@@ -34,7 +34,6 @@ import org.junit.Test; | |||
import org.junit.rules.ExpectedException; | |||
import org.sonar.wsclient.SonarClient; | |||
import org.sonar.wsclient.base.HttpException; | |||
import org.sonar.wsclient.permissions.PermissionParameters; | |||
import org.sonar.wsclient.qualitygate.NewCondition; | |||
import org.sonar.wsclient.qualitygate.QualityGate; | |||
import org.sonar.wsclient.qualitygate.QualityGateClient; | |||
@@ -106,22 +105,25 @@ public class ProjectAdministrationTest { | |||
@Test | |||
public void project_deletion() { | |||
String projectAdminUser = "project-deletion-with-admin-permission-on-project"; | |||
SonarClient adminClient = orchestrator.getServer().adminWsClient(); | |||
SonarClient wsClient = orchestrator.getServer().adminWsClient(); | |||
try { | |||
SonarRunner scan = SonarRunner.create(projectDir("shared/xoo-sample")); | |||
orchestrator.executeBuild(scan); | |||
// Create user having admin permission on previously analysed project | |||
adminClient.userClient().create( | |||
wsClient.userClient().create( | |||
UserParameters.create().login(projectAdminUser).name(projectAdminUser).password("password").passwordConfirmation("password")); | |||
adminClient.permissionClient().addPermission( | |||
PermissionParameters.create().user(projectAdminUser).component("sample").permission("admin")); | |||
wsClient.post("api/permissions/add_user", | |||
"login", projectAdminUser, | |||
"projectKey", "sample", | |||
"permission", "admin"); | |||
new SeleneseTest( | |||
Selenese.builder().setHtmlTestsInClasspath("project-deletion", "/administration/suite/ProjectAdministrationTest/project-deletion/project-deletion.html").build() | |||
).runOn(orchestrator); | |||
} finally { | |||
adminClient.userClient().deactivate(projectAdminUser); | |||
wsClient.userClient().deactivate(projectAdminUser); | |||
} | |||
} | |||
@@ -28,7 +28,6 @@ import org.junit.BeforeClass; | |||
import org.junit.ClassRule; | |||
import org.junit.Test; | |||
import org.sonar.wsclient.SonarClient; | |||
import org.sonar.wsclient.permissions.PermissionParameters; | |||
import org.sonar.wsclient.user.UserParameters; | |||
import selenium.SeleneseTest; | |||
@@ -150,7 +149,9 @@ public class MeasureFiltersTest { | |||
client.userClient().create(userCreationParameters); | |||
if (permission != null) { | |||
client.permissionClient().addPermission(PermissionParameters.create().user(login).permission(permission)); | |||
client.post("api/permissions/add_user", | |||
"login", login, | |||
"permission", permission); | |||
} | |||
} | |||
@@ -26,22 +26,16 @@ public class GroupWithPermissionQueryResult { | |||
private final List<GroupWithPermission> groups; | |||
private final int total; | |||
private final boolean hasMoreResults; | |||
public GroupWithPermissionQueryResult(List<GroupWithPermission> groups, int total) { | |||
this.groups = groups; | |||
this.total = total; | |||
this.hasMoreResults = total > groups.size(); | |||
} | |||
public List<GroupWithPermission> groups() { | |||
return groups; | |||
} | |||
public boolean hasMoreResults() { | |||
return hasMoreResults; | |||
} | |||
public int total() { | |||
return total; | |||
} |
@@ -1,118 +0,0 @@ | |||
/* | |||
* SonarQube, open source software quality management tool. | |||
* Copyright (C) 2008-2014 SonarSource | |||
* mailto:contact AT sonarsource DOT com | |||
* | |||
* SonarQube is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* SonarQube is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.permission; | |||
import com.google.common.collect.HashMultimap; | |||
import com.google.common.collect.ImmutableList; | |||
import com.google.common.collect.Multimap; | |||
import org.sonar.db.permission.PermissionTemplateDto; | |||
import org.sonar.db.permission.PermissionTemplateGroupDto; | |||
import org.sonar.db.permission.PermissionTemplateUserDto; | |||
import javax.annotation.CheckForNull; | |||
import javax.annotation.Nullable; | |||
import java.util.List; | |||
public class PermissionTemplate { | |||
private final Long id; | |||
private final String name; | |||
private final String key; | |||
private final String description; | |||
private final String keyPattern; | |||
private Multimap<String, PermissionTemplateUser> usersByPermission; | |||
private Multimap<String, PermissionTemplateGroup> groupsByPermission; | |||
private PermissionTemplate(Long id, String name, String key, @Nullable String description, @Nullable String keyPattern) { | |||
this.id = id; | |||
this.name = name; | |||
this.key = key; | |||
this.description = description; | |||
this.keyPattern = keyPattern; | |||
usersByPermission = HashMultimap.create(); | |||
groupsByPermission = HashMultimap.create(); | |||
} | |||
public static PermissionTemplate create(@Nullable PermissionTemplateDto permissionTemplateDto) { | |||
if (permissionTemplateDto == null) { | |||
return null; | |||
} | |||
PermissionTemplate permissionTemplate = new PermissionTemplate( | |||
permissionTemplateDto.getId(), permissionTemplateDto.getName(), permissionTemplateDto.getKee(), permissionTemplateDto.getDescription(), | |||
permissionTemplateDto.getKeyPattern()); | |||
List<PermissionTemplateUserDto> usersPermissions = permissionTemplateDto.getUsersPermissions(); | |||
if (usersPermissions != null) { | |||
for (PermissionTemplateUserDto userPermission : usersPermissions) { | |||
permissionTemplate.registerUserPermission(permissionTemplateDto.getId(), userPermission.getUserId(), | |||
userPermission.getUserName(), userPermission.getUserLogin(), userPermission.getPermission()); | |||
} | |||
} | |||
List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplateDto.getGroupsPermissions(); | |||
if (groupsPermissions != null) { | |||
for (PermissionTemplateGroupDto groupPermission : groupsPermissions) { | |||
permissionTemplate.registerGroupPermission(groupPermission.getPermission(), permissionTemplateDto.getId(), | |||
groupPermission.getGroupId(), groupPermission.getGroupName()); | |||
} | |||
} | |||
return permissionTemplate; | |||
} | |||
public Long getId() { | |||
return id; | |||
} | |||
public String getName() { | |||
return name; | |||
} | |||
@CheckForNull | |||
public String getDescription() { | |||
return description; | |||
} | |||
public String getKey() { | |||
return key; | |||
} | |||
@CheckForNull | |||
public String getKeyPattern() { | |||
return keyPattern; | |||
} | |||
public List<PermissionTemplateUser> getUsersForPermission(String permission) { | |||
return ImmutableList.copyOf(usersByPermission.get(permission)); | |||
} | |||
public List<PermissionTemplateGroup> getGroupsForPermission(String permission) { | |||
return ImmutableList.copyOf(groupsByPermission.get(permission)); | |||
} | |||
private void registerUserPermission(Long templateId, Long userId, String userName, String userLogin, String permission) { | |||
