mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 239 Wiki Activity
Browse Source

Clean PermissionTemplateService and associated classes

tags/5.2-RC1
Teryk Bellahsene 8 years ago
parent
71d96685b3
commit
28acbfa672
19 changed files with 19 additions and 1299 deletions
Split View Show Diff Stats
  1. 8
    6
      it/it-tests/src/test/java/administration/suite/administration/ProjectAdministrationTest.java
  2. 3
    2
      it/it-tests/src/test/java/analysis/suite/measure/MeasureFiltersTest.java
  3. 0
    6
      server/sonar-server/src/main/java/org/sonar/server/permission/GroupWithPermissionQueryResult.java
  4. 0
    118
      server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplate.java
  5. 0
    52
      server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateGroup.java
  6. 0
    241
      server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java
  7. 0
    96
      server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUpdater.java
  8. 0
    58
      server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUser.java
  9. 0
    7
      server/sonar-server/src/main/java/org/sonar/server/permission/UserWithPermissionQueryResult.java
  10. 2
    2
      server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java
  11. 3
    18
      server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionQueryParser.java
  12. 2
    2
      server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java
  13. 0
    2
      server/sonar-server/src/main/java/org/sonar/server/platform/platformlevel/PlatformLevel4.java
  14. 0
    10
      server/sonar-server/src/test/java/org/sonar/server/permission/PermissionFinderTest.java
  15. 0
    81
      server/sonar-server/src/test/java/org/sonar/server/permission/PermissionQueryParserTest.java
  16. 0
    373
      server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java
  17. 0
    68
      server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateTest.java
  18. 0
    157
      server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateUpdaterTest.java
  19. 1
    0
      server/sonar-web/src/main/webapp/WEB-INF/app/models/internal.rb

+ 8
- 6
it/it-tests/src/test/java/administration/suite/administration/ProjectAdministrationTest.java View File

@@ -34,7 +34,6 @@ import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.wsclient.SonarClient;
import org.sonar.wsclient.base.HttpException;
import org.sonar.wsclient.permissions.PermissionParameters;
import org.sonar.wsclient.qualitygate.NewCondition;
import org.sonar.wsclient.qualitygate.QualityGate;
import org.sonar.wsclient.qualitygate.QualityGateClient;
@@ -106,22 +105,25 @@ public class ProjectAdministrationTest {
@Test
public void project_deletion() {
String projectAdminUser = "project-deletion-with-admin-permission-on-project";
SonarClient adminClient = orchestrator.getServer().adminWsClient();
SonarClient wsClient = orchestrator.getServer().adminWsClient();
try {
SonarRunner scan = SonarRunner.create(projectDir("shared/xoo-sample"));
orchestrator.executeBuild(scan);

// Create user having admin permission on previously analysed project
adminClient.userClient().create(
wsClient.userClient().create(
UserParameters.create().login(projectAdminUser).name(projectAdminUser).password("password").passwordConfirmation("password"));
adminClient.permissionClient().addPermission(
PermissionParameters.create().user(projectAdminUser).component("sample").permission("admin"));

wsClient.post("api/permissions/add_user",
"login", projectAdminUser,
"projectKey", "sample",
"permission", "admin");

new SeleneseTest(
Selenese.builder().setHtmlTestsInClasspath("project-deletion", "/administration/suite/ProjectAdministrationTest/project-deletion/project-deletion.html").build()
).runOn(orchestrator);
} finally {
adminClient.userClient().deactivate(projectAdminUser);
wsClient.userClient().deactivate(projectAdminUser);
}
}


+ 3
- 2
it/it-tests/src/test/java/analysis/suite/measure/MeasureFiltersTest.java View File

@@ -28,7 +28,6 @@ import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.sonar.wsclient.SonarClient;
import org.sonar.wsclient.permissions.PermissionParameters;
import org.sonar.wsclient.user.UserParameters;
import selenium.SeleneseTest;

@@ -150,7 +149,9 @@ public class MeasureFiltersTest {
client.userClient().create(userCreationParameters);

if (permission != null) {
client.permissionClient().addPermission(PermissionParameters.create().user(login).permission(permission));
client.post("api/permissions/add_user",
"login", login,
"permission", permission);
}
}


+ 0
- 6
server/sonar-server/src/main/java/org/sonar/server/permission/GroupWithPermissionQueryResult.java View File

@@ -26,22 +26,16 @@ public class GroupWithPermissionQueryResult {

private final List<GroupWithPermission> groups;
private final int total;
private final boolean hasMoreResults;

public GroupWithPermissionQueryResult(List<GroupWithPermission> groups, int total) {
this.groups = groups;
this.total = total;
this.hasMoreResults = total > groups.size();
}

public List<GroupWithPermission> groups() {
return groups;
}

public boolean hasMoreResults() {
return hasMoreResults;
}

public int total() {
return total;
}

+ 0
- 118
server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplate.java View File

@@ -1,118 +0,0 @@
/*
* SonarQube, open source software quality management tool.
* Copyright (C) 2008-2014 SonarSource
* mailto:contact AT sonarsource DOT com
*
* SonarQube is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* SonarQube is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/

package org.sonar.server.permission;

import com.google.common.collect.HashMultimap;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Multimap;
import org.sonar.db.permission.PermissionTemplateDto;
import org.sonar.db.permission.PermissionTemplateGroupDto;
import org.sonar.db.permission.PermissionTemplateUserDto;

import javax.annotation.CheckForNull;
import javax.annotation.Nullable;

import java.util.List;

public class PermissionTemplate {

private final Long id;
private final String name;
private final String key;
private final String description;
private final String keyPattern;
private Multimap<String, PermissionTemplateUser> usersByPermission;
private Multimap<String, PermissionTemplateGroup> groupsByPermission;

private PermissionTemplate(Long id, String name, String key, @Nullable String description, @Nullable String keyPattern) {
this.id = id;
this.name = name;
this.key = key;
this.description = description;
this.keyPattern = keyPattern;
usersByPermission = HashMultimap.create();
groupsByPermission = HashMultimap.create();
}

public static PermissionTemplate create(@Nullable PermissionTemplateDto permissionTemplateDto) {
if (permissionTemplateDto == null) {
return null;
}
PermissionTemplate permissionTemplate = new PermissionTemplate(
permissionTemplateDto.getId(), permissionTemplateDto.getName(), permissionTemplateDto.getKee(), permissionTemplateDto.getDescription(),
permissionTemplateDto.getKeyPattern());

