbTester.users().insertGroup(organization); - dbTester.users().insertPermissionOnGroup(group1, SYSTEM_ADMIN); + dbTester.users().insertPermissionOnGroup(group1, ADMINISTER); dbTester.users().insertPermissionOnUser(organization, user, SYSTEM_ADMIN); userSessionRule.logIn(user); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java index fac0e312a19..c93e1ff76e4 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java @@ -35,6 +35,9 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; +import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; public class GroupPermissionChangerTest { @@ -98,11 +101,11 @@ public class GroupPermissionChangerTest { @Test public void do_nothing_when_adding_permission_that_already_exists() { GroupIdOrAnyone groupId = new GroupIdOrAnyone(group); - db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN); + db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); - apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupId)); - assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN); + assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey()); } @Test @@ -128,24 +131,24 @@ public class GroupPermissionChangerTest { @Test public void remove_permission_from_group() { GroupIdOrAnyone groupId = new GroupIdOrAnyone(group); - db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN); - db.users().insertPermissionOnGroup(group, GlobalPermissions.PROVISIONING); + db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); + db.users().insertPermissionOnGroup(group, PROVISION_PROJECTS); - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupId)); - assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.PROVISIONING); + assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(PROVISION_PROJECTS.getKey()); } @Test public void remove_project_permission_from_group() { GroupIdOrAnyone groupId = new GroupIdOrAnyone(group); - db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN); + db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project); db.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, project); apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(project), groupId)); - assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN); + assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey()); assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(UserRole.CODEVIEWER); } @@ -162,22 +165,22 @@ public class GroupPermissionChangerTest { @Test public void fail_to_remove_admin_permission_if_no_more_admins() { GroupIdOrAnyone groupId = new GroupIdOrAnyone(group); - db.users().insertPermissionOnGroup(group, GlobalPermissions.SYSTEM_ADMIN); + db.users().insertPermissionOnGroup(group, ADMINISTER); expectedException.expect(BadRequestException.class); expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed."); - underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.SYSTEM_ADMIN, null, groupId)); + underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId)); } @Test public void remove_admin_group_if_still_other_admins() { GroupIdOrAnyone groupId = new GroupIdOrAnyone(group); - db.users().insertPermissionOnGroup(group, GlobalPermissions.SYSTEM_ADMIN); + db.users().insertPermissionOnGroup(group, ADMINISTER); UserDto admin = db.users().insertUser(); - db.users().insertPermissionOnUser(org, admin, GlobalPermissions.SYSTEM_ADMIN); + db.users().insertPermissionOnUser(org, admin, ADMINISTER); - apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.SYSTEM_ADMIN, null, groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId)); assertThat(db.users().selectGroupPermissions(group, null)).isEmpty(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java index 23f27b4aad4..6843b70e5f0 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java @@ -30,8 +30,6 @@ import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; -import org.sonar.server.organization.DefaultOrganizationProvider; -import org.sonar.server.organization.TestDefaultOrganizationProvider; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.web.UserRole.ISSUE_ADMIN; @@ -39,6 +37,9 @@ import static org.sonar.api.web.UserRole.USER; import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; +import static org.sonar.db.permission.OrganizationPermission.SCAN; import static org.sonar.server.permission.PermissionChange.Operation.ADD; import static org.sonar.server.permission.PermissionChange.Operation.REMOVE; @@ -71,10 +72,10 @@ public class UserPermissionChangerTest { UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), SCAN_EXECUTION, null, UserId.from(user1)); apply(change); - assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).containsOnly(SCAN_EXECUTION); - assertThat(db.users().selectGlobalPermissionsOfUser(user1, org2)).isEmpty(); + assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN); + assertThat(db.users().selectPermissionsOfUser(user1, org2)).