import javax.annotation.CheckForNull; | import javax.annotation.CheckForNull; | ||||
import org.sonar.api.utils.log.Logger; | import org.sonar.api.utils.log.Logger; | ||||
import org.sonar.api.utils.log.Loggers; | import org.sonar.api.utils.log.Loggers; | ||||
import org.sonar.ce.task.projectanalysis.analysis.AnalysisMetadataHolder; | |||||
import org.sonar.ce.task.projectanalysis.component.ConfigurationRepository; | import org.sonar.ce.task.projectanalysis.component.ConfigurationRepository; | ||||
import org.sonar.db.DbClient; | import org.sonar.db.DbClient; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
private final DbClient dbClient; | private final DbClient dbClient; | ||||
private final ConfigurationRepository configRepository; | private final ConfigurationRepository configRepository; | ||||
private final AnalysisMetadataHolder analysisMetadataHolder; | |||||
private boolean loaded = false; | private boolean loaded = false; | ||||
private String userUuid = null; | private String userUuid = null; | ||||
public DefaultAssignee(DbClient dbClient, ConfigurationRepository configRepository, AnalysisMetadataHolder analysisMetadataHolder) { | |||||
public DefaultAssignee(DbClient dbClient, ConfigurationRepository configRepository) { | |||||
this.dbClient = dbClient; | this.dbClient = dbClient; | ||||
this.configRepository = configRepository; | this.configRepository = configRepository; | ||||
this.analysisMetadataHolder = analysisMetadataHolder; | |||||
} | } | ||||
@CheckForNull | @CheckForNull | ||||
LOG.info("Property {} is set with an unknown login: {}", DEFAULT_ISSUE_ASSIGNEE, login); | LOG.info("Property {} is set with an unknown login: {}", DEFAULT_ISSUE_ASSIGNEE, login); | ||||
return null; | return null; | ||||
} | } | ||||
if (!isUserMemberOfOrganization(dbSession, user)) { | |||||
LOG.info("Property {} is set with a user which is not member of the organization of the project : {}", DEFAULT_ISSUE_ASSIGNEE, login); | |||||
return null; | |||||
} | |||||
return user.getUuid(); | return user.getUuid(); | ||||
} | } | ||||
} | } | ||||
private boolean isUserMemberOfOrganization(DbSession dbSession, UserDto user) { | |||||
return dbClient.organizationMemberDao().select(dbSession, analysisMetadataHolder.getOrganization().getUuid(), user.getUuid()).isPresent(); | |||||
} | |||||
} | } |
import java.util.Map; | import java.util.Map; | ||||
import org.sonar.api.utils.log.Logger; | import org.sonar.api.utils.log.Logger; | ||||
import org.sonar.api.utils.log.Loggers; | import org.sonar.api.utils.log.Loggers; | ||||
import org.sonar.ce.task.projectanalysis.analysis.AnalysisMetadataHolder; | |||||
import org.sonar.ce.task.projectanalysis.util.cache.CacheLoader; | import org.sonar.ce.task.projectanalysis.util.cache.CacheLoader; | ||||
import org.sonar.core.util.stream.MoreCollectors; | import org.sonar.core.util.stream.MoreCollectors; | ||||
import org.sonar.server.user.index.UserDoc; | import org.sonar.server.user.index.UserDoc; | ||||
private static final Logger LOGGER = Loggers.get(ScmAccountToUserLoader.class); | private static final Logger LOGGER = Loggers.get(ScmAccountToUserLoader.class); | ||||
private final UserIndex index; | private final UserIndex index; | ||||
private final AnalysisMetadataHolder analysisMetadataHolder; | |||||
public ScmAccountToUserLoader(UserIndex index, AnalysisMetadataHolder analysisMetadataHolder) { | |||||
public ScmAccountToUserLoader(UserIndex index) { | |||||
this.index = index; | this.index = index; | ||||
this.analysisMetadataHolder = analysisMetadataHolder; | |||||
} | } | ||||
@Override | @Override | ||||
public String load(String scmAccount) { | public String load(String scmAccount) { | ||||
List<UserDoc> users = index.getAtMostThreeActiveUsersForScmAccount(scmAccount, analysisMetadataHolder.getOrganization().getUuid()); | |||||
List<UserDoc> users = index.getAtMostThreeActiveUsersForScmAccount(scmAccount); | |||||
if (users.size() == 1) { | if (users.size() == 1) { | ||||
return users.get(0).uuid(); | return users.get(0).uuid(); | ||||
} | } |
import org.junit.Test; | import org.junit.Test; | ||||
import org.sonar.api.CoreProperties; | import org.sonar.api.CoreProperties; | ||||
import org.sonar.api.config.internal.MapSettings; | import org.sonar.api.config.internal.MapSettings; | ||||
import org.sonar.ce.task.projectanalysis.analysis.AnalysisMetadataHolderImpl; | |||||
import org.sonar.ce.task.projectanalysis.analysis.Organization; | |||||
import org.sonar.ce.task.projectanalysis.component.ConfigurationRepository; | import org.sonar.ce.task.projectanalysis.component.ConfigurationRepository; | ||||
import org.sonar.ce.task.projectanalysis.component.TestSettingsRepository; | import org.sonar.ce.task.projectanalysis.component.TestSettingsRepository; | ||||
import org.sonar.core.platform.PlatformEditionProvider; | |||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.organization.OrganizationDto; | import org.sonar.db.organization.OrganizationDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
import static org.mockito.Mockito.mock; | |||||
public class DefaultAssigneeTest { | public class DefaultAssigneeTest { | ||||
public static final String PROJECT_KEY = "PROJECT_KEY"; | public static final String PROJECT_KEY = "PROJECT_KEY"; | ||||
public static final String ORGANIZATION_UUID = "ORGANIZATION_UUID"; | public static final String ORGANIZATION_UUID = "ORGANIZATION_UUID"; | ||||
public static final String QUALITY_GATE_UUID = "QUALITY_GATE_UUID"; | |||||
@Rule | @Rule | ||||
public DbTester db = DbTester.create(); | public DbTester db = DbTester.create(); | ||||
private MapSettings settings = new MapSettings(); | private MapSettings settings = new MapSettings(); | ||||
private ConfigurationRepository settingsRepository = new TestSettingsRepository(settings.asConfig()); | private ConfigurationRepository settingsRepository = new TestSettingsRepository(settings.asConfig()); | ||||
private AnalysisMetadataHolderImpl analysisMetadataHolder = new AnalysisMetadataHolderImpl(mock(PlatformEditionProvider.class)); | |||||
private OrganizationDto organizationDto; | private OrganizationDto organizationDto; | ||||
private DefaultAssignee underTest = new DefaultAssignee(db.getDbClient(), settingsRepository, analysisMetadataHolder); | |||||
private DefaultAssignee underTest = new DefaultAssignee(db.getDbClient(), settingsRepository); | |||||
@Before | @Before | ||||
public void setUp() throws Exception { | |||||
public void setUp() { | |||||
organizationDto = db.organizations().insertForUuid(ORGANIZATION_UUID); | organizationDto = db.organizations().insertForUuid(ORGANIZATION_UUID); | ||||
analysisMetadataHolder.setOrganization(Organization.from( | |||||
new OrganizationDto().setUuid(ORGANIZATION_UUID).setKey("Organization key").setName("Organization name").setDefaultQualityGateUuid(QUALITY_GATE_UUID))); | |||||
} | } | ||||
@Test | @Test | ||||
assertThat(underTest.loadDefaultAssigneeUuid()).isNull(); | assertThat(underTest.loadDefaultAssigneeUuid()).isNull(); | ||||
} | } | ||||
@Test | |||||
public void configured_login_is_not_member_of_organization() { | |||||
settings.setProperty(CoreProperties.DEFAULT_ISSUE_ASSIGNEE, "erik"); | |||||
OrganizationDto otherOrganization = db.organizations().insert(); | |||||
UserDto userDto = db.users().insertUser("erik"); | |||||
db.organizations().addMember(otherOrganization, userDto); | |||||
assertThat(underTest.loadDefaultAssigneeUuid()).isNull(); | |||||
} | |||||
@Test | @Test | ||||
public void default_assignee_is_cached() { | public void default_assignee_is_cached() { | ||||
settings.setProperty(CoreProperties.DEFAULT_ISSUE_ASSIGNEE, "erik"); | settings.setProperty(CoreProperties.DEFAULT_ISSUE_ASSIGNEE, "erik"); |
import org.sonar.api.utils.System2; | import org.sonar.api.utils.System2; | ||||
import org.sonar.api.utils.log.LogTester; | import org.sonar.api.utils.log.LogTester; | ||||
import org.sonar.api.utils.log.LoggerLevel; | import org.sonar.api.utils.log.LoggerLevel; | ||||
import org.sonar.ce.task.projectanalysis.analysis.AnalysisMetadataHolderRule; | |||||
import org.sonar.ce.task.projectanalysis.analysis.Organization; | |||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.server.es.EsTester; | import org.sonar.server.es.EsTester; | ||||
import org.sonar.server.user.index.UserIndex; | import org.sonar.server.user.index.UserIndex; | ||||
@Rule | @Rule | ||||
public LogTester logTester = new LogTester(); | public LogTester logTester = new LogTester(); | ||||
@Rule | |||||
public AnalysisMetadataHolderRule analysisMetadataHolder = new AnalysisMetadataHolderRule(); | |||||
private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); | private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); | ||||
@Test | @Test | ||||
public void load_login_for_scm_account() { | public void load_login_for_scm_account() { | ||||
UserDto user = db.users().insertUser(u -> u.setScmAccounts(asList("charlie", "jesuis@charlie.com"))); | UserDto user = db.users().insertUser(u -> u.setScmAccounts(asList("charlie", "jesuis@charlie.com"))); | ||||
OrganizationDto organization = db.organizations().insert(o -> o.setUuid(ORGANIZATION_UUID)); | |||||
analysisMetadataHolder.setOrganization(Organization.from(organization)); | |||||
db.organizations().addMember(organization, user); | |||||
userIndexer.indexOnStartup(null); | userIndexer.indexOnStartup(null); | ||||
UserIndex index = new UserIndex(es.client(), System2.INSTANCE); | UserIndex index = new UserIndex(es.client(), System2.INSTANCE); | ||||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index, analysisMetadataHolder); | |||||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index); | |||||
assertThat(underTest.load("missing")).isNull(); | assertThat(underTest.load("missing")).isNull(); | ||||
assertThat(underTest.load("jesuis@charlie.com")).isEqualTo(user.getUuid()); | assertThat(underTest.load("jesuis@charlie.com")).isEqualTo(user.getUuid()); | ||||
@Test | @Test | ||||
public void warn_if_multiple_users_share_the_same_scm_account() { | public void warn_if_multiple_users_share_the_same_scm_account() { | ||||
UserDto user1 = db.users().insertUser(u -> u.setLogin("charlie").setScmAccounts(asList("charlie", "jesuis@charlie.com"))); | |||||
UserDto user2 = db.users().insertUser(u -> u.setLogin("another.charlie").setScmAccounts(asList("charlie"))); | |||||
OrganizationDto organization = db.organizations().insert(o -> o.setUuid(ORGANIZATION_UUID)); | |||||
analysisMetadataHolder.setOrganization(Organization.from(organization)); | |||||
db.organizations().addMember(organization, user1, user2); | |||||
db.users().insertUser(u -> u.setLogin("charlie").setScmAccounts(asList("charlie", "jesuis@charlie.com"))); | |||||
db.users().insertUser(u -> u.setLogin("another.charlie").setScmAccounts(asList("charlie"))); | |||||
userIndexer.indexOnStartup(null); | userIndexer.indexOnStartup(null); | ||||
UserIndex index = new UserIndex(es.client(), System2.INSTANCE); | UserIndex index = new UserIndex(es.client(), System2.INSTANCE); | ||||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index, analysisMetadataHolder); | |||||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index); | |||||
assertThat(underTest.load("charlie")).isNull(); | assertThat(underTest.load("charlie")).isNull(); | ||||
assertThat(logTester.logs(LoggerLevel.WARN)).contains("Multiple users share the SCM account 'charlie': another.charlie, charlie"); | assertThat(logTester.logs(LoggerLevel.WARN)).contains("Multiple users share the SCM account 'charlie': another.charlie, charlie"); | ||||
@Test | @Test | ||||
public void load_by_multiple_scm_accounts_is_not_supported_yet() { | public void load_by_multiple_scm_accounts_is_not_supported_yet() { | ||||
