@@ -22,7 +22,6 @@ package org.sonar.ce.task.projectanalysis.issue; | |||
import javax.annotation.CheckForNull; | |||
import org.sonar.api.utils.log.Logger; | |||
import org.sonar.api.utils.log.Loggers; | |||
import org.sonar.ce.task.projectanalysis.analysis.AnalysisMetadataHolder; | |||
import org.sonar.ce.task.projectanalysis.component.ConfigurationRepository; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
@@ -41,15 +40,13 @@ public class DefaultAssignee { | |||
private final DbClient dbClient; | |||
private final ConfigurationRepository configRepository; | |||
private final AnalysisMetadataHolder analysisMetadataHolder; | |||
private boolean loaded = false; | |||
private String userUuid = null; | |||
public DefaultAssignee(DbClient dbClient, ConfigurationRepository configRepository, AnalysisMetadataHolder analysisMetadataHolder) { | |||
public DefaultAssignee(DbClient dbClient, ConfigurationRepository configRepository) { | |||
this.dbClient = dbClient; | |||
this.configRepository = configRepository; | |||
this.analysisMetadataHolder = analysisMetadataHolder; | |||
} | |||
@CheckForNull | |||
@@ -72,15 +69,8 @@ public class DefaultAssignee { | |||
LOG.info("Property {} is set with an unknown login: {}", DEFAULT_ISSUE_ASSIGNEE, login); | |||
return null; | |||
} | |||
if (!isUserMemberOfOrganization(dbSession, user)) { | |||
LOG.info("Property {} is set with a user which is not member of the organization of the project : {}", DEFAULT_ISSUE_ASSIGNEE, login); | |||
return null; | |||
} | |||
return user.getUuid(); | |||
} | |||
} | |||
private boolean isUserMemberOfOrganization(DbSession dbSession, UserDto user) { | |||
return dbClient.organizationMemberDao().select(dbSession, analysisMetadataHolder.getOrganization().getUuid(), user.getUuid()).isPresent(); | |||
} | |||
} |
@@ -26,7 +26,6 @@ import java.util.List; | |||
import java.util.Map; | |||
import org.sonar.api.utils.log.Logger; | |||
import org.sonar.api.utils.log.Loggers; | |||
import org.sonar.ce.task.projectanalysis.analysis.AnalysisMetadataHolder; | |||
import org.sonar.ce.task.projectanalysis.util.cache.CacheLoader; | |||
import org.sonar.core.util.stream.MoreCollectors; | |||
import org.sonar.server.user.index.UserDoc; | |||
@@ -40,16 +39,14 @@ public class ScmAccountToUserLoader implements CacheLoader<String, String> { | |||
private static final Logger LOGGER = Loggers.get(ScmAccountToUserLoader.class); | |||
private final UserIndex index; | |||
private final AnalysisMetadataHolder analysisMetadataHolder; | |||
public ScmAccountToUserLoader(UserIndex index, AnalysisMetadataHolder analysisMetadataHolder) { | |||
public ScmAccountToUserLoader(UserIndex index) { | |||
this.index = index; | |||
this.analysisMetadataHolder = analysisMetadataHolder; | |||
} | |||
@Override | |||
public String load(String scmAccount) { | |||
List<UserDoc> users = index.getAtMostThreeActiveUsersForScmAccount(scmAccount, analysisMetadataHolder.getOrganization().getUuid()); | |||
List<UserDoc> users = index.getAtMostThreeActiveUsersForScmAccount(scmAccount); | |||
if (users.size() == 1) { | |||
return users.get(0).uuid(); | |||
} |
@@ -24,39 +24,31 @@ import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.sonar.api.CoreProperties; | |||
import org.sonar.api.config.internal.MapSettings; | |||
import org.sonar.ce.task.projectanalysis.analysis.AnalysisMetadataHolderImpl; | |||
import org.sonar.ce.task.projectanalysis.analysis.Organization; | |||
import org.sonar.ce.task.projectanalysis.component.ConfigurationRepository; | |||
import org.sonar.ce.task.projectanalysis.component.TestSettingsRepository; | |||
import org.sonar.core.platform.PlatformEditionProvider; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.user.UserDto; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.mockito.Mockito.mock; | |||
public class DefaultAssigneeTest { | |||
public static final String PROJECT_KEY = "PROJECT_KEY"; | |||
public static final String ORGANIZATION_UUID = "ORGANIZATION_UUID"; | |||
public static final String QUALITY_GATE_UUID = "QUALITY_GATE_UUID"; | |||
@Rule | |||
public DbTester db = DbTester.create(); | |||
private MapSettings settings = new MapSettings(); | |||
private ConfigurationRepository settingsRepository = new TestSettingsRepository(settings.asConfig()); | |||
private AnalysisMetadataHolderImpl analysisMetadataHolder = new AnalysisMetadataHolderImpl(mock(PlatformEditionProvider.class)); | |||
private OrganizationDto organizationDto; | |||
private DefaultAssignee underTest = new DefaultAssignee(db.getDbClient(), settingsRepository, analysisMetadataHolder); | |||
private DefaultAssignee underTest = new DefaultAssignee(db.getDbClient(), settingsRepository); | |||
@Before | |||
public void setUp() throws Exception { | |||
public void setUp() { | |||
organizationDto = db.organizations().insertForUuid(ORGANIZATION_UUID); | |||
analysisMetadataHolder.setOrganization(Organization.from( | |||
new OrganizationDto().setUuid(ORGANIZATION_UUID).setKey("Organization key").setName("Organization name").setDefaultQualityGateUuid(QUALITY_GATE_UUID))); | |||
} | |||
@Test | |||
@@ -88,16 +80,6 @@ public class DefaultAssigneeTest { | |||
assertThat(underTest.loadDefaultAssigneeUuid()).isNull(); | |||
} | |||
@Test | |||
public void configured_login_is_not_member_of_organization() { | |||
settings.setProperty(CoreProperties.DEFAULT_ISSUE_ASSIGNEE, "erik"); | |||
OrganizationDto otherOrganization = db.organizations().insert(); | |||
UserDto userDto = db.users().insertUser("erik"); | |||
db.organizations().addMember(otherOrganization, userDto); | |||
assertThat(underTest.loadDefaultAssigneeUuid()).isNull(); | |||
} | |||
@Test | |||
public void default_assignee_is_cached() { | |||
settings.setProperty(CoreProperties.DEFAULT_ISSUE_ASSIGNEE, "erik"); |
@@ -24,10 +24,7 @@ import org.junit.Test; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.api.utils.log.LogTester; | |||
import org.sonar.api.utils.log.LoggerLevel; | |||
import org.sonar.ce.task.projectanalysis.analysis.AnalysisMetadataHolderRule; | |||
import org.sonar.ce.task.projectanalysis.analysis.Organization; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.es.EsTester; | |||
import org.sonar.server.user.index.UserIndex; | |||
@@ -49,21 +46,15 @@ public class ScmAccountToUserLoaderTest { | |||
@Rule | |||
public LogTester logTester = new LogTester(); | |||
@Rule | |||
public AnalysisMetadataHolderRule analysisMetadataHolder = new AnalysisMetadataHolderRule(); | |||
private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); | |||
@Test | |||
public void load_login_for_scm_account() { | |||
UserDto user = db.users().insertUser(u -> u.setScmAccounts(asList("charlie", "jesuis@charlie.com"))); | |||
OrganizationDto organization = db.organizations().insert(o -> o.setUuid(ORGANIZATION_UUID)); | |||
analysisMetadataHolder.setOrganization(Organization.from(organization)); | |||
db.organizations().addMember(organization, user); | |||
userIndexer.indexOnStartup(null); | |||
UserIndex index = new UserIndex(es.client(), System2.INSTANCE); | |||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index, analysisMetadataHolder); | |||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index); | |||
assertThat(underTest.load("missing")).isNull(); | |||
assertThat(underTest.load("jesuis@charlie.com")).isEqualTo(user.getUuid()); | |||
@@ -71,15 +62,12 @@ public class ScmAccountToUserLoaderTest { | |||
@Test | |||
public void warn_if_multiple_users_share_the_same_scm_account() { | |||
UserDto user1 = db.users().insertUser(u -> u.setLogin("charlie").setScmAccounts(asList("charlie", "jesuis@charlie.com"))); | |||
UserDto user2 = db.users().insertUser(u -> u.setLogin("another.charlie").setScmAccounts(asList("charlie"))); | |||
OrganizationDto organization = db.organizations().insert(o -> o.setUuid(ORGANIZATION_UUID)); | |||
analysisMetadataHolder.setOrganization(Organization.from(organization)); | |||
db.organizations().addMember(organization, user1, user2); | |||
db.users().insertUser(u -> u.setLogin("charlie").setScmAccounts(asList("charlie", "jesuis@charlie.com"))); | |||
db.users().insertUser(u -> u.setLogin("another.charlie").setScmAccounts(asList("charlie"))); | |||
userIndexer.indexOnStartup(null); | |||
UserIndex index = new UserIndex(es.client(), System2.INSTANCE); | |||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index, analysisMetadataHolder); | |||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index); | |||
assertThat(underTest.load("charlie")).isNull(); | |||
assertThat(logTester.logs(LoggerLevel.WARN)).contains("Multiple users share the SCM account 'charlie': another.charlie, charlie"); | |||
@@ -88,7 +76,7 @@ public class ScmAccountToUserLoaderTest { | |||
@Test | |||
public void load_by_multiple_scm_accounts_is_not_supported_yet() { | |||
UserIndex index = new UserIndex(es.client(), System2.INSTANCE); | |||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index, analysisMetadataHolder); | |||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index); | |||
try { | |||
underTest.loadAll(emptyList()); | |||
fail(); |
@@ -37,11 +37,11 @@ public class OrganizationHelper { | |||
public List<OrganizationDto> selectOrganizationsWithLastAdmin(DbSession dbSession, String userUuid) { | |||
return dbClient.organizationDao().selectByPermission(dbSession, userUuid, ADMIN_PERMISSION).stream() | |||
.filter(org -> isLastAdmin(dbSession, org, userUuid)) | |||
.filter(org -> isLastAdmin(dbSession, userUuid)) | |||
.collect(Collectors.toList()); | |||
} | |||
private boolean isLastAdmin(DbSession dbSession, OrganizationDto org, String userUuid) { | |||
return dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, org.getUuid(), ADMIN_PERMISSION, userUuid) == 0; | |||
private boolean isLastAdmin(DbSession dbSession, String userUuid) { | |||
return dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, ADMIN_PERMISSION, userUuid) == 0; | |||
} | |||
} |
@@ -42,17 +42,17 @@ import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_ | |||
public class AuthorizationDao implements Dao { | |||
/** | |||
* Loads all the permissions granted to user for the specified organization | |||
*/ | |||
public Set<String> selectOrganizationPermissions(DbSession dbSession, String organizationUuid, String userUuid) { | |||
return mapper(dbSession).selectOrganizationPermissions(organizationUuid, userUuid); | |||
* Loads all the global permissions granted to user | |||
*/ | |||
public Set<String> selectGlobalPermissions(DbSession dbSession, String userUuid) { | |||
return mapper(dbSession).selectGlobalPermissions(userUuid); | |||
} | |||
/** | |||
* Loads all the permissions granted to anonymous user for the specified organization | |||
*/ | |||
public Set<String> selectOrganizationPermissionsOfAnonymous(DbSession dbSession, String organizationUuid) { | |||
return mapper(dbSession).selectOrganizationPermissionsOfAnonymous(organizationUuid); | |||
public Set<String> selectGlobalPermissionsOfAnonymous(DbSession dbSession) { | |||
return mapper(dbSession).selectGlobalPermissionsOfAnonymous(); | |||
} | |||
/** | |||
@@ -81,59 +81,44 @@ public class AuthorizationDao implements Dao { | |||
* The number of users who will still have the permission if the group {@code excludedGroupUuid} | |||
* is deleted. The anyone virtual group is not taken into account. | |||
*/ | |||
public int countUsersWithGlobalPermissionExcludingGroup(DbSession dbSession, String organizationUuid, | |||
String permission, String excludedGroupUuid) { | |||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingGroup(organizationUuid, permission, excludedGroupUuid); | |||
public int countUsersWithGlobalPermissionExcludingGroup(DbSession dbSession, String permission, String excludedGroupUuid) { | |||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingGroup(permission, excludedGroupUuid); | |||
} | |||
/** | |||
* The number of users who will still have the permission if the user {@code excludedUserId} | |||
* is deleted. The anyone virtual group is not taken into account. | |||
*/ | |||
public int countUsersWithGlobalPermissionExcludingUser(DbSession dbSession, String organizationUuid, | |||
String permission, String excludedUserUuid) { | |||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingUser(organizationUuid, permission, excludedUserUuid); | |||
public int countUsersWithGlobalPermissionExcludingUser(DbSession dbSession, String permission, String excludedUserUuid) { | |||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingUser(permission, excludedUserUuid); | |||
} | |||
/** | |||
* The list of users who have the global permission. | |||
* The anyone virtual group is not taken into account. | |||
*/ | |||
public List<String> selectUserUuidsWithGlobalPermission(DbSession dbSession, String organizationUuid, String permission) { | |||
return mapper(dbSession).selectUserUuidsWithGlobalPermission(organizationUuid, permission); | |||
public List<String> selectUserUuidsWithGlobalPermission(DbSession dbSession, String permission) { | |||
return mapper(dbSession).selectUserUuidsWithGlobalPermission(permission); | |||
} | |||
/** | |||
* The number of users who will still have the permission if the user {@code userId} | |||
* is removed from group {@code groupUuid}. The anyone virtual group is not taken into account. | |||
* Contrary to {@link #countUsersWithGlobalPermissionExcludingUser(DbSession, String, String, String)}, user | |||
* Contrary to {@link #countUsersWithGlobalPermissionExcludingUser(DbSession, String, String)}, user | |||
* still exists and may have the permission directly or through other groups. | |||
*/ | |||
public int countUsersWithGlobalPermissionExcludingGroupMember(DbSession dbSession, String organizationUuid, | |||
String permission, String groupUuid, String userUuid) { | |||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingGroupMember(organizationUuid, permission, groupUuid, userUuid); | |||
public int countUsersWithGlobalPermissionExcludingGroupMember(DbSession dbSession, String permission, String groupUuid, String userUuid) { | |||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingGroupMember(permission, groupUuid, userUuid); | |||
} | |||
/** | |||
* The number of users who will still have the permission if the permission {@code permission} | |||
* is removed from user {@code userId}. The anyone virtual group is not taken into account. | |||
* Contrary to {@link #countUsersWithGlobalPermissionExcludingUser(DbSession, String, String, String)}, user | |||
* Contrary to {@link #countUsersWithGlobalPermissionExcludingUser(DbSession, String, String)}, user | |||
* still exists and may have the permission through groups. | |||
*/ | |||
public int countUsersWithGlobalPermissionExcludingUserPermission(DbSession dbSession, String organizationUuid, | |||
String permission, String userUuid) { | |||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingUserPermission(organizationUuid, permission, userUuid); | |||
} | |||
/** | |||
* The UUIDs of all the organizations in which the specified user has the specified global permission. An empty | |||
* set is returned if user or permission do not exist. An empty set is also returned if the user is not involved | |||
* in any organization. | |||
* <br/> | |||
* Group membership is taken into account. Anonymous privileges are ignored. | |||
*/ | |||
public Set<String> selectOrganizationUuidsOfUserWithGlobalPermission(DbSession dbSession, String userUuid, String permission) { | |||
return mapper(dbSession).selectOrganizationUuidsOfUserWithGlobalPermission(userUuid, permission); | |||
public int countUsersWithGlobalPermissionExcludingUserPermission(DbSession dbSession, String permission, String userUuid) { | |||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingUserPermission(permission, userUuid); | |||
} | |||
public Set<String> keepAuthorizedProjectUuids(DbSession dbSession, Collection<String> projectUuids, @Nullable String userUuid, String permission) { |
@@ -30,25 +30,20 @@ import org.sonar.db.EmailSubscriberDto; | |||
*/ | |||
public interface AuthorizationMapper { | |||
Set<String> selectOrganizationPermissions(@Param("organizationUuid") String organizationUuid, @Param("userUuid") String userUuid); | |||
Set<String> selectGlobalPermissions(@Param("userUuid") String userUuid); | |||
Set<String> selectOrganizationPermissionsOfAnonymous(@Param("organizationUuid") String organizationUuid); | |||
Set<String> selectGlobalPermissionsOfAnonymous(); | |||
int countUsersWithGlobalPermissionExcludingGroup(@Param("organizationUuid") String organizationUuid, | |||
@Param("permission") String permission, @Param("excludedGroupUuid") String excludedGroupUuid); | |||
int countUsersWithGlobalPermissionExcludingGroup(@Param("permission") String permission, @Param("excludedGroupUuid") String excludedGroupUuid); | |||
int countUsersWithGlobalPermissionExcludingUser(@Param("organizationUuid") String organizationUuid, @Param("permission") String permission, | |||
int countUsersWithGlobalPermissionExcludingUser(@Param("permission") String permission, | |||
@Param("excludedUserUuid") String excludedUserUuid); | |||
List<String> selectUserUuidsWithGlobalPermission(@Param("organizationUuid") String organizationUuid, @Param("permission") String permission); | |||
List<String> selectUserUuidsWithGlobalPermission(@Param("permission") String permission); | |||
int countUsersWithGlobalPermissionExcludingGroupMember(@Param("organizationUuid") String organizationUuid, | |||
@Param("permission") String permission, @Param("groupUuid") String groupUuid, @Param("userUuid") String userUuid); | |||
int countUsersWithGlobalPermissionExcludingGroupMember(@Param("permission") String permission, @Param("groupUuid") String groupUuid, @Param("userUuid") String userUuid); | |||
int countUsersWithGlobalPermissionExcludingUserPermission(@Param("organizationUuid") String organizationUuid, | |||
@Param("permission") String permission, @Param("userUuid") String userUuid); | |||
Set<String> selectOrganizationUuidsOfUserWithGlobalPermission(@Param("userUuid") String userUuid, @Param("permission") String permission); | |||
int countUsersWithGlobalPermissionExcludingUserPermission(@Param("permission") String permission, @Param("userUuid") String userUuid); | |||
List<String> keepAuthorizedUsersForRoleAndProject(@Param("role") String role, @Param("componentUuid") String componentUuid, @Param("userUuids") List<String> userUuids); | |||
@@ -29,10 +29,7 @@ import org.apache.ibatis.session.RowBounds; | |||
import org.sonar.api.security.DefaultGroups; | |||
import org.sonar.db.Dao; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.component.ComponentMapper; | |||
import org.sonar.db.user.GroupMapper; | |||
import static com.google.common.base.Preconditions.checkArgument; | |||
import static org.sonar.db.DatabaseUtils.executeLargeInputs; | |||
import static org.sonar.db.DatabaseUtils.executeLargeInputsWithoutOutput; | |||
@@ -61,16 +58,16 @@ public class GroupPermissionDao implements Dao { | |||
* Select global or project permission of given groups and organization. Anyone virtual group is supported | |||
* through the value "zero" (0L) in {@code groupUuids}. | |||
*/ | |||
public List<GroupPermissionDto> selectByGroupUuids(DbSession dbSession, String organizationUuid, List<String> groupUuids, @Nullable String projectUuid) { | |||
return executeLargeInputs(groupUuids, groups -> mapper(dbSession).selectByGroupUuids(organizationUuid, groups, projectUuid)); | |||
public List<GroupPermissionDto> selectByGroupUuids(DbSession dbSession, List<String> groupUuids, @Nullable String projectUuid) { | |||
return executeLargeInputs(groupUuids, groups -> mapper(dbSession).selectByGroupUuids(groups, projectUuid)); | |||
} | |||
/** | |||
* Select global and project permissions of a given group (Anyone group is NOT supported) | |||
* Each row returns a {@link GroupPermissionDto} | |||
*/ | |||
public void selectAllPermissionsByGroupUuid(DbSession dbSession, String organizationUuid, String groupUuid, ResultHandler resultHandler) { | |||
mapper(dbSession).selectAllPermissionsByGroupUuid(organizationUuid, groupUuid, resultHandler); | |||
public void selectAllPermissionsByGroupUuid(DbSession dbSession, String groupUuid, ResultHandler resultHandler) { | |||
mapper(dbSession).selectAllPermissionsByGroupUuid(groupUuid, resultHandler); | |||
} | |||
/** | |||
@@ -92,16 +89,16 @@ public class GroupPermissionDao implements Dao { | |||
* Selects the global permissions granted to group. An empty list is returned if the | |||
* group does not exist. | |||
*/ | |||
public List<String> selectGlobalPermissionsOfGroup(DbSession session, String organizationUuid, @Nullable String groupUuid) { | |||
return mapper(session).selectGlobalPermissionsOfGroup(organizationUuid, groupUuid); | |||
public List<String> selectGlobalPermissionsOfGroup(DbSession session, @Nullable String groupUuid) { | |||
return mapper(session).selectGlobalPermissionsOfGroup(groupUuid); | |||
} | |||
/** | |||
* Selects the permissions granted to group and project. An empty list is returned if the | |||
* group or project do not exist. | |||
*/ | |||
public List<String> selectProjectPermissionsOfGroup(DbSession session, String organizationUuid, @Nullable String groupUuid, String projectUuid) { | |||
return mapper(session).selectProjectPermissionsOfGroup(organizationUuid, groupUuid, projectUuid); | |||
public List<String> selectProjectPermissionsOfGroup(DbSession session, @Nullable String groupUuid, String projectUuid) { | |||
return mapper(session).selectProjectPermissionsOfGroup(groupUuid, projectUuid); | |||
} | |||
/** | |||
@@ -114,33 +111,9 @@ public class GroupPermissionDao implements Dao { | |||
} | |||
public void insert(DbSession dbSession, GroupPermissionDto dto) { | |||
ensureComponentPermissionConsistency(dbSession, dto); | |||
ensureGroupPermissionConsistency(dbSession, dto); | |||
mapper(dbSession).insert(dto); | |||
} | |||
private static void ensureComponentPermissionConsistency(DbSession dbSession, GroupPermissionDto dto) { | |||
if (dto.getComponentUuid() == null) { | |||
return; | |||
} | |||
ComponentMapper componentMapper = dbSession.getMapper(ComponentMapper.class); | |||
checkArgument( | |||
componentMapper.countComponentByOrganizationAndUuid(dto.getOrganizationUuid(), dto.getComponentUuid()) == 1, | |||
"Can't insert permission '%s' for component with id '%s' in organization with uuid '%s' because this component does not belong to organization with uuid '%s'", | |||
dto.getRole(), dto.getComponentUuid(), dto.getOrganizationUuid(), dto.getOrganizationUuid()); | |||
} | |||
private static void ensureGroupPermissionConsistency(DbSession dbSession, GroupPermissionDto dto) { | |||
if (dto.getGroupUuid() == null) { | |||
return; | |||
} | |||
GroupMapper groupMapper = dbSession.getMapper(GroupMapper.class); | |||
checkArgument( | |||
groupMapper.countGroupByOrganizationAndUuid(dto.getOrganizationUuid(), dto.getGroupUuid()) == 1, | |||
"Can't insert permission '%s' for group with id '%s' in organization with uuid '%s' because this group does not belong to organization with uuid '%s'", | |||
dto.getRole(), dto.getGroupUuid(), dto.getOrganizationUuid(), dto.getOrganizationUuid()); | |||
} | |||
/** | |||
* Delete all the permissions associated to a root component (project) | |||
*/ | |||
@@ -173,16 +146,11 @@ public class GroupPermissionDao implements Dao { | |||
* </ul> | |||
* @param dbSession | |||
* @param permission the kind of permission | |||
* @param organizationUuid UUID of organization, even if parameter {@code groupUuid} is not null | |||
* @param groupUuid if null, then anyone, else uuid of group | |||
* @param rootComponentUuid if null, then global permission, otherwise the uuid of root component (project) | |||
*/ | |||
public void delete(DbSession dbSession, String permission, String organizationUuid, @Nullable String groupUuid, @Nullable String rootComponentUuid) { | |||
mapper(dbSession).delete(permission, organizationUuid, groupUuid, rootComponentUuid); | |||
} | |||
public void deleteByOrganization(DbSession dbSession, String organizationUuid) { | |||
mapper(dbSession).deleteByOrganization(organizationUuid); | |||
public void delete(DbSession dbSession, String permission, @Nullable String groupUuid, @Nullable String rootComponentUuid) { | |||
mapper(dbSession).delete(permission, groupUuid, rootComponentUuid); | |||
} | |||
private static GroupPermissionMapper mapper(DbSession session) { |
@@ -23,7 +23,6 @@ import javax.annotation.Nullable; | |||
public class GroupPermissionDto { | |||
private String uuid; | |||
private String organizationUuid; | |||
private String groupUuid; | |||
private String componentUuid; | |||
private String role; | |||
@@ -41,15 +40,6 @@ public class GroupPermissionDto { | |||
return groupUuid; | |||
} | |||
public String getOrganizationUuid() { | |||
return organizationUuid; | |||
} | |||
public GroupPermissionDto setOrganizationUuid(String s) { | |||
this.organizationUuid = s; | |||
return this; | |||
} | |||
/** | |||
* Null when Anyone | |||
*/ |
@@ -33,24 +33,19 @@ public interface GroupPermissionMapper { | |||
int countGroupsByQuery(@Param("query") PermissionQuery query); | |||
List<GroupPermissionDto> selectByGroupUuids(@Param("organizationUuid") String organizationUuid, | |||
@Param("groupUuids") List<String> groupUuids, @Nullable @Param("projectUuid") String projectUuid); | |||
List<GroupPermissionDto> selectByGroupUuids(@Param("groupUuids") List<String> groupUuids, @Nullable @Param("projectUuid") String projectUuid); | |||
void groupsCountByProjectUuidAndPermission(Map<String, Object> parameters, ResultHandler resultHandler); | |||
void insert(GroupPermissionDto dto); | |||
void delete(@Param("permission") String permission, @Param("organizationUuid") String organizationUuid, | |||
@Nullable @Param("groupUuid") String groupUuid, @Nullable @Param("rootComponentUuid") String rootComponentUuid); | |||
void delete(@Param("permission") String permission, @Nullable @Param("groupUuid") String groupUuid, @Nullable @Param("rootComponentUuid") String rootComponentUuid); | |||
List<String> selectGlobalPermissionsOfGroup(@Param("organizationUuid") String organizationUuid, | |||
@Nullable @Param("groupUuid") String groupUuid); | |||
List<String> selectGlobalPermissionsOfGroup(@Nullable @Param("groupUuid") String groupUuid); | |||
List<String> selectProjectPermissionsOfGroup(@Param("organizationUuid") String organizationUuid, | |||
@Nullable @Param("groupUuid") String groupUuid, @Param("projectUuid") String projectUuid); | |||
List<String> selectProjectPermissionsOfGroup(@Nullable @Param("groupUuid") String groupUuid, @Param("projectUuid") String projectUuid); | |||
void selectAllPermissionsByGroupUuid(@Param("organizationUuid") String organizationUuid, | |||
@Param("groupUuid") String groupUuid, ResultHandler resultHandler); | |||
void selectAllPermissionsByGroupUuid(@Param("groupUuid") String groupUuid, ResultHandler resultHandler); | |||
/** | |||
* Lists uuid of groups with at least one permission on the specified root component but which do not have the specified | |||
@@ -59,8 +54,6 @@ public interface GroupPermissionMapper { | |||
*/ | |||
Set<String> selectGroupUuidsWithPermissionOnProjectBut(@Param("projectUuid") String projectUuid, @Param("role") String permission); | |||
void deleteByOrganization(@Param("organizationUuid") String organizationUuid); | |||
void deleteByRootComponentUuid(@Param("rootComponentUuid") String rootComponentUuid); | |||
int deleteByRootComponentUuidAndGroupUuid(@Param("rootComponentUuid") String rootComponentUuid, @Nullable @Param("groupUuid") String groupUuid); |
@@ -28,7 +28,6 @@ import org.sonar.db.component.ComponentDto; | |||
import static com.google.common.base.MoreObjects.firstNonNull; | |||
import static com.google.common.base.Preconditions.checkArgument; | |||
import static java.util.Objects.requireNonNull; | |||
import static org.apache.commons.lang.StringUtils.defaultIfBlank; | |||
import static org.sonar.api.utils.Paging.offset; | |||
import static org.sonar.db.DaoUtils.buildLikeValue; | |||
@@ -43,8 +42,6 @@ public class PermissionQuery { | |||
public static final int DEFAULT_PAGE_SIZE = 20; | |||
public static final int DEFAULT_PAGE_INDEX = 1; | |||
// filter: return only the users or groups that are members of the organization | |||
private final String organizationUuid; | |||
// filter: return only the users or groups who have this permission | |||
private final String permission; | |||
// filter on project, else filter org permissions | |||
@@ -63,7 +60,6 @@ public class PermissionQuery { | |||
private final int pageOffset; | |||
private PermissionQuery(Builder builder) { | |||
this.organizationUuid = builder.organizationUuid; | |||
this.permission = builder.permission; | |||
this.withAtLeastOnePermission = builder.withAtLeastOnePermission; | |||
this.componentUuid = builder.componentUuid; | |||
@@ -74,10 +70,6 @@ public class PermissionQuery { | |||
this.pageOffset = offset(builder.pageIndex, builder.pageSize); | |||
} | |||
public String getOrganizationUuid() { | |||
return organizationUuid; | |||
} | |||
@CheckForNull | |||
public String getPermission() { | |||
return permission; | |||
@@ -121,7 +113,6 @@ public class PermissionQuery { | |||
public static class Builder { | |||
private String permission; | |||
private String organizationUuid; | |||
private String componentUuid; | |||
private String searchQuery; | |||
private boolean withAtLeastOnePermission; | |||
@@ -148,11 +139,6 @@ public class PermissionQuery { | |||
return this; | |||
} | |||
public Builder setOrganizationUuid(String organizationUuid) { | |||
this.organizationUuid = organizationUuid; | |||
return this; | |||
} | |||
public Builder setSearchQuery(@Nullable String s) { | |||
this.searchQuery = defaultIfBlank(s, null); | |||
return this; | |||
@@ -174,7 +160,6 @@ public class PermissionQuery { | |||
} | |||
public PermissionQuery build() { | |||
requireNonNull(organizationUuid, "Organization UUID cannot be null"); | |||
this.pageIndex = firstNonNull(pageIndex, DEFAULT_PAGE_INDEX); | |||
this.pageSize = firstNonNull(pageSize, DEFAULT_PAGE_SIZE); | |||
checkArgument(searchQuery == null || searchQuery.length() >= SEARCH_QUERY_MIN_LENGTH, "Search query should contains at least %s characters", SEARCH_QUERY_MIN_LENGTH); |
@@ -26,7 +26,6 @@ import org.sonar.core.util.stream.MoreCollectors; | |||
import org.sonar.db.Dao; | |||
import org.sonar.db.DatabaseUtils; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.component.ComponentMapper; | |||
import static com.google.common.base.Preconditions.checkArgument; | |||
import static java.util.Collections.emptyList; | |||
@@ -85,8 +84,8 @@ public class UserPermissionDao implements Dao { | |||
* | |||
* @return the global permissions. An empty list is returned if user or organization do not exist. | |||
*/ | |||
public List<String> selectGlobalPermissionsOfUser(DbSession dbSession, String userUuid, String organizationUuid) { | |||
return mapper(dbSession).selectGlobalPermissionsOfUser(userUuid, organizationUuid); | |||
public List<String> selectGlobalPermissionsOfUser(DbSession dbSession, String userUuid) { | |||
return mapper(dbSession).selectGlobalPermissionsOfUser(userUuid); | |||
} | |||
/** | |||
@@ -102,27 +101,15 @@ public class UserPermissionDao implements Dao { | |||
return mapper(session).selectUserUuidsWithPermissionOnProjectBut(projectUuid, permission); | |||
} | |||
public void insert(DbSession dbSession, UserPermissionDto dto) { | |||
ensureComponentPermissionConsistency(dbSession, dto); | |||
mapper(dbSession).insert(dto); | |||
} | |||
private static void ensureComponentPermissionConsistency(DbSession dbSession, UserPermissionDto dto) { | |||
if (dto.getComponentUuid() == null) { | |||
return; | |||
} | |||
ComponentMapper componentMapper = dbSession.getMapper(ComponentMapper.class); | |||
checkArgument( | |||
componentMapper.countComponentByOrganizationAndUuid(dto.getOrganizationUuid(), dto.getComponentUuid()) == 1, | |||
"Can't insert permission '%s' for component with id '%s' in organization with uuid '%s' because this component does not belong to organization with uuid '%s'", | |||
dto.getPermission(), dto.getComponentUuid(), dto.getOrganizationUuid(), dto.getOrganizationUuid()); | |||
public void insert(DbSession dbSession, UserPermissionDto dto, String defaultOrgUuid) { | |||
mapper(dbSession).insert(dto, defaultOrgUuid); | |||
} | |||
/** | |||
* Removes a single global permission from user | |||
*/ | |||
public void deleteGlobalPermission(DbSession dbSession, String userUuid, String permission, String organizationUuid) { | |||
mapper(dbSession).deleteGlobalPermission(userUuid, permission, organizationUuid); | |||
public void deleteGlobalPermission(DbSession dbSession, String userUuid, String permission) { | |||
mapper(dbSession).deleteGlobalPermission(userUuid, permission); | |||
} | |||
/** | |||
@@ -146,14 +133,6 @@ public class UserPermissionDao implements Dao { | |||
return mapper(dbSession).deleteProjectPermissionOfAnyUser(projectUuid, permission); | |||
} | |||
public void deleteByOrganization(DbSession dbSession, String organizationUuid) { | |||
mapper(dbSession).deleteByOrganization(organizationUuid); | |||
} | |||
public void deleteOrganizationMemberPermissions(DbSession dbSession, String organizationUuid, String userUuid) { | |||
mapper(dbSession).deleteOrganizationMemberPermissions(organizationUuid, userUuid); | |||
} | |||
public void deleteByUserUuid(DbSession dbSession, String userUuid) { | |||
mapper(dbSession).deleteByUserUuid(userUuid); | |||
} |
@@ -24,7 +24,6 @@ import javax.annotation.Nullable; | |||
public class UserPermissionDto { | |||
private String uuid; | |||
private String organizationUuid; | |||
private String permission; | |||
private String userUuid; | |||
private String componentUuid; | |||
@@ -33,9 +32,8 @@ public class UserPermissionDto { | |||
// used by MyBatis | |||
} | |||
public UserPermissionDto(String uuid, String organizationUuid, String permission, String userUuid, @Nullable String componentUuid) { | |||
public UserPermissionDto(String uuid, String permission, String userUuid, @Nullable String componentUuid) { | |||
this.uuid = uuid; | |||
this.organizationUuid = organizationUuid; | |||
this.permission = permission; | |||
this.userUuid = userUuid; | |||
this.componentUuid = componentUuid; | |||
@@ -53,10 +51,6 @@ public class UserPermissionDto { | |||
return userUuid; | |||
} | |||
public String getOrganizationUuid() { | |||
return organizationUuid; | |||
} | |||
/** | |||
* @return {@code null} if it's a global permission, otherwise return the project uiid. | |||
*/ | |||
@@ -70,7 +64,6 @@ public class UserPermissionDto { | |||
StringBuilder sb = new StringBuilder("UserPermissionDto{"); | |||
sb.append("permission='").append(permission).append('\''); | |||
sb.append(", userUuid=").append(userUuid); | |||
sb.append(", organizationUuid=").append(organizationUuid); | |||
sb.append(", componentUuid=").append(componentUuid); | |||
sb.append('}'); | |||
return sb.toString(); |
@@ -52,10 +52,9 @@ public interface UserPermissionMapper { | |||
*/ | |||
Set<String> selectUserUuidsWithPermissionOnProjectBut(@Param("projectUuid") String projectUuid, @Param("permission") String permission); | |||
void insert(UserPermissionDto dto); | |||
void insert(@Param("dto")UserPermissionDto dto, @Param("defaultOrgUuid") String defaultOrgUuid); | |||
void deleteGlobalPermission(@Param("userUuid") String userUuid, @Param("permission") String permission, | |||
@Param("organizationUuid") String organizationUuid); | |||
void deleteGlobalPermission(@Param("userUuid") String userUuid, @Param("permission") String permission); | |||
void deleteProjectPermission(@Param("userUuid") String userUuid, @Param("permission") String permission, | |||
@Param("projectUuid") String projectUuid); | |||
@@ -64,13 +63,9 @@ public interface UserPermissionMapper { | |||
int deleteProjectPermissionOfAnyUser(@Param("projectUuid") String projectUuid, @Param("permission") String permission); | |||
List<String> selectGlobalPermissionsOfUser(@Param("userUuid") String userUuid, @Param("organizationUuid") String organizationUuid); | |||
List<String> selectGlobalPermissionsOfUser(@Param("userUuid") String userUuid); | |||
List<String> selectProjectPermissionsOfUser(@Param("userUuid") String userUuid, @Param("projectUuid") String projectUuid); | |||
void deleteByOrganization(@Param("organizationUuid") String organizationUuid); | |||
void deleteOrganizationMemberPermissions(@Param("organizationUuid") String organizationUuid, @Param("userUuid") String userUuid); | |||
void deleteByUserUuid(@Param("userUuid") String userUuid); | |||
} |
@@ -76,8 +76,8 @@ public class PermissionTemplateDao implements Dao { | |||
return mapper(session).selectGroupNamesByQueryAndTemplate(templateUuid, query, new RowBounds(query.getPageOffset(), query.getPageSize())); | |||
} | |||
public int countGroupNamesByQueryAndTemplate(DbSession session, PermissionQuery query, String organizationUuid, String templateUuid) { | |||
return mapper(session).countGroupNamesByQueryAndTemplate(organizationUuid, query, templateUuid); | |||
public int countGroupNamesByQueryAndTemplate(DbSession session, PermissionQuery query, String templateUuid) { | |||
return mapper(session).countGroupNamesByQueryAndTemplate(query, templateUuid); | |||
} | |||
public List<PermissionTemplateGroupDto> selectGroupPermissionsByTemplateIdAndGroupNames(DbSession dbSession, String templateUuid, List<String> groups) { | |||
@@ -100,9 +100,9 @@ public class PermissionTemplateDao implements Dao { | |||
return mapper(session).selectByUuid(templateUuid); | |||
} | |||
public List<PermissionTemplateDto> selectAll(DbSession session, String organizationUuid, @Nullable String nameMatch) { | |||
public List<PermissionTemplateDto> selectAll(DbSession session, @Nullable String nameMatch) { | |||
String upperCaseNameLikeSql = nameMatch != null ? toUppercaseSqlQuery(nameMatch) : null; | |||
return mapper(session).selectAll(organizationUuid, upperCaseNameLikeSql); | |||
return mapper(session).selectAll(upperCaseNameLikeSql); | |||
} | |||
private static String toUppercaseSqlQuery(String nameMatch) { | |||
@@ -186,10 +186,6 @@ public class PermissionTemplateDao implements Dao { | |||
session.commit(); | |||
} | |||
public void deleteUserPermissionsByOrganization(DbSession dbSession, String organizationUuid, String userUuid) { | |||
mapper(dbSession).deleteUserPermissionsByOrganization(organizationUuid, userUuid); | |||
} | |||
public void deleteUserPermissionsByUserUuid(DbSession dbSession, String userUuid) { | |||
mapper(dbSession).deleteUserPermissionsByUserUuid(userUuid); | |||
} | |||
@@ -218,8 +214,8 @@ public class PermissionTemplateDao implements Dao { | |||
session.commit(); | |||
} | |||
public PermissionTemplateDto selectByName(DbSession dbSession, String organizationUuid, String name) { | |||
return mapper(dbSession).selectByName(organizationUuid, name.toUpperCase(Locale.ENGLISH)); | |||
public PermissionTemplateDto selectByName(DbSession dbSession, String name) { | |||
return mapper(dbSession).selectByName(name.toUpperCase(Locale.ENGLISH)); | |||
} | |||
public List<String> selectPotentialPermissionsByUserUuidAndTemplateUuid(DbSession dbSession, @Nullable String currentUserUuid, String templateUuid) { | |||
@@ -240,16 +236,4 @@ public class PermissionTemplateDao implements Dao { | |||
private static PermissionTemplateMapper mapper(DbSession session) { | |||
return session.getMapper(PermissionTemplateMapper.class); | |||
} | |||
public void deleteByOrganization(DbSession dbSession, String organizationUuid) { | |||
PermissionTemplateMapper templateMapper = mapper(dbSession); | |||
PermissionTemplateCharacteristicMapper templateCharacteristicMapper = dbSession.getMapper(PermissionTemplateCharacteristicMapper.class); | |||
List<String> templateUuids = templateMapper.selectTemplateUuidsByOrganization(organizationUuid); | |||
executeLargeInputsWithoutOutput(templateUuids, subList -> { | |||
templateCharacteristicMapper.deleteByTemplateUuids(subList); | |||
templateMapper.deleteGroupPermissionsByTemplateUuids(subList); | |||
templateMapper.deleteUserPermissionsByTemplateUuids(subList); | |||
templateMapper.deleteByUuids(subList); | |||
}); | |||
} | |||
} |
@@ -24,24 +24,14 @@ import javax.annotation.CheckForNull; | |||
import javax.annotation.Nullable; | |||
public class PermissionTemplateDto { | |||
private String name; | |||
private String organizationUuid; | |||
private String name; | |||
private String uuid; | |||
private String description; | |||
private String keyPattern; | |||
private Date createdAt; | |||
private Date updatedAt; | |||
public String getOrganizationUuid() { | |||
return organizationUuid; | |||
} | |||
public PermissionTemplateDto setOrganizationUuid(String s) { | |||
this.organizationUuid = s; | |||
return this; | |||
} | |||
public String getName() { | |||
return name; | |||
} | |||
@@ -51,6 +41,11 @@ public class PermissionTemplateDto { | |||
return this; | |||
} | |||
public PermissionTemplateDto setOrganizationUuid(String uuid) { | |||
this.organizationUuid = uuid; | |||
return this; | |||
} | |||
/** | |||
* @since 5.2 the kee column is a proper uuid. Before that it was build on the name + timestamp | |||
*/ |
@@ -44,8 +44,6 @@ public interface PermissionTemplateMapper { | |||
void deleteUserPermissionsByTemplateUuids(@Param("templateUuids") List<String> templateUuids); | |||
void deleteUserPermissionsByOrganization(@Param("organizationUuid") String organizationUuid, @Param("userUuid") String userUuid); | |||
void deleteUserPermissionsByUserUuid(@Param("userUuid") String userUuid); | |||
void deleteUserPermission(PermissionTemplateUserDto permissionTemplateUser); | |||
@@ -68,7 +66,7 @@ public interface PermissionTemplateMapper { | |||
void deleteByGroupUuid(String groupUuid); | |||
PermissionTemplateDto selectByName(@Param("organizationUuid") String organizationUuid, @Param("name") String name); | |||
PermissionTemplateDto selectByName(@Param("name") String name); | |||
List<String> selectUserLoginsByQueryAndTemplate(@Param("query") PermissionQuery query, @Param("templateUuid") String templateUuid, RowBounds rowBounds); | |||
@@ -76,9 +74,9 @@ public interface PermissionTemplateMapper { | |||
List<String> selectGroupNamesByQueryAndTemplate(@Param("templateUuid") String templateUuid, @Param("query") PermissionQuery query, RowBounds rowBounds); | |||
int countGroupNamesByQueryAndTemplate(@Param("organizationUuid") String organizationUuid, @Param("query") PermissionQuery query, @Param("templateUuid") String templateUuid); | |||
int countGroupNamesByQueryAndTemplate(@Param("query") PermissionQuery query, @Param("templateUuid") String templateUuid); | |||
List<PermissionTemplateDto> selectAll(@Param("organizationUuid") String organizationUuid, @Nullable @Param("upperCaseNameLikeSql") String upperCaseNameLikeSql); | |||
List<PermissionTemplateDto> selectAll(@Nullable @Param("upperCaseNameLikeSql") String upperCaseNameLikeSql); | |||
void usersCountByTemplateUuidAndPermission(Map<String, Object> parameters, ResultHandler<CountByTemplateAndPermissionDto> resultHandler); | |||
@@ -88,7 +86,7 @@ public interface PermissionTemplateMapper { | |||
int countGroupsWithPermission(@Param("templateUuid") String templateUuid, @Param("permission") String permission, @Nullable @Param("groupUuid") String groupUuid); | |||
List<String> selectTemplateUuidsByOrganization(@Param("organizationUuid") String organizationUuid); | |||
List<String> selectTemplateUuids(); | |||
List<PermissionTemplateGroupDto> selectAllGroupPermissionTemplatesByGroupUuid(@Param("groupUuid") String groupUuid); | |||
@@ -46,16 +46,15 @@ public class GroupDao implements Dao { | |||
/** | |||
* @param dbSession | |||
* @param organizationUuid non-null UUID of organization (no support of "default" organization) | |||
* @param name non-null group name | |||
* @return the group with the given organization key and name | |||
*/ | |||
public Optional<GroupDto> selectByName(DbSession dbSession, String organizationUuid, String name) { | |||
return Optional.ofNullable(mapper(dbSession).selectByName(organizationUuid, name)); | |||
public Optional<GroupDto> selectByName(DbSession dbSession, String name) { | |||
return Optional.ofNullable(mapper(dbSession).selectByName(name)); | |||
} | |||
public List<GroupDto> selectByNames(DbSession dbSession, String organizationUuid, Collection<String> names) { | |||
return executeLargeInputs(names, pageOfNames -> mapper(dbSession).selectByNames(organizationUuid, pageOfNames)); | |||
public List<GroupDto> selectByNames(DbSession dbSession, Collection<String> names) { | |||
return executeLargeInputs(names, pageOfNames -> mapper(dbSession).selectByNames(pageOfNames)); | |||
} | |||
@CheckForNull | |||
@@ -71,16 +70,12 @@ public class GroupDao implements Dao { | |||
mapper(dbSession).deleteByUuid(groupUuid); | |||
} | |||
public void deleteByOrganization(DbSession dbSession, String organizationUuid) { | |||
mapper(dbSession).deleteByOrganization(organizationUuid); | |||
public int countByQuery(DbSession session, @Nullable String query) { | |||
return mapper(session).countByQuery(groupSearchToSql(query)); | |||
} | |||
public int countByQuery(DbSession session, String organizationUuid, @Nullable String query) { | |||
return mapper(session).countByQuery(organizationUuid, groupSearchToSql(query)); | |||
} | |||
public List<GroupDto> selectByQuery(DbSession session, String organizationUuid, @Nullable String query, int offset, int limit) { | |||
return mapper(session).selectByQuery(organizationUuid, groupSearchToSql(query), new RowBounds(offset, limit)); | |||
public List<GroupDto> selectByQuery(DbSession session, @Nullable String query, int offset, int limit) { | |||
return mapper(session).selectByQuery(groupSearchToSql(query), new RowBounds(offset, limit)); | |||
} | |||
public GroupDto insert(DbSession session, GroupDto item) { | |||
@@ -111,10 +106,6 @@ public class GroupDao implements Dao { | |||
return DaoUtils.buildLikeValue(upperCasedNameQuery, WildcardPosition.BEFORE_AND_AFTER); | |||
} | |||
public List<GroupDto> selectByOrganizationUuid(DbSession dbSession, String organizationUuid) { | |||
return mapper(dbSession).selectByOrganizationUuid(organizationUuid); | |||
} | |||
private static GroupMapper mapper(DbSession session) { | |||
return session.getMapper(GroupMapper.class); | |||
} |
@@ -28,7 +28,6 @@ public class GroupDto { | |||
private String uuid; | |||
private String name; | |||
private String description; | |||
private String organizationUuid; | |||
private Date createdAt; | |||
private Date updatedAt; | |||
@@ -60,15 +59,6 @@ public class GroupDto { | |||
return this; | |||
} | |||
public String getOrganizationUuid() { | |||
return organizationUuid; | |||
} | |||
public GroupDto setOrganizationUuid(String s) { | |||
this.organizationUuid = s; | |||
return this; | |||
} | |||
public GroupDto setCreatedAt(Date d) { | |||
this.createdAt = d; | |||
return this; | |||
@@ -93,7 +83,6 @@ public class GroupDto { | |||
sb.append("id=").append(uuid); | |||
sb.append(", name='").append(name).append('\''); | |||
sb.append(", description='").append(description).append('\''); | |||
sb.append(", organizationUuid='").append(organizationUuid).append('\''); | |||
sb.append(", createdAt=").append(createdAt); | |||
sb.append(", updatedAt=").append(updatedAt); | |||
sb.append('}'); |
@@ -32,31 +32,20 @@ public interface GroupMapper { | |||
List<GroupDto> selectByUserLogin(String userLogin); | |||
List<GroupDto> selectByNames(@Param("organizationUuid") String organizationUuid, @Param("names") List<String> names); | |||
List<GroupDto> selectByNames(@Param("names") List<String> names); | |||
void insert(GroupDto groupDto); | |||
void update(GroupDto item); | |||
List<GroupDto> selectByQuery(@Param("organizationUuid") String organizationUuid, @Nullable @Param("query") String query, RowBounds rowBounds); | |||
List<GroupDto> selectByQuery(@Nullable @Param("query") String query, RowBounds rowBounds); | |||
int countByQuery(@Param("organizationUuid") String organizationUuid, @Nullable @Param("query") String query); | |||
/** | |||
* Counts the number of groups with the specified id belonging to the specified organization. | |||
* | |||
* @return 1 or 0. Either because the organization uuid is not the one of the group or because the group does not exist | |||
*/ | |||
int countGroupByOrganizationAndUuid(@Param("organizationUuid") String organizationUuid, @Param("groupUuid") String groupUuid); | |||
int countByQuery(@Nullable @Param("query") String query); | |||
void deleteByUuid(String groupUuid); | |||
void deleteByOrganization(@Param("organizationUuid") String organizationUuid); | |||
@CheckForNull | |||
GroupDto selectByName(@Param("organizationUuid") String organizationUuid, @Param("name") String name); | |||
List<GroupDto> selectByOrganizationUuid(@Param("organizationUuid") String organizationUuid); | |||
GroupDto selectByName(@Param("name") String name); | |||
List<GroupDto> selectByUuids(@Param("uuids") List<String> uuids); | |||
} |
@@ -22,7 +22,6 @@ package org.sonar.db.user; | |||
import com.google.common.collect.ArrayListMultimap; | |||
import com.google.common.collect.ImmutableMap; | |||
import com.google.common.collect.Multimap; | |||
import com.google.common.collect.Multiset; | |||
import java.util.Collection; | |||
import java.util.HashMap; | |||
import java.util.List; | |||
@@ -36,22 +35,22 @@ import static org.sonar.db.DatabaseUtils.executeLargeInputs; | |||
public class GroupMembershipDao implements Dao { | |||
public List<GroupMembershipDto> selectGroups(DbSession session, GroupMembershipQuery query, String userUuid, int offset, int limit) { | |||
Map<String, Object> params = ImmutableMap.of("query", query, "userUuid", userUuid, "organizationUuid", query.organizationUuid()); | |||
Map<String, Object> params = ImmutableMap.of("query", query, "userUuid", userUuid); | |||
return mapper(session).selectGroups(params, new RowBounds(offset, limit)); | |||
} | |||
public int countGroups(DbSession session, GroupMembershipQuery query, String userUuid) { | |||
Map<String, Object> params = ImmutableMap.of("query", query, "userUuid", userUuid, "organizationUuid", query.organizationUuid()); | |||
Map<String, Object> params = ImmutableMap.of("query", query, "userUuid", userUuid); | |||
return mapper(session).countGroups(params); | |||
} | |||
public List<UserMembershipDto> selectMembers(DbSession session, UserMembershipQuery query, int offset, int limit) { | |||
Map<String, Object> params = ImmutableMap.of("query", query, "groupUuid", query.groupUuid(), "organizationUuid", query.organizationUuid()); | |||
Map<String, Object> params = ImmutableMap.of("query", query, "groupUuid", query.groupUuid()); | |||
return mapper(session).selectMembers(params, new RowBounds(offset, limit)); | |||
} | |||
public int countMembers(DbSession session, UserMembershipQuery query) { | |||
Map<String, Object> params = ImmutableMap.of("query", query, "groupUuid", query.groupUuid(), "organizationUuid", query.organizationUuid()); | |||
Map<String, Object> params = ImmutableMap.of("query", query, "groupUuid", query.groupUuid()); | |||
return mapper(session).countMembers(params); | |||
} | |||
@@ -70,23 +69,17 @@ public class GroupMembershipDao implements Dao { | |||
return result; | |||
} | |||
public List<String> selectGroupUuidsByUserUuid(DbSession dbSession, String userUuid) { | |||
return mapper(dbSession).selectGroupUuidsByUserUuid(userUuid); | |||
public Map<String, Integer> countGroupsByUsers(DbSession dbSession, List<String> logins) { | |||
List<LoginGroupCount> loginGroupCount = mapper(dbSession).countGroupsByUsers(logins); | |||
Map<String, Integer> map = new HashMap<>(); | |||
for (LoginGroupCount l : loginGroupCount) { | |||
map.put(l.login(), l.groupCount()); | |||
} | |||
return map; | |||
} | |||
public Multiset<String> countGroupByLoginsAndOrganization(DbSession dbSession, Collection<String> logins, String organizationUuid) { | |||
Multimap<String, String> result = ArrayListMultimap.create(); | |||
executeLargeInputs( | |||
logins, | |||
input -> { | |||
List<LoginGroup> groupMemberships = mapper(dbSession).selectGroupsByLoginsAndOrganization(input, organizationUuid); | |||
for (LoginGroup membership : groupMemberships) { | |||
result.put(membership.login(), membership.groupName()); | |||
} | |||
return groupMemberships; | |||
}); | |||
return result.keys(); | |||
public List<String> selectGroupUuidsByUserUuid(DbSession dbSession, String userUuid) { | |||
return mapper(dbSession).selectGroupUuidsByUserUuid(userUuid); | |||
} | |||
public Multimap<String, String> selectGroupsByLogins(DbSession session, Collection<String> logins) { |
@@ -36,9 +36,9 @@ public interface GroupMembershipMapper { | |||
List<GroupUserCount> countUsersByGroup(@Param("groupUuids") List<String> groupUuids); | |||
List<LoginGroup> selectGroupsByLogins(@Param("logins") List<String> logins); | |||
List<LoginGroupCount> countGroupsByUsers(@Param("logins") List<String> logins); | |||
List<LoginGroup> selectGroupsByLoginsAndOrganization(@Param("logins") List<String> logins, @Param("organizationUuid") String organizationUuid); | |||
List<LoginGroup> selectGroupsByLogins(@Param("logins") List<String> logins); | |||
List<String> selectGroupUuidsByUserUuid(@Param("userUuid") String userUuid); | |||
} |
@@ -27,7 +27,6 @@ import org.apache.commons.lang.StringUtils; | |||
import static com.google.common.base.MoreObjects.firstNonNull; | |||
import static com.google.common.base.Preconditions.checkArgument; | |||
import static com.google.common.base.Preconditions.checkNotNull; | |||
public class GroupMembershipQuery { | |||