usersByPermission.put(permission, new PermissionTemplateUser(templateId, userId, userName, userLogin, permission)); | |||
} | |||
private void registerGroupPermission(String permission, Long templateId, Long groupId, String groupName) { | |||
groupsByPermission.put(permission, new PermissionTemplateGroup(templateId, groupId, groupName, permission)); | |||
} | |||
} |
@@ -1,52 +0,0 @@ | |||
/* | |||
* SonarQube, open source software quality management tool. | |||
* Copyright (C) 2008-2014 SonarSource | |||
* mailto:contact AT sonarsource DOT com | |||
* | |||
* SonarQube is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* SonarQube is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.permission; | |||
public class PermissionTemplateGroup { | |||
private final Long templateId; | |||
private final Long groupId; | |||
private final String groupName; | |||
private final String permission; | |||
public PermissionTemplateGroup(Long templateId, Long groupId, String groupName, String permission) { | |||
this.templateId = templateId; | |||
this.groupId = groupId; | |||
this.groupName = groupName; | |||
this.permission = permission; | |||
} | |||
public Long getTemplateId() { | |||
return templateId; | |||
} | |||
public Long getGroupId() { | |||
return groupId; | |||
} | |||
public String getGroupName() { | |||
return groupName; | |||
} | |||
public String getPermission() { | |||
return permission; | |||
} | |||
} |
@@ -1,241 +0,0 @@ | |||
/* | |||
* SonarQube, open source software quality management tool. | |||
* Copyright (C) 2008-2014 SonarSource | |||
* mailto:contact AT sonarsource DOT com | |||
* | |||
* SonarQube is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* SonarQube is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.permission; | |||
import com.google.common.collect.Lists; | |||
import java.util.Date; | |||
import java.util.List; | |||
import java.util.Map; | |||
import javax.annotation.CheckForNull; | |||
import javax.annotation.Nullable; | |||
import org.sonar.api.server.ServerSide; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.core.util.Uuids; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.permission.PermissionTemplateDao; | |||
import org.sonar.db.permission.PermissionTemplateDto; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.server.exceptions.NotFoundException; | |||
import org.sonar.server.user.UserSession; | |||
import static java.lang.String.format; | |||
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser; | |||
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentKey; | |||
import static org.sonar.server.permission.ws.PermissionRequestValidator.MSG_TEMPLATE_NAME_NOT_BLANK; | |||
import static org.sonar.server.permission.ws.PermissionRequestValidator.MSG_TEMPLATE_WITH_SAME_NAME; | |||
import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPattern; | |||
import static org.sonar.server.ws.WsUtils.checkRequest; | |||
/** | |||
* Used by ruby code <pre>Internal.permission_templates</pre> | |||
*/ | |||
@ServerSide | |||
public class PermissionTemplateService { | |||
private final DbClient dbClient; | |||
private final PermissionTemplateDao permissionTemplateDao; | |||
private final PermissionFinder finder; | |||
private final UserSession userSession; | |||
public PermissionTemplateService(DbClient dbClient, UserSession userSession, PermissionFinder finder) { | |||
this.dbClient = dbClient; | |||
this.permissionTemplateDao = dbClient.permissionTemplateDao(); | |||
this.finder = finder; | |||
this.userSession = userSession; | |||
} | |||
public UserWithPermissionQueryResult findUsersWithPermissionTemplate(Map<String, Object> params) { | |||
return finder.findUsersWithPermissionTemplate(PermissionQueryParser.toQuery(params)); | |||
} | |||
public GroupWithPermissionQueryResult findGroupsWithPermissionTemplate(Map<String, Object> params) { | |||
return finder.findGroupsWithPermissionTemplate(PermissionQueryParser.toQuery(params)); | |||
} | |||
@CheckForNull | |||
public PermissionTemplate selectPermissionTemplate(String templateKey) { | |||
checkGlobalAdminUser(userSession); | |||
PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectByUuidWithUserAndGroupPermissions(templateKey); | |||
return PermissionTemplate.create(permissionTemplateDto); | |||
} | |||
public List<PermissionTemplate> selectAllPermissionTemplates() { | |||
return selectAllPermissionTemplates(null); | |||
} | |||
public List<PermissionTemplate> selectAllPermissionTemplates(@Nullable String componentKey) { | |||
checkProjectAdminUserByComponentKey(userSession, componentKey); | |||
List<PermissionTemplate> permissionTemplates = Lists.newArrayList(); | |||
List<PermissionTemplateDto> permissionTemplateDtos = permissionTemplateDao.selectAll(); | |||
if (permissionTemplateDtos != null) { | |||
for (PermissionTemplateDto permissionTemplateDto : permissionTemplateDtos) { | |||
permissionTemplates.add(PermissionTemplate.create(permissionTemplateDto)); | |||
} | |||
} | |||
return permissionTemplates; | |||
} | |||
public PermissionTemplate createPermissionTemplate(String name, @Nullable String description, @Nullable String projectKeyPattern) { | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { | |||
checkGlobalAdminUser(userSession); | |||
validateTemplateNameForCreation(dbSession, name); | |||
validateProjectPattern(projectKeyPattern); | |||
Date now = new Date(System2.INSTANCE.now()); | |||
PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.insert(dbSession, new PermissionTemplateDto() | |||
.setKee(Uuids.create()) | |||
.setName(name) | |||
.setKeyPattern(projectKeyPattern) | |||
.setDescription(description) | |||
.setCreatedAt(now) | |||
.setUpdatedAt(now)); | |||
dbSession.commit(); | |||
return PermissionTemplate.create(permissionTemplateDto); | |||
} finally { | |||
dbClient.closeSession(dbSession); | |||
} | |||
} | |||
public void updatePermissionTemplate(Long templateId, String newName, @Nullable String newDescription, @Nullable String projectPattern) { | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { | |||
checkGlobalAdminUser(userSession); | |||
validateTemplateNameForUpdate(dbSession, newName, templateId); | |||
validateProjectPattern(projectPattern); | |||
permissionTemplateDao.update(templateId, newName, newDescription, projectPattern); | |||
} finally { | |||
dbClient.closeSession(dbSession); | |||
} | |||
} | |||
public void deletePermissionTemplate(Long templateId) { | |||
checkGlobalAdminUser(userSession); | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { | |||
permissionTemplateDao.deleteById(dbSession, templateId); | |||
dbSession.commit(); | |||
} finally { | |||
dbClient.closeSession(dbSession); | |||
} | |||
} | |||
/** | |||
* @deprecated since 5.2 can be removed when Ruby doesn't rely on PermissionTemplateService | |||
*/ | |||
@Deprecated | |||