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).isEmpty(); - assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).isEmpty(); + assertThat(db.users().selectPermissionsOfUser(user2, org1)).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user2, project)).isEmpty(); } @@ -83,20 +84,20 @@ public class UserPermissionChangerTest { UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), ISSUE_ADMIN, new ProjectId(project), UserId.from(user1)); apply(change); - assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty(); + assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).contains(ISSUE_ADMIN); - assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).isEmpty(); + assertThat(db.users().selectPermissionsOfUser(user2, org1)).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user2, project)).isEmpty(); } @Test public void do_nothing_when_adding_global_permission_that_already_exists() { - db.users().insertPermissionOnUser(org1, user1, QUALITY_GATE_ADMIN); + db.users().insertPermissionOnUser(org1, user1, ADMINISTER_QUALITY_GATES); UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); apply(change); - assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).hasSize(1).containsOnly(QUALITY_GATE_ADMIN); + assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(ADMINISTER_QUALITY_GATES); } @Test @@ -128,16 +129,16 @@ public class UserPermissionChangerTest { UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); apply(change); - assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).containsOnly(SCAN_EXECUTION); - assertThat(db.users().selectGlobalPermissionsOfUser(user1, org2)).containsOnly(QUALITY_GATE_ADMIN); - assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).containsOnly(QUALITY_GATE_ADMIN); + assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN); + assertThat(db.users().selectPermissionsOfUser(user1, org2)).containsOnly(ADMINISTER_QUALITY_GATES); + assertThat(db.users().selectPermissionsOfUser(user2, org1)).containsOnly(ADMINISTER_QUALITY_GATES); assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).containsOnly(ISSUE_ADMIN); } @Test public void remove_project_permission_from_user() { ComponentDto project2 = db.components().insertProject(org1); - db.users().insertPermissionOnUser(user1, QUALITY_GATE_ADMIN); + db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES); db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, project); db.users().insertProjectPermissionOnUser(user1, USER, project); db.users().insertProjectPermissionOnUser(user2, ISSUE_ADMIN, project); @@ -156,7 +157,7 @@ public class UserPermissionChangerTest { UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); apply(change); - assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty(); + assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); } @Test @@ -180,15 +181,15 @@ public class UserPermissionChangerTest { @Test public void remove_admin_user_if_still_other_admins() { - db.users().insertPermissionOnUser(org1, user1, SYSTEM_ADMIN); + db.users().insertPermissionOnUser(org1, user1, ADMINISTER); GroupDto admins = db.users().insertGroup(org1, "admins"); db.users().insertMember(admins, user2); - db.users().insertPermissionOnGroup(admins, SYSTEM_ADMIN); + db.users().insertPermissionOnGroup(admins, ADMINISTER); - UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), SYSTEM_ADMIN, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1)); underTest.apply(db.getSession(), change); - assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty(); + assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); } private void apply(UserPermissionChange change) { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java index 1ac4b311c56..b1a8d137132 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java @@ -38,6 +38,7 @@ import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newFileDto; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.component.ComponentTesting.newView; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; @@ -66,7 +67,7 @@ public class AddUserActionTest extends BasePermissionWsTest { .setParam(PARAM_PERMISSION, SYSTEM_ADMIN) .execute(); - assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(SYSTEM_ADMIN); + assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(ADMINISTER); } @Test @@ -79,7 +80,7 @@ public class AddUserActionTest extends BasePermissionWsTest { .setParam(PARAM_PERMISSION, SYSTEM_ADMIN) .execute(); - assertThat(db.users().selectGlobalPermissionsOfUser(user, organization)).containsOnly(SYSTEM_ADMIN); + assertThat(db.users().selectPermissionsOfUser(user, organization)).containsOnly(ADMINISTER); } @Test @@ -94,7 +95,7 @@ public class AddUserActionTest extends BasePermissionWsTest { .setParam(PARAM_PERMISSION, SYSTEM_ADMIN) .execute(); - assertThat(db.users().selectGlobalPermissionsOfUser(user, organization)).isEmpty(); + assertThat(db.users().selectPermissionsOfUser(user, organization)).