@@ -39,7 +38,6 @@ public class GroupMembershipQuery { | |||
public static final String OUT = "OUT"; | |||
public static final Set<String> AVAILABLE_MEMBERSHIP = ImmutableSet.of(ANY, IN, OUT); | |||
private final String organizationUuid; | |||
private final String membership; | |||
private final String groupSearch; | |||
@@ -53,10 +51,9 @@ public class GroupMembershipQuery { | |||
// index of selected page. Start with 1. | |||
private final int pageIndex; | |||
private GroupMembershipQuery(Builder builder, String organizationUuid) { | |||
private GroupMembershipQuery(Builder builder) { | |||
this.membership = builder.membership; | |||
this.groupSearch = builder.groupSearch; | |||
this.organizationUuid = organizationUuid; | |||
this.groupSearchSql = groupSearchToSql(groupSearch); | |||
this.pageSize = builder.pageSize; | |||
@@ -73,10 +70,6 @@ public class GroupMembershipQuery { | |||
return sql; | |||
} | |||
public String organizationUuid() { | |||
return organizationUuid; | |||
} | |||
@CheckForNull | |||
public String membership() { | |||
return membership; | |||
@@ -103,7 +96,6 @@ public class GroupMembershipQuery { | |||
} | |||
public static class Builder { | |||
private String organizationUuid; | |||
private String membership; | |||
private String groupSearch; | |||
@@ -114,11 +106,6 @@ public class GroupMembershipQuery { | |||
private Builder() { | |||
} | |||
public Builder organizationUuid(String organizationUuid) { | |||
this.organizationUuid = organizationUuid; | |||
return this; | |||
} | |||
public Builder membership(@Nullable String membership) { | |||
this.membership = membership; | |||
return this; | |||
@@ -155,11 +142,10 @@ public class GroupMembershipQuery { | |||
} | |||
public GroupMembershipQuery build() { | |||
checkNotNull(organizationUuid, "Organization uuid cant be null"); | |||
initMembership(); | |||
initPageIndex(); | |||
initPageSize(); | |||
return new GroupMembershipQuery(this, organizationUuid); | |||
return new GroupMembershipQuery(this); | |||
} | |||
} | |||
} |
@@ -17,19 +17,17 @@ | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.organization.ws; | |||
package org.sonar.db.user; | |||
import javax.annotation.Nullable; | |||
import org.sonar.server.ws.TestRequest; | |||
public class LoginGroupCount { | |||
private String login; | |||
private int groupCount; | |||
public class OrganizationsWsTestSupport { | |||
static final String STRING_65_CHARS_LONG = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890-ab"; | |||
static final String STRING_257_CHARS_LONG = String.format("%1$257.257s", "a").replace(" ", "a"); | |||
public String login() { | |||
return login; | |||
} | |||
static void setParam(TestRequest request, String param, @Nullable String value) { | |||
if (value != null) { | |||
request.setParam(param, value); | |||
} | |||
public int groupCount() { | |||
return groupCount; | |||
} | |||
} |
@@ -37,10 +37,6 @@ public class UserGroupDao implements Dao { | |||
mapper(session).deleteByGroupUuid(groupUuid); | |||
} | |||
public void deleteByOrganizationAndUser(DbSession dbSession, String organizationUuid, String userUuid) { | |||
mapper(dbSession).deleteByOrganizationAndUser(organizationUuid, userUuid); | |||
} | |||
public void deleteByUserUuid(DbSession dbSession, String userUuid) { | |||
mapper(dbSession).deleteByUserUuid(userUuid); | |||
} |
@@ -29,7 +29,5 @@ public interface UserGroupMapper { | |||
void deleteByGroupUuid(@Param("groupUuid") String groupUuid); | |||
void deleteByOrganizationAndUser(@Param("organizationUuid") String organizationUuid, @Param("userUuid") String userUuid); | |||
void deleteByUserUuid(@Param("userUuid") String userUuid); | |||
} |
@@ -43,7 +43,6 @@ public class UserMembershipQuery { | |||
public static final Set<String> AVAILABLE_MEMBERSHIPS = ImmutableSet.of(ANY, IN, OUT); | |||
private final String groupUuid; | |||
private final String organizationUuid; | |||
private final String membership; | |||
private final String memberSearch; | |||
@@ -60,7 +59,6 @@ public class UserMembershipQuery { | |||
private UserMembershipQuery(Builder builder) { | |||
this.groupUuid = builder.groupUuid; | |||
this.organizationUuid = builder.organizationUuid; | |||
this.membership = builder.membership; | |||
this.memberSearch = builder.memberSearch; | |||
this.memberSearchSql = memberSearch == null ? null : buildLikeValue(memberSearch, BEFORE_AND_AFTER); | |||
@@ -73,10 +71,6 @@ public class UserMembershipQuery { | |||
return groupUuid; | |||
} | |||
public String organizationUuid() { | |||
return organizationUuid; | |||
} | |||
@CheckForNull | |||
public String membership() { | |||
return membership; | |||
@@ -104,7 +98,6 @@ public class UserMembershipQuery { | |||
public static class Builder { | |||
private String groupUuid; | |||
private String organizationUuid; | |||
private String membership; | |||
private String memberSearch; | |||
@@ -119,11 +112,6 @@ public class UserMembershipQuery { | |||
return this; | |||
} | |||
public Builder organizationUuid(String organizationUuid) { | |||
this.organizationUuid = organizationUuid; | |||
return this; | |||
} | |||
public Builder membership(@Nullable String membership) { | |||
this.membership = membership; | |||
return this; | |||
@@ -161,7 +149,6 @@ public class UserMembershipQuery { | |||
public UserMembershipQuery build() { | |||
requireNonNull(groupUuid, "Group ID cant be null."); | |||
requireNonNull(organizationUuid, "Organization UUID cannot be null"); | |||
initMembership(); | |||
initPageIndex(); | |||
initPageSize(); |
@@ -3,12 +3,11 @@ | |||
<mapper namespace="org.sonar.db.permission.AuthorizationMapper"> | |||
<select id="selectOrganizationPermissions" parameterType="map" resultType="string"> | |||
<select id="selectGlobalPermissions" parameterType="map" resultType="string"> | |||
select gr.role | |||
from group_roles gr | |||
inner join groups_users gu on gr.group_uuid=gu.group_uuid | |||
where | |||
gr.organization_uuid=#{organizationUuid, jdbcType=VARCHAR} and | |||
gr.component_uuid is null and | |||
gu.user_uuid=#{userUuid, jdbcType=VARCHAR} | |||
@@ -17,7 +16,6 @@ | |||
select gr.role | |||
from group_roles gr | |||
where | |||
gr.organization_uuid=#{organizationUuid, jdbcType=VARCHAR} and | |||
gr.group_uuid is null and | |||
gr.component_uuid is null | |||
@@ -26,16 +24,14 @@ | |||
select ur.role | |||
from user_roles ur | |||
where | |||
ur.organization_uuid=#{organizationUuid, jdbcType=VARCHAR} and | |||
ur.user_uuid=#{userUuid, jdbcType=VARCHAR} | |||
and ur.component_uuid is null | |||
</select> | |||
<select id="selectOrganizationPermissionsOfAnonymous" parameterType="map" resultType="string"> | |||
<select id="selectGlobalPermissionsOfAnonymous" parameterType="map" resultType="string"> | |||
select gr.role | |||
from group_roles gr | |||
where | |||
gr.organization_uuid=#{organizationUuid, jdbcType=VARCHAR} and | |||
gr.component_uuid is null and | |||
gr.group_uuid is null | |||
</select> | |||
@@ -47,7 +43,6 @@ | |||
from groups_users gu | |||
inner join group_roles gr on gr.group_uuid = gu.group_uuid | |||
where | |||
gr.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||
gr.role = #{permission, jdbcType=VARCHAR} and | |||
gr.component_uuid is null and | |||
gr.group_uuid is not null and | |||
@@ -58,7 +53,6 @@ | |||
select ur.user_uuid | |||
from user_roles ur | |||
where | |||
ur.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||
ur.component_uuid is null and | |||
ur.role = #{permission, jdbcType=VARCHAR} | |||
) remaining | |||
@@ -71,7 +65,6 @@ | |||
from groups_users gu | |||
inner join group_roles gr on gr.group_uuid = gu.group_uuid | |||
where | |||
gr.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||
gr.role = #{permission, jdbcType=VARCHAR} and | |||
gr.component_uuid is null and | |||
gr.group_uuid is not null and | |||
@@ -82,7 +75,6 @@ | |||
select ur.user_uuid | |||
from user_roles ur | |||
where | |||
ur.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||
ur.component_uuid is null and | |||
ur.role = #{permission, jdbcType=VARCHAR} and | |||
ur.user_uuid != #{excludedUserUuid, jdbcType=VARCHAR} | |||
@@ -94,7 +86,6 @@ | |||
from groups_users gu | |||
inner join group_roles gr on gr.group_uuid = gu.group_uuid | |||
where | |||
gr.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||
gr.role = #{permission, jdbcType=VARCHAR} and | |||
gr.component_uuid is null and | |||
gr.group_uuid is not null | |||
@@ -104,7 +95,6 @@ | |||
select ur.user_uuid | |||
from user_roles ur | |||
where | |||
ur.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||
ur.component_uuid is null and | |||
ur.role = #{permission, jdbcType=VARCHAR} | |||
</select> | |||
@@ -116,7 +106,6 @@ | |||
from groups_users gu | |||
inner join group_roles gr on gr.group_uuid = gu.group_uuid | |||
where | |||
gr.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||
gr.role = #{permission, jdbcType=VARCHAR} and | |||
gr.component_uuid is null and | |||
gr.group_uuid is not null and | |||
@@ -127,7 +116,6 @@ | |||
select ur.user_uuid | |||
from user_roles ur | |||
where | |||
ur.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||
ur.component_uuid is null and | |||
ur.role = #{permission, jdbcType=VARCHAR} | |||
) remaining | |||
@@ -140,7 +128,6 @@ | |||
from groups_users gu | |||
inner join group_roles gr on gr.group_uuid = gu.group_uuid | |||
where | |||
gr.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||
gr.role = #{permission, jdbcType=VARCHAR} and | |||
gr.component_uuid is null and | |||
gr.group_uuid is not null | |||
@@ -150,33 +137,12 @@ | |||
select ur.user_uuid | |||
from user_roles ur | |||
where | |||
ur.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||
ur.component_uuid is null and | |||
ur.role = #{permission, jdbcType=VARCHAR} and | |||
ur.user_uuid != #{userUuid, jdbcType=VARCHAR} | |||
) remaining | |||
</select> | |||
<select id="selectOrganizationUuidsOfUserWithGlobalPermission" parameterType="map" resultType="String"> | |||
select gr.organization_uuid | |||
from group_roles gr | |||
inner join groups_users gu on gr.group_uuid = gu.group_uuid | |||
where | |||
gr.role = #{permission, jdbcType=VARCHAR} and | |||
gr.component_uuid is null and | |||
gr.group_uuid is not null and | |||
gu.user_uuid = #{userUuid, jdbcType=VARCHAR} | |||
union | |||
select ur.organization_uuid | |||
from user_roles ur | |||
where | |||
ur.component_uuid is null and | |||
ur.role = #{permission, jdbcType=VARCHAR} and | |||
ur.user_uuid = #{userUuid, jdbcType=VARCHAR} | |||
</select> | |||
<select id="keepAuthorizedProjectUuidsForUser" parameterType="map" resultType="String"> | |||
select | |||
gr.component_uuid | |||
@@ -308,7 +274,6 @@ | |||
inner join components p on p.uuid = ur.component_uuid | |||
where | |||
p.uuid = #{projectUuid, jdbcType=VARCHAR} and | |||
p.organization_uuid = ur.organization_uuid and | |||
ur.user_uuid = #{userUuid, jdbcType=VARCHAR} | |||
union | |||
@@ -319,7 +284,6 @@ | |||
inner join components p on p.uuid = gr.component_uuid | |||
where | |||
p.uuid = #{projectUuid, jdbcType=VARCHAR} and | |||
p.organization_uuid = gr.organization_uuid and | |||
gu.user_uuid = #{userUuid, jdbcType=VARCHAR} | |||
union | |||
@@ -340,7 +304,6 @@ | |||
p.uuid = gr.component_uuid | |||
where | |||
p.uuid = #{projectUuid, jdbcType=VARCHAR} | |||
and p.organization_uuid = gr.organization_uuid | |||
and gr.group_uuid is null | |||
</sql> | |||
@@ -385,7 +348,7 @@ | |||
exists ( | |||
select 1 | |||
from user_roles ur | |||
inner join components p on p.uuid = ur.component_uuid and p.organization_uuid = ur.organization_uuid | |||
inner join components p on p.uuid = ur.component_uuid | |||
where | |||
p.kee = #{projectKey, jdbcType=VARCHAR} | |||
and ur.role = #{permission, jdbcType=VARCHAR} | |||
@@ -393,7 +356,7 @@ | |||
) or exists ( | |||
select 1 | |||
from components p | |||
inner join group_roles gr on gr.component_uuid = p.uuid and gr.organization_uuid = p.organization_uuid | |||
inner join group_roles gr on gr.component_uuid = p.uuid | |||
inner join groups_users gu on gu.group_uuid = gr.group_uuid | |||
where | |||
p.kee = #{projectKey, jdbcType=VARCHAR} |
@@ -41,7 +41,7 @@ | |||
<select id="selectGroupNamesByQuery" parameterType="map" resultType="string"> | |||
select sub.name, lower(sub.name), sub.groupUuid | |||
<include refid="groupsByQuery" /> | |||
<include refid="groupsByQuery"/> | |||
group by sub.name, lower(sub.name), sub.groupUuid | |||
order by case when (count(sub.permission) > 0) then 1 else 2 end asc, lower(sub.name), sub.name, sub.groupUuid | |||
</select> | |||
@@ -50,7 +50,7 @@ | |||
select count(1) | |||
from ( | |||
select distinct sub.groupUuid | |||
<include refid="groupsByQuery" />) g | |||
<include refid="groupsByQuery"/>) g | |||
</select> | |||
<sql id="groupsByQuery"> | |||
@@ -64,8 +64,6 @@ | |||
<if test="query.componentUuid != null"> | |||
and gr.component_uuid = #{query.componentUuid,jdbcType=VARCHAR} | |||
</if> | |||
where | |||
g.organization_uuid = #{query.organizationUuid,jdbcType=VARCHAR} | |||
union all | |||
@@ -79,8 +77,7 @@ | |||
and gr.component_uuid = #{query.componentUuid,jdbcType=VARCHAR} | |||
</if> | |||
<if test="query.withAtLeastOnePermission()"> | |||
and gr.organization_uuid = #{query.organizationUuid,jdbcType=VARCHAR} and | |||
gr.group_uuid is null | |||
and gr.group_uuid is null | |||
</if> | |||
</where> | |||
@@ -107,22 +104,20 @@ | |||
</sql> | |||
<select id="selectByGroupUuids" parameterType="map" resultType="GroupPermission"> | |||
select sub.groupUuid as groupUuid, sub.componentUuid as componentUuid, sub.permission as role, sub.organizationUuid as organizationUuid | |||
select sub.groupUuid as groupUuid, sub.componentUuid as componentUuid, sub.permission as role | |||
from | |||
( | |||
select gr.group_uuid as groupUuid, gr.component_uuid as componentUuid, gr.role as permission, g.name as name, gr.organization_uuid as organizationUuid | |||
select gr.group_uuid as groupUuid, gr.component_uuid as componentUuid, gr.role as permission, g.name as name | |||
from group_roles gr | |||
inner join groups g ON g.uuid = gr.group_uuid | |||
where gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||
gr.group_uuid is not null | |||
where gr.group_uuid is not null | |||
union all | |||
select 'Anyone' as groupUuid, gr.component_uuid as componentUuid, gr.role as permission, 'Anyone' as name, gr.organization_uuid as organizationUuid | |||
select 'Anyone' as groupUuid, gr.component_uuid as componentUuid, gr.role as permission, 'Anyone' as name | |||
from group_roles gr | |||
where | |||
gr.group_uuid is null and | |||
gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||
gr.group_uuid is null | |||
) sub | |||
where | |||
sub.groupUuid in | |||
@@ -141,7 +136,6 @@ | |||
select gr.role | |||
from group_roles gr | |||
where | |||
gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||
gr.component_uuid is null and | |||
<choose> | |||
<when test="groupUuid != null"> | |||
@@ -157,7 +151,6 @@ | |||
select gr.role | |||
from group_roles gr | |||
where | |||
gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||
gr.component_uuid = #{projectUuid,jdbcType=VARCHAR} and | |||
<choose> | |||
<when test="groupUuid != null"> | |||
@@ -170,10 +163,9 @@ | |||
</select> | |||
<select id="selectAllPermissionsByGroupUuid" parameterType="map" resultType="GroupPermission"> | |||
select gr.group_uuid as groupUuid, gr.component_uuid as componentUuid, gr.role as role, gr.organization_uuid as organizationUuid | |||
select gr.group_uuid as groupUuid, gr.component_uuid as componentUuid, gr.role as role | |||
from group_roles gr | |||
where gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||
and gr.group_uuid = #{groupUuid,jdbcType=VARCHAR} | |||
where gr.group_uuid = #{groupUuid,jdbcType=VARCHAR} | |||
</select> | |||
<select id="selectGroupUuidsWithPermissionOnProjectBut" resultType="string"> | |||
@@ -198,14 +190,14 @@ | |||
<insert id="insert" parameterType="GroupPermission"> | |||
insert into group_roles ( | |||
uuid, | |||
organization_uuid, | |||
uuid, | |||
group_uuid, | |||
component_uuid, | |||
role | |||
) values ( | |||
'asd', | |||
#{uuid,jdbcType=VARCHAR}, | |||
#{organizationUuid,jdbcType=VARCHAR}, | |||
#{groupUuid,jdbcType=VARCHAR}, | |||
#{componentUuid,jdbcType=BIGINT}, | |||
#{role,jdbcType=VARCHAR} | |||
@@ -244,7 +236,6 @@ | |||
delete from group_roles | |||
where | |||
role=#{permission,jdbcType=VARCHAR} and | |||
organization_uuid=#{organizationUuid,jdbcType=VARCHAR} and | |||
<choose> | |||
<when test="rootComponentUuid != null"> | |||
component_uuid=#{rootComponentUuid,jdbcType=BIGINT} | |||
@@ -263,12 +254,4 @@ | |||
</otherwise> | |||
</choose> | |||
</delete> | |||
<delete id="deleteByOrganization" parameterType="String"> | |||
delete from | |||
group_roles | |||
where | |||
organization_uuid=#{organizationUuid,jdbcType=VARCHAR} | |||
</delete> | |||
</mapper> |
@@ -6,22 +6,21 @@ | |||
<select id="selectUserPermissionsByQueryAndUserUuids" parameterType="map" resultType="org.sonar.db.permission.UserPermissionDto"> | |||
select | |||
u.uuid as userUuid, | |||
ur.organization_uuid as organizationUuid, | |||
ur.component_uuid as componentUuid, | |||
ur.role as permission | |||
<include refid="sqlQueryJoins" /> | |||
<include refid="sqlQueryJoins"/> | |||
<where> | |||
u.uuid in <foreach collection="userUuids" open="(" close=")" item="userUuid" separator=",">#{userUuid,jdbcType=VARCHAR}</foreach> | |||
<include refid="sqlQueryFilters" /> | |||
<include refid="sqlQueryFilters"/> | |||
</where> | |||
</select> | |||
<select id="selectUserUuidsByQuery" parameterType="map" resultType="String"> | |||
select | |||
u.uuid, lower(u.name) | |||
<include refid="sqlQueryJoins" /> | |||
<include refid="sqlQueryJoins"/> | |||
<where> | |||
<include refid="sqlQueryFilters" /> | |||
<include refid="sqlQueryFilters"/> | |||
</where> | |||
group by u.uuid, lower(u.name) | |||
order by case when (count(ur.role) > 0) then 1 else 2 end asc, lower(u.name) asc | |||
@@ -31,7 +30,7 @@ | |||
select | |||
u.uuid, lower(u.name) | |||
from users u | |||
left join user_roles ur on ur.user_uuid = u.uuid and ur.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR} | |||
left join user_roles ur on ur.user_uuid = u.uuid | |||
<choose> | |||
<when test="query.componentUuid == null"> | |||
and ur.component_uuid is null | |||
@@ -41,9 +40,8 @@ | |||
</otherwise> | |||
</choose> | |||
left join components p on ur.component_uuid = p.uuid | |||
inner join organization_members om on u.uuid=om.user_uuid and om.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR} | |||
<where> | |||
<include refid="sqlQueryFilters" /> | |||
<include refid="sqlQueryFilters"/> | |||
</where> | |||
group by u.uuid, lower(u.name) | |||
order by case when (count(distinct ur.role) > 0) then 1 else 2 end asc, lower(u.name) asc | |||
@@ -51,9 +49,9 @@ | |||
<select id="countUsersByQuery" parameterType="map" resultType="int"> | |||
select count(distinct(u.uuid)) | |||
<include refid="sqlQueryJoins" /> | |||
<include refid="sqlQueryJoins"/> | |||
<where> | |||
<include refid="sqlQueryFilters" /> | |||
<include refid="sqlQueryFilters"/> | |||
</where> | |||
</select> | |||
@@ -61,7 +59,6 @@ | |||
from users u | |||
left join user_roles ur on ur.user_uuid = u.uuid | |||
left join components p on ur.component_uuid = p.uuid | |||
inner join organization_members om on u.uuid=om.user_uuid and om.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR} | |||
</sql> | |||
<sql id="sqlQueryFilters"> | |||
@@ -74,7 +71,6 @@ | |||
</if> | |||
<!-- filter rows with user permissions --> | |||
<if test="query.withAtLeastOnePermission()"> | |||
and ur.organization_uuid = om.organization_uuid | |||
and ur.role is not null | |||
<if test="query.componentUuid==null"> | |||
and ur.component_uuid is null | |||
@@ -92,7 +88,6 @@ | |||
select ur.role | |||
from user_roles ur | |||
where | |||
ur.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||
ur.user_uuid = #{userUuid,jdbcType=VARCHAR} and | |||
ur.component_uuid is null | |||
</select> | |||
@@ -137,17 +132,17 @@ | |||
<insert id="insert" parameterType="org.sonar.db.permission.UserPermissionDto" useGeneratedKeys="false"> | |||
insert into user_roles ( | |||
uuid, | |||
organization_uuid, | |||
uuid, | |||
user_uuid, | |||
component_uuid, | |||
role | |||
) values ( | |||
#{uuid,jdbcType=VARCHAR}, | |||
#{organizationUuid,jdbcType=VARCHAR}, | |||
#{userUuid,jdbcType=VARCHAR}, | |||
#{componentUuid,jdbcType=VARCHAR}, | |||
#{permission,jdbcType=VARCHAR} | |||
#{defaultOrgUuid,jdbcType=VARCHAR}, | |||
#{dto.uuid,jdbcType=VARCHAR}, | |||
#{dto.userUuid,jdbcType=VARCHAR}, | |||
#{dto.componentUuid,jdbcType=VARCHAR}, | |||
#{dto.permission,jdbcType=VARCHAR} | |||
) | |||
</insert> | |||
@@ -156,7 +151,6 @@ | |||
where | |||
role = #{permission,jdbcType=VARCHAR} and | |||
user_uuid = #{userUuid,jdbcType=VARCHAR} and | |||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||
component_uuid is null | |||
</delete> | |||
@@ -182,21 +176,6 @@ | |||
and role = #{permission,jdbcType=VARCHAR} | |||
</delete> | |||
<delete id="deleteByOrganization" parameterType="String"> | |||
delete from | |||
user_roles | |||
where | |||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||
</delete> | |||
<delete id="deleteOrganizationMemberPermissions" parameterType="map"> | |||
delete from | |||
user_roles | |||
where | |||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||
user_uuid = #{userUuid,jdbcType=VARCHAR} | |||
</delete> | |||
<delete id="deleteByUserUuid" parameterType="String"> | |||
DELETE FROM user_roles WHERE user_uuid=#{userUuid,jdbcType=VARCHAR} | |||
</delete> |
@@ -58,13 +58,6 @@ | |||
AND permission_reference = #{permission} | |||
</delete> | |||
<delete id="deleteUserPermissionsByOrganization" parameterType="map"> | |||
delete from perm_templates_users | |||
where | |||
user_uuid = #{userUuid,jdbcType=VARCHAR} | |||
and template_uuid in (select uuid from permission_templates where organization_uuid=#{organizationUuid,jdbcType=VARCHAR}) | |||
</delete> | |||
<delete id="deleteUserPermissionsByUserUuid" parameterType="String"> | |||
delete from perm_templates_users | |||
where | |||
@@ -140,10 +133,7 @@ | |||
<sql id="userLoginsByQueryAndTemplate"> | |||
FROM users u | |||
LEFT JOIN perm_templates_users ptu ON ptu.user_uuid=u.uuid | |||
AND ptu.template_uuid=#{templateUuid} | |||
INNER JOIN organization_members om ON u.uuid=om.user_uuid | |||
AND om.organization_uuid=#{query.organizationUuid} | |||
LEFT JOIN perm_templates_users ptu ON ptu.user_uuid=u.uuid AND ptu.template_uuid=#{templateUuid} | |||
<where> | |||
u.active = ${_true} | |||
<if test="query.getSearchQueryToSql() != null"> | |||
@@ -160,7 +150,7 @@ | |||
<select id="selectGroupNamesByQueryAndTemplate" parameterType="map" resultType="string"> | |||
select groups.name, lower(groups.name), groups.group_uuid | |||
<include refid="groupNamesByQueryAndTemplate" /> | |||
<include refid="groupNamesByQueryAndTemplate"/> | |||
group by groups.name, lower(groups.name), groups.group_uuid | |||
order by case when (count(groups.permission) > 0) then 1 else 2 end asc, lower(groups.name), groups.name, groups.group_uuid | |||
</select> | |||
@@ -169,7 +159,7 @@ | |||
SELECT COUNT(1) | |||
FROM ( | |||
SELECT DISTINCT group_uuid | |||
<include refid="groupNamesByQueryAndTemplate" />) g | |||
<include refid="groupNamesByQueryAndTemplate"/>) g | |||
</select> | |||
<sql id="groupNamesByQueryAndTemplate"> | |||
@@ -183,8 +173,6 @@ | |||
LEFT JOIN perm_templates_groups ptg ON | |||
ptg.group_uuid=g.uuid | |||
AND ptg.template_uuid=#{templateUuid} | |||
where | |||
g.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR} | |||
UNION ALL | |||
SELECT | |||
'Anyone' AS group_uuid, | |||
@@ -194,12 +182,11 @@ | |||
FROM groups g | |||
LEFT JOIN perm_templates_groups ptg ON | |||
ptg.template_uuid=#{templateUuid} | |||
<if test="query.withAtLeastOnePermission()"> | |||
<where> | |||
g.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR} | |||
<if test="query.withAtLeastOnePermission()"> | |||
AND ptg.group_uuid IS NULL | |||
</if> | |||
ptg.group_uuid IS NULL | |||
</where> | |||
</if> | |||
) groups | |||
<where> | |||
<if test="query.searchQueryToSql != null"> | |||
@@ -216,7 +203,7 @@ | |||
</sql> | |||
<sql id="templateColumns"> | |||
organization_uuid as organizationUuid, name, uuid, description, key_pattern AS keyPattern, created_at AS createdAt, updated_at AS updatedAt | |||
name, uuid, description, key_pattern AS keyPattern, created_at AS createdAt, updated_at AS updatedAt | |||
</sql> | |||
<select id="selectByUuid" parameterType="String" resultType="PermissionTemplate"> | |||
@@ -230,10 +217,8 @@ | |||
select | |||
<include refid="templateColumns"/> | |||
from permission_templates | |||
where | |||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||
<if test="upperCaseNameLikeSql != null"> | |||
and upper(name) like #{upperCaseNameLikeSql} escape '/' | |||
where upper(name) like #{upperCaseNameLikeSql} escape '/' | |||
</if> | |||
order by upper(name), name | |||
</select> | |||
@@ -243,7 +228,6 @@ | |||
<include refid="templateColumns"/> | |||
from permission_templates | |||
where | |||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||
upper(name) = #{name,jdbcType=VARCHAR} | |||
</select> | |||
@@ -404,13 +388,11 @@ | |||
</if> | |||
</select> | |||
<select id="selectTemplateUuidsByOrganization" resultType="String"> | |||
<select id="selectTemplateUuidsn" resultType="String"> | |||
select | |||
uuid | |||
from | |||
permission_templates | |||
where | |||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||
</select> | |||
<select id="selectAllGroupPermissionTemplatesByGroupUuid" parameterType="string" resultType="PermissionTemplateGroup"> |
@@ -8,7 +8,6 @@ | |||
g.uuid as uuid, | |||
g.name as name, | |||
g.description as description, | |||
g.organization_uuid as organizationUuid, | |||
g.created_at as "createdAt", | |||
g.updated_at as "updatedAt" | |||
</sql> | |||
@@ -17,7 +16,7 @@ | |||
select | |||
<include refid="groupColumns"/> | |||
from groups g | |||
where g.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and g.name = #{name,jdbcType=VARCHAR} | |||
where g.name = #{name,jdbcType=VARCHAR} | |||
</select> | |||
<select id="selectByUuids" parameterType="String" resultType="Group"> | |||
@@ -46,13 +45,6 @@ | |||
</where> | |||
</delete> | |||
<delete id="deleteByOrganization" parameterType="String"> | |||
delete from | |||
groups | |||
where | |||
organization_uuid=#{organizationUuid,jdbcType=VARCHAR} | |||
</delete> | |||
<select id="selectByUserLogin" parameterType="string" resultType="Group"> | |||
select | |||
<include refid="groupColumns"/> | |||
@@ -67,7 +59,6 @@ | |||
<include refid="groupColumns"/> | |||
from groups g | |||
where | |||
g.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||
g.name in | |||
<foreach item="name" index="index" collection="names" open="(" separator="," close=")"> | |||
#{name,jdbcType=VARCHAR} | |||
@@ -84,7 +75,7 @@ | |||
updated_at | |||
) values ( | |||
#{uuid,jdbcType=VARCHAR}, | |||
#{organizationUuid,jdbcType=VARCHAR}, | |||
'asd', | |||
#{name,jdbcType=VARCHAR}, | |||
#{description,jdbcType=VARCHAR}, | |||
#{createdAt,jdbcType=TIMESTAMP}, | |||
@@ -104,10 +95,8 @@ | |||
select | |||
<include refid="groupColumns"/> | |||
from groups g | |||
where | |||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||
<if test="query!=null"> | |||
and upper(g.name) like #{query,jdbcType=VARCHAR} escape '/' | |||
where upper(g.name) like #{query,jdbcType=VARCHAR} escape '/' | |||
</if> | |||
order by upper(g.name) | |||
</select> | |||
@@ -115,28 +104,8 @@ | |||
<select id="countByQuery" parameterType="map" resultType="int"> | |||
select count(1) | |||
from groups g | |||
where | |||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||
<if test="query!=null"> | |||
and upper(g.name) like #{query,jdbcType=VARCHAR} escape '/' | |||
where upper(g.name) like #{query,jdbcType=VARCHAR} escape '/' | |||
</if> | |||
</select> | |||
<select id="countGroupByOrganizationAndUuid" parameterType="map" resultType="int"> | |||
select | |||
count(1) | |||
from groups g | |||
where | |||
g.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||
and g.uuid = #{groupUuid,jdbcType=VARCHAR} | |||
</select> | |||
<select id="selectByOrganizationUuid" parameterType="map" resultType="Group"> | |||
select | |||
<include refid="groupColumns"/> | |||
from groups g | |||
where g.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||
order by upper(g.name) | |||
</select> | |||
</mapper> |
@@ -7,7 +7,6 @@ | |||
FROM groups g | |||
LEFT JOIN groups_users gu ON gu.group_uuid=g.uuid AND gu.user_uuid=#{userUuid} | |||
<where> | |||
AND g.organization_uuid=#{organizationUuid} | |||
<choose> | |||
<when test="query.membership() == 'IN'"> | |||
AND gu.user_uuid IS NOT NULL | |||
@@ -46,7 +45,7 @@ | |||
GROUP BY g.name | |||
</select> | |||
<select id="selectGroupsByLogins" parameterType="string" resultType="org.sonar.db.user.LoginGroup"> | |||
<select id="selectGroupsByLogins" parameterType="string" resultType="org.sonar.db.user.LoginGroup"> | |||
SELECT u.login as login, g.name as groupName | |||
FROM users u | |||
LEFT JOIN groups_users gu ON gu.user_uuid=u.uuid | |||
@@ -60,25 +59,22 @@ | |||
ORDER BY u.login, g.name, g.created_at | |||
</select> | |||
<select id="selectGroupsByLoginsAndOrganization" parameterType="map" resultType="org.sonar.db.user.LoginGroup"> | |||
SELECT u.login as login, g.name as groupName | |||
<select id="countGroupsByLogins" parameterType="string" resultType="org.sonar.db.user.LoginGroupCount"> | |||
SELECT u.login as login, count(gu.group_uuid) as groupCount | |||
FROM users u | |||
LEFT JOIN groups_users gu ON gu.user_uuid=u.uuid | |||
INNER JOIN groups g ON gu.group_uuid=g.uuid | |||
<where> | |||
u.login in | |||
<foreach collection="logins" open="(" close=")" item="login" separator=","> | |||
#{login} | |||
</foreach> | |||
and g.organization_uuid=#{organizationUuid,jdbcType=VARCHAR} | |||
</where> | |||
ORDER BY u.login, g.name, g.created_at | |||
group by g.uuid | |||
</select> | |||
<sql id="userCommonClauses"> | |||
FROM users u | |||
LEFT JOIN groups_users gu ON gu.user_uuid=u.uuid AND gu.group_uuid=#{groupUuid} | |||
INNER JOIN organization_members om ON u.uuid=om.user_uuid AND om.organization_uuid=#{organizationUuid} | |||
<where> | |||
<choose> | |||
<when test="query.membership() == 'IN'"> | |||
@@ -114,4 +110,6 @@ | |||
from groups_users | |||
where user_uuid = #{userUuid} | |||
</select> | |||
</mapper> |
@@ -24,12 +24,6 @@ | |||
where group_uuid = #{groupUuid,jdbcType=VARCHAR} | |||
</delete> | |||
<delete id="deleteByOrganizationAndUser" parameterType="map"> | |||
delete from groups_users | |||
where user_uuid = #{userUuid,jdbcType=VARCHAR} and | |||
group_uuid in (select uuid from groups where organization_uuid=#{organizationUuid,jdbcType=VARCHAR}) | |||
</delete> | |||
<delete id="deleteByUserUuid" parameterType="String"> | |||
DELETE FROM groups_users WHERE user_uuid=#{userUuid,jdbcType=VARCHAR} | |||
</delete> |
@@ -1,141 +0,0 @@ | |||
/* | |||
* SonarQube | |||
* Copyright (C) 2009-2020 SonarSource SA | |||
* mailto:info AT sonarsource DOT com | |||
* | |||
* This program is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.db.organization; | |||
import com.tngtech.java.junit.dataprovider.DataProvider; | |||
import com.tngtech.java.junit.dataprovider.DataProviderRunner; | |||
import com.tngtech.java.junit.dataprovider.UseDataProvider; | |||
import java.util.List; | |||
import java.util.Random; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.junit.rules.ExpectedException; | |||
import org.junit.runner.RunWith; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import static java.util.Arrays.asList; | |||
import static java.util.Collections.emptyList; | |||
import static java.util.Collections.singletonList; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.mockito.Mockito.mock; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
@RunWith(DataProviderRunner.class) | |||
public class OrganizationHelperTest { | |||
private static final Random RANDOM = new Random(); | |||
@Rule | |||
public DbTester db = DbTester.create(mock(System2.class)).setDisableDefaultOrganization(true); | |||
public DbSession dbSession = db.getSession(); | |||
@Rule | |||
public ExpectedException expectedException = ExpectedException.none(); | |||
private final OrganizationHelper underTest = new OrganizationHelper(db.getDbClient()); | |||
@Test | |||
public void returns_empty_list_when_user_is_not_admin_of_any_orgs() { | |||
UserDto user1 = db.users().insertUser(); | |||
OrganizationDto org1 = db.organizations().insert(); | |||
GroupDto group1 = db.users().insertGroup(org1); | |||
db.users().insertMember(group1, user1); | |||
assertThat(underTest.selectOrganizationsWithLastAdmin(dbSession, user1.getUuid())).isEmpty(); | |||
} | |||
@Test | |||
public void returns_orgs_where_user_is_last_admin() { | |||
UserDto user1 = db.users().insertUser(); | |||
UserDto user2 = db.users().insertUser(); | |||
OrganizationDto org1 = db.organizations().insert(); | |||
OrganizationDto org2 = db.organizations().insert(); | |||
setAsDirectOrIndirectAdmin(user1, org1); | |||
setAsDirectOrIndirectAdmin(user2, org1); | |||
setAsDirectOrIndirectAdmin(user1, org2); | |||
assertThat(underTest.selectOrganizationsWithLastAdmin(dbSession, user1.getUuid())) | |||
.extracting(OrganizationDto::getKey) | |||
.containsExactly(org2.getKey()); | |||
} | |||
@Test | |||
@UseDataProvider("adminUserCombinationsAndExpectedOrgKeys") | |||
public void returns_correct_orgs_for_interesting_combinations_of_last_admin_or_not( | |||
boolean user2IsAdminOfOrg1, boolean user1IsAdminOfOrg2, boolean user2IsAdminOfOrg2, List<String> expectedOrgKeys) { | |||
UserDto user1 = db.users().insertUser(); | |||
UserDto user2 = db.users().insertUser(); | |||
OrganizationDto org1 = db.organizations().insert(o -> o.setKey("org1")); | |||
OrganizationDto org2 = db.organizations().insert(o -> o.setKey("org2")); | |||
setAsDirectOrIndirectAdmin(user1, org1); | |||
if (user2IsAdminOfOrg1) { | |||
setAsDirectOrIndirectAdmin(user2, org1); | |||
} | |||
if (user1IsAdminOfOrg2) { | |||
setAsDirectOrIndirectAdmin(user1, org2); | |||
} | |||
if (user2IsAdminOfOrg2) { | |||
setAsDirectOrIndirectAdmin(user2, org2); | |||
} | |||
assertThat(underTest.selectOrganizationsWithLastAdmin(dbSession, user1.getUuid())) | |||
.extracting(OrganizationDto::getKey) | |||
.containsExactlyInAnyOrderElementsOf(expectedOrgKeys); | |||
} | |||
@DataProvider | |||
public static Object[][] adminUserCombinationsAndExpectedOrgKeys() { | |||
return new Object[][] { | |||
// note: user1 is always admin of org1 | |||
// param 1: user2 is admin of org1 | |||
// param 2: user1 is admin of org2 | |||
// param 3: user2 is admin of org2 | |||
// param 4: list of orgs preventing user1 to delete | |||
{true, true, true, emptyList()}, | |||
{true, true, false, singletonList("org2")}, | |||
{true, false, true, emptyList()}, | |||
{true, false, false, emptyList()}, | |||
{false, true, true, singletonList("org1")}, | |||
{false, true, false, asList("org1", "org2")}, | |||
{false, false, true, singletonList("org1")}, | |||
{false, false, false, singletonList("org1")}, | |||
}; | |||
} | |||
private void setAsDirectOrIndirectAdmin(UserDto user, OrganizationDto organization) { | |||
boolean useDirectAdmin = RANDOM.nextBoolean(); | |||
if (useDirectAdmin) { | |||
db.users().insertPermissionOnUser(organization, user, ADMINISTER); | |||
} else { | |||
GroupDto group = db.users().insertGroup(organization); | |||
db.users().insertPermissionOnGroup(group, ADMINISTER); | |||
db.users().insertMember(group, user); | |||
} | |||
} | |||
} |
@@ -39,21 +39,16 @@ import org.sonar.db.DbTester; | |||
import org.sonar.db.EmailSubscriberDto; | |||
import org.sonar.db.component.BranchType; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import static com.google.common.collect.Sets.newHashSet; | |||
import static java.util.Collections.singleton; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; | |||
import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; | |||
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; | |||
import static org.sonar.db.permission.OrganizationPermission.SCAN; | |||
public class AuthorizationDaoTest { | |||
@@ -69,7 +64,6 @@ public class AuthorizationDaoTest { | |||
private final Random random = new Random(); | |||
private DbSession dbSession = db.getSession(); | |||
private AuthorizationDao underTest = new AuthorizationDao(); | |||
private OrganizationDto organization; | |||
private UserDto user; | |||
private GroupDto group1; | |||
private GroupDto group2; | |||
@@ -80,18 +74,17 @@ public class AuthorizationDaoTest { | |||
@Before | |||
public void setUp() { | |||
organization = db.organizations().insert(); | |||
user = db.users().insertUser(); | |||
group1 = db.users().insertGroup(organization, "group1"); | |||
group2 = db.users().insertGroup(organization, "group2"); | |||
group1 = db.users().insertGroup("group1"); | |||
group2 = db.users().insertGroup("group2"); | |||
randomExistingUserUuids = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | |||
.mapToObj(i -> db.users().insertUser().getUuid()) | |||
.collect(MoreCollectors.toSet()); | |||
randomPublicProjectUuids = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | |||
.mapToObj(i -> db.components().insertPublicProject(organization).uuid()) | |||
.mapToObj(i -> db.components().insertPublicProject().uuid()) | |||
.collect(MoreCollectors.toSet()); | |||
randomPrivateProjectUuids = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | |||
.mapToObj(i -> db.components().insertPrivateProject(organization).uuid()) | |||
.mapToObj(i -> db.components().insertPrivateProject().uuid()) | |||
.collect(MoreCollectors.toSet()); | |||
} | |||
@@ -103,38 +96,21 @@ public class AuthorizationDaoTest { | |||
*/ | |||
@Test | |||
public void selectOrganizationPermissions_for_logged_in_user() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
db.users().insertMember(group1, user); | |||
db.users().insertPermissionOnUser(organization, user, "perm1"); | |||
db.users().insertPermissionOnUser(user, "perm1"); | |||
db.users().insertProjectPermissionOnUser(user, "perm42", project); | |||
db.users().insertPermissionOnGroup(group1, "perm2"); | |||
db.users().insertPermissionOnAnyone(organization, "perm3"); | |||
db.users().insertPermissionOnAnyone("perm3"); | |||
// ignored permissions, user is not member of this group | |||
db.users().insertPermissionOnGroup(group2, "ignored"); | |||
Set<String> permissions = underTest.selectOrganizationPermissions(dbSession, organization.getUuid(), user.getUuid()); | |||
Set<String> permissions = underTest.selectGlobalPermissions(dbSession, user.getUuid()); | |||
assertThat(permissions).containsOnly("perm1", "perm2", "perm3"); | |||
} | |||
/** | |||
* Anonymous user only benefits from the permissions granted to | |||
* "Anyone" | |||
*/ | |||
@Test | |||
public void selectOrganizationPermissions_for_anonymous_user() { | |||
db.users().insertPermissionOnAnyone(organization, "perm1"); | |||
// ignored permissions | |||
db.users().insertPermissionOnUser(organization, user, "ignored"); | |||
db.users().insertPermissionOnGroup(group1, "ignored"); | |||
Set<String> permissions = underTest.selectOrganizationPermissionsOfAnonymous(dbSession, organization.getUuid()); | |||
assertThat(permissions).containsOnly("perm1"); | |||
} | |||
@Test | |||
public void countUsersWithGlobalPermissionExcludingGroup() { | |||
// users with global permission "perm1" : | |||
@@ -148,46 +124,41 @@ public class AuthorizationDaoTest { | |||
UserDto user4 = db.users().insertUser(); | |||
UserDto user5 = db.users().insertUser(); | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto group1 = db.users().insertGroup(organization, "g1"); | |||
GroupDto group1 = db.users().insertGroup("g1"); | |||
db.users().insertPermissionOnGroup(group1, "perm1"); | |||
db.users().insertPermissionOnGroup(group1, "perm2"); | |||
db.users().insertMember(group1, user1); | |||
db.users().insertMember(group1, user2); | |||
GroupDto group2 = db.users().insertGroup(organization, "g2"); | |||
GroupDto group2 = db.users().insertGroup("g2"); | |||
db.users().insertPermissionOnGroup(group2, "perm1"); | |||
db.users().insertPermissionOnGroup(group2, "perm2"); | |||
db.users().insertMember(group2, user1); | |||
db.users().insertMember(group2, user3); | |||
// group3 has the permission "perm1" but has no users | |||
GroupDto group3 = db.users().insertGroup(organization, "g2"); | |||
GroupDto group3 = db.users().insertGroup("g2"); | |||
db.users().insertPermissionOnGroup(group3, "perm1"); | |||
db.users().insertPermissionOnUser(organization, user4, "perm1"); | |||
db.users().insertPermissionOnUser(organization, user4, "perm2"); | |||
db.users().insertPermissionOnAnyone(organization, "perm1"); | |||
// other organizations are ignored | |||
OrganizationDto org2 = db.organizations().insert(); | |||
db.users().insertPermissionOnUser(org2, user1, "perm1"); | |||
db.users().insertPermissionOnUser(user4, "perm1"); | |||
db.users().insertPermissionOnUser(user4, "perm2"); | |||
db.users().insertPermissionOnAnyone("perm1"); | |||
// excluding group "g1" -> remain u1, u3 and u4 | |||
assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | |||
organization.getUuid(), "perm1", group1.getUuid())).isEqualTo(3); | |||
"perm1", group1.getUuid())).isEqualTo(3); | |||
// excluding group "g2" -> remain u1, u2 and u4 | |||
assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | |||
organization.getUuid(), "perm1", group2.getUuid())).isEqualTo(3); | |||
"perm1", group2.getUuid())).isEqualTo(3); | |||
// excluding group "g3" -> remain u1, u2, u3 and u4 | |||
assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | |||
organization.getUuid(), "perm1", group3.getUuid())).isEqualTo(4); | |||
"perm1", group3.getUuid())).isEqualTo(4); | |||
// nobody has the permission | |||
assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | |||
organization.getUuid(), "missingPermission", group1.getUuid())).isEqualTo(0); | |||
"missingPermission", group1.getUuid())).isEqualTo(0); | |||
} | |||
@Test | |||
@@ -198,34 +169,29 @@ public class AuthorizationDaoTest { | |||
UserDto user2 = db.users().insertUser(); | |||
UserDto user3 = db.users().insertUser(); | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto group1 = db.users().insertGroup(organization, "g1"); | |||
GroupDto group1 = db.users().insertGroup("g1"); | |||
db.users().insertPermissionOnGroup(group1, "p1"); | |||
db.users().insertPermissionOnGroup(group1, "p2"); | |||
db.users().insertMember(group1, user1); | |||
db.users().insertMember(group1, user2); | |||
db.users().insertPermissionOnUser(organization, user3, "p1"); | |||
db.users().insertPermissionOnAnyone(organization, "p1"); | |||
// other organizations are ignored | |||
OrganizationDto org2 = db.organizations().insert(); | |||
db.users().insertPermissionOnUser(org2, user1, "p1"); | |||
db.users().insertPermissionOnUser(user3, "p1"); | |||
db.users().insertPermissionOnAnyone("p1"); | |||
// excluding user1 -> remain user2 and user3 | |||
assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | |||
organization.getUuid(), "p1", user1.getUuid())).isEqualTo(2); | |||
"p1", user1.getUuid())).isEqualTo(2); | |||
// excluding user3 -> remain the members of group g1 | |||
assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | |||
organization.getUuid(), "p1", user3.getUuid())).isEqualTo(2); | |||
"p1", user3.getUuid())).isEqualTo(2); | |||
// excluding unknown user | |||
assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | |||
organization.getUuid(), "p1", "-1")).isEqualTo(3); | |||
"p1", "-1")).isEqualTo(3); | |||
// nobody has the permission | |||
assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | |||
organization.getUuid(), "missingPermission", user1.getUuid())).isEqualTo(0); | |||
"missingPermission", user1.getUuid())).isEqualTo(0); | |||
} | |||
@Test | |||
@@ -236,18 +202,17 @@ public class AuthorizationDaoTest { | |||
UserDto user2 = db.users().insertUser(); | |||
UserDto user3 = db.users().insertUser(); | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto group1 = db.users().insertGroup(organization); | |||
GroupDto group1 = db.users().insertGroup(); | |||
db.users().insertPermissionOnGroup(group1, ADMINISTER); | |||
db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS); | |||
db.users().insertMember(group1, user1); | |||
db.users().insertMember(group1, user2); | |||
db.users().insertPermissionOnUser(organization, user3, ADMINISTER); | |||
db.users().insertPermissionOnAnyone(organization, ADMINISTER); | |||
db.users().insertPermissionOnUser(user3, ADMINISTER); | |||
db.users().insertPermissionOnAnyone(ADMINISTER); | |||
assertThat(underTest.selectUserUuidsWithGlobalPermission(db.getSession(), organization.getUuid(), ADMINISTER.getKey())) | |||
assertThat(underTest.selectUserUuidsWithGlobalPermission(db.getSession(), ADMINISTER.getKey())) | |||
.containsExactlyInAnyOrder(user1.getUuid(), user2.getUuid(), user3.getUuid()); | |||
assertThat(underTest.selectUserUuidsWithGlobalPermission(db.getSession(), organization.getUuid(), PROVISION_PROJECTS.getKey())) | |||
assertThat(underTest.selectUserUuidsWithGlobalPermission(db.getSession(), PROVISION_PROJECTS.getKey())) | |||
.containsExactlyInAnyOrder(user1.getUuid(), user2.getUuid()); | |||
} | |||
@@ -321,8 +286,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedProjectUuids_returns_public_project_if_user_is_granted_project_permission_directly() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
ComponentDto otherProject = db.components().insertPublicProject(); | |||
UserDto otherUser = db.users().insertUser(); | |||
db.users().insertProjectPermissionOnUser(user, randomPermission, project); | |||
@@ -338,8 +303,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedProjectUuids_returns_public_project_if_user_is_granted_project_permission_by_group() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
ComponentDto otherProject = db.components().insertPublicProject(); | |||
UserDto otherUser = db.users().insertUser(); | |||
db.users().insertMember(group1, user); | |||
db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | |||
@@ -356,8 +321,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedProjectUuids_returns_public_project_if_group_AnyOne_is_granted_project_permission_directly() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
ComponentDto otherProject = db.components().insertPublicProject(); | |||
db.users().insertProjectPermissionOnAnyone(randomPermission, project); | |||
assertThat(underTest.keepAuthorizedProjectUuids(dbSession, singleton(project.uuid()), null, randomPermission)) | |||
@@ -416,8 +381,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedProjectUuids_returns_private_project_if_user_is_granted_project_permission_directly() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto otherProject = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
ComponentDto otherProject = db.components().insertPrivateProject(); | |||
UserDto otherUser = db.users().insertUser(); | |||
db.users().insertProjectPermissionOnUser(user, randomPermission, project); | |||
@@ -433,8 +398,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedProjectUuids_returns_private_project_if_user_is_granted_project_permission_by_group() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto otherProject = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
ComponentDto otherProject = db.components().insertPrivateProject(); | |||
UserDto otherUser = db.users().insertUser(); | |||
db.users().insertMember(group1, user); | |||
db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | |||
@@ -451,11 +416,11 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void user_should_be_authorized() { | |||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||
ComponentDto project3 = db.components().insertPrivateProject(organization); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
ComponentDto project3 = db.components().insertPrivateProject(); | |||
UserDto user = db.users().insertUser("u1"); | |||
GroupDto group = db.users().insertGroup(organization); | |||
GroupDto group = db.users().insertGroup(); | |||
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project2); | |||
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project3); | |||
db.users().insertMember(group, user); | |||
@@ -474,11 +439,11 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void group_should_be_authorized() { | |||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||
ComponentDto project3 = db.components().insertPrivateProject(organization); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
ComponentDto project3 = db.components().insertPrivateProject(); | |||
UserDto user1 = db.users().insertUser("u1"); | |||
GroupDto group = db.users().insertGroup(organization); | |||
GroupDto group = db.users().insertGroup(); | |||
db.users().insertMembers(group, user1); | |||
db.users().insertProjectPermissionOnUser(user1, UserRole.USER, project1); | |||
db.users().insertProjectPermissionOnGroup(group, UserRole.USER, project2); | |||
@@ -494,10 +459,10 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void anonymous_should_be_authorized() { | |||
ComponentDto project1 = db.components().insertPublicProject(organization); | |||
ComponentDto project2 = db.components().insertPublicProject(organization); | |||
ComponentDto project1 = db.components().insertPublicProject(); | |||
ComponentDto project2 = db.components().insertPublicProject(); | |||
UserDto user1 = db.users().insertUser("u1"); | |||
GroupDto group = db.users().insertGroup(organization); | |||
GroupDto group = db.users().insertGroup(); | |||
db.users().insertMembers(group, user1); | |||
assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(project1.uuid(), project2.uuid()), null, UserRole.USER)) | |||
@@ -510,7 +475,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedProjectUuids_should_be_able_to_handle_lots_of_projects() { | |||
List<ComponentDto> projects = IntStream.range(0, 2000).mapToObj(i -> db.components().insertPublicProject(organization)).collect(Collectors.toList()); | |||
List<ComponentDto> projects = IntStream.range(0, 2000).mapToObj(i -> db.components().insertPublicProject()).collect(Collectors.toList()); | |||
Collection<String> uuids = projects.stream().map(ComponentDto::uuid).collect(Collectors.toSet()); | |||
assertThat(underTest.keepAuthorizedProjectUuids(dbSession, uuids, null, UserRole.USER)) | |||
@@ -519,8 +484,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_if_user_set_is_empty_on_public_project() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, Collections.emptySet(), UserRole.USER, project.uuid())) | |||
.isEmpty(); | |||
@@ -528,7 +492,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_non_existent_users() { | |||
ComponentDto project = random.nextBoolean() ? db.components().insertPublicProject(organization) : db.components().insertPrivateProject(organization); | |||
ComponentDto project = random.nextBoolean() ? db.components().insertPublicProject() : db.components().insertPrivateProject(); | |||
Set<String> randomNonExistingUserUuidsSet = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | |||
.mapToObj(i -> Uuids.createFast()) | |||
.collect(MoreCollectors.toSet()); | |||
@@ -539,7 +503,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_any_users_for_public_project_without_any_permission_in_DB_and_permission_USER() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.USER, project.uuid())) | |||
.containsAll(randomExistingUserUuids); | |||
@@ -547,7 +511,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_any_users_for_public_project_without_any_permission_in_DB_and_permission_CODEVIEWER() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.CODEVIEWER, project.uuid())) | |||
.containsAll(randomExistingUserUuids); | |||
@@ -555,7 +519,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_users_on_public_project_without_any_permission_in_DB() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, randomPermission, project.uuid())) | |||
.isEmpty(); | |||
@@ -563,8 +527,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_directly_on_public_project() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
ComponentDto otherProject = db.components().insertPublicProject(); | |||
UserDto otherUser = db.users().insertUser(); | |||
db.users().insertProjectPermissionOnUser(user, randomPermission, project); | |||
@@ -580,8 +544,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_by_group_on_public_project() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
ComponentDto otherProject = db.components().insertPublicProject(); | |||
UserDto otherUser = db.users().insertUser(); | |||
db.users().insertMember(group1, user); | |||
db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | |||
@@ -598,8 +562,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_does_not_return_user_if_granted_project_permission_by_AnyOne_on_public_project() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
ComponentDto otherProject = db.components().insertPublicProject(); | |||
UserDto otherUser = db.users().insertUser(); | |||
db.users().insertProjectPermissionOnAnyone(randomPermission, project); | |||
@@ -615,7 +579,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_user_on_private_project_without_any_permission_in_DB_and_permission_USER() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.USER, project.uuid())) | |||
.isEmpty(); | |||
@@ -623,7 +587,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_user_on_private_project_without_any_permission_in_DB_and_permission_CODEVIEWER() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.CODEVIEWER, project.uuid())) | |||