public void addUserPermission(String templateKey, String permission, String userLogin) { | |||
PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSession, templateKey, permission, userLogin) { | |||
@Override | |||
protected void doExecute(Long templateId, String permission) { | |||
Long userId = getUserId(); | |||
permissionTemplateDao.insertUserPermission(templateId, userId, permission); | |||
} | |||
}; | |||
updater.executeUpdate(); | |||
} | |||
/** | |||
* @deprecated since 5.2 can be removed when Ruby doesn't rely on PermissionTemplateService | |||
*/ | |||
@Deprecated | |||
public void removeUserPermission(String templateKey, String permission, String userLogin) { | |||
PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSession, templateKey, permission, userLogin) { | |||
@Override | |||
protected void doExecute(Long templateId, String permission) { | |||
Long userId = getUserId(); | |||
permissionTemplateDao.deleteUserPermission(templateId, userId, permission); | |||
} | |||
}; | |||
updater.executeUpdate(); | |||
} | |||
/** | |||
* @deprecated since 5.2 can be removed when Ruby doesn't rely on PermissionTemplateService | |||
*/ | |||
@Deprecated | |||
public void addGroupPermission(String templateKey, String permission, String groupName) { | |||
PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSession, templateKey, permission, groupName) { | |||
@Override | |||
protected void doExecute(Long templateId, String permission) { | |||
Long groupId = getGroupId(); | |||
permissionTemplateDao.insertGroupPermission(templateId, groupId, permission); | |||
} | |||
}; | |||
updater.executeUpdate(); | |||
} | |||
/** | |||
* @deprecated since 5.2 can be removed when Ruby doesn't rely on PermissionTemplateService | |||
*/ | |||
@Deprecated | |||
public void removeGroupPermission(String templateKey, String permission, String groupName) { | |||
PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSession, templateKey, permission, groupName) { | |||
@Override | |||
protected void doExecute(Long templateId, String permission) { | |||
Long groupId = getGroupId(); | |||
permissionTemplateDao.deleteGroupPermission(templateId, groupId, permission); | |||
} | |||
}; | |||
updater.executeUpdate(); | |||
} | |||
public void removeGroupFromTemplates(String groupName) { | |||
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); | |||
DbSession session = dbClient.openSession(false); | |||
try { | |||
GroupDto group = dbClient.groupDao().selectByName(session, groupName); | |||
if (group == null) { | |||
throw new NotFoundException("Group does not exists : " + groupName); | |||
} | |||
permissionTemplateDao.deleteByGroup(session, group.getId()); | |||
session.commit(); | |||
} finally { | |||
dbClient.closeSession(session); | |||
} | |||
} | |||
/** | |||
* @deprecated since 5.2 | |||
*/ | |||
@Deprecated | |||
private void validateTemplateNameForCreation(DbSession dbSession, String templateName) { | |||
checkRequest(!templateName.isEmpty(), MSG_TEMPLATE_NAME_NOT_BLANK); | |||
PermissionTemplateDto permissionTemplateWithSameName = dbClient.permissionTemplateDao().selectByName(dbSession, templateName); | |||
checkRequest(permissionTemplateWithSameName == null, format(MSG_TEMPLATE_WITH_SAME_NAME, templateName)); | |||
} | |||
/** | |||
* @deprecated since 5.2 | |||
*/ | |||
@Deprecated | |||
private void validateTemplateNameForUpdate(DbSession dbSession, String templateName, long templateId) { | |||
checkRequest(!templateName.isEmpty(), MSG_TEMPLATE_NAME_NOT_BLANK); | |||
PermissionTemplateDto permissionTemplateWithSameName = dbClient.permissionTemplateDao().selectByName(dbSession, templateName); | |||
checkRequest(permissionTemplateWithSameName == null || permissionTemplateWithSameName.getId() == templateId, | |||
format(MSG_TEMPLATE_WITH_SAME_NAME, templateName)); | |||
} | |||
} |
@@ -1,96 +0,0 @@ | |||
/* | |||
* SonarQube, open source software quality management tool. | |||
* Copyright (C) 2008-2014 SonarSource | |||
* mailto:contact AT sonarsource DOT com | |||
* | |||
* SonarQube is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* SonarQube is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.permission; | |||
import org.sonar.api.security.DefaultGroups; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.permission.PermissionTemplateDto; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.user.UserSession; | |||
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser; | |||
import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; | |||
/** | |||
* @deprecated since 5.2 can be removed when Ruby doesn't rely on PermissionTemplateService | |||
*/ | |||
@Deprecated | |||
abstract class PermissionTemplateUpdater { | |||
private final DbClient dbClient; | |||
private final UserSession userSession; | |||
private final String templateKey; | |||
private final String permission; | |||
private final String updatedReference; | |||
PermissionTemplateUpdater(DbClient dbClient, UserSession userSession, String templateKey, String permission, String updatedReference) { | |||
this.dbClient = dbClient; | |||
this.userSession = userSession; | |||
this.templateKey = templateKey; | |||
this.permission = permission; | |||
this.updatedReference = updatedReference; | |||
} | |||
void executeUpdate() { | |||
checkGlobalAdminUser(userSession); | |||
Long templateId = getTemplateId(templateKey); | |||
validateProjectPermission(permission); | |||
doExecute(templateId, permission); | |||
} | |||
abstract void doExecute(Long templateId, String permission); | |||
Long getUserId() { | |||
UserDto userDto = dbClient.userDao().selectActiveUserByLogin(updatedReference); | |||
if (userDto == null) { | |||
throw new BadRequestException("Unknown user: " + updatedReference); | |||
} | |||
return userDto.getId(); | |||
} | |||
Long getGroupId() { | |||
if (DefaultGroups.isAnyone(updatedReference)) { | |||
return null; | |||
} | |||
DbSession dbSession = dbClient.openSession(false); | |||
try { | |||
GroupDto groupDto = dbClient.groupDao().selectByName(dbSession, updatedReference); | |||
if (groupDto == null) { | |||
throw new BadRequestException("Unknown group: " + updatedReference); | |||
} | |||
return groupDto.getId(); | |||
} finally { | |||
dbClient.closeSession(dbSession); | |||
} | |||
} | |||
private Long getTemplateId(String key) { | |||
PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().selectByUuid(key); | |||
if (permissionTemplateDto == null) { | |||
throw new BadRequestException("Unknown template: " + key); | |||
} | |||
return permissionTemplateDto.getId(); | |||
} | |||
} |
@@ -1,58 +0,0 @@ | |||
/* | |||
* SonarQube, open source software quality management tool. | |||
* Copyright (C) 2008-2014 SonarSource | |||
* mailto:contact AT sonarsource DOT com | |||
* | |||