List<PermissionTemplateUserDto> usersPermissions = permissionTemplateDto.getUsersPermissions();
if (usersPermissions != null) {
for (PermissionTemplateUserDto userPermission : usersPermissions) {
permissionTemplate.registerUserPermission(permissionTemplateDto.getId(), userPermission.getUserId(),
userPermission.getUserName(), userPermission.getUserLogin(), userPermission.getPermission());
}
}

List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplateDto.getGroupsPermissions();
if (groupsPermissions != null) {
for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
permissionTemplate.registerGroupPermission(groupPermission.getPermission(), permissionTemplateDto.getId(),
groupPermission.getGroupId(), groupPermission.getGroupName());
}
}
return permissionTemplate;
}

public Long getId() {
return id;
}

public String getName() {
return name;
}

@CheckForNull
public String getDescription() {
return description;
}

public String getKey() {
return key;
}

@CheckForNull
public String getKeyPattern() {
return keyPattern;
}

public List<PermissionTemplateUser> getUsersForPermission(String permission) {
return ImmutableList.copyOf(usersByPermission.get(permission));
}

public List<PermissionTemplateGroup> getGroupsForPermission(String permission) {
return ImmutableList.copyOf(groupsByPermission.get(permission));
}

private void registerUserPermission(Long templateId, Long userId, String userName, String userLogin, String permission) {
usersByPermission.put(permission, new PermissionTemplateUser(templateId, userId, userName, userLogin, permission));
}

private void registerGroupPermission(String permission, Long templateId, Long groupId, String groupName) {
groupsByPermission.put(permission, new PermissionTemplateGroup(templateId, groupId, groupName, permission));
}
}

+ 0
- 52
server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateGroup.java View File

@@ -1,52 +0,0 @@
/*
* SonarQube, open source software quality management tool.
* Copyright (C) 2008-2014 SonarSource
* mailto:contact AT sonarsource DOT com
*
* SonarQube is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* SonarQube is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/

package org.sonar.server.permission;

public class PermissionTemplateGroup {

private final Long templateId;
private final Long groupId;
private final String groupName;
private final String permission;

public PermissionTemplateGroup(Long templateId, Long groupId, String groupName, String permission) {
this.templateId = templateId;
this.groupId = groupId;
this.groupName = groupName;
this.permission = permission;
}

public Long getTemplateId() {
return templateId;
}

public Long getGroupId() {
return groupId;
}

public String getGroupName() {
return groupName;
}

public String getPermission() {
return permission;
}
}

+ 0
- 241
server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java View File

@@ -1,241 +0,0 @@
/*
* SonarQube, open source software quality management tool.
* Copyright (C) 2008-2014 SonarSource
* mailto:contact AT sonarsource DOT com
*
* SonarQube is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* SonarQube is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/

package org.sonar.server.permission;

import com.google.common.collect.Lists;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import org.sonar.api.server.ServerSide;
import org.sonar.api.utils.System2;
import org.sonar.core.util.Uuids;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.permission.PermissionTemplateDao;
import org.sonar.db.permission.PermissionTemplateDto;
import org.sonar.db.user.GroupDto;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.user.UserSession;

import static java.lang.String.format;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentKey;
import static org.sonar.server.permission.ws.PermissionRequestValidator.MSG_TEMPLATE_NAME_NOT_BLANK;
import static org.sonar.server.permission.ws.PermissionRequestValidator.MSG_TEMPLATE_WITH_SAME_NAME;
import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPattern;
import static org.sonar.server.ws.WsUtils.checkRequest;

/**
* Used by ruby code <pre>Internal.permission_templates</pre>
*/
@ServerSide
public class PermissionTemplateService {

private final DbClient dbClient;
private final PermissionTemplateDao permissionTemplateDao;
private final PermissionFinder finder;
private final UserSession userSession;

public PermissionTemplateService(DbClient dbClient, UserSession userSession, PermissionFinder finder) {
this.dbClient = dbClient;
this.permissionTemplateDao = dbClient.permissionTemplateDao();
this.finder = finder;
this.userSession = userSession;
}

public UserWithPermissionQueryResult findUsersWithPermissionTemplate(Map<String, Object> params) {
return finder.findUsersWithPermissionTemplate(PermissionQueryParser.toQuery(params));
}

public GroupWithPermissionQueryResult findGroupsWithPermissionTemplate(Map<String, Object> params) {
return finder.findGroupsWithPermissionTemplate(PermissionQueryParser.toQuery(params));
}

@CheckForNull
public PermissionTemplate selectPermissionTemplate(String templateKey) {
checkGlobalAdminUser(userSession);
PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectByUuidWithUserAndGroupPermissions(templateKey);
return PermissionTemplate.create(permissionTemplateDto);
}

public List<PermissionTemplate> selectAllPermissionTemplates() {
return selectAllPermissionTemplates(null);
}

public List<PermissionTemplate> selectAllPermissionTemplates(@Nullable String componentKey) {
checkProjectAdminUserByComponentKey(userSession, componentKey);
List<PermissionTemplate> permissionTemplates = Lists.newArrayList();
List<PermissionTemplateDto> permissionTemplateDtos = permissionTemplateDao.selectAll();
if (permissionTemplateDtos != null) {
for (PermissionTemplateDto permissionTemplateDto : permissionTemplateDtos) {
permissionTemplates.add(PermissionTemplate.create(permissionTemplateDto));
}
}
return permissionTemplates;
}

public PermissionTemplate createPermissionTemplate(String name, @Nullable String description, @Nullable String projectKeyPattern) {
DbSession dbSession = dbClient.openSession(false);