UserIndex index = new UserIndex(es.client(), System2.INSTANCE); | UserIndex index = new UserIndex(es.client(), System2.INSTANCE); | ||||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index, analysisMetadataHolder); | |||||
ScmAccountToUserLoader underTest = new ScmAccountToUserLoader(index); | |||||
try { | try { | ||||
underTest.loadAll(emptyList()); | underTest.loadAll(emptyList()); | ||||
fail(); | fail(); |
public List<OrganizationDto> selectOrganizationsWithLastAdmin(DbSession dbSession, String userUuid) { | public List<OrganizationDto> selectOrganizationsWithLastAdmin(DbSession dbSession, String userUuid) { | ||||
return dbClient.organizationDao().selectByPermission(dbSession, userUuid, ADMIN_PERMISSION).stream() | return dbClient.organizationDao().selectByPermission(dbSession, userUuid, ADMIN_PERMISSION).stream() | ||||
.filter(org -> isLastAdmin(dbSession, org, userUuid)) | |||||
.filter(org -> isLastAdmin(dbSession, userUuid)) | |||||
.collect(Collectors.toList()); | .collect(Collectors.toList()); | ||||
} | } | ||||
private boolean isLastAdmin(DbSession dbSession, OrganizationDto org, String userUuid) { | |||||
return dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, org.getUuid(), ADMIN_PERMISSION, userUuid) == 0; | |||||
private boolean isLastAdmin(DbSession dbSession, String userUuid) { | |||||
return dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, ADMIN_PERMISSION, userUuid) == 0; | |||||
} | } | ||||
} | } |
public class AuthorizationDao implements Dao { | public class AuthorizationDao implements Dao { | ||||
/** | /** | ||||
* Loads all the permissions granted to user for the specified organization | |||||
*/ | |||||
public Set<String> selectOrganizationPermissions(DbSession dbSession, String organizationUuid, String userUuid) { | |||||
return mapper(dbSession).selectOrganizationPermissions(organizationUuid, userUuid); | |||||
* Loads all the global permissions granted to user | |||||
*/ | |||||
public Set<String> selectGlobalPermissions(DbSession dbSession, String userUuid) { | |||||
return mapper(dbSession).selectGlobalPermissions(userUuid); | |||||
} | } | ||||
/** | /** | ||||
* Loads all the permissions granted to anonymous user for the specified organization | * Loads all the permissions granted to anonymous user for the specified organization | ||||
*/ | */ | ||||
public Set<String> selectOrganizationPermissionsOfAnonymous(DbSession dbSession, String organizationUuid) { | |||||
return mapper(dbSession).selectOrganizationPermissionsOfAnonymous(organizationUuid); | |||||
public Set<String> selectGlobalPermissionsOfAnonymous(DbSession dbSession) { | |||||
return mapper(dbSession).selectGlobalPermissionsOfAnonymous(); | |||||
} | } | ||||
/** | /** | ||||
* The number of users who will still have the permission if the group {@code excludedGroupUuid} | * The number of users who will still have the permission if the group {@code excludedGroupUuid} | ||||
* is deleted. The anyone virtual group is not taken into account. | * is deleted. The anyone virtual group is not taken into account. | ||||
*/ | */ | ||||
public int countUsersWithGlobalPermissionExcludingGroup(DbSession dbSession, String organizationUuid, | |||||
String permission, String excludedGroupUuid) { | |||||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingGroup(organizationUuid, permission, excludedGroupUuid); | |||||
public int countUsersWithGlobalPermissionExcludingGroup(DbSession dbSession, String permission, String excludedGroupUuid) { | |||||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingGroup(permission, excludedGroupUuid); | |||||
} | } | ||||
/** | /** | ||||
* The number of users who will still have the permission if the user {@code excludedUserId} | * The number of users who will still have the permission if the user {@code excludedUserId} | ||||
* is deleted. The anyone virtual group is not taken into account. | * is deleted. The anyone virtual group is not taken into account. | ||||
*/ | */ | ||||
public int countUsersWithGlobalPermissionExcludingUser(DbSession dbSession, String organizationUuid, | |||||
String permission, String excludedUserUuid) { | |||||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingUser(organizationUuid, permission, excludedUserUuid); | |||||
public int countUsersWithGlobalPermissionExcludingUser(DbSession dbSession, String permission, String excludedUserUuid) { | |||||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingUser(permission, excludedUserUuid); | |||||
} | } | ||||
/** | /** | ||||
* The list of users who have the global permission. | * The list of users who have the global permission. | ||||
* The anyone virtual group is not taken into account. | * The anyone virtual group is not taken into account. | ||||
*/ | */ | ||||
public List<String> selectUserUuidsWithGlobalPermission(DbSession dbSession, String organizationUuid, String permission) { | |||||
return mapper(dbSession).selectUserUuidsWithGlobalPermission(organizationUuid, permission); | |||||
public List<String> selectUserUuidsWithGlobalPermission(DbSession dbSession, String permission) { | |||||
return mapper(dbSession).selectUserUuidsWithGlobalPermission(permission); | |||||
} | } | ||||
/** | /** | ||||
* The number of users who will still have the permission if the user {@code userId} | * The number of users who will still have the permission if the user {@code userId} | ||||
* is removed from group {@code groupUuid}. The anyone virtual group is not taken into account. | * is removed from group {@code groupUuid}. The anyone virtual group is not taken into account. | ||||
* Contrary to {@link #countUsersWithGlobalPermissionExcludingUser(DbSession, String, String, String)}, user | |||||
* Contrary to {@link #countUsersWithGlobalPermissionExcludingUser(DbSession, String, String)}, user | |||||
* still exists and may have the permission directly or through other groups. | * still exists and may have the permission directly or through other groups. | ||||
*/ | */ | ||||
public int countUsersWithGlobalPermissionExcludingGroupMember(DbSession dbSession, String organizationUuid, | |||||
String permission, String groupUuid, String userUuid) { | |||||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingGroupMember(organizationUuid, permission, groupUuid, userUuid); | |||||
public int countUsersWithGlobalPermissionExcludingGroupMember(DbSession dbSession, String permission, String groupUuid, String userUuid) { | |||||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingGroupMember(permission, groupUuid, userUuid); | |||||
} | } | ||||
/** | /** | ||||
* The number of users who will still have the permission if the permission {@code permission} | * The number of users who will still have the permission if the permission {@code permission} | ||||
* is removed from user {@code userId}. The anyone virtual group is not taken into account. | * is removed from user {@code userId}. The anyone virtual group is not taken into account. | ||||
* Contrary to {@link #countUsersWithGlobalPermissionExcludingUser(DbSession, String, String, String)}, user | |||||
* Contrary to {@link #countUsersWithGlobalPermissionExcludingUser(DbSession, String, String)}, user | |||||
* still exists and may have the permission through groups. | * still exists and may have the permission through groups. | ||||
*/ | */ | ||||
public int countUsersWithGlobalPermissionExcludingUserPermission(DbSession dbSession, String organizationUuid, | |||||
String permission, String userUuid) { | |||||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingUserPermission(organizationUuid, permission, userUuid); | |||||
} | |||||
/** | |||||
* The UUIDs of all the organizations in which the specified user has the specified global permission. An empty | |||||
* set is returned if user or permission do not exist. An empty set is also returned if the user is not involved | |||||
* in any organization. | |||||
* <br/> | |||||
* Group membership is taken into account. Anonymous privileges are ignored. | |||||
*/ | |||||
public Set<String> selectOrganizationUuidsOfUserWithGlobalPermission(DbSession dbSession, String userUuid, String permission) { | |||||
return mapper(dbSession).selectOrganizationUuidsOfUserWithGlobalPermission(userUuid, permission); | |||||
public int countUsersWithGlobalPermissionExcludingUserPermission(DbSession dbSession, String permission, String userUuid) { | |||||
return mapper(dbSession).countUsersWithGlobalPermissionExcludingUserPermission(permission, userUuid); | |||||
} | } | ||||
public Set<String> keepAuthorizedProjectUuids(DbSession dbSession, Collection<String> projectUuids, @Nullable String userUuid, String permission) { | public Set<String> keepAuthorizedProjectUuids(DbSession dbSession, Collection<String> projectUuids, @Nullable String userUuid, String permission) { |
*/ | */ | ||||
public interface AuthorizationMapper { | public interface AuthorizationMapper { | ||||
Set<String> selectOrganizationPermissions(@Param("organizationUuid") String organizationUuid, @Param("userUuid") String userUuid); | |||||
Set<String> selectGlobalPermissions(@Param("userUuid") String userUuid); | |||||
Set<String> selectOrganizationPermissionsOfAnonymous(@Param("organizationUuid") String organizationUuid); | |||||
Set<String> selectGlobalPermissionsOfAnonymous(); | |||||
int countUsersWithGlobalPermissionExcludingGroup(@Param("organizationUuid") String organizationUuid, | |||||
@Param("permission") String permission, @Param("excludedGroupUuid") String excludedGroupUuid); | |||||
int countUsersWithGlobalPermissionExcludingGroup(@Param("permission") String permission, @Param("excludedGroupUuid") String excludedGroupUuid); | |||||
int countUsersWithGlobalPermissionExcludingUser(@Param("organizationUuid") String organizationUuid, @Param("permission") String permission, | |||||
int countUsersWithGlobalPermissionExcludingUser(@Param("permission") String permission, | |||||
@Param("excludedUserUuid") String excludedUserUuid); | @Param("excludedUserUuid") String excludedUserUuid); | ||||
List<String> selectUserUuidsWithGlobalPermission(@Param("organizationUuid") String organizationUuid, @Param("permission") String permission); | |||||
List<String> selectUserUuidsWithGlobalPermission(@Param("permission") String permission); | |||||
int countUsersWithGlobalPermissionExcludingGroupMember(@Param("organizationUuid") String organizationUuid, | |||||
@Param("permission") String permission, @Param("groupUuid") String groupUuid, @Param("userUuid") String userUuid); | |||||
int countUsersWithGlobalPermissionExcludingGroupMember(@Param("permission") String permission, @Param("groupUuid") String groupUuid, @Param("userUuid") String userUuid); | |||||
int countUsersWithGlobalPermissionExcludingUserPermission(@Param("organizationUuid") String organizationUuid, | |||||
@Param("permission") String permission, @Param("userUuid") String userUuid); | |||||
Set<String> selectOrganizationUuidsOfUserWithGlobalPermission(@Param("userUuid") String userUuid, @Param("permission") String permission); | |||||
int countUsersWithGlobalPermissionExcludingUserPermission(@Param("permission") String permission, @Param("userUuid") String userUuid); | |||||
List<String> keepAuthorizedUsersForRoleAndProject(@Param("role") String role, @Param("componentUuid") String componentUuid, @Param("userUuids") List<String> userUuids); | List<String> keepAuthorizedUsersForRoleAndProject(@Param("role") String role, @Param("componentUuid") String componentUuid, @Param("userUuids") List<String> userUuids); | ||||
import org.sonar.api.security.DefaultGroups; | import org.sonar.api.security.DefaultGroups; | ||||
import org.sonar.db.Dao; | import org.sonar.db.Dao; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.component.ComponentMapper; | |||||