* SonarQube is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* SonarQube is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.permission; | |||
public class PermissionTemplateUser { | |||
private final Long templateId; | |||
private final Long userId; | |||
private final String userName; | |||
private final String userLogin; | |||
private final String permission; | |||
public PermissionTemplateUser(Long templateId, Long userId, String userName, String userLogin, String permission) { | |||
this.templateId = templateId; | |||
this.userId = userId; | |||
this.userName = userName; | |||
this.userLogin = userLogin; | |||
this.permission = permission; | |||
} | |||
public Long getUserId() { | |||
return userId; | |||
} | |||
public String getUserName() { | |||
return userName; | |||
} | |||
public String getPermission() { | |||
return permission; | |||
} | |||
public Long getTemplateId() { | |||
return templateId; | |||
} | |||
public String getUserLogin() { | |||
return userLogin; | |||
} | |||
} |
@@ -27,12 +27,10 @@ public class UserWithPermissionQueryResult { | |||
private final List<UserWithPermission> users; | |||
private final int total; | |||
private final boolean hasMoreResults; | |||
public UserWithPermissionQueryResult(List<UserWithPermission> users, int total) { | |||
this.users = users; | |||
this.total = total; | |||
this.hasMoreResults = total > users.size(); | |||
} | |||
public List<UserWithPermission> users() { | |||
@@ -42,9 +40,4 @@ public class UserWithPermissionQueryResult { | |||
public int total() { | |||
return total; | |||
} | |||
// called by Ruby Code | |||
public boolean hasMoreResults() { | |||
return hasMoreResults; | |||
} | |||
} |
@@ -42,7 +42,7 @@ import org.sonarqube.ws.WsPermissions.WsGroupsResponse; | |||
import static com.google.common.base.Objects.firstNonNull; | |||
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentDto; | |||
import static org.sonar.server.permission.PermissionQueryParser.toMembership; | |||
import static org.sonar.server.permission.ws.PermissionQueryParser.fromSelectionModeToMembership; | |||
import static org.sonar.server.permission.ws.Parameters.createPermissionParameter; | |||
import static org.sonar.server.permission.ws.Parameters.createProjectParameter; | |||
import static org.sonar.server.ws.WsUtils.writeProtobuf; | |||
@@ -136,7 +136,7 @@ public class GroupsAction implements PermissionsWsAction { | |||
.permission(request.permission()) | |||
.pageIndex(request.page()) | |||
.pageSize(request.pageSize()) | |||
.membership(toMembership(firstNonNull(request.selected(), SelectionMode.SELECTED.value()))) | |||
.membership(fromSelectionModeToMembership(firstNonNull(request.selected(), SelectionMode.SELECTED.value()))) | |||
.search(request.query()); | |||
if (project.isPresent()) { | |||
permissionQuery.component(project.get().getKey()); |
@@ -18,33 +18,18 @@ | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.permission; | |||
package org.sonar.server.permission.ws; | |||
import java.util.Map; | |||
import org.sonar.api.server.ws.WebService.SelectionMode; | |||
import org.sonar.db.permission.PermissionQuery; | |||
import org.sonar.db.user.GroupMembershipQuery; | |||
import org.sonar.server.util.RubyUtils; | |||
public class PermissionQueryParser { | |||
class PermissionQueryParser { | |||
private PermissionQueryParser() { | |||
// Utility class | |||
} | |||
static PermissionQuery toQuery(Map<String, Object> params) { | |||
PermissionQuery.Builder builder = PermissionQuery.builder(); | |||
builder.permission((String) params.get("permission")); | |||
builder.component((String) params.get("component")); | |||
builder.template((String) params.get("template")); | |||
builder.membership(toMembership((String) params.get("selected"))); | |||
builder.search((String) params.get("query")); | |||
builder.pageIndex(RubyUtils.toInteger(params.get("page"))); | |||
builder.pageSize(RubyUtils.toInteger(params.get("pageSize"))); | |||
return builder.build(); | |||
} | |||
public static String toMembership(String selectionModeString) { | |||
static String fromSelectionModeToMembership(String selectionModeString) { | |||
SelectionMode selectionMode = SelectionMode.fromParam(selectionModeString); | |||
if (SelectionMode.SELECTED == selectionMode) { | |||
return GroupMembershipQuery.IN; |
@@ -42,7 +42,7 @@ import org.sonarqube.ws.WsPermissions.WsUsersResponse; | |||
import static com.google.common.base.Objects.firstNonNull; | |||
import static com.google.common.base.Strings.nullToEmpty; | |||
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentDto; | |||
import static org.sonar.server.permission.PermissionQueryParser.toMembership; | |||
import static org.sonar.server.permission.ws.PermissionQueryParser.fromSelectionModeToMembership; | |||
import static org.sonar.server.permission.ws.Parameters.createPermissionParameter; | |||
import static org.sonar.server.permission.ws.Parameters.createProjectParameter; | |||
import static org.sonar.server.ws.WsUtils.writeProtobuf; | |||
@@ -128,7 +128,7 @@ public class UsersAction implements PermissionsWsAction { | |||
.permission(request.permission()) | |||
.pageIndex(request.page()) | |||
.pageSize(request.pageSize()) | |||
.membership(toMembership(firstNonNull(request.selected(), SelectionMode.SELECTED.value()))) | |||
.membership(fromSelectionModeToMembership(firstNonNull(request.selected(), SelectionMode.SELECTED.value()))) | |||
.search(request.query()); | |||
if (project.isPresent()) { | |||
permissionQuery.component(project.get().getKey()); |
@@ -164,7 +164,6 @@ import org.sonar.server.notification.email.AlertsEmailTemplate; | |||
import org.sonar.server.notification.email.EmailNotificationChannel; | |||
import org.sonar.server.permission.PermissionFinder; | |||
import org.sonar.server.permission.PermissionService; | |||
import org.sonar.server.permission.PermissionTemplateService; | |||
import org.sonar.server.permission.PermissionUpdater; | |||
import org.sonar.server.permission.ws.PermissionsWsModule; | |||
import org.sonar.server.platform.BackendCleanup; | |||
@@ -548,7 +547,6 @@ public class PlatformLevel4 extends PlatformLevel { | |||
PermissionRepository.class, | |||
PermissionService.class, | |||
PermissionUpdater.class, | |||
PermissionTemplateService.class, | |||
PermissionFinder.class, | |||
PermissionsWsModule.class, | |||
@@ -161,7 +161,6 @@ public class PermissionFinderTest { | |||
PermissionQuery.builder().permission("user").membership(PermissionQuery.IN).build()); | |||
assertThat(result.groups()).hasSize(1); | |||
assertThat(result.hasMoreResults()).isFalse(); | |||
} | |||
@Test | |||
@@ -181,18 +180,10 @@ public class PermissionFinderTest { | |||
.pageIndex(2) | |||
.build()); | |||
assertThat(result.hasMoreResults()).isTrue(); | |||
List<GroupWithPermission> groups = result.groups(); | |||
assertThat(groups).hasSize(2); | |||
assertThat(groups.get(0).name()).isEqualTo("Users"); | |||