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN); } @@ -109,7 +110,7 @@ public class AddUserActionTest extends BasePermissionWsTest { .setParam(PARAM_PERMISSION, SYSTEM_ADMIN) .execute(); - assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty(); + assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN); } @@ -124,7 +125,7 @@ public class AddUserActionTest extends BasePermissionWsTest { .setParam(PARAM_PERMISSION, SYSTEM_ADMIN) .execute(); - assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty(); + assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(SYSTEM_ADMIN); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java index 56d05b8c21f..077a33c362a 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java @@ -36,9 +36,10 @@ import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY; import static org.sonar.api.web.UserRole.ADMIN; import static org.sonar.api.web.UserRole.ISSUE_ADMIN; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.component.ComponentTesting.newView; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.db.permission.OrganizationPermission.SCAN; import static org.sonar.test.JsonAssert.assertJson; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; @@ -64,10 +65,10 @@ public class GroupsActionTest extends BasePermissionWsTest { group1 = db.users().insertGroup(defOrg, "group-1-name"); group2 = db.users().insertGroup(defOrg, "group-2-name"); group3 = db.users().insertGroup(defOrg, "group-3-name"); - db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION); - db.users().insertPermissionOnGroup(group2, SCAN_EXECUTION); - db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN); - db.users().insertPermissionOnAnyone(defOrg, SCAN_EXECUTION); + db.users().insertPermissionOnGroup(group1, SCAN); + db.users().insertPermissionOnGroup(group2, SCAN); + db.users().insertPermissionOnGroup(group3, ADMINISTER); + db.users().insertPermissionOnAnyone(defOrg, SCAN); db.commit(); } @@ -76,7 +77,7 @@ public class GroupsActionTest extends BasePermissionWsTest { loginAsAdmin(db.getDefaultOrganization()); String json = newRequest() - .setParam(PARAM_PERMISSION, SCAN_EXECUTION) + .setParam(PARAM_PERMISSION, SCAN.getKey()) .execute() .getInput(); assertJson(json).isSimilarTo("{\n" + @@ -114,7 +115,7 @@ public class GroupsActionTest extends BasePermissionWsTest { public void search_with_selection() throws Exception { loginAsAdmin(db.getDefaultOrganization()); String result = newRequest() - .setParam(PARAM_PERMISSION, SCAN_EXECUTION) + .setParam(PARAM_PERMISSION, SCAN.getKey()) .execute() .getInput(); @@ -125,7 +126,7 @@ public class GroupsActionTest extends BasePermissionWsTest { public void search_groups_with_pagination() throws Exception { loginAsAdmin(db.getDefaultOrganization()); String result = newRequest() - .setParam(PARAM_PERMISSION, SCAN_EXECUTION) + .setParam(PARAM_PERMISSION, SCAN.getKey()) .setParam(PAGE_SIZE, "1") .setParam(PAGE, "3") .execute() @@ -140,7 +141,7 @@ public class GroupsActionTest extends BasePermissionWsTest { public void search_groups_with_query() throws Exception { loginAsAdmin(db.getDefaultOrganization()); String result = newRequest() - .setParam(PARAM_PERMISSION, SCAN_EXECUTION) + .setParam(PARAM_PERMISSION, SCAN.getKey()) .setParam(TEXT_QUERY, "group-") .execute() .getInput(); @@ -259,7 +260,7 @@ public class GroupsActionTest extends BasePermissionWsTest { userSession.anonymous(); newRequest() - .setParam(PARAM_PERMISSION, "scan") + .setParam(PARAM_PERMISSION, SCAN.getKey()) .execute(); } @@ -269,7 +270,7 @@ public class GroupsActionTest extends BasePermissionWsTest { userSession.logIn("login"); newRequest() - .setParam(PARAM_PERMISSION, "scan") + .setParam(PARAM_PERMISSION, SCAN.getKey()) .execute(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java index 569e595e88f..db7514b286c 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java @@ -37,6 +37,8 @@ import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newFileDto; import static org.sonar.db.component.ComponentTesting.newProjectDto; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; @@ -60,8 +62,8 @@ public class RemoveGroupActionTest extends BasePermissionWsTest @Test public void remove_permission_from_user() throws Exception { - db.users().insertPermissionOnUser(user, PROVISIONING); - db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN); + db.users().insertPermissionOnUser(user, PROVISION_PROJECTS); + db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); loginAsAdmin(db.getDefaultOrganization()); newRequest() @@ -73,13 +76,12 @@ public class RemoveUserActionTest extends