.isEmpty(); | |||
@@ -631,7 +595,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_users_and_any_permission_on_private_project_without_any_permission_in_DB() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
PermissionsTestHelper.ALL_PERMISSIONS | |||
.forEach(perm -> { | |||
@@ -644,8 +608,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_directly_on_private_project() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
ComponentDto otherProject = db.components().insertPublicProject(); | |||
UserDto otherUser = db.users().insertUser(); | |||
db.users().insertProjectPermissionOnUser(user, randomPermission, project); | |||
@@ -661,8 +625,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_by_group_on_private_project() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
ComponentDto otherProject = db.components().insertPublicProject(); | |||
UserDto otherUser = db.users().insertUser(); | |||
db.users().insertMember(group1, user); | |||
db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | |||
@@ -679,14 +643,14 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keep_authorized_users_returns_empty_list_for_role_and_project_for_anonymous() { | |||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||
ComponentDto project3 = db.components().insertPrivateProject(organization); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
ComponentDto project3 = db.components().insertPrivateProject(); | |||
UserDto user1 = db.users().insertUser("u1"); | |||
UserDto user2 = db.users().insertUser("u2"); | |||
UserDto user3 = db.users().insertUser("u3"); | |||
GroupDto group1 = db.users().insertGroup(organization); | |||
GroupDto group2 = db.users().insertGroup(organization); | |||
GroupDto group1 = db.users().insertGroup(); | |||
GroupDto group2 = db.users().insertGroup(); | |||
db.users().insertMembers(group1, user1, user2); | |||
db.users().insertMembers(group2, user3); | |||
db.users().insertProjectPermissionOnUser(user1, UserRole.USER, project1); | |||
@@ -711,7 +675,7 @@ public class AuthorizationDaoTest { | |||
public void countUsersWithGlobalPermissionExcludingGroupMember() { | |||
// u1 has the direct permission, u2 and u3 have the permission through their group | |||
UserDto u1 = db.users().insertUser(); | |||
db.users().insertPermissionOnUser(organization, u1, A_PERMISSION); | |||
db.users().insertPermissionOnUser(u1, A_PERMISSION); | |||
db.users().insertPermissionOnGroup(group1, A_PERMISSION); | |||
db.users().insertPermissionOnGroup(group1, "another-permission"); | |||
UserDto u2 = db.users().insertUser(); | |||
@@ -720,21 +684,17 @@ public class AuthorizationDaoTest { | |||
db.users().insertMember(group1, u3); | |||
// excluding u2 membership --> remain u1 and u3 | |||
int count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), A_PERMISSION, group1.getUuid(), u2.getUuid()); | |||
int count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, A_PERMISSION, group1.getUuid(), u2.getUuid()); | |||
assertThat(count).isEqualTo(2); | |||
// excluding unknown memberships | |||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), A_PERMISSION, group1.getUuid(), MISSING_UUID); | |||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, A_PERMISSION, group1.getUuid(), MISSING_UUID); | |||
assertThat(count).isEqualTo(3); | |||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), A_PERMISSION, MISSING_UUID, u2.getUuid()); | |||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, A_PERMISSION, MISSING_UUID, u2.getUuid()); | |||
assertThat(count).isEqualTo(3); | |||
// another organization | |||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, DOES_NOT_EXIST, A_PERMISSION, group1.getUuid(), u2.getUuid()); | |||
assertThat(count).isEqualTo(0); | |||
// another permission | |||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), DOES_NOT_EXIST, group1.getUuid(), u2.getUuid()); | |||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, DOES_NOT_EXIST, group1.getUuid(), u2.getUuid()); | |||
assertThat(count).isEqualTo(0); | |||
} | |||
@@ -742,98 +702,29 @@ public class AuthorizationDaoTest { | |||
public void countUsersWithGlobalPermissionExcludingUserPermission() { | |||
// u1 and u2 have the direct permission, u3 has the permission through his group | |||
UserDto u1 = db.users().insertUser(); | |||
db.users().insertPermissionOnUser(organization, u1, A_PERMISSION); | |||
db.users().insertPermissionOnUser(u1, A_PERMISSION); | |||
UserDto u2 = db.users().insertUser(); | |||
db.users().insertPermissionOnUser(organization, u2, A_PERMISSION); | |||
db.users().insertPermissionOnUser(u2, A_PERMISSION); | |||
db.users().insertPermissionOnGroup(group1, A_PERMISSION); | |||
UserDto u3 = db.users().insertUser(); | |||
db.users().insertMember(group1, u3); | |||
// excluding u2 permission --> remain u1 and u3 | |||
int count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, organization.getUuid(), A_PERMISSION, u2.getUuid()); | |||
int count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, A_PERMISSION, u2.getUuid()); | |||
assertThat(count).isEqualTo(2); | |||
// excluding unknown user | |||
count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, organization.getUuid(), A_PERMISSION, MISSING_UUID); | |||
count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, A_PERMISSION, MISSING_UUID); | |||
assertThat(count).isEqualTo(3); | |||
// another organization | |||
count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, DOES_NOT_EXIST, A_PERMISSION, u2.getUuid()); | |||
assertThat(count).isEqualTo(0); | |||
// another permission | |||
count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, organization.getUuid(), DOES_NOT_EXIST, u2.getUuid()); | |||
count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, DOES_NOT_EXIST, u2.getUuid()); | |||
assertThat(count).isEqualTo(0); | |||
} | |||
@Test | |||
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_exist() { | |||
// another user | |||
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); | |||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, MISSING_UUID, SYSTEM_ADMIN); | |||
assertThat(orgUuids).isEmpty(); | |||
} | |||
@Test | |||
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_have_permission_at_all() { | |||
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); | |||
// user is not part of this group | |||
db.users().insertPermissionOnGroup(group1, SCAN); | |||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getUuid(), SCAN.getKey()); | |||
assertThat(orgUuids).isEmpty(); | |||
} | |||
@Test | |||
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_organizations_on_which_user_has_permission() { | |||
db.users().insertPermissionOnGroup(group1, SCAN); | |||
db.users().insertPermissionOnGroup(group2, QUALITY_GATE_ADMIN); | |||
db.users().insertMember(group1, user); | |||
db.users().insertMember(group2, user); | |||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getUuid(), SCAN.getKey()); | |||
assertThat(orgUuids).containsExactly(group1.getOrganizationUuid()); | |||
} | |||
@Test | |||
public void selectOrganizationUuidsOfUserWithGlobalPermission_handles_user_permissions_and_group_permissions() { | |||
// organization: through group membership | |||
db.users().insertPermissionOnGroup(group1, SCAN); | |||
db.users().insertMember(group1, user); | |||
// org2 : direct user permission | |||
OrganizationDto org2 = db.organizations().insert(); | |||
db.users().insertPermissionOnUser(org2, user, SCAN); | |||
// org3 : another permission QUALITY_GATE_ADMIN | |||
OrganizationDto org3 = db.organizations().insert(); | |||
db.users().insertPermissionOnUser(org3, user, QUALITY_GATE_ADMIN); | |||
// exclude project permission | |||
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, db.components().insertPrivateProject()); | |||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getUuid(), SCAN.getKey()); | |||
assertThat(orgUuids).containsOnly(organization.getUuid(), org2.getUuid()); | |||
} | |||
@Test | |||
public void selectOrganizationUuidsOfUserWithGlobalPermission_ignores_anonymous_permissions() { | |||
db.users().insertPermissionOnAnyone(organization, SCAN); | |||
db.users().insertPermissionOnUser(organization, user, ADMINISTER_QUALITY_GATES); | |||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getUuid(), SCAN.getKey()); | |||
assertThat(orgUuids).isEmpty(); | |||
} | |||
@Test | |||
public void selectProjectPermissionsOfAnonymous_returns_permissions_of_anonymous_user_on_specified_public_project() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
db.users().insertProjectPermissionOnAnyone("p1", project); | |||
db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p2", project); | |||
ComponentDto otherProject = db.components().insertPublicProject(); | |||
@@ -854,7 +745,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_public_project_through_anonymous_permissions() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
db.users().insertProjectPermissionOnAnyone("p1", project); | |||
db.users().insertProjectPermissionOnAnyone("p2", project); | |||
@@ -863,7 +754,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_project() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project); | |||
db.users().insertProjectPermissionOnUser(db.users().insertUser(), UserRole.ISSUE_ADMIN, project); | |||
@@ -872,7 +763,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_project_through_group_membership() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
db.users().insertProjectPermissionOnGroup(group1, UserRole.CODEVIEWER, project); | |||
db.users().insertProjectPermissionOnGroup(group2, UserRole.ISSUE_ADMIN, project); | |||
db.users().insertMember(group1, user); | |||
@@ -882,7 +773,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_private_project_through_all_possible_configurations() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project); | |||
db.users().insertProjectPermissionOnGroup(group1, UserRole.USER, project); | |||
db.users().insertMember(group1, user); | |||
@@ -892,7 +783,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_public_project_through_all_possible_configurations() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
db.users().insertProjectPermissionOnUser(user, "p1", project); | |||
db.users().insertProjectPermissionOnAnyone("p2", project); | |||
db.users().insertProjectPermissionOnGroup(group1, "p3", project); | |||
@@ -903,8 +794,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedProjectUuids_filters_projects_authorized_to_logged_in_user_by_direct_permission() { | |||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
UserDto user = db.users().insertUser(); | |||
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); | |||
@@ -917,10 +808,10 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedProjectUuids_filters_projects_authorized_to_logged_in_user_by_group_permission() { | |||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
UserDto user = db.users().insertUser(); | |||
GroupDto group = db.users().insertGroup(organization); | |||
GroupDto group = db.users().insertGroup(); | |||
db.users().insertMember(group, user); | |||
db.users().insertProjectPermissionOnGroup(group, UserRole.ADMIN, privateProject); | |||
@@ -933,7 +824,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedProjectUuids_returns_empty_list_if_input_is_empty() { | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
UserDto user = db.users().insertUser(); | |||
assertThat(underTest.keepAuthorizedProjectUuids(dbSession, Collections.emptySet(), user.getUuid(), UserRole.USER)) | |||
@@ -946,7 +837,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedProjectUuids_returns_empty_list_if_input_does_not_reference_existing_projects() { | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
UserDto user = db.users().insertUser(); | |||
assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet("does_not_exist"), user.getUuid(), UserRole.USER)) | |||
@@ -955,7 +846,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedProjectUuids_returns_public_projects_if_permission_USER_or_CODEVIEWER() { | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
UserDto user = db.users().insertUser(); | |||
// logged-in user | |||
@@ -977,12 +868,11 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectQualityProfileAdministratorLogins_return_users_with_quality_profile_administrator_permission() { | |||
OrganizationDto organization1 = db.organizations().insert(); | |||
UserDto user1 = db.users().insertUser(withEmail("user1")); | |||
db.users().insertPermissionOnUser(organization1, user1, ADMINISTER_QUALITY_PROFILES); | |||
OrganizationDto organization2 = db.organizations().insert(); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES); | |||
UserDto user2 = db.users().insertUser(withEmail("user2")); | |||
db.users().insertPermissionOnUser(organization2, user2, ADMINISTER_QUALITY_PROFILES); | |||
db.users().insertPermissionOnUser(user2, ADMINISTER_QUALITY_PROFILES); | |||
Set<EmailSubscriberDto> subscribers = underTest.selectQualityProfileAdministratorLogins(dbSession); | |||
@@ -991,13 +881,11 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectQualityProfileAdministratorLogins_return_users_within_quality_profile_administrator_group() { | |||
OrganizationDto organization1 = db.organizations().insert(); | |||
GroupDto qualityProfileAdministratorGroup1 = db.users().insertGroup(organization1); | |||
GroupDto qualityProfileAdministratorGroup1 = db.users().insertGroup(); | |||
db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup1, ADMINISTER_QUALITY_PROFILES); | |||
UserDto user1 = db.users().insertUser(withEmail("user1")); | |||
db.users().insertMember(qualityProfileAdministratorGroup1, user1); | |||
OrganizationDto organization2 = db.organizations().insert(); | |||
GroupDto qualityProfileAdministratorGroup2 = db.users().insertGroup(organization2); | |||
GroupDto qualityProfileAdministratorGroup2 = db.users().insertGroup(); | |||
db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup2, ADMINISTER_QUALITY_PROFILES); | |||
UserDto user2 = db.users().insertUser(withEmail("user2")); | |||
db.users().insertMember(qualityProfileAdministratorGroup2, user2); | |||
@@ -1009,9 +897,8 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectQualityProfileAdministratorLogins_does_not_return_non_quality_profile_administrator() { | |||
OrganizationDto organization1 = db.organizations().insert(); | |||
UserDto user1 = db.users().insertUser(withEmail("user1")); | |||
db.users().insertPermissionOnUser(organization1, user1, ADMINISTER); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER); | |||
db.users().insertUser(withoutEmail("user2")); | |||
Set<EmailSubscriberDto> subscribers = underTest.selectQualityProfileAdministratorLogins(dbSession); | |||
@@ -1021,32 +908,31 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectQualityProfileAdministratorLogins_does_not_return_quality_profile_administrator_without_email() { | |||
OrganizationDto organization1 = db.organizations().insert(); | |||
UserDto user1NoEmail = db.users().insertUser(withoutEmail("user1NoEmail")); | |||
db.users().insertPermissionOnUser(organization1, user1NoEmail, ADMINISTER_QUALITY_PROFILES); | |||
db.users().insertPermissionOnUser(user1NoEmail, ADMINISTER_QUALITY_PROFILES); | |||
UserDto user1WithEmail = db.users().insertUser(withEmail("user1WithEmail")); | |||
db.users().insertPermissionOnUser(organization1, user1WithEmail, ADMINISTER_QUALITY_PROFILES); | |||
GroupDto qualityProfileAdministratorGroup1 = db.users().insertGroup(organization1); | |||
db.users().insertPermissionOnUser(user1WithEmail, ADMINISTER_QUALITY_PROFILES); | |||
GroupDto qualityProfileAdministratorGroup1 = db.users().insertGroup(); | |||
db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup1, ADMINISTER_QUALITY_PROFILES); | |||
UserDto user2NoEmail = db.users().insertUser(withoutEmail("user2NoEmail")); | |||
db.users().insertMember(qualityProfileAdministratorGroup1, user2NoEmail); | |||
UserDto user2WithEmail = db.users().insertUser(withEmail("user2WithEmail")); | |||
db.users().insertMember(qualityProfileAdministratorGroup1, user2WithEmail); | |||
OrganizationDto organization2 = db.organizations().insert(); | |||
GroupDto qualityProfileAdministratorGroup2 = db.users().insertGroup(organization2); | |||
GroupDto qualityProfileAdministratorGroup2 = db.users().insertGroup(); | |||
db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup2, ADMINISTER_QUALITY_PROFILES); | |||
UserDto user3NoEmail = db.users().insertUser(withoutEmail("user3NoEmail")); | |||
db.users().insertMember(qualityProfileAdministratorGroup2, user3NoEmail); | |||
UserDto user3WithEmail = db.users().insertUser(withEmail("user3WithEmail")); | |||
db.users().insertMember(qualityProfileAdministratorGroup2, user3WithEmail); | |||
UserDto user4NoEmail = db.users().insertUser(withoutEmail("user4NoEmail")); | |||
db.users().insertPermissionOnUser(organization1, user4NoEmail, ADMINISTER_QUALITY_PROFILES); | |||
db.users().insertPermissionOnUser(user4NoEmail, ADMINISTER_QUALITY_PROFILES); | |||
UserDto user4WithEmail = db.users().insertUser(withEmail("user4WithEmail")); | |||
db.users().insertPermissionOnUser(organization1, user4WithEmail, ADMINISTER_QUALITY_PROFILES); | |||
db.users().insertPermissionOnUser(user4WithEmail, ADMINISTER_QUALITY_PROFILES); | |||
UserDto user5NoEmail = db.users().insertUser(withoutEmail("user5NoEmail")); | |||
db.users().insertPermissionOnUser(organization2, user5NoEmail, ADMINISTER_QUALITY_PROFILES); | |||
db.users().insertPermissionOnUser(user5NoEmail, ADMINISTER_QUALITY_PROFILES); | |||
UserDto user5WithEmail = db.users().insertUser(withEmail("user5WithEmail")); | |||
db.users().insertPermissionOnUser(organization2, user5WithEmail, ADMINISTER_QUALITY_PROFILES); | |||
db.users().insertPermissionOnUser(user5WithEmail, ADMINISTER_QUALITY_PROFILES); | |||
db.users().insertUser(withoutEmail("user6NoEmail")); | |||
db.users().insertUser(withEmail("user6WithEmail")); | |||
@@ -1063,20 +949,19 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectGlobalAdministerEmailSubscribers_returns_only_global_administers() { | |||
OrganizationDto organization1 = db.organizations().insert(); | |||
UserDto user1 = db.users().insertUser(withEmail("user1")); | |||
db.users().insertPermissionOnUser(organization1, user1, ADMINISTER); | |||
OrganizationDto organization2 = db.organizations().insert(); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER); | |||
UserDto user2 = db.users().insertUser(withEmail("user2")); | |||
db.users().insertPermissionOnUser(organization2, user2, ADMINISTER); | |||
db.users().insertPermissionOnUser(user2, ADMINISTER); | |||
// user3 is global administer via a group | |||
GroupDto administratorGroup2 = db.users().insertGroup(organization2); | |||
GroupDto administratorGroup2 = db.users().insertGroup(); | |||
db.users().insertPermissionOnGroup(administratorGroup2, ADMINISTER); | |||
UserDto user3 = db.users().insertUser(withEmail("user3")); | |||
db.users().insertMember(administratorGroup2, user3); | |||
// user4 has another global permission via a group | |||
GroupDto administratorGroup3 = db.users().insertGroup(organization2); | |||
GroupDto administratorGroup3 = db.users().insertGroup(); | |||
db.users().insertPermissionOnGroup(administratorGroup3, QUALITY_PROFILE_ADMIN); | |||
UserDto user4 = db.users().insertUser(withEmail("user4")); | |||
db.users().insertMember(administratorGroup3, user4); | |||
@@ -1085,11 +970,11 @@ public class AuthorizationDaoTest { | |||
// user5 is only project level administer | |||
UserDto user5 = db.users().insertUser(withEmail("user5")); | |||
// db.users().insertPermissionOnUser(organization1, user5, ADMINISTER); | |||
// db.users().insertPermissionOnUser(user5, ADMINISTER); | |||
db.users().insertProjectPermissionOnUser(user5, "admin", project); | |||
// user6 has other global permission | |||
UserDto user6 = db.users().insertUser(withEmail("user6")); | |||
db.users().insertPermissionOnUser(organization1, user6, ADMINISTER_QUALITY_PROFILES); | |||
db.users().insertPermissionOnUser(user6, ADMINISTER_QUALITY_PROFILES); | |||
// user7 has no permission | |||
db.users().insertUser(withEmail("user7")); | |||
@@ -1103,21 +988,19 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectGlobalAdministerEmailSubscribers_ignores_global_administers_without_email() { | |||
OrganizationDto organization1 = db.organizations().insert(); | |||
// user1 and user1NoEmail are global administers on org1 | |||
// user1 and user1NoEmail are global administers | |||
UserDto user1 = db.users().insertUser(withEmail("user1")); | |||
db.users().insertPermissionOnUser(organization1, user1, ADMINISTER); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER); | |||
UserDto user1NoEmail = db.users().insertUser(withoutEmail("user1NoEmail")); | |||
db.users().insertPermissionOnUser(organization1, user1NoEmail, ADMINISTER); | |||
// user2 and user2NoEmail are global administers on org2 | |||
OrganizationDto organization2 = db.organizations().insert(); | |||
db.users().insertPermissionOnUser(user1NoEmail, ADMINISTER); | |||
// user2 and user2NoEmail are global administers | |||
UserDto user2 = db.users().insertUser(withEmail("user2")); | |||
db.users().insertPermissionOnUser(organization2, user2, ADMINISTER); | |||
db.users().insertPermissionOnUser(user2, ADMINISTER); | |||
UserDto user2NoEmail = db.users().insertUser(withoutEmail("user2NoEmail")); | |||
db.users().insertPermissionOnUser(organization2, user2NoEmail, ADMINISTER); | |||
db.users().insertPermissionOnUser(user2NoEmail, ADMINISTER); | |||
// user3 and user3NoEmail are global administer via a group | |||
GroupDto administratorGroup2 = db.users().insertGroup(organization2); | |||
GroupDto administratorGroup2 = db.users().insertGroup(); | |||
db.users().insertPermissionOnGroup(administratorGroup2, ADMINISTER); | |||
UserDto user3 = db.users().insertUser(withEmail("user3")); | |||
db.users().insertMember(administratorGroup2, user3); | |||
@@ -1134,7 +1017,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedLoginsOnProject_return_correct_users_on_public_project() { | |||
ComponentDto project = db.components().insertPublicProject(organization); | |||
ComponentDto project = db.components().insertPublicProject(); | |||
UserDto user1 = db.users().insertUser(); | |||
@@ -1144,7 +1027,7 @@ public class AuthorizationDaoTest { | |||
// admin2 with ADMIN role through group | |||
UserDto admin2 = db.users().insertUser(); | |||
GroupDto adminGroup = db.users().insertGroup(organization, "ADMIN"); | |||
GroupDto adminGroup = db.users().insertGroup("ADMIN"); | |||
db.users().insertMember(adminGroup, admin2); | |||
db.users().insertProjectPermissionOnGroup(adminGroup, UserRole.ADMIN, project); | |||
@@ -1158,10 +1041,10 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedLoginsOnProject_return_correct_users_on_private_project() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
GroupDto userGroup = db.users().insertGroup(organization, "USERS"); | |||
GroupDto adminGroup = db.users().insertGroup(organization, "ADMIN"); | |||
GroupDto userGroup = db.users().insertGroup("USERS"); | |||
GroupDto adminGroup = db.users().insertGroup("ADMIN"); | |||
db.users().insertProjectPermissionOnGroup(userGroup, UserRole.USER, project); | |||
db.users().insertProjectPermissionOnGroup(adminGroup, UserRole.ADMIN, project); | |||
@@ -1200,11 +1083,11 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void keepAuthorizedLoginsOnProject_return_correct_users_on_branch() { | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
ComponentDto branch = db.components().insertProjectBranch(project, c -> c.setBranchType(BranchType.BRANCH)); | |||
GroupDto userGroup = db.users().insertGroup(organization, "USERS"); | |||
GroupDto adminGroup = db.users().insertGroup(organization, "ADMIN"); | |||
GroupDto userGroup = db.users().insertGroup("USERS"); | |||
GroupDto adminGroup = db.users().insertGroup("ADMIN"); | |||
db.users().insertProjectPermissionOnGroup(userGroup, UserRole.USER, project); | |||
db.users().insertProjectPermissionOnGroup(adminGroup, UserRole.ADMIN, project); | |||
@@ -37,16 +37,14 @@ public class PermissionQueryTest { | |||
@Test | |||
public void create_query() { | |||
OrganizationDto organization = newOrganizationDto(); | |||
ComponentDto project= newPublicProjectDto(organization); | |||
ComponentDto project = newPublicProjectDto(organization); | |||
PermissionQuery query = PermissionQuery.builder() | |||
.setComponent(project) | |||
.setOrganizationUuid("ORGANIZATION_UUID") | |||
.setPermission("user") | |||
.setSearchQuery("sonar") | |||
.build(); | |||
assertThat(query.getComponentUuid()).isEqualTo(project.uuid()); | |||
assertThat(query.getOrganizationUuid()).isEqualTo("ORGANIZATION_UUID"); | |||
assertThat(query.getPermission()).isEqualTo("user"); | |||
assertThat(query.getSearchQuery()).isEqualTo("sonar"); | |||
} | |||
@@ -54,7 +52,6 @@ public class PermissionQueryTest { | |||
@Test | |||
public void create_query_with_pagination() { | |||
PermissionQuery query = PermissionQuery.builder() | |||
.setOrganizationUuid("ORGANIZATION_UUID") | |||
.setPageSize(10) | |||
.setPageIndex(5) | |||
.build(); | |||
@@ -66,28 +63,18 @@ public class PermissionQueryTest { | |||
@Test | |||
public void create_query_with_default_pagination() { | |||
PermissionQuery query = PermissionQuery.builder() | |||
.setOrganizationUuid("ORGANIZATION_UUID") | |||
.build(); | |||
assertThat(query.getPageOffset()).isEqualTo(0); | |||
assertThat(query.getPageSize()).isEqualTo(20); | |||
} | |||
@Test | |||
public void fail_when_no_organization() { | |||
expectedException.expect(NullPointerException.class); | |||
expectedException.expectMessage("Organization UUID cannot be null"); | |||
PermissionQuery.builder().setOrganizationUuid(null).build(); | |||
} | |||
@Test | |||
public void fail_when_search_query_length_is_less_than_3_characters() { | |||
expectedException.expect(IllegalArgumentException.class); | |||
expectedException.expectMessage("Search query should contains at least 3 characters"); | |||
PermissionQuery.builder() | |||
.setOrganizationUuid("ORGANIZATION_UUID") | |||
.setSearchQuery("so") | |||
.build(); | |||
} |
@@ -45,7 +45,6 @@ import static java.util.Collections.singletonList; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.assertj.core.api.Assertions.tuple; | |||
import static org.sonar.api.web.UserRole.ADMIN; | |||
import static org.sonar.api.web.UserRole.CODEVIEWER; | |||
import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | |||
import static org.sonar.api.web.UserRole.USER; | |||
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; | |||
@@ -68,109 +67,103 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void select_global_permissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
OrganizationDto org2 = db.organizations().insert(); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"), organization, org2); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"), organization, org2); | |||
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com"), organization); | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
UserPermissionDto global1 = addGlobalPermission(organization, SYSTEM_ADMIN, user1); | |||
UserPermissionDto global2 = addGlobalPermission(organization, SYSTEM_ADMIN, user2); | |||
UserPermissionDto global3 = addGlobalPermission(organization, PROVISIONING, user2); | |||
UserPermissionDto project1Perm = addProjectPermission(organization, USER, user3, project); | |||
// permissions on another organization, to be excluded | |||
UserPermissionDto org2Global1 = addGlobalPermission(org2, SYSTEM_ADMIN, user1); | |||
UserPermissionDto org2Global2 = addGlobalPermission(org2, PROVISIONING, user2); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com")); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com")); | |||
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com")); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
UserPermissionDto global1 = addGlobalPermission(SYSTEM_ADMIN, user1); | |||
UserPermissionDto global2 = addGlobalPermission(SYSTEM_ADMIN, user2); | |||
UserPermissionDto global3 = addGlobalPermission(PROVISIONING, user2); | |||
UserPermissionDto project1Perm = addProjectPermission(USER, user3, project); | |||
// global permissions of users who has at least one global permission, ordered by user name then permission | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().build(); | |||
PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().build(); | |||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global3, global1); | |||
// default query returns all users, whatever their permissions nor organizations | |||
// (that's a non-sense, but still this is required for api/permissions/groups | |||
// when filtering users by name) | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid(), user3.getUuid()), global2, global3, org2Global2, global1, org2Global1, project1Perm); | |||
query = PermissionQuery.builder().build(); | |||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid(), user3.getUuid()), global2, global3, global1, project1Perm); | |||
// global permissions "admin" | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setPermission(SYSTEM_ADMIN).build(); | |||
query = PermissionQuery.builder().setPermission(SYSTEM_ADMIN).build(); | |||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global1); | |||
// empty if nobody has the specified global permission | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setPermission("missing").build(); | |||
query = PermissionQuery.builder().setPermission("missing").build(); | |||
expectPermissions(query, emptyList()); | |||
// search by user name (matches 2 users) | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setSearchQuery("mari").build(); | |||
query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("mari").build(); | |||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global3, global1); | |||
// search by user login | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setSearchQuery("ogin2").build(); | |||
query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("ogin2").build(); | |||
expectPermissions(query, singletonList(user2.getUuid()), global2, global3); | |||
// search by user email | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setSearchQuery("mail2").build(); | |||
query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("mail2").build(); | |||
expectPermissions(query, singletonList(user2.getUuid()), global2, global3); | |||
// search by user name (matches 2 users) and global permission | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("Mari").setPermission(PROVISIONING).build(); | |||
query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(PROVISIONING).build(); | |||
expectPermissions(query, singletonList(user2.getUuid()), global3); | |||
// search by user name (no match) | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("Unknown").build(); | |||
query = PermissionQuery.builder().setSearchQuery("Unknown").build(); | |||
expectPermissions(query, emptyList()); | |||
} | |||
@Test | |||
public void select_project_permissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"), organization); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"), organization); | |||
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com"), organization); | |||
addGlobalPermission(organization, SYSTEM_ADMIN, user1); | |||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||
UserPermissionDto perm1 = addProjectPermission(organization, USER, user1, project1); | |||
UserPermissionDto perm2 = addProjectPermission(organization, ISSUE_ADMIN, user1, project1); | |||
UserPermissionDto perm3 = addProjectPermission(organization, ISSUE_ADMIN, user2, project1); | |||
addProjectPermission(organization, ISSUE_ADMIN, user3, project2); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com")); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com")); | |||
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com")); | |||
addGlobalPermission(SYSTEM_ADMIN, user1); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
UserPermissionDto perm1 = addProjectPermission(USER, user1, project1); | |||
UserPermissionDto perm2 = addProjectPermission(ISSUE_ADMIN, user1, project1); | |||
UserPermissionDto perm3 = addProjectPermission(ISSUE_ADMIN, user2, project1); | |||
addProjectPermission(ISSUE_ADMIN, user3, project2); | |||
// project permissions of users who has at least one permission on this project | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setComponent(project1).build(); | |||
PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().setComponent(project1).build(); | |||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2, perm1); | |||
// empty if nobody has the specified global permission | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setPermission("missing").setComponent(project1).build(); | |||
query = PermissionQuery.builder().setPermission("missing").setComponent(project1).build(); | |||
expectPermissions(query, emptyList()); | |||
// search by user name (matches 2 users), users with at least one permission | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("Mari").withAtLeastOnePermission().setComponent(project1).build(); | |||
query = PermissionQuery.builder().setSearchQuery("Mari").withAtLeastOnePermission().setComponent(project1).build(); | |||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2, perm1); | |||
// search by user name (matches 2 users) and project permission | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("Mari").setPermission(ISSUE_ADMIN).setComponent(project1).build(); | |||
query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(ISSUE_ADMIN).setComponent(project1).build(); | |||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2); | |||
// search by user name (no match) | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("Unknown").setComponent(project1).build(); | |||
query = PermissionQuery.builder().setSearchQuery("Unknown").setComponent(project1).build(); | |||
expectPermissions(query, emptyList()); | |||
// permissions of unknown project | |||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setComponent(newPrivateProjectDto(organization)).withAtLeastOnePermission().build(); | |||
query = PermissionQuery.builder().setComponent(newPrivateProjectDto(db.getDefaultOrganization())).withAtLeastOnePermission().build(); | |||
expectPermissions(query, emptyList()); | |||
} | |||
@Test | |||
public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com"), organization); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com"), organization); | |||
UserDto user3 = insertUser(u -> u.setLogin("login3").setName("Z").setEmail("zanother3@another.com"), organization); | |||
UserDto user4 = insertUser(u -> u.setLogin("login4").setName("A").setEmail("zanother3@another.com"), organization); | |||
addGlobalPermission(organization, SYSTEM_ADMIN, user1); | |||
addGlobalPermission(organization, QUALITY_PROFILE_ADMIN, user2); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com")); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com")); | |||
UserDto user3 = insertUser(u -> u.setLogin("login3").setName("Z").setEmail("zanother3@another.com")); | |||
UserDto user4 = insertUser(u -> u.setLogin("login4").setName("A").setEmail("zanother3@another.com")); | |||
addGlobalPermission(SYSTEM_ADMIN, user1); | |||
addGlobalPermission(QUALITY_PROFILE_ADMIN, user2); | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||
PermissionQuery query = PermissionQuery.builder().build(); | |||
assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query)) | |||
.containsExactly(user2.getUuid(), user1.getUuid(), user4.getUuid(), user3.getUuid()); | |||
@@ -178,18 +171,17 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase_when_high_number_of_users_for_global_permissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | |||
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i), organization); | |||
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i)); | |||
// Add permission on project to be sure projects are excluded | |||
db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project); | |||
}); | |||
String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1); | |||
UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin); | |||
addGlobalPermission(organization, SYSTEM_ADMIN, lastUser); | |||
addGlobalPermission(SYSTEM_ADMIN, lastUser); | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||
PermissionQuery query = PermissionQuery.builder().build(); | |||
assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query)) | |||
.hasSize(DEFAULT_PAGE_SIZE) | |||
@@ -198,20 +190,19 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase_when_high_number_of_users_for_project_permissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | |||
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i), organization); | |||
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i)); | |||
// Add global permission to be sure they are excluded | |||
addGlobalPermission(organization, SYSTEM_ADMIN, user); | |||
addGlobalPermission(SYSTEM_ADMIN, user); | |||
}); | |||
String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1); | |||
UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin); | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
db.users().insertProjectPermissionOnUser(lastUser, SCAN.getKey(), project); | |||
PermissionQuery query = PermissionQuery.builder() | |||
.setComponent(project) | |||
.setOrganizationUuid(organization.getUuid()).build(); | |||
.build(); | |||
assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query)) | |||
.hasSize(DEFAULT_PAGE_SIZE) | |||
@@ -220,16 +211,15 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void selectUserUuidsByQuery_is_not_ordering_by_number_of_permissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com"), organization); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com"), organization); | |||
addGlobalPermission(organization, SYSTEM_ADMIN, user1); | |||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||
addProjectPermission(organization, USER, user2, project1); | |||
addProjectPermission(organization, USER, user1, project1); | |||
addProjectPermission(organization, ADMIN, user1, project1); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com")); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com")); | |||
addGlobalPermission(SYSTEM_ADMIN, user1); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
addProjectPermission(USER, user2, project1); | |||
addProjectPermission(USER, user1, project1); | |||
addProjectPermission(ADMIN, user1, project1); | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||
PermissionQuery query = PermissionQuery.builder().build(); | |||
// Even if user1 has 3 permissions, the name is used to order | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)) | |||
@@ -238,16 +228,15 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void countUsersByProjectPermission() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(organization); | |||
UserDto user2 = insertUser(organization); | |||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||
addGlobalPermission(organization, SYSTEM_ADMIN, user1); | |||
addProjectPermission(organization, USER, user1, project1); | |||
addProjectPermission(organization, ISSUE_ADMIN, user1, project1); | |||
addProjectPermission(organization, ISSUE_ADMIN, user2, project1); | |||
addProjectPermission(organization, ISSUE_ADMIN, user2, project2); | |||
UserDto user1 = insertUser(); | |||
UserDto user2 = insertUser(); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
addGlobalPermission(SYSTEM_ADMIN, user1); | |||
addProjectPermission(USER, user1, project1); | |||
addProjectPermission(ISSUE_ADMIN, user1, project1); | |||
addProjectPermission(ISSUE_ADMIN, user2, project1); | |||
addProjectPermission(ISSUE_ADMIN, user2, project2); | |||
// no projects -> return empty list | |||
assertThat(underTest.countUsersByProjectPermission(dbSession, emptyList())).isEmpty(); | |||
@@ -266,57 +255,47 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void selectUserUuidsByQuery() { | |||
OrganizationDto org1 = db.organizations().insert(); | |||
OrganizationDto org2 = db.organizations().insert(); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"), org1, org2); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"), org1, org2); | |||
ComponentDto project1 = db.components().insertPrivateProject(org1); | |||
ComponentDto project2 = db.components().insertPrivateProject(org2); | |||
addProjectPermission(org1, USER, user1, project1); | |||
addProjectPermission(org1, USER, user2, project1); | |||
addProjectPermission(org2, USER, user1, project2); | |||
addProjectPermission(org1, ISSUE_ADMIN, user2, project1); | |||
addProjectPermission(org2, ISSUE_ADMIN, user2, project2); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com")); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com")); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
addProjectPermission(USER, user1, project1); | |||
addProjectPermission(USER, user2, project1); | |||
addProjectPermission(ISSUE_ADMIN, user2, project1); | |||
// logins are ordered by user name: user2 ("Marie") then user1 ("Marius") | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(project1.getOrganizationUuid()).setComponent(project1).withAtLeastOnePermission().build(); | |||
PermissionQuery query = PermissionQuery.builder().setComponent(project1).withAtLeastOnePermission().build(); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user2.getUuid(), user1.getUuid()); | |||
query = PermissionQuery.builder().setOrganizationUuid("anotherOrg").setComponent(project1).withAtLeastOnePermission().build(); | |||
query = PermissionQuery.builder().setComponent(project2).withAtLeastOnePermission().build(); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).isEmpty(); | |||
// on a project without permissions | |||
query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setComponent(newPrivateProjectDto(org1)).withAtLeastOnePermission().build(); | |||
query = PermissionQuery.builder().setComponent(newPrivateProjectDto(db.getDefaultOrganization())).withAtLeastOnePermission().build(); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).isEmpty(); | |||
// search all users whose name matches "mar", whatever the permissions | |||
query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setSearchQuery("mar").build(); | |||
query = PermissionQuery.builder().setSearchQuery("mar").build(); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user2.getUuid(), user1.getUuid()); | |||
// search all users whose name matches "mariu", whatever the permissions | |||
query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setSearchQuery("mariu").build(); | |||
query = PermissionQuery.builder().setSearchQuery("mariu").build(); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user1.getUuid()); | |||
// search all users whose name matches "mariu", whatever the permissions | |||
query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setSearchQuery("mariu").setComponent(project1).build(); | |||
query = PermissionQuery.builder().setSearchQuery("mariu").setComponent(project1).build(); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user1.getUuid()); | |||
// search all users whose name matches "mariu", whatever the organization | |||
query = PermissionQuery.builder().setOrganizationUuid("missingOrg").setSearchQuery("mariu").build(); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).isEmpty(); | |||
} | |||
@Test | |||
public void selectUserUuidsByQueryAndScope_with_organization_scope() { | |||
OrganizationDto org1 = db.organizations().insert(); | |||
OrganizationDto org2 = db.organizations().insert(); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"), org1, org2); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"), org1, org2); | |||
ComponentDto project1 = db.components().insertPrivateProject(org1); | |||
ComponentDto project2 = db.components().insertPrivateProject(org2); | |||
addProjectPermission(org1, USER, user1, project1); | |||
addGlobalPermission(org1, PROVISIONING, user1); | |||
addProjectPermission(org2, ISSUE_ADMIN, user2, project2); | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).build(); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com")); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com")); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
addProjectPermission(USER, user1, project1); | |||
addGlobalPermission(PROVISIONING, user1); | |||
addProjectPermission(ISSUE_ADMIN, user2, project2); | |||
PermissionQuery query = PermissionQuery.builder().build(); | |||
List<String> result = underTest.selectUserUuidsByQueryAndScope(dbSession, query); | |||
@@ -326,17 +305,14 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void selectUserUuidsByQueryAndScope_with_project_scope() { | |||
OrganizationDto org1 = db.organizations().insert(); | |||
OrganizationDto org2 = db.organizations().insert(); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"), org1, org2); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"), org1, org2); | |||
ComponentDto project1 = db.components().insertPrivateProject(org1); | |||
ComponentDto project2 = db.components().insertPrivateProject(org2); | |||
addProjectPermission(org1, USER, user1, project1); | |||
addGlobalPermission(org1, PROVISIONING, user1); | |||
addProjectPermission(org2, ISSUE_ADMIN, user2, project2); | |||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com")); | |||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com")); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
addProjectPermission(USER, user1, project1); | |||
addGlobalPermission(PROVISIONING, user1); | |||
addProjectPermission(ISSUE_ADMIN, user2, project2); | |||
PermissionQuery query = PermissionQuery.builder() | |||
.setOrganizationUuid(org1.getUuid()) | |||
.setComponent(project1) | |||
.build(); | |||
@@ -348,87 +324,79 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void selectUserUuidsByQuery_is_paginated() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
List<String> userUuids = new ArrayList<>(); | |||
for (int i = 0; i < 10; i++) { | |||
String name = "user-" + i; | |||
UserDto user = insertUser(u -> u.setName(name), organization); | |||
addGlobalPermission(organization, PROVISIONING, user); | |||
addGlobalPermission(organization, SYSTEM_ADMIN, user); | |||
UserDto user = insertUser(u -> u.setName(name)); | |||
addGlobalPermission(PROVISIONING, user); | |||
addGlobalPermission(SYSTEM_ADMIN, user); | |||
userUuids.add(user.getUuid()); | |||
} | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().setOrganizationUuid(organization.getUuid()) | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder() | |||
.setPageSize(3).setPageIndex(1).build())) | |||
.containsExactly(userUuids.get(0), userUuids.get(1), userUuids.get(2)); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().setOrganizationUuid(organization.getUuid()) | |||
.containsExactly(userUuids.get(0), userUuids.get(1), userUuids.get(2)); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder() | |||
.setPageSize(2).setPageIndex(3).build())) | |||
.containsExactly(userUuids.get(4), userUuids.get(5)); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().setOrganizationUuid(organization.getUuid()) | |||
.containsExactly(userUuids.get(4), userUuids.get(5)); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder() | |||
.setPageSize(50).setPageIndex(1).build())) | |||
.hasSize(10); | |||
.hasSize(10); | |||
} | |||
@Test | |||
public void selectUserUuidsByQuery_is_sorted_by_insensitive_name() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(u -> u.setName("user1"), organization); | |||
addGlobalPermission(organization, PROVISIONING, user1); | |||
UserDto user3 = insertUser(u -> u.setName("user3"), organization); | |||
addGlobalPermission(organization, SYSTEM_ADMIN, user3); | |||
UserDto user2 = insertUser(u -> u.setName("User2"), organization); | |||
addGlobalPermission(organization, PROVISIONING, user2); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build())) | |||
UserDto user1 = insertUser(u -> u.setName("user1")); | |||
addGlobalPermission(PROVISIONING, user1); | |||
UserDto user3 = insertUser(u -> u.setName("user3")); | |||
addGlobalPermission(SYSTEM_ADMIN, user3); | |||
UserDto user2 = insertUser(u -> u.setName("User2")); | |||
addGlobalPermission(PROVISIONING, user2); | |||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().build())) | |||
.containsExactly(user1.getUuid(), user2.getUuid(), user3.getUuid()); | |||
} | |||
@Test | |||
public void deleteGlobalPermission() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(organization); | |||
UserDto user2 = insertUser(organization); | |||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||
addGlobalPermission(organization, "perm1", user1); | |||
addGlobalPermission(organization, "perm2", user1); | |||
addProjectPermission(organization, "perm1", user1, project1); | |||
addProjectPermission(organization, "perm3", user2, project1); | |||
addProjectPermission(organization, "perm4", user2, project2); | |||
UserDto user1 = insertUser(); | |||
UserDto user2 = insertUser(); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
addGlobalPermission("perm1", user1); | |||
addGlobalPermission("perm2", user1); | |||
addProjectPermission("perm1", user1, project1); | |||
addProjectPermission("perm3", user2, project1); | |||
addProjectPermission("perm4", user2, project2); | |||
// user2 does not have global permissions -> do nothing | |||
underTest.deleteGlobalPermission(dbSession, user2.getUuid(), "perm1", db.getDefaultOrganization().getUuid()); | |||
underTest.deleteGlobalPermission(dbSession, user2.getUuid(), "perm1"); | |||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5); | |||
// global permission is not granted -> do nothing | |||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "notGranted", db.getDefaultOrganization().getUuid()); | |||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "notGranted"); | |||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5); | |||
// permission is on project -> do nothing | |||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "perm3", db.getDefaultOrganization().getUuid()); | |||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5); | |||
// global permission on another organization-> do nothing | |||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "notGranted", "anotherOrg"); | |||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "perm3"); | |||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5); | |||
// global permission exists -> delete it, but not the project permission with the same name ! | |||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "perm1", organization.getUuid()); | |||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "perm1"); | |||
assertThat(db.countSql(dbSession, "select count(uuid) from user_roles where role='perm1' and component_uuid is null")).isEqualTo(0); | |||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(4); | |||
} | |||
@Test | |||
public void deleteProjectPermission() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(organization); | |||
UserDto user2 = insertUser(organization); | |||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||
addGlobalPermission(organization, "perm", user1); | |||
addProjectPermission(organization, "perm", user1, project1); | |||
addProjectPermission(organization, "perm", user1, project2); | |||
addProjectPermission(organization, "perm", user2, project1); | |||
UserDto user1 = insertUser(); | |||
UserDto user2 = insertUser(); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
addGlobalPermission("perm", user1); | |||
addProjectPermission("perm", user1, project1); | |||
addProjectPermission("perm", user1, project2); | |||
addProjectPermission("perm", user2, project1); | |||
// no such provision -> ignore | |||
underTest.deleteProjectPermission(dbSession, user1.getUuid(), "anotherPerm", project1.uuid()); | |||
@@ -441,15 +409,14 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void deleteProjectPermissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(organization); | |||
UserDto user2 = insertUser(organization); | |||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||
addGlobalPermission(organization, "perm", user1); | |||
addProjectPermission(organization, "perm", user1, project1); | |||
addProjectPermission(organization, "perm", user2, project1); | |||
addProjectPermission(organization, "perm", user1, project2); | |||
UserDto user1 = insertUser(); | |||
UserDto user2 = insertUser(); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
addGlobalPermission("perm", user1); | |||
addProjectPermission("perm", user1, project1); | |||
addProjectPermission("perm", user2, project1); | |||
addProjectPermission("perm", user1, project2); | |||
underTest.deleteProjectPermissions(dbSession, project1.uuid()); | |||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(2); | |||
@@ -458,37 +425,34 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void selectGlobalPermissionsOfUser() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(organization); | |||
UserDto user2 = insertUser(organization); | |||
UserDto user3 = insertUser(organization); | |||
OrganizationDto org = db.organizations().insert(); | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
addGlobalPermission(db.getDefaultOrganization(), "perm1", user1); | |||
addGlobalPermission(org, "perm2", user2); | |||
addGlobalPermission(org, "perm3", user1); | |||
addProjectPermission(organization, "perm4", user1, project); | |||