assertThat(groups.get(1).name()).isEqualTo("Reviewers"); | |||
assertThat(underTest.findGroupsWithPermission( | |||
PermissionQuery.builder() | |||
.permission("user") | |||
.pageSize(2) | |||
.pageIndex(3) | |||
.build()).hasMoreResults()).isTrue(); | |||
} | |||
@Test | |||
@@ -300,7 +291,6 @@ public class PermissionFinderTest { | |||
GroupWithPermissionQueryResult result = underTest.findGroupsWithPermissionTemplate( | |||
PermissionQuery.builder().permission("user").template("my_template").membership(PermissionQuery.OUT).build()); | |||
assertThat(result.groups()).hasSize(1); | |||
assertThat(result.hasMoreResults()).isFalse(); | |||
} | |||
@Test |
@@ -1,81 +0,0 @@ | |||
/* | |||
* SonarQube, open source software quality management tool. | |||
* Copyright (C) 2008-2014 SonarSource | |||
* mailto:contact AT sonarsource DOT com | |||
* | |||
* SonarQube is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* SonarQube is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.permission; | |||
import org.junit.Test; | |||
import org.sonar.db.permission.PermissionQuery; | |||
import java.util.Map; | |||
import static com.google.common.collect.Maps.newHashMap; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
public class PermissionQueryParserTest { | |||
@Test | |||
public void to_query_with_all_params() { | |||
Map<String, Object> params = newHashMap(); | |||
params.put("permission", "admin"); | |||
params.put("template", "my_template_key"); | |||
params.put("component", "org.sample.Sample"); | |||
params.put("query", "text"); | |||
params.put("selected", "all"); | |||
params.put("page", 2); | |||
params.put("pageSize", 50); | |||
PermissionQuery query = PermissionQueryParser.toQuery(params); | |||
assertThat(query.permission()).isEqualTo("admin"); | |||
assertThat(query.component()).isEqualTo("org.sample.Sample"); | |||
assertThat(query.template()).isEqualTo("my_template_key"); | |||
assertThat(query.search()).isEqualTo("text"); | |||
assertThat(query.pageSize()).isEqualTo(50); | |||
assertThat(query.pageIndex()).isEqualTo(2); | |||
assertThat(query.membership()).isEqualTo(PermissionQuery.ANY); | |||
} | |||
@Test | |||
public void to_query_with_include_membership_parameter() { | |||
Map<String, Object> params = newHashMap(); | |||
params.put("permission", "admin"); | |||
params.put("selected", "selected"); | |||
assertThat(PermissionQueryParser.toQuery(params).membership()).isEqualTo(PermissionQuery.IN); | |||
} | |||
@Test | |||
public void to_query_with_exclude_membership_parameter() { | |||
Map<String, Object> params = newHashMap(); | |||
params.put("permission", "admin"); | |||
params.put("selected", "deselected"); | |||
assertThat(PermissionQueryParser.toQuery(params).membership()).isEqualTo(PermissionQuery.OUT); | |||
} | |||
@Test | |||
public void to_query_with_any_membership_parameter() { | |||
Map<String, Object> params = newHashMap(); | |||
params.put("permission", "admin"); | |||
params.put("selected", "all"); | |||
assertThat(PermissionQueryParser.toQuery(params).membership()).isEqualTo(PermissionQuery.ANY); | |||
} | |||
} |
@@ -1,373 +0,0 @@ | |||
/* | |||
* SonarQube, open source software quality management tool. | |||
* Copyright (C) 2008-2014 SonarSource | |||
* mailto:contact AT sonarsource DOT com | |||
* | |||
* SonarQube is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* SonarQube is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.permission; | |||
import com.google.common.collect.ImmutableMap; | |||
import com.google.common.collect.Lists; | |||
import java.util.List; | |||
import org.junit.Before; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.junit.rules.ExpectedException; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.permission.PermissionQuery; | |||
import org.sonar.db.permission.PermissionTemplateDao; | |||
import org.sonar.db.permission.PermissionTemplateDto; | |||
import org.sonar.db.permission.PermissionTemplateGroupDto; | |||
import org.sonar.db.permission.PermissionTemplateUserDto; | |||
import org.sonar.db.user.GroupDao; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDao; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.tester.UserSessionRule; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.mockito.Matchers.anyString; | |||
import static org.mockito.Mockito.any; | |||
import static org.mockito.Mockito.eq; | |||
import static org.mockito.Mockito.mock; | |||
import static org.mockito.Mockito.times; | |||
import static org.mockito.Mockito.verify; | |||
import static org.mockito.Mockito.verifyZeroInteractions; | |||
import static org.mockito.Mockito.when; | |||
public class PermissionTemplateServiceTest { | |||
private static final String DEFAULT_KEY = "my_template"; | |||
private static final String DEFAULT_DESC = "my description"; | |||
private static final String DEFAULT_PATTERN = "com.foo.(.*)"; | |||
private static final String DEFAULT_PERMISSION = UserRole.USER; | |||
private static final PermissionTemplateDto DEFAULT_TEMPLATE = | |||
new PermissionTemplateDto().setId(1L).setName(DEFAULT_KEY).setDescription(DEFAULT_DESC).setKeyPattern(DEFAULT_PATTERN); | |||
@Rule | |||
public UserSessionRule userSessionRule = UserSessionRule.standalone(); | |||
PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class); | |||
UserDao userDao = mock(UserDao.class); | |||
GroupDao groupDao = mock(GroupDao.class); | |||
PermissionFinder finder = mock(PermissionFinder.class); | |||
DbSession session = mock(DbSession.class); | |||
PermissionTemplateService underTest; | |||
@Rule | |||
public ExpectedException expected = ExpectedException.none(); | |||
@Before | |||
public void setUp() { | |||
userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); | |||
DbClient dbClient = mock(DbClient.class); | |||
when(dbClient.openSession(false)).thenReturn(session); | |||
when(dbClient.permissionTemplateDao()).thenReturn(permissionTemplateDao); | |||
when(dbClient.userDao()).thenReturn(userDao); | |||
when(dbClient.groupDao()).thenReturn(groupDao); | |||
underTest = new PermissionTemplateService(dbClient, userSessionRule, finder); | |||
} | |||
@Test | |||
public void find_users_with_permission_template() { | |||
underTest.findUsersWithPermissionTemplate(ImmutableMap.<String, Object>of( | |||
"permission", "user", | |||
"template", "my_template", | |||
"selected", "all")); | |||
verify(finder).findUsersWithPermissionTemplate(any(PermissionQuery.class)); | |||
} | |||
@Test | |||
public void find_groups_with_permission_template() { | |||
underTest.findGroupsWithPermissionTemplate(ImmutableMap.<String, Object>of( | |||
"permission", "user", | |||
"template", "my_template", | |||
"selected", "all")); | |||
verify(finder).findGroupsWithPermissionTemplate(any(PermissionQuery.class)); | |||
} | |||
@Test | |||
public void should_create_permission_template() { | |||