try {
checkGlobalAdminUser(userSession);
validateTemplateNameForCreation(dbSession, name);
validateProjectPattern(projectKeyPattern);
Date now = new Date(System2.INSTANCE.now());
PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.insert(dbSession, new PermissionTemplateDto()
.setKee(Uuids.create())
.setName(name)
.setKeyPattern(projectKeyPattern)
.setDescription(description)
.setCreatedAt(now)
.setUpdatedAt(now));
dbSession.commit();
return PermissionTemplate.create(permissionTemplateDto);
} finally {
dbClient.closeSession(dbSession);
}
}

public void updatePermissionTemplate(Long templateId, String newName, @Nullable String newDescription, @Nullable String projectPattern) {
DbSession dbSession = dbClient.openSession(false);

try {
checkGlobalAdminUser(userSession);
validateTemplateNameForUpdate(dbSession, newName, templateId);
validateProjectPattern(projectPattern);
permissionTemplateDao.update(templateId, newName, newDescription, projectPattern);
} finally {
dbClient.closeSession(dbSession);
}
}

public void deletePermissionTemplate(Long templateId) {
checkGlobalAdminUser(userSession);
DbSession dbSession = dbClient.openSession(false);
try {
permissionTemplateDao.deleteById(dbSession, templateId);
dbSession.commit();
} finally {
dbClient.closeSession(dbSession);
}
}

/**
* @deprecated since 5.2 can be removed when Ruby doesn't rely on PermissionTemplateService
*/
@Deprecated
public void addUserPermission(String templateKey, String permission, String userLogin) {
PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSession, templateKey, permission, userLogin) {
@Override
protected void doExecute(Long templateId, String permission) {
Long userId = getUserId();
permissionTemplateDao.insertUserPermission(templateId, userId, permission);
}
};
updater.executeUpdate();
}

/**
* @deprecated since 5.2 can be removed when Ruby doesn't rely on PermissionTemplateService
*/
@Deprecated
public void removeUserPermission(String templateKey, String permission, String userLogin) {
PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSession, templateKey, permission, userLogin) {
@Override
protected void doExecute(Long templateId, String permission) {
Long userId = getUserId();
permissionTemplateDao.deleteUserPermission(templateId, userId, permission);
}
};
updater.executeUpdate();
}

/**
* @deprecated since 5.2 can be removed when Ruby doesn't rely on PermissionTemplateService
*/
@Deprecated
public void addGroupPermission(String templateKey, String permission, String groupName) {
PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSession, templateKey, permission, groupName) {
@Override
protected void doExecute(Long templateId, String permission) {
Long groupId = getGroupId();
permissionTemplateDao.insertGroupPermission(templateId, groupId, permission);
}
};
updater.executeUpdate();
}

/**
* @deprecated since 5.2 can be removed when Ruby doesn't rely on PermissionTemplateService
*/
@Deprecated
public void removeGroupPermission(String templateKey, String permission, String groupName) {
PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSession, templateKey, permission, groupName) {
@Override
protected void doExecute(Long templateId, String permission) {
Long groupId = getGroupId();
permissionTemplateDao.deleteGroupPermission(templateId, groupId, permission);
}
};
updater.executeUpdate();
}

public void removeGroupFromTemplates(String groupName) {
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
DbSession session = dbClient.openSession(false);
try {
GroupDto group = dbClient.groupDao().selectByName(session, groupName);
if (group == null) {
throw new NotFoundException("Group does not exists : " + groupName);
}
permissionTemplateDao.deleteByGroup(session, group.getId());
session.commit();
} finally {
dbClient.closeSession(session);
}
}

/**
* @deprecated since 5.2
*/
@Deprecated
private void validateTemplateNameForCreation(DbSession dbSession, String templateName) {
checkRequest(!templateName.isEmpty(), MSG_TEMPLATE_NAME_NOT_BLANK);

PermissionTemplateDto permissionTemplateWithSameName = dbClient.permissionTemplateDao().selectByName(dbSession, templateName);
checkRequest(permissionTemplateWithSameName == null, format(MSG_TEMPLATE_WITH_SAME_NAME, templateName));
}

/**
* @deprecated since 5.2
*/
@Deprecated
private void validateTemplateNameForUpdate(DbSession dbSession, String templateName, long templateId) {
checkRequest(!templateName.isEmpty(), MSG_TEMPLATE_NAME_NOT_BLANK);

PermissionTemplateDto permissionTemplateWithSameName = dbClient.permissionTemplateDao().selectByName(dbSession, templateName);
checkRequest(permissionTemplateWithSameName == null || permissionTemplateWithSameName.getId() == templateId,
format(MSG_TEMPLATE_WITH_SAME_NAME, templateName));
}
}

+ 0
- 96
server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUpdater.java View File

@@ -1,96 +0,0 @@
/*
* SonarQube, open source software quality management tool.
* Copyright (C) 2008-2014 SonarSource
* mailto:contact AT sonarsource DOT com
*
* SonarQube is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* SonarQube is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/

package org.sonar.server.permission;

import org.sonar.api.security.DefaultGroups;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.permission.PermissionTemplateDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.user.UserSession;

import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission;

/**
* @deprecated since 5.2 can be removed when Ruby doesn't rely on PermissionTemplateService
*/
@Deprecated
abstract class PermissionTemplateUpdater {

private final DbClient dbClient;
private final UserSession userSession;
private final String templateKey;
private final String permission;
private final String updatedReference;

PermissionTemplateUpdater(DbClient dbClient, UserSession userSession, String templateKey, String permission, String updatedReference) {
this.dbClient = dbClient;
this.userSession = userSession;
this.templateKey = templateKey;
this.permission = permission;
this.updatedReference = updatedReference;
}

void executeUpdate() {
checkGlobalAdminUser(userSession);
Long templateId = getTemplateId(templateKey);
validateProjectPermission(permission);
doExecute(templateId, permission);
}

abstract void doExecute(Long templateId, String permission);