addProjectPermission(organization, "perm5", user1, project); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid(), org.getUuid())).containsOnly("perm3"); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid(), db.getDefaultOrganization().getUuid())).containsOnly("perm1"); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid(), "otherOrg")).isEmpty(); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user3.getUuid(), org.getUuid())).isEmpty(); | |||
UserDto user1 = insertUser(); | |||
UserDto user2 = insertUser(); | |||
UserDto user3 = insertUser(); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
addGlobalPermission("perm1", user1); | |||
addGlobalPermission("perm2", user2); | |||
addGlobalPermission("perm3", user1); | |||
addProjectPermission("perm4", user1, project); | |||
addProjectPermission("perm5", user2, project); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly("perm1", "perm3"); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly("perm2"); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user3.getUuid())).isEmpty(); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, "unknown")).isEmpty(); | |||
} | |||
@Test | |||
public void selectProjectPermissionsOfUser() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(organization); | |||
UserDto user2 = insertUser(organization); | |||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||
ComponentDto project3 = db.components().insertPrivateProject(organization); | |||
addGlobalPermission(organization, "perm1", user1); | |||
addProjectPermission(organization, "perm2", user1, project1); | |||
addProjectPermission(organization, "perm3", user1, project1); | |||
addProjectPermission(organization, "perm4", user1, project2); | |||
addProjectPermission(organization, "perm5", user2, project1); | |||
UserDto user1 = insertUser(); | |||
UserDto user2 = insertUser(); | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
ComponentDto project3 = db.components().insertPrivateProject(); | |||
addGlobalPermission("perm1", user1); | |||
addProjectPermission("perm2", user1, project1); | |||
addProjectPermission("perm3", user1, project1); | |||
addProjectPermission("perm4", user1, project2); | |||
addProjectPermission("perm5", user2, project1); | |||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).containsOnly("perm2", "perm3"); | |||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly("perm4"); | |||
@@ -497,9 +461,8 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void selectGroupUuidsWithPermissionOnProjectBut_returns_empty_if_project_does_not_exist() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto project = randomPublicOrPrivateProject(organization); | |||
UserDto user = insertUser(organization); | |||
ComponentDto project = randomPublicOrPrivateProject(); | |||
UserDto user = insertUser(); | |||
db.users().insertProjectPermissionOnUser(user, "foo", project); | |||
assertThat(underTest.selectUserUuidsWithPermissionOnProjectBut(dbSession, "1234", UserRole.USER)) | |||
@@ -508,10 +471,9 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void selectGroupUuidsWithPermissionOnProjectBut_returns_only_users_of_projects_which_do_not_have_permission() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto project = randomPublicOrPrivateProject(organization); | |||
UserDto user1 = insertUser(organization); | |||
UserDto user2 = insertUser(organization); | |||
ComponentDto project = randomPublicOrPrivateProject(); | |||
UserDto user1 = insertUser(); | |||
UserDto user2 = insertUser(); | |||
db.users().insertProjectPermissionOnUser(user1, "p1", project); | |||
db.users().insertProjectPermissionOnUser(user2, "p2", project); | |||
@@ -525,10 +487,9 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void selectGroupUuidsWithPermissionOnProjectBut_does_not_return_groups_which_have_no_permission_at_all_on_specified_project() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto project = randomPublicOrPrivateProject(organization); | |||
UserDto user1 = insertUser(organization); | |||
UserDto user2 = insertUser(organization); | |||
ComponentDto project = randomPublicOrPrivateProject(); | |||
UserDto user1 = insertUser(); | |||
UserDto user2 = insertUser(); | |||
db.users().insertProjectPermissionOnUser(user1, "p1", project); | |||
db.users().insertProjectPermissionOnUser(user2, "p2", project); | |||
@@ -538,85 +499,11 @@ public class UserPermissionDaoTest { | |||
.containsOnly(user2.getUuid()); | |||
} | |||
@Test | |||
public void deleteByOrganization_does_not_fail_if_table_is_empty() { | |||
underTest.deleteByOrganization(dbSession, "some uuid"); | |||
dbSession.commit(); | |||
} | |||
@Test | |||
public void deleteByOrganization_does_not_fail_if_organization_has_no_user_permission() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
underTest.deleteByOrganization(dbSession, organization.getUuid()); | |||
dbSession.commit(); | |||
} | |||
@Test | |||
public void deleteByOrganization_deletes_all_user_permission_of_specified_organization() { | |||
OrganizationDto organization1 = db.organizations().insert(); | |||
OrganizationDto organization2 = db.organizations().insert(); | |||
OrganizationDto organization3 = db.organizations().insert(); | |||
UserDto user1 = insertUser(organization1, organization2, organization3); | |||
UserDto user2 = insertUser(organization1, organization2, organization3); | |||
UserDto user3 = insertUser(organization1, organization2, organization3); | |||
db.users().insertPermissionOnUser(organization1, user1, "foo"); | |||
db.users().insertPermissionOnUser(organization1, user2, "foo"); | |||
db.users().insertPermissionOnUser(organization1, user2, "bar"); | |||
db.users().insertPermissionOnUser(organization2, user2, "foo"); | |||
db.users().insertPermissionOnUser(organization2, user3, "foo"); | |||
db.users().insertPermissionOnUser(organization2, user3, "bar"); | |||
db.users().insertPermissionOnUser(organization3, user3, "foo"); | |||
db.users().insertPermissionOnUser(organization3, user1, "foo"); | |||
db.users().insertPermissionOnUser(organization3, user1, "bar"); | |||
underTest.deleteByOrganization(dbSession, organization3.getUuid()); | |||
dbSession.commit(); | |||
verifyOrganizationUuidsInTable(organization1.getUuid(), organization2.getUuid()); | |||
underTest.deleteByOrganization(dbSession, organization2.getUuid()); | |||
dbSession.commit(); | |||
verifyOrganizationUuidsInTable(organization1.getUuid()); | |||
underTest.deleteByOrganization(dbSession, organization1.getUuid()); | |||
dbSession.commit(); | |||
verifyOrganizationUuidsInTable(); | |||
} | |||
@Test | |||
public void delete_permissions_of_an_organization_member() { | |||
OrganizationDto organization1 = db.organizations().insert(); | |||
OrganizationDto organization2 = db.organizations().insert(); | |||
ComponentDto project = db.components().insertPrivateProject(organization1); | |||
UserDto user1 = insertUser(organization1, organization2); | |||
UserDto user2 = insertUser(organization1, organization2); | |||
// user 1 permissions | |||
db.users().insertPermissionOnUser(organization1, user1, SCAN); | |||
db.users().insertPermissionOnUser(organization1, user1, ADMINISTER); | |||
db.users().insertProjectPermissionOnUser(user1, UserRole.CODEVIEWER, project); | |||
db.users().insertPermissionOnUser(organization2, user1, SCAN); | |||
// user 2 permission | |||
db.users().insertPermissionOnUser(organization1, user2, SCAN); | |||
db.users().insertProjectPermissionOnUser(user2, UserRole.CODEVIEWER, project); | |||
underTest.deleteOrganizationMemberPermissions(dbSession, organization1.getUuid(), user1.getUuid()); | |||
dbSession.commit(); | |||
// user 1 permissions | |||
assertOrgPermissionsOfUser(user1, organization1); | |||
assertOrgPermissionsOfUser(user1, organization2, SCAN); | |||
assertProjectPermissionsOfUser(user1, project); | |||
// user 2 permissions | |||
assertOrgPermissionsOfUser(user2, organization1, SCAN); | |||
assertProjectPermissionsOfUser(user2, project, CODEVIEWER); | |||
} | |||
@Test | |||
public void deleteByUserId() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(organization); | |||
UserDto user2 = insertUser(organization); | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
UserDto user1 = insertUser(); | |||
UserDto user2 = insertUser(); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
db.users().insertPermissionOnUser(user1, SCAN); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER); | |||
db.users().insertProjectPermissionOnUser(user1, ADMINISTER_QUALITY_GATES.getKey(), project); | |||
@@ -633,53 +520,49 @@ public class UserPermissionDaoTest { | |||
@Test | |||
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_exist() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user = insertUser(organization); | |||
db.users().insertPermissionOnUser(organization, user, SCAN); | |||
UserDto user = insertUser(); | |||
db.users().insertPermissionOnUser(user, SCAN); | |||
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, "124", SCAN.getKey()); | |||
assertThat(deletedCount).isEqualTo(0); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey()); | |||
} | |||
@Test | |||
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_has_no_permission_at_all() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user = insertUser(organization); | |||
db.users().insertPermissionOnUser(organization, user, SCAN); | |||
ComponentDto project = randomPublicOrPrivateProject(organization); | |||
UserDto user = insertUser(); | |||
db.users().insertPermissionOnUser(user, SCAN); | |||
ComponentDto project = randomPublicOrPrivateProject(); | |||
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project.uuid(), SCAN.getKey()); | |||
assertThat(deletedCount).isEqualTo(0); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey()); | |||
} | |||
@Test | |||
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_have_specified_permission() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user = insertUser(organization); | |||
db.users().insertPermissionOnUser(organization, user, SCAN); | |||
ComponentDto project = randomPublicOrPrivateProject(organization); | |||
UserDto user = insertUser(); | |||
db.users().insertPermissionOnUser(user, SCAN); | |||
ComponentDto project = randomPublicOrPrivateProject(); | |||
db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project); | |||
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project.uuid(), "p1"); | |||
assertThat(deletedCount).isEqualTo(0); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user.getUuid(), project.uuid())).containsOnly(SCAN.getKey()); | |||
} | |||
@Test | |||
public void deleteProjectPermissionOfAnyUser_deletes_specified_permission_for_any_user_on_the_specified_component() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user1 = insertUser(organization); | |||
UserDto user2 = insertUser(organization); | |||
db.users().insertPermissionOnUser(organization, user1, SCAN); | |||
db.users().insertPermissionOnUser(organization, user2, SCAN); | |||
ComponentDto project1 = randomPublicOrPrivateProject(organization); | |||
ComponentDto project2 = randomPublicOrPrivateProject(organization); | |||
UserDto user1 = insertUser(); | |||
UserDto user2 = insertUser(); | |||
db.users().insertPermissionOnUser(user1, SCAN); | |||
db.users().insertPermissionOnUser(user2, SCAN); | |||
ComponentDto project1 = randomPublicOrPrivateProject(); | |||
ComponentDto project2 = randomPublicOrPrivateProject(); | |||
db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project1); | |||
db.users().insertProjectPermissionOnUser(user2, SCAN.getKey(), project1); | |||
db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project2); | |||
@@ -689,8 +572,8 @@ public class UserPermissionDaoTest { | |||
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project1.uuid(), SCAN.getKey()); | |||
assertThat(deletedCount).isEqualTo(2); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty(); | |||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty(); | |||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly(SCAN.getKey()); | |||
@@ -699,36 +582,28 @@ public class UserPermissionDaoTest { | |||
deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project2.uuid(), SCAN.getKey()); | |||
assertThat(deletedCount).isEqualTo(2); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(SCAN.getKey()); | |||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty(); | |||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty(); | |||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly(); | |||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(PROVISION_PROJECTS.getKey()); | |||
} | |||
private ComponentDto randomPublicOrPrivateProject(OrganizationDto organization) { | |||
return new Random().nextBoolean() ? db.components().insertPrivateProject(organization) : db.components().insertPublicProject(organization); | |||
private ComponentDto randomPublicOrPrivateProject() { | |||
return new Random().nextBoolean() ? db.components().insertPrivateProject() : db.components().insertPublicProject(); | |||
} | |||
private UserDto insertUser(Consumer<UserDto> populateUserDto, OrganizationDto... organizations) { | |||
private UserDto insertUser(Consumer<UserDto> populateUserDto) { | |||
UserDto user = db.users().insertUser(populateUserDto); | |||
stream(organizations).forEach(organization -> db.organizations().addMember(organization, user)); | |||
return user; | |||
} | |||
private UserDto insertUser(OrganizationDto... organizations) { | |||
private UserDto insertUser() { | |||
UserDto user = db.users().insertUser(); | |||
stream(organizations).forEach(organization -> db.organizations().addMember(organization, user)); | |||
return user; | |||
} | |||
private void verifyOrganizationUuidsInTable(String... organizationUuids) { | |||
assertThat(db.select("select organization_uuid as \"organizationUuid\" from user_roles")) | |||
.extracting((row) -> (String) row.get("organizationUuid")) | |||
.containsOnly(organizationUuids); | |||
} | |||
private void expectCount(List<String> projectUuids, CountPerProjectPermission... expected) { | |||
List<CountPerProjectPermission> got = underTest.countUsersByProjectPermission(dbSession, projectUuids); | |||
assertThat(got).hasSize(expected.length); | |||
@@ -746,11 +621,10 @@ public class UserPermissionDaoTest { | |||
List<UserPermissionDto> currentPermissions = underTest.selectUserPermissionsByQuery(dbSession, query, expectedUserUuids); | |||
assertThat(currentPermissions).hasSize(expectedPermissions.length); | |||
Tuple[] expectedPermissionsAsTuple = Arrays.stream(expectedPermissions) | |||
.map(expectedPermission -> tuple(expectedPermission.getUserUuid(), expectedPermission.getPermission(), expectedPermission.getComponentUuid(), | |||
expectedPermission.getOrganizationUuid())) | |||
.map(expectedPermission -> tuple(expectedPermission.getUserUuid(), expectedPermission.getPermission(), expectedPermission.getComponentUuid())) | |||
.toArray(Tuple[]::new); | |||
assertThat(currentPermissions) | |||
.extracting(UserPermissionDto::getUserUuid, UserPermissionDto::getPermission, UserPermissionDto::getComponentUuid, UserPermissionDto::getOrganizationUuid) | |||
.extracting(UserPermissionDto::getUserUuid, UserPermissionDto::getPermission, UserPermissionDto::getComponentUuid) | |||
.containsOnly(expectedPermissionsAsTuple); | |||
// test method "countUsers()" | |||
@@ -758,16 +632,16 @@ public class UserPermissionDaoTest { | |||
assertThat((long) underTest.countUsersByQuery(dbSession, query)).isEqualTo(distinctUsers); | |||
} | |||
private UserPermissionDto addGlobalPermission(OrganizationDto org, String permission, UserDto user) { | |||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), org.getUuid(), permission, user.getUuid(), null); | |||
underTest.insert(dbSession, dto); | |||
private UserPermissionDto addGlobalPermission(String permission, UserDto user) { | |||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), null); | |||
underTest.insert(dbSession, dto, db.getDefaultOrganization().getUuid()); | |||
db.commit(); | |||
return dto; | |||
} | |||
private UserPermissionDto addProjectPermission(OrganizationDto org, String permission, UserDto user, ComponentDto project) { | |||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), org.getUuid(), permission, user.getUuid(), project.uuid()); | |||
underTest.insert(dbSession, dto); | |||
private UserPermissionDto addProjectPermission(String permission, UserDto user, ComponentDto project) { | |||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), project.uuid()); | |||
underTest.insert(dbSession, dto, db.getDefaultOrganization().getUuid()); | |||
db.commit(); | |||
return dto; | |||
} | |||
@@ -782,10 +656,10 @@ public class UserPermissionDaoTest { | |||
assertThat(db.countSql(dbSession, "select count(uuid) from user_roles where component_uuid='" + project.uuid() + "'")).isEqualTo(0); | |||
} | |||
private void assertOrgPermissionsOfUser(UserDto user, OrganizationDto organization, OrganizationPermission... permissions) { | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid(), organization.getUuid()).stream() | |||
private void assertGlobalPermissionsOfUser(UserDto user, OrganizationPermission... permissions) { | |||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid()).stream() | |||
.map(OrganizationPermission::fromKey)) | |||
.containsOnly(permissions); | |||
.containsOnly(permissions); | |||
} | |||
private void assertProjectPermissionsOfUser(UserDto user, ComponentDto project, String... permissions) { |
@@ -28,7 +28,6 @@ import org.sonar.api.utils.System2; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.PermissionQuery; | |||
import org.sonar.db.user.GroupDto; | |||
@@ -53,68 +52,65 @@ public class GroupWithPermissionTemplateDaoTest { | |||
@Test | |||
public void select_group_names_by_query_and_template() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto group1 = db.users().insertGroup(organization, "Group-1"); | |||
GroupDto group2 = db.users().insertGroup(organization, "Group-2"); | |||
GroupDto group3 = db.users().insertGroup(organization, "Group-3"); | |||
GroupDto group1 = db.users().insertGroup("Group-1"); | |||
GroupDto group2 = db.users().insertGroup("Group-2"); | |||
GroupDto group3 = db.users().insertGroup("Group-3"); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER); | |||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN); | |||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING); | |||
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate(organization); | |||
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate(); | |||
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER); | |||
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder(), organization, template)) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder(), template)) | |||
.containsOnly("Group-1", "Group-2", "Group-3", "Anyone"); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission(), organization, template)) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission(), template)) | |||
.containsOnly("Group-1", "Group-2"); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPermission(USER), organization, template)) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPermission(USER), template)) | |||
.containsOnly("Group-1"); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPermission(USER), organization, anotherTemplate)) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPermission(USER), anotherTemplate)) | |||
.containsOnly("Anyone"); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("groU"), organization, template)) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("groU"), template)) | |||
.containsOnly("Group-1", "Group-2", "Group-3"); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("nYo"), organization, template)) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("nYo"), template)) | |||
.containsOnly("Anyone"); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("p-2"), organization, template)) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("p-2"), template)) | |||
.containsOnly("Group-2"); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().build(), organization, "123")) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission().build(), "123")) | |||
.isEmpty(); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("unknown"), organization, template)) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("unknown"), template)) | |||
.isEmpty(); | |||
} | |||
@Test | |||
public void selectGroupNamesByQueryAndTemplate_is_ordering_results_by_groups_with_permission_then_by_name() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||
GroupDto group1 = db.users().insertGroup(organization, "A"); | |||
GroupDto group2 = db.users().insertGroup(organization, "B"); | |||
GroupDto group3 = db.users().insertGroup(organization, "C"); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||
GroupDto group1 = db.users().insertGroup("A"); | |||
GroupDto group2 = db.users().insertGroup("B"); | |||
GroupDto group3 = db.users().insertGroup("C"); | |||
permissionTemplateDbTester.addGroupToTemplate(template, group3, UserRole.USER); | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||
PermissionQuery query = PermissionQuery.builder().build(); | |||
assertThat(underTest.selectGroupNamesByQueryAndTemplate(db.getSession(), query, template.getUuid())) | |||
.containsExactly("Anyone", group3.getName(), group1.getName(), group2.getName()); | |||
} | |||
@Test | |||
public void selectGroupNamesByQueryAndTemplate_is_order_by_groups_with_permission_then_by_name_when_many_groups() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | |||
db.users().insertGroup(organization, "Group-" + i); | |||
db.users().insertGroup("Group-" + i); | |||
}); | |||
String lastGroupName = "Group-" + (DEFAULT_PAGE_SIZE + 1); | |||
permissionTemplateDbTester.addGroupToTemplate(template, db.users().selectGroup(organization, lastGroupName).get(), UserRole.USER); | |||
permissionTemplateDbTester.addGroupToTemplate(template, db.users().selectGroup(lastGroupName).get(), UserRole.USER); | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||
PermissionQuery query = PermissionQuery.builder().build(); | |||
assertThat(underTest.selectGroupNamesByQueryAndTemplate(db.getSession(), query, template.getUuid())) | |||
.hasSize(DEFAULT_PAGE_SIZE) | |||
.startsWith("Anyone", lastGroupName, "Group-1"); | |||
@@ -122,18 +118,17 @@ public class GroupWithPermissionTemplateDaoTest { | |||
@Test | |||
public void selectGroupNamesByQueryAndTemplate_ignores_other_template_and_is_ordered_by_groups_with_permission_then_by_name_when_many_groups() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||
PermissionTemplateDto otherTemplate = permissionTemplateDbTester.insertTemplate(organization); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||
PermissionTemplateDto otherTemplate = permissionTemplateDbTester.insertTemplate(); | |||
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | |||
GroupDto group = db.users().insertGroup(organization, "Group-" + i); | |||
GroupDto group = db.users().insertGroup("Group-" + i); | |||
permissionTemplateDbTester.addGroupToTemplate(otherTemplate, group, UserRole.USER); | |||
}); | |||
String lastGroupName = "Group-" + (DEFAULT_PAGE_SIZE + 1); | |||
permissionTemplateDbTester.addGroupToTemplate(template, db.users().selectGroup(organization, lastGroupName).get(), UserRole.USER); | |||
permissionTemplateDbTester.addGroupToTemplate(template, db.users().selectGroup(lastGroupName).get(), UserRole.USER); | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||
PermissionQuery query = PermissionQuery.builder().build(); | |||
assertThat(underTest.selectGroupNamesByQueryAndTemplate(db.getSession(), query, template.getUuid())) | |||
.hasSize(DEFAULT_PAGE_SIZE) | |||
.startsWith("Anyone", lastGroupName, "Group-1"); | |||
@@ -141,63 +136,60 @@ public class GroupWithPermissionTemplateDaoTest { | |||
@Test | |||
public void select_group_names_by_query_and_template_is_paginated() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
IntStream.rangeClosed(0, 9).forEach(i -> db.users().insertGroup(organization, i + "-name")); | |||
IntStream.rangeClosed(0, 9).forEach(i -> db.users().insertGroup(i + "-name")); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPageIndex(1).setPageSize(1), organization, template)) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPageIndex(1).setPageSize(1), template)) | |||
.containsExactly("0-name"); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPageIndex(2).setPageSize(3), organization, template)) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPageIndex(2).setPageSize(3), template)) | |||
.containsExactly("3-name", "4-name", "5-name"); | |||
} | |||
@Test | |||
public void select_group_names_by_query_and_template_returns_anyone() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||
GroupDto group = db.users().insertGroup(organization, "Group"); | |||
PermissionTemplateDto otherTemplate = permissionTemplateDbTester.insertTemplate(organization); | |||
GroupDto group = db.users().insertGroup("Group"); | |||
PermissionTemplateDto otherTemplate = permissionTemplateDbTester.insertTemplate(); | |||
permissionTemplateDbTester.addGroupToTemplate(otherTemplate.getUuid(), group.getUuid(), USER); | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("nyo"), organization, template)) | |||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("nyo"), template)) | |||
.containsExactly("Anyone"); | |||
} | |||
@Test | |||
public void count_group_names_by_query_and_template() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto group1 = db.users().insertGroup(organization, "Group-1"); | |||
GroupDto group2 = db.users().insertGroup(organization, "Group-2"); | |||
GroupDto group3 = db.users().insertGroup(organization, "Group-3"); | |||
GroupDto group1 = db.users().insertGroup("Group-1"); | |||
GroupDto group2 = db.users().insertGroup("Group-2"); | |||
GroupDto group3 = db.users().insertGroup("Group-3"); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER); | |||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN); | |||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING); | |||
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate(organization); | |||
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate(); | |||
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER); | |||
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING); | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()), organization, template)) | |||
assertThat(countGroupNamesByQueryAndTemplate(builder(), template)) | |||
.isEqualTo(4); | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission(), organization, template)) | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission(), template)) | |||
.isEqualTo(2); | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setPermission(USER), organization, template)).isEqualTo(1); | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setPermission(USER), organization, anotherTemplate)) | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setPermission(USER), template)).isEqualTo(1); | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setPermission(USER), anotherTemplate)) | |||
.isEqualTo(1); | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("groU"), organization, template)) | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("groU"), template)) | |||
.isEqualTo(3); | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("nYo"), organization, template)) | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("nYo"), template)) | |||
.isEqualTo(1); | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("p-2"), organization, template)) | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("p-2"), template)) | |||
.isEqualTo(1); | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().build(), organization, "123")) | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission().build(), "123")) | |||
.isZero(); | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("unknown"), organization, template)) | |||
assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("unknown"), template)) | |||
.isZero(); | |||
} | |||
@@ -267,20 +259,20 @@ public class GroupWithPermissionTemplateDaoTest { | |||
assertThat(underTest.selectGroupPermissionsByTemplateUuid(session, "321")).isEmpty(); | |||
} | |||
private List<String> selectGroupNamesByQueryAndTemplate(PermissionQuery.Builder queryBuilder, OrganizationDto organization, PermissionTemplateDto permissionTemplateDto) { | |||
return selectGroupNamesByQueryAndTemplate(queryBuilder.setOrganizationUuid(organization.getUuid()).build(), organization, permissionTemplateDto.getUuid()); | |||
private List<String> selectGroupNamesByQueryAndTemplate(PermissionQuery.Builder queryBuilder, PermissionTemplateDto permissionTemplateDto) { | |||
return selectGroupNamesByQueryAndTemplate(queryBuilder.build(), permissionTemplateDto.getUuid()); | |||
} | |||
private List<String> selectGroupNamesByQueryAndTemplate(PermissionQuery query, OrganizationDto organization, String templateUuid) { | |||
private List<String> selectGroupNamesByQueryAndTemplate(PermissionQuery query, String templateUuid) { | |||
return underTest.selectGroupNamesByQueryAndTemplate(session, query, templateUuid); | |||
} | |||
private int countGroupNamesByQueryAndTemplate(PermissionQuery.Builder queryBuilder, OrganizationDto organization, PermissionTemplateDto permissionTemplateDto) { | |||
return countGroupNamesByQueryAndTemplate(queryBuilder.build(), organization, permissionTemplateDto.getUuid()); | |||
private int countGroupNamesByQueryAndTemplate(PermissionQuery.Builder queryBuilder, PermissionTemplateDto permissionTemplateDto) { | |||
return countGroupNamesByQueryAndTemplate(queryBuilder.build(), permissionTemplateDto.getUuid()); | |||
} | |||
private int countGroupNamesByQueryAndTemplate(PermissionQuery query, OrganizationDto organization, String templateUuid) { | |||
return underTest.countGroupNamesByQueryAndTemplate(session, query, organization.getUuid(), templateUuid); | |||
private int countGroupNamesByQueryAndTemplate(PermissionQuery query, String templateUuid) { | |||
return underTest.countGroupNamesByQueryAndTemplate(session, query, templateUuid); | |||
} | |||
} |
@@ -74,19 +74,19 @@ public class PermissionTemplateDaoTest { | |||
@Test | |||
public void create_permission_template() { | |||
PermissionTemplateDto permissionTemplate = underTest.insert(db.getSession(), newPermissionTemplateDto() | |||
.setOrganizationUuid(db.getDefaultOrganization().getUuid()) | |||
.setUuid("ABCD") | |||
.setName("my template") | |||
.setDescription("my description") | |||
.setKeyPattern("myregexp") | |||
.setOrganizationUuid("org") | |||
.setCreatedAt(PAST) | |||
.setUpdatedAt(NOW)); | |||
db.commit(); | |||
assertThat(underTest.selectByUuid(db.getSession(), permissionTemplate.getUuid())) | |||
.extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription, PermissionTemplateDto::getKeyPattern, | |||
PermissionTemplateDto::getOrganizationUuid, PermissionTemplateDto::getCreatedAt, PermissionTemplateDto::getUpdatedAt) | |||
.containsOnly("ABCD", "my template", "my description", "myregexp", "org", PAST, NOW); | |||
PermissionTemplateDto::getCreatedAt, PermissionTemplateDto::getUpdatedAt) | |||
.containsOnly("ABCD", "my template", "my description", "myregexp", PAST, NOW); | |||
} | |||
@Test | |||
@@ -95,13 +95,11 @@ public class PermissionTemplateDaoTest { | |||
.setUuid("ABCD") | |||
.setName("my template") | |||
.setDescription("my description") | |||
.setKeyPattern("myregexp") | |||
.setOrganizationUuid("org")); | |||
.setKeyPattern("myregexp")); | |||
assertThat(underTest.selectByUuid(db.getSession(), "ABCD")) | |||
.extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription, PermissionTemplateDto::getKeyPattern, | |||
PermissionTemplateDto::getOrganizationUuid) | |||
.containsOnly("ABCD", "my template", "my description", "myregexp", "org"); | |||
.extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription, PermissionTemplateDto::getKeyPattern) | |||
.containsOnly("ABCD", "my template", "my description", "myregexp"); | |||
} | |||
@Test | |||
@@ -109,37 +107,32 @@ public class PermissionTemplateDaoTest { | |||
templateDb.insertTemplate(newPermissionTemplateDto() | |||
.setUuid("tpl1") | |||
.setName("template1") | |||
.setDescription("description1") | |||
.setOrganizationUuid("org")); | |||
.setDescription("description1")); | |||
templateDb.insertTemplate(newPermissionTemplateDto() | |||
.setUuid("tpl2") | |||
.setName("template2") | |||
.setDescription("description2") | |||
.setOrganizationUuid("org")); | |||
.setDescription("description2")); | |||
templateDb.insertTemplate(newPermissionTemplateDto() | |||
.setUuid("tpl3") | |||
.setName("template3") | |||
.setDescription("description3") | |||
.setOrganizationUuid("org")); | |||
.setDescription("description3")); | |||
assertThat(underTest.selectAll(dbSession, "org", null)) | |||
assertThat(underTest.selectAll(dbSession, null)) | |||
.extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription) | |||
.containsOnly( | |||
tuple("tpl1", "template1", "description1"), | |||
tuple("tpl2", "template2", "description2"), | |||
tuple("tpl3", "template3", "description3")); | |||
assertThat(underTest.selectAll(dbSession, "missingOrg", null)).isEmpty(); | |||
} | |||
@Test | |||
public void selectAll_with_name_filtering() { | |||
PermissionTemplateDto t1InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("aBcDeF").setOrganizationUuid("org1")); | |||
PermissionTemplateDto t2InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("cdefgh").setOrganizationUuid("org1")); | |||
PermissionTemplateDto t3InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("hijkl").setOrganizationUuid("org2")); | |||
PermissionTemplateDto t4InOrg2 = templateDb.insertTemplate(newPermissionTemplateDto().setName("cdefgh").setOrganizationUuid("org2")); | |||
PermissionTemplateDto t1InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("aBcDeF")); | |||
PermissionTemplateDto t2InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("cdefgh")); | |||
PermissionTemplateDto t3InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("hijkl")); | |||
assertThat(underTest.selectAll(dbSession, "org1", "def")).extracting(PermissionTemplateDto::getUuid).containsExactly(t1InOrg1.getUuid(), t2InOrg1.getUuid()); | |||
assertThat(underTest.selectAll(dbSession, "org1", "missing")).isEmpty(); | |||
assertThat(underTest.selectAll(dbSession, "def")).extracting(PermissionTemplateDto::getUuid).containsExactly(t1InOrg1.getUuid(), t2InOrg1.getUuid()); | |||
assertThat(underTest.selectAll(dbSession, "missing")).isEmpty(); | |||
} | |||
@Test | |||
@@ -149,7 +142,6 @@ public class PermissionTemplateDaoTest { | |||
.setName("name") | |||
.setDescription("description") | |||
.setKeyPattern("regexp") | |||
.setOrganizationUuid("org") | |||
.setCreatedAt(PAST) | |||
.setUpdatedAt(PAST)); | |||
@@ -160,14 +152,13 @@ public class PermissionTemplateDaoTest { | |||
.setUpdatedAt(NOW) | |||
// Invariant fields, should not be updated | |||
.setUuid("ABCD") | |||
.setOrganizationUuid("new org") | |||
.setCreatedAt(NOW)); | |||
db.commit(); | |||
assertThat(underTest.selectByUuid(db.getSession(), "ABCD")) | |||
.extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription, PermissionTemplateDto::getKeyPattern, | |||
PermissionTemplateDto::getOrganizationUuid, PermissionTemplateDto::getCreatedAt, PermissionTemplateDto::getUpdatedAt) | |||
.containsOnly("ABCD", "new_name", "new_description", "new_regexp", "org", PAST, NOW); | |||
PermissionTemplateDto::getCreatedAt, PermissionTemplateDto::getUpdatedAt) | |||
.containsOnly("ABCD", "new_name", "new_description", "new_regexp", PAST, NOW); | |||
} | |||
@Test | |||
@@ -176,8 +167,8 @@ public class PermissionTemplateDaoTest { | |||
UserDto user2 = db.users().insertUser(); | |||
GroupDto group1 = db.users().insertGroup(); | |||
GroupDto group2 = db.users().insertGroup(); | |||
PermissionTemplateDto permissionTemplate1 = templateDb.insertTemplate(db.getDefaultOrganization()); | |||
PermissionTemplateDto permissionTemplate2 = templateDb.insertTemplate(db.getDefaultOrganization()); | |||
PermissionTemplateDto permissionTemplate1 = templateDb.insertTemplate(); | |||
PermissionTemplateDto permissionTemplate2 = templateDb.insertTemplate(); | |||
templateDb.addUserToTemplate(permissionTemplate1, user1, "user"); | |||
templateDb.addUserToTemplate(permissionTemplate1, user2, "user"); | |||
templateDb.addUserToTemplate(permissionTemplate1, user2, "admin"); | |||
@@ -192,7 +183,7 @@ public class PermissionTemplateDaoTest { | |||
underTest.deleteByUuid(dbSession, permissionTemplate1.getUuid()); | |||
dbSession.commit(); | |||
assertThat(underTest.selectAll(db.getSession(), db.getDefaultOrganization().getUuid(), null)) | |||
assertThat(underTest.selectAll(db.getSession(), null)) | |||
.extracting(PermissionTemplateDto::getUuid) | |||
.containsOnly(permissionTemplate2.getUuid()); | |||
assertThat(db.getDbClient().permissionTemplateDao().selectUserPermissionsByTemplateId(db.getSession(), permissionTemplate1.getUuid())).isEmpty(); | |||
@@ -206,7 +197,7 @@ public class PermissionTemplateDaoTest { | |||
@Test | |||
public void add_user_permission_to_template() { | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||
UserDto user = db.users().insertUser(); | |||
underTest.insertUserPermission(dbSession, permissionTemplate.getUuid(), user.getUuid(), "user"); | |||
@@ -220,7 +211,7 @@ public class PermissionTemplateDaoTest { | |||
@Test | |||
public void remove_user_permission_from_template() { | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||
UserDto user1 = db.users().insertUser(); | |||
UserDto user2 = db.users().insertUser(); | |||
templateDb.addUserToTemplate(permissionTemplate, user1, "user"); | |||
@@ -236,7 +227,7 @@ public class PermissionTemplateDaoTest { | |||
@Test | |||
public void add_group_permission_to_template() { | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||
GroupDto group = db.users().insertGroup(); | |||
underTest.insertGroupPermission(dbSession, permissionTemplate.getUuid(), group.getUuid(), "user"); | |||
@@ -251,7 +242,7 @@ public class PermissionTemplateDaoTest { | |||
@Test | |||
public void remove_by_group() { | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||
GroupDto group1 = db.users().insertGroup(); | |||
GroupDto group2 = db.users().insertGroup(); | |||
templateDb.addGroupToTemplate(permissionTemplate, group1, "user"); | |||
@@ -268,7 +259,7 @@ public class PermissionTemplateDaoTest { | |||
@Test | |||
public void add_group_permission_to_anyone() { | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||
underTest.insertGroupPermission(dbSession, permissionTemplate.getUuid(), null, "user"); | |||
dbSession.commit(); | |||
@@ -374,7 +365,7 @@ public class PermissionTemplateDaoTest { | |||
@Test | |||
public void selectAllGroupPermissionTemplatesByGroupUuid() { | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||
GroupDto group1 = db.users().insertGroup(); | |||
GroupDto group2 = db.users().insertGroup(); | |||
templateDb.addGroupToTemplate(permissionTemplate, group1, "user"); | |||
@@ -386,80 +377,14 @@ public class PermissionTemplateDaoTest { | |||
.containsOnly(tuple(group1.getUuid(), "user"), tuple(group1.getUuid(), "admin")); | |||
} | |||
@Test | |||
public void deleteByOrganization_does_not_fail_on_empty_db() { | |||
underTest.deleteByOrganization(dbSession, "some uuid"); | |||
dbSession.commit(); | |||
} | |||
@Test | |||
public void deleteByOrganization_does_not_fail_when_organization_has_no_template() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
underTest.deleteByOrganization(dbSession, organization.getUuid()); | |||
dbSession.commit(); | |||
} | |||
@Test | |||
public void deleteByOrganization_delete_all_templates_of_organization_and_content_of_child_tables() { | |||
OrganizationDto organization1 = db.organizations().insert(); | |||
OrganizationDto organization2 = db.organizations().insert(); | |||
OrganizationDto organization3 = db.organizations().insert(); | |||
PermissionTemplateDto[] templates = { | |||
createTemplate(organization1), | |||
createTemplate(organization2), | |||
createTemplate(organization3), | |||
createTemplate(organization1), | |||
createTemplate(organization2) | |||
}; | |||
verifyTemplateUuidsInDb(templates[0].getUuid(), templates[1].getUuid(), templates[2].getUuid(), templates[3].getUuid(), templates[4].getUuid()); | |||
underTest.deleteByOrganization(dbSession, organization2.getUuid()); | |||
dbSession.commit(); | |||
verifyTemplateUuidsInDb(templates[0].getUuid(), templates[2].getUuid(), templates[3].getUuid()); | |||
underTest.deleteByOrganization(dbSession, organization3.getUuid()); | |||
dbSession.commit(); | |||
verifyTemplateUuidsInDb(templates[0].getUuid(), templates[3].getUuid()); | |||
underTest.deleteByOrganization(dbSession, organization1.getUuid()); | |||
dbSession.commit(); | |||
verifyTemplateUuidsInDb(); | |||
} | |||
@Test | |||
public void delete_user_permissions_by_organization() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||
UserDto user = db.users().insertUser(); | |||
UserDto anotherUser = db.users().insertUser(); | |||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(organization); | |||
PermissionTemplateDto anotherTemplate = db.permissionTemplates().insertTemplate(anotherOrganization); | |||
String permission = "PERMISSION"; | |||
db.permissionTemplates().addUserToTemplate(template.getUuid(), user.getUuid(), permission); | |||
db.permissionTemplates().addUserToTemplate(template.getUuid(), anotherUser.getUuid(), permission); | |||
db.permissionTemplates().addUserToTemplate(anotherTemplate.getUuid(), user.getUuid(), permission); | |||
underTest.deleteUserPermissionsByOrganization(dbSession, organization.getUuid(), user.getUuid()); | |||
assertThat(underTest.selectUserPermissionsByTemplateId(dbSession, template.getUuid())).extracting(PermissionTemplateUserDto::getUserUuid).containsOnly(anotherUser.getUuid()); | |||
assertThat(underTest.selectUserPermissionsByTemplateId(dbSession, anotherTemplate.getUuid())).extracting(PermissionTemplateUserDto::getUserUuid).containsOnly(user.getUuid()); | |||
} | |||
@Test | |||
public void delete_user_permissions_by_user_uuid() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||
UserDto user = db.users().insertUser(); | |||
UserDto anotherUser = db.users().insertUser(); | |||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(organization); | |||
PermissionTemplateDto anotherTemplate = db.permissionTemplates().insertTemplate(anotherOrganization); | |||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(); | |||
String permission = "PERMISSION"; | |||
db.permissionTemplates().addUserToTemplate(template.getUuid(), user.getUuid(), permission); | |||
db.permissionTemplates().addUserToTemplate(template.getUuid(), anotherUser.getUuid(), permission); | |||
db.permissionTemplates().addUserToTemplate(anotherTemplate.getUuid(), user.getUuid(), permission); | |||
underTest.deleteUserPermissionsByUserUuid(dbSession, user.getUuid()); | |||
db.commit(); | |||
@@ -473,7 +398,7 @@ public class PermissionTemplateDaoTest { | |||
UserDto user = db.users().insertUser(); | |||
GroupDto group = db.users().insertGroup(); | |||
db.users().insertMember(group, user); | |||
PermissionTemplateDto template = templateDb.insertTemplate(organization); | |||
PermissionTemplateDto template = templateDb.insertTemplate(); | |||
templateDb.addProjectCreatorToTemplate(template.getUuid(), SCAN_EXECUTION); | |||
templateDb.addProjectCreatorToTemplate(template.getUuid(), UserRole.ADMIN); | |||
templateDb.addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.USER); | |||
@@ -483,20 +408,4 @@ public class PermissionTemplateDaoTest { | |||
templateDb.addGroupToTemplate(template.getUuid(), null, UserRole.ISSUE_ADMIN); | |||
return template; | |||
} | |||
private void verifyTemplateUuidsInDb(String... expectedTemplateUuids) { | |||
assertThat(db.select("select distinct template_uuid as \"templateUuid\" from perm_templates_groups")) | |||
.extracting((row) -> (String) row.get("templateUuid")) | |||
.containsOnly(expectedTemplateUuids); | |||
assertThat(db.select("select distinct template_uuid as \"templateUuid\" from perm_templates_users")) | |||
.extracting((row) -> (String) row.get("templateUuid")) | |||
.containsOnly(expectedTemplateUuids); | |||
assertThat(db.select("select distinct template_uuid as \"templateUuid\" from perm_tpl_characteristics")) | |||
.extracting((row) -> (String) row.get("templateUuid")) | |||
.containsOnly(expectedTemplateUuids); | |||
assertThat(db.select("select distinct uuid as \"templateUuid\" from permission_templates")) | |||
.extracting((row) -> (String) row.get("templateUuid")) | |||
.containsOnly(expectedTemplateUuids); | |||
} | |||
} |
@@ -65,14 +65,13 @@ public class UserWithPermissionTemplateDaoTest { | |||
PermissionTemplateDto anotherPermissionTemplate = db.permissionTemplates().insertTemplate(); | |||
db.permissionTemplates().addUserToTemplate(anotherPermissionTemplate, user1, USER); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | |||
builder().setOrganizationUuid(organization.getUuid()).build(), | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, builder().build(), | |||
permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin(), user3.getLogin()); | |||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin(), user3.getLogin()); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | |||
builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setPermission(USER).build(), | |||
builder().withAtLeastOnePermission().setPermission(USER).build(), | |||
permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||
} | |||
@Test | |||
@@ -84,8 +83,8 @@ public class UserWithPermissionTemplateDaoTest { | |||
db.permissionTemplates().addUserToTemplate(permissionTemplate, user, USER); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | |||
builder().setOrganizationUuid(organization.getUuid()).setPermission(USER).withAtLeastOnePermission().build(), "999")) | |||
.isEmpty(); | |||
builder().setPermission(USER).withAtLeastOnePermission().build(), "999")) | |||
.isEmpty(); | |||
} | |||
@Test | |||
@@ -104,9 +103,9 @@ public class UserWithPermissionTemplateDaoTest { | |||
db.permissionTemplates().addUserToTemplate(anotherPermissionTemplate, user1, USER); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | |||
builder().setOrganizationUuid(organization.getUuid()).setPermission(USER).withAtLeastOnePermission().build(), | |||
builder().setPermission(USER).withAtLeastOnePermission().build(), | |||
permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||
} | |||
@Test | |||
@@ -120,8 +119,8 @@ public class UserWithPermissionTemplateDaoTest { | |||
db.permissionTemplates().addUserToTemplate(permissionTemplate, disabledUser, USER); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | |||
builder().setOrganizationUuid(organization.getUuid()).setPermission(USER).build(), permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user.getLogin()); | |||
builder().setPermission(USER).build(), permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user.getLogin()); | |||
} | |||
@Test | |||
@@ -136,27 +135,26 @@ public class UserWithPermissionTemplateDaoTest { | |||
db.permissionTemplates().addUserToTemplate(permissionTemplate, user2, USER); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate( | |||
dbSession, builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setPermission(USER).setSearchQuery("SEr1").build(), | |||
dbSession, builder().withAtLeastOnePermission().setPermission(USER).setSearchQuery("SEr1").build(), | |||
permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user1.getLogin()); | |||
.containsExactlyInAnyOrder(user1.getLogin()); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate( | |||
dbSession, builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setPermission(USER).setSearchQuery("user").build(), | |||
dbSession, builder().withAtLeastOnePermission().setPermission(USER).setSearchQuery("user").build(), | |||
permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||
} | |||
@Test | |||
public void selectUserLoginsByQueryAndTemplate_is_ordering_result_by_users_with_permissions_then_by_name() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(organization); | |||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(); | |||
UserDto user1 = db.users().insertUser(u -> u.setName("A")); | |||
UserDto user2 = db.users().insertUser(u -> u.setName("B")); | |||
UserDto user3 = db.users().insertUser(u -> u.setName("C")); | |||
db.organizations().addMember(organization, user1, user2, user3); | |||
//db.organizations().addMember(organization, user1, user2, user3); | |||
db.permissionTemplates().addUserToTemplate(template.getUuid(), user3.getUuid(), UserRole.USER); | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||
PermissionQuery query = PermissionQuery.builder().build(); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(db.getSession(), query, template.getUuid())) | |||
.containsExactly(user3.getLogin(), user1.getLogin(), user2.getLogin()); | |||
} | |||
@@ -164,9 +162,9 @@ public class UserWithPermissionTemplateDaoTest { | |||
@Test | |||
public void selectUserLoginsByQueryAndTemplate_is_order_by_groups_with_permission_when_many_users() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(organization); | |||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(); | |||
// Add another template having some users with permission to make sure it's correctly ignored | |||
PermissionTemplateDto otherTemplate = db.permissionTemplates().insertTemplate(organization); | |||
PermissionTemplateDto otherTemplate = db.permissionTemplates().insertTemplate(); | |||
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | |||
UserDto user = db.users().insertUser("User-" + i); | |||
db.organizations().addMember(organization, user); | |||
@@ -175,7 +173,7 @@ public class UserWithPermissionTemplateDaoTest { | |||
String lastLogin = "User-" + (DEFAULT_PAGE_SIZE + 1); | |||
db.permissionTemplates().addUserToTemplate(template, db.users().selectUserByLogin(lastLogin).get(), UserRole.USER); | |||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||
PermissionQuery query = PermissionQuery.builder().build(); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(db.getSession(), query, template.getUuid())) | |||
.hasSize(DEFAULT_PAGE_SIZE) | |||
.startsWith(lastLogin); | |||
@@ -193,14 +191,14 @@ public class UserWithPermissionTemplateDaoTest { | |||
db.permissionTemplates().addUserToTemplate(permissionTemplate, user2, USER); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | |||
builder().setOrganizationUuid(organization.getUuid()).setPageIndex(1).setPageSize(2).build(), permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||
builder().setPageIndex(1).setPageSize(2).build(), permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | |||
builder().setOrganizationUuid(organization.getUuid()).setPageIndex(2).setPageSize(2).build(), permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user3.getLogin()); | |||
builder().setPageIndex(2).setPageSize(2).build(), permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user3.getLogin()); | |||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | |||
builder().setOrganizationUuid(organization.getUuid()).setPageIndex(3).setPageSize(1).build(), permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user3.getLogin()); | |||
builder().setPageIndex(3).setPageSize(1).build(), permissionTemplate.getUuid())) | |||
.containsExactlyInAnyOrder(user3.getLogin()); | |||
} | |||
@Test | |||
@@ -215,11 +213,11 @@ public class UserWithPermissionTemplateDaoTest { | |||
db.permissionTemplates().addUserToTemplate(permissionTemplate, user2, USER); | |||
assertThat(underTest.countUserLoginsByQueryAndTemplate(dbSession, | |||
builder().setOrganizationUuid(organization.getUuid()).build(), permissionTemplate.getUuid())) | |||
.isEqualTo(3); | |||
builder().build(), permissionTemplate.getUuid())) | |||
.isEqualTo(3); | |||
assertThat(underTest.countUserLoginsByQueryAndTemplate(dbSession, | |||
builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setPermission("user").build(), permissionTemplate.getUuid())) | |||
.isEqualTo(2); | |||
builder().withAtLeastOnePermission().setPermission("user").build(), permissionTemplate.getUuid())) | |||
.isEqualTo(2); | |||
} | |||
@Test |
@@ -522,7 +522,7 @@ public class PurgeCommandsTest { | |||
public void deletePermissions_deletes_permissions_of_public_project() { | |||
OrganizationDto organization = dbTester.organizations().insert(); | |||
ComponentDto project = dbTester.components().insertPublicProject(organization); | |||
addPermissions(organization, project); | |||
addPermissions(project); | |||
PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler, system2); | |||
purgeCommands.deletePermissions(project.uuid()); | |||
@@ -535,7 +535,7 @@ public class PurgeCommandsTest { | |||
public void deletePermissions_deletes_permissions_of_private_project() { | |||
OrganizationDto organization = dbTester.organizations().insert(); | |||
ComponentDto project = dbTester.components().insertPrivateProject(organization); | |||
addPermissions(organization, project); | |||
addPermissions(project); | |||
PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler, system2); | |||
purgeCommands.deletePermissions(project.uuid()); | |||
@@ -548,7 +548,7 @@ public class PurgeCommandsTest { | |||
public void deletePermissions_deletes_permissions_of_view() { | |||
OrganizationDto organization = dbTester.organizations().insert(); | |||
ComponentDto project = dbTester.components().insertPublicPortfolio(organization); | |||
addPermissions(organization, project); | |||