when(permissionTemplateDao.insert(any(DbSession.class), any(PermissionTemplateDto.class))).thenReturn(DEFAULT_TEMPLATE); | |||
PermissionTemplate permissionTemplate = underTest.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, DEFAULT_PATTERN); | |||
assertThat(permissionTemplate.getId()).isEqualTo(1L); | |||
assertThat(permissionTemplate.getName()).isEqualTo(DEFAULT_KEY); | |||
assertThat(permissionTemplate.getDescription()).isEqualTo(DEFAULT_DESC); | |||
assertThat(permissionTemplate.getKeyPattern()).isEqualTo(DEFAULT_PATTERN); | |||
} | |||
@Test | |||
public void should_enforce_unique_template_name() { | |||
expected.expect(BadRequestException.class); | |||
expected.expectMessage("A template with the name 'my_template' already exists (case insensitive)."); | |||
when(permissionTemplateDao.selectByName(any(DbSession.class), anyString())).thenReturn(DEFAULT_TEMPLATE); | |||
underTest.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, null); | |||
} | |||
@Test | |||
public void should_reject_empty_name_on_creation() { | |||
expected.expect(BadRequestException.class); | |||
expected.expectMessage("The template name must not be blank"); | |||
underTest.createPermissionTemplate("", DEFAULT_DESC, null); | |||
} | |||
@Test | |||
public void should_reject_invalid_key_pattern_on_creation() { | |||
expected.expect(BadRequestException.class); | |||
expected.expectMessage("The 'projectKeyPattern' parameter must be a valid Java regular expression. '[azerty' was passed"); | |||
underTest.createPermissionTemplate(DEFAULT_KEY, DEFAULT_DESC, "[azerty"); | |||
} | |||
@Test | |||
public void should_delete_permission_template() { | |||
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE); | |||
underTest.deletePermissionTemplate(1L); | |||
verify(permissionTemplateDao).deleteById(any(DbSession.class), eq(1L)); | |||
} | |||
@Test | |||
public void should_retrieve_permission_template() { | |||
List<PermissionTemplateUserDto> usersPermissions = Lists.newArrayList( | |||
buildUserPermission("user_scan", GlobalPermissions.SCAN_EXECUTION), | |||
buildUserPermission("user_dry_run", GlobalPermissions.PREVIEW_EXECUTION), | |||
buildUserPermission("user_scan_and_dry_run", GlobalPermissions.SCAN_EXECUTION), | |||
buildUserPermission("user_scan_and_dry_run", GlobalPermissions.PREVIEW_EXECUTION) | |||
); | |||
List<PermissionTemplateGroupDto> groupsPermissions = Lists.newArrayList( | |||
buildGroupPermission("admin_group", GlobalPermissions.SYSTEM_ADMIN), | |||
buildGroupPermission("scan_group", GlobalPermissions.SCAN_EXECUTION), | |||
buildGroupPermission(null, GlobalPermissions.PREVIEW_EXECUTION) | |||
); | |||
PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto() | |||
.setId(1L) | |||
.setName("my template") | |||
.setDescription("my description") | |||
.setUsersPermissions(usersPermissions) | |||
.setGroupsByPermission(groupsPermissions); | |||
when(permissionTemplateDao.selectByUuidWithUserAndGroupPermissions("my template")).thenReturn(permissionTemplateDto); | |||
PermissionTemplate permissionTemplate = underTest.selectPermissionTemplate("my template"); | |||
assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.DASHBOARD_SHARING)).isEmpty(); | |||
assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.SCAN_EXECUTION)).extracting("userName").containsOnly("user_scan", "user_scan_and_dry_run"); | |||
assertThat(permissionTemplate.getUsersForPermission(GlobalPermissions.PREVIEW_EXECUTION)).extracting("userName").containsOnly("user_dry_run", "user_scan_and_dry_run"); | |||
assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.DASHBOARD_SHARING)).isEmpty(); | |||
assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.SCAN_EXECUTION)).extracting("groupName").containsOnly("scan_group"); | |||
assertThat(permissionTemplate.getGroupsForPermission(GlobalPermissions.SYSTEM_ADMIN)).extracting("groupName").containsOnly("admin_group"); | |||
} | |||
@Test | |||
public void should_retrieve_all_permission_templates() { | |||
PermissionTemplateDto template1 = | |||
new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1"); | |||
PermissionTemplateDto template2 = | |||
new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2"); | |||
when(permissionTemplateDao.selectAll()).thenReturn(Lists.newArrayList(template1, template2)); | |||
List<PermissionTemplate> templates = underTest.selectAllPermissionTemplates(); | |||
assertThat(templates).hasSize(2); | |||
assertThat(templates).extracting("id").containsOnly(1L, 2L); | |||
assertThat(templates).extracting("name").containsOnly("template1", "template2"); | |||
assertThat(templates).extracting("description").containsOnly("template1", "template2"); | |||
} | |||
@Test | |||
public void should_retrieve_all_permission_templates_from_project() { | |||
userSessionRule.login("admin").addProjectPermissions(UserRole.ADMIN, "org.sample.Sample"); | |||
PermissionTemplateDto template1 = | |||
new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1"); | |||
PermissionTemplateDto template2 = | |||
new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2"); | |||
when(permissionTemplateDao.selectAll()).thenReturn(Lists.newArrayList(template1, template2)); | |||
List<PermissionTemplate> templates = underTest.selectAllPermissionTemplates("org.sample.Sample"); | |||
assertThat(templates).hasSize(2); | |||
assertThat(templates).extracting("id").containsOnly(1L, 2L); | |||
assertThat(templates).extracting("name").containsOnly("template1", "template2"); | |||
assertThat(templates).extracting("description").containsOnly("template1", "template2"); | |||
} | |||
@Test | |||
public void should_update_permission_template() { | |||
underTest.updatePermissionTemplate(1L, "new_name", "new_description", null); | |||
verify(permissionTemplateDao).update(1L, "new_name", "new_description", null); | |||
} | |||
@Test | |||
public void should_validate_template_name_on_update_if_applicable() { | |||
expected.expect(BadRequestException.class); | |||
expected.expectMessage("A template with the name 'template2' already exists (case insensitive)."); | |||
PermissionTemplateDto template2 = | |||
new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2"); | |||
when(permissionTemplateDao.selectByName(any(DbSession.class), eq("template2"))).thenReturn(template2); | |||
underTest.updatePermissionTemplate(1L, "template2", "template2", null); | |||
} | |||
@Test | |||
public void should_validate_template_key_pattern_on_update_if_applicable() { | |||
expected.expect(BadRequestException.class); | |||
expected.expectMessage("The 'projectKeyPattern' parameter must be a valid Java regular expression. '[azerty' was passed"); | |||
PermissionTemplateDto template1 = new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1"); | |||
when(permissionTemplateDao.selectAll()).thenReturn(Lists.newArrayList(template1)); | |||