import org.sonar.db.user.GroupMapper; | |||||
import static com.google.common.base.Preconditions.checkArgument; | |||||
import static org.sonar.db.DatabaseUtils.executeLargeInputs; | import static org.sonar.db.DatabaseUtils.executeLargeInputs; | ||||
import static org.sonar.db.DatabaseUtils.executeLargeInputsWithoutOutput; | import static org.sonar.db.DatabaseUtils.executeLargeInputsWithoutOutput; | ||||
* Select global or project permission of given groups and organization. Anyone virtual group is supported | * Select global or project permission of given groups and organization. Anyone virtual group is supported | ||||
* through the value "zero" (0L) in {@code groupUuids}. | * through the value "zero" (0L) in {@code groupUuids}. | ||||
*/ | */ | ||||
public List<GroupPermissionDto> selectByGroupUuids(DbSession dbSession, String organizationUuid, List<String> groupUuids, @Nullable String projectUuid) { | |||||
return executeLargeInputs(groupUuids, groups -> mapper(dbSession).selectByGroupUuids(organizationUuid, groups, projectUuid)); | |||||
public List<GroupPermissionDto> selectByGroupUuids(DbSession dbSession, List<String> groupUuids, @Nullable String projectUuid) { | |||||
return executeLargeInputs(groupUuids, groups -> mapper(dbSession).selectByGroupUuids(groups, projectUuid)); | |||||
} | } | ||||
/** | /** | ||||
* Select global and project permissions of a given group (Anyone group is NOT supported) | * Select global and project permissions of a given group (Anyone group is NOT supported) | ||||
* Each row returns a {@link GroupPermissionDto} | * Each row returns a {@link GroupPermissionDto} | ||||
*/ | */ | ||||
public void selectAllPermissionsByGroupUuid(DbSession dbSession, String organizationUuid, String groupUuid, ResultHandler resultHandler) { | |||||
mapper(dbSession).selectAllPermissionsByGroupUuid(organizationUuid, groupUuid, resultHandler); | |||||
public void selectAllPermissionsByGroupUuid(DbSession dbSession, String groupUuid, ResultHandler resultHandler) { | |||||
mapper(dbSession).selectAllPermissionsByGroupUuid(groupUuid, resultHandler); | |||||
} | } | ||||
/** | /** | ||||
* Selects the global permissions granted to group. An empty list is returned if the | * Selects the global permissions granted to group. An empty list is returned if the | ||||
* group does not exist. | * group does not exist. | ||||
*/ | */ | ||||
public List<String> selectGlobalPermissionsOfGroup(DbSession session, String organizationUuid, @Nullable String groupUuid) { | |||||
return mapper(session).selectGlobalPermissionsOfGroup(organizationUuid, groupUuid); | |||||
public List<String> selectGlobalPermissionsOfGroup(DbSession session, @Nullable String groupUuid) { | |||||
return mapper(session).selectGlobalPermissionsOfGroup(groupUuid); | |||||
} | } | ||||
/** | /** | ||||
* Selects the permissions granted to group and project. An empty list is returned if the | * Selects the permissions granted to group and project. An empty list is returned if the | ||||
* group or project do not exist. | * group or project do not exist. | ||||
*/ | */ | ||||
public List<String> selectProjectPermissionsOfGroup(DbSession session, String organizationUuid, @Nullable String groupUuid, String projectUuid) { | |||||
return mapper(session).selectProjectPermissionsOfGroup(organizationUuid, groupUuid, projectUuid); | |||||
public List<String> selectProjectPermissionsOfGroup(DbSession session, @Nullable String groupUuid, String projectUuid) { | |||||
return mapper(session).selectProjectPermissionsOfGroup(groupUuid, projectUuid); | |||||
} | } | ||||
/** | /** | ||||
} | } | ||||
public void insert(DbSession dbSession, GroupPermissionDto dto) { | public void insert(DbSession dbSession, GroupPermissionDto dto) { | ||||
ensureComponentPermissionConsistency(dbSession, dto); | |||||
ensureGroupPermissionConsistency(dbSession, dto); | |||||
mapper(dbSession).insert(dto); | mapper(dbSession).insert(dto); | ||||
} | } | ||||
private static void ensureComponentPermissionConsistency(DbSession dbSession, GroupPermissionDto dto) { | |||||
if (dto.getComponentUuid() == null) { | |||||
return; | |||||
} | |||||
ComponentMapper componentMapper = dbSession.getMapper(ComponentMapper.class); | |||||
checkArgument( | |||||
componentMapper.countComponentByOrganizationAndUuid(dto.getOrganizationUuid(), dto.getComponentUuid()) == 1, | |||||
"Can't insert permission '%s' for component with id '%s' in organization with uuid '%s' because this component does not belong to organization with uuid '%s'", | |||||
dto.getRole(), dto.getComponentUuid(), dto.getOrganizationUuid(), dto.getOrganizationUuid()); | |||||
} | |||||
private static void ensureGroupPermissionConsistency(DbSession dbSession, GroupPermissionDto dto) { | |||||
if (dto.getGroupUuid() == null) { | |||||
return; | |||||
} | |||||
GroupMapper groupMapper = dbSession.getMapper(GroupMapper.class); | |||||
checkArgument( | |||||
groupMapper.countGroupByOrganizationAndUuid(dto.getOrganizationUuid(), dto.getGroupUuid()) == 1, | |||||
"Can't insert permission '%s' for group with id '%s' in organization with uuid '%s' because this group does not belong to organization with uuid '%s'", | |||||
dto.getRole(), dto.getGroupUuid(), dto.getOrganizationUuid(), dto.getOrganizationUuid()); | |||||
} | |||||
/** | /** | ||||
* Delete all the permissions associated to a root component (project) | * Delete all the permissions associated to a root component (project) | ||||
*/ | */ | ||||
* </ul> | * </ul> | ||||
* @param dbSession | * @param dbSession | ||||
* @param permission the kind of permission | * @param permission the kind of permission | ||||
* @param organizationUuid UUID of organization, even if parameter {@code groupUuid} is not null | |||||
* @param groupUuid if null, then anyone, else uuid of group | * @param groupUuid if null, then anyone, else uuid of group | ||||
* @param rootComponentUuid if null, then global permission, otherwise the uuid of root component (project) | * @param rootComponentUuid if null, then global permission, otherwise the uuid of root component (project) | ||||
*/ | */ | ||||
public void delete(DbSession dbSession, String permission, String organizationUuid, @Nullable String groupUuid, @Nullable String rootComponentUuid) { | |||||
mapper(dbSession).delete(permission, organizationUuid, groupUuid, rootComponentUuid); | |||||
} | |||||
public void deleteByOrganization(DbSession dbSession, String organizationUuid) { | |||||
mapper(dbSession).deleteByOrganization(organizationUuid); | |||||
public void delete(DbSession dbSession, String permission, @Nullable String groupUuid, @Nullable String rootComponentUuid) { | |||||
mapper(dbSession).delete(permission, groupUuid, rootComponentUuid); | |||||
} | } | ||||
private static GroupPermissionMapper mapper(DbSession session) { | private static GroupPermissionMapper mapper(DbSession session) { |
public class GroupPermissionDto { | public class GroupPermissionDto { | ||||
private String uuid; | private String uuid; | ||||
private String organizationUuid; | |||||
private String groupUuid; | private String groupUuid; | ||||
private String componentUuid; | private String componentUuid; | ||||
private String role; | private String role; | ||||
return groupUuid; | return groupUuid; | ||||
} | } | ||||
public String getOrganizationUuid() { | |||||
return organizationUuid; | |||||
} | |||||
public GroupPermissionDto setOrganizationUuid(String s) { | |||||
this.organizationUuid = s; | |||||
return this; | |||||
} | |||||
/** | /** | ||||
* Null when Anyone | * Null when Anyone | ||||
*/ | */ |
int countGroupsByQuery(@Param("query") PermissionQuery query); | int countGroupsByQuery(@Param("query") PermissionQuery query); | ||||
List<GroupPermissionDto> selectByGroupUuids(@Param("organizationUuid") String organizationUuid, | |||||
@Param("groupUuids") List<String> groupUuids, @Nullable @Param("projectUuid") String projectUuid); | |||||
List<GroupPermissionDto> selectByGroupUuids(@Param("groupUuids") List<String> groupUuids, @Nullable @Param("projectUuid") String projectUuid); | |||||
void groupsCountByProjectUuidAndPermission(Map<String, Object> parameters, ResultHandler resultHandler); | void groupsCountByProjectUuidAndPermission(Map<String, Object> parameters, ResultHandler resultHandler); | ||||
void insert(GroupPermissionDto dto); | void insert(GroupPermissionDto dto); | ||||
void delete(@Param("permission") String permission, @Param("organizationUuid") String organizationUuid, | |||||
@Nullable @Param("groupUuid") String groupUuid, @Nullable @Param("rootComponentUuid") String rootComponentUuid); | |||||
void delete(@Param("permission") String permission, @Nullable @Param("groupUuid") String groupUuid, @Nullable @Param("rootComponentUuid") String rootComponentUuid); | |||||
List<String> selectGlobalPermissionsOfGroup(@Param("organizationUuid") String organizationUuid, | |||||
@Nullable @Param("groupUuid") String groupUuid); | |||||
List<String> selectGlobalPermissionsOfGroup(@Nullable @Param("groupUuid") String groupUuid); | |||||
List<String> selectProjectPermissionsOfGroup(@Param("organizationUuid") String organizationUuid, | |||||
@Nullable @Param("groupUuid") String groupUuid, @Param("projectUuid") String projectUuid); | |||||
List<String> selectProjectPermissionsOfGroup(@Nullable @Param("groupUuid") String groupUuid, @Param("projectUuid") String projectUuid); | |||||
void selectAllPermissionsByGroupUuid(@Param("organizationUuid") String organizationUuid, | |||||
@Param("groupUuid") String groupUuid, ResultHandler resultHandler); | |||||
void selectAllPermissionsByGroupUuid(@Param("groupUuid") String groupUuid, ResultHandler resultHandler); | |||||
/** | /** | ||||
* Lists uuid of groups with at least one permission on the specified root component but which do not have the specified | * Lists uuid of groups with at least one permission on the specified root component but which do not have the specified | ||||
*/ | */ | ||||
Set<String> selectGroupUuidsWithPermissionOnProjectBut(@Param("projectUuid") String projectUuid, @Param("role") String permission); | Set<String> selectGroupUuidsWithPermissionOnProjectBut(@Param("projectUuid") String projectUuid, @Param("role") String permission); | ||||
void deleteByOrganization(@Param("organizationUuid") String organizationUuid); | |||||
void deleteByRootComponentUuid(@Param("rootComponentUuid") String rootComponentUuid); | void deleteByRootComponentUuid(@Param("rootComponentUuid") String rootComponentUuid); | ||||
int deleteByRootComponentUuidAndGroupUuid(@Param("rootComponentUuid") String rootComponentUuid, @Nullable @Param("groupUuid") String groupUuid); | int deleteByRootComponentUuidAndGroupUuid(@Param("rootComponentUuid") String rootComponentUuid, @Nullable @Param("groupUuid") String groupUuid); |
import static com.google.common.base.MoreObjects.firstNonNull; | import static com.google.common.base.MoreObjects.firstNonNull; | ||||
import static com.google.common.base.Preconditions.checkArgument; | import static com.google.common.base.Preconditions.checkArgument; | ||||
import static java.util.Objects.requireNonNull; | |||||
import static org.apache.commons.lang.StringUtils.defaultIfBlank; | import static org.apache.commons.lang.StringUtils.defaultIfBlank; | ||||
import static org.sonar.api.utils.Paging.offset; | import static org.sonar.api.utils.Paging.offset; | ||||
import static org.sonar.db.DaoUtils.buildLikeValue; | import static org.sonar.db.DaoUtils.buildLikeValue; | ||||
public static final int DEFAULT_PAGE_SIZE = 20; | public static final int DEFAULT_PAGE_SIZE = 20; | ||||
public static final int DEFAULT_PAGE_INDEX = 1; | public static final int DEFAULT_PAGE_INDEX = 1; | ||||
// filter: return only the users or groups that are members of the organization | |||||