addPermissions(project); | |||
PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler, system2); | |||
purgeCommands.deletePermissions(project.uuid()); | |||
@@ -642,13 +642,13 @@ public class PurgeCommandsTest { | |||
assertThat(dbTester.countRowsOfTable("user_dismissed_messages")).isEqualTo(1); | |||
} | |||
private void addPermissions(OrganizationDto organization, ComponentDto root) { | |||
private void addPermissions(ComponentDto root) { | |||
if (!root.isPrivate()) { | |||
dbTester.users().insertProjectPermissionOnAnyone("foo1", root); | |||
dbTester.users().insertPermissionOnAnyone(organization, "not project level"); | |||
dbTester.users().insertPermissionOnAnyone("not project level"); | |||
} | |||
GroupDto group = dbTester.users().insertGroup(organization); | |||
GroupDto group = dbTester.users().insertGroup(); | |||
dbTester.users().insertProjectPermissionOnGroup(group, "bar", root); | |||
dbTester.users().insertPermissionOnGroup(group, "not project level"); | |||
@@ -29,25 +29,17 @@ import org.junit.Test; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import static java.util.Arrays.asList; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.mockito.Mockito.mock; | |||
import static org.mockito.Mockito.when; | |||
import static org.sonar.db.organization.OrganizationDto.Subscription.SONARQUBE; | |||
import static org.sonar.db.user.GroupTesting.newGroupDto; | |||
public class GroupDaoTest { | |||
private static final long NOW = 1_500_000L; | |||
private static final String MISSING_UUID = "unknown"; | |||
private static final OrganizationDto AN_ORGANIZATION = new OrganizationDto() | |||
.setKey("an-org") | |||
.setName("An Org") | |||
.setDefaultQualityGateUuid("1") | |||
.setSubscription(SONARQUBE) | |||
.setUuid("abcde"); | |||
private System2 system2 = mock(System2.class); | |||
@@ -60,23 +52,20 @@ public class GroupDaoTest { | |||
private final GroupDto aGroup = new GroupDto() | |||
.setUuid("uuid") | |||
.setName("the-name") | |||
.setDescription("the description") | |||
.setOrganizationUuid(AN_ORGANIZATION.getUuid()); | |||
.setDescription("the description"); | |||
@Before | |||
public void setUp() { | |||
when(system2.now()).thenReturn(NOW); | |||
db.getDbClient().organizationDao().insert(dbSession, AN_ORGANIZATION, false); | |||
} | |||
@Test | |||
public void selectByName() { | |||
db.getDbClient().groupDao().insert(dbSession, aGroup); | |||
GroupDto group = underTest.selectByName(dbSession, AN_ORGANIZATION.getUuid(), aGroup.getName()).get(); | |||
GroupDto group = underTest.selectByName(dbSession, aGroup.getName()).get(); | |||
assertThat(group.getUuid()).isNotNull(); | |||
assertThat(group.getOrganizationUuid()).isEqualTo(aGroup.getOrganizationUuid()); | |||
assertThat(group.getName()).isEqualTo(aGroup.getName()); | |||
assertThat(group.getDescription()).isEqualTo(aGroup.getDescription()); | |||
assertThat(group.getCreatedAt()).isEqualTo(new Date(NOW)); | |||
@@ -85,7 +74,7 @@ public class GroupDaoTest { | |||
@Test | |||
public void selectByName_returns_absent() { | |||
Optional<GroupDto> group = underTest.selectByName(dbSession, AN_ORGANIZATION.getUuid(), "missing"); | |||
Optional<GroupDto> group = underTest.selectByName(dbSession, "missing"); | |||
assertThat(group).isNotPresent(); | |||
} | |||
@@ -105,17 +94,14 @@ public class GroupDaoTest { | |||
@Test | |||
public void selectByNames() { | |||
GroupDto group1InOrg1 = underTest.insert(dbSession, newGroupDto().setName("group1").setOrganizationUuid("org1")); | |||
GroupDto group2InOrg1 = underTest.insert(dbSession, newGroupDto().setName("group2").setOrganizationUuid("org1")); | |||
GroupDto group1InOrg2 = underTest.insert(dbSession, newGroupDto().setName("group1").setOrganizationUuid("org2")); | |||
GroupDto group3InOrg2 = underTest.insert(dbSession, newGroupDto().setName("group3").setOrganizationUuid("org2")); | |||
dbSession.commit(); | |||
GroupDto group1 = underTest.insert(dbSession, newGroupDto().setName("group1")); | |||
GroupDto group2 = underTest.insert(dbSession, newGroupDto().setName("group2")); | |||
assertThat(underTest.selectByNames(dbSession, "org1", asList("group1", "group2", "group3", "missingGroup"))).extracting(GroupDto::getUuid) | |||
.containsOnly(group1InOrg1.getUuid(), group2InOrg1.getUuid()); | |||
dbSession.commit(); | |||
assertThat(underTest.selectByNames(dbSession, "org1", Collections.emptyList())).isEmpty(); | |||
assertThat(underTest.selectByNames(dbSession, "missingOrg", asList("group1"))).isEmpty(); | |||
assertThat(underTest.selectByNames(dbSession, asList("group1", "group2", "group3", "missingGroup"))).extracting(GroupDto::getUuid) | |||
.containsOnly(group1.getUuid(), group2.getUuid()); | |||
assertThat(underTest.selectByNames(dbSession, Collections.emptyList())).isEmpty(); | |||
} | |||
@Test | |||
@@ -140,7 +126,6 @@ public class GroupDaoTest { | |||
.setUuid(aGroup.getUuid()) | |||
.setName("new-name") | |||
.setDescription("New description") | |||
.setOrganizationUuid("another-org") | |||
.setCreatedAt(new Date(NOW + 1_000L)); | |||
underTest.update(dbSession, dto); | |||
@@ -152,60 +137,55 @@ public class GroupDaoTest { | |||
assertThat(reloaded.getDescription()).isEqualTo("New description"); | |||
// immutable fields --> to be ignored | |||
assertThat(reloaded.getOrganizationUuid()).isEqualTo(aGroup.getOrganizationUuid()); | |||
assertThat(reloaded.getCreatedAt()).isEqualTo(aGroup.getCreatedAt()); | |||
} | |||
@Test | |||
public void selectByQuery() { | |||
OrganizationDto organization1 = db.organizations().insert(organizationDto -> organizationDto.setUuid("org1")); | |||
OrganizationDto organization2 = db.organizations().insert(organizationDto -> organizationDto.setUuid("org2")); | |||
db.users().insertGroup(organization1, "sonar-users"); | |||
db.users().insertGroup(organization1, "SONAR-ADMINS"); | |||
db.users().insertGroup(organization1, "customers-group1"); | |||
db.users().insertGroup(organization1, "customers-group2"); | |||
db.users().insertGroup(organization1, "customers-group3"); | |||
// Group on another organization | |||
db.users().insertGroup(organization2, "customers-group4"); | |||
db.users().insertGroup("sonar-users"); | |||
db.users().insertGroup("SONAR-ADMINS"); | |||
db.users().insertGroup("customers-group1"); | |||
db.users().insertGroup("customers-group2"); | |||
db.users().insertGroup("customers-group3"); | |||
/* | |||
* Ordering and paging are not fully tested, case insensitive sort is broken on MySQL | |||
*/ | |||
// Null query | |||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 0, 10)) | |||
assertThat(underTest.selectByQuery(dbSession, null, 0, 10)) | |||
.hasSize(5) | |||
.extracting("name").containsOnly("customers-group1", "customers-group2", "customers-group3", "SONAR-ADMINS", "sonar-users"); | |||
// Empty query | |||
assertThat(underTest.selectByQuery(dbSession, "org1", "", 0, 10)) | |||
assertThat(underTest.selectByQuery(dbSession, "", 0, 10)) | |||
.hasSize(5) | |||
.extracting("name").containsOnly("customers-group1", "customers-group2", "customers-group3", "SONAR-ADMINS", "sonar-users"); | |||
// Filter on name | |||
assertThat(underTest.selectByQuery(dbSession, "org1", "sonar", 0, 10)) | |||
assertThat(underTest.selectByQuery(dbSession, "sonar", 0, 10)) | |||
.hasSize(2) | |||
.extracting("name").containsOnly("SONAR-ADMINS", "sonar-users"); | |||
// Pagination | |||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 0, 3)) | |||
assertThat(underTest.selectByQuery(dbSession, null, 0, 3)) | |||
.hasSize(3); | |||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 3, 3)) | |||
assertThat(underTest.selectByQuery(dbSession, null, 3, 3)) | |||
.hasSize(2); | |||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 6, 3)).isEmpty(); | |||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 0, 5)) | |||
assertThat(underTest.selectByQuery(dbSession, null, 6, 3)).isEmpty(); | |||
assertThat(underTest.selectByQuery(dbSession, null, 0, 5)) | |||
.hasSize(5); | |||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 5, 5)).isEmpty(); | |||
assertThat(underTest.selectByQuery(dbSession, null, 5, 5)).isEmpty(); | |||
} | |||
@Test | |||
public void select_by_query_with_special_characters() { | |||
String groupNameWithSpecialCharacters = "group%_%/name"; | |||
underTest.insert(dbSession, newGroupDto().setName(groupNameWithSpecialCharacters).setOrganizationUuid("org1")); | |||
underTest.insert(dbSession, newGroupDto().setName(groupNameWithSpecialCharacters)); | |||
db.commit(); | |||
List<GroupDto> result = underTest.selectByQuery(dbSession, "org1", "roup%_%/nam", 0, 10); | |||
int resultCount = underTest.countByQuery(dbSession, "org1", "roup%_%/nam"); | |||
List<GroupDto> result = underTest.selectByQuery(dbSession, "roup%_%/nam", 0, 10); | |||
int resultCount = underTest.countByQuery(dbSession, "roup%_%/nam"); | |||
assertThat(result).hasSize(1); | |||
assertThat(result.get(0).getName()).isEqualTo(groupNameWithSpecialCharacters); | |||
@@ -214,24 +194,20 @@ public class GroupDaoTest { | |||
@Test | |||
public void countByQuery() { | |||
OrganizationDto organization1 = db.organizations().insert(organizationDto -> organizationDto.setUuid("org1")); | |||
OrganizationDto organization2 = db.organizations().insert(organizationDto -> organizationDto.setUuid("org2")); | |||
db.users().insertGroup(organization1, "sonar-users"); | |||
db.users().insertGroup(organization1, "SONAR-ADMINS"); | |||
db.users().insertGroup(organization1, "customers-group1"); | |||
db.users().insertGroup(organization1, "customers-group2"); | |||
db.users().insertGroup(organization1, "customers-group3"); | |||
// Group on another organization | |||
db.users().insertGroup(organization2, "customers-group4"); | |||
db.users().insertGroup("sonar-users"); | |||
db.users().insertGroup("SONAR-ADMINS"); | |||
db.users().insertGroup("customers-group1"); | |||
db.users().insertGroup("customers-group2"); | |||
db.users().insertGroup("customers-group3"); | |||
// Null query | |||
assertThat(underTest.countByQuery(dbSession, "org1", null)).isEqualTo(5); | |||
assertThat(underTest.countByQuery(dbSession, null)).isEqualTo(5); | |||
// Empty query | |||
assertThat(underTest.countByQuery(dbSession, "org1", "")).isEqualTo(5); | |||
assertThat(underTest.countByQuery(dbSession, "")).isEqualTo(5); | |||
// Filter on name | |||
assertThat(underTest.countByQuery(dbSession, "org1", "sonar")).isEqualTo(2); | |||
assertThat(underTest.countByQuery(dbSession, "sonar")).isEqualTo(2); | |||
} | |||
@Test | |||
@@ -242,49 +218,4 @@ public class GroupDaoTest { | |||
assertThat(db.countRowsOfTable(dbSession, "groups")).isEqualTo(0); | |||
} | |||
@Test | |||
public void deleteByOrganization_does_not_fail_when_table_is_empty() { | |||
underTest.deleteByOrganization(dbSession, "some uuid"); | |||
dbSession.commit(); | |||
} | |||
@Test | |||
public void deleteByOrganization_does_not_fail_when_organization_has_no_group() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
underTest.deleteByOrganization(dbSession, organization.getUuid()); | |||
dbSession.commit(); | |||
} | |||
@Test | |||
public void deleteByOrganization_deletes_all_groups_in_specified_organization() { | |||
OrganizationDto organization1 = db.organizations().insert(); | |||
OrganizationDto organization2 = db.organizations().insert(); | |||
OrganizationDto organization3 = db.organizations().insert(); | |||
db.users().insertGroup(organization1); | |||
db.users().insertGroup(organization2); | |||
db.users().insertGroup(organization3); | |||
db.users().insertGroup(organization3); | |||
db.users().insertGroup(organization2); | |||
underTest.deleteByOrganization(dbSession, organization2.getUuid()); | |||
dbSession.commit(); | |||
verifyOrganizationUuidsInTable(organization1.getUuid(), organization3.getUuid()); | |||
underTest.deleteByOrganization(dbSession, organization1.getUuid()); | |||
dbSession.commit(); | |||
verifyOrganizationUuidsInTable(organization3.getUuid()); | |||
underTest.deleteByOrganization(dbSession, organization3.getUuid()); | |||
dbSession.commit(); | |||
verifyOrganizationUuidsInTable(); | |||
} | |||
private void verifyOrganizationUuidsInTable(String... organizationUuids) { | |||
assertThat(db.select("select distinct organization_uuid as \"organizationUuid\" from groups")) | |||
.extracting(row -> (String) row.get("organizationUuid")) | |||
.containsOnly(organizationUuids); | |||
} | |||
} |
@@ -25,7 +25,6 @@ import org.junit.Before; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import static java.util.Arrays.asList; | |||
import static java.util.Collections.emptyList; | |||
@@ -40,7 +39,6 @@ public class GroupMembershipDaoTest { | |||
@Rule | |||
public DbTester db = DbTester.create(); | |||
private OrganizationDto organizationDto; | |||
private UserDto user1; | |||
private UserDto user2; | |||
private UserDto user3; | |||
@@ -52,15 +50,12 @@ public class GroupMembershipDaoTest { | |||
@Before | |||
public void setUp() { | |||
organizationDto = db.organizations().insert(); | |||
user1 = db.users().insertUser(u -> u.setLogin("admin login").setName("Admin name").setEmail("admin@email.com")); | |||
user2 = db.users().insertUser(u -> u.setLogin("not.admin").setName("Not Admin").setEmail("Not Admin")); | |||
user3 = db.users().insertUser(u -> u.setLogin("inactive").setActive(false)); | |||
group1 = db.users().insertGroup(organizationDto, "sonar-administrators"); | |||
group2 = db.users().insertGroup(organizationDto, "sonar-users"); | |||
group3 = db.users().insertGroup(organizationDto, "sonar-reviewers"); | |||
db.organizations().addMember(organizationDto, user1); | |||
db.organizations().addMember(organizationDto, user2); | |||
group1 = db.users().insertGroup("sonar-administrators"); | |||
group2 = db.users().insertGroup("sonar-users"); | |||
group3 = db.users().insertGroup("sonar-reviewers"); | |||
} | |||
@Test | |||
@@ -71,27 +66,17 @@ public class GroupMembershipDaoTest { | |||
db.users().insertMember(group2, user2); | |||
// user1 is member of 3 groups | |||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user1.getUuid())).isEqualTo(3); | |||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user1.getUuid())).isZero(); | |||
assertThat(underTest.countGroups(db.getSession(), builder().membership(IN).build(), user1.getUuid())).isEqualTo(3); | |||
assertThat(underTest.countGroups(db.getSession(), builder().membership(OUT).build(), user1.getUuid())).isZero(); | |||
// user2 is member of 1 group on 3 | |||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user2.getUuid())).isEqualTo(1); | |||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user2.getUuid())).isEqualTo(2); | |||
assertThat(underTest.countGroups(db.getSession(), builder().membership(IN).build(), user2.getUuid())).isEqualTo(1); | |||
assertThat(underTest.countGroups(db.getSession(), builder().membership(OUT).build(), user2.getUuid())).isEqualTo(2); | |||
// user3 is member of 0 group | |||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user3.getUuid())).isZero(); | |||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user3.getUuid())).isEqualTo(3); | |||
assertThat(underTest.countGroups(db.getSession(), builder().membership(IN).build(), user3.getUuid())).isZero(); | |||
assertThat(underTest.countGroups(db.getSession(), builder().membership(OUT).build(), user3.getUuid())).isEqualTo(3); | |||
// unknown user is member of 0 group | |||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), "999")).isZero(); | |||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), "999")).isEqualTo(3); | |||
} | |||
@Test | |||
public void count_groups_only_from_given_organization() { | |||
OrganizationDto otherOrganization = db.organizations().insert(); | |||
GroupDto otherGroup = db.users().insertGroup(otherOrganization, "sonar-administrators-other_orga"); | |||
db.users().insertMember(group1, user1); | |||
db.users().insertMember(otherGroup, user1); | |||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user1.getUuid())).isEqualTo(1); | |||
assertThat(underTest.countGroups(db.getSession(), builder().membership(IN).build(), "999")).isZero(); | |||
assertThat(underTest.countGroups(db.getSession(), builder().membership(OUT).build(), "999")).isEqualTo(3); | |||
} | |||
@Test | |||
@@ -102,32 +87,22 @@ public class GroupMembershipDaoTest { | |||
db.users().insertMember(group2, user2); | |||
// user1 is member of 3 groups | |||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user1.getUuid(), 0, 10)).hasSize(3); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user1.getUuid(), 0, 10)).isEmpty(); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(IN).build(), user1.getUuid(), 0, 10)).hasSize(3); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(OUT).build(), user1.getUuid(), 0, 10)).isEmpty(); | |||
// user2 is member of 1 group on 3 | |||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user2.getUuid(), 0, 10)).hasSize(1); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user2.getUuid(), 0, 10)).hasSize(2); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(IN).build(), user2.getUuid(), 0, 10)).hasSize(1); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(OUT).build(), user2.getUuid(), 0, 10)).hasSize(2); | |||
// user3 is member of 0 group | |||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user3.getUuid(), 0, 10)).isEmpty(); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user3.getUuid(), 0, 10)).hasSize(3); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(IN).build(), user3.getUuid(), 0, 10)).isEmpty(); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(OUT).build(), user3.getUuid(), 0, 10)).hasSize(3); | |||
// unknown user is member of 0 group | |||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), "999", 0, 10)).isEmpty(); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), "999", 0, 10)).hasSize(3); | |||
} | |||
@Test | |||
public void select_groups_only_from_given_organization() { | |||
OrganizationDto otherOrganization = db.organizations().insert(); | |||
GroupDto otherGroup = db.users().insertGroup(otherOrganization, "sonar-administrators-other_orga"); | |||
db.users().insertMember(group1, user1); | |||
db.users().insertMember(otherGroup, user1); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user1.getUuid(), 0, 10)).hasSize(1); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(IN).build(), "999", 0, 10)).isEmpty(); | |||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(OUT).build(), "999", 0, 10)).hasSize(3); | |||
} | |||
@Test | |||
public void count_users_by_group() { | |||
GroupDto emptyGroup = db.users().insertGroup(organizationDto, "sonar-nobody"); | |||
GroupDto emptyGroup = db.users().insertGroup("sonar-nobody"); | |||
db.users().insertMember(group1, user1); | |||
db.users().insertMember(group2, user1); | |||
db.users().insertMember(group3, user1); | |||
@@ -155,7 +130,7 @@ public class GroupMembershipDaoTest { | |||
@Test | |||
public void count_members() { | |||
GroupDto emptyGroup = db.users().insertGroup(organizationDto, "sonar-nobody"); | |||
GroupDto emptyGroup = db.users().insertGroup("sonar-nobody"); | |||
db.users().insertMember(group1, user1); | |||
db.users().insertMember(group2, user1); | |||
db.users().insertMember(group3, user1); | |||
@@ -177,7 +152,7 @@ public class GroupMembershipDaoTest { | |||
@Test | |||
public void select_group_members_by_query() { | |||
GroupDto emptyGroup = db.users().insertGroup(organizationDto, "sonar-nobody"); | |||
GroupDto emptyGroup = db.users().insertGroup("sonar-nobody"); | |||
db.users().insertMember(group1, user1); | |||
db.users().insertMember(group2, user1); | |||
db.users().insertMember(group3, user1); | |||
@@ -195,7 +170,7 @@ public class GroupMembershipDaoTest { | |||
@Test | |||
public void select_users_not_affected_to_a_group_by_query() { | |||
GroupDto emptyGroup = db.users().insertGroup(organizationDto, "sonar-nobody"); | |||
GroupDto emptyGroup = db.users().insertGroup("sonar-nobody"); | |||
db.users().insertMember(group1, user1); | |||
db.users().insertMember(group2, user1); | |||
db.users().insertMember(group3, user1); | |||
@@ -280,6 +255,6 @@ public class GroupMembershipDaoTest { | |||
} | |||
private UserMembershipQuery.Builder newQuery() { | |||
return UserMembershipQuery.builder().organizationUuid(organizationDto.getUuid()); | |||
return UserMembershipQuery.builder(); | |||
} | |||
} |
@@ -37,24 +37,12 @@ public class GroupMembershipQueryTest { | |||
.membership(GroupMembershipQuery.IN) | |||
.pageIndex(2) | |||
.pageSize(10) | |||
.organizationUuid("organization_uuid") | |||
.build(); | |||
assertThat(underTest.groupSearch()).isEqualTo("sonar-users"); | |||
assertThat(underTest.membership()).isEqualTo("IN"); | |||
assertThat(underTest.pageIndex()).isEqualTo(2); | |||
assertThat(underTest.pageSize()).isEqualTo(10); | |||
assertThat(underTest.organizationUuid()).isEqualTo("organization_uuid"); | |||
} | |||
@Test | |||
public void fail_on_null_organization() { | |||
expectedException.expect(NullPointerException.class); | |||
expectedException.expectMessage("Organization uuid cant be null"); | |||
GroupMembershipQuery.builder() | |||
.organizationUuid(null) | |||
.build(); | |||
} | |||
@Test | |||
@@ -63,9 +51,7 @@ public class GroupMembershipQueryTest { | |||
expectedException.expectMessage("Membership is not valid (got unknwown). Availables values are [ANY, IN, OUT]"); | |||
GroupMembershipQuery.builder() | |||
.organizationUuid("organization_uuid") | |||
.membership("unknwown") | |||
.build(); | |||
} | |||
} |
@@ -123,20 +123,20 @@ public class RoleDaoTest { | |||
db.users().insertPermissionOnGroup(group1, "gateadmin"); | |||
db.users().insertPermissionOnGroup(group2, "gateadmin"); | |||
db.users().insertProjectPermissionOnGroup(group2, "admin", project); | |||
db.users().insertPermissionOnAnyone(db.getDefaultOrganization(), "scan"); | |||
db.users().insertPermissionOnAnyone(db.getDefaultOrganization(), "provisioning"); | |||
db.users().insertPermissionOnAnyone("scan"); | |||
db.users().insertPermissionOnAnyone("provisioning"); | |||
underTest.deleteGroupRolesByGroupUuid(db.getSession(), group1.getUuid()); | |||
db.getSession().commit(); | |||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), db.getDefaultOrganization().getUuid(), group1.getUuid())).isEmpty(); | |||
assertThat(db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), db.getDefaultOrganization().getUuid(), group1.getUuid(), project.uuid())) | |||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), group1.getUuid())).isEmpty(); | |||
assertThat(db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), group1.getUuid(), project.uuid())) | |||
.isEmpty(); | |||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), db.getDefaultOrganization().getUuid(), group2.getUuid())) | |||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), group2.getUuid())) | |||
.containsOnly("gateadmin"); | |||
assertThat(db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), db.getDefaultOrganization().getUuid(), group2.getUuid(), project.uuid())) | |||
assertThat(db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), group2.getUuid(), project.uuid())) | |||
.containsOnly("admin"); | |||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), db.getDefaultOrganization().getUuid(), null)).containsOnly("scan", | |||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), null)).containsOnly("scan", | |||
"provisioning"); | |||
} | |||
} |
@@ -25,7 +25,6 @@ import org.sonar.api.utils.System2; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
@@ -68,25 +67,6 @@ public class UserGroupDaoTest { | |||
assertThat(dbTester.getDbClient().groupMembershipDao().selectGroupUuidsByUserUuid(dbTester.getSession(), user2.getUuid())).containsOnly(group2.getUuid()); | |||
} | |||
@Test | |||
public void delete_organization_member() { | |||
OrganizationDto organization = dbTester.organizations().insert(); | |||
OrganizationDto anotherOrganization = dbTester.organizations().insert(); | |||
UserDto user = dbTester.users().insertUser(); | |||
UserDto anotherUser = dbTester.users().insertUser(); | |||
GroupDto group = dbTester.users().insertGroup(organization); | |||
GroupDto anotherGroup = dbTester.users().insertGroup(anotherOrganization); | |||
dbTester.users().insertMembers(group, user, anotherUser); | |||
dbTester.users().insertMembers(anotherGroup, user, anotherUser); | |||
underTest.deleteByOrganizationAndUser(dbSession, organization.getUuid(), user.getUuid()); | |||
assertThat(dbClient.groupMembershipDao().selectGroupUuidsByUserUuid(dbSession, user.getUuid())) | |||
.containsOnly(anotherGroup.getUuid()); | |||
assertThat(dbClient.groupMembershipDao().selectGroupUuidsByUserUuid(dbSession, anotherUser.getUuid())) | |||
.containsOnly(group.getUuid(), anotherGroup.getUuid()); | |||
} | |||
@Test | |||
public void delete_by_user() { | |||
UserDto user1 = dbTester.users().insertUser(); |
@@ -25,14 +25,8 @@ import javax.annotation.Nullable; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.permission.template.PermissionTemplateDto; | |||
import org.sonar.db.user.GroupMembershipDto; | |||
import org.sonar.db.user.GroupMembershipQuery; | |||
import org.sonar.db.user.UserDto; | |||
import static com.google.common.base.Preconditions.checkArgument; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.db.user.GroupMembershipQuery.IN; | |||
public class OrganizationDbTester { | |||
private final DbTester db; | |||
@@ -77,15 +71,9 @@ public class OrganizationDbTester { | |||
public void setDefaultTemplates(PermissionTemplateDto projectDefaultTemplate, @Nullable PermissionTemplateDto applicationDefaultTemplate, | |||
@Nullable PermissionTemplateDto portfolioDefaultTemplate) { | |||
checkArgument(portfolioDefaultTemplate == null | |||
|| portfolioDefaultTemplate.getOrganizationUuid().equals(projectDefaultTemplate.getOrganizationUuid()), | |||
"default template for project and portfolio must belong to the same organization"); | |||
checkArgument(applicationDefaultTemplate == null | |||
|| applicationDefaultTemplate.getOrganizationUuid().equals(projectDefaultTemplate.getOrganizationUuid()), | |||
"default template for project and application must belong to the same organization"); | |||
DbSession dbSession = db.getSession(); | |||
db.getDbClient().organizationDao().setDefaultTemplates(dbSession, projectDefaultTemplate.getOrganizationUuid(), | |||
db.getDbClient().organizationDao().setDefaultTemplates(dbSession, db.getDefaultOrganization().getUuid(), | |||
new DefaultTemplates() | |||
.setProjectUuid(projectDefaultTemplate.getUuid()) | |||
.setPortfoliosUuid(portfolioDefaultTemplate == null ? null : portfolioDefaultTemplate.getUuid()) | |||
@@ -93,10 +81,9 @@ public class OrganizationDbTester { | |||
dbSession.commit(); | |||
} | |||
public void setDefaultTemplates(OrganizationDto defaultOrganization, String projectDefaultTemplateUuid, | |||
@Nullable String applicationDefaultTemplateUuid, @Nullable String portfoliosDefaultTemplateUuid) { | |||
public void setDefaultTemplates(String projectDefaultTemplateUuid, @Nullable String applicationDefaultTemplateUuid, @Nullable String portfoliosDefaultTemplateUuid) { | |||
DbSession dbSession = db.getSession(); | |||
db.getDbClient().organizationDao().setDefaultTemplates(dbSession, defaultOrganization.getUuid(), | |||
db.getDbClient().organizationDao().setDefaultTemplates(dbSession, db.getDefaultOrganization().getUuid(), | |||
new DefaultTemplates() | |||
.setProjectUuid(projectDefaultTemplateUuid) | |||
.setApplicationsUuid(applicationDefaultTemplateUuid) | |||
@@ -119,25 +106,4 @@ public class OrganizationDbTester { | |||
public boolean getNewProjectPrivate(OrganizationDto organization) { | |||
return db.getDbClient().organizationDao().getNewProjectPrivate(db.getSession(), organization); | |||
} | |||
public void assertUserIsMemberOfOrganization(OrganizationDto organization, UserDto user) { | |||
assertThat(db.getDbClient().organizationMemberDao().select(db.getSession(), organization.getUuid(), user.getUuid())).as("User is not member of the organization").isPresent(); | |||
String defaultGroupUuid = db.getDbClient().organizationDao().getDefaultGroupUuid(db.getSession(), organization.getUuid()).get(); | |||
assertThat(db.getDbClient().groupMembershipDao().selectGroups( | |||
db.getSession(), | |||
GroupMembershipQuery.builder().membership(IN).organizationUuid(organization.getUuid()).build(), | |||
user.getUuid(), 0, 10)) | |||
.extracting(GroupMembershipDto::getUuid) | |||
.as("User is not member of the default group of the organization") | |||
.containsOnly(defaultGroupUuid); | |||
} | |||
public void assertUserIsNotMemberOfOrganization(OrganizationDto organization, UserDto user) { | |||
assertThat(db.getDbClient().organizationMemberDao().select(db.getSession(), organization.getUuid(), user.getUuid())).as("User is still member of the organization") | |||
.isNotPresent(); | |||
assertThat(db.getDbClient().groupMembershipDao().countGroups(db.getSession(), | |||
GroupMembershipQuery.builder().membership(IN).organizationUuid(organization.getUuid()).build(), | |||
user.getUuid())).isZero(); | |||
} | |||
} |
@@ -23,7 +23,6 @@ import javax.annotation.Nullable; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
@@ -45,11 +44,8 @@ public class PermissionTemplateDbTester { | |||
return insertTemplate(newPermissionTemplateDto()); | |||
} | |||
public PermissionTemplateDto insertTemplate(OrganizationDto organizationDto) { | |||
return insertTemplate(newPermissionTemplateDto().setOrganizationUuid(organizationDto.getUuid())); | |||
} | |||
public PermissionTemplateDto insertTemplate(PermissionTemplateDto template) { | |||
template.setOrganizationUuid(db.getDefaultOrganization().getUuid()); | |||
PermissionTemplateDto templateInDb = dbClient.permissionTemplateDao().insert(dbSession, template); | |||
db.commit(); | |||
@@ -32,7 +32,6 @@ public class PermissionTemplateTesting { | |||
return new PermissionTemplateDto() | |||
.setName(randomAlphanumeric(60)) | |||
.setDescription(randomAscii(500)) | |||
.setOrganizationUuid(randomAlphanumeric(40)) | |||
.setUuid(Uuids.create()) | |||
.setCreatedAt(new Date()) | |||
.setUpdatedAt(new Date()); |
@@ -33,7 +33,6 @@ public class GroupTesting { | |||
public static GroupDto newGroupDto() { | |||
return new GroupDto() | |||
.setUuid(randomAlphanumeric(40)) | |||
.setOrganizationUuid(randomAlphanumeric(40)) | |||
.setName(randomAlphanumeric(255)) | |||
.setDescription(randomAlphanumeric(200)) | |||
.setCreatedAt(new Date(nextLong())) |
@@ -34,7 +34,6 @@ import org.sonar.db.DbClient; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.ce.CeTaskMessageType; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.GroupPermissionDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.permission.UserPermissionDto; | |||
@@ -100,9 +99,9 @@ public class UserDbTester { | |||
return dbClient.userDao().selectByLogin(db.getSession(), userDto.getLogin()); | |||
} | |||
public UserDto insertAdminByUserPermission(OrganizationDto org) { | |||
public UserDto insertAdminByUserPermission() { | |||
UserDto user = insertUser(); | |||
insertPermissionOnUser(org, user, ADMINISTER); | |||
insertPermissionOnUser(user, ADMINISTER); | |||
return user; | |||
} | |||
@@ -141,29 +140,13 @@ public class UserDbTester { | |||
// GROUPS | |||
public GroupDto insertGroup(OrganizationDto organization, String name) { | |||
GroupDto group = GroupTesting.newGroupDto().setName(name).setOrganizationUuid(organization.getUuid()); | |||
return insertGroup(group); | |||
} | |||
public GroupDto insertGroup(String name) { | |||
GroupDto group = GroupTesting.newGroupDto().setName(name).setOrganizationUuid(db.getDefaultOrganization().getUuid()); | |||
GroupDto group = GroupTesting.newGroupDto().setName(name); | |||
return insertGroup(group); | |||
} | |||
/** | |||
* Create group in default organization | |||
*/ | |||
public GroupDto insertGroup() { | |||
GroupDto group = GroupTesting.newGroupDto().setOrganizationUuid(db.getDefaultOrganization().getUuid()); | |||
return insertGroup(group); | |||
} | |||
/** | |||
* Create group in specified organization | |||
*/ | |||
public GroupDto insertGroup(OrganizationDto organizationDto) { | |||
GroupDto group = GroupTesting.newGroupDto().setOrganizationUuid(organizationDto.getUuid()); | |||
GroupDto group = GroupTesting.newGroupDto(); | |||
return insertGroup(group); | |||
} | |||
@@ -174,23 +157,22 @@ public class UserDbTester { | |||
} | |||
public GroupDto insertDefaultGroup(GroupDto dto) { | |||
String organizationUuid = dto.getOrganizationUuid(); | |||
db.getDbClient().organizationDao().getDefaultGroupUuid(db.getSession(), organizationUuid) | |||
db.getDbClient().organizationDao().getDefaultGroupUuid(db.getSession(), db.getDefaultOrganization().getUuid()) | |||
.ifPresent(groupUuid -> { | |||
throw new IllegalArgumentException(format("Organization '%s' has already a default group", organizationUuid)); | |||
throw new IllegalArgumentException(format("Organization '%s' has already a default group", db.getDefaultOrganization().getUuid())); | |||
}); | |||
db.getDbClient().groupDao().insert(db.getSession(), dto); | |||
db.getDbClient().organizationDao().setDefaultGroupUuid(db.getSession(), organizationUuid, dto); | |||
db.getDbClient().organizationDao().setDefaultGroupUuid(db.getSession(), db.getDefaultOrganization().getUuid(), dto); | |||
db.commit(); | |||
return dto; | |||
} | |||
public GroupDto insertDefaultGroup(OrganizationDto organization, String name) { | |||
return insertDefaultGroup(GroupTesting.newGroupDto().setName(name).setOrganizationUuid(organization.getUuid())); | |||
public GroupDto insertDefaultGroup(String name) { | |||
return insertDefaultGroup(GroupTesting.newGroupDto().setName(name)); | |||
} | |||
public GroupDto insertDefaultGroup(OrganizationDto organization) { | |||
return insertDefaultGroup(GroupTesting.newGroupDto().setOrganizationUuid(organization.getUuid())); | |||
public GroupDto insertDefaultGroup() { | |||
return insertDefaultGroup(GroupTesting.newGroupDto()); | |||
} | |||
@CheckForNull | |||
@@ -198,12 +180,8 @@ public class UserDbTester { | |||
return db.getDbClient().groupDao().selectByUuid(db.getSession(), groupUuid); | |||
} | |||
public Optional<GroupDto> selectGroup(OrganizationDto org, String name) { | |||
return db.getDbClient().groupDao().selectByName(db.getSession(), org.getUuid(), name); | |||
} | |||
public List<GroupDto> selectGroups(OrganizationDto org) { | |||
return db.getDbClient().groupDao().selectByOrganizationUuid(db.getSession(), org.getUuid()); | |||
public Optional<GroupDto> selectGroup(String name) { | |||
return db.getDbClient().groupDao().selectByName(db.getSession(), name); | |||
} | |||
// GROUP MEMBERSHIP | |||
@@ -229,10 +207,9 @@ public class UserDbTester { | |||
// GROUP PERMISSIONS | |||
public GroupPermissionDto insertPermissionOnAnyone(OrganizationDto org, String permission) { | |||
public GroupPermissionDto insertPermissionOnAnyone(String permission) { | |||
GroupPermissionDto dto = new GroupPermissionDto() | |||
.setUuid(Uuids.createFast()) | |||
.setOrganizationUuid(org.getUuid()) | |||
.setGroupUuid(null) | |||
.setRole(permission); | |||
db.getDbClient().groupPermissionDao().insert(db.getSession(), dto); | |||
@@ -240,14 +217,13 @@ public class UserDbTester { | |||
return dto; | |||
} | |||
public GroupPermissionDto insertPermissionOnAnyone(OrganizationDto org, OrganizationPermission permission) { | |||
return insertPermissionOnAnyone(org, permission.getKey()); | |||
public GroupPermissionDto insertPermissionOnAnyone(OrganizationPermission permission) { | |||
return insertPermissionOnAnyone(permission.getKey()); | |||
} | |||
public GroupPermissionDto insertPermissionOnGroup(GroupDto group, String permission) { | |||
GroupPermissionDto dto = new GroupPermissionDto() | |||
.setUuid(Uuids.createFast()) | |||
.setOrganizationUuid(group.getOrganizationUuid()) | |||
.setGroupUuid(group.getUuid()) | |||
.setRole(permission); | |||
db.getDbClient().groupPermissionDao().insert(db.getSession(), dto); | |||
@@ -260,7 +236,7 @@ public class UserDbTester { | |||
} | |||
public void deletePermissionFromGroup(GroupDto group, String permission) { | |||
db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, group.getOrganizationUuid(), group.getUuid(), null); | |||
db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, group.getUuid(), null); | |||
db.commit(); | |||
} | |||
@@ -271,7 +247,6 @@ public class UserDbTester { | |||
checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); | |||
GroupPermissionDto dto = new GroupPermissionDto() | |||
.setUuid(Uuids.createFast()) | |||
.setOrganizationUuid(project.getOrganizationUuid()) | |||
.setGroupUuid(null) | |||
.setRole(permission) | |||
.setComponentUuid(project.uuid()); | |||
@@ -281,18 +256,16 @@ public class UserDbTester { | |||
} | |||
public void deleteProjectPermissionFromAnyone(ComponentDto project, String permission) { | |||
db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, project.getOrganizationUuid(), null, project.uuid()); | |||
db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, null, project.uuid()); | |||
db.commit(); | |||
} | |||
public GroupPermissionDto insertProjectPermissionOnGroup(GroupDto group, String permission, ComponentDto project) { | |||
checkArgument(group.getOrganizationUuid().equals(project.getOrganizationUuid()), "Different organizations"); | |||
checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission), | |||
"%s can't be granted on a public project", permission); | |||
checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); | |||
GroupPermissionDto dto = new GroupPermissionDto() | |||
.setUuid(Uuids.createFast()) | |||
.setOrganizationUuid(group.getOrganizationUuid()) | |||
.setGroupUuid(group.getUuid()) | |||
.setRole(permission) | |||
.setComponentUuid(project.uuid()); | |||
@@ -303,52 +276,41 @@ public class UserDbTester { | |||
public List<String> selectGroupPermissions(GroupDto group, @Nullable ComponentDto project) { | |||
if (project == null) { | |||
return db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), | |||
group.getOrganizationUuid(), group.getUuid()); | |||
return db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), group.getUuid()); | |||
} | |||
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), | |||
group.getOrganizationUuid(), group.getUuid(), project.uuid()); | |||
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), group.getUuid(), project.uuid()); | |||
} | |||
public List<String> selectAnyonePermissions(OrganizationDto org, @Nullable ComponentDto project) { | |||
public List<String> selectAnyonePermissions(@Nullable ComponentDto project) { | |||
if (project == null) { | |||
return db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), | |||
org.getUuid(), null); | |||
return db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), null); | |||
} | |||
checkArgument(org.getUuid().equals(project.getOrganizationUuid()), "Different organizations"); | |||
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), org.getUuid(), null, project.uuid()); | |||
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), null, project.uuid()); | |||
} | |||
// USER PERMISSIONS | |||
/** | |||
* Grant permission on default organization | |||
* Grant permission | |||
*/ | |||
public UserPermissionDto insertPermissionOnUser(UserDto user, OrganizationPermission permission) { | |||
return insertPermissionOnUser(db.getDefaultOrganization(), user, permission); | |||
return insertPermissionOnUser(user, permission.getKey()); | |||
} | |||
/** | |||
* Grant global permission | |||
* @deprecated use {@link #insertPermissionOnUser(OrganizationDto, UserDto, OrganizationPermission)} | |||
* @deprecated use {@link #insertPermissionOnUser(UserDto, OrganizationPermission)} | |||
*/ | |||
@Deprecated | |||
public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, String permission) { | |||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), org.getUuid(), permission, user.getUuid(), null); | |||
db.getDbClient().userPermissionDao().insert(db.getSession(), dto); | |||
public UserPermissionDto insertPermissionOnUser(UserDto user, String permission) { | |||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), null); | |||
db.getDbClient().userPermissionDao().insert(db.getSession(), dto, db.getDefaultOrganization().getUuid()); | |||
db.commit(); | |||
return dto; | |||
} | |||
/** | |||
* Grant organization permission to user | |||
*/ | |||
public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, OrganizationPermission permission) { | |||
return insertPermissionOnUser(org, user, permission.getKey()); | |||
} | |||
public void deletePermissionFromUser(OrganizationDto org, UserDto user, OrganizationPermission permission) { | |||
db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getUuid(), permission.getKey(), org.getUuid()); | |||
public void deletePermissionFromUser(UserDto user, OrganizationPermission permission) { | |||
db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getUuid(), permission.getKey()); | |||
db.commit(); | |||
} | |||
@@ -364,15 +326,15 @@ public class UserDbTester { | |||
checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission), | |||
"%s can't be granted on a public project", permission); | |||
checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); | |||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), project.getOrganizationUuid(), permission, user.getUuid(), project.uuid()); | |||
db.getDbClient().userPermissionDao().insert(db.getSession(), dto); | |||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), project.uuid()); | |||
db.getDbClient().userPermissionDao().insert(db.getSession(), dto, db.getDefaultOrganization().getUuid()); | |||
db.commit(); | |||
return dto; | |||
} | |||
public List<OrganizationPermission> selectPermissionsOfUser(UserDto user, OrganizationDto organization) { | |||
public List<OrganizationPermission> selectPermissionsOfUser(UserDto user) { | |||
return toListOfOrganizationPermissions(db.getDbClient().userPermissionDao() | |||
.selectGlobalPermissionsOfUser(db.getSession(), user.getUuid(), organization.getUuid())); | |||
.selectGlobalPermissionsOfUser(db.getSession(), user.getUuid())); | |||
} | |||
public List<String> selectProjectPermissionsOfUser(UserDto user, ComponentDto project) { |
@@ -66,14 +66,13 @@ public class UserIndex { | |||
* Returns the active users (at most 3) who are associated to the given SCM account. This method can be used | |||
* to detect user conflicts. | |||
*/ | |||
public List<UserDoc> getAtMostThreeActiveUsersForScmAccount(String scmAccount, String organizationUuid) { | |||
public List<UserDoc> getAtMostThreeActiveUsersForScmAccount(String scmAccount) { | |||
List<UserDoc> result = new ArrayList<>(); | |||
if (!StringUtils.isEmpty(scmAccount)) { | |||
SearchRequestBuilder request = esClient.prepareSearch(UserIndexDefinition.TYPE_USER) | |||
.setQuery(boolQuery().must(matchAllQuery()).filter( | |||
boolQuery() | |||
.must(termQuery(FIELD_ACTIVE, true)) | |||
.must(termQuery(FIELD_ORGANIZATION_UUIDS, organizationUuid)) | |||
.should(termQuery(FIELD_LOGIN, scmAccount)) | |||
.should(matchQuery(SORTABLE_ANALYZER.subField(FIELD_EMAIL), scmAccount)) | |||
.should(matchQuery(SORTABLE_ANALYZER.subField(FIELD_SCM_ACCOUNTS), scmAccount)))) |
@@ -38,7 +38,6 @@ import static org.sonar.server.user.index.UserIndexDefinition.TYPE_USER; | |||
public class UserIndexTest { | |||
private static final String ORGANIZATION_UUID = "my-organization"; | |||
private static final String USER1_LOGIN = "user1"; | |||
private static final String USER2_LOGIN = "user2"; | |||
@@ -57,14 +56,14 @@ public class UserIndexTest { | |||
es.putDocuments(TYPE_USER, user2); | |||
es.putDocuments(TYPE_USER, user3); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.scmAccounts().get(0), ORGANIZATION_UUID)).extractingResultOf("login").containsOnly(user1.login()); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.login(), ORGANIZATION_UUID)).extractingResultOf("login").containsOnly(user1.login()); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.scmAccounts().get(0))).extractingResultOf("login").containsOnly(user1.login()); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.login())).extractingResultOf("login").containsOnly(user1.login()); | |||
// both users share the same email | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.email(), ORGANIZATION_UUID)).extracting(UserDoc::login).containsOnly(user1.login(), user2.login()); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.email())).extracting(UserDoc::login).containsOnly(user1.login(), user2.login()); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("", ORGANIZATION_UUID)).isEmpty(); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("unknown", ORGANIZATION_UUID)).isEmpty(); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("")).isEmpty(); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("unknown")).isEmpty(); | |||
} | |||
@Test | |||
@@ -73,8 +72,8 @@ public class UserIndexTest { | |||
UserDoc user = newUser(USER1_LOGIN, singletonList(scmAccount)).setActive(false); | |||
es.putDocuments(TYPE_USER, user); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user.login(), ORGANIZATION_UUID)).isEmpty(); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(scmAccount, ORGANIZATION_UUID)).isEmpty(); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user.login())).isEmpty(); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(scmAccount)).isEmpty(); | |||
} | |||
@Test | |||
@@ -90,7 +89,7 @@ public class UserIndexTest { | |||
es.putDocuments(TYPE_USER, user4); | |||
// restrict results to 3 users | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(email, ORGANIZATION_UUID)).hasSize(3); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(email)).hasSize(3); | |||
} | |||
@Test | |||
@@ -98,8 +97,8 @@ public class UserIndexTest { | |||
UserDoc user = newUser("the_login", singletonList("John.Smith")); | |||
es.putDocuments(TYPE_USER, user); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_login", ORGANIZATION_UUID)).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_Login", ORGANIZATION_UUID)).isEmpty(); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_login")).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_Login")).isEmpty(); | |||
} | |||
@Test | |||
@@ -107,9 +106,9 @@ public class UserIndexTest { | |||
UserDoc user = newUser("the_login", "the_EMAIL@corp.com", singletonList("John.Smith")); | |||
es.putDocuments(TYPE_USER, user); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_EMAIL@corp.com", ORGANIZATION_UUID)).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_email@corp.com", ORGANIZATION_UUID)).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("email", ORGANIZATION_UUID)).isEmpty(); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_EMAIL@corp.com")).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_email@corp.com")).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("email")).isEmpty(); | |||
} | |||
@Test | |||
@@ -117,20 +116,10 @@ public class UserIndexTest { | |||
UserDoc user = newUser("the_login", singletonList("John.Smith")); | |||
es.putDocuments(TYPE_USER, user); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("John.Smith", ORGANIZATION_UUID)).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN.SMIth", ORGANIZATION_UUID)).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN.SMITH", ORGANIZATION_UUID)).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN", ORGANIZATION_UUID)).isEmpty(); | |||
} | |||
@Test | |||
public void getAtMostThreeActiveUsersForScmAccount_search_only_user_within_given_organization() { | |||
UserDoc user1 = newUser("user1", singletonList("same_scm")).setOrganizationUuids(singletonList(ORGANIZATION_UUID)); | |||
UserDoc user2 = newUser("user2", singletonList("same_scm")).setOrganizationUuids(singletonList("another_organization")); | |||
es.putDocuments(TYPE_USER, user1); | |||
es.putDocuments(TYPE_USER, user2); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("same_scm", ORGANIZATION_UUID)).extractingResultOf("login").containsOnly(user1.login()); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("John.Smith")).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN.SMIth")).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN.SMITH")).hasSize(1); | |||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN")).isEmpty(); | |||
} | |||
@Test | |||
@@ -178,8 +167,7 @@ public class UserIndexTest { | |||
.setName(login.toUpperCase(Locale.ENGLISH)) | |||
.setEmail(login + "@mail.com") | |||
.setActive(true) | |||
.setScmAccounts(scmAccounts) | |||
.setOrganizationUuids(singletonList(ORGANIZATION_UUID)); | |||
.setScmAccounts(scmAccounts); | |||
} | |||
private static UserDoc newUser(String login, String email, List<String> scmAccounts) { | |||
@@ -189,7 +177,6 @@ public class UserIndexTest { | |||
.setName(login.toUpperCase(Locale.ENGLISH)) | |||
.setEmail(email) | |||
.setActive(true) | |||
.setScmAccounts(scmAccounts) | |||
.setOrganizationUuids(singletonList(ORGANIZATION_UUID)); | |||
.setScmAccounts(scmAccounts); | |||
} | |||
} |
@@ -24,16 +24,15 @@ import java.util.Collections; | |||
import java.util.Optional; | |||
import javax.annotation.CheckForNull; | |||
import javax.annotation.concurrent.Immutable; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.server.user.AbstractUserSession; | |||
@Immutable | |||
public class SafeModeUserSession extends AbstractUserSession { | |||
@Override | |||
protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { | |||
protected boolean hasPermissionImpl(OrganizationPermission permission) { | |||
return false; | |||
} | |||
@@ -47,11 +46,6 @@ public class SafeModeUserSession extends AbstractUserSession { | |||
return false; | |||
} | |||
@Override | |||
protected boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||
return false; | |||
} | |||
@CheckForNull | |||
@Override | |||
public String getLogin() { |
@@ -37,21 +37,15 @@ import org.sonar.api.utils.log.Logger; | |||
import org.sonar.api.utils.log.Loggers; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.alm.ALM; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.db.user.UserGroupDto; | |||
import org.sonar.server.authentication.UserRegistration.ExistingEmailStrategy; | |||
import org.sonar.server.authentication.event.AuthenticationException; | |||
import org.sonar.server.authentication.exception.EmailAlreadyExistsRedirectionException; | |||
import org.sonar.server.organization.DefaultOrganization; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.organization.MemberUpdater; | |||
import org.sonar.server.organization.OrganizationFlags; | |||
import org.sonar.server.user.ExternalIdentity; | |||
import org.sonar.server.user.NewUser; | |||
import org.sonar.server.user.UpdateUser; | |||
import org.sonar.server.user.UserSession; | |||
import org.sonar.server.user.UserUpdater; | |||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||
@@ -66,19 +60,12 @@ public class UserRegistrarImpl implements UserRegistrar { | |||
private final DbClient dbClient; | |||
private final UserUpdater userUpdater; | |||
private final DefaultOrganizationProvider defaultOrganizationProvider; | |||
private final OrganizationFlags organizationFlags; | |||
private final DefaultGroupFinder defaultGroupFinder; | |||
private final MemberUpdater memberUpdater; | |||
public UserRegistrarImpl(DbClient dbClient, UserUpdater userUpdater, DefaultOrganizationProvider defaultOrganizationProvider, OrganizationFlags organizationFlags, | |||
DefaultGroupFinder defaultGroupFinder, MemberUpdater memberUpdater) { | |||
public UserRegistrarImpl(DbClient dbClient, UserUpdater userUpdater, DefaultGroupFinder defaultGroupFinder) { | |||
this.dbClient = dbClient; | |||
this.userUpdater = userUpdater; | |||
this.defaultOrganizationProvider = defaultOrganizationProvider; | |||
this.organizationFlags = organizationFlags; | |||
this.defaultGroupFinder = defaultGroupFinder; | |||
this.memberUpdater = memberUpdater; | |||
} | |||
@Override | |||
@@ -131,7 +118,6 @@ public class UserRegistrarImpl implements UserRegistrar { | |||
private Consumer<UserDto> beforeCommit(DbSession dbSession, boolean isNewUser, UserRegistration authenticatorParameters) { | |||
return user -> { | |||
syncGroups(dbSession, authenticatorParameters.getUserIdentity(), user); | |||
synchronizeOrganizationMembership(dbSession, user, authenticatorParameters, isNewUser); | |||
}; | |||
} | |||
@@ -187,8 +173,7 @@ public class UserRegistrarImpl implements UserRegistrar { | |||
Collection<String> groupsToRemove = Sets.difference(userGroups, identityGroups); | |||
Collection<String> allGroups = new ArrayList<>(groupsToAdd); | |||
allGroups.addAll(groupsToRemove); | |||
DefaultOrganization defaultOrganization = defaultOrganizationProvider.get(); | |||
Map<String, GroupDto> groupsByName = dbClient.groupDao().selectByNames(dbSession, defaultOrganization.getUuid(), allGroups) | |||
Map<String, GroupDto> groupsByName = dbClient.groupDao().selectByNames(dbSession, allGroups) | |||
.stream() | |||
.collect(uniqueIndex(GroupDto::getName)); | |||
@@ -218,19 +203,7 @@ public class UserRegistrarImpl implements UserRegistrar { | |||
} | |||
private Optional<GroupDto> getDefaultGroup(DbSession dbSession) { | |||
return organizationFlags.isEnabled(dbSession) ? Optional.empty() : Optional.of(defaultGroupFinder.findDefaultGroup(dbSession, defaultOrganizationProvider.get().getUuid())); | |||
} | |||
private void synchronizeOrganizationMembership(DbSession dbSession, UserDto userDto, UserRegistration authenticatorParameters, boolean isNewUser) { | |||
Set<String> almOrganizationIds = authenticatorParameters.getOrganizationAlmIds(); | |||
if (almOrganizationIds == null || !isNewUser || !organizationFlags.isEnabled(dbSession)) { | |||