Long getUserId() {
UserDto userDto = dbClient.userDao().selectActiveUserByLogin(updatedReference);
if (userDto == null) {
throw new BadRequestException("Unknown user: " + updatedReference);
}
return userDto.getId();
}

Long getGroupId() {
if (DefaultGroups.isAnyone(updatedReference)) {
return null;
}

DbSession dbSession = dbClient.openSession(false);
try {
GroupDto groupDto = dbClient.groupDao().selectByName(dbSession, updatedReference);
if (groupDto == null) {
throw new BadRequestException("Unknown group: " + updatedReference);
}
return groupDto.getId();
} finally {
dbClient.closeSession(dbSession);
}
}

private Long getTemplateId(String key) {
PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().selectByUuid(key);
if (permissionTemplateDto == null) {
throw new BadRequestException("Unknown template: " + key);
}
return permissionTemplateDto.getId();
}
}

+ 0
- 58
server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUser.java View File

@@ -1,58 +0,0 @@
/*
* SonarQube, open source software quality management tool.
* Copyright (C) 2008-2014 SonarSource
* mailto:contact AT sonarsource DOT com
*
* SonarQube is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* SonarQube is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/

package org.sonar.server.permission;

public class PermissionTemplateUser {

private final Long templateId;
private final Long userId;
private final String userName;
private final String userLogin;
private final String permission;

public PermissionTemplateUser(Long templateId, Long userId, String userName, String userLogin, String permission) {
this.templateId = templateId;
this.userId = userId;
this.userName = userName;
this.userLogin = userLogin;
this.permission = permission;
}

public Long getUserId() {
return userId;
}

public String getUserName() {
return userName;
}

public String getPermission() {
return permission;
}

public Long getTemplateId() {
return templateId;
}

public String getUserLogin() {
return userLogin;
}
}

+ 0
- 7
server/sonar-server/src/main/java/org/sonar/server/permission/UserWithPermissionQueryResult.java View File

@@ -27,12 +27,10 @@ public class UserWithPermissionQueryResult {

private final List<UserWithPermission> users;
private final int total;
private final boolean hasMoreResults;

public UserWithPermissionQueryResult(List<UserWithPermission> users, int total) {
this.users = users;
this.total = total;
this.hasMoreResults = total > users.size();
}

public List<UserWithPermission> users() {
@@ -42,9 +40,4 @@ public class UserWithPermissionQueryResult {
public int total() {
return total;
}

// called by Ruby Code
public boolean hasMoreResults() {
return hasMoreResults;
}
}

+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java View File

@@ -42,7 +42,7 @@ import org.sonarqube.ws.WsPermissions.WsGroupsResponse;

import static com.google.common.base.Objects.firstNonNull;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentDto;
import static org.sonar.server.permission.PermissionQueryParser.toMembership;
import static org.sonar.server.permission.ws.PermissionQueryParser.fromSelectionModeToMembership;
import static org.sonar.server.permission.ws.Parameters.createPermissionParameter;
import static org.sonar.server.permission.ws.Parameters.createProjectParameter;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
@@ -136,7 +136,7 @@ public class GroupsAction implements PermissionsWsAction {
.permission(request.permission())
.pageIndex(request.page())
.pageSize(request.pageSize())
.membership(toMembership(firstNonNull(request.selected(), SelectionMode.SELECTED.value())))
.membership(fromSelectionModeToMembership(firstNonNull(request.selected(), SelectionMode.SELECTED.value())))
.search(request.query());
if (project.isPresent()) {
permissionQuery.component(project.get().getKey());

server/sonar-server/src/main/java/org/sonar/server/permission/PermissionQueryParser.java → server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionQueryParser.java View File

@@ -18,33 +18,18 @@
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/

package org.sonar.server.permission;
package org.sonar.server.permission.ws;

import java.util.Map;
import org.sonar.api.server.ws.WebService.SelectionMode;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.user.GroupMembershipQuery;
import org.sonar.server.util.RubyUtils;

public class PermissionQueryParser {
class PermissionQueryParser {

private PermissionQueryParser() {
// Utility class
}

static PermissionQuery toQuery(Map<String, Object> params) {
PermissionQuery.Builder builder = PermissionQuery.builder();
builder.permission((String) params.get("permission"));
builder.component((String) params.get("component"));
builder.template((String) params.get("template"));
builder.membership(toMembership((String) params.get("selected")));
builder.search((String) params.get("query"));
builder.pageIndex(RubyUtils.toInteger(params.get("page")));
builder.pageSize(RubyUtils.toInteger(params.get("pageSize")));
return builder.build();
}

public static String toMembership(String selectionModeString) {
static String fromSelectionModeToMembership(String selectionModeString) {
SelectionMode selectionMode = SelectionMode.fromParam(selectionModeString);
if (SelectionMode.SELECTED == selectionMode) {
return GroupMembershipQuery.IN;

+ 2
- 2
server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java View File

@@ -42,7 +42,7 @@ import org.sonarqube.ws.WsPermissions.WsUsersResponse;
import static com.google.common.base.Objects.firstNonNull;
import static com.google.common.base.Strings.nullToEmpty;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentDto;
import static org.sonar.server.permission.PermissionQueryParser.toMembership;
import static org.sonar.server.permission.ws.PermissionQueryParser.fromSelectionModeToMembership;
import static org.sonar.server.permission.ws.Parameters.createPermissionParameter;
import static org.sonar.server.permission.ws.Parameters.createProjectParameter;
import static org.sonar.server.ws.WsUtils.writeProtobuf;
@@ -128,7 +128,7 @@ public class UsersAction implements PermissionsWsAction {
.permission(request.permission())
.pageIndex(request.page())
.pageSize(request.pageSize())
.membership(toMembership(firstNonNull(request.selected(), SelectionMode.SELECTED.value())))
.membership(fromSelectionModeToMembership(firstNonNull(request.selected(), SelectionMode.SELECTED.value())))
.search(request.query());
if (project.isPresent()) {
permissionQuery.component(project.get().getKey());