private final String organizationUuid; | |||||
// filter: return only the users or groups who have this permission | // filter: return only the users or groups who have this permission | ||||
private final String permission; | private final String permission; | ||||
// filter on project, else filter org permissions | // filter on project, else filter org permissions | ||||
private final int pageOffset; | private final int pageOffset; | ||||
private PermissionQuery(Builder builder) { | private PermissionQuery(Builder builder) { | ||||
this.organizationUuid = builder.organizationUuid; | |||||
this.permission = builder.permission; | this.permission = builder.permission; | ||||
this.withAtLeastOnePermission = builder.withAtLeastOnePermission; | this.withAtLeastOnePermission = builder.withAtLeastOnePermission; | ||||
this.componentUuid = builder.componentUuid; | this.componentUuid = builder.componentUuid; | ||||
this.pageOffset = offset(builder.pageIndex, builder.pageSize); | this.pageOffset = offset(builder.pageIndex, builder.pageSize); | ||||
} | } | ||||
public String getOrganizationUuid() { | |||||
return organizationUuid; | |||||
} | |||||
@CheckForNull | @CheckForNull | ||||
public String getPermission() { | public String getPermission() { | ||||
return permission; | return permission; | ||||
public static class Builder { | public static class Builder { | ||||
private String permission; | private String permission; | ||||
private String organizationUuid; | |||||
private String componentUuid; | private String componentUuid; | ||||
private String searchQuery; | private String searchQuery; | ||||
private boolean withAtLeastOnePermission; | private boolean withAtLeastOnePermission; | ||||
return this; | return this; | ||||
} | } | ||||
public Builder setOrganizationUuid(String organizationUuid) { | |||||
this.organizationUuid = organizationUuid; | |||||
return this; | |||||
} | |||||
public Builder setSearchQuery(@Nullable String s) { | public Builder setSearchQuery(@Nullable String s) { | ||||
this.searchQuery = defaultIfBlank(s, null); | this.searchQuery = defaultIfBlank(s, null); | ||||
return this; | return this; | ||||
} | } | ||||
public PermissionQuery build() { | public PermissionQuery build() { | ||||
requireNonNull(organizationUuid, "Organization UUID cannot be null"); | |||||
this.pageIndex = firstNonNull(pageIndex, DEFAULT_PAGE_INDEX); | this.pageIndex = firstNonNull(pageIndex, DEFAULT_PAGE_INDEX); | ||||
this.pageSize = firstNonNull(pageSize, DEFAULT_PAGE_SIZE); | this.pageSize = firstNonNull(pageSize, DEFAULT_PAGE_SIZE); | ||||
checkArgument(searchQuery == null || searchQuery.length() >= SEARCH_QUERY_MIN_LENGTH, "Search query should contains at least %s characters", SEARCH_QUERY_MIN_LENGTH); | checkArgument(searchQuery == null || searchQuery.length() >= SEARCH_QUERY_MIN_LENGTH, "Search query should contains at least %s characters", SEARCH_QUERY_MIN_LENGTH); |
import org.sonar.db.Dao; | import org.sonar.db.Dao; | ||||
import org.sonar.db.DatabaseUtils; | import org.sonar.db.DatabaseUtils; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.component.ComponentMapper; | |||||
import static com.google.common.base.Preconditions.checkArgument; | import static com.google.common.base.Preconditions.checkArgument; | ||||
import static java.util.Collections.emptyList; | import static java.util.Collections.emptyList; | ||||
* | * | ||||
* @return the global permissions. An empty list is returned if user or organization do not exist. | * @return the global permissions. An empty list is returned if user or organization do not exist. | ||||
*/ | */ | ||||
public List<String> selectGlobalPermissionsOfUser(DbSession dbSession, String userUuid, String organizationUuid) { | |||||
return mapper(dbSession).selectGlobalPermissionsOfUser(userUuid, organizationUuid); | |||||
public List<String> selectGlobalPermissionsOfUser(DbSession dbSession, String userUuid) { | |||||
return mapper(dbSession).selectGlobalPermissionsOfUser(userUuid); | |||||
} | } | ||||
/** | /** | ||||
return mapper(session).selectUserUuidsWithPermissionOnProjectBut(projectUuid, permission); | return mapper(session).selectUserUuidsWithPermissionOnProjectBut(projectUuid, permission); | ||||
} | } | ||||
public void insert(DbSession dbSession, UserPermissionDto dto) { | |||||
ensureComponentPermissionConsistency(dbSession, dto); | |||||
mapper(dbSession).insert(dto); | |||||
} | |||||
private static void ensureComponentPermissionConsistency(DbSession dbSession, UserPermissionDto dto) { | |||||
if (dto.getComponentUuid() == null) { | |||||
return; | |||||
} | |||||
ComponentMapper componentMapper = dbSession.getMapper(ComponentMapper.class); | |||||
checkArgument( | |||||
componentMapper.countComponentByOrganizationAndUuid(dto.getOrganizationUuid(), dto.getComponentUuid()) == 1, | |||||
"Can't insert permission '%s' for component with id '%s' in organization with uuid '%s' because this component does not belong to organization with uuid '%s'", | |||||
dto.getPermission(), dto.getComponentUuid(), dto.getOrganizationUuid(), dto.getOrganizationUuid()); | |||||
public void insert(DbSession dbSession, UserPermissionDto dto, String defaultOrgUuid) { | |||||
mapper(dbSession).insert(dto, defaultOrgUuid); | |||||
} | } | ||||
/** | /** | ||||
* Removes a single global permission from user | * Removes a single global permission from user | ||||
*/ | */ | ||||
public void deleteGlobalPermission(DbSession dbSession, String userUuid, String permission, String organizationUuid) { | |||||
mapper(dbSession).deleteGlobalPermission(userUuid, permission, organizationUuid); | |||||
public void deleteGlobalPermission(DbSession dbSession, String userUuid, String permission) { | |||||
mapper(dbSession).deleteGlobalPermission(userUuid, permission); | |||||
} | } | ||||
/** | /** | ||||
return mapper(dbSession).deleteProjectPermissionOfAnyUser(projectUuid, permission); | return mapper(dbSession).deleteProjectPermissionOfAnyUser(projectUuid, permission); | ||||
} | } | ||||
public void deleteByOrganization(DbSession dbSession, String organizationUuid) { | |||||
mapper(dbSession).deleteByOrganization(organizationUuid); | |||||
} | |||||
public void deleteOrganizationMemberPermissions(DbSession dbSession, String organizationUuid, String userUuid) { | |||||
mapper(dbSession).deleteOrganizationMemberPermissions(organizationUuid, userUuid); | |||||
} | |||||
public void deleteByUserUuid(DbSession dbSession, String userUuid) { | public void deleteByUserUuid(DbSession dbSession, String userUuid) { | ||||
mapper(dbSession).deleteByUserUuid(userUuid); | mapper(dbSession).deleteByUserUuid(userUuid); | ||||
} | } |
public class UserPermissionDto { | public class UserPermissionDto { | ||||
private String uuid; | private String uuid; | ||||
private String organizationUuid; | |||||
private String permission; | private String permission; | ||||
private String userUuid; | private String userUuid; | ||||
private String componentUuid; | private String componentUuid; | ||||
// used by MyBatis | // used by MyBatis | ||||
} | } | ||||
public UserPermissionDto(String uuid, String organizationUuid, String permission, String userUuid, @Nullable String componentUuid) { | |||||
public UserPermissionDto(String uuid, String permission, String userUuid, @Nullable String componentUuid) { | |||||
this.uuid = uuid; | this.uuid = uuid; | ||||
this.organizationUuid = organizationUuid; | |||||
this.permission = permission; | this.permission = permission; | ||||
this.userUuid = userUuid; | this.userUuid = userUuid; | ||||
this.componentUuid = componentUuid; | this.componentUuid = componentUuid; | ||||
return userUuid; | return userUuid; | ||||
} | } | ||||
public String getOrganizationUuid() { | |||||
return organizationUuid; | |||||
} | |||||
/** | /** | ||||
* @return {@code null} if it's a global permission, otherwise return the project uiid. | * @return {@code null} if it's a global permission, otherwise return the project uiid. | ||||
*/ | */ | ||||
StringBuilder sb = new StringBuilder("UserPermissionDto{"); | StringBuilder sb = new StringBuilder("UserPermissionDto{"); | ||||
sb.append("permission='").append(permission).append('\''); | sb.append("permission='").append(permission).append('\''); | ||||
sb.append(", userUuid=").append(userUuid); | sb.append(", userUuid=").append(userUuid); | ||||
sb.append(", organizationUuid=").append(organizationUuid); | |||||
sb.append(", componentUuid=").append(componentUuid); | sb.append(", componentUuid=").append(componentUuid); | ||||
sb.append('}'); | sb.append('}'); | ||||
return sb.toString(); | return sb.toString(); |
*/ | */ | ||||
Set<String> selectUserUuidsWithPermissionOnProjectBut(@Param("projectUuid") String projectUuid, @Param("permission") String permission); | Set<String> selectUserUuidsWithPermissionOnProjectBut(@Param("projectUuid") String projectUuid, @Param("permission") String permission); | ||||
void insert(UserPermissionDto dto); | |||||
void insert(@Param("dto")UserPermissionDto dto, @Param("defaultOrgUuid") String defaultOrgUuid); | |||||
void deleteGlobalPermission(@Param("userUuid") String userUuid, @Param("permission") String permission, | |||||
@Param("organizationUuid") String organizationUuid); | |||||
void deleteGlobalPermission(@Param("userUuid") String userUuid, @Param("permission") String permission); | |||||
void deleteProjectPermission(@Param("userUuid") String userUuid, @Param("permission") String permission, | void deleteProjectPermission(@Param("userUuid") String userUuid, @Param("permission") String permission, | ||||
@Param("projectUuid") String projectUuid); | @Param("projectUuid") String projectUuid); | ||||
int deleteProjectPermissionOfAnyUser(@Param("projectUuid") String projectUuid, @Param("permission") String permission); | int deleteProjectPermissionOfAnyUser(@Param("projectUuid") String projectUuid, @Param("permission") String permission); | ||||
List<String> selectGlobalPermissionsOfUser(@Param("userUuid") String userUuid, @Param("organizationUuid") String organizationUuid); | |||||
List<String> selectGlobalPermissionsOfUser(@Param("userUuid") String userUuid); | |||||
List<String> selectProjectPermissionsOfUser(@Param("userUuid") String userUuid, @Param("projectUuid") String projectUuid); | List<String> selectProjectPermissionsOfUser(@Param("userUuid") String userUuid, @Param("projectUuid") String projectUuid); | ||||
void deleteByOrganization(@Param("organizationUuid") String organizationUuid); | |||||
void deleteOrganizationMemberPermissions(@Param("organizationUuid") String organizationUuid, @Param("userUuid") String userUuid); | |||||
void deleteByUserUuid(@Param("userUuid") String userUuid); | void deleteByUserUuid(@Param("userUuid") String userUuid); | ||||
} | } |
return mapper(session).selectGroupNamesByQueryAndTemplate(templateUuid, query, new RowBounds(query.getPageOffset(), query.getPageSize())); | return mapper(session).selectGroupNamesByQueryAndTemplate(templateUuid, query, new RowBounds(query.getPageOffset(), query.getPageSize())); | ||||
} | } | ||||
public int countGroupNamesByQueryAndTemplate(DbSession session, PermissionQuery query, String organizationUuid, String templateUuid) { | |||||
return mapper(session).countGroupNamesByQueryAndTemplate(organizationUuid, query, templateUuid); | |||||
public int countGroupNamesByQueryAndTemplate(DbSession session, PermissionQuery query, String templateUuid) { | |||||
return mapper(session).countGroupNamesByQueryAndTemplate(query, templateUuid); | |||||
} | } | ||||
public List<PermissionTemplateGroupDto> selectGroupPermissionsByTemplateIdAndGroupNames(DbSession dbSession, String templateUuid, List<String> groups) { | public List<PermissionTemplateGroupDto> selectGroupPermissionsByTemplateIdAndGroupNames(DbSession dbSession, String templateUuid, List<String> groups) { | ||||