return; | |||
} | |||
UserSession.IdentityProvider identityProvider = UserSession.IdentityProvider.getFromKey(authenticatorParameters.getProvider().getKey()); | |||
if (identityProvider != UserSession.IdentityProvider.GITHUB) { | |||
return; | |||
} | |||
memberUpdater.synchronizeUserOrganizationMembership(dbSession, userDto, ALM.GITHUB, almOrganizationIds); | |||
return Optional.of(defaultGroupFinder.findDefaultGroup(dbSession)); | |||
} | |||
private static NewUser createNewUser(UserRegistration authenticatorParameters) { |
@@ -78,7 +78,7 @@ public class MemberUpdater { | |||
.setOrganizationUuid(organization.getUuid()) | |||
.setUserUuid(user.getUuid())); | |||
dbClient.userGroupDao().insert(dbSession, | |||
new UserGroupDto().setGroupUuid(defaultGroupFinder.findDefaultGroup(dbSession, organization.getUuid()).getUuid()).setUserUuid(user.getUuid())); | |||
new UserGroupDto().setGroupUuid(defaultGroupFinder.findDefaultGroup(dbSession).getUuid()).setUserUuid(user.getUuid())); | |||
} | |||
public void removeMember(DbSession dbSession, OrganizationDto organization, UserDto user) { | |||
@@ -96,7 +96,7 @@ public class MemberUpdater { | |||
} | |||
Set<String> userUuidsToRemove = usersToRemove.stream().map(UserDto::getUuid).collect(toSet()); | |||
Set<String> adminUuids = new HashSet<>(dbClient.authorizationDao().selectUserUuidsWithGlobalPermission(dbSession, organization.getUuid(), ADMINISTER.getKey())); | |||
Set<String> adminUuids = new HashSet<>(dbClient.authorizationDao().selectUserUuidsWithGlobalPermission(dbSession, ADMINISTER.getKey())); | |||
checkArgument(!difference(adminUuids, userUuidsToRemove).isEmpty(), "The last administrator member cannot be removed"); | |||
usersToRemove.forEach(u -> removeMemberInDb(dbSession, organization, u)); | |||
@@ -135,9 +135,8 @@ public class MemberUpdater { | |||
private void removeMemberInDb(DbSession dbSession, OrganizationDto organization, UserDto user) { | |||
String userUuid = user.getUuid(); | |||
String organizationUuid = organization.getUuid(); | |||
dbClient.userPermissionDao().deleteOrganizationMemberPermissions(dbSession, organizationUuid, userUuid); | |||
dbClient.permissionTemplateDao().deleteUserPermissionsByOrganization(dbSession, organizationUuid, userUuid); | |||
dbClient.userGroupDao().deleteByOrganizationAndUser(dbSession, organizationUuid, userUuid); | |||
// dbClient.userPermissionDao().deleteOrganizationMemberPermissions(dbSession, userUuid); | |||
//dbClient.permissionTemplateDao().deleteUserPermissionsByOrganization(dbSession, organizationUuid, userUuid); | |||
dbClient.propertiesDao().deleteByOrganizationAndUser(dbSession, organizationUuid, userUuid); | |||
dbClient.propertiesDao().deleteByOrganizationAndMatchingLogin(dbSession, organizationUuid, user.getLogin(), singletonList(DEFAULT_ISSUE_ASSIGNEE)); | |||
@@ -76,9 +76,9 @@ public class OrganisationSupport { | |||
} | |||
private void createDefaultMembersGroup(DbSession dbSession, String defaultOrganizationUuid) { | |||
GroupDto sonarUsersGroup = defaultGroupFinder.findDefaultGroup(dbSession, defaultOrganizationUuid); | |||
GroupDto members = defaultGroupCreator.create(dbSession, defaultOrganizationUuid); | |||
copySonarUsersGroupPermissionsToMembersGroup(dbSession, defaultOrganizationUuid, sonarUsersGroup, members); | |||
GroupDto sonarUsersGroup = defaultGroupFinder.findDefaultGroup(dbSession); | |||
GroupDto members = defaultGroupCreator.create(dbSession); | |||
copySonarUsersGroupPermissionsToMembersGroup(dbSession, sonarUsersGroup, members); | |||
copySonarUsersGroupPermissionTemplatesToMembersGroup(dbSession, sonarUsersGroup, members); | |||
associateMembersOfDefaultOrganizationToGroup(dbSession, defaultOrganizationUuid, members); | |||
} | |||
@@ -88,14 +88,13 @@ public class OrganisationSupport { | |||
organizationMembers.forEach(member -> dbClient.userGroupDao().insert(dbSession, new UserGroupDto().setGroupUuid(membersGroup.getUuid()).setUserUuid(member))); | |||
} | |||
private void copySonarUsersGroupPermissionsToMembersGroup(DbSession dbSession, String defaultOrganizationUuid, GroupDto sonarUsersGroup, GroupDto membersGroup) { | |||
dbClient.groupPermissionDao().selectAllPermissionsByGroupUuid(dbSession, defaultOrganizationUuid, sonarUsersGroup.getUuid(), | |||
private void copySonarUsersGroupPermissionsToMembersGroup(DbSession dbSession, GroupDto sonarUsersGroup, GroupDto membersGroup) { | |||
dbClient.groupPermissionDao().selectAllPermissionsByGroupUuid(dbSession, sonarUsersGroup.getUuid(), | |||
context -> { | |||
GroupPermissionDto groupPermissionDto = (GroupPermissionDto) context.getResultObject(); | |||
dbClient.groupPermissionDao().insert(dbSession, | |||
new GroupPermissionDto() | |||
.setUuid(uuidFactory.create()) | |||
.setOrganizationUuid(defaultOrganizationUuid) | |||
.setGroupUuid(membersGroup.getUuid()) | |||
.setRole(groupPermissionDto.getRole()) | |||
.setComponentUuid(groupPermissionDto.getComponentUuid())); |
@@ -99,7 +99,7 @@ public class OrganizationUpdaterImpl implements OrganizationUpdater { | |||
insertOrganizationMember(dbSession, organization, userCreator.getUuid()); | |||
dbClient.qualityGateDao().associate(dbSession, uuidFactory.create(), organization, builtInQualityGate); | |||
GroupDto ownerGroup = insertOwnersGroup(dbSession, organization); | |||
GroupDto defaultGroup = defaultGroupCreator.create(dbSession, organization.getUuid()); | |||
GroupDto defaultGroup = defaultGroupCreator.create(dbSession); | |||
insertDefaultTemplateOnGroups(dbSession, organization, ownerGroup, defaultGroup); | |||
addCurrentUserToGroup(dbSession, ownerGroup, userCreator.getUuid()); | |||
addCurrentUserToGroup(dbSession, defaultGroup, userCreator.getUuid()); | |||
@@ -162,9 +162,9 @@ public class OrganizationUpdaterImpl implements OrganizationUpdater { | |||
PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().insert( | |||
dbSession, | |||
new PermissionTemplateDto() | |||
.setOrganizationUuid(organizationDto.getUuid()) | |||
.setUuid(uuidFactory.create()) | |||
.setName(PERM_TEMPLATE_NAME) | |||
.setOrganizationUuid(organizationDto.getUuid()) | |||
.setDescription(format(PERM_TEMPLATE_DESCRIPTION_PATTERN, organizationDto.getName())) | |||
.setCreatedAt(now) | |||
.setUpdatedAt(now)); | |||
@@ -219,7 +219,6 @@ public class OrganizationUpdaterImpl implements OrganizationUpdater { | |||
private GroupDto insertOwnersGroup(DbSession dbSession, OrganizationDto organization) { | |||
GroupDto group = dbClient.groupDao().insert(dbSession, new GroupDto() | |||
.setUuid(uuidFactory.create()) | |||
.setOrganizationUuid(organization.getUuid()) | |||
.setName(OWNERS_GROUP_NAME) | |||
.setDescription(OWNERS_GROUP_DESCRIPTION)); | |||
permissionService.getAllOrganizationPermissions().forEach(p -> addPermissionToGroup(dbSession, group, p)); | |||
@@ -231,7 +230,6 @@ public class OrganizationUpdaterImpl implements OrganizationUpdater { | |||
dbSession, | |||
new GroupPermissionDto() | |||
.setUuid(uuidFactory.create()) | |||
.setOrganizationUuid(group.getOrganizationUuid()) | |||
.setGroupUuid(group.getUuid()) | |||
.setRole(permission.getKey())); | |||
} |
@@ -22,8 +22,6 @@ package org.sonar.server.permission; | |||
import javax.annotation.concurrent.Immutable; | |||
import org.sonar.db.user.GroupDto; | |||
import static java.util.Objects.requireNonNull; | |||
/** | |||
* Reference to a user group, as used internally by the backend. It does | |||
* not support reference to virtual groups "anyone". | |||
@@ -34,22 +32,16 @@ import static java.util.Objects.requireNonNull; | |||
public class GroupUuid { | |||
private final String uuid; | |||
private final String organizationUuid; | |||
private GroupUuid(String organizationUuid, String uuid) { | |||
private GroupUuid(String uuid) { | |||
this.uuid = uuid; | |||
this.organizationUuid = requireNonNull(organizationUuid); | |||
} | |||
public String getUuid() { | |||
return uuid; | |||
} | |||
public String getOrganizationUuid() { | |||
return organizationUuid; | |||
} | |||
public static GroupUuid from(GroupDto dto) { | |||
return new GroupUuid(dto.getOrganizationUuid(), dto.getUuid()); | |||
return new GroupUuid(dto.getUuid()); | |||
} | |||
} |
@@ -24,8 +24,6 @@ import javax.annotation.Nullable; | |||
import javax.annotation.concurrent.Immutable; | |||
import org.sonar.db.user.GroupDto; | |||
import static java.util.Objects.requireNonNull; | |||
/** | |||
* Reference to a user group, as used internally by the backend. Contrary to | |||
* {@link GroupUuid}, it supports reference to virtual groups "anyone". In these | |||
@@ -37,11 +35,9 @@ import static java.util.Objects.requireNonNull; | |||
public class GroupUuidOrAnyone { | |||
private final String uuid; | |||
private final String organizationUuid; | |||
private GroupUuidOrAnyone(String organizationUuid, @Nullable String uuid) { | |||
private GroupUuidOrAnyone(@Nullable String uuid) { | |||
this.uuid = uuid; | |||
this.organizationUuid = requireNonNull(organizationUuid, "organizationUuid can't be null"); | |||
} | |||
public boolean isAnyone() { | |||
@@ -53,15 +49,11 @@ public class GroupUuidOrAnyone { | |||
return uuid; | |||
} | |||
public String getOrganizationUuid() { | |||
return organizationUuid; | |||
} | |||
public static GroupUuidOrAnyone from(GroupDto dto) { | |||
return new GroupUuidOrAnyone(dto.getOrganizationUuid(), dto.getUuid()); | |||
return new GroupUuidOrAnyone(dto.getUuid()); | |||
} | |||
public static GroupUuidOrAnyone forAnyone(String organizationUuid) { | |||
return new GroupUuidOrAnyone(organizationUuid, null); | |||
public static GroupUuidOrAnyone forAnyone() { | |||
return new GroupUuidOrAnyone(null); | |||
} | |||
} |
@@ -30,14 +30,12 @@ import javax.annotation.Nullable; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.core.util.stream.MoreCollectors; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.project.ProjectDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.exceptions.ForbiddenException; | |||
import org.sonar.server.exceptions.UnauthorizedException; | |||
import static java.lang.String.format; | |||
import static org.apache.commons.lang.StringUtils.defaultString; | |||
import static org.sonar.server.user.UserSession.IdentityProvider.SONARQUBE; | |||
@@ -78,16 +76,11 @@ public abstract class AbstractUserSession implements UserSession { | |||
} | |||
@Override | |||
public final boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { | |||
return hasPermission(permission, organization.getUuid()); | |||
public final boolean hasPermission(OrganizationPermission permission) { | |||
return isRoot() || hasPermissionImpl(permission); | |||
} | |||
@Override | |||
public final boolean hasPermission(OrganizationPermission permission, String organizationUuid) { | |||
return isRoot() || hasPermissionImpl(permission, organizationUuid); | |||
} | |||
protected abstract boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid); | |||
protected abstract boolean hasPermissionImpl(OrganizationPermission permission); | |||
@Override | |||
public final boolean hasComponentPermission(String permission, ComponentDto component) { | |||
@@ -121,13 +114,6 @@ public abstract class AbstractUserSession implements UserSession { | |||
protected abstract boolean hasProjectUuidPermission(String permission, String projectUuid); | |||
@Override | |||
public final boolean hasMembership(OrganizationDto organizationDto) { | |||
return isRoot() || hasMembershipImpl(organizationDto); | |||
} | |||
protected abstract boolean hasMembershipImpl(OrganizationDto organizationDto); | |||
@Override | |||
public final List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components) { | |||
if (isRoot()) { | |||
@@ -181,13 +167,8 @@ public abstract class AbstractUserSession implements UserSession { | |||
} | |||
@Override | |||
public final UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { | |||
return checkPermission(permission, organization.getUuid()); | |||
} | |||
@Override | |||
public final UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { | |||
if (!hasPermission(permission, organizationUuid)) { | |||
public final UserSession checkPermission(OrganizationPermission permission) { | |||
if (!hasPermission(permission)) { | |||
throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); | |||
} | |||
return this; | |||
@@ -228,13 +209,4 @@ public abstract class AbstractUserSession implements UserSession { | |||
} | |||
return this; | |||
} | |||
@Override | |||
public UserSession checkMembership(OrganizationDto organization) { | |||
if (!hasMembership(organization)) { | |||
throw new ForbiddenException(format("You're not member of organization '%s'", organization.getKey())); | |||
} | |||
return this; | |||
} | |||
} |
@@ -22,7 +22,6 @@ package org.sonar.server.user; | |||
import java.util.Collection; | |||
import java.util.Collections; | |||
import java.util.Optional; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.user.GroupDto; | |||
@@ -108,7 +107,7 @@ public final class DoPrivileged { | |||
} | |||
@Override | |||
protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { | |||
protected boolean hasPermissionImpl(OrganizationPermission permission) { | |||
return true; | |||
} | |||
@@ -128,10 +127,6 @@ public final class DoPrivileged { | |||
return true; | |||
} | |||
@Override | |||
public boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||
return true; | |||
} | |||
} | |||
private void start() { |
@@ -19,9 +19,6 @@ | |||
*/ | |||
package org.sonar.server.user; | |||
import com.google.common.base.Supplier; | |||
import com.google.common.base.Suppliers; | |||
import com.google.common.collect.ImmutableSet; | |||
import java.util.Collection; | |||
import java.util.Collections; | |||
import java.util.HashMap; | |||
@@ -36,15 +33,10 @@ import org.sonar.core.util.stream.MoreCollectors; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.organization.OrganizationMemberDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.organization.OrganizationFlags; | |||
import static java.util.Objects.requireNonNull; | |||
import static java.util.Optional.of; | |||
import static java.util.Optional.ofNullable; | |||
import static org.apache.commons.lang.StringUtils.defaultIfEmpty; | |||
@@ -57,20 +49,14 @@ public class ServerUserSession extends AbstractUserSession { | |||
@CheckForNull | |||
private final UserDto userDto; | |||
private final DbClient dbClient; | |||
private final OrganizationFlags organizationFlags; | |||
private final DefaultOrganizationProvider defaultOrganizationProvider; | |||
private final Supplier<Collection<GroupDto>> groups = Suppliers.memoize(this::loadGroups); | |||
private final Supplier<Boolean> isSystemAdministratorSupplier = Suppliers.memoize(this::loadIsSystemAdministrator); | |||
private final Map<String, String> projectUuidByComponentUuid = new HashMap<>(); | |||
private Map<String, Set<OrganizationPermission>> permissionsByOrganizationUuid; | |||
private Collection<GroupDto> groups; | |||
private Boolean isSystemAdministrator; | |||
private Set<OrganizationPermission> permissions; | |||
private Map<String, Set<String>> permissionsByProjectUuid; | |||
private Set<String> organizationMembership = new HashSet<>(); | |||
ServerUserSession(DbClient dbClient, OrganizationFlags organizationFlags, | |||
DefaultOrganizationProvider defaultOrganizationProvider, @Nullable UserDto userDto) { | |||
ServerUserSession(DbClient dbClient, @Nullable UserDto userDto) { | |||
this.dbClient = dbClient; | |||
this.organizationFlags = organizationFlags; | |||
this.defaultOrganizationProvider = defaultOrganizationProvider; | |||
this.userDto = userDto; | |||
} | |||
@@ -103,7 +89,10 @@ public class ServerUserSession extends AbstractUserSession { | |||
@Override | |||
public Collection<GroupDto> getGroups() { | |||
return groups.get(); | |||
if (groups == null) { | |||
groups = loadGroups(); | |||
} | |||
return groups; | |||
} | |||
@Override | |||
@@ -127,28 +116,13 @@ public class ServerUserSession extends AbstractUserSession { | |||
} | |||
@Override | |||
protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { | |||
if (permissionsByOrganizationUuid == null) { | |||
permissionsByOrganizationUuid = new HashMap<>(); | |||
protected boolean hasPermissionImpl(OrganizationPermission permission) { | |||
if (permissions == null) { | |||
permissions = loadGlobalPermissions(); | |||
} | |||
Set<OrganizationPermission> permissions = permissionsByOrganizationUuid.computeIfAbsent(organizationUuid, this::loadOrganizationPermissions); | |||
return permissions.contains(permission); | |||
} | |||
private Set<OrganizationPermission> loadOrganizationPermissions(String organizationUuid) { | |||
Set<String> permissionKeys; | |||
try (DbSession dbSession = dbClient.openSession(false)) { | |||
if (userDto != null && userDto.getUuid() != null) { | |||
permissionKeys = dbClient.authorizationDao().selectOrganizationPermissions(dbSession, organizationUuid, userDto.getUuid()); | |||
} else { | |||
permissionKeys = dbClient.authorizationDao().selectOrganizationPermissionsOfAnonymous(dbSession, organizationUuid); | |||
} | |||
} | |||
return permissionKeys.stream() | |||
.map(OrganizationPermission::fromKey) | |||
.collect(MoreCollectors.toSet(permissionKeys.size())); | |||
} | |||
@Override | |||
protected Optional<String> componentUuidToProjectUuid(String componentUuid) { | |||
String projectUuid = projectUuidByComponentUuid.get(componentUuid); | |||
@@ -189,11 +163,25 @@ public class ServerUserSession extends AbstractUserSession { | |||
if (component.get().isPrivate()) { | |||
return loadDbPermissions(dbSession, projectUuid); | |||
} | |||
ImmutableSet.Builder<String> builder = ImmutableSet.builder(); | |||
builder.addAll(PUBLIC_PERMISSIONS); | |||
builder.addAll(loadDbPermissions(dbSession, projectUuid)); | |||
return builder.build(); | |||
Set<String> permissions = new HashSet<>(); | |||
permissions.addAll(PUBLIC_PERMISSIONS); | |||
permissions.addAll(loadDbPermissions(dbSession, projectUuid)); | |||
return Collections.unmodifiableSet(permissions); | |||
} | |||
} | |||
private Set<OrganizationPermission> loadGlobalPermissions() { | |||
Set<String> permissionKeys; | |||
try (DbSession dbSession = dbClient.openSession(false)) { | |||
if (userDto != null && userDto.getUuid() != null) { | |||
permissionKeys = dbClient.authorizationDao().selectGlobalPermissions(dbSession, userDto.getUuid()); | |||
} else { | |||
permissionKeys = dbClient.authorizationDao().selectGlobalPermissionsOfAnonymous(dbSession); | |||
} | |||
} | |||
return permissionKeys.stream() | |||
.map(OrganizationPermission::fromKey) | |||
.collect(MoreCollectors.toSet(permissionKeys.size())); | |||
} | |||
private Set<String> loadDbPermissions(DbSession dbSession, String projectUuid) { | |||
@@ -219,45 +207,16 @@ public class ServerUserSession extends AbstractUserSession { | |||
@Override | |||
public boolean isSystemAdministrator() { | |||
return isSystemAdministratorSupplier.get(); | |||
} | |||
private boolean loadIsSystemAdministrator() { | |||
if (isRoot()) { | |||
return true; | |||
} | |||
try (DbSession dbSession = dbClient.openSession(false)) { | |||
if (!organizationFlags.isEnabled(dbSession)) { | |||
String uuidOfDefaultOrg = defaultOrganizationProvider.get().getUuid(); | |||
return hasPermission(OrganizationPermission.ADMINISTER, uuidOfDefaultOrg); | |||
} | |||
// organization feature is enabled -> requires to be root | |||
return false; | |||
if (isSystemAdministrator == null) { | |||
isSystemAdministrator = loadIsSystemAdministrator(); | |||
} | |||
return isSystemAdministrator; | |||
} | |||
@Override | |||
public boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||
return isMember(organizationDto.getUuid()); | |||
} | |||
private boolean isMember(String organizationUuid) { | |||
if (!isLoggedIn()) { | |||
return false; | |||
} | |||
private boolean loadIsSystemAdministrator() { | |||
if (isRoot()) { | |||
return true; | |||
} | |||
if (organizationMembership.contains(organizationUuid)) { | |||
return true; | |||
} | |||
try (DbSession dbSession = dbClient.openSession(false)) { | |||
Optional<OrganizationMemberDto> organizationMemberDto = dbClient.organizationMemberDao().select(dbSession, organizationUuid, requireNonNull(getUuid())); | |||
if (organizationMemberDto.isPresent()) { | |||
organizationMembership.add(organizationUuid); | |||
} | |||
return organizationMembership.contains(organizationUuid); | |||
} | |||
return hasPermission(OrganizationPermission.ADMINISTER); | |||
} | |||
} |
@@ -24,7 +24,6 @@ import java.util.List; | |||
import java.util.Optional; | |||
import javax.annotation.CheckForNull; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.project.ProjectDto; | |||
import org.sonar.db.user.GroupDto; | |||
@@ -112,13 +111,13 @@ public class ThreadLocalUserSession implements UserSession { | |||
} | |||
@Override | |||
public boolean hasPermission(OrganizationPermission permission, String organizationUuid) { | |||
return get().hasPermission(permission, organizationUuid); | |||
public boolean hasPermission(OrganizationPermission permission) { | |||
return get().hasPermission(permission); | |||
} | |||
@Override | |||
public UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { | |||
get().checkPermission(permission, organizationUuid); | |||
public UserSession checkPermission(OrganizationPermission permission) { | |||
get().checkPermission(permission); | |||
return this; | |||
} | |||
@@ -166,17 +165,6 @@ public class ThreadLocalUserSession implements UserSession { | |||
return get().hasComponentUuidPermission(permission, componentUuid); | |||
} | |||
@Override | |||
public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { | |||
get().checkPermission(permission, organization); | |||
return this; | |||
} | |||
@Override | |||
public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { | |||
return get().hasPermission(permission, organization); | |||
} | |||
@Override | |||
public List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components) { | |||
return get().keepAuthorizedComponents(permission, components); | |||
@@ -186,15 +174,4 @@ public class ThreadLocalUserSession implements UserSession { | |||
public List<ProjectDto> keepAuthorizedProjects(String permission, Collection<ProjectDto> projects) { | |||
return get().keepAuthorizedProjects(permission, projects); | |||
} | |||
@Override | |||
public boolean hasMembership(OrganizationDto organizationDto) { | |||
return get().hasMembership(organizationDto); | |||
} | |||
@Override | |||
public UserSession checkMembership(OrganizationDto organization) { | |||
get().checkMembership(organization); | |||
return this; | |||
} | |||
} |
@@ -27,7 +27,6 @@ import java.util.Optional; | |||
import javax.annotation.CheckForNull; | |||
import javax.annotation.concurrent.Immutable; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.project.ProjectDto; | |||
import org.sonar.db.user.GroupDto; | |||
@@ -126,8 +125,7 @@ public interface UserSession { | |||
return false; | |||
} | |||
ExternalIdentity that = (ExternalIdentity) o; | |||
return Objects.equals(id, that.id) && | |||
Objects.equals(login, that.login); | |||
return Objects.equals(id, that.id) && Objects.equals(login, that.login); | |||
} | |||
@Override | |||
@@ -171,17 +169,13 @@ public interface UserSession { | |||
* Always returns {@code true} if {@link #isRoot()} is {@code true}, even if | |||
* organization does not exist. | |||
*/ | |||
boolean hasPermission(OrganizationPermission permission, OrganizationDto organization); | |||
boolean hasPermission(OrganizationPermission permission, String organizationUuid); | |||
boolean hasPermission(OrganizationPermission permission); | |||
/** | |||
* Ensures that {@link #hasPermission(OrganizationPermission, OrganizationDto)} is {@code true}, | |||
* Ensures that {@link #hasPermission(OrganizationPermission)} is {@code true}, | |||
* otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
*/ | |||
UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization); | |||
UserSession checkPermission(OrganizationPermission permission, String organizationUuid); | |||
UserSession checkPermission(OrganizationPermission permission); | |||
/** | |||
* Returns {@code true} if the permission is granted to user on the component, | |||
@@ -221,6 +215,7 @@ public interface UserSession { | |||
List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components); | |||
List<ProjectDto> keepAuthorizedProjects(String permission, Collection<ProjectDto> projects); | |||
/** | |||
* Ensures that {@link #hasComponentPermission(String, ComponentDto)} is {@code true}, | |||
* otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
@@ -259,21 +254,4 @@ public interface UserSession { | |||
* otherwise throws {@link org.sonar.server.exceptions.ForbiddenException}. | |||
*/ | |||
UserSession checkIsSystemAdministrator(); | |||
/** | |||
* Returns {@code true} if the user is member of the organization, otherwise {@code false}. | |||
* | |||
* If the organization does not exist, then returns {@code false}. | |||
* | |||
* Always returns {@code true} if {@link #isRoot()} is {@code true}, even if | |||
* organization does not exist. | |||
*/ | |||
boolean hasMembership(OrganizationDto organization); | |||
/** | |||
* Ensures that {@link #hasMembership(OrganizationDto)} is {@code true}, | |||
* otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||
*/ | |||
UserSession checkMembership(OrganizationDto organization); | |||
} |
@@ -23,8 +23,6 @@ import org.sonar.api.server.ServerSide; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.authentication.UserLastConnectionDatesUpdater; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.organization.OrganizationFlags; | |||
import static java.util.Objects.requireNonNull; | |||
@@ -32,15 +30,10 @@ import static java.util.Objects.requireNonNull; | |||
public class UserSessionFactoryImpl implements UserSessionFactory { | |||
private final DbClient dbClient; | |||
private final DefaultOrganizationProvider defaultOrganizationProvider; | |||
private final OrganizationFlags organizationFlags; | |||
private final UserLastConnectionDatesUpdater userLastConnectionDatesUpdater; | |||
public UserSessionFactoryImpl(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider, | |||
OrganizationFlags organizationFlags, UserLastConnectionDatesUpdater userLastConnectionDatesUpdater) { | |||
public UserSessionFactoryImpl(DbClient dbClient, UserLastConnectionDatesUpdater userLastConnectionDatesUpdater) { | |||
this.dbClient = dbClient; | |||
this.defaultOrganizationProvider = defaultOrganizationProvider; | |||
this.organizationFlags = organizationFlags; | |||
this.userLastConnectionDatesUpdater = userLastConnectionDatesUpdater; | |||
} | |||
@@ -48,11 +41,11 @@ public class UserSessionFactoryImpl implements UserSessionFactory { | |||
public ServerUserSession create(UserDto user) { | |||
requireNonNull(user, "UserDto must not be null"); | |||
userLastConnectionDatesUpdater.updateLastConnectionDateIfNeeded(user); | |||
return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, user); | |||
return new ServerUserSession(dbClient, user); | |||
} | |||
@Override | |||
public ServerUserSession createAnonymous() { | |||
return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, null); | |||
return new ServerUserSession(dbClient, null); | |||
} | |||
} |
@@ -33,17 +33,14 @@ import org.apache.commons.lang.math.RandomUtils; | |||
import org.sonar.api.config.Configuration; | |||
import org.sonar.api.platform.NewUserHandler; | |||
import org.sonar.api.server.ServerSide; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.organization.OrganizationMemberDto; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.db.user.UserGroupDto; | |||
import org.sonar.db.user.UserPropertyDto; | |||
import org.sonar.server.authentication.CredentialsLocalAuthentication; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.organization.OrganizationFlags; | |||
import org.sonar.server.user.index.UserIndexer; | |||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||
import org.sonar.server.util.Validation; | |||
@@ -63,8 +60,6 @@ import static org.sonar.server.exceptions.BadRequestException.checkRequest; | |||
@ServerSide | |||
public class UserUpdater { | |||
public static final String NOTIFICATIONS_READ_DATE = "notifications.readDate"; | |||
private static final String SQ_AUTHORITY = "sonarqube"; | |||
private static final String LOGIN_PARAM = "Login"; | |||
@@ -81,20 +76,16 @@ public class UserUpdater { | |||
private final DbClient dbClient; | |||
private final UserIndexer userIndexer; | |||
private final DefaultOrganizationProvider defaultOrganizationProvider; | |||
private final OrganizationFlags organizationFlags; | |||
private final DefaultGroupFinder defaultGroupFinder; | |||
private final Configuration config; | |||
private final CredentialsLocalAuthentication localAuthentication; | |||
private final System2 system2; | |||
public UserUpdater(System2 system2, NewUserNotifier newUserNotifier, DbClient dbClient, UserIndexer userIndexer, OrganizationFlags organizationFlags, | |||
public UserUpdater(NewUserNotifier newUserNotifier, DbClient dbClient, UserIndexer userIndexer, | |||
DefaultOrganizationProvider defaultOrganizationProvider, DefaultGroupFinder defaultGroupFinder, Configuration config, | |||
CredentialsLocalAuthentication localAuthentication) { | |||
this.system2 = system2; | |||
this.newUserNotifier = newUserNotifier; | |||
this.dbClient = dbClient; | |||
this.userIndexer = userIndexer; | |||
this.organizationFlags = organizationFlags; | |||
this.defaultOrganizationProvider = defaultOrganizationProvider; | |||
this.defaultGroupFinder = defaultGroupFinder; | |||
this.config = config; | |||
@@ -129,12 +120,7 @@ public class UserUpdater { | |||
setOnboarded(reactivatedUser); | |||
updateDto(dbSession, updateUser, reactivatedUser); | |||
updateUser(dbSession, reactivatedUser); | |||
boolean isOrganizationEnabled = organizationFlags.isEnabled(dbSession); | |||
if (isOrganizationEnabled) { | |||
setNotificationsReadDate(dbSession, reactivatedUser); | |||
} else { | |||
addUserToDefaultOrganizationAndDefaultGroup(dbSession, reactivatedUser); | |||
} | |||
addUserToDefaultOrganizationAndDefaultGroup(dbSession, reactivatedUser); | |||
} | |||
public void updateAndCommit(DbSession dbSession, UserDto dto, UpdateUser updateUser, Consumer<UserDto> beforeCommit, UserDto... otherUsersToIndex) { | |||
@@ -429,13 +415,7 @@ public class UserUpdater { | |||
private UserDto saveUser(DbSession dbSession, UserDto userDto) { | |||
userDto.setActive(true); | |||
UserDto res = dbClient.userDao().insert(dbSession, userDto); | |||
boolean isOrganizationEnabled = organizationFlags.isEnabled(dbSession); | |||
if (isOrganizationEnabled) { | |||
setNotificationsReadDate(dbSession, userDto); | |||
} else { | |||
addUserToDefaultOrganizationAndDefaultGroup(dbSession, userDto); | |||
} | |||
addUserToDefaultOrganizationAndDefaultGroup(dbSession, userDto); | |||
return res; | |||
} | |||
@@ -467,19 +447,11 @@ public class UserUpdater { | |||
} | |||
private void addDefaultGroup(DbSession dbSession, UserDto userDto) { | |||
String defOrgUuid = defaultOrganizationProvider.get().getUuid(); | |||
List<GroupDto> userGroups = dbClient.groupDao().selectByUserLogin(dbSession, userDto.getLogin()); | |||
GroupDto defaultGroup = defaultGroupFinder.findDefaultGroup(dbSession, defOrgUuid); | |||
GroupDto defaultGroup = defaultGroupFinder.findDefaultGroup(dbSession); | |||
if (isUserAlreadyMemberOfDefaultGroup(defaultGroup, userGroups)) { | |||
return; | |||
} | |||
dbClient.userGroupDao().insert(dbSession, new UserGroupDto().setUserUuid(userDto.getUuid()).setGroupUuid(defaultGroup.getUuid())); | |||
} | |||
private void setNotificationsReadDate(DbSession dbSession, UserDto user) { | |||
dbClient.userPropertiesDao().insertOrUpdate(dbSession, new UserPropertyDto() | |||
.setUserUuid(user.getUuid()) | |||
.setKey(NOTIFICATIONS_READ_DATE) | |||
.setValue(Long.toString(system2.now()))); | |||
} | |||
} |
@@ -25,8 +25,8 @@ import org.sonar.db.user.GroupDto; | |||
public interface DefaultGroupCreator { | |||
/** | |||
* Create the default group on the given organization | |||
* Create the default group | |||
*/ | |||
GroupDto create(DbSession dbSession, String organizationUuid); | |||
GroupDto create(DbSession dbSession); | |||
} |
@@ -24,6 +24,7 @@ import org.sonar.core.util.UuidFactory; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import static com.google.common.base.Preconditions.checkArgument; | |||
@@ -32,23 +33,24 @@ public class DefaultGroupCreatorImpl implements DefaultGroupCreator { | |||
public static final String DEFAULT_GROUP_NAME = "Members"; | |||
private final DbClient dbClient; | |||
private final UuidFactory uuidFactory; | |||
private final DefaultOrganizationProvider organizationProvider; | |||
public DefaultGroupCreatorImpl(DbClient dbClient, UuidFactory uuidFactory) { | |||
public DefaultGroupCreatorImpl(DbClient dbClient, UuidFactory uuidFactory, DefaultOrganizationProvider organizationProvider) { | |||
this.dbClient = dbClient; | |||
this.uuidFactory = uuidFactory; | |||
this.organizationProvider = organizationProvider; | |||
} | |||
public GroupDto create(DbSession dbSession, String organizationUuid) { | |||
Optional<GroupDto> existingMembersGroup = dbClient.groupDao().selectByName(dbSession, organizationUuid, DEFAULT_GROUP_NAME); | |||
checkArgument(!existingMembersGroup.isPresent(), "The group '%s' already exist on organization '%s'", DEFAULT_GROUP_NAME, organizationUuid); | |||
public GroupDto create(DbSession dbSession) { | |||
Optional<GroupDto> existingMembersGroup = dbClient.groupDao().selectByName(dbSession, DEFAULT_GROUP_NAME); | |||
checkArgument(!existingMembersGroup.isPresent(), "The group '%s' already exists", DEFAULT_GROUP_NAME); | |||
GroupDto defaultGroup = new GroupDto() | |||
.setUuid(uuidFactory.create()) | |||
.setName(DEFAULT_GROUP_NAME) | |||
.setDescription("All members of the organization") | |||
.setOrganizationUuid(organizationUuid); | |||
.setDescription("All members of the organization"); | |||
dbClient.groupDao().insert(dbSession, defaultGroup); | |||
dbClient.organizationDao().setDefaultGroupUuid(dbSession, organizationUuid, defaultGroup); | |||
dbClient.organizationDao().setDefaultGroupUuid(dbSession, organizationProvider.get().getUuid(), defaultGroup); | |||
return defaultGroup; | |||
} | |||
@@ -22,6 +22,7 @@ package org.sonar.server.usergroups; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import static java.lang.String.format; | |||
import static java.util.Objects.requireNonNull; | |||
@@ -29,14 +30,16 @@ import static java.util.Objects.requireNonNull; | |||
public class DefaultGroupFinder { | |||
private final DbClient dbClient; | |||
private final DefaultOrganizationProvider defaultOrganizationProvider; | |||
public DefaultGroupFinder(DbClient dbClient) { | |||
public DefaultGroupFinder(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) { | |||
this.dbClient = dbClient; | |||
this.defaultOrganizationProvider = defaultOrganizationProvider; | |||
} | |||
public GroupDto findDefaultGroup(DbSession dbSession, String organizationUuid) { | |||
String defaultGroupUuid = dbClient.organizationDao().getDefaultGroupUuid(dbSession, organizationUuid) | |||
.orElseThrow(() -> new IllegalStateException(format("Default group cannot be found on organization '%s'", organizationUuid))); | |||
public GroupDto findDefaultGroup(DbSession dbSession) { | |||
String defaultGroupUuid = dbClient.organizationDao().getDefaultGroupUuid(dbSession, defaultOrganizationProvider.get().getUuid()) | |||
.orElseThrow(() -> new IllegalStateException("Default group cannot be found ")); | |||
return requireNonNull(dbClient.groupDao().selectByUuid(dbSession, defaultGroupUuid), format("Group '%s' cannot be found", defaultGroupUuid)); | |||
} | |||
@@ -34,7 +34,6 @@ import org.junit.rules.ExpectedException; | |||
import org.sonar.api.config.internal.MapSettings; | |||
import org.sonar.api.impl.utils.AlwaysIncreasingSystem2; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.core.util.stream.MoreCollectors; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
@@ -42,9 +41,7 @@ import org.sonar.server.authentication.event.AuthenticationEvent; | |||
import org.sonar.server.authentication.event.AuthenticationEvent.Source; | |||
import org.sonar.server.es.EsTester; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.organization.OrganizationUpdater; | |||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestOrganizationFlags; | |||
import org.sonar.server.user.NewUserNotifier; | |||
import org.sonar.server.user.UserUpdater; | |||
import org.sonar.server.user.index.UserIndexer; | |||
@@ -97,17 +94,16 @@ public class HttpHeadersAuthenticationTest { | |||
private GroupDto sonarUsers; | |||
private System2 system2 = mock(System2.class); | |||
private OrganizationUpdater organizationUpdater = mock(OrganizationUpdater.class); | |||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | |||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | |||
private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); | |||
private UserRegistrarImpl userIdentityAuthenticator = new UserRegistrarImpl( | |||
db.getDbClient(), | |||
new UserUpdater(system2, mock(NewUserNotifier.class), db.getDbClient(), userIndexer, organizationFlags, defaultOrganizationProvider, | |||
new DefaultGroupFinder(db.getDbClient()), settings.asConfig(), localAuthentication), | |||
defaultOrganizationProvider, organizationFlags, new DefaultGroupFinder(db.getDbClient()), null); | |||
new UserUpdater(mock(NewUserNotifier.class), db.getDbClient(), userIndexer, defaultOrganizationProvider, new DefaultGroupFinder(db.getDbClient(), defaultOrganizationProvider), | |||
settings.asConfig(), | |||
localAuthentication), | |||
new DefaultGroupFinder(db.getDbClient(), defaultOrganizationProvider)); | |||
private HttpServletResponse response = mock(HttpServletResponse.class); | |||
private JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class); | |||
@@ -118,9 +114,9 @@ public class HttpHeadersAuthenticationTest { | |||
@Before | |||
public void setUp() { | |||
when(system2.now()).thenReturn(NOW); | |||
group1 = db.users().insertGroup(db.getDefaultOrganization(), GROUP1); | |||
group2 = db.users().insertGroup(db.getDefaultOrganization(), GROUP2); | |||
sonarUsers = db.users().insertDefaultGroup(db.getDefaultOrganization(), "sonar-users"); | |||
group1 = db.users().insertGroup(GROUP1); | |||
group2 = db.users().insertGroup(GROUP2); | |||
sonarUsers = db.users().insertDefaultGroup("sonar-users"); | |||
} | |||
@Test | |||
@@ -433,7 +429,7 @@ public class HttpHeadersAuthenticationTest { | |||
if (expectedGroups.length == 0) { | |||
assertThat(db.users().selectGroupUuidsOfUser(userDto)).isEmpty(); | |||
} else { | |||
assertThat(db.users().selectGroupUuidsOfUser(userDto)).containsOnly(stream(expectedGroups).map(GroupDto::getUuid).collect(MoreCollectors.toList()).toArray(new String[] {})); | |||
assertThat(db.users().selectGroupUuidsOfUser(userDto)).containsOnly(stream(expectedGroups).map(GroupDto::getUuid).toArray(String[]::new)); | |||
} | |||
} | |||
@@ -453,5 +449,4 @@ public class HttpHeadersAuthenticationTest { | |||
private void verifyTokenIsNotUpdated() { | |||
verify(jwtHttpHandler, never()).generateToken(any(UserDto.class), anyMap(), any(HttpServletRequest.class), any(HttpServletResponse.class)); | |||
} | |||
} |
@@ -24,7 +24,6 @@ import org.sonar.api.web.UserRole; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.db.organization.OrganizationTesting.newOrganizationDto; | |||
public class SafeModeUserSessionTest { | |||
@@ -43,8 +42,7 @@ public class SafeModeUserSessionTest { | |||
public void session_has_no_permissions() { | |||
assertThat(underTest.isRoot()).isFalse(); | |||
assertThat(underTest.isSystemAdministrator()).isFalse(); | |||
assertThat(underTest.hasPermissionImpl(OrganizationPermission.ADMINISTER, "foo")).isFalse(); | |||
assertThat(underTest.hasPermissionImpl(OrganizationPermission.ADMINISTER)).isFalse(); | |||
assertThat(underTest.hasProjectUuidPermission(UserRole.USER, "foo")).isFalse(); | |||
assertThat(underTest.hasMembership(newOrganizationDto())).isFalse(); | |||
} | |||
} |
@@ -1,244 +0,0 @@ | |||
/* | |||
* SonarQube | |||
* Copyright (C) 2009-2020 SonarSource SA | |||
* mailto:info AT sonarsource DOT com | |||
* | |||
* This program is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.authentication; | |||
import com.google.common.collect.ImmutableSet; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.junit.rules.ExpectedException; | |||
import org.sonar.api.config.internal.MapSettings; | |||
import org.sonar.api.impl.utils.AlwaysIncreasingSystem2; | |||
import org.sonar.api.resources.Qualifiers; | |||
import org.sonar.api.resources.ResourceTypes; | |||
import org.sonar.api.server.authentication.UserIdentity; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.alm.AlmAppInstallDto; | |||
import org.sonar.db.component.ResourceTypesRule; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.authentication.UserRegistration.ExistingEmailStrategy; | |||
import org.sonar.server.authentication.event.AuthenticationEvent.Source; | |||
import org.sonar.server.es.EsTester; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.organization.MemberUpdater; | |||
import org.sonar.server.organization.OrganizationUpdater; | |||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestOrganizationFlags; | |||
import org.sonar.server.permission.PermissionService; | |||
import org.sonar.server.permission.PermissionServiceImpl; | |||
import org.sonar.server.user.NewUserNotifier; | |||
import org.sonar.server.user.UserUpdater; | |||
import org.sonar.server.user.index.UserIndexer; | |||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||
import static org.mockito.Mockito.mock; | |||
import static org.sonar.db.alm.ALM.BITBUCKETCLOUD; | |||
import static org.sonar.db.alm.ALM.GITHUB; | |||
import static org.sonar.server.authentication.event.AuthenticationEvent.Method.BASIC; | |||
public class UserRegistrarImplOrgMembershipSyncTest { | |||
private System2 system2 = new AlwaysIncreasingSystem2(); | |||
private static String USER_LOGIN = "github-johndoo"; | |||
private static UserIdentity USER_IDENTITY = UserIdentity.builder() | |||
.setProviderId("ABCD") | |||
.setProviderLogin("johndoo") | |||
.setName("John") | |||
.setEmail("john@email.com") | |||
.build(); | |||
private static TestIdentityProvider GITHUB_PROVIDER = new TestIdentityProvider() | |||
.setKey("github") | |||
.setName("Github") | |||
.setEnabled(true) | |||
.setAllowsUsersToSignUp(true); | |||
private static TestIdentityProvider BITBUCKET_PROVIDER = new TestIdentityProvider() | |||
.setKey("bitbucket") | |||
.setName("Bitbucket") | |||
.setEnabled(true) | |||
.setAllowsUsersToSignUp(true); | |||
private MapSettings settings = new MapSettings(); | |||
@Rule | |||
public ExpectedException expectedException = ExpectedException.none(); | |||
@Rule | |||
public DbTester db = DbTester.create(new AlwaysIncreasingSystem2()); | |||
@Rule | |||
public EsTester es = EsTester.create(); | |||
private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); | |||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | |||
private OrganizationUpdater organizationUpdater = mock(OrganizationUpdater.class); | |||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | |||
private UserUpdater userUpdater = new UserUpdater( | |||
system2, | |||
mock(NewUserNotifier.class), | |||
db.getDbClient(), | |||
userIndexer, | |||
organizationFlags, | |||
defaultOrganizationProvider, | |||
new DefaultGroupFinder(db.getDbClient()), | |||
settings.asConfig(), | |||
localAuthentication); | |||
private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); | |||
private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); | |||
private DefaultGroupFinder defaultGroupFinder = new DefaultGroupFinder(db.getDbClient()); | |||
private UserRegistrarImpl underTest = new UserRegistrarImpl(db.getDbClient(), userUpdater, defaultOrganizationProvider, organizationFlags, | |||
defaultGroupFinder, new MemberUpdater(db.getDbClient(), defaultGroupFinder, userIndexer)); | |||
@Test | |||
public void authenticate_new_github_user_syncs_organization() { | |||
organizationFlags.setEnabled(true); | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization, "Members"); | |||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||
underTest.register(UserRegistration.builder() | |||
.setUserIdentity(USER_IDENTITY) | |||
.setProvider(GITHUB_PROVIDER) | |||
.setSource(Source.realm(BASIC, GITHUB_PROVIDER.getName())) | |||
.setExistingEmailStrategy(ExistingEmailStrategy.ALLOW) | |||
.setOrganizationAlmIds(ImmutableSet.of(gitHubInstall.getOrganizationAlmId())) | |||
.build()); | |||
UserDto user = db.users().selectUserByExternalLoginAndIdentityProvider(USER_IDENTITY.getProviderLogin(), GITHUB_PROVIDER.getKey()).get(); | |||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||
} | |||
@Test | |||
public void authenticate_new_github_user_does_not_sync_organization_when_no_org_alm_ids_provided() { | |||
organizationFlags.setEnabled(true); | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization, "Members"); | |||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||
underTest.register(UserRegistration.builder() | |||
.setUserIdentity(USER_IDENTITY) | |||
.setProvider(GITHUB_PROVIDER) | |||
.setSource(Source.realm(BASIC, GITHUB_PROVIDER.getName())) | |||
.setExistingEmailStrategy(ExistingEmailStrategy.ALLOW) | |||
.setOrganizationAlmIds(null) | |||
.build()); | |||
UserDto user = db.users().selectUserByExternalLoginAndIdentityProvider(USER_IDENTITY.getProviderLogin(), GITHUB_PROVIDER.getKey()).get(); | |||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||
} | |||
@Test | |||
public void authenticate_new_bitbucket_user_does_not_sync_organization() { | |||
organizationFlags.setEnabled(true); | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization, "Members"); | |||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(BITBUCKETCLOUD)); | |||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||
underTest.register(UserRegistration.builder() | |||
.setUserIdentity(USER_IDENTITY) | |||
.setProvider(BITBUCKET_PROVIDER) | |||
.setSource(Source.realm(BASIC, BITBUCKET_PROVIDER.getName())) | |||
.setExistingEmailStrategy(ExistingEmailStrategy.ALLOW) | |||
.setOrganizationAlmIds(ImmutableSet.of(gitHubInstall.getOrganizationAlmId())) | |||
.build()); | |||
UserDto user = db.users().selectUserByExternalLoginAndIdentityProvider(USER_IDENTITY.getProviderLogin(), BITBUCKET_PROVIDER.getKey()).get(); | |||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||
} | |||
@Test | |||
public void authenticate_new_user_using_unknown_alm_does_not_sync_organization() { | |||
organizationFlags.setEnabled(true); | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization, "Members"); | |||
AlmAppInstallDto almAppInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization, almAppInstall, true); | |||
TestIdentityProvider identityProvider = new TestIdentityProvider() | |||
.setKey("unknown") | |||
.setName("unknown") | |||
.setEnabled(true) | |||
.setAllowsUsersToSignUp(true); | |||
underTest.register(UserRegistration.builder() | |||
.setUserIdentity(USER_IDENTITY) | |||
.setProvider(identityProvider) | |||
.setSource(Source.realm(BASIC, identityProvider.getName())) | |||
.setExistingEmailStrategy(ExistingEmailStrategy.ALLOW) | |||
.setOrganizationAlmIds(ImmutableSet.of(almAppInstall.getOrganizationAlmId())) | |||
.build()); | |||
UserDto user = db.users().selectUserByExternalLoginAndIdentityProvider(USER_IDENTITY.getProviderLogin(), identityProvider.getKey()).get(); | |||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||
} | |||
@Test | |||
public void authenticate_existing_github_user_does_not_sync_organization() { | |||
organizationFlags.setEnabled(true); | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization, "Members"); | |||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||
UserDto user = db.users().insertUser(u -> u | |||
.setLogin("Old login") | |||
.setExternalId(USER_IDENTITY.getProviderId()) | |||
.setExternalIdentityProvider(GITHUB_PROVIDER.getKey())); | |||
underTest.register(UserRegistration.builder() | |||
.setUserIdentity(USER_IDENTITY) | |||
.setProvider(GITHUB_PROVIDER) | |||
.setSource(Source.local(BASIC)) | |||
.setExistingEmailStrategy(ExistingEmailStrategy.FORBID) | |||
.setOrganizationAlmIds(ImmutableSet.of(gitHubInstall.getOrganizationAlmId())) | |||
.build()); | |||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||
} | |||
@Test | |||
public void authenticate_disabled_github_user_syncs_organization() { | |||
organizationFlags.setEnabled(true); | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization, "Members"); | |||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||
UserDto user = db.users().insertDisabledUser(u -> u | |||
.setLogin(USER_LOGIN) | |||
.setExternalId(USER_IDENTITY.getProviderId()) | |||
.setExternalIdentityProvider(GITHUB_PROVIDER.getKey()) | |||
); | |||
underTest.register(UserRegistration.builder() | |||
.setUserIdentity(USER_IDENTITY) | |||
.setProvider(GITHUB_PROVIDER) | |||
.setSource(Source.local(BASIC)) | |||
.setExistingEmailStrategy(ExistingEmailStrategy.FORBID) | |||
.setOrganizationAlmIds(ImmutableSet.of(gitHubInstall.getOrganizationAlmId())) | |||
.build()); | |||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||
} | |||
} |
@@ -21,16 +21,15 @@ package org.sonar.server.authentication; | |||
import java.util.Optional; | |||
import java.util.stream.Collectors; | |||
import org.junit.Before; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.junit.rules.ExpectedException; | |||
import org.sonar.api.config.internal.MapSettings; | |||
import org.sonar.api.impl.utils.AlwaysIncreasingSystem2; | |||
import org.sonar.api.server.authentication.UserIdentity; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.core.util.stream.MoreCollectors; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.authentication.UserRegistration.ExistingEmailStrategy; | |||
@@ -39,16 +38,12 @@ import org.sonar.server.authentication.event.AuthenticationEvent.Source; | |||
import org.sonar.server.authentication.exception.EmailAlreadyExistsRedirectionException; | |||
import org.sonar.server.es.EsTester; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.organization.MemberUpdater; | |||
import org.sonar.server.organization.OrganizationUpdater; | |||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestOrganizationFlags; | |||
import org.sonar.server.user.NewUserNotifier; | |||
import org.sonar.server.user.UserUpdater; | |||
import org.sonar.server.user.index.UserIndexer; | |||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||
import static com.google.common.collect.Sets.newHashSet; | |||
import static java.util.Arrays.stream; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.mockito.Mockito.mock; | |||
@@ -59,9 +54,6 @@ import static org.sonar.server.authentication.event.AuthenticationEvent.Method.B | |||
import static org.sonar.server.authentication.event.AuthenticationExceptionMatcher.authenticationException; | |||
public class UserRegistrarImplTest { | |||
private System2 system2 = new AlwaysIncreasingSystem2(); | |||
private static String USER_LOGIN = "johndoo"; | |||
private static UserIdentity USER_IDENTITY = UserIdentity.builder() | |||
@@ -87,29 +79,27 @@ public class UserRegistrarImplTest { | |||
public EsTester es = EsTester.create(); | |||
private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); | |||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | |||
private OrganizationUpdater organizationUpdater = mock(OrganizationUpdater.class); | |||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | |||
private DefaultGroupFinder groupFinder = new DefaultGroupFinder(db.getDbClient(), defaultOrganizationProvider); | |||
private UserUpdater userUpdater = new UserUpdater( | |||
system2, | |||
mock(NewUserNotifier.class), | |||
db.getDbClient(), | |||
userIndexer, | |||
organizationFlags, | |||
defaultOrganizationProvider, | |||
new DefaultGroupFinder(db.getDbClient()), | |||
groupFinder, | |||
settings.asConfig(), | |||
localAuthentication); | |||
private DefaultGroupFinder defaultGroupFinder = new DefaultGroupFinder(db.getDbClient()); | |||
private UserRegistrarImpl underTest = new UserRegistrarImpl(db.getDbClient(), userUpdater, groupFinder); | |||
private GroupDto defaultGroup; | |||
private UserRegistrarImpl underTest = new UserRegistrarImpl(db.getDbClient(), userUpdater, defaultOrganizationProvider, organizationFlags, | |||
defaultGroupFinder, new MemberUpdater(db.getDbClient(), defaultGroupFinder, userIndexer)); | |||
@Before | |||
public void setUp() { | |||
defaultGroup = insertDefaultGroup(); | |||
} | |||
@Test | |||
public void authenticate_new_user() { | |||
organizationFlags.setEnabled(true); | |||
UserDto createdUser = underTest.register(UserRegistration.builder() | |||
.setUserIdentity(USER_IDENTITY) | |||
.setProvider(IDENTITY_PROVIDER) | |||
@@ -126,14 +116,11 @@ public class UserRegistrarImplTest { | |||
assertThat(user.getExternalIdentityProvider()).isEqualTo("github"); | |||
assertThat(user.getExternalId()).isEqualTo("ABCD"); | |||
assertThat(user.isRoot()).isFalse(); | |||
checkGroupMembership(user); | |||
checkGroupMembership(user, defaultGroup); | |||
} | |||
@Test | |||
public void authenticate_new_user_with_sq_identity() { | |||
organizationFlags.setEnabled(false); | |||
GroupDto defaultGroup = insertDefaultGroup(); | |||
TestIdentityProvider sqIdentityProvider = new TestIdentityProvider() | |||
.setKey("sonarqube") | |||
.setName("sonarqube identity name") | |||