+ 0
- 2
server/sonar-server/src/main/java/org/sonar/server/platform/platformlevel/PlatformLevel4.java View File

@@ -164,7 +164,6 @@ import org.sonar.server.notification.email.AlertsEmailTemplate;
import org.sonar.server.notification.email.EmailNotificationChannel;
import org.sonar.server.permission.PermissionFinder;
import org.sonar.server.permission.PermissionService;
import org.sonar.server.permission.PermissionTemplateService;
import org.sonar.server.permission.PermissionUpdater;
import org.sonar.server.permission.ws.PermissionsWsModule;
import org.sonar.server.platform.BackendCleanup;
@@ -548,7 +547,6 @@ public class PlatformLevel4 extends PlatformLevel {
PermissionRepository.class,
PermissionService.class,
PermissionUpdater.class,
PermissionTemplateService.class,
PermissionFinder.class,
PermissionsWsModule.class,


+ 0
- 10
server/sonar-server/src/test/java/org/sonar/server/permission/PermissionFinderTest.java View File

@@ -161,7 +161,6 @@ public class PermissionFinderTest {
PermissionQuery.builder().permission("user").membership(PermissionQuery.IN).build());

assertThat(result.groups()).hasSize(1);
assertThat(result.hasMoreResults()).isFalse();
}

@Test
@@ -181,18 +180,10 @@ public class PermissionFinderTest {
.pageIndex(2)
.build());

assertThat(result.hasMoreResults()).isTrue();
List<GroupWithPermission> groups = result.groups();
assertThat(groups).hasSize(2);
assertThat(groups.get(0).name()).isEqualTo("Users");
assertThat(groups.get(1).name()).isEqualTo("Reviewers");

assertThat(underTest.findGroupsWithPermission(
PermissionQuery.builder()
.permission("user")
.pageSize(2)
.pageIndex(3)
.build()).hasMoreResults()).isTrue();
}

@Test
@@ -300,7 +291,6 @@ public class PermissionFinderTest {
GroupWithPermissionQueryResult result = underTest.findGroupsWithPermissionTemplate(
PermissionQuery.builder().permission("user").template("my_template").membership(PermissionQuery.OUT).build());
assertThat(result.groups()).hasSize(1);
assertThat(result.hasMoreResults()).isFalse();
}

@Test

+ 0
- 81
server/sonar-server/src/test/java/org/sonar/server/permission/PermissionQueryParserTest.java View File

@@ -1,81 +0,0 @@
/*
* SonarQube, open source software quality management tool.
* Copyright (C) 2008-2014 SonarSource
* mailto:contact AT sonarsource DOT com
*
* SonarQube is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* SonarQube is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/

package org.sonar.server.permission;

import org.junit.Test;
import org.sonar.db.permission.PermissionQuery;

import java.util.Map;

import static com.google.common.collect.Maps.newHashMap;
import static org.assertj.core.api.Assertions.assertThat;

public class PermissionQueryParserTest {

@Test
public void to_query_with_all_params() {
Map<String, Object> params = newHashMap();
params.put("permission", "admin");
params.put("template", "my_template_key");
params.put("component", "org.sample.Sample");
params.put("query", "text");
params.put("selected", "all");
params.put("page", 2);
params.put("pageSize", 50);
PermissionQuery query = PermissionQueryParser.toQuery(params);

assertThat(query.permission()).isEqualTo("admin");
assertThat(query.component()).isEqualTo("org.sample.Sample");
assertThat(query.template()).isEqualTo("my_template_key");
assertThat(query.search()).isEqualTo("text");
assertThat(query.pageSize()).isEqualTo(50);
assertThat(query.pageIndex()).isEqualTo(2);
assertThat(query.membership()).isEqualTo(PermissionQuery.ANY);
}

@Test
public void to_query_with_include_membership_parameter() {
Map<String, Object> params = newHashMap();
params.put("permission", "admin");
params.put("selected", "selected");

assertThat(PermissionQueryParser.toQuery(params).membership()).isEqualTo(PermissionQuery.IN);
}

@Test
public void to_query_with_exclude_membership_parameter() {
Map<String, Object> params = newHashMap();
params.put("permission", "admin");
params.put("selected", "deselected");

assertThat(PermissionQueryParser.toQuery(params).membership()).isEqualTo(PermissionQuery.OUT);
}

@Test
public void to_query_with_any_membership_parameter() {
Map<String, Object> params = newHashMap();
params.put("permission", "admin");
params.put("selected", "all");

assertThat(PermissionQueryParser.toQuery(params).membership()).isEqualTo(PermissionQuery.ANY);
}

}

+ 0
- 373
server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java View File

@@ -1,373 +0,0 @@
/*
* SonarQube, open source software quality management tool.
* Copyright (C) 2008-2014 SonarSource
* mailto:contact AT sonarsource DOT com
*
* SonarQube is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* SonarQube is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/

package org.sonar.server.permission;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.util.List;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.PermissionTemplateDao;
import org.sonar.db.permission.PermissionTemplateDto;
import org.sonar.db.permission.PermissionTemplateGroupDto;
import org.sonar.db.permission.PermissionTemplateUserDto;
import org.sonar.db.user.GroupDao;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDao;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.tester.UserSessionRule;

import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.any;
import static org.mockito.Mockito.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyZeroInteractions;
import static org.mockito.Mockito.when;

public class PermissionTemplateServiceTest {

private static final String DEFAULT_KEY = "my_template";
private static final String DEFAULT_DESC = "my description";
private static final String DEFAULT_PATTERN = "com.foo.(.*)";
private static final String DEFAULT_PERMISSION = UserRole.USER;
private static final PermissionTemplateDto DEFAULT_TEMPLATE =
new PermissionTemplateDto().setId(1L).setName(DEFAULT_KEY).setDescription(DEFAULT_DESC).setKeyPattern(DEFAULT_PATTERN);

@Rule
public UserSessionRule userSessionRule = UserSessionRule.standalone();

PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class);
UserDao userDao = mock(UserDao.class);
GroupDao groupDao = mock(GroupDao.class);
PermissionFinder finder = mock(PermissionFinder.class);
DbSession session = mock(DbSession.class);

PermissionTemplateService underTest;

@Rule
public ExpectedException expected = ExpectedException.none();

@Before
public void setUp() {
userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);

DbClient dbClient = mock(DbClient.class);
when(dbClient.openSession(false)).thenReturn(session);
when(dbClient.permissionTemplateDao()).thenReturn(permissionTemplateDao);
when(dbClient.userDao()).thenReturn(userDao);
when(dbClient.groupDao()).thenReturn(groupDao);
underTest = new PermissionTemplateService(dbClient, userSessionRule, finder);
}

@Test
public void find_users_with_permission_template() {
underTest.findUsersWithPermissionTemplate(ImmutableMap.<String, Object>of(
"permission", "user",
"template", "my_template",
"selected", "all"));
verify(finder).findUsersWithPermissionTemplate(any(PermissionQuery.class));
}

@Test
public void find_groups_with_permission_template() {
underTest.findGroupsWithPermissionTemplate(ImmutableMap.<String, Object>of(
"permission", "user",
"template", "my_template",
"selected", "all"));

verify(finder).findGroupsWithPermissionTemplate(any(PermissionQuery.class));
}

@Test
public void should_create_permission_template() {
when(permissionTemplateDao.insert(any(DbSession.class), any(PermissionTemplateDto.class))).thenReturn(DEFAULT_TEMPLATE);

PermissionTemplate permissionTemplate = underTest.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, DEFAULT_PATTERN);

assertThat(permissionTemplate.getId()).isEqualTo(1L);
assertThat(permissionTemplate.getName()).isEqualTo(DEFAULT_KEY);
assertThat(permissionTemplate.getDescription()).isEqualTo(DEFAULT_DESC);
assertThat(permissionTemplate.getKeyPattern()).isEqualTo(DEFAULT_PATTERN);
}

@Test
public void should_enforce_unique_template_name() {
expected.expect(BadRequestException.class);
expected.expectMessage("A template with the name 'my_template' already exists (case insensitive).");

when(permissionTemplateDao.selectByName(any(DbSession.class), anyString())).thenReturn(DEFAULT_TEMPLATE);

underTest.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, null);
}

@Test
public void should_reject_empty_name_on_creation() {
expected.expect(BadRequestException.class);
expected.expectMessage("The template name must not be blank");

underTest.createPermissionTemplate("", DEFAULT_DESC, null);
}

@Test
public void should_reject_invalid_key_pattern_on_creation() {
expected.expect(BadRequestException.class);
expected.expectMessage("The 'projectKeyPattern' parameter must be a valid Java regular expression. '[azerty' was passed");

underTest.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, "[azerty");
}

@Test
public void should_delete_permission_template() {
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);

underTest.deletePermissionTemplate(1L);

verify(permissionTemplateDao).deleteById(any(DbSession.class), eq(1L));
}

@Test
public void should_retrieve_permission_template() {

List<PermissionTemplateUserDto> usersPermissions = Lists.newArrayList(
buildUserPermission("user_scan", GlobalPermissions.SCAN_EXECUTION),
buildUserPermission("user_dry_run", GlobalPermissions.PREVIEW_EXECUTION),
buildUserPermission("user_scan_and_dry_run", GlobalPermissions.SCAN_EXECUTION),
buildUserPermission("user_scan_and_dry_run", GlobalPermissions.PREVIEW_EXECUTION)
);

List<PermissionTemplateGroupDto> groupsPermissions = Lists.newArrayList(
buildGroupPermission("admin_group", GlobalPermissions.SYSTEM_ADMIN),
buildGroupPermission("scan_group", GlobalPermissions.SCAN_EXECUTION),
buildGroupPermission(null, GlobalPermissions.PREVIEW_EXECUTION)
);

PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto()
.setId(1L)
.setName("my template")
.setDescription("my description")
.setUsersPermissions(usersPermissions)
.setGroupsByPermission(groupsPermissions);

when(permissionTemplateDao.selectByUuidWithUserAndGroupPermissions("my template")).thenReturn(permissionTemplateDto);

PermissionTemplate permissionTemplate = underTest.selectPermissionTemplate("my template");

assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.DASHBOARD_SHARING)).isEmpty();
assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.SCAN_EXECUTION)).extracting("userName").containsOnly("user_scan", "user_scan_and_dry_run");
assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.PREVIEW_EXECUTION)).extracting("userName").containsOnly("user_dry_run", "user_scan_and_dry_run");
assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.DASHBOARD_SHARING)).isEmpty();
assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.SCAN_EXECUTION)).extracting("groupName").containsOnly("scan_group");
assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.SYSTEM_ADMIN)).extracting("groupName").containsOnly("admin_group");
}

@Test
public void should_retrieve_all_permission_templates() {
PermissionTemplateDto template1 =
new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
PermissionTemplateDto template2 =
new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
when(permissionTemplateDao.selectAll()).thenReturn(Lists.newArrayList(template1, template2));

List<PermissionTemplate> templates = underTest.selectAllPermissionTemplates();

assertThat(templates).hasSize(2);
assertThat(templates).extracting("id").containsOnly(1L, 2L);
assertThat(templates).extracting("name").containsOnly("template1", "template2");
assertThat(templates).extracting("description").containsOnly("template1", "template2");
}

@Test
public void should_retrieve_all_permission_templates_from_project() {
userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, "org.sample.Sample");

PermissionTemplateDto template1 =
new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
PermissionTemplateDto template2 =
new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
when(permissionTemplateDao.selectAll()).thenReturn(Lists.newArrayList(template1, template2));

List<PermissionTemplate> templates = underTest.selectAllPermissionTemplates("org.sample.Sample");

assertThat(templates).hasSize(2);
assertThat(templates).extracting("id").containsOnly(1L, 2L);
assertThat(templates).extracting("name").containsOnly("template1", "template2");
assertThat(templates).extracting("description").containsOnly("template1", "template2");
}