return mapper(session).selectByUuid(templateUuid); | return mapper(session).selectByUuid(templateUuid); | ||||
} | } | ||||
public List<PermissionTemplateDto> selectAll(DbSession session, String organizationUuid, @Nullable String nameMatch) { | |||||
public List<PermissionTemplateDto> selectAll(DbSession session, @Nullable String nameMatch) { | |||||
String upperCaseNameLikeSql = nameMatch != null ? toUppercaseSqlQuery(nameMatch) : null; | String upperCaseNameLikeSql = nameMatch != null ? toUppercaseSqlQuery(nameMatch) : null; | ||||
return mapper(session).selectAll(organizationUuid, upperCaseNameLikeSql); | |||||
return mapper(session).selectAll(upperCaseNameLikeSql); | |||||
} | } | ||||
private static String toUppercaseSqlQuery(String nameMatch) { | private static String toUppercaseSqlQuery(String nameMatch) { | ||||
session.commit(); | session.commit(); | ||||
} | } | ||||
public void deleteUserPermissionsByOrganization(DbSession dbSession, String organizationUuid, String userUuid) { | |||||
mapper(dbSession).deleteUserPermissionsByOrganization(organizationUuid, userUuid); | |||||
} | |||||
public void deleteUserPermissionsByUserUuid(DbSession dbSession, String userUuid) { | public void deleteUserPermissionsByUserUuid(DbSession dbSession, String userUuid) { | ||||
mapper(dbSession).deleteUserPermissionsByUserUuid(userUuid); | mapper(dbSession).deleteUserPermissionsByUserUuid(userUuid); | ||||
} | } | ||||
session.commit(); | session.commit(); | ||||
} | } | ||||
public PermissionTemplateDto selectByName(DbSession dbSession, String organizationUuid, String name) { | |||||
return mapper(dbSession).selectByName(organizationUuid, name.toUpperCase(Locale.ENGLISH)); | |||||
public PermissionTemplateDto selectByName(DbSession dbSession, String name) { | |||||
return mapper(dbSession).selectByName(name.toUpperCase(Locale.ENGLISH)); | |||||
} | } | ||||
public List<String> selectPotentialPermissionsByUserUuidAndTemplateUuid(DbSession dbSession, @Nullable String currentUserUuid, String templateUuid) { | public List<String> selectPotentialPermissionsByUserUuidAndTemplateUuid(DbSession dbSession, @Nullable String currentUserUuid, String templateUuid) { | ||||
private static PermissionTemplateMapper mapper(DbSession session) { | private static PermissionTemplateMapper mapper(DbSession session) { | ||||
return session.getMapper(PermissionTemplateMapper.class); | return session.getMapper(PermissionTemplateMapper.class); | ||||
} | } | ||||
public void deleteByOrganization(DbSession dbSession, String organizationUuid) { | |||||
PermissionTemplateMapper templateMapper = mapper(dbSession); | |||||
PermissionTemplateCharacteristicMapper templateCharacteristicMapper = dbSession.getMapper(PermissionTemplateCharacteristicMapper.class); | |||||
List<String> templateUuids = templateMapper.selectTemplateUuidsByOrganization(organizationUuid); | |||||
executeLargeInputsWithoutOutput(templateUuids, subList -> { | |||||
templateCharacteristicMapper.deleteByTemplateUuids(subList); | |||||
templateMapper.deleteGroupPermissionsByTemplateUuids(subList); | |||||
templateMapper.deleteUserPermissionsByTemplateUuids(subList); | |||||
templateMapper.deleteByUuids(subList); | |||||
}); | |||||
} | |||||
} | } |
import javax.annotation.Nullable; | import javax.annotation.Nullable; | ||||
public class PermissionTemplateDto { | public class PermissionTemplateDto { | ||||
private String name; | |||||
private String organizationUuid; | private String organizationUuid; | ||||
private String name; | |||||
private String uuid; | private String uuid; | ||||
private String description; | private String description; | ||||
private String keyPattern; | private String keyPattern; | ||||
private Date createdAt; | private Date createdAt; | ||||
private Date updatedAt; | private Date updatedAt; | ||||
public String getOrganizationUuid() { | |||||
return organizationUuid; | |||||
} | |||||
public PermissionTemplateDto setOrganizationUuid(String s) { | |||||
this.organizationUuid = s; | |||||
return this; | |||||
} | |||||
public String getName() { | public String getName() { | ||||
return name; | return name; | ||||
} | } | ||||
return this; | return this; | ||||
} | } | ||||
public PermissionTemplateDto setOrganizationUuid(String uuid) { | |||||
this.organizationUuid = uuid; | |||||
return this; | |||||
} | |||||
/** | /** | ||||
* @since 5.2 the kee column is a proper uuid. Before that it was build on the name + timestamp | * @since 5.2 the kee column is a proper uuid. Before that it was build on the name + timestamp | ||||
*/ | */ |
void deleteUserPermissionsByTemplateUuids(@Param("templateUuids") List<String> templateUuids); | void deleteUserPermissionsByTemplateUuids(@Param("templateUuids") List<String> templateUuids); | ||||
void deleteUserPermissionsByOrganization(@Param("organizationUuid") String organizationUuid, @Param("userUuid") String userUuid); | |||||
void deleteUserPermissionsByUserUuid(@Param("userUuid") String userUuid); | void deleteUserPermissionsByUserUuid(@Param("userUuid") String userUuid); | ||||
void deleteUserPermission(PermissionTemplateUserDto permissionTemplateUser); | void deleteUserPermission(PermissionTemplateUserDto permissionTemplateUser); | ||||
void deleteByGroupUuid(String groupUuid); | void deleteByGroupUuid(String groupUuid); | ||||
PermissionTemplateDto selectByName(@Param("organizationUuid") String organizationUuid, @Param("name") String name); | |||||
PermissionTemplateDto selectByName(@Param("name") String name); | |||||
List<String> selectUserLoginsByQueryAndTemplate(@Param("query") PermissionQuery query, @Param("templateUuid") String templateUuid, RowBounds rowBounds); | List<String> selectUserLoginsByQueryAndTemplate(@Param("query") PermissionQuery query, @Param("templateUuid") String templateUuid, RowBounds rowBounds); | ||||
List<String> selectGroupNamesByQueryAndTemplate(@Param("templateUuid") String templateUuid, @Param("query") PermissionQuery query, RowBounds rowBounds); | List<String> selectGroupNamesByQueryAndTemplate(@Param("templateUuid") String templateUuid, @Param("query") PermissionQuery query, RowBounds rowBounds); | ||||
int countGroupNamesByQueryAndTemplate(@Param("organizationUuid") String organizationUuid, @Param("query") PermissionQuery query, @Param("templateUuid") String templateUuid); | |||||
int countGroupNamesByQueryAndTemplate(@Param("query") PermissionQuery query, @Param("templateUuid") String templateUuid); | |||||
List<PermissionTemplateDto> selectAll(@Param("organizationUuid") String organizationUuid, @Nullable @Param("upperCaseNameLikeSql") String upperCaseNameLikeSql); | |||||
List<PermissionTemplateDto> selectAll(@Nullable @Param("upperCaseNameLikeSql") String upperCaseNameLikeSql); | |||||
void usersCountByTemplateUuidAndPermission(Map<String, Object> parameters, ResultHandler<CountByTemplateAndPermissionDto> resultHandler); | void usersCountByTemplateUuidAndPermission(Map<String, Object> parameters, ResultHandler<CountByTemplateAndPermissionDto> resultHandler); | ||||
int countGroupsWithPermission(@Param("templateUuid") String templateUuid, @Param("permission") String permission, @Nullable @Param("groupUuid") String groupUuid); | int countGroupsWithPermission(@Param("templateUuid") String templateUuid, @Param("permission") String permission, @Nullable @Param("groupUuid") String groupUuid); | ||||
List<String> selectTemplateUuidsByOrganization(@Param("organizationUuid") String organizationUuid); | |||||
List<String> selectTemplateUuids(); | |||||
List<PermissionTemplateGroupDto> selectAllGroupPermissionTemplatesByGroupUuid(@Param("groupUuid") String groupUuid); | List<PermissionTemplateGroupDto> selectAllGroupPermissionTemplatesByGroupUuid(@Param("groupUuid") String groupUuid); | ||||
/** | /** | ||||
* @param dbSession | * @param dbSession | ||||
* @param organizationUuid non-null UUID of organization (no support of "default" organization) | |||||
* @param name non-null group name | * @param name non-null group name | ||||
* @return the group with the given organization key and name | * @return the group with the given organization key and name | ||||
*/ | */ | ||||
public Optional<GroupDto> selectByName(DbSession dbSession, String organizationUuid, String name) { | |||||
return Optional.ofNullable(mapper(dbSession).selectByName(organizationUuid, name)); | |||||
public Optional<GroupDto> selectByName(DbSession dbSession, String name) { | |||||
return Optional.ofNullable(mapper(dbSession).selectByName(name)); | |||||
} | } | ||||
public List<GroupDto> selectByNames(DbSession dbSession, String organizationUuid, Collection<String> names) { | |||||
return executeLargeInputs(names, pageOfNames -> mapper(dbSession).selectByNames(organizationUuid, pageOfNames)); | |||||
public List<GroupDto> selectByNames(DbSession dbSession, Collection<String> names) { | |||||
return executeLargeInputs(names, pageOfNames -> mapper(dbSession).selectByNames(pageOfNames)); | |||||
} | } | ||||
@CheckForNull | @CheckForNull | ||||
mapper(dbSession).deleteByUuid(groupUuid); | mapper(dbSession).deleteByUuid(groupUuid); | ||||
} | } | ||||
public void deleteByOrganization(DbSession dbSession, String organizationUuid) { | |||||
mapper(dbSession).deleteByOrganization(organizationUuid); | |||||
public int countByQuery(DbSession session, @Nullable String query) { | |||||
return mapper(session).countByQuery(groupSearchToSql(query)); | |||||
} | } | ||||
public int countByQuery(DbSession session, String organizationUuid, @Nullable String query) { | |||||
return mapper(session).countByQuery(organizationUuid, groupSearchToSql(query)); | |||||
} | |||||
public List<GroupDto> selectByQuery(DbSession session, String organizationUuid, @Nullable String query, int offset, int limit) { | |||||
return mapper(session).selectByQuery(organizationUuid, groupSearchToSql(query), new RowBounds(offset, limit)); | |||||
public List<GroupDto> selectByQuery(DbSession session, @Nullable String query, int offset, int limit) { | |||||
return mapper(session).selectByQuery(groupSearchToSql(query), new RowBounds(offset, limit)); | |||||
} | } | ||||
public GroupDto insert(DbSession session, GroupDto item) { | public GroupDto insert(DbSession session, GroupDto item) { | ||||
return DaoUtils.buildLikeValue(upperCasedNameQuery, WildcardPosition.BEFORE_AND_AFTER); | return DaoUtils.buildLikeValue(upperCasedNameQuery, WildcardPosition.BEFORE_AND_AFTER); | ||||
} | } | ||||
public List<GroupDto> selectByOrganizationUuid(DbSession dbSession, String organizationUuid) { | |||||
return mapper(dbSession).selectByOrganizationUuid(organizationUuid); | |||||
} | |||||
private static GroupMapper mapper(DbSession session) { | private static GroupMapper mapper(DbSession session) { | ||||
return session.getMapper(GroupMapper.class); | return session.getMapper(GroupMapper.class); | ||||
} | } |
private String uuid; | private String uuid; | ||||
private String name; | private String name; | ||||
private String description; | private String description; | ||||
private String organizationUuid; | |||||
private Date createdAt; | private Date createdAt; | ||||
private Date updatedAt; | private Date updatedAt; | ||||
return this; | return this; | ||||
} | } | ||||
public String getOrganizationUuid() { | |||||
return organizationUuid; | |||||
} | |||||
public GroupDto setOrganizationUuid(String s) { | |||||
this.organizationUuid = s; | |||||
return this; | |||||
} | |||||
public GroupDto setCreatedAt(Date d) { | public GroupDto setCreatedAt(Date d) { | ||||
this.createdAt = d; | this.createdAt = d; | ||||
return this; | return this; | ||||
sb.append("id=").append(uuid); | sb.append("id=").append(uuid); | ||||