underTest.updatePermissionTemplate(1L, "template1", "template1", "[azerty"); | |||
} | |||
@Test | |||
public void should_skip_name_validation_where_not_applicable() { | |||
PermissionTemplateDto template1 = | |||
new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1"); | |||
PermissionTemplateDto template2 = | |||
new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2"); | |||
when(permissionTemplateDao.selectAll()).thenReturn(Lists.newArrayList(template1, template2)); | |||
underTest.updatePermissionTemplate(1L, "template1", "new_description", null); | |||
verify(permissionTemplateDao).update(1L, "template1", "new_description", null); | |||
} | |||
@Test | |||
public void should_add_user_permission() { | |||
UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user"); | |||
when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto); | |||
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE); | |||
underTest.addUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "user"); | |||
verify(permissionTemplateDao, times(1)).insertUserPermission(1L, 1L, DEFAULT_PERMISSION); | |||
} | |||
@Test | |||
public void should_validate_provided_user_login() { | |||
expected.expect(BadRequestException.class); | |||
expected.expectMessage("Unknown user:"); | |||
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE); | |||
when(userDao.selectActiveUserByLogin("unknown")).thenReturn(null); | |||
underTest.addUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "unknown"); | |||
} | |||
@Test | |||
public void should_remove_user_permission() { | |||
UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user"); | |||
when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto); | |||
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE); | |||
underTest.removeUserPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "user"); | |||
verify(permissionTemplateDao, times(1)).deleteUserPermission(1L, 1L, DEFAULT_PERMISSION); | |||
} | |||
@Test | |||
public void should_add_group_permission() { | |||
GroupDto groupDto = new GroupDto().setId(1L).setName("group"); | |||
when(groupDao.selectByName(any(DbSession.class), eq("group"))).thenReturn(groupDto); | |||
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE); | |||
underTest.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "group"); | |||
verify(permissionTemplateDao, times(1)).insertGroupPermission(1L, 1L, DEFAULT_PERMISSION); | |||
} | |||
@Test | |||
public void should_validate_provided_group_name() { | |||
expected.expect(BadRequestException.class); | |||
expected.expectMessage("Unknown group:"); | |||
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE); | |||
when(groupDao.selectByName(any(DbSession.class), eq("unknown"))).thenReturn(null); | |||
underTest.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "unknown"); | |||
} | |||
@Test | |||
public void should_remove_group_permission() { | |||
GroupDto groupDto = new GroupDto().setId(1L).setName("group"); | |||
when(groupDao.selectByName(any(DbSession.class), eq("group"))).thenReturn(groupDto); | |||
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE); | |||
underTest.removeGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "group"); | |||
verify(permissionTemplateDao, times(1)).deleteGroupPermission(1L, 1L, DEFAULT_PERMISSION); | |||
} | |||
@Test | |||
public void should_add_permission_to_anyone_group() { | |||
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE); | |||
underTest.addGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "Anyone"); | |||
verify(permissionTemplateDao).insertGroupPermission(1L, null, DEFAULT_PERMISSION); | |||
verifyZeroInteractions(userDao); | |||
} | |||
@Test | |||
public void should_remove_permission_from_anyone_group() { | |||
when(permissionTemplateDao.selectByUuid(DEFAULT_KEY)).thenReturn(DEFAULT_TEMPLATE); | |||
underTest.removeGroupPermission(DEFAULT_KEY, DEFAULT_PERMISSION, "Anyone"); | |||
verify(permissionTemplateDao).deleteGroupPermission(1L, null, DEFAULT_PERMISSION); | |||
verifyZeroInteractions(userDao); | |||
} | |||
@Test | |||
public void should_remove_group_from_templates() { | |||
GroupDto groupDto = new GroupDto().setId(1L).setName("group"); | |||
when(groupDao.selectByName(session, "group")).thenReturn(groupDto); | |||
underTest.removeGroupFromTemplates("group"); | |||
verify(permissionTemplateDao).deleteByGroup(eq(session), eq(1L)); | |||
} | |||
private PermissionTemplateUserDto buildUserPermission(String userName, String permission) { | |||
return new PermissionTemplateUserDto().setUserName(userName).setPermission(permission); | |||
} | |||
private PermissionTemplateGroupDto buildGroupPermission(String groupName, String permission) { | |||
return new PermissionTemplateGroupDto().setGroupName(groupName).setPermission(permission); | |||
} | |||
} |
@@ -1,68 +0,0 @@ | |||
/* | |||
* SonarQube, open source software quality management tool. | |||
* Copyright (C) 2008-2014 SonarSource | |||
* mailto:contact AT sonarsource DOT com | |||
* | |||
* SonarQube is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* SonarQube is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.permission; | |||
import com.google.common.collect.Lists; | |||
import org.junit.Test; | |||
import org.sonar.db.permission.PermissionTemplateDto; | |||
import org.sonar.db.permission.PermissionTemplateGroupDto; | |||
import org.sonar.db.permission.PermissionTemplateUserDto; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
public class PermissionTemplateTest { | |||
@Test | |||
public void should_populate_template_with_permissions() { | |||
PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto() | |||
.setId(1L) | |||
.setName("name") | |||
.setKee("key") | |||
.setDescription("description") | |||
.setUsersPermissions(Lists.newArrayList( | |||
new PermissionTemplateUserDto().setId(1L).setUserId(1L).setUserName("user1").setUserLogin("login1").setPermission("permission1"), | |||
new PermissionTemplateUserDto().setId(2L).setUserId(1L).setUserName("user1").setUserLogin("login1").setPermission("permission2"), | |||
new PermissionTemplateUserDto().setId(3L).setUserId(2L).setUserName("user2").setUserLogin("login2").setPermission("permission1") | |||
)) | |||
.setGroupsByPermission(Lists.newArrayList( | |||
new PermissionTemplateGroupDto().setId(1L).setGroupId(1L).setGroupName("group1").setPermission("permission3"), | |||
new PermissionTemplateGroupDto().setId(2L).setGroupId(2L).setGroupName("group2").setPermission("permission3"), | |||
new PermissionTemplateGroupDto().setId(3L).setGroupId(null).setGroupName(null).setPermission("permission3") | |||
)); | |||
PermissionTemplate permissionTemplate = PermissionTemplate.create(permissionTemplateDto); | |||
assertThat(permissionTemplate.getId()).isEqualTo(1L); | |||
assertThat(permissionTemplate.getName()).isEqualTo("name"); | |||