BasePermissionWsTest .setParam(PARAM_PERMISSION, QUALITY_GATE_ADMIN) .execute(); - assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(PROVISIONING); + assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(PROVISION_PROJECTS); } @Test public void fail_to_remove_admin_permission_if_last_admin() throws Exception { - db.users().insertPermissionOnUser(user, CODEVIEWER); - db.users().insertPermissionOnUser(user, ADMIN); + db.users().insertPermissionOnUser(user, ADMINISTER); loginAsAdmin(db.getDefaultOrganization()); expectedException.expect(BadRequestException.class); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java index 066e112f8e4..2500f7b6fc1 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java @@ -36,10 +36,12 @@ import org.sonarqube.ws.WsPermissions; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; -import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; +import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; +import static org.sonar.db.permission.OrganizationPermission.SCAN; import static org.sonar.test.JsonAssert.assertJson; public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest { @@ -62,20 +64,20 @@ public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest { public void search_for_users_with_response_example() throws Exception { UserDto user1 = db.users().insertUser(newUserDto().setLogin("admin").setName("Administrator").setEmail("admin@admin.com")); UserDto user2 = db.users().insertUser(newUserDto().setLogin("george.orwell").setName("George Orwell").setEmail("george.orwell@1984.net")); - db.users().insertPermissionOnUser(user1, SYSTEM_ADMIN); - db.users().insertPermissionOnUser(user1, QUALITY_GATE_ADMIN); - db.users().insertPermissionOnUser(user1, QUALITY_PROFILE_ADMIN); - db.users().insertPermissionOnUser(user2, SCAN_EXECUTION); + db.users().insertPermissionOnUser(user1, ADMINISTER); + db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES); + db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES); + db.users().insertPermissionOnUser(user2, SCAN); loginAsAdmin(db.getDefaultOrganization()); String result = newRequest().execute().getInput(); @@ -269,9 +270,9 @@ public class UsersActionTest extends BasePermissionWsTest { UserDto user1 = db.users().insertUser(newUserDto("login-1", "name-1", "email-1")); UserDto user2 = db.users().insertUser(newUserDto("login-2", "name-2", "email-2")); UserDto user3 = db.users().insertUser(newUserDto("login-3", "name-3", "email-3")); - db.users().insertPermissionOnUser(user1, SCAN_EXECUTION); - db.users().insertPermissionOnUser(user2, SCAN_EXECUTION); - db.users().insertPermissionOnUser(user3, SYSTEM_ADMIN); + db.users().insertPermissionOnUser(user1, SCAN); + db.users().insertPermissionOnUser(user2, SCAN); + db.users().insertPermissionOnUser(user3, ADMINISTER); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java index 9aec92879c1..933297c4b38 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java @@ -31,17 +31,19 @@ import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; import org.sonar.db.organization.OrganizationDto; +import org.sonar.db.permission.OrganizationPermission; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.organization.TestDefaultOrganizationProvider; import org.sonar.server.organization.TestOrganizationFlags; -import org.sonar.db.permission.OrganizationPermission; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; -import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; +import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; +import static org.sonar.db.permission.OrganizationPermission.SCAN; import static org.sonar.db.user.UserTesting.newUserDto; public class ServerUserSessionTest { @@ -174,7 +176,7 @@ public class ServerUserSessionTest { expectInsufficientPrivilegesForbiddenException(); - newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); + newUserSession(NON_ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org); } @Test @@ -183,38 +185,38 @@ public class ServerUserSessionTest { db.users().insertUser(NON_ROOT_USER_DTO); db.users().insertPermissionOnUser(org, NON_ROOT_USER_DTO, PROVISIONING); - newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); + newUserSession(NON_ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org); } @Test public void checkPermission_succeeds_when_user_is_root() { OrganizationDto org = db.organizations().insert(); - newUserSession(ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); + newUserSession(ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org); } @Test public void test_hasPermission_on_organization_for_logged_in_user() { OrganizationDto org = db.organizations().insert(); ComponentDto project = db.components().insertProject(org); - db.users().insertPermissionOnUser(org, userDto, PROVISIONING); + db.users().insertPermissionOnUser(org, userDto, PROVISION_PROJECTS); db.users().insertProjectPermissionOnUser(userDto, UserRole.ADMIN, project); UserSession session = newUserSession(userDto); - assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); - assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); - assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse(); + assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); + assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse(); } @Test public void test_hasPermission_on_organization_for_anonymous_user() { OrganizationDto org = db.organizations().insert(); - db.users().insertPermissionOnAnyone(org, PROVISIONING); + db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS); UserSession session = newAnonymousSession(); - assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); - assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); - assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse(); + assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); + assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse(); } @Test @@ -225,30 +227,30 @@ public class ServerUserSessionTest { UserSession session = newUserSession(userDto); // feed the cache - assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); // change permissions without updating the cache - db.users().deletePermissionFromUser(org, userDto, PROVISIONING); - db.users().insertPermissionOnUser(org, userDto, SCAN_EXECUTION); - assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); - assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); - assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse(); + db.users().deletePermissionFromUser(org, userDto, PROVISION_PROJECTS); + db.users().insertPermissionOnUser(org, userDto, SCAN); + assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); + assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse(); } @Test public void hasPermission_on_organization_keeps_cache_of_permissions_of_anonymous_user() { OrganizationDto org = db.organizations().insert(); - db.users().insertPermissionOnAnyone(org, PROVISIONING); + db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS); UserSession session = newAnonymousSession(); // feed the cache - assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); // change permissions without updating the cache - db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION); - assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); - assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse(); + db.users().insertPermissionOnAnyone(org, SCAN); + assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); + assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse(); } @Test @@ -418,7 +420,7 @@ public class ServerUserSessionTest { private void addPermissions(@Nullable ComponentDto component, String... permissions) { for (String permission : permissions) { if (component == null) { - db.users().insertPermissionOnUser(userDto, permission); + db.users().insertPermissionOnUser(userDto, OrganizationPermission.fromKey(permission)); } else { db.users().insertProjectPermissionOnUser(userDto, permission, component); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/DeactivateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/DeactivateActionTest.java index 783cce58adb..da0a79bf773 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/DeactivateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/DeactivateActionTest.java @@ -51,6 +51,7 @@ import static java.util.Collections.singletonList; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.organization.OrganizationTesting.newOrganizationDto; +import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; import static org.sonar.db.user.UserTesting.newUserDto; import static org.sonar.db.user.UserTokenTesting.newUserToken; import static org.sonar.test.JsonAssert.assertJson; @@ -168,7 +169,7 @@ public class DeactivateActionTest { @Test public void fail_to_deactivate_last_administrator_of_default_organization() throws Exception { UserDto admin = createUser(); - db.users().insertPermissionOnUser(admin, SYSTEM_ADMIN); + db.users().insertPermissionOnUser(admin, ADMINISTER); logInAsSystemAdministrator(); expectedException.expect(BadRequestException.class); @@ -202,8 +203,8 @@ public class DeactivateActionTest { public void administrators_can_be_deactivated_if_there_are_still_other_administrators() throws Exception { UserDto admin = createUser(); UserDto anotherAdmin = createUser(); - db.users().insertPermissionOnUser(admin, SYSTEM_ADMIN); - db.users().insertPermissionOnUser(anotherAdmin, SYSTEM_ADMIN); + db.users().insertPermissionOnUser(admin, ADMINISTER); + db.users().insertPermissionOnUser(anotherAdmin, ADMINISTER); db.commit(); logInAsSystemAdministrator(); -- 2.39.5