sb.append(", name='").append(name).append('\''); | sb.append(", name='").append(name).append('\''); | ||||
sb.append(", description='").append(description).append('\''); | sb.append(", description='").append(description).append('\''); | ||||
sb.append(", organizationUuid='").append(organizationUuid).append('\''); | |||||
sb.append(", createdAt=").append(createdAt); | sb.append(", createdAt=").append(createdAt); | ||||
sb.append(", updatedAt=").append(updatedAt); | sb.append(", updatedAt=").append(updatedAt); | ||||
sb.append('}'); | sb.append('}'); |
List<GroupDto> selectByUserLogin(String userLogin); | List<GroupDto> selectByUserLogin(String userLogin); | ||||
List<GroupDto> selectByNames(@Param("organizationUuid") String organizationUuid, @Param("names") List<String> names); | |||||
List<GroupDto> selectByNames(@Param("names") List<String> names); | |||||
void insert(GroupDto groupDto); | void insert(GroupDto groupDto); | ||||
void update(GroupDto item); | void update(GroupDto item); | ||||
List<GroupDto> selectByQuery(@Param("organizationUuid") String organizationUuid, @Nullable @Param("query") String query, RowBounds rowBounds); | |||||
List<GroupDto> selectByQuery(@Nullable @Param("query") String query, RowBounds rowBounds); | |||||
int countByQuery(@Param("organizationUuid") String organizationUuid, @Nullable @Param("query") String query); | |||||
/** | |||||
* Counts the number of groups with the specified id belonging to the specified organization. | |||||
* | |||||
* @return 1 or 0. Either because the organization uuid is not the one of the group or because the group does not exist | |||||
*/ | |||||
int countGroupByOrganizationAndUuid(@Param("organizationUuid") String organizationUuid, @Param("groupUuid") String groupUuid); | |||||
int countByQuery(@Nullable @Param("query") String query); | |||||
void deleteByUuid(String groupUuid); | void deleteByUuid(String groupUuid); | ||||
void deleteByOrganization(@Param("organizationUuid") String organizationUuid); | |||||
@CheckForNull | @CheckForNull | ||||
GroupDto selectByName(@Param("organizationUuid") String organizationUuid, @Param("name") String name); | |||||
List<GroupDto> selectByOrganizationUuid(@Param("organizationUuid") String organizationUuid); | |||||
GroupDto selectByName(@Param("name") String name); | |||||
List<GroupDto> selectByUuids(@Param("uuids") List<String> uuids); | List<GroupDto> selectByUuids(@Param("uuids") List<String> uuids); | ||||
} | } |
import com.google.common.collect.ArrayListMultimap; | import com.google.common.collect.ArrayListMultimap; | ||||
import com.google.common.collect.ImmutableMap; | import com.google.common.collect.ImmutableMap; | ||||
import com.google.common.collect.Multimap; | import com.google.common.collect.Multimap; | ||||
import com.google.common.collect.Multiset; | |||||
import java.util.Collection; | import java.util.Collection; | ||||
import java.util.HashMap; | import java.util.HashMap; | ||||
import java.util.List; | import java.util.List; | ||||
public class GroupMembershipDao implements Dao { | public class GroupMembershipDao implements Dao { | ||||
public List<GroupMembershipDto> selectGroups(DbSession session, GroupMembershipQuery query, String userUuid, int offset, int limit) { | public List<GroupMembershipDto> selectGroups(DbSession session, GroupMembershipQuery query, String userUuid, int offset, int limit) { | ||||
Map<String, Object> params = ImmutableMap.of("query", query, "userUuid", userUuid, "organizationUuid", query.organizationUuid()); | |||||
Map<String, Object> params = ImmutableMap.of("query", query, "userUuid", userUuid); | |||||
return mapper(session).selectGroups(params, new RowBounds(offset, limit)); | return mapper(session).selectGroups(params, new RowBounds(offset, limit)); | ||||
} | } | ||||
public int countGroups(DbSession session, GroupMembershipQuery query, String userUuid) { | public int countGroups(DbSession session, GroupMembershipQuery query, String userUuid) { | ||||
Map<String, Object> params = ImmutableMap.of("query", query, "userUuid", userUuid, "organizationUuid", query.organizationUuid()); | |||||
Map<String, Object> params = ImmutableMap.of("query", query, "userUuid", userUuid); | |||||
return mapper(session).countGroups(params); | return mapper(session).countGroups(params); | ||||
} | } | ||||
public List<UserMembershipDto> selectMembers(DbSession session, UserMembershipQuery query, int offset, int limit) { | public List<UserMembershipDto> selectMembers(DbSession session, UserMembershipQuery query, int offset, int limit) { | ||||
Map<String, Object> params = ImmutableMap.of("query", query, "groupUuid", query.groupUuid(), "organizationUuid", query.organizationUuid()); | |||||
Map<String, Object> params = ImmutableMap.of("query", query, "groupUuid", query.groupUuid()); | |||||
return mapper(session).selectMembers(params, new RowBounds(offset, limit)); | return mapper(session).selectMembers(params, new RowBounds(offset, limit)); | ||||
} | } | ||||
public int countMembers(DbSession session, UserMembershipQuery query) { | public int countMembers(DbSession session, UserMembershipQuery query) { | ||||
Map<String, Object> params = ImmutableMap.of("query", query, "groupUuid", query.groupUuid(), "organizationUuid", query.organizationUuid()); | |||||
Map<String, Object> params = ImmutableMap.of("query", query, "groupUuid", query.groupUuid()); | |||||
return mapper(session).countMembers(params); | return mapper(session).countMembers(params); | ||||
} | } | ||||
return result; | return result; | ||||
} | } | ||||
public List<String> selectGroupUuidsByUserUuid(DbSession dbSession, String userUuid) { | |||||
return mapper(dbSession).selectGroupUuidsByUserUuid(userUuid); | |||||
public Map<String, Integer> countGroupsByUsers(DbSession dbSession, List<String> logins) { | |||||
List<LoginGroupCount> loginGroupCount = mapper(dbSession).countGroupsByUsers(logins); | |||||
Map<String, Integer> map = new HashMap<>(); | |||||
for (LoginGroupCount l : loginGroupCount) { | |||||
map.put(l.login(), l.groupCount()); | |||||
} | |||||
return map; | |||||
} | } | ||||
public Multiset<String> countGroupByLoginsAndOrganization(DbSession dbSession, Collection<String> logins, String organizationUuid) { | |||||
Multimap<String, String> result = ArrayListMultimap.create(); | |||||
executeLargeInputs( | |||||
logins, | |||||
input -> { | |||||
List<LoginGroup> groupMemberships = mapper(dbSession).selectGroupsByLoginsAndOrganization(input, organizationUuid); | |||||
for (LoginGroup membership : groupMemberships) { | |||||
result.put(membership.login(), membership.groupName()); | |||||
} | |||||
return groupMemberships; | |||||
}); | |||||
return result.keys(); | |||||
public List<String> selectGroupUuidsByUserUuid(DbSession dbSession, String userUuid) { | |||||
return mapper(dbSession).selectGroupUuidsByUserUuid(userUuid); | |||||
} | } | ||||
public Multimap<String, String> selectGroupsByLogins(DbSession session, Collection<String> logins) { | public Multimap<String, String> selectGroupsByLogins(DbSession session, Collection<String> logins) { |
List<GroupUserCount> countUsersByGroup(@Param("groupUuids") List<String> groupUuids); | List<GroupUserCount> countUsersByGroup(@Param("groupUuids") List<String> groupUuids); | ||||
List<LoginGroup> selectGroupsByLogins(@Param("logins") List<String> logins); | |||||
List<LoginGroupCount> countGroupsByUsers(@Param("logins") List<String> logins); | |||||
List<LoginGroup> selectGroupsByLoginsAndOrganization(@Param("logins") List<String> logins, @Param("organizationUuid") String organizationUuid); | |||||
List<LoginGroup> selectGroupsByLogins(@Param("logins") List<String> logins); | |||||
List<String> selectGroupUuidsByUserUuid(@Param("userUuid") String userUuid); | List<String> selectGroupUuidsByUserUuid(@Param("userUuid") String userUuid); | ||||
} | } |
import static com.google.common.base.MoreObjects.firstNonNull; | import static com.google.common.base.MoreObjects.firstNonNull; | ||||
import static com.google.common.base.Preconditions.checkArgument; | import static com.google.common.base.Preconditions.checkArgument; | ||||
import static com.google.common.base.Preconditions.checkNotNull; | |||||
public class GroupMembershipQuery { | public class GroupMembershipQuery { | ||||
public static final String OUT = "OUT"; | public static final String OUT = "OUT"; | ||||
public static final Set<String> AVAILABLE_MEMBERSHIP = ImmutableSet.of(ANY, IN, OUT); | public static final Set<String> AVAILABLE_MEMBERSHIP = ImmutableSet.of(ANY, IN, OUT); | ||||
private final String organizationUuid; | |||||
private final String membership; | private final String membership; | ||||
private final String groupSearch; | private final String groupSearch; | ||||
// index of selected page. Start with 1. | // index of selected page. Start with 1. | ||||
private final int pageIndex; | private final int pageIndex; | ||||
private GroupMembershipQuery(Builder builder, String organizationUuid) { | |||||
private GroupMembershipQuery(Builder builder) { | |||||
this.membership = builder.membership; | this.membership = builder.membership; | ||||
this.groupSearch = builder.groupSearch; | this.groupSearch = builder.groupSearch; | ||||
this.organizationUuid = organizationUuid; | |||||
this.groupSearchSql = groupSearchToSql(groupSearch); | this.groupSearchSql = groupSearchToSql(groupSearch); | ||||
this.pageSize = builder.pageSize; | this.pageSize = builder.pageSize; | ||||
return sql; | return sql; | ||||
} | } | ||||
public String organizationUuid() { | |||||
return organizationUuid; | |||||
} | |||||
@CheckForNull | @CheckForNull | ||||
public String membership() { | public String membership() { | ||||
return membership; | return membership; | ||||
} | } | ||||
public static class Builder { | public static class Builder { | ||||
private String organizationUuid; | |||||
private String membership; | private String membership; | ||||
private String groupSearch; | private String groupSearch; | ||||
private Builder() { | private Builder() { | ||||
} | } | ||||
public Builder organizationUuid(String organizationUuid) { | |||||
this.organizationUuid = organizationUuid; | |||||
return this; | |||||
} | |||||
public Builder membership(@Nullable String membership) { | public Builder membership(@Nullable String membership) { | ||||
this.membership = membership; | this.membership = membership; | ||||
return this; | return this; | ||||
} | } | ||||
public GroupMembershipQuery build() { | public GroupMembershipQuery build() { | ||||
checkNotNull(organizationUuid, "Organization uuid cant be null"); | |||||
initMembership(); | initMembership(); | ||||
initPageIndex(); | initPageIndex(); | ||||
initPageSize(); | initPageSize(); | ||||
return new GroupMembershipQuery(this, organizationUuid); | |||||
return new GroupMembershipQuery(this); | |||||
} | } | ||||
} | } | ||||
} | } |
* along with this program; if not, write to the Free Software Foundation, | * along with this program; if not, write to the Free Software Foundation, | ||||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | ||||
*/ | */ | ||||
package org.sonar.server.organization.ws; | |||||
package org.sonar.db.user; | |||||
import javax.annotation.Nullable; | |||||
import org.sonar.server.ws.TestRequest; | |||||
public class LoginGroupCount { | |||||
private String login; | |||||
private int groupCount; | |||||
public class OrganizationsWsTestSupport { | |||||
static final String STRING_65_CHARS_LONG = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890-ab"; | |||||
static final String STRING_257_CHARS_LONG = String.format("%1$257.257s", "a").replace(" ", "a"); | |||||
public String login() { | |||||
return login; | |||||
} | |||||
static void setParam(TestRequest request, String param, @Nullable String value) { | |||||