assertThat(permissionTemplate.getKey()).isEqualTo("key"); | |||
assertThat(permissionTemplate.getDescription()).isEqualTo("description"); | |||
assertThat(permissionTemplate.getUsersForPermission("unmatchedPermission")).isEmpty(); | |||
assertThat(permissionTemplate.getUsersForPermission("permission1")).extracting("userName").containsOnly("user1", "user2"); | |||
assertThat(permissionTemplate.getUsersForPermission("permission1")).extracting("userId").containsOnly(1L, 2L); | |||
assertThat(permissionTemplate.getUsersForPermission("permission1")).extracting("userLogin").containsOnly("login1", "login2"); | |||
assertThat(permissionTemplate.getUsersForPermission("permission2")).extracting("userName").containsOnly("user1"); | |||
assertThat(permissionTemplate.getUsersForPermission("permission2")).extracting("userId").containsOnly(1L); | |||
assertThat(permissionTemplate.getUsersForPermission("permission2")).extracting("userLogin").containsOnly("login1"); | |||
assertThat(permissionTemplate.getGroupsForPermission("permission3")).extracting("groupName").containsOnly("group1", "group2", null); | |||
assertThat(permissionTemplate.getGroupsForPermission("permission3")).extracting("groupId").containsOnly(1L, 2L, null); | |||
} | |||
} |
@@ -1,157 +0,0 @@ | |||
/* | |||
* SonarQube, open source software quality management tool. | |||
* Copyright (C) 2008-2014 SonarSource | |||
* mailto:contact AT sonarsource DOT com | |||
* | |||
* SonarQube is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* SonarQube is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.permission; | |||
import org.junit.Before; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.junit.rules.ExpectedException; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.permission.PermissionTemplateDao; | |||
import org.sonar.db.permission.PermissionTemplateDto; | |||
import org.sonar.db.user.GroupDao; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDao; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.exceptions.ForbiddenException; | |||
import org.sonar.server.exceptions.UnauthorizedException; | |||
import org.sonar.server.tester.UserSessionRule; | |||
import static org.mockito.Matchers.any; | |||
import static org.mockito.Matchers.eq; | |||
import static org.mockito.Mockito.mock; | |||
import static org.mockito.Mockito.stub; | |||
import static org.mockito.Mockito.times; | |||
import static org.mockito.Mockito.verify; | |||
import static org.mockito.Mockito.when; | |||
public class PermissionTemplateUpdaterTest { | |||
@Rule | |||
public UserSessionRule userSessionRule = UserSessionRule.standalone(); | |||
private static final UserDto DEFAULT_USER = new UserDto().setId(1L).setLogin("user").setName("user"); | |||
private static final GroupDto DEFAULT_GROUP = new GroupDto().setId(1L).setName("group"); | |||
private DbClient dbClient = mock(DbClient.class); | |||
private UserDao userDao = mock(UserDao.class); | |||
private GroupDao groupDao = mock(GroupDao.class); | |||
@Rule | |||
public ExpectedException expected = ExpectedException.none(); | |||
@Before | |||
public void setUpCommonMocks() { | |||
userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); | |||
stub(userDao.selectActiveUserByLogin("user")).toReturn(DEFAULT_USER); | |||
stub(groupDao.selectByName(any(DbSession.class), eq("group"))).toReturn(DEFAULT_GROUP); | |||
when(dbClient.userDao()).thenReturn(userDao); | |||
when(dbClient.groupDao()).thenReturn(groupDao); | |||
when(dbClient.permissionTemplateDao()).thenReturn(mock(PermissionTemplateDao.class)); | |||
} | |||
@Test | |||
public void should_execute_on_valid_parameters() { | |||
final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class); | |||
when(permissionTemplateDao.selectByUuid("my_template")).thenReturn(new PermissionTemplateDto().setId(1L)); | |||
when(dbClient.permissionTemplateDao()).thenReturn(permissionTemplateDao); | |||
PermissionTemplateUpdater updater = | |||
new PermissionTemplateUpdater(dbClient, userSessionRule, "my_template", UserRole.USER, "user") { | |||
@Override | |||
void doExecute(Long templateId, String permission) { | |||
permissionTemplateDao.insertUserPermission(1L, 1L, UserRole.USER); | |||
} | |||
}; | |||
updater.executeUpdate(); | |||
verify(permissionTemplateDao, times(1)).insertUserPermission(1L, 1L, UserRole.USER); | |||
} | |||
@Test | |||
public void should_validate_template_reference() { | |||
expected.expect(BadRequestException.class); | |||
expected.expectMessage("Unknown template:"); | |||
final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class); | |||
when(permissionTemplateDao.selectByUuid("my_template")).thenReturn(null); | |||
PermissionTemplateUpdater updater = | |||
new PermissionTemplateUpdater(dbClient, userSessionRule, "my_template", UserRole.USER, "user") { | |||
@Override | |||
void doExecute(Long templateId, String permission) { | |||
} | |||
}; | |||
updater.executeUpdate(); | |||
} | |||
@Test | |||
public void should_validate_permission_reference() { | |||
expected.expect(BadRequestException.class); | |||
final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class); | |||
when(permissionTemplateDao.selectByUuid("my_template")).thenReturn(new PermissionTemplateDto().setId(1L)); | |||
when(dbClient.permissionTemplateDao()).thenReturn(permissionTemplateDao); | |||
PermissionTemplateUpdater updater = | |||
new PermissionTemplateUpdater(dbClient, userSessionRule, "my_template", "invalid_permission", "user") { | |||
@Override | |||
void doExecute(Long templateId, String permission) { | |||
} | |||
}; | |||
updater.executeUpdate(); | |||
} | |||
@Test | |||
public void should_check_that_user_is_logged_in() { | |||
expected.expect(UnauthorizedException.class); | |||
expected.expectMessage("Authentication is required"); | |||
userSessionRule.anonymous(); | |||
PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSessionRule, null, null, null) { | |||
@Override | |||
void doExecute(Long templateId, String permission) { | |||
} | |||
}; | |||
updater.executeUpdate(); | |||
} | |||
@Test | |||
public void should_check_that_user_is_a_system_admin() { | |||
expected.expect(ForbiddenException.class); | |||
expected.expectMessage("Insufficient privileges"); | |||
userSessionRule.login("user").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION); | |||
PermissionTemplateUpdater updater = new PermissionTemplateUpdater(dbClient, userSessionRule, null, null, null) { | |||
@Override | |||
void doExecute(Long templateId, String permission) { | |||
} | |||
}; | |||
updater.executeUpdate(); | |||
} | |||
} |
@@ -38,6 +38,7 @@ class Internal | |||
component(Java::OrgSonarApiComponent::RubyComponentService.java_class) | |||
end | |||
# TODO to delete | |||
def self.permissions | |||
component(Java::OrgSonarServerPermission::PermissionService.java_class) | |||
end |