@@ -163,8 +150,6 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void authenticate_new_user_generate_login_when_no_login_provided() { | |||
organizationFlags.setEnabled(true); | |||
underTest.register(UserRegistration.builder() | |||
.setUserIdentity(UserIdentity.builder() | |||
.setProviderId("ABCD") | |||
@@ -189,22 +174,19 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void authenticate_new_user_with_groups() { | |||
organizationFlags.setEnabled(true); | |||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||
GroupDto group2 = db.users().insertGroup(db.getDefaultOrganization(), "group2"); | |||
GroupDto group1 = db.users().insertGroup("group1"); | |||
GroupDto group2 = db.users().insertGroup("group2"); | |||
UserDto loggedInUser = authenticate(USER_LOGIN, "group1", "group2", "group3"); | |||
Optional<UserDto> user = db.users().selectUserByLogin(loggedInUser.getLogin()); | |||
checkGroupMembership(user.get(), group1, group2); | |||
checkGroupMembership(user.get(), group1, group2, defaultGroup); | |||
} | |||
@Test | |||
public void authenticate_new_user_and_force_default_group_when_organizations_are_disabled() { | |||
organizationFlags.setEnabled(false); | |||
public void authenticate_new_user_and_force_default_group() { | |||
UserDto user = db.users().insertUser(); | |||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||
GroupDto defaultGroup = insertDefaultGroup(); | |||
GroupDto group1 = db.users().insertGroup("group1"); | |||
db.users().insertMember(group1, user); | |||
db.users().insertMember(defaultGroup, user); | |||
@@ -213,26 +195,8 @@ public class UserRegistrarImplTest { | |||
checkGroupMembership(user, group1, defaultGroup); | |||
} | |||
@Test | |||
public void does_not_force_default_group_when_authenticating_new_user_if_organizations_are_enabled() { | |||
organizationFlags.setEnabled(true); | |||
UserDto user = db.users().insertUser(newUserDto() | |||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | |||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | |||
); | |||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||
GroupDto defaultGroup = insertDefaultGroup(); | |||
db.users().insertMember(group1, user); | |||
db.users().insertMember(defaultGroup, user); | |||
authenticate(user.getExternalLogin(), "group1"); | |||
checkGroupMembership(user, group1); | |||
} | |||
@Test | |||
public void authenticate_new_user_sets_onboarded_flag_to_false_when_onboarding_setting_is_set_to_true() { | |||
organizationFlags.setEnabled(true); | |||
settings.setProperty(ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS.getKey(), true); | |||
UserDto user = underTest.register(UserRegistration.builder() | |||
@@ -247,7 +211,6 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void authenticate_new_user_sets_onboarded_flag_to_true_when_onboarding_setting_is_set_to_false() { | |||
organizationFlags.setEnabled(true); | |||
settings.setProperty(ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS.getKey(), false); | |||
UserDto user = underTest.register(UserRegistration.builder() | |||
@@ -262,7 +225,6 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void external_id_is_set_to_provider_login_when_null() { | |||
organizationFlags.setEnabled(true); | |||
UserIdentity newUser = UserIdentity.builder() | |||
.setProviderId(null) | |||
.setProviderLogin("johndoo") | |||
@@ -283,7 +245,6 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void authenticate_new_user_update_existing_user_email_when_strategy_is_ALLOW() { | |||
organizationFlags.setEnabled(true); | |||
UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | |||
UserIdentity newUser = UserIdentity.builder() | |||
.setProviderLogin("johndoo") | |||
@@ -306,7 +267,6 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void throw_EmailAlreadyExistException_when_authenticating_new_user_when_email_already_exists_and_strategy_is_WARN() { | |||
organizationFlags.setEnabled(true); | |||
UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | |||
UserIdentity newUser = UserIdentity.builder() | |||
.setProviderLogin("johndoo") | |||
@@ -387,7 +347,6 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void authenticate_and_update_existing_user_matching_login() { | |||
insertDefaultGroup(); | |||
db.users().insertUser(u -> u | |||
.setName("Old name") | |||
.setEmail("Old email") | |||
@@ -470,7 +429,7 @@ public class UserRegistrarImplTest { | |||
.setExistingEmailStrategy(ExistingEmailStrategy.FORBID) | |||
.build()); | |||
//no new user should be created | |||
// no new user should be created | |||
assertThat(db.countRowsOfTable(db.getSession(), "users")).isEqualTo(1); | |||
assertThat(db.getDbClient().userDao().selectByUuid(db.getSession(), user.getUuid())) | |||
.extracting(UserDto::getLogin, UserDto::getName, UserDto::getEmail, UserDto::getExternalId, UserDto::getExternalLogin, UserDto::getExternalIdentityProvider, | |||
@@ -554,7 +513,6 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void authenticate_existing_disabled_user() { | |||
organizationFlags.setEnabled(true); | |||
db.users().insertUser(u -> u | |||
.setLogin(USER_LOGIN) | |||
.setActive(false) | |||
@@ -583,7 +541,6 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void authenticate_existing_user_when_email_already_exists_and_strategy_is_ALLOW() { | |||
organizationFlags.setEnabled(true); | |||
UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | |||
UserDto currentUser = db.users().insertUser(u -> u.setExternalLogin("johndoo").setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()).setEmail(null)); | |||
@@ -610,7 +567,6 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void throw_EmailAlreadyExistException_when_authenticating_existing_user_when_email_already_exists_and_strategy_is_WARN() { | |||
organizationFlags.setEnabled(true); | |||
UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | |||
UserDto currentUser = db.users().insertUser(u -> u.setEmail(null)); | |||
UserIdentity userIdentity = UserIdentity.builder() | |||
@@ -631,7 +587,6 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void throw_AuthenticationException_when_authenticating_existing_user_when_email_already_exists_and_strategy_is_FORBID() { | |||
organizationFlags.setEnabled(true); | |||
UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | |||
UserDto currentUser = db.users().insertUser(u -> u.setEmail(null)); | |||
UserIdentity userIdentity = UserIdentity.builder() | |||
@@ -656,7 +611,6 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void does_not_fail_to_authenticate_user_when_email_has_not_changed_and_strategy_is_FORBID() { | |||
organizationFlags.setEnabled(true); | |||
UserDto currentUser = db.users().insertUser(u -> u.setEmail("john@email.com") | |||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey())); | |||
UserIdentity userIdentity = UserIdentity.builder() | |||
@@ -679,14 +633,13 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void authenticate_existing_user_and_add_new_groups() { | |||
organizationFlags.setEnabled(true); | |||
UserDto user = db.users().insertUser(newUserDto() | |||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | |||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | |||
.setActive(true) | |||
.setName("John")); | |||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||
GroupDto group2 = db.users().insertGroup(db.getDefaultOrganization(), "group2"); | |||
GroupDto group1 = db.users().insertGroup("group1"); | |||
GroupDto group2 = db.users().insertGroup("group2"); | |||
authenticate(USER_IDENTITY.getProviderLogin(), "group1", "group2", "group3"); | |||
@@ -695,14 +648,13 @@ public class UserRegistrarImplTest { | |||
@Test | |||
public void authenticate_existing_user_and_remove_groups() { | |||
organizationFlags.setEnabled(true); | |||
UserDto user = db.users().insertUser(newUserDto() | |||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | |||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | |||
.setActive(true) | |||
.setName("John")); | |||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||
GroupDto group2 = db.users().insertGroup(db.getDefaultOrganization(), "group2"); | |||
GroupDto group1 = db.users().insertGroup("group1"); | |||
GroupDto group2 = db.users().insertGroup("group2"); | |||
db.users().insertMember(group1, user); | |||
db.users().insertMember(group2, user); | |||
@@ -712,15 +664,12 @@ public class UserRegistrarImplTest { | |||
} | |||
@Test | |||
public void authenticate_existing_user_and_remove_all_groups_expect_default_when_organizations_are_disabled() { | |||
organizationFlags.setEnabled(false); | |||
public void authenticate_existing_user_and_remove_all_groups_expect_default() { | |||
UserDto user = db.users().insertUser(newUserDto() | |||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | |||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | |||
); | |||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||
GroupDto group2 = db.users().insertGroup(db.getDefaultOrganization(), "group2"); | |||
GroupDto defaultGroup = insertDefaultGroup(); | |||
.setExternalLogin(USER_IDENTITY.getProviderLogin())); | |||
GroupDto group1 = db.users().insertGroup("group1"); | |||
GroupDto group2 = db.users().insertGroup("group2"); | |||
db.users().insertMember(group1, user); | |||
db.users().insertMember(group2, user); | |||
db.users().insertMember(defaultGroup, user); | |||
@@ -730,51 +679,6 @@ public class UserRegistrarImplTest { | |||
checkGroupMembership(user, defaultGroup); | |||
} | |||
@Test | |||
public void does_not_force_default_group_when_authenticating_existing_user_when_organizations_are_enabled() { | |||
organizationFlags.setEnabled(true); | |||
UserDto user = db.users().insertUser(newUserDto() | |||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | |||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | |||
); | |||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||
GroupDto defaultGroup = insertDefaultGroup(); | |||
db.users().insertMember(group1, user); | |||
db.users().insertMember(defaultGroup, user); | |||
authenticate(user.getExternalLogin(), "group1"); | |||
checkGroupMembership(user, group1); | |||
} | |||
@Test | |||
public void ignore_groups_on_non_default_organizations() { | |||
organizationFlags.setEnabled(true); | |||
OrganizationDto org = db.organizations().insert(); | |||
UserDto user = db.users().insertUser(newUserDto() | |||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | |||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | |||
.setActive(true) | |||
.setName("John")); | |||
String groupName = "a-group"; | |||
GroupDto groupInDefaultOrg = db.users().insertGroup(db.getDefaultOrganization(), groupName); | |||
GroupDto groupInOrg = db.users().insertGroup(org, groupName); | |||
// adding a group with the same name than in non-default organization | |||
underTest.register(UserRegistration.builder() | |||
.setUserIdentity(UserIdentity.builder() | |||
.setProviderLogin("johndoo") | |||
.setName(user.getName()) | |||
.setGroups(newHashSet(groupName)) | |||
.build()) | |||
.setProvider(IDENTITY_PROVIDER) | |||
.setSource(Source.local(BASIC)) | |||
.setExistingEmailStrategy(ExistingEmailStrategy.FORBID) | |||
.build()); | |||
checkGroupMembership(user, groupInDefaultOrg); | |||
} | |||
private UserDto authenticate(String providerLogin, String... groups) { | |||
return underTest.register(UserRegistration.builder() | |||
.setUserIdentity(UserIdentity.builder() | |||
@@ -790,11 +694,11 @@ public class UserRegistrarImplTest { | |||
} | |||
private void checkGroupMembership(UserDto user, GroupDto... expectedGroups) { | |||
assertThat(db.users().selectGroupUuidsOfUser(user)).containsOnly(stream(expectedGroups).map(GroupDto::getUuid).collect(Collectors.toList()).toArray(new String[]{})); | |||
assertThat(db.users().selectGroupUuidsOfUser(user)).containsOnly(stream(expectedGroups).map(GroupDto::getUuid).collect(Collectors.toList()).toArray(new String[] {})); | |||
} | |||
private GroupDto insertDefaultGroup() { | |||
return db.users().insertDefaultGroup(db.getDefaultOrganization(), "sonar-users"); | |||
return db.users().insertDefaultGroup("sonar-users"); | |||
} | |||
} |
@@ -1,494 +0,0 @@ | |||
/* | |||
* SonarQube | |||
* Copyright (C) 2009-2020 SonarSource SA | |||
* mailto:info AT sonarsource DOT com | |||
* | |||
* This program is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.organization; | |||
import com.google.common.collect.ImmutableSet; | |||
import java.util.HashSet; | |||
import javax.annotation.Nullable; | |||
import org.assertj.core.groups.Tuple; | |||
import org.elasticsearch.action.search.SearchRequestBuilder; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.junit.rules.ExpectedException; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.alm.AlmAppInstallDto; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.permission.template.PermissionTemplateDto; | |||
import org.sonar.db.permission.template.PermissionTemplateUserDto; | |||
import org.sonar.db.property.PropertyDto; | |||
import org.sonar.db.property.PropertyQuery; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.es.EsTester; | |||
import org.sonar.server.es.SearchOptions; | |||
import org.sonar.server.user.index.UserDoc; | |||
import org.sonar.server.user.index.UserIndex; | |||
import org.sonar.server.user.index.UserIndexDefinition; | |||
import org.sonar.server.user.index.UserIndexer; | |||
import org.sonar.server.user.index.UserQuery; | |||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||
import static java.lang.String.format; | |||
import static java.util.Arrays.asList; | |||
import static java.util.Collections.singletonList; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.assertj.core.api.Assertions.tuple; | |||
import static org.elasticsearch.index.query.QueryBuilders.boolQuery; | |||
import static org.elasticsearch.index.query.QueryBuilders.termQuery; | |||
import static org.sonar.api.CoreProperties.DEFAULT_ISSUE_ASSIGNEE; | |||
import static org.sonar.api.web.UserRole.CODEVIEWER; | |||
import static org.sonar.api.web.UserRole.USER; | |||
import static org.sonar.db.alm.ALM.GITHUB; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.permission.OrganizationPermission.SCAN; | |||
import static org.sonar.server.user.index.UserIndexDefinition.FIELD_ORGANIZATION_UUIDS; | |||
import static org.sonar.server.user.index.UserIndexDefinition.FIELD_UUID; | |||
public class MemberUpdaterTest { | |||
@Rule | |||
public ExpectedException expectedException = ExpectedException.none(); | |||
@Rule | |||
public EsTester es = EsTester.create(); | |||
@Rule | |||
public DbTester db = DbTester.create(); | |||
private DbClient dbClient = db.getDbClient(); | |||
private UserIndex userIndex = new UserIndex(es.client(), System2.INSTANCE); | |||
private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | |||
private MemberUpdater underTest = new MemberUpdater(dbClient, new DefaultGroupFinder(dbClient), userIndexer); | |||
@Test | |||
public void add_member_in_db_and_user_index() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto user = db.users().insertUser(); | |||
underTest.addMember(db.getSession(), organization, user); | |||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||
assertThat(userIndex.search(UserQuery.builder().build(), new SearchOptions()).getDocs()) | |||
.extracting(UserDoc::login, UserDoc::organizationUuids) | |||
.containsExactlyInAnyOrder(tuple(user.getLogin(), singletonList(organization.getUuid()))); | |||
} | |||
@Test | |||
public void does_not_fail_to_add_member_if_user_already_added_in_organization() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto user = db.users().insertUser(); | |||
db.organizations().addMember(organization, user); | |||
db.users().insertMember(defaultGroup, user); | |||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||
underTest.addMember(db.getSession(), organization, user); | |||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||
} | |||
@Test | |||
public void add_member_fails_when_organization_has_no_default_group() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user = db.users().insertUser(); | |||
expectedException.expect(IllegalStateException.class); | |||
expectedException.expectMessage(format("Default group cannot be found on organization '%s'", organization.getUuid())); | |||
underTest.addMember(db.getSession(), organization, user); | |||
} | |||
@Test | |||
public void add_members_in_db_and_user_index() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto user1 = db.users().insertUser(); | |||
UserDto user2 = db.users().insertUser(); | |||
UserDto disableUser = db.users().insertDisabledUser(); | |||
underTest.addMembers(db.getSession(), organization, asList(user1, user2, disableUser)); | |||
db.organizations().assertUserIsMemberOfOrganization(organization, user1); | |||
db.organizations().assertUserIsMemberOfOrganization(organization, user2); | |||
assertUserIsNotMember(organization, disableUser); | |||
assertThat(userIndex.search(UserQuery.builder().build(), new SearchOptions()).getDocs()) | |||
.extracting(UserDoc::login, UserDoc::organizationUuids) | |||
.containsExactlyInAnyOrder( | |||
tuple(user1.getLogin(), singletonList(organization.getUuid())), | |||
tuple(user2.getLogin(), singletonList(organization.getUuid()))); | |||
} | |||
@Test | |||
public void add_members_does_not_fail_when_one_user_is_already_member_of_organization() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto userAlreadyMember = db.users().insertUser(); | |||
db.organizations().addMember(organization, userAlreadyMember); | |||
db.users().insertMember(defaultGroup, userAlreadyMember); | |||
UserDto userNotMember = db.users().insertUser(); | |||
userIndexer.indexOnStartup(new HashSet<>()); | |||
underTest.addMembers(db.getSession(), organization, asList(userAlreadyMember, userNotMember)); | |||
db.organizations().assertUserIsMemberOfOrganization(organization, userAlreadyMember); | |||
db.organizations().assertUserIsMemberOfOrganization(organization, userNotMember); | |||
assertThat(userIndex.search(UserQuery.builder().build(), new SearchOptions()).getDocs()) | |||
.extracting(UserDoc::login, UserDoc::organizationUuids) | |||
.containsExactlyInAnyOrder( | |||
tuple(userAlreadyMember.getLogin(), singletonList(organization.getUuid())), | |||
tuple(userNotMember.getLogin(), singletonList(organization.getUuid()))); | |||
} | |||
@Test | |||
public void remove_member_from_db_and_user_index() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto user = db.users().insertUser(); | |||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||
db.organizations().addMember(organization, user, adminUser); | |||
db.users().insertMember(defaultGroup, user); | |||
userIndexer.indexOnStartup(new HashSet<>()); | |||
underTest.removeMember(db.getSession(), organization, user); | |||
assertUserIsNotMember(organization, user); | |||
} | |||
@Test | |||
public void remove_members_from_db_and_user_index() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto user1 = db.users().insertUser(); | |||
UserDto user2 = db.users().insertUser(); | |||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||
db.organizations().addMember(organization, user1, user2, adminUser); | |||
db.users().insertMember(defaultGroup, user1); | |||
db.users().insertMember(defaultGroup, user2); | |||
db.users().insertMember(defaultGroup, adminUser); | |||
userIndexer.indexOnStartup(new HashSet<>()); | |||
underTest.removeMembers(db.getSession(), organization, asList(user1, user2)); | |||
assertUserIsNotMember(organization, user1); | |||
assertUserIsNotMember(organization, user2); | |||
db.organizations().assertUserIsMemberOfOrganization(organization, adminUser); | |||
} | |||
@Test | |||
public void remove_member_removes_permissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto user = db.users().insertUser(); | |||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||
db.organizations().addMember(organization, user, adminUser); | |||
db.users().insertMember(defaultGroup, user); | |||
UserDto anotherUser = db.users().insertUser(); | |||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||
ComponentDto anotherProject = db.components().insertPrivateProject(anotherOrganization); | |||
userIndexer.indexOnStartup(new HashSet<>()); | |||
db.users().insertPermissionOnUser(organization, user, ADMINISTER); | |||
db.users().insertPermissionOnUser(organization, user, SCAN); | |||
db.users().insertPermissionOnUser(anotherOrganization, user, ADMINISTER); | |||
db.users().insertPermissionOnUser(anotherOrganization, user, SCAN); | |||
db.users().insertPermissionOnUser(organization, anotherUser, ADMINISTER); | |||
db.users().insertPermissionOnUser(organization, anotherUser, SCAN); | |||
db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project); | |||
db.users().insertProjectPermissionOnUser(user, USER, project); | |||
db.users().insertProjectPermissionOnUser(user, CODEVIEWER, anotherProject); | |||
db.users().insertProjectPermissionOnUser(user, USER, anotherProject); | |||
db.users().insertProjectPermissionOnUser(anotherUser, CODEVIEWER, project); | |||
db.users().insertProjectPermissionOnUser(anotherUser, USER, project); | |||
underTest.removeMember(db.getSession(), organization, user); | |||
assertUserIsNotMember(organization, user); | |||
assertOrgPermissionsOfUser(user, organization); | |||
assertOrgPermissionsOfUser(user, anotherOrganization, ADMINISTER, SCAN); | |||
assertOrgPermissionsOfUser(anotherUser, organization, ADMINISTER, SCAN); | |||
assertProjectPermissionsOfUser(user, project); | |||
assertProjectPermissionsOfUser(user, anotherProject, CODEVIEWER, USER); | |||
assertProjectPermissionsOfUser(anotherUser, project, CODEVIEWER, USER); | |||
} | |||
@Test | |||
public void remove_member_removes_template_permissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto user = db.users().insertUser(); | |||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||
db.organizations().addMember(organization, user, adminUser); | |||
db.users().insertMember(defaultGroup, user); | |||
userIndexer.indexOnStartup(new HashSet<>()); | |||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||
UserDto anotherUser = db.users().insertUser(); | |||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(organization); | |||
PermissionTemplateDto anotherTemplate = db.permissionTemplates().insertTemplate(anotherOrganization); | |||
String permission = "browse"; | |||
db.permissionTemplates().addUserToTemplate(template.getUuid(), user.getUuid(), permission); | |||
db.permissionTemplates().addUserToTemplate(template.getUuid(), anotherUser.getUuid(), permission); | |||
db.permissionTemplates().addUserToTemplate(anotherTemplate.getUuid(), user.getUuid(), permission); | |||
underTest.removeMember(db.getSession(), organization, user); | |||
assertThat(dbClient.permissionTemplateDao().selectUserPermissionsByTemplateId(db.getSession(), template.getUuid())).extracting(PermissionTemplateUserDto::getUserUuid) | |||
.containsOnly(anotherUser.getUuid()); | |||
assertThat(dbClient.permissionTemplateDao().selectUserPermissionsByTemplateId(db.getSession(), anotherTemplate.getUuid())).extracting(PermissionTemplateUserDto::getUserUuid) | |||
.containsOnly(user.getUuid()); | |||
} | |||
@Test | |||
public void remove_member_removes_user_from_organization_groups() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto user = db.users().insertUser(); | |||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||
db.organizations().addMember(organization, user, adminUser); | |||
db.users().insertMember(defaultGroup, user); | |||
userIndexer.indexOnStartup(new HashSet<>()); | |||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||
UserDto anotherUser = db.users().insertUser(); | |||
GroupDto group = db.users().insertGroup(organization); | |||
GroupDto anotherGroup = db.users().insertGroup(anotherOrganization); | |||
db.users().insertMembers(group, user, anotherUser); | |||
db.users().insertMembers(anotherGroup, user, anotherUser); | |||
underTest.removeMember(db.getSession(), organization, user); | |||
assertThat(dbClient.groupMembershipDao().selectGroupUuidsByUserUuid(db.getSession(), user.getUuid())) | |||
.containsOnly(anotherGroup.getUuid()); | |||
assertThat(dbClient.groupMembershipDao().selectGroupUuidsByUserUuid(db.getSession(), anotherUser.getUuid())) | |||
.containsOnly(group.getUuid(), anotherGroup.getUuid()); | |||
} | |||
@Test | |||
public void remove_member_removes_user_from_default_organization_group() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto user = db.users().insertUser(); | |||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||
db.organizations().addMember(organization, user, adminUser); | |||
db.users().insertMember(defaultGroup, user); | |||
userIndexer.indexOnStartup(new HashSet<>()); | |||
underTest.removeMember(db.getSession(), organization, user); | |||
assertThat(dbClient.groupMembershipDao().selectGroupUuidsByUserUuid(db.getSession(), user.getUuid())).isEmpty(); | |||
} | |||
@Test | |||
public void remove_member_removes_user_from_org_properties() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto user = db.users().insertUser(); | |||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||
db.organizations().addMember(organization, user, adminUser); | |||
db.users().insertMember(defaultGroup, user); | |||
userIndexer.indexOnStartup(new HashSet<>()); | |||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||
ComponentDto anotherProject = db.components().insertPrivateProject(anotherOrganization); | |||
UserDto anotherUser = db.users().insertUser(); | |||
insertProperty("KEY_11", "VALUE", project.uuid(), user.getUuid()); | |||
insertProperty("KEY_12", "VALUE", project.uuid(), user.getUuid()); | |||
insertProperty("KEY_11", "VALUE", project.uuid(), anotherUser.getUuid()); | |||
insertProperty("KEY_11", "VALUE", anotherProject.uuid(), user.getUuid()); | |||
underTest.removeMember(db.getSession(), organization, user); | |||
assertThat(dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setComponentUuid(project.uuid()).build(), db.getSession())) | |||
.hasSize(1).extracting(PropertyDto::getUserUuid).containsOnly(anotherUser.getUuid()); | |||
assertThat(dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setComponentUuid(anotherProject.uuid()).build(), db.getSession())) | |||
.extracting(PropertyDto::getUserUuid) | |||
.hasSize(1).containsOnly(user.getUuid()); | |||
} | |||
@Test | |||
public void remove_member_removes_user_from_default_assignee_properties() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
UserDto user = db.users().insertUser(); | |||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||
db.organizations().addMember(organization, user, adminUser); | |||
db.users().insertMember(defaultGroup, user); | |||
userIndexer.indexOnStartup(new HashSet<>()); | |||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||
ComponentDto anotherProject = db.components().insertPrivateProject(anotherOrganization); | |||
UserDto anotherUser = db.users().insertUser(); | |||
insertProperty(DEFAULT_ISSUE_ASSIGNEE, user.getLogin(), project.uuid(), null); | |||
insertProperty("ANOTHER_KEY", user.getLogin(), project.uuid(), null); | |||
insertProperty(DEFAULT_ISSUE_ASSIGNEE, anotherUser.getLogin(), project.uuid(), null); | |||
insertProperty(DEFAULT_ISSUE_ASSIGNEE, user.getLogin(), anotherProject.uuid(), null); | |||
underTest.removeMember(db.getSession(), organization, user); | |||
assertThat(dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setComponentUuid(project.uuid()).build(), db.getSession())) | |||
.hasSize(2).extracting(PropertyDto::getKey, PropertyDto::getValue) | |||
.containsOnly(Tuple.tuple("ANOTHER_KEY", user.getLogin()), Tuple.tuple(DEFAULT_ISSUE_ASSIGNEE, anotherUser.getLogin())); | |||
assertThat(dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setComponentUuid(anotherProject.uuid()).build(), db.getSession())).extracting(PropertyDto::getValue) | |||
.hasSize(1).containsOnly(user.getLogin()); | |||
} | |||
@Test | |||
public void fail_to_remove_members_when_no_more_admin() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
GroupDto adminGroup = db.users().insertGroup(organization); | |||
db.users().insertPermissionOnGroup(adminGroup, ADMINISTER); | |||
UserDto user1 = db.users().insertUser(); | |||
UserDto admin1 = db.users().insertAdminByUserPermission(organization); | |||
UserDto admin2 = db.users().insertUser(); | |||
db.organizations().addMember(organization, user1, admin1, admin2); | |||
db.users().insertMember(defaultGroup, user1); | |||
db.users().insertMember(defaultGroup, admin1); | |||
db.users().insertMember(defaultGroup, admin2); | |||
db.users().insertMember(adminGroup, admin2); | |||
userIndexer.indexOnStartup(new HashSet<>()); | |||
expectedException.expect(IllegalArgumentException.class); | |||
expectedException.expectMessage("The last administrator member cannot be removed"); | |||
underTest.removeMembers(db.getSession(), organization, asList(admin1, admin2)); | |||
} | |||
@Test | |||
public void synchronize_user_organization_membership() { | |||
OrganizationDto organization1 = db.organizations().insert(); | |||
GroupDto org1defaultGroup = db.users().insertDefaultGroup(organization1, "Members"); | |||
AlmAppInstallDto gitHubInstall1 = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization1, gitHubInstall1, true); | |||
OrganizationDto organization2 = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization2, "Members"); | |||
AlmAppInstallDto gitHubInstall2 = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization2, gitHubInstall2, true); | |||
OrganizationDto organization3 = db.organizations().insert(); | |||
GroupDto org3defaultGroup = db.users().insertDefaultGroup(organization3, "Members"); | |||
AlmAppInstallDto gitHubInstall3 = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization3, gitHubInstall3, true); | |||
// User is member of organization1 and organization3, but organization3 membership will be removed and organization2 membership will be | |||
// added | |||
UserDto user = db.users().insertUser(); | |||
db.organizations().addMember(organization1, user); | |||
db.users().insertMember(org1defaultGroup, user); | |||
db.organizations().addMember(organization3, user); | |||
db.users().insertMember(org3defaultGroup, user); | |||
underTest.synchronizeUserOrganizationMembership(db.getSession(), user, GITHUB, ImmutableSet.of(gitHubInstall1.getOrganizationAlmId(), gitHubInstall2.getOrganizationAlmId())); | |||
db.organizations().assertUserIsMemberOfOrganization(organization1, user); | |||
db.organizations().assertUserIsMemberOfOrganization(organization2, user); | |||
assertUserIsNotMember(organization3, user); | |||
} | |||
@Test | |||
public void synchronize_user_organization_membership_does_not_update_es_index() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization, "Members"); | |||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||
UserDto user = db.users().insertUser(); | |||
underTest.synchronizeUserOrganizationMembership(db.getSession(), user, GITHUB, ImmutableSet.of(gitHubInstall.getOrganizationAlmId())); | |||
assertThat(userIndex.search(UserQuery.builder().build(), new SearchOptions()).getDocs()).isEmpty(); | |||
} | |||
@Test | |||
public void synchronize_user_organization_membership_ignores_organization_alm_ids_match_no_existing_organizations() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization, "Members"); | |||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||
UserDto user = db.users().insertUser(); | |||
underTest.synchronizeUserOrganizationMembership(db.getSession(), user, GITHUB, ImmutableSet.of("unknown")); | |||
// User is member of no organization | |||
assertThat(db.getDbClient().organizationMemberDao().selectOrganizationUuidsByUser(db.getSession(), user.getUuid())).isEmpty(); | |||
} | |||
@Test | |||
public void synchronize_user_organization_membership_ignores_organization_with_member_sync_disabled() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertDefaultGroup(organization, "Members"); | |||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, false); | |||
UserDto user = db.users().insertUser(); | |||
underTest.synchronizeUserOrganizationMembership(db.getSession(), user, GITHUB, ImmutableSet.of(gitHubInstall.getOrganizationAlmId())); | |||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||
} | |||
@Test | |||
public void synchronize_user_organization_membership_does_not_remove_existing_membership_on_organization_with_member_sync_disabled() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto org1defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, false); | |||
UserDto user = db.users().insertUser(); | |||
db.users().insertMember(org1defaultGroup, user); | |||
db.organizations().addMember(organization, user); | |||
// User is member of a organization on which member sync is disabled | |||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||
// The organization is not in the list, but membership should not be removed | |||
underTest.synchronizeUserOrganizationMembership(db.getSession(), user, GITHUB, ImmutableSet.of("other")); | |||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||
} | |||
private void assertUserIsNotMember(OrganizationDto organization, UserDto user) { | |||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||
SearchRequestBuilder request = es.client().prepareSearch(UserIndexDefinition.TYPE_USER) | |||
.setQuery(boolQuery() | |||
.must(termQuery(FIELD_ORGANIZATION_UUIDS, organization.getUuid())) | |||
.must(termQuery(FIELD_UUID, user.getUuid()))); | |||
assertThat(request.get().getHits().getHits()).isEmpty(); | |||
} | |||
private void assertOrgPermissionsOfUser(UserDto user, OrganizationDto organization, OrganizationPermission... permissions) { | |||
assertThat(dbClient.userPermissionDao().selectGlobalPermissionsOfUser(db.getSession(), user.getUuid(), organization.getUuid()).stream() | |||
.map(OrganizationPermission::fromKey)) | |||
.containsOnly(permissions); | |||
} | |||
private void assertProjectPermissionsOfUser(UserDto user, ComponentDto project, String... permissions) { | |||
assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(db.getSession(), user.getUuid(), project.uuid())).containsOnly(permissions); | |||
} | |||
private void insertProperty(String key, @Nullable String value, @Nullable String componentUuid, @Nullable String userUuid) { | |||
PropertyDto dto = new PropertyDto().setKey(key) | |||
.setComponentUuid(componentUuid) | |||
.setUserUuid(userUuid) | |||
.setValue(value); | |||
db.properties().insertProperty(dto); | |||
} | |||
} |
@@ -1,219 +0,0 @@ | |||
/* | |||
* SonarQube | |||
* Copyright (C) 2009-2020 SonarSource SA | |||
* mailto:info AT sonarsource DOT com | |||
* | |||
* This program is free software; you can redistribute it and/or | |||
* modify it under the terms of the GNU Lesser General Public | |||
* License as published by the Free Software Foundation; either | |||
* version 3 of the License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||
* Lesser General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Lesser General Public License | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
package org.sonar.server.organization; | |||
import java.util.ArrayList; | |||
import java.util.List; | |||
import java.util.Optional; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.junit.rules.ExpectedException; | |||
import org.mockito.ArgumentCaptor; | |||
import org.sonar.api.rule.RuleStatus; | |||
import org.sonar.core.util.SequenceUuidFactory; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.GroupPermissionDto; | |||
import org.sonar.db.permission.template.PermissionTemplateDto; | |||
import org.sonar.db.permission.template.PermissionTemplateGroupDto; | |||
import org.sonar.db.rule.RuleDefinitionDto; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.es.EsTester; | |||
import org.sonar.server.rule.index.RuleIndexer; | |||
import org.sonar.server.usergroups.DefaultGroupCreatorImpl; | |||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.assertj.core.api.Assertions.tuple; | |||
import static org.mockito.ArgumentMatchers.any; | |||
import static org.mockito.Mockito.spy; | |||
import static org.mockito.Mockito.verify; | |||
public class OrganisationSupportTest { | |||
@Rule | |||
public ExpectedException expectedException = ExpectedException.none(); | |||
@Rule | |||
public DbTester dbTester = DbTester.create(); | |||
@Rule | |||
public EsTester es = EsTester.create(); | |||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(dbTester); | |||
private OrganizationFlags organizationFlags = new OrganizationFlagsImpl(dbTester.getDbClient()); | |||
private RuleIndexer ruleIndexer = spy(new RuleIndexer(es.client(), dbTester.getDbClient())); | |||
private OrganisationSupport underTest = new OrganisationSupport(dbTester.getDbClient(), defaultOrganizationProvider, organizationFlags, | |||
new DefaultGroupCreatorImpl(dbTester.getDbClient(), new SequenceUuidFactory()), new DefaultGroupFinder(dbTester.getDbClient()), ruleIndexer, new SequenceUuidFactory()); | |||
@Test | |||
public void enabling_support_saves_internal_property_and_flags_caller_as_root() { | |||
UserDto user = dbTester.users().insertUser(); | |||
UserDto otherUser = dbTester.users().insertUser(); | |||
dbTester.users().insertDefaultGroup(dbTester.getDefaultOrganization(), "sonar-users"); | |||
verifyFeatureEnabled(false); | |||
verifyRoot(user, false); | |||
verifyRoot(otherUser, false); | |||
call(user.getLogin()); | |||
verifyFeatureEnabled(true); | |||
verifyRoot(user, true); | |||
verifyRoot(otherUser, false); | |||
} | |||
@Test | |||
public void enabling_support_creates_default_members_group_and_associate_org_members() { | |||
OrganizationDto defaultOrganization = dbTester.getDefaultOrganization(); | |||
OrganizationDto anotherOrganization = dbTester.organizations().insert(); | |||
UserDto user1 = dbTester.users().insertUser(); | |||
UserDto user2 = dbTester.users().insertUser(); | |||
UserDto userInAnotherOrganization = dbTester.users().insertUser(); | |||
dbTester.organizations().addMember(defaultOrganization, user1); | |||
dbTester.organizations().addMember(defaultOrganization, user2); | |||
dbTester.organizations().addMember(anotherOrganization, userInAnotherOrganization); | |||
dbTester.users().insertDefaultGroup(dbTester.getDefaultOrganization(), "sonar-users"); | |||
call(user1.getLogin()); | |||
Optional<String> defaultGroupUuid = dbTester.getDbClient().organizationDao().getDefaultGroupUuid(dbTester.getSession(), defaultOrganization.getUuid()); | |||
assertThat(defaultGroupUuid).isPresent(); | |||
GroupDto membersGroup = dbTester.getDbClient().groupDao().selectByUuid(dbTester.getSession(), defaultGroupUuid.get()); | |||
assertThat(membersGroup).isNotNull(); | |||
assertThat(membersGroup.getName()).isEqualTo("Members"); | |||
assertThat(dbTester.getDbClient().groupMembershipDao().selectGroupUuidsByUserUuid(dbTester.getSession(), user1.getUuid())).containsOnly(defaultGroupUuid.get()); | |||
assertThat(dbTester.getDbClient().groupMembershipDao().selectGroupUuidsByUserUuid(dbTester.getSession(), user2.getUuid())).containsOnly(defaultGroupUuid.get()); | |||
assertThat(dbTester.getDbClient().groupMembershipDao().selectGroupUuidsByUserUuid(dbTester.getSession(), userInAnotherOrganization.getUuid())).isEmpty(); | |||
} | |||
@Test | |||
public void enabling_support_copy_sonar_users_permissions_to_members_group() { | |||
OrganizationDto defaultOrganization = dbTester.getDefaultOrganization(); | |||
UserDto user = dbTester.users().insertUser(); | |||
GroupDto sonarUsersGroup = dbTester.users().insertDefaultGroup(defaultOrganization, "sonar-users"); | |||
ComponentDto project = dbTester.components().insertPrivateProject(defaultOrganization); | |||
dbTester.users().insertPermissionOnGroup(sonarUsersGroup, "user"); | |||
dbTester.users().insertProjectPermissionOnGroup(sonarUsersGroup, "codeviewer", project); | |||
// Should be ignored | |||
GroupDto anotherGroup = dbTester.users().insertGroup(); | |||
dbTester.users().insertPermissionOnGroup(anotherGroup, "admin"); | |||
call(user.getLogin()); | |||
String defaultGroupUuid = dbTester.getDbClient().organizationDao().getDefaultGroupUuid(dbTester.getSession(), defaultOrganization.getUuid()).get(); | |||
assertThat(defaultGroupUuid).isNotEqualTo(sonarUsersGroup.getUuid()); | |||
List<GroupPermissionDto> result = new ArrayList<>(); | |||
dbTester.getDbClient().groupPermissionDao().selectAllPermissionsByGroupUuid(dbTester.getSession(), defaultOrganization.getUuid(), defaultGroupUuid, | |||
context -> result.add((GroupPermissionDto) context.getResultObject())); | |||
assertThat(result).extracting(GroupPermissionDto::getComponentUuid, GroupPermissionDto::getRole).containsOnly( | |||
tuple(null, "user"), tuple(project.uuid(), "codeviewer")); | |||
} | |||
@Test | |||
public void enabling_support_copy_sonar_users_permission_templates_to_members_group() { | |||
OrganizationDto defaultOrganization = dbTester.getDefaultOrganization(); | |||
UserDto user = dbTester.users().insertUser(); | |||
GroupDto sonarUsersGroup = dbTester.users().insertDefaultGroup(defaultOrganization, "sonar-users"); | |||
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(dbTester.getDefaultOrganization()); | |||
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, sonarUsersGroup, "user"); | |||
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, sonarUsersGroup, "admin"); | |||
// Should be ignored | |||
GroupDto otherGroup = dbTester.users().insertGroup(); | |||
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, otherGroup, "user"); | |||
call(user.getLogin()); | |||
String defaultGroupUuid = dbTester.getDbClient().organizationDao().getDefaultGroupUuid(dbTester.getSession(), defaultOrganization.getUuid()).get(); | |||
assertThat(dbTester.getDbClient().permissionTemplateDao().selectAllGroupPermissionTemplatesByGroupUuid(dbTester.getSession(), defaultGroupUuid)) | |||
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getPermission) | |||
.containsOnly(tuple(defaultGroupUuid, "user"), tuple(defaultGroupUuid, "admin")); | |||
} | |||
@Test | |||
public void enabling_organizations_should_remove_template_rule_and_custom_rule() { | |||
RuleDefinitionDto normal = dbTester.rules().insert(); | |||
RuleDefinitionDto template = dbTester.rules().insert(r -> r.setIsTemplate(true)); | |||
RuleDefinitionDto custom = dbTester.rules().insert(r -> r.setTemplateUuid(template.getUuid())); | |||
UserDto user = dbTester.users().insertUser(); | |||
dbTester.users().insertDefaultGroup(dbTester.getDefaultOrganization(), "sonar-users"); | |||
assertThat(dbTester.getDbClient().ruleDao().selectAllDefinitions(dbTester.getSession())) | |||
.extracting(RuleDefinitionDto::getKey, RuleDefinitionDto::getStatus) | |||
.containsExactlyInAnyOrder( | |||
tuple(normal.getKey(), RuleStatus.READY), | |||
tuple(template.getKey(), RuleStatus.READY), | |||
tuple(custom.getKey(), RuleStatus.READY)); | |||
call(user.getLogin()); | |||
assertThat(dbTester.getDbClient().ruleDao().selectAllDefinitions(dbTester.getSession())) | |||
.extracting(RuleDefinitionDto::getKey, RuleDefinitionDto::getStatus) | |||
.containsExactlyInAnyOrder( | |||
tuple(normal.getKey(), RuleStatus.READY), | |||
tuple(template.getKey(), RuleStatus.REMOVED), | |||
tuple(custom.getKey(), RuleStatus.REMOVED)); | |||
@SuppressWarnings("unchecked") | |||
Class<ArrayList<String>> listClass = (Class<ArrayList<String>>) (Class) ArrayList.class; | |||
ArgumentCaptor<ArrayList<String>> indexedRuleKeys = ArgumentCaptor.forClass(listClass); | |||
verify(ruleIndexer).commitAndIndex(any(), indexedRuleKeys.capture()); | |||
assertThat(indexedRuleKeys.getValue()).containsExactlyInAnyOrder(template.getUuid(), custom.getUuid()); | |||
} | |||
@Test | |||
public void throw_IAE_when_members_group_already_exists() { | |||
UserDto user = dbTester.users().insertUser(); | |||
dbTester.users().insertDefaultGroup(dbTester.getDefaultOrganization(), "sonar-users"); | |||
dbTester.users().insertGroup(dbTester.getDefaultOrganization(), "Members"); | |||
expectedException.expect(IllegalArgumentException.class); | |||
expectedException.expectMessage("The group 'Members' already exist"); | |||
call(user.getLogin()); | |||
} | |||
@Test | |||
public void do_nothing_if_support_is_already_enabled() { | |||
dbTester.users().insertDefaultGroup(dbTester.getDefaultOrganization(), "sonar-users"); | |||
call("foo"); | |||
verifyFeatureEnabled(true); | |||
// the test could be improved to verify that | |||
// the caller user is not flagged as root | |||
// if he was not already root | |||
call("foo"); | |||
verifyFeatureEnabled(true); | |||
} | |||
private void call(String login) { | |||
underTest.enable(login); | |||
} | |||
private void verifyFeatureEnabled(boolean enabled) { | |||
assertThat(organizationFlags.isEnabled(dbTester.getSession())).isEqualTo(enabled); | |||
} | |||
private void verifyRoot(UserDto user, boolean root) { | |||
dbTester.rootFlag().verify(user.getLogin(), root); | |||
} | |||
} |
@@ -104,7 +104,7 @@ public class OrganizationUpdaterImplTest { | |||
private OrganizationValidation organizationValidation = mock(OrganizationValidation.class); | |||
private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | |||
private UserIndex userIndex = new UserIndex(es.client(), system2); | |||
private DefaultGroupCreator defaultGroupCreator = new DefaultGroupCreatorImpl(dbClient, uuidFactory); | |||
private DefaultGroupCreator defaultGroupCreator = new DefaultGroupCreatorImpl(dbClient, uuidFactory, TestDefaultOrganizationProvider.from(db)); | |||
private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); | |||
private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); | |||
@@ -132,17 +132,6 @@ public class OrganizationUpdaterImplTest { | |||
assertThat(organization.getUpdatedAt()).isEqualTo(A_DATE); | |||
} | |||
@Test | |||
public void create_creates_owners_group_with_all_permissions_for_new_organization_and_add_current_user_to_it() throws OrganizationUpdater.KeyConflictException { | |||
UserDto user = db.users().insertUser(); | |||
builtInQProfileRepositoryRule.initialize(); | |||
db.qualityGates().insertBuiltInQualityGate(); | |||
underTest.create(dbSession, user, FULL_POPULATED_NEW_ORGANIZATION, EMPTY_ORGANIZATION_CONSUMER); | |||
verifyGroupOwners(user, FULL_POPULATED_NEW_ORGANIZATION.getKey(), FULL_POPULATED_NEW_ORGANIZATION.getName()); | |||
} | |||
@Test | |||
public void create_creates_members_group_and_add_current_user_to_it() throws OrganizationUpdater.KeyConflictException { | |||
UserDto user = db.users().insertUser(); | |||
@@ -173,34 +162,6 @@ public class OrganizationUpdaterImplTest { | |||
assertThat(organization.getAvatarUrl()).isNull(); | |||
} | |||
@Test | |||
public void create_creates_default_template_for_new_organization() throws OrganizationUpdater.KeyConflictException { | |||
builtInQProfileRepositoryRule.initialize(); | |||
UserDto user = db.users().insertUser(); | |||
db.qualityGates().insertBuiltInQualityGate(); | |||
underTest.create(dbSession, user, FULL_POPULATED_NEW_ORGANIZATION, EMPTY_ORGANIZATION_CONSUMER); | |||
OrganizationDto organization = dbClient.organizationDao().selectByKey(dbSession, FULL_POPULATED_NEW_ORGANIZATION.getKey()).get(); | |||
GroupDto ownersGroup = dbClient.groupDao().selectByName(dbSession, organization.getUuid(), "Owners").get(); | |||
String defaultGroupUuid = dbClient.organizationDao().getDefaultGroupUuid(dbSession, organization.getUuid()).get(); | |||
PermissionTemplateDto defaultTemplate = dbClient.permissionTemplateDao().selectByName(dbSession, organization.getUuid(), "default template"); | |||
assertThat(defaultTemplate.getName()).isEqualTo("Default template"); | |||
assertThat(defaultTemplate.getDescription()).isEqualTo("Default permission template of organization " + FULL_POPULATED_NEW_ORGANIZATION.getName()); | |||
DefaultTemplates defaultTemplates = dbClient.organizationDao().getDefaultTemplates(dbSession, organization.getUuid()).get(); | |||
assertThat(defaultTemplates.getProjectUuid()).isEqualTo(defaultTemplate.getUuid()); | |||
assertThat(defaultTemplates.getApplicationsUuid()).isNull(); | |||
assertThat(dbClient.permissionTemplateDao().selectGroupPermissionsByTemplateUuid(dbSession, defaultTemplate.getUuid())) | |||
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getPermission) | |||
.containsOnly( | |||
tuple(ownersGroup.getUuid(), UserRole.ADMIN), | |||
tuple(ownersGroup.getUuid(), GlobalPermissions.SCAN_EXECUTION), | |||
tuple(defaultGroupUuid, UserRole.USER), | |||
tuple(defaultGroupUuid, UserRole.CODEVIEWER), | |||
tuple(defaultGroupUuid, UserRole.ISSUE_ADMIN), | |||
tuple(defaultGroupUuid, UserRole.SECURITYHOTSPOT_ADMIN)); | |||
} | |||
@Test | |||
public void create_add_current_user_as_member_of_organization() throws OrganizationUpdater.KeyConflictException { | |||
UserDto user = db.users().insertUser(); | |||
@@ -371,19 +332,17 @@ public class OrganizationUpdaterImplTest { | |||
underTest.updateOrganizationKey(dbSession, organization, "new_login"); | |||
} | |||
private void verifyGroupOwners(UserDto user, String organizationKey, String organizationName) { | |||
OrganizationDto organization = dbClient.organizationDao().selectByKey(dbSession, organizationKey).get(); | |||
Optional<GroupDto> groupOpt = dbClient.groupDao().selectByName(dbSession, organization.getUuid(), "Owners"); | |||
private void verifyGroupOwners(UserDto user, String organizationKey) { | |||
Optional<GroupDto> groupOpt = dbClient.groupDao().selectByName(dbSession, "Owners"); | |||
assertThat(groupOpt).isPresent(); | |||
GroupDto groupDto = groupOpt.get(); | |||
assertThat(groupDto.getDescription()).isEqualTo("Owners of organization"); | |||
assertThat(dbClient.groupPermissionDao().selectGlobalPermissionsOfGroup(dbSession, groupDto.getOrganizationUuid(), groupDto.getUuid())) | |||
assertThat(dbClient.groupPermissionDao().selectGlobalPermissionsOfGroup(dbSession, groupDto.getUuid())) | |||
.containsOnly(GlobalPermissions.ALL.toArray(new String[GlobalPermissions.ALL.size()])); | |||
List<UserMembershipDto> members = dbClient.groupMembershipDao().selectMembers( | |||
dbSession, | |||
UserMembershipQuery.builder() | |||
.organizationUuid(organization.getUuid()) | |||
.groupUuid(groupDto.getUuid()) | |||
.membership(UserMembershipQuery.IN).build(), | |||
0, Integer.MAX_VALUE); | |||
@@ -394,16 +353,15 @@ public class OrganizationUpdaterImplTest { | |||
private void verifyMembersGroup(UserDto user, String organizationKey) { | |||
OrganizationDto organization = dbClient.organizationDao().selectByKey(dbSession, organizationKey).get(); | |||
Optional<GroupDto> groupOpt = dbClient.groupDao().selectByName(dbSession, organization.getUuid(), "Members"); | |||
Optional<GroupDto> groupOpt = dbClient.groupDao().selectByName(dbSession,"Members"); | |||
assertThat(groupOpt).isPresent(); | |||
GroupDto groupDto = groupOpt.get(); | |||
assertThat(groupDto.getDescription()).isEqualTo("All members of the organization"); | |||
assertThat(dbClient.groupPermissionDao().selectGlobalPermissionsOfGroup(dbSession, groupDto.getOrganizationUuid(), groupDto.getUuid())).isEmpty(); | |||
assertThat(dbClient.groupPermissionDao().selectGlobalPermissionsOfGroup(dbSession, groupDto.getUuid())).isEmpty(); | |||
List<UserMembershipDto> members = dbClient.groupMembershipDao().selectMembers( | |||
dbSession, | |||
UserMembershipQuery.builder() | |||
.organizationUuid(organization.getUuid()) | |||
.groupUuid(groupDto.getUuid()) | |||
.membership(UserMembershipQuery.IN).build(), | |||
0, Integer.MAX_VALUE); |
@@ -31,24 +31,12 @@ public class GroupUuidOrAnyoneTest { | |||
@Rule | |||
public ExpectedException expectedException = ExpectedException.none(); | |||
@Test | |||
public void from_fails_with_NPE_if_GroupDto_organizationUuid_is_null() { | |||
GroupDto dto = new GroupDto(); | |||
expectOrganizationUuidNPE(); | |||
GroupUuidOrAnyone.from(dto); | |||
} | |||
@Test | |||
public void for_returns_isAnyone_if_id_is_null() { | |||
String organizationUuid = randomAlphabetic(10); | |||
GroupDto dto = new GroupDto(); | |||
dto.setOrganizationUuid(organizationUuid); | |||
GroupUuidOrAnyone underTest = GroupUuidOrAnyone.from(dto); | |||
assertThat(underTest.getOrganizationUuid()).isEqualTo(organizationUuid); | |||
assertThat(underTest.isAnyone()).isTrue(); | |||
assertThat(underTest.getUuid()).isNull(); | |||
} | |||
@@ -56,38 +44,21 @@ public class GroupUuidOrAnyoneTest { | |||
@Test | |||
public void for_returns_isAnyone_false_if_id_is_not_null() { | |||
String uuid = randomAlphabetic(10); | |||
String organizationUuid = randomAlphabetic(10); | |||
GroupDto dto = new GroupDto(); | |||
dto.setOrganizationUuid(organizationUuid); | |||
dto.setUuid(uuid); | |||
GroupUuidOrAnyone underTest = GroupUuidOrAnyone.from(dto); | |||
assertThat(underTest.getOrganizationUuid()).isEqualTo(organizationUuid); | |||
assertThat(underTest.isAnyone()).isFalse(); | |||
assertThat(underTest.getUuid()).isEqualTo(uuid); | |||
} | |||
@Test | |||
public void forAnyone_fails_with_NPE_if_arg_is_null() { | |||
expectOrganizationUuidNPE(); | |||
GroupUuidOrAnyone.forAnyone(null); | |||
} | |||
@Test | |||
public void forAnyone_returns_isAnyone_true() { | |||
String organizationUuid = randomAlphabetic(12); | |||
GroupUuidOrAnyone underTest = GroupUuidOrAnyone.forAnyone(organizationUuid); | |||
GroupUuidOrAnyone underTest = GroupUuidOrAnyone.forAnyone(); | |||
assertThat(underTest.isAnyone()).isTrue(); | |||
assertThat(underTest.getOrganizationUuid()).isEqualTo(organizationUuid); | |||
assertThat(underTest.getUuid()).isNull(); | |||
} | |||
private void expectOrganizationUuidNPE() { | |||
expectedException.expect(NullPointerException.class); | |||
expectedException.expectMessage("organizationUuid can't be null"); | |||
} | |||
} |