if (value != null) { | |||||
request.setParam(param, value); | |||||
} | |||||
public int groupCount() { | |||||
return groupCount; | |||||
} | } | ||||
} | } |
mapper(session).deleteByGroupUuid(groupUuid); | mapper(session).deleteByGroupUuid(groupUuid); | ||||
} | } | ||||
public void deleteByOrganizationAndUser(DbSession dbSession, String organizationUuid, String userUuid) { | |||||
mapper(dbSession).deleteByOrganizationAndUser(organizationUuid, userUuid); | |||||
} | |||||
public void deleteByUserUuid(DbSession dbSession, String userUuid) { | public void deleteByUserUuid(DbSession dbSession, String userUuid) { | ||||
mapper(dbSession).deleteByUserUuid(userUuid); | mapper(dbSession).deleteByUserUuid(userUuid); | ||||
} | } |
void deleteByGroupUuid(@Param("groupUuid") String groupUuid); | void deleteByGroupUuid(@Param("groupUuid") String groupUuid); | ||||
void deleteByOrganizationAndUser(@Param("organizationUuid") String organizationUuid, @Param("userUuid") String userUuid); | |||||
void deleteByUserUuid(@Param("userUuid") String userUuid); | void deleteByUserUuid(@Param("userUuid") String userUuid); | ||||
} | } |
public static final Set<String> AVAILABLE_MEMBERSHIPS = ImmutableSet.of(ANY, IN, OUT); | public static final Set<String> AVAILABLE_MEMBERSHIPS = ImmutableSet.of(ANY, IN, OUT); | ||||
private final String groupUuid; | private final String groupUuid; | ||||
private final String organizationUuid; | |||||
private final String membership; | private final String membership; | ||||
private final String memberSearch; | private final String memberSearch; | ||||
private UserMembershipQuery(Builder builder) { | private UserMembershipQuery(Builder builder) { | ||||
this.groupUuid = builder.groupUuid; | this.groupUuid = builder.groupUuid; | ||||
this.organizationUuid = builder.organizationUuid; | |||||
this.membership = builder.membership; | this.membership = builder.membership; | ||||
this.memberSearch = builder.memberSearch; | this.memberSearch = builder.memberSearch; | ||||
this.memberSearchSql = memberSearch == null ? null : buildLikeValue(memberSearch, BEFORE_AND_AFTER); | this.memberSearchSql = memberSearch == null ? null : buildLikeValue(memberSearch, BEFORE_AND_AFTER); | ||||
return groupUuid; | return groupUuid; | ||||
} | } | ||||
public String organizationUuid() { | |||||
return organizationUuid; | |||||
} | |||||
@CheckForNull | @CheckForNull | ||||
public String membership() { | public String membership() { | ||||
return membership; | return membership; | ||||
public static class Builder { | public static class Builder { | ||||
private String groupUuid; | private String groupUuid; | ||||
private String organizationUuid; | |||||
private String membership; | private String membership; | ||||
private String memberSearch; | private String memberSearch; | ||||
return this; | return this; | ||||
} | } | ||||
public Builder organizationUuid(String organizationUuid) { | |||||
this.organizationUuid = organizationUuid; | |||||
return this; | |||||
} | |||||
public Builder membership(@Nullable String membership) { | public Builder membership(@Nullable String membership) { | ||||
this.membership = membership; | this.membership = membership; | ||||
return this; | return this; | ||||
public UserMembershipQuery build() { | public UserMembershipQuery build() { | ||||
requireNonNull(groupUuid, "Group ID cant be null."); | requireNonNull(groupUuid, "Group ID cant be null."); | ||||
requireNonNull(organizationUuid, "Organization UUID cannot be null"); | |||||
initMembership(); | initMembership(); | ||||
initPageIndex(); | initPageIndex(); | ||||
initPageSize(); | initPageSize(); |
<mapper namespace="org.sonar.db.permission.AuthorizationMapper"> | <mapper namespace="org.sonar.db.permission.AuthorizationMapper"> | ||||
<select id="selectOrganizationPermissions" parameterType="map" resultType="string"> | |||||
<select id="selectGlobalPermissions" parameterType="map" resultType="string"> | |||||
select gr.role | select gr.role | ||||
from group_roles gr | from group_roles gr | ||||
inner join groups_users gu on gr.group_uuid=gu.group_uuid | inner join groups_users gu on gr.group_uuid=gu.group_uuid | ||||
where | where | ||||
gr.organization_uuid=#{organizationUuid, jdbcType=VARCHAR} and | |||||
gr.component_uuid is null and | gr.component_uuid is null and | ||||
gu.user_uuid=#{userUuid, jdbcType=VARCHAR} | gu.user_uuid=#{userUuid, jdbcType=VARCHAR} | ||||
select gr.role | select gr.role | ||||
from group_roles gr | from group_roles gr | ||||
where | where | ||||
gr.organization_uuid=#{organizationUuid, jdbcType=VARCHAR} and | |||||
gr.group_uuid is null and | gr.group_uuid is null and | ||||
gr.component_uuid is null | gr.component_uuid is null | ||||
select ur.role | select ur.role | ||||
from user_roles ur | from user_roles ur | ||||
where | where | ||||
ur.organization_uuid=#{organizationUuid, jdbcType=VARCHAR} and | |||||
ur.user_uuid=#{userUuid, jdbcType=VARCHAR} | ur.user_uuid=#{userUuid, jdbcType=VARCHAR} | ||||
and ur.component_uuid is null | and ur.component_uuid is null | ||||
</select> | </select> | ||||
<select id="selectOrganizationPermissionsOfAnonymous" parameterType="map" resultType="string"> | |||||
<select id="selectGlobalPermissionsOfAnonymous" parameterType="map" resultType="string"> | |||||
select gr.role | select gr.role | ||||
from group_roles gr | from group_roles gr | ||||
where | where | ||||
gr.organization_uuid=#{organizationUuid, jdbcType=VARCHAR} and | |||||
gr.component_uuid is null and | gr.component_uuid is null and | ||||
gr.group_uuid is null | gr.group_uuid is null | ||||
</select> | </select> | ||||
from groups_users gu | from groups_users gu | ||||
inner join group_roles gr on gr.group_uuid = gu.group_uuid | inner join group_roles gr on gr.group_uuid = gu.group_uuid | ||||
where | where | ||||
gr.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||||
gr.role = #{permission, jdbcType=VARCHAR} and | gr.role = #{permission, jdbcType=VARCHAR} and | ||||
gr.component_uuid is null and | gr.component_uuid is null and | ||||
gr.group_uuid is not null and | gr.group_uuid is not null and | ||||
select ur.user_uuid | select ur.user_uuid | ||||
from user_roles ur | from user_roles ur | ||||
where | where | ||||
ur.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||||
ur.component_uuid is null and | ur.component_uuid is null and | ||||
ur.role = #{permission, jdbcType=VARCHAR} | ur.role = #{permission, jdbcType=VARCHAR} | ||||
) remaining | ) remaining | ||||
from groups_users gu | from groups_users gu | ||||
inner join group_roles gr on gr.group_uuid = gu.group_uuid | inner join group_roles gr on gr.group_uuid = gu.group_uuid | ||||
where | where | ||||
gr.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||||
gr.role = #{permission, jdbcType=VARCHAR} and | gr.role = #{permission, jdbcType=VARCHAR} and | ||||
gr.component_uuid is null and | gr.component_uuid is null and | ||||
gr.group_uuid is not null and | gr.group_uuid is not null and | ||||
select ur.user_uuid | select ur.user_uuid | ||||
from user_roles ur | from user_roles ur | ||||
where | where | ||||
ur.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||||
ur.component_uuid is null and | ur.component_uuid is null and | ||||
ur.role = #{permission, jdbcType=VARCHAR} and | ur.role = #{permission, jdbcType=VARCHAR} and | ||||
ur.user_uuid != #{excludedUserUuid, jdbcType=VARCHAR} | ur.user_uuid != #{excludedUserUuid, jdbcType=VARCHAR} | ||||
from groups_users gu | from groups_users gu | ||||
inner join group_roles gr on gr.group_uuid = gu.group_uuid | inner join group_roles gr on gr.group_uuid = gu.group_uuid | ||||
where | where | ||||
gr.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||||
gr.role = #{permission, jdbcType=VARCHAR} and | gr.role = #{permission, jdbcType=VARCHAR} and | ||||
gr.component_uuid is null and | gr.component_uuid is null and | ||||
gr.group_uuid is not null | gr.group_uuid is not null | ||||
select ur.user_uuid | select ur.user_uuid | ||||
from user_roles ur | from user_roles ur | ||||
where | where | ||||
ur.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||||
ur.component_uuid is null and | ur.component_uuid is null and | ||||
ur.role = #{permission, jdbcType=VARCHAR} | ur.role = #{permission, jdbcType=VARCHAR} | ||||
</select> | </select> | ||||
from groups_users gu | from groups_users gu | ||||
inner join group_roles gr on gr.group_uuid = gu.group_uuid | inner join group_roles gr on gr.group_uuid = gu.group_uuid | ||||
where | where | ||||
gr.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||||
gr.role = #{permission, jdbcType=VARCHAR} and | gr.role = #{permission, jdbcType=VARCHAR} and | ||||
gr.component_uuid is null and | gr.component_uuid is null and | ||||
gr.group_uuid is not null and | gr.group_uuid is not null and | ||||
select ur.user_uuid | select ur.user_uuid | ||||
from user_roles ur | from user_roles ur | ||||
where | where | ||||
ur.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||||
ur.component_uuid is null and | ur.component_uuid is null and | ||||
ur.role = #{permission, jdbcType=VARCHAR} | ur.role = #{permission, jdbcType=VARCHAR} | ||||
) remaining | ) remaining | ||||
from groups_users gu | from groups_users gu | ||||
inner join group_roles gr on gr.group_uuid = gu.group_uuid | inner join group_roles gr on gr.group_uuid = gu.group_uuid | ||||
where | where | ||||
gr.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||||
gr.role = #{permission, jdbcType=VARCHAR} and | gr.role = #{permission, jdbcType=VARCHAR} and | ||||
gr.component_uuid is null and | gr.component_uuid is null and | ||||
gr.group_uuid is not null | gr.group_uuid is not null | ||||
select ur.user_uuid | select ur.user_uuid | ||||
from user_roles ur | from user_roles ur | ||||
where | where | ||||
ur.organization_uuid = #{organizationUuid, jdbcType=VARCHAR} and | |||||
ur.component_uuid is null and | ur.component_uuid is null and | ||||
ur.role = #{permission, jdbcType=VARCHAR} and | ur.role = #{permission, jdbcType=VARCHAR} and | ||||
ur.user_uuid != #{userUuid, jdbcType=VARCHAR} | ur.user_uuid != #{userUuid, jdbcType=VARCHAR} | ||||
) remaining | ) remaining | ||||
</select> | </select> | ||||
<select id="selectOrganizationUuidsOfUserWithGlobalPermission" parameterType="map" resultType="String"> | |||||
select gr.organization_uuid | |||||
from group_roles gr | |||||
inner join groups_users gu on gr.group_uuid = gu.group_uuid | |||||
where | |||||
gr.role = #{permission, jdbcType=VARCHAR} and | |||||
gr.component_uuid is null and | |||||
gr.group_uuid is not null and | |||||
gu.user_uuid = #{userUuid, jdbcType=VARCHAR} | |||||
union | |||||
select ur.organization_uuid | |||||
from user_roles ur | |||||
where | |||||
ur.component_uuid is null and | |||||
ur.role = #{permission, jdbcType=VARCHAR} and | |||||
ur.user_uuid = #{userUuid, jdbcType=VARCHAR} | |||||
</select> | |||||
<select id="keepAuthorizedProjectUuidsForUser" parameterType="map" resultType="String"> | <select id="keepAuthorizedProjectUuidsForUser" parameterType="map" resultType="String"> | ||||
select | select | ||||
gr.component_uuid | gr.component_uuid | ||||
inner join components p on p.uuid = ur.component_uuid | inner join components p on p.uuid = ur.component_uuid | ||||
where | where | ||||
p.uuid = #{projectUuid, jdbcType=VARCHAR} and | p.uuid = #{projectUuid, jdbcType=VARCHAR} and | ||||
p.organization_uuid = ur.organization_uuid and | |||||
ur.user_uuid = #{userUuid, jdbcType=VARCHAR} | ur.user_uuid = #{userUuid, jdbcType=VARCHAR} | ||||
union | union | ||||
inner join components p on p.uuid = gr.component_uuid | inner join components p on p.uuid = gr.component_uuid | ||||
where | where | ||||