@Test
public void should_update_permission_template() {

underTest.updatePermissionTemplate(1L, "new_name", "new_description", null);

verify(permissionTemplateDao).update(1L, "new_name", "new_description", null);
}

@Test
public void should_validate_template_name_on_update_if_applicable() {
expected.expect(BadRequestException.class);
expected.expectMessage("A template with the name 'template2' already exists (case insensitive).");

PermissionTemplateDto template2 =
new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
when(permissionTemplateDao.selectByName(any(DbSession.class), eq("template2"))).thenReturn(template2);

underTest.updatePermissionTemplate(1L, "template2", "template2", null);
}

@Test
public void should_validate_template_key_pattern_on_update_if_applicable() {
expected.expect(BadRequestException.class);
expected.expectMessage("The 'projectKeyPattern' parameter must be a valid Java regular expression. '[azerty' was passed");

PermissionTemplateDto template1 = new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
when(permissionTemplateDao.selectAll()).thenReturn(Lists.newArrayList(template1));

underTest.updatePermissionTemplate(1L, "template1", "template1", "[azerty");
}

@Test
public void should_skip_name_validation_where_not_applicable() {
PermissionTemplateDto template1 =
new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1");
PermissionTemplateDto template2 =
new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2");
when(permissionTemplateDao.selectAll()).thenReturn(Lists.newArrayList(template1, template2));

underTest.updatePermissionTemplate(1L, "template1", "new_description", null);

verify(permissionTemplateDao).update(1L, "template1", "new_description", null);
}

@Test
public void should_add_user_permission() {
UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user");
when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto);
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);

underTest.addUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "user");

verify(permissionTemplateDao, times(1)).insertUserPermission(1L, 1L, DEFAULT_PERMISSION);
}

@Test
public void should_validate_provided_user_login() {
expected.expect(BadRequestException.class);
expected.expectMessage("Unknown user:");

when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
when(userDao.selectActiveUserByLogin("unknown")).thenReturn(null);

underTest.addUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "unknown");
}

@Test
public void should_remove_user_permission() {
UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user");
when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto);
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);

underTest.removeUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "user");

verify(permissionTemplateDao, times(1)).deleteUserPermission(1L, 1L, DEFAULT_PERMISSION);
}

@Test
public void should_add_group_permission() {
GroupDto groupDto = new GroupDto().setId(1L).setName("group");
when(groupDao.selectByName(any(DbSession.class), eq("group"))).thenReturn(groupDto);
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);

underTest.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "group");

verify(permissionTemplateDao, times(1)).insertGroupPermission(1L, 1L, DEFAULT_PERMISSION);
}

@Test
public void should_validate_provided_group_name() {
expected.expect(BadRequestException.class);
expected.expectMessage("Unknown group:");

when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);
when(groupDao.selectByName(any(DbSession.class), eq("unknown"))).thenReturn(null);

underTest.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "unknown");
}

@Test
public void should_remove_group_permission() {
GroupDto groupDto = new GroupDto().setId(1L).setName("group");
when(groupDao.selectByName(any(DbSession.class), eq("group"))).thenReturn(groupDto);
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);

underTest.removeGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "group");

verify(permissionTemplateDao, times(1)).deleteGroupPermission(1L, 1L, DEFAULT_PERMISSION);
}

@Test
public void should_add_permission_to_anyone_group() {
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);

underTest.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "Anyone");

verify(permissionTemplateDao).insertGroupPermission(1L, null, DEFAULT_PERMISSION);
verifyZeroInteractions(userDao);
}

@Test
public void should_remove_permission_from_anyone_group() {
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE);

underTest.removeGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "Anyone");

verify(permissionTemplateDao).deleteGroupPermission(1L, null, DEFAULT_PERMISSION);
verifyZeroInteractions(userDao);
}

@Test
public void should_remove_group_from_templates() {
GroupDto groupDto = new GroupDto().setId(1L).setName("group");
when(groupDao.selectByName(session, "group")).thenReturn(groupDto);

underTest.removeGroupFromTemplates("group");

verify(permissionTemplateDao).deleteByGroup(eq(session), eq(1L));
}

private PermissionTemplateUserDto buildUserPermission(String userName, String permission) {
return new PermissionTemplateUserDto().setUserName(userName).setPermission(permission);
}

private PermissionTemplateGroupDto buildGroupPermission(String groupName, String permission) {
return new PermissionTemplateGroupDto().setGroupName(groupName).setPermission(permission);
}
}

+ 0
- 68
server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateTest.java View File

@@ -1,68 +0,0 @@
/*
* SonarQube, open source software quality management tool.
* Copyright (C) 2008-2014 SonarSource
* mailto:contact AT sonarsource DOT com
*
* SonarQube is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* SonarQube is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/

package org.sonar.server.permission;

import com.google.common.collect.Lists;
import org.junit.Test;
import org.sonar.db.permission.PermissionTemplateDto;
import org.sonar.db.permission.PermissionTemplateGroupDto;
import org.sonar.db.permission.PermissionTemplateUserDto;

import static org.assertj.core.api.Assertions.assertThat;

public class PermissionTemplateTest {

@Test
public void should_populate_template_with_permissions() {

PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto()
.setId(1L)
.setName("name")
.setKee("key")
.setDescription("description")
.setUsersPermissions(Lists.newArrayList(
new PermissionTemplateUserDto().setId(1L).setUserId(1L).setUserName("user1").setUserLogin("login1").setPermission("permission1"),
new PermissionTemplateUserDto().setId(2L).setUserId(1L).setUserName("user1").setUserLogin("login1").setPermission("permission2"),
new PermissionTemplateUserDto().setId(3L).setUserId(2L).setUserName("user2").setUserLogin("login2").setPermission("permission1")
))
.setGroupsByPermission(Lists.newArrayList(
new PermissionTemplateGroupDto().setId(1L).setGroupId(1L).setGroupName("group1").setPermission("permission3"),
new PermissionTemplateGroupDto().setId(2L).setGroupId(2L).setGroupName("group2").setPermission("permission3"),
new PermissionTemplateGroupDto().setId(3L).setGroupId(null).setGroupName(null).setPermission("permission3")
));