@@ -26,7 +26,6 @@ import org.sonar.server.tester.MockUserSession; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.assertj.core.api.Assertions.fail; | |||
import static org.sonar.db.organization.OrganizationTesting.newOrganizationDto; | |||
public class DoPrivilegedTest { | |||
@@ -50,7 +49,6 @@ public class DoPrivilegedTest { | |||
assertThat(catcher.userSession.isLoggedIn()).isFalse(); | |||
assertThat(catcher.userSession.hasComponentPermission("any permission", new ComponentDto())).isTrue(); | |||
assertThat(catcher.userSession.isSystemAdministrator()).isTrue(); | |||
assertThat(catcher.userSession.hasMembership(newOrganizationDto())).isTrue(); | |||
// verify session in place after task is done | |||
assertThat(threadLocalUserSession.get()).isSameAs(session); | |||
@@ -76,7 +74,6 @@ public class DoPrivilegedTest { | |||
// verify the session used inside Privileged task | |||
assertThat(catcher.userSession.isLoggedIn()).isFalse(); | |||
assertThat(catcher.userSession.hasComponentPermission("any permission", new ComponentDto())).isTrue(); | |||
assertThat(catcher.userSession.hasMembership(newOrganizationDto())).isTrue(); | |||
} | |||
} | |||
@@ -29,12 +29,9 @@ import org.sonar.api.web.UserRole; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.exceptions.ForbiddenException; | |||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestOrganizationFlags; | |||
import static com.google.common.base.Preconditions.checkState; | |||
import static java.util.Arrays.asList; | |||
@@ -54,8 +51,6 @@ public class ServerUserSessionTest { | |||
@Rule | |||
public ExpectedException expectedException = ExpectedException.none(); | |||
private DbClient dbClient = db.getDbClient(); | |||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||
private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | |||
@Test | |||
public void anonymous_is_not_logged_in_and_does_not_have_login() { | |||
@@ -137,8 +132,7 @@ public class ServerUserSessionTest { | |||
public void hasComponentUuidPermission_returns_true_when_flag_root_is_true_on_UserDto_no_matter_if_user_has_project_permission_for_given_uuid() { | |||
UserDto root = db.users().insertUser(); | |||
root = db.users().makeRoot(root); | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
ComponentDto file = db.components().insertComponent(newFileDto(project)); | |||
UserSession underTest = newUserSession(root); | |||
@@ -153,8 +147,7 @@ public class ServerUserSessionTest { | |||
public void checkComponentUuidPermission_succeeds_if_user_has_permission_for_specified_uuid_in_db() { | |||
UserDto root = db.users().insertUser(); | |||
root = db.users().makeRoot(root); | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto project = db.components().insertPrivateProject(organization); | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
ComponentDto file = db.components().insertComponent(newFileDto(project)); | |||
UserSession underTest = newUserSession(root); | |||
@@ -176,98 +169,88 @@ public class ServerUserSessionTest { | |||
} | |||
@Test | |||
public void checkPermission_throws_ForbiddenException_when_user_doesnt_have_the_specified_permission_on_organization() { | |||
OrganizationDto org = db.organizations().insert(); | |||
public void checkPermission_throws_ForbiddenException_when_user_doesnt_have_the_specified_permission() { | |||
UserDto user = db.users().insertUser(); | |||
expectInsufficientPrivilegesForbiddenException(); | |||
newUserSession(user).checkPermission(PROVISION_PROJECTS, org); | |||
newUserSession(user).checkPermission(PROVISION_PROJECTS); | |||
} | |||
@Test | |||
public void checkPermission_succeeds_when_user_has_the_specified_permission_on_organization() { | |||
OrganizationDto org = db.organizations().insert(); | |||
public void checkPermission_succeeds_when_user_has_the_specified_permission() { | |||
UserDto root = db.users().insertUser(); | |||
root = db.users().makeRoot(root); | |||
db.users().insertPermissionOnUser(org, root, PROVISIONING); | |||
db.users().insertPermissionOnUser(root, PROVISIONING); | |||
newUserSession(root).checkPermission(PROVISION_PROJECTS, org); | |||
newUserSession(root).checkPermission(PROVISION_PROJECTS); | |||
} | |||
@Test | |||
public void checkPermission_succeeds_when_user_is_root() { | |||
OrganizationDto org = db.organizations().insert(); | |||
UserDto root = db.users().insertUser(); | |||
root = db.users().makeRoot(root); | |||
newUserSession(root).checkPermission(PROVISION_PROJECTS, org); | |||
newUserSession(root).checkPermission(PROVISION_PROJECTS); | |||
} | |||
@Test | |||
public void test_hasPermission_on_organization_for_logged_in_user() { | |||
OrganizationDto org = db.organizations().insert(); | |||
ComponentDto project = db.components().insertPrivateProject(org); | |||
public void test_hasPermission_for_logged_in_user() { | |||
ComponentDto project = db.components().insertPrivateProject(); | |||
UserDto user = db.users().insertUser(); | |||
db.users().insertPermissionOnUser(org, user, PROVISION_PROJECTS); | |||
db.users().insertPermissionOnUser(user, PROVISION_PROJECTS); | |||
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project); | |||
UserSession session = newUserSession(user); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||
assertThat(session.hasPermission(ADMINISTER)).isFalse(); | |||
} | |||
@Test | |||
public void test_hasPermission_on_organization_for_anonymous_user() { | |||
OrganizationDto org = db.organizations().insert(); | |||
db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS); | |||
public void test_hasPermission_for_anonymous_user() { | |||
db.users().insertPermissionOnAnyone(PROVISION_PROJECTS); | |||
UserSession session = newAnonymousSession(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||
assertThat(session.hasPermission(ADMINISTER)).isFalse(); | |||
} | |||
@Test | |||
public void hasPermission_on_organization_keeps_cache_of_permissions_of_logged_in_user() { | |||
OrganizationDto org = db.organizations().insert(); | |||
public void hasPermission_keeps_cache_of_permissions_of_logged_in_user() { | |||
UserDto user = db.users().insertUser(); | |||
db.users().insertPermissionOnUser(org, user, PROVISIONING); | |||
db.users().insertPermissionOnUser(user, PROVISIONING); | |||
UserSession session = newUserSession(user); | |||
// feed the cache | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||
// change permissions without updating the cache | |||
db.users().deletePermissionFromUser(org, user, PROVISION_PROJECTS); | |||
db.users().insertPermissionOnUser(org, user, SCAN); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); | |||
assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse(); | |||
db.users().deletePermissionFromUser(user, PROVISION_PROJECTS); | |||
db.users().insertPermissionOnUser(user, SCAN); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||
assertThat(session.hasPermission(ADMINISTER)).isFalse(); | |||
assertThat(session.hasPermission(SCAN)).isFalse(); | |||
} | |||
@Test | |||
public void hasPermission_on_organization_keeps_cache_of_permissions_of_anonymous_user() { | |||
OrganizationDto org = db.organizations().insert(); | |||
db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS); | |||
public void hasPermission_keeps_cache_of_permissions_of_anonymous_user() { | |||
db.users().insertPermissionOnAnyone(PROVISION_PROJECTS); | |||
UserSession session = newAnonymousSession(); | |||
// feed the cache | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||
// change permissions without updating the cache | |||
db.users().insertPermissionOnAnyone(org, SCAN); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse(); | |||
db.users().insertPermissionOnAnyone(SCAN); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||
assertThat(session.hasPermission(SCAN)).isFalse(); | |||
} | |||
@Test | |||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_without_permissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
ServerUserSession underTest = newAnonymousSession(); | |||
@@ -277,8 +260,7 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_global_permissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
db.users().insertProjectPermissionOnAnyone("p1", publicProject); | |||
ServerUserSession underTest = newAnonymousSession(); | |||
@@ -289,9 +271,8 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_group_permissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
db.users().insertProjectPermissionOnGroup(db.users().insertGroup(organization), "p1", publicProject); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
db.users().insertProjectPermissionOnGroup(db.users().insertGroup(), "p1", publicProject); | |||
ServerUserSession underTest = newAnonymousSession(); | |||
@@ -301,8 +282,7 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_user_permissions() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p1", publicProject); | |||
ServerUserSession underTest = newAnonymousSession(); | |||
@@ -325,9 +305,8 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void hasComponentPermissionByDtoOrUuid_returns_false_for_authenticated_user_for_permissions_USER_and_CODEVIEWER_on_private_projects_with_group_permissions() { | |||
UserDto user = db.users().insertUser(); | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||
db.users().insertProjectPermissionOnGroup(db.users().insertGroup(organization), "p1", privateProject); | |||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||
db.users().insertProjectPermissionOnGroup(db.users().insertGroup(), "p1", privateProject); | |||
ServerUserSession underTest = newUserSession(user); | |||
@@ -349,8 +328,7 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_inserted_permissions_on_group_AnyOne_on_public_projects() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
db.users().insertProjectPermissionOnAnyone("p1", publicProject); | |||
ServerUserSession underTest = newAnonymousSession(); | |||
@@ -360,9 +338,8 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_public_projects() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
GroupDto group = db.users().insertGroup(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
GroupDto group = db.users().insertGroup(); | |||
db.users().insertProjectPermissionOnGroup(group, "p1", publicProject); | |||
ServerUserSession underTest = newAnonymousSession(); | |||
@@ -372,9 +349,8 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_private_projects() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||
GroupDto group = db.users().insertGroup(organization); | |||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||
GroupDto group = db.users().insertGroup(); | |||
db.users().insertProjectPermissionOnGroup(group, "p1", privateProject); | |||
ServerUserSession underTest = newAnonymousSession(); | |||
@@ -385,8 +361,7 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_user_on_public_projects() { | |||
UserDto user = db.users().insertUser(); | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
db.users().insertProjectPermissionOnUser(user, "p1", publicProject); | |||
ServerUserSession underTest = newAnonymousSession(); | |||
@@ -409,8 +384,7 @@ public class ServerUserSessionTest { | |||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_any_project_or_permission_for_root_user() { | |||
UserDto root = db.users().insertUser(); | |||
root = db.users().makeRoot(root); | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
ServerUserSession underTest = newUserSession(root); | |||
@@ -420,8 +394,7 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_logged_in_user() { | |||
UserDto user = db.users().insertUser(); | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, publicProject); | |||
UserSession underTest = newUserSession(user); | |||
@@ -438,8 +411,7 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_anonymous_user() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
db.users().insertProjectPermissionOnAnyone(UserRole.ADMIN, publicProject); | |||
UserSession underTest = newAnonymousSession(); | |||
@@ -463,9 +435,8 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void keepAuthorizedComponents_returns_empty_list_if_no_permissions_are_granted() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||
UserSession underTest = newAnonymousSession(); | |||
@@ -475,9 +446,8 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_logged_in_user() { | |||
UserDto user = db.users().insertUser(); | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); | |||
UserSession underTest = newUserSession(user); | |||
@@ -488,9 +458,8 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_anonymous() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||
db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject); | |||
UserSession underTest = newAnonymousSession(); | |||
@@ -503,9 +472,8 @@ public class ServerUserSessionTest { | |||
public void keepAuthorizedComponents_returns_all_specified_components_if_root() { | |||
UserDto root = db.users().insertUser(); | |||
root = db.users().makeRoot(root); | |||
OrganizationDto organization = db.organizations().insert(); | |||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||
ComponentDto publicProject = db.components().insertPublicProject(); | |||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||
UserSession underTest = newUserSession(root); | |||
@@ -528,7 +496,6 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void isSystemAdministrator_returns_true_if_org_feature_is_enabled_and_user_is_root() { | |||
organizationFlags.setEnabled(true); | |||
UserDto root = db.users().insertUser(); | |||
root = db.users().makeRoot(root); | |||
@@ -539,19 +506,7 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void isSystemAdministrator_returns_false_if_org_feature_is_enabled_and_user_is_not_root() { | |||
organizationFlags.setEnabled(true); | |||
UserDto user = db.users().insertUser(); | |||
UserSession session = newUserSession(user); | |||
assertThat(session.isSystemAdministrator()).isFalse(); | |||
} | |||
@Test | |||
public void isSystemAdministrator_returns_false_if_org_feature_is_enabled_and_user_is_administrator_of_default_organization() { | |||
organizationFlags.setEnabled(true); | |||
UserDto user = db.users().insertUser(); | |||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SYSTEM_ADMIN); | |||
UserSession session = newUserSession(user); | |||
@@ -559,10 +514,9 @@ public class ServerUserSessionTest { | |||
} | |||
@Test | |||
public void isSystemAdministrator_returns_true_if_org_feature_is_disabled_and_user_is_administrator_of_default_organization() { | |||
organizationFlags.setEnabled(false); | |||
public void isSystemAdministrator_returns_true_if_user_is_administrator() { | |||
UserDto user = db.users().insertUser(); | |||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnUser(user, SYSTEM_ADMIN); | |||
UserSession session = newUserSession(user); | |||
@@ -570,10 +524,9 @@ public class ServerUserSessionTest { | |||
} | |||
@Test | |||
public void isSystemAdministrator_returns_false_if_org_feature_is_disabled_and_user_is_not_administrator_of_default_organization() { | |||
organizationFlags.setEnabled(true); | |||
public void isSystemAdministrator_returns_false_if_user_is_not_administrator() { | |||
UserDto user = db.users().insertUser(); | |||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, PROVISIONING); | |||
db.users().insertPermissionOnUser(user, PROVISIONING); | |||
UserSession session = newUserSession(user); | |||
@@ -582,9 +535,8 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void keep_isSystemAdministrator_flag_in_cache() { | |||
organizationFlags.setEnabled(false); | |||
UserDto user = db.users().insertUser(); | |||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnUser(user, SYSTEM_ADMIN); | |||
UserSession session = newUserSession(user); | |||
@@ -599,7 +551,6 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void checkIsSystemAdministrator_succeeds_if_system_administrator() { | |||
organizationFlags.setEnabled(true); | |||
UserDto root = db.users().insertUser(); | |||
root = db.users().makeRoot(root); | |||
@@ -610,7 +561,6 @@ public class ServerUserSessionTest { | |||
@Test | |||
public void checkIsSystemAdministrator_throws_ForbiddenException_if_not_system_administrator() { | |||
organizationFlags.setEnabled(true); | |||
UserDto user = db.users().insertUser(); | |||
UserSession session = newUserSession(user); | |||
@@ -638,64 +588,8 @@ public class ServerUserSessionTest { | |||
assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", fileInBranch)).isTrue(); | |||
} | |||
@Test | |||
public void hasMembership() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto notMember = db.users().insertUser(); | |||
UserDto member = db.users().insertUser(); | |||
db.organizations().addMember(organization, member); | |||
UserDto root = db.users().makeRoot(db.users().insertUser()); | |||
assertThat(newUserSession(member).hasMembership(organization)).isTrue(); | |||
assertThat(newUserSession(notMember).hasMembership(organization)).isFalse(); | |||
assertThat(newUserSession(root).hasMembership(organization)).isTrue(); | |||
} | |||
@Test | |||
public void hasMembership_keeps_membership_in_cache() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto user = db.users().insertUser(); | |||
db.organizations().addMember(organization, user); | |||
ServerUserSession session = newUserSession(user); | |||
assertThat(session.hasMembership(organization)).isTrue(); | |||
// membership updated but not cache | |||
db.getDbClient().organizationMemberDao().delete(db.getSession(), organization.getUuid(), user.getUuid()); | |||
db.commit(); | |||
assertThat(session.hasMembership(organization)).isTrue(); | |||
} | |||
@Test | |||
public void checkMembership_throws_ForbiddenException_when_user_is_not_member_of_organization() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto notMember = db.users().insertUser(); | |||
expectedException.expect(ForbiddenException.class); | |||
expectedException.expectMessage(String.format("You're not member of organization '%s'", organization.getKey())); | |||
newUserSession(notMember).checkMembership(organization); | |||
} | |||
@Test | |||
public void checkMembership_succeeds_when_user_is_member_of_organization() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto member = db.users().insertUser(); | |||
db.organizations().addMember(organization, member); | |||
newUserSession(member).checkMembership(organization); | |||
} | |||
@Test | |||
public void checkMembership_succeeds_when_user_is_not_member_of_organization_but_root() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
UserDto root = db.users().makeRoot(db.users().insertUser()); | |||
newUserSession(root).checkMembership(organization); | |||
} | |||
private ServerUserSession newUserSession(@Nullable UserDto userDto) { | |||
return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, userDto); | |||
return new ServerUserSession(dbClient, userDto); | |||
} | |||
private ServerUserSession newAnonymousSession() { |
@@ -37,14 +37,12 @@ import org.sonar.db.DbSession; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.db.user.UserPropertyDto; | |||
import org.sonar.server.authentication.CredentialsLocalAuthentication; | |||
import org.sonar.server.authentication.CredentialsLocalAuthentication.HashMethod; | |||
import org.sonar.server.es.EsTester; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestOrganizationFlags; | |||
import org.sonar.server.user.index.UserIndexDefinition; | |||
import org.sonar.server.user.index.UserIndexer; | |||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||
@@ -68,10 +66,8 @@ public class UserUpdaterCreateTest { | |||
@Rule | |||
public ExpectedException expectedException = ExpectedException.none(); | |||
@Rule | |||
public EsTester es = EsTester.create(); | |||
@Rule | |||
public DbTester db = DbTester.create(system2); | |||
@@ -81,12 +77,11 @@ public class UserUpdaterCreateTest { | |||
private DbSession session = db.getSession(); | |||
private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | |||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | |||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||
private MapSettings settings = new MapSettings(); | |||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | |||
private UserUpdater underTest = new UserUpdater(system2, newUserNotifier, dbClient, userIndexer, organizationFlags, defaultOrganizationProvider, | |||
new DefaultGroupFinder(dbClient), settings.asConfig(), localAuthentication); | |||
private UserUpdater underTest = new UserUpdater(newUserNotifier, dbClient, userIndexer, defaultOrganizationProvider, | |||
new DefaultGroupFinder(dbClient, defaultOrganizationProvider), settings.asConfig(), localAuthentication); | |||
@Test | |||
public void create_user() { | |||
@@ -304,23 +299,6 @@ public class UserUpdaterCreateTest { | |||
assertThat(dbClient.userDao().selectByLogin(session, "user").isOnboarded()).isFalse(); | |||
} | |||
@Test | |||
public void set_notifications_readDate_setting_when_creating_user_and_organization_enabled() { | |||
long now = system2.now(); | |||
organizationFlags.setEnabled(true); | |||
createDefaultGroup(); | |||
UserDto user = underTest.createAndCommit(db.getSession(), NewUser.builder() | |||
.setLogin("userLogin") | |||
.setName("UserName") | |||
.build(), u -> { | |||
}); | |||
UserPropertyDto notificationReadDateSetting = dbClient.userPropertiesDao().selectByUser(session, user).get(0); | |||
assertThat(notificationReadDateSetting.getKey()).isEqualTo("notifications.readDate"); | |||
assertThat(Long.parseLong(notificationReadDateSetting.getValue())).isGreaterThanOrEqualTo(now); | |||
} | |||
@Test | |||
public void does_not_set_notifications_readDate_setting_when_creating_user_when_not_on_and_organization_disabled() { | |||
createDefaultGroup(); | |||
@@ -596,23 +574,6 @@ public class UserUpdaterCreateTest { | |||
assertThat(groups.get("user")).containsOnly(defaultGroup.getName()); | |||
} | |||
@Test | |||
public void does_not_associate_default_group_when_creating_user_and_organizations_are_enabled() { | |||
organizationFlags.setEnabled(true); | |||
createDefaultGroup(); | |||
underTest.createAndCommit(db.getSession(), NewUser.builder() | |||
.setLogin("user") | |||
.setName("User") | |||
.setEmail("user@mail.com") | |||
.setPassword("password") | |||
.build(), u -> { | |||
}); | |||
Multimap<String, String> groups = dbClient.groupMembershipDao().selectGroupsByLogins(session, asList("user")); | |||
assertThat(groups.get("user")).isEmpty(); | |||
} | |||
@Test | |||
public void fail_to_associate_default_group_when_default_group_does_not_exist() { | |||
expectedException.expect(IllegalStateException.class); | |||
@@ -643,23 +604,7 @@ public class UserUpdaterCreateTest { | |||
assertThat(dbClient.organizationMemberDao().select(db.getSession(), defaultOrganizationProvider.get().getUuid(), dto.getUuid())).isPresent(); | |||
} | |||
@Test | |||
public void does_not_add_user_as_member_of_default_organization_when_creating_user_and_organizations_are_enabled() { | |||
organizationFlags.setEnabled(true); | |||
createDefaultGroup(); | |||
UserDto dto = underTest.createAndCommit(db.getSession(), NewUser.builder() | |||
.setLogin("user") | |||
.setName("User") | |||
.setEmail("user@mail.com") | |||
.setPassword("PASSWORD") | |||
.build(), u -> { | |||
}); | |||
assertThat(dbClient.organizationMemberDao().select(db.getSession(), defaultOrganizationProvider.get().getUuid(), dto.getUuid())).isNotPresent(); | |||
} | |||
private GroupDto createDefaultGroup() { | |||
return db.users().insertDefaultGroup(db.getDefaultOrganization()); | |||
return db.users().insertDefaultGroup(); | |||
} | |||
} |
@@ -32,13 +32,11 @@ import org.sonar.db.DbTester; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.GroupTesting; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.db.user.UserPropertyDto; | |||
import org.sonar.server.authentication.CredentialsLocalAuthentication; | |||
import org.sonar.server.authentication.CredentialsLocalAuthentication.HashMethod; | |||
import org.sonar.server.es.EsTester; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestOrganizationFlags; | |||
import org.sonar.server.user.index.UserIndexer; | |||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||
@@ -54,10 +52,8 @@ public class UserUpdaterReactivateTest { | |||
@Rule | |||
public ExpectedException expectedException = ExpectedException.none(); | |||
@Rule | |||
public EsTester es = EsTester.create(); | |||
@Rule | |||
public DbTester db = DbTester.create(system2); | |||
@@ -66,11 +62,11 @@ public class UserUpdaterReactivateTest { | |||
private DbSession session = db.getSession(); | |||
private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | |||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | |||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||
private MapSettings settings = new MapSettings(); | |||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | |||
private UserUpdater underTest = new UserUpdater(system2, newUserNotifier, dbClient, userIndexer, organizationFlags, defaultOrganizationProvider, | |||
new DefaultGroupFinder(dbClient), settings.asConfig(), localAuthentication); | |||
private UserUpdater underTest = new UserUpdater(newUserNotifier, dbClient, userIndexer, defaultOrganizationProvider, | |||
new DefaultGroupFinder(dbClient, defaultOrganizationProvider), | |||
settings.asConfig(), localAuthentication); | |||
@Test | |||
public void reactivate_user() { | |||
@@ -220,10 +216,9 @@ public class UserUpdaterReactivateTest { | |||
} | |||
@Test | |||
public void associate_default_groups_when_reactivating_user_and_organizations_are_disabled() { | |||
public void associate_default_groups_when_reactivating_user() { | |||
UserDto userDto = db.users().insertDisabledUser(); | |||
db.organizations().insertForUuid("org1"); | |||
GroupDto groupDto = db.users().insertGroup(GroupTesting.newGroupDto().setName("sonar-devs").setOrganizationUuid("org1")); | |||
GroupDto groupDto = db.users().insertGroup(GroupTesting.newGroupDto().setName("sonar-devs")); | |||
db.users().insertMember(groupDto, userDto); | |||
GroupDto defaultGroup = createDefaultGroup(); | |||
@@ -238,49 +233,6 @@ public class UserUpdaterReactivateTest { | |||
assertThat(groups.get(userDto.getLogin()).stream().anyMatch(g -> g.equals(defaultGroup.getName()))).isTrue(); | |||
} | |||
@Test | |||
public void does_not_associate_default_groups_when_reactivating_user_and_organizations_are_enabled() { | |||
organizationFlags.setEnabled(true); | |||
UserDto userDto = db.users().insertDisabledUser(); | |||
db.organizations().insertForUuid("org1"); | |||
GroupDto groupDto = db.users().insertGroup(GroupTesting.newGroupDto().setName("sonar-devs").setOrganizationUuid("org1")); | |||
db.users().insertMember(groupDto, userDto); | |||
GroupDto defaultGroup = createDefaultGroup(); | |||
underTest.reactivateAndCommit(db.getSession(), userDto, NewUser.builder() | |||
.setLogin(userDto.getLogin()) | |||
.setName(userDto.getName()) | |||
.build(), u -> { | |||
}); | |||
session.commit(); | |||
Multimap<String, String> groups = dbClient.groupMembershipDao().selectGroupsByLogins(session, singletonList(userDto.getLogin())); | |||
assertThat(groups.get(userDto.getLogin()).stream().anyMatch(g -> g.equals(defaultGroup.getName()))).isFalse(); | |||
} | |||
@Test | |||
public void add_user_as_member_of_default_organization_when_reactivating_user_and_organizations_are_disabled() { | |||
UserDto user = db.users().insertDisabledUser(); | |||
createDefaultGroup(); | |||
UserDto dto = underTest.reactivateAndCommit(db.getSession(), user, NewUser.builder().setLogin(user.getLogin()).setName(user.getName()).build(), u -> { | |||
}); | |||
assertThat(dbClient.organizationMemberDao().select(db.getSession(), defaultOrganizationProvider.get().getUuid(), dto.getUuid())).isPresent(); | |||
} | |||
@Test | |||
public void does_not_add_user_as_member_of_default_organization_when_reactivating_user_and_organizations_are_enabled() { | |||
organizationFlags.setEnabled(true); | |||
UserDto user = db.users().insertDisabledUser(); | |||
createDefaultGroup(); | |||
UserDto dto = underTest.reactivateAndCommit(db.getSession(), user, NewUser.builder().setLogin(user.getLogin()).setName(user.getName()).build(), u -> { | |||
}); | |||
assertThat(dbClient.organizationMemberDao().select(db.getSession(), defaultOrganizationProvider.get().getUuid(), dto.getUuid())).isNotPresent(); | |||
} | |||
@Test | |||
public void reactivate_not_onboarded_user_if_onboarding_setting_is_set_to_false() { | |||
settings.setProperty(ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS.getKey(), false); | |||
@@ -312,25 +264,7 @@ public class UserUpdaterReactivateTest { | |||
} | |||
@Test | |||
public void set_notifications_readDate_setting_when_reactivating_user_on_sonar_cloud() { | |||
long now = system2.now(); | |||
organizationFlags.setEnabled(true); | |||
createDefaultGroup(); | |||
UserDto user = db.users().insertDisabledUser(); | |||
underTest.reactivateAndCommit(db.getSession(), user, NewUser.builder() | |||
.setLogin(user.getLogin()) | |||
.setName(user.getName()) | |||
.build(), u -> { | |||
}); | |||
UserPropertyDto notificationReadDateSetting = dbClient.userPropertiesDao().selectByUser(session, user).get(0); | |||
assertThat(notificationReadDateSetting.getKey()).isEqualTo("notifications.readDate"); | |||
assertThat(Long.parseLong(notificationReadDateSetting.getValue())).isGreaterThanOrEqualTo(now); | |||
} | |||
@Test | |||
public void does_not_set_notifications_readDate_setting_when_reactivating_user_when_not_on_sonar_cloud() { | |||
public void does_not_set_notifications_readDate_setting_when_reactivating_user() { | |||
createDefaultGroup(); | |||
UserDto user = db.users().insertDisabledUser(); | |||
@@ -380,7 +314,7 @@ public class UserUpdaterReactivateTest { | |||
} | |||
private GroupDto createDefaultGroup() { | |||
return db.users().insertDefaultGroup(db.getDefaultOrganization()); | |||
return db.users().insertDefaultGroup(); | |||
} | |||
} |
@@ -41,7 +41,6 @@ import org.sonar.server.es.EsTester; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestOrganizationFlags; | |||
import org.sonar.server.user.index.UserIndexDefinition; | |||
import org.sonar.server.user.index.UserIndexer; | |||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||
@@ -65,10 +64,8 @@ public class UserUpdaterUpdateTest { | |||
@Rule | |||
public ExpectedException expectedException = ExpectedException.none(); | |||
@Rule | |||
public EsTester es = EsTester.create(); | |||
@Rule | |||
public DbTester db = DbTester.create(system2); | |||
@@ -77,11 +74,10 @@ public class UserUpdaterUpdateTest { | |||
private DbSession session = db.getSession(); | |||
private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | |||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | |||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||
private MapSettings settings = new MapSettings(); | |||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | |||
private UserUpdater underTest = new UserUpdater(system2, newUserNotifier, dbClient, userIndexer, organizationFlags, defaultOrganizationProvider, | |||
new DefaultGroupFinder(dbClient), settings.asConfig(), localAuthentication); | |||
private UserUpdater underTest = new UserUpdater(newUserNotifier, dbClient, userIndexer, defaultOrganizationProvider, | |||
new DefaultGroupFinder(dbClient, defaultOrganizationProvider), settings.asConfig(), localAuthentication); | |||
@Test | |||
public void update_user() { | |||
@@ -200,7 +196,7 @@ public class UserUpdaterUpdateTest { | |||
underTest.updateAndCommit(session, user, new UpdateUser() | |||
.setLogin("new_login"), u -> { | |||
}); | |||
}); | |||
assertThat(dbClient.userDao().selectByLogin(session, DEFAULT_LOGIN)).isNull(); | |||
UserDto userReloaded = dbClient.userDao().selectByUuid(session, user.getUuid()); | |||
@@ -629,7 +625,7 @@ public class UserUpdaterUpdateTest { | |||
} | |||
private GroupDto createDefaultGroup() { | |||
return db.users().insertDefaultGroup(db.getDefaultOrganization()); | |||
return db.users().insertDefaultGroup(); | |||
} | |||
} |
@@ -28,6 +28,7 @@ import org.sonar.db.DbTester; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.template.PermissionTemplateDto; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
@@ -39,15 +40,13 @@ public class DefaultGroupCreatorImplTest { | |||
@Rule | |||
public DbTester db = DbTester.create(); | |||
private DefaultGroupCreator underTest = new DefaultGroupCreatorImpl(db.getDbClient(), new SequenceUuidFactory()); | |||
private DefaultGroupCreator underTest = new DefaultGroupCreatorImpl(db.getDbClient(), new SequenceUuidFactory(), TestDefaultOrganizationProvider.from(db)); | |||
@Test | |||
public void create_default_group() { | |||
OrganizationDto organizationDto = db.organizations().insert(); | |||
underTest.create(db.getSession(), organizationDto.getUuid()); | |||
underTest.create(db.getSession()); | |||
Optional<String> defaultGroupUuid = db.getDbClient().organizationDao().getDefaultGroupUuid(db.getSession(), organizationDto.getUuid()); | |||
Optional<String> defaultGroupUuid = db.getDbClient().organizationDao().getDefaultGroupUuid(db.getSession(), db.getDefaultOrganization().getUuid()); | |||
assertThat(defaultGroupUuid).isPresent(); | |||
assertThat(db.getDbClient().groupDao().selectByUuid(db.getSession(), defaultGroupUuid.get())) | |||
.extracting(GroupDto::getName, GroupDto::getDescription) | |||
@@ -58,13 +57,13 @@ public class DefaultGroupCreatorImplTest { | |||
public void fail_with_IAE_when_default_group_already_exist() { | |||
OrganizationDto organizationDto = db.organizations().insert(); | |||
PermissionTemplateDto permissionTemplate = db.permissionTemplates().insertTemplate(); | |||
db.organizations().setDefaultTemplates(organizationDto, permissionTemplate.getUuid(), null, null); | |||
db.users().insertGroup(organizationDto, "Members"); | |||
db.organizations().setDefaultTemplates(permissionTemplate.getUuid(), null, null); | |||
db.users().insertGroup("Members"); | |||
expectedException.expect(IllegalArgumentException.class); | |||
expectedException.expectMessage(String.format("The group '%s' already exist on organization '%s'", "Members", organizationDto.getUuid())); | |||
expectedException.expectMessage(String.format("The group '%s' already exists", "Members")); | |||
underTest.create(db.getSession(), organizationDto.getUuid()); | |||
underTest.create(db.getSession()); | |||
} | |||
} |
@@ -23,8 +23,8 @@ import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.junit.rules.ExpectedException; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||
import static java.lang.String.format; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
@@ -37,39 +37,36 @@ public class DefaultGroupFinderTest { | |||
@Rule | |||
public DbTester db = DbTester.create(); | |||
private DefaultGroupFinder underTest = new DefaultGroupFinder(db.getDbClient()); | |||
private DefaultGroupFinder underTest = new DefaultGroupFinder(db.getDbClient(), TestDefaultOrganizationProvider.from(db)); | |||
@Test | |||
public void find_default_group() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "default"); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup("default"); | |||
GroupDto result = underTest.findDefaultGroup(db.getSession(), organization.getUuid()); | |||
GroupDto result = underTest.findDefaultGroup(db.getSession()); | |||
assertThat(result.getUuid()).isEqualTo(defaultGroup.getUuid()); | |||
assertThat(result.getName()).isEqualTo("default"); | |||
} | |||
@Test | |||
public void fail_with_ISE_when_no_default_group_on_org() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
db.users().insertGroup(organization); | |||
public void fail_with_ISE_when_no_default_group() { | |||
db.users().insertGroup(); | |||
expectedException.expect(IllegalStateException.class); | |||
expectedException.expectMessage(format("Default group cannot be found on organization '%s'", organization.getUuid())); | |||
expectedException.expectMessage(format("Default group cannot be found")); | |||
underTest.findDefaultGroup(db.getSession(), organization.getUuid()); | |||
underTest.findDefaultGroup(db.getSession()); | |||
} | |||
@Test | |||
public void fail_with_NPE_when_default_group_does_not_exist() { | |||
OrganizationDto organization = db.organizations().insert(); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "default"); | |||
GroupDto defaultGroup = db.users().insertDefaultGroup("default"); | |||
db.getDbClient().groupDao().deleteByUuid(db.getSession(), defaultGroup.getUuid()); | |||
expectedException.expect(NullPointerException.class); | |||
expectedException.expectMessage(format("Group '%s' cannot be found", defaultGroup.getUuid())); | |||
underTest.findDefaultGroup(db.getSession(), organization.getUuid()); | |||
underTest.findDefaultGroup(db.getSession()); | |||
} | |||
} |
@@ -29,7 +29,6 @@ import java.util.Optional; | |||
import java.util.Set; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.project.ProjectDto; | |||
import org.sonar.server.user.AbstractUserSession; | |||
@@ -41,24 +40,23 @@ public abstract class AbstractMockUserSession<T extends AbstractMockUserSession> | |||
private final Class<T> clazz; | |||
private HashMultimap<String, String> projectUuidByPermission = HashMultimap.create(); | |||
private final HashMultimap<String, OrganizationPermission> permissionsByOrganizationUuid = HashMultimap.create(); | |||
private final Set<OrganizationPermission> permissions = new HashSet<>(); | |||
private Map<String, String> projectUuidByComponentUuid = new HashMap<>(); | |||
private Set<String> projectPermissions = new HashSet<>(); | |||
private Set<String> organizationMembership = new HashSet<>(); | |||
private boolean systemAdministrator = false; | |||
protected AbstractMockUserSession(Class<T> clazz) { | |||
this.clazz = clazz; | |||
} | |||
public T addPermission(OrganizationPermission permission, String organizationUuid) { | |||
permissionsByOrganizationUuid.put(organizationUuid, permission); | |||
public T addPermission(OrganizationPermission permission) { | |||
permissions.add(permission); | |||
return clazz.cast(this); | |||
} | |||
@Override | |||
protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { | |||
return permissionsByOrganizationUuid.get(organizationUuid).contains(permission); | |||
protected boolean hasPermissionImpl(OrganizationPermission permission) { | |||
return permissions.contains(permission); | |||
} | |||
/** | |||
@@ -139,13 +137,4 @@ public abstract class AbstractMockUserSession<T extends AbstractMockUserSession> | |||
return isRoot() || systemAdministrator; | |||
} | |||
@Override | |||
protected boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||
return organizationMembership.contains(organizationDto.getUuid()); | |||
} | |||
public void addOrganizationMembership(OrganizationDto organization) { | |||
this.organizationMembership.add(organization.getUuid()); | |||
} | |||
} |
@@ -22,7 +22,6 @@ package org.sonar.server.tester; | |||
import java.util.Collection; | |||
import java.util.Collections; | |||
import java.util.Optional; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.user.GroupDto; | |||
public class AnonymousMockUserSession extends AbstractMockUserSession<AnonymousMockUserSession> { | |||
@@ -69,9 +68,4 @@ public class AnonymousMockUserSession extends AbstractMockUserSession<AnonymousM | |||
public Optional<ExternalIdentity> getExternalIdentity() { | |||
return Optional.empty(); | |||
} | |||
@Override | |||
public boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||
return false; | |||
} | |||
} |
@@ -29,7 +29,6 @@ import org.junit.rules.TestRule; | |||
import org.junit.runner.Description; | |||
import org.junit.runners.model.Statement; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.project.ProjectDto; | |||
import org.sonar.db.user.GroupDto; | |||
@@ -198,13 +197,8 @@ public class UserSessionRule implements TestRule, UserSession { | |||
return this; | |||
} | |||
public UserSessionRule addPermission(OrganizationPermission permission, String organizationUuid) { | |||
ensureAbstractMockUserSession().addPermission(permission, organizationUuid); | |||
return this; | |||
} | |||
public UserSessionRule addPermission(OrganizationPermission permission, OrganizationDto organization) { | |||
ensureAbstractMockUserSession().addPermission(permission, organization.getUuid()); | |||
public UserSessionRule addPermission(OrganizationPermission permission) { | |||
ensureAbstractMockUserSession().addPermission(permission); | |||
return this; | |||
} | |||
@@ -316,24 +310,13 @@ public class UserSessionRule implements TestRule, UserSession { | |||
} | |||
@Override | |||
public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { | |||
return currentUserSession.hasPermission(permission, organization); | |||
} | |||
@Override | |||
public boolean hasPermission(OrganizationPermission permission, String organizationUuid) { | |||
return currentUserSession.hasPermission(permission, organizationUuid); | |||
} | |||
@Override | |||
public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { | |||
currentUserSession.checkPermission(permission, organization); | |||
return this; | |||
public boolean hasPermission(OrganizationPermission permission) { | |||
return currentUserSession.hasPermission(permission); | |||
} | |||
@Override | |||
public UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { | |||
currentUserSession.checkPermission(permission, organizationUuid); | |||
public UserSession checkPermission(OrganizationPermission permission) { | |||
currentUserSession.checkPermission(permission); | |||
return this; | |||
} | |||
@@ -365,20 +348,4 @@ public class UserSessionRule implements TestRule, UserSession { | |||
currentUserSession.checkIsSystemAdministrator(); | |||
return this; | |||
} | |||
@Override | |||
public boolean hasMembership(OrganizationDto organization) { | |||
return currentUserSession.hasMembership(organization); | |||
} | |||
@Override | |||
public UserSession checkMembership(OrganizationDto organization) { | |||
currentUserSession.checkMembership(organization); | |||
return this; | |||
} | |||
public UserSessionRule addMembership(OrganizationDto organization) { | |||
ensureAbstractMockUserSession().addOrganizationMembership(organization); | |||
return this; | |||
} | |||
} |
@@ -22,7 +22,6 @@ package org.sonar.server.user; | |||
import java.util.Collection; | |||
import java.util.Optional; | |||
import javax.annotation.Nullable; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
@@ -103,7 +102,7 @@ public class TestUserSessionFactory implements UserSessionFactory { | |||
} | |||
@Override | |||
protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { | |||
protected boolean hasPermissionImpl(OrganizationPermission permission) { | |||
throw notImplemented(); | |||
} | |||
@@ -122,11 +121,6 @@ public class TestUserSessionFactory implements UserSessionFactory { | |||
throw notImplemented(); | |||
} | |||
@Override | |||
public boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||
throw notImplemented(); | |||
} | |||
private static RuntimeException notImplemented() { | |||
return new UnsupportedOperationException("not implemented"); | |||
} |
@@ -58,7 +58,7 @@ public class RegisterPermissionTemplates implements Startable { | |||
String defaultOrganizationUuid = defaultOrganizationProvider.get().getUuid(); | |||
Optional<DefaultTemplates> defaultTemplates = dbClient.organizationDao().getDefaultTemplates(dbSession, defaultOrganizationUuid); | |||
if (!defaultTemplates.isPresent()) { | |||
PermissionTemplateDto defaultTemplate = getOrInsertDefaultTemplate(dbSession, defaultOrganizationUuid); | |||
PermissionTemplateDto defaultTemplate = getOrInsertDefaultTemplate(dbSession); | |||
dbClient.organizationDao().setDefaultTemplates(dbSession, defaultOrganizationUuid, new DefaultTemplates().setProjectUuid(defaultTemplate.getUuid())); | |||
dbSession.commit(); | |||
} | |||
@@ -72,14 +72,14 @@ public class RegisterPermissionTemplates implements Startable { | |||
// nothing to do | |||
} | |||
private PermissionTemplateDto getOrInsertDefaultTemplate(DbSession dbSession, String defaultOrganizationUuid) { | |||
private PermissionTemplateDto getOrInsertDefaultTemplate(DbSession dbSession) { | |||
PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().selectByUuid(dbSession, DEFAULT_TEMPLATE_UUID); | |||
if (permissionTemplateDto != null) { | |||
return permissionTemplateDto; | |||
} | |||
PermissionTemplateDto template = new PermissionTemplateDto() | |||
.setOrganizationUuid(defaultOrganizationUuid) | |||
.setOrganizationUuid(defaultOrganizationProvider.get().getUuid()) | |||
.setName("Default template") | |||
.setUuid(DEFAULT_TEMPLATE_UUID) | |||
.setDescription("This permission template will be used as default when no other permission configuration is available") | |||
@@ -98,7 +98,7 @@ public class RegisterPermissionTemplates implements Startable { | |||
} | |||
private void insertPermissionForAdministrators(DbSession dbSession, PermissionTemplateDto template) { | |||
Optional<GroupDto> admins = dbClient.groupDao().selectByName(dbSession, template.getOrganizationUuid(), DefaultGroups.ADMINISTRATORS); | |||
Optional<GroupDto> admins = dbClient.groupDao().selectByName(dbSession, DefaultGroups.ADMINISTRATORS); | |||
if (admins.isPresent()) { | |||
insertGroupPermission(dbSession, template, UserRole.ADMIN, admins.get()); | |||
insertGroupPermission(dbSession, template, OrganizationPermission.APPLICATION_CREATOR.getKey(), admins.get()); | |||
@@ -109,11 +109,10 @@ public class RegisterPermissionTemplates implements Startable { | |||
} | |||
private void insertPermissionsForDefaultGroup(DbSession dbSession, PermissionTemplateDto template) { | |||
String organizationUuid = template.getOrganizationUuid(); | |||
String defaultGroupUuid = dbClient.organizationDao().getDefaultGroupUuid(dbSession, organizationUuid) | |||
.orElseThrow(() -> new IllegalStateException(format("Default group for organization %s is not defined", organizationUuid))); | |||
String defaultGroupUuid = dbClient.organizationDao().getDefaultGroupUuid(dbSession, defaultOrganizationProvider.get().getUuid()) | |||
.orElseThrow(() -> new IllegalStateException("Default group is not defined")); | |||
GroupDto defaultGroup = Optional.ofNullable(dbClient.groupDao().selectByUuid(dbSession, defaultGroupUuid)) | |||
.orElseThrow(() -> new IllegalStateException(format("Default group with id %s for organization %s doesn't exist", defaultGroupUuid, organizationUuid))); | |||
.orElseThrow(() -> new IllegalStateException(format("Default group with id %s doesn't exist", defaultGroupUuid))); | |||
insertGroupPermission(dbSession, template, UserRole.USER, defaultGroup); | |||
insertGroupPermission(dbSession, template, UserRole.CODEVIEWER, defaultGroup); | |||
insertGroupPermission(dbSession, template, UserRole.ISSUE_ADMIN, defaultGroup); |
@@ -64,7 +64,7 @@ public class RegisterPermissionTemplatesTest { | |||
@Test | |||
public void fail_with_ISE_if_default_template_must_be_created_and_no_default_group_is_defined() { | |||
expectedException.expect(IllegalStateException.class); | |||
expectedException.expectMessage("Default group for organization " + db.getDefaultOrganization().getUuid() + " is not defined"); | |||
expectedException.expectMessage("Default group is not defined"); | |||
underTest.start(); | |||
} | |||
@@ -74,7 +74,7 @@ public class RegisterPermissionTemplatesTest { | |||
setDefaultGroup(new GroupDto().setUuid("22")); | |||
expectedException.expect(IllegalStateException.class); | |||
expectedException.expectMessage("Default group with id 22 for organization " + db.getDefaultOrganization().getUuid() + " doesn't exist"); | |||
expectedException.expectMessage("Default group with id 22 doesn't exist"); | |||
underTest.start(); | |||
} | |||
@@ -82,7 +82,7 @@ public class RegisterPermissionTemplatesTest { | |||
@Test | |||
public void insert_default_permission_template_if_fresh_install_without_governance() { | |||
GroupDto defaultGroup = createAndSetDefaultGroup(); | |||
db.users().insertGroup(db.getDefaultOrganization(), DefaultGroups.ADMINISTRATORS); | |||
db.users().insertGroup(DefaultGroups.ADMINISTRATORS); | |||
when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(false); | |||
when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(false); | |||
@@ -109,7 +109,7 @@ public class RegisterPermissionTemplatesTest { | |||
@Test | |||
public void insert_default_permission_template_if_fresh_install_with_governance() { | |||
GroupDto defaultGroup = createAndSetDefaultGroup(); | |||
db.users().insertGroup(db.getDefaultOrganization(), DefaultGroups.ADMINISTRATORS); | |||
db.users().insertGroup(DefaultGroups.ADMINISTRATORS); | |||
when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(true); | |||
when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(true); | |||
@@ -168,8 +168,8 @@ public class RegisterPermissionTemplatesTest { | |||
@Test | |||
public void do_not_fail_if_default_template_exists_and_is_registered() { | |||
PermissionTemplateDto projectTemplate = db.permissionTemplates().insertTemplate(newPermissionTemplateDto() | |||
.setOrganizationUuid(db.getDefaultOrganization().getUuid()) | |||
.setUuid(DEFAULT_TEMPLATE_UUID)); | |||
.setOrganizationUuid(db.getDefaultOrganization().getUuid()) | |||
.setUuid(DEFAULT_TEMPLATE_UUID)); | |||
db.organizations().setDefaultTemplates(projectTemplate, null, null); | |||
underTest.start(); | |||
@@ -189,7 +189,7 @@ public class RegisterPermissionTemplatesTest { | |||
String expectedGroupName) { | |||
assertThat( | |||
groupPermissions.stream().anyMatch(gp -> gp.getPermission().equals(expectedPermission) && Objects.equals(gp.getGroupName(), expectedGroupName))) | |||
.isTrue(); | |||
.isTrue(); | |||
} | |||
private void verifyDefaultTemplates() { | |||
@@ -205,7 +205,7 @@ public class RegisterPermissionTemplatesTest { | |||
} | |||
private GroupDto createAndSetDefaultGroup() { | |||
GroupDto res = db.users().insertGroup(db.getDefaultOrganization()); | |||
GroupDto res = db.users().insertGroup(); | |||
setDefaultGroup(res); | |||
return res; | |||
} |
@@ -87,7 +87,7 @@ public class PermissionIndexerDaoTest { | |||
application = componentDbTester.insertPublicApplication(organization); | |||
user1 = userDbTester.insertUser(); | |||
user2 = userDbTester.insertUser(); | |||
group = userDbTester.insertGroup(organization); | |||
group = userDbTester.insertGroup(); | |||
} | |||
@Test | |||
@@ -174,7 +174,6 @@ public class PermissionIndexerDaoTest { | |||
projectUuids.add(project.uuid()); | |||
GroupPermissionDto dto = new GroupPermissionDto() | |||
.setUuid(Uuids.createFast()) | |||
.setOrganizationUuid(group.getOrganizationUuid()) | |||
.setGroupUuid(group.getUuid()) | |||
.setRole(USER) | |||
.setComponentUuid(project.uuid()); |
@@ -62,7 +62,7 @@ public class ProjectDataLoader { | |||
ComponentDto project = componentFinder.getByKey(session, projectKey); | |||
checkRequest(project.isRootProject(), "Key '%s' belongs to a component which is not a Project", projectKey); | |||
boolean hasScanPerm = userSession.hasComponentPermission(UserRole.SCAN, project) || | |||
userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid()); | |||
userSession.hasPermission(OrganizationPermission.SCAN); | |||
checkPermission(hasScanPerm); | |||
ComponentDto branchOrMainModule = (branch == null && pullRequest == null) ? project | |||
: componentFinder.getByKeyAndOptionalBranchOrPullRequest(session, projectKey, branch, pullRequest); |
@@ -127,7 +127,7 @@ public class ListAction implements PullRequestWsAction { | |||
private void checkPermission(ProjectDto project) { | |||
if (userSession.hasProjectPermission(USER, project) || | |||
userSession.hasProjectPermission(UserRole.SCAN, project) || | |||
userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid())) { | |||
userSession.hasPermission(OrganizationPermission.SCAN)) { | |||
return; | |||
} | |||
throw insufficientPrivilegesException(); |
@@ -138,7 +138,7 @@ public class ListAction implements BranchWsAction { | |||
private void checkPermission(ProjectDto project) { | |||
if (!userSession.hasProjectPermission(USER, project) && | |||
!userSession.hasProjectPermission(UserRole.SCAN, project) && | |||
!userSession.hasPermission(SCAN, project.getOrganizationUuid())) { | |||
!userSession.hasPermission(SCAN)) { | |||
throw insufficientPrivilegesException(); | |||
} | |||
} |
@@ -129,7 +129,7 @@ public class ReportSubmitter { | |||
// they don't have the direct permission on the project. | |||
// That means that dropping the permission on the project does not have any effects | |||
// if user has still the permission on the organization | |||
if (!userSession.hasComponentPermission(UserRole.SCAN, project) && !userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid())) { | |||
if (!userSession.hasComponentPermission(UserRole.SCAN, project) && !userSession.hasPermission(OrganizationPermission.SCAN)) { | |||
throw insufficientPrivilegesException(); | |||
} | |||
} | |||
@@ -164,11 +164,11 @@ public class ReportSubmitter { | |||
} | |||
private ComponentDto createProject(DbSession dbSession, OrganizationDto organization, BranchSupport.ComponentKey componentKey, @Nullable String projectName) { | |||
userSession.checkPermission(OrganizationPermission.PROVISION_PROJECTS, organization); | |||
userSession.checkPermission(OrganizationPermission.PROVISION_PROJECTS); | |||
String userUuid = userSession.getUuid(); | |||
boolean wouldCurrentUserHaveScanPermission = permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate( | |||
dbSession, organization.getUuid(), userUuid, componentKey.getDbKey()); | |||
dbSession, userUuid, componentKey.getDbKey()); | |||
if (!wouldCurrentUserHaveScanPermission) { | |||
throw insufficientPrivilegesException(); | |||
} |