PermissionTemplate permissionTemplate = PermissionTemplate.create(permissionTemplateDto);

assertThat(permissionTemplate.getId()).isEqualTo(1L);
assertThat(permissionTemplate.getName()).isEqualTo("name");
assertThat(permissionTemplate.getKey()).isEqualTo("key");
assertThat(permissionTemplate.getDescription()).isEqualTo("description");
assertThat(permissionTemplate.getUsersForPermission("unmatchedPermission")).isEmpty();
assertThat(permissionTemplate.getUsersForPermission("permission1")).extracting("userName").containsOnly("user1", "user2");
assertThat(permissionTemplate.getUsersForPermission("permission1")).extracting("userId").containsOnly(1L, 2L);
assertThat(permissionTemplate.getUsersForPermission("permission1")).extracting("userLogin").containsOnly("login1", "login2");
assertThat(permissionTemplate.getUsersForPermission("permission2")).extracting("userName").containsOnly("user1");
assertThat(permissionTemplate.getUsersForPermission("permission2")).extracting("userId").containsOnly(1L);
assertThat(permissionTemplate.getUsersForPermission("permission2")).extracting("userLogin").containsOnly("login1");
assertThat(permissionTemplate.getGroupsForPermission("permission3")).extracting("groupName").containsOnly("group1", "group2", null);
assertThat(permissionTemplate.getGroupsForPermission("permission3")).extracting("groupId").containsOnly(1L, 2L, null);
}
}

+ 0
- 157
server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateUpdaterTest.java View File

@@ -1,157 +0,0 @@
/*
* SonarQube, open source software quality management tool.
* Copyright (C) 2008-2014 SonarSource
* mailto:contact AT sonarsource DOT com
*
* SonarQube is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* SonarQube is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/

package org.sonar.server.permission;

import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.permission.PermissionTemplateDao;
import org.sonar.db.permission.PermissionTemplateDto;
import org.sonar.db.user.GroupDao;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDao;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.tester.UserSessionRule;

import static org.mockito.Matchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.stub;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;

public class PermissionTemplateUpdaterTest {
@Rule
public UserSessionRule userSessionRule = UserSessionRule.standalone();

private static final UserDto DEFAULT_USER = new UserDto().setId(1L).setLogin("user").setName("user");
private static final GroupDto DEFAULT_GROUP = new GroupDto().setId(1L).setName("group");

private DbClient dbClient = mock(DbClient.class);
private UserDao userDao = mock(UserDao.class);
private GroupDao groupDao = mock(GroupDao.class);

@Rule
public ExpectedException expected = ExpectedException.none();

@Before
public void setUpCommonMocks() {
userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
stub(userDao.selectActiveUserByLogin("user")).toReturn(DEFAULT_USER);
stub(groupDao.selectByName(any(DbSession.class), eq("group"))).toReturn(DEFAULT_GROUP);

when(dbClient.userDao()).thenReturn(userDao);
when(dbClient.groupDao()).thenReturn(groupDao);
when(dbClient.permissionTemplateDao()).thenReturn(mock(PermissionTemplateDao.class));
}

@Test
public void should_execute_on_valid_parameters() {

final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class);
when(permissionTemplateDao.selectByUuid("my_template")).thenReturn(new PermissionTemplateDto().setId(1L));
when(dbClient.permissionTemplateDao()).thenReturn(permissionTemplateDao);

PermissionTemplateUpdater updater =
new PermissionTemplateUpdater(dbClient, userSessionRule, "my_template", UserRole.USER, "user") {
@Override
void doExecute(Long templateId, String permission) {
permissionTemplateDao.insertUserPermission(1L, 1L, UserRole.USER);
}
};
updater.executeUpdate();

verify(permissionTemplateDao, times(1)).insertUserPermission(1L, 1L, UserRole.USER);
}

@Test
public void should_validate_template_reference() {
expected.expect(BadRequestException.class);
expected.expectMessage("Unknown template:");

final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class);
when(permissionTemplateDao.selectByUuid("my_template")).thenReturn(null);

PermissionTemplateUpdater updater =
new PermissionTemplateUpdater(dbClient, userSessionRule, "my_template", UserRole.USER, "user") {
@Override
void doExecute(Long templateId, String permission) {
}
};
updater.executeUpdate();
}

@Test
public void should_validate_permission_reference() {
expected.expect(BadRequestException.class);

final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class);
when(permissionTemplateDao.selectByUuid("my_template")).thenReturn(new PermissionTemplateDto().setId(1L));
when(dbClient.permissionTemplateDao()).thenReturn(permissionTemplateDao);

PermissionTemplateUpdater updater =
new PermissionTemplateUpdater(dbClient, userSessionRule, "my_template", "invalid_permission", "user") {
@Override
void doExecute(Long templateId, String permission) {
}
};
updater.executeUpdate();
}

@Test
public void should_check_that_user_is_logged_in() {
expected.expect(UnauthorizedException.class);
expected.expectMessage("Authentication is required");

userSessionRule.anonymous();

PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSessionRule, null, null, null) {
@Override
void doExecute(Long templateId, String permission) {
}
};
updater.executeUpdate();
}

@Test
public void should_check_that_user_is_a_system_admin() {
expected.expect(ForbiddenException.class);
expected.expectMessage("Insufficient privileges");

userSessionRule.login("user").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);

PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSessionRule, null, null, null) {
@Override
void doExecute(Long templateId, String permission) {
}
};
updater.executeUpdate();
}
}

+ 1
- 0
server/sonar-web/src/main/webapp/WEB-INF/app/models/internal.rb View File

@@ -38,6 +38,7 @@ class Internal
component(Java::OrgSonarApiComponent::RubyComponentService.java_class)
end

# TODO to delete
def self.permissions
component(Java::OrgSonarServerPermission::PermissionService.java_class)
end

Write Preview
Loading…
Cancel
Save