p.uuid = #{projectUuid, jdbcType=VARCHAR} and | p.uuid = #{projectUuid, jdbcType=VARCHAR} and | ||||
p.organization_uuid = gr.organization_uuid and | |||||
gu.user_uuid = #{userUuid, jdbcType=VARCHAR} | gu.user_uuid = #{userUuid, jdbcType=VARCHAR} | ||||
union | union | ||||
p.uuid = gr.component_uuid | p.uuid = gr.component_uuid | ||||
where | where | ||||
p.uuid = #{projectUuid, jdbcType=VARCHAR} | p.uuid = #{projectUuid, jdbcType=VARCHAR} | ||||
and p.organization_uuid = gr.organization_uuid | |||||
and gr.group_uuid is null | and gr.group_uuid is null | ||||
</sql> | </sql> | ||||
exists ( | exists ( | ||||
select 1 | select 1 | ||||
from user_roles ur | from user_roles ur | ||||
inner join components p on p.uuid = ur.component_uuid and p.organization_uuid = ur.organization_uuid | |||||
inner join components p on p.uuid = ur.component_uuid | |||||
where | where | ||||
p.kee = #{projectKey, jdbcType=VARCHAR} | p.kee = #{projectKey, jdbcType=VARCHAR} | ||||
and ur.role = #{permission, jdbcType=VARCHAR} | and ur.role = #{permission, jdbcType=VARCHAR} | ||||
) or exists ( | ) or exists ( | ||||
select 1 | select 1 | ||||
from components p | from components p | ||||
inner join group_roles gr on gr.component_uuid = p.uuid and gr.organization_uuid = p.organization_uuid | |||||
inner join group_roles gr on gr.component_uuid = p.uuid | |||||
inner join groups_users gu on gu.group_uuid = gr.group_uuid | inner join groups_users gu on gu.group_uuid = gr.group_uuid | ||||
where | where | ||||
p.kee = #{projectKey, jdbcType=VARCHAR} | p.kee = #{projectKey, jdbcType=VARCHAR} |
<select id="selectGroupNamesByQuery" parameterType="map" resultType="string"> | <select id="selectGroupNamesByQuery" parameterType="map" resultType="string"> | ||||
select sub.name, lower(sub.name), sub.groupUuid | select sub.name, lower(sub.name), sub.groupUuid | ||||
<include refid="groupsByQuery" /> | |||||
<include refid="groupsByQuery"/> | |||||
group by sub.name, lower(sub.name), sub.groupUuid | group by sub.name, lower(sub.name), sub.groupUuid | ||||
order by case when (count(sub.permission) > 0) then 1 else 2 end asc, lower(sub.name), sub.name, sub.groupUuid | order by case when (count(sub.permission) > 0) then 1 else 2 end asc, lower(sub.name), sub.name, sub.groupUuid | ||||
</select> | </select> | ||||
select count(1) | select count(1) | ||||
from ( | from ( | ||||
select distinct sub.groupUuid | select distinct sub.groupUuid | ||||
<include refid="groupsByQuery" />) g | |||||
<include refid="groupsByQuery"/>) g | |||||
</select> | </select> | ||||
<sql id="groupsByQuery"> | <sql id="groupsByQuery"> | ||||
<if test="query.componentUuid != null"> | <if test="query.componentUuid != null"> | ||||
and gr.component_uuid = #{query.componentUuid,jdbcType=VARCHAR} | and gr.component_uuid = #{query.componentUuid,jdbcType=VARCHAR} | ||||
</if> | </if> | ||||
where | |||||
g.organization_uuid = #{query.organizationUuid,jdbcType=VARCHAR} | |||||
union all | union all | ||||
and gr.component_uuid = #{query.componentUuid,jdbcType=VARCHAR} | and gr.component_uuid = #{query.componentUuid,jdbcType=VARCHAR} | ||||
</if> | </if> | ||||
<if test="query.withAtLeastOnePermission()"> | <if test="query.withAtLeastOnePermission()"> | ||||
and gr.organization_uuid = #{query.organizationUuid,jdbcType=VARCHAR} and | |||||
gr.group_uuid is null | |||||
and gr.group_uuid is null | |||||
</if> | </if> | ||||
</where> | </where> | ||||
</sql> | </sql> | ||||
<select id="selectByGroupUuids" parameterType="map" resultType="GroupPermission"> | <select id="selectByGroupUuids" parameterType="map" resultType="GroupPermission"> | ||||
select sub.groupUuid as groupUuid, sub.componentUuid as componentUuid, sub.permission as role, sub.organizationUuid as organizationUuid | |||||
select sub.groupUuid as groupUuid, sub.componentUuid as componentUuid, sub.permission as role | |||||
from | from | ||||
( | ( | ||||
select gr.group_uuid as groupUuid, gr.component_uuid as componentUuid, gr.role as permission, g.name as name, gr.organization_uuid as organizationUuid | |||||
select gr.group_uuid as groupUuid, gr.component_uuid as componentUuid, gr.role as permission, g.name as name | |||||
from group_roles gr | from group_roles gr | ||||
inner join groups g ON g.uuid = gr.group_uuid | inner join groups g ON g.uuid = gr.group_uuid | ||||
where gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||||
gr.group_uuid is not null | |||||
where gr.group_uuid is not null | |||||
union all | union all | ||||
select 'Anyone' as groupUuid, gr.component_uuid as componentUuid, gr.role as permission, 'Anyone' as name, gr.organization_uuid as organizationUuid | |||||
select 'Anyone' as groupUuid, gr.component_uuid as componentUuid, gr.role as permission, 'Anyone' as name | |||||
from group_roles gr | from group_roles gr | ||||
where | where | ||||
gr.group_uuid is null and | |||||
gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||||
gr.group_uuid is null | |||||
) sub | ) sub | ||||
where | where | ||||
sub.groupUuid in | sub.groupUuid in | ||||
select gr.role | select gr.role | ||||
from group_roles gr | from group_roles gr | ||||
where | where | ||||
gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||||
gr.component_uuid is null and | gr.component_uuid is null and | ||||
<choose> | <choose> | ||||
<when test="groupUuid != null"> | <when test="groupUuid != null"> | ||||
select gr.role | select gr.role | ||||
from group_roles gr | from group_roles gr | ||||
where | where | ||||
gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||||
gr.component_uuid = #{projectUuid,jdbcType=VARCHAR} and | gr.component_uuid = #{projectUuid,jdbcType=VARCHAR} and | ||||
<choose> | <choose> | ||||
<when test="groupUuid != null"> | <when test="groupUuid != null"> | ||||
</select> | </select> | ||||
<select id="selectAllPermissionsByGroupUuid" parameterType="map" resultType="GroupPermission"> | <select id="selectAllPermissionsByGroupUuid" parameterType="map" resultType="GroupPermission"> | ||||
select gr.group_uuid as groupUuid, gr.component_uuid as componentUuid, gr.role as role, gr.organization_uuid as organizationUuid | |||||
select gr.group_uuid as groupUuid, gr.component_uuid as componentUuid, gr.role as role | |||||
from group_roles gr | from group_roles gr | ||||
where gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||||
and gr.group_uuid = #{groupUuid,jdbcType=VARCHAR} | |||||
where gr.group_uuid = #{groupUuid,jdbcType=VARCHAR} | |||||
</select> | </select> | ||||
<select id="selectGroupUuidsWithPermissionOnProjectBut" resultType="string"> | <select id="selectGroupUuidsWithPermissionOnProjectBut" resultType="string"> | ||||
<insert id="insert" parameterType="GroupPermission"> | <insert id="insert" parameterType="GroupPermission"> | ||||
insert into group_roles ( | insert into group_roles ( | ||||
uuid, | |||||
organization_uuid, | organization_uuid, | ||||
uuid, | |||||
group_uuid, | group_uuid, | ||||
component_uuid, | component_uuid, | ||||
role | role | ||||
) values ( | ) values ( | ||||
'asd', | |||||
#{uuid,jdbcType=VARCHAR}, | #{uuid,jdbcType=VARCHAR}, | ||||
#{organizationUuid,jdbcType=VARCHAR}, | |||||
#{groupUuid,jdbcType=VARCHAR}, | #{groupUuid,jdbcType=VARCHAR}, | ||||
#{componentUuid,jdbcType=BIGINT}, | #{componentUuid,jdbcType=BIGINT}, | ||||
#{role,jdbcType=VARCHAR} | #{role,jdbcType=VARCHAR} | ||||
delete from group_roles | delete from group_roles | ||||
where | where | ||||
role=#{permission,jdbcType=VARCHAR} and | role=#{permission,jdbcType=VARCHAR} and | ||||
organization_uuid=#{organizationUuid,jdbcType=VARCHAR} and | |||||
<choose> | <choose> | ||||
<when test="rootComponentUuid != null"> | <when test="rootComponentUuid != null"> | ||||
component_uuid=#{rootComponentUuid,jdbcType=BIGINT} | component_uuid=#{rootComponentUuid,jdbcType=BIGINT} | ||||
</otherwise> | </otherwise> | ||||
</choose> | </choose> | ||||
</delete> | </delete> | ||||
<delete id="deleteByOrganization" parameterType="String"> | |||||
delete from | |||||
group_roles | |||||
where | |||||
organization_uuid=#{organizationUuid,jdbcType=VARCHAR} | |||||
</delete> | |||||
</mapper> | </mapper> |
<select id="selectUserPermissionsByQueryAndUserUuids" parameterType="map" resultType="org.sonar.db.permission.UserPermissionDto"> | <select id="selectUserPermissionsByQueryAndUserUuids" parameterType="map" resultType="org.sonar.db.permission.UserPermissionDto"> | ||||
select | select | ||||
u.uuid as userUuid, | u.uuid as userUuid, | ||||
ur.organization_uuid as organizationUuid, | |||||
ur.component_uuid as componentUuid, | ur.component_uuid as componentUuid, | ||||
ur.role as permission | ur.role as permission | ||||
<include refid="sqlQueryJoins" /> | |||||
<include refid="sqlQueryJoins"/> | |||||
<where> | <where> | ||||
u.uuid in <foreach collection="userUuids" open="(" close=")" item="userUuid" separator=",">#{userUuid,jdbcType=VARCHAR}</foreach> | u.uuid in <foreach collection="userUuids" open="(" close=")" item="userUuid" separator=",">#{userUuid,jdbcType=VARCHAR}</foreach> | ||||
<include refid="sqlQueryFilters" /> | |||||
<include refid="sqlQueryFilters"/> | |||||
</where> | </where> | ||||
</select> | </select> | ||||
<select id="selectUserUuidsByQuery" parameterType="map" resultType="String"> | <select id="selectUserUuidsByQuery" parameterType="map" resultType="String"> | ||||
select | select | ||||
u.uuid, lower(u.name) | u.uuid, lower(u.name) | ||||
<include refid="sqlQueryJoins" /> | |||||
<include refid="sqlQueryJoins"/> | |||||
<where> | <where> | ||||
<include refid="sqlQueryFilters" /> | |||||
<include refid="sqlQueryFilters"/> | |||||
</where> | </where> | ||||
group by u.uuid, lower(u.name) | group by u.uuid, lower(u.name) | ||||
order by case when (count(ur.role) > 0) then 1 else 2 end asc, lower(u.name) asc | order by case when (count(ur.role) > 0) then 1 else 2 end asc, lower(u.name) asc | ||||
select | select | ||||
u.uuid, lower(u.name) | u.uuid, lower(u.name) | ||||
from users u | from users u | ||||
left join user_roles ur on ur.user_uuid = u.uuid and ur.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR} | |||||
left join user_roles ur on ur.user_uuid = u.uuid | |||||
<choose> | <choose> | ||||
<when test="query.componentUuid == null"> | <when test="query.componentUuid == null"> | ||||
and ur.component_uuid is null | and ur.component_uuid is null | ||||
</otherwise> | </otherwise> | ||||
</choose> | </choose> | ||||
left join components p on ur.component_uuid = p.uuid | left join components p on ur.component_uuid = p.uuid | ||||
inner join organization_members om on u.uuid=om.user_uuid and om.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR} | |||||
<where> | <where> | ||||
<include refid="sqlQueryFilters" /> | |||||
<include refid="sqlQueryFilters"/> | |||||
</where> | </where> | ||||
group by u.uuid, lower(u.name) | group by u.uuid, lower(u.name) | ||||
order by case when (count(distinct ur.role) > 0) then 1 else 2 end asc, lower(u.name) asc | order by case when (count(distinct ur.role) > 0) then 1 else 2 end asc, lower(u.name) asc | ||||
<select id="countUsersByQuery" parameterType="map" resultType="int"> | <select id="countUsersByQuery" parameterType="map" resultType="int"> | ||||
select count(distinct(u.uuid)) | select count(distinct(u.uuid)) | ||||
<include refid="sqlQueryJoins" /> | |||||
<include refid="sqlQueryJoins"/> | |||||
<where> | <where> | ||||
<include refid="sqlQueryFilters" /> | |||||
<include refid="sqlQueryFilters"/> | |||||
</where> | </where> | ||||
</select> | </select> | ||||
from users u | from users u | ||||
left join user_roles ur on ur.user_uuid = u.uuid | left join user_roles ur on ur.user_uuid = u.uuid | ||||
left join components p on ur.component_uuid = p.uuid | left join components p on ur.component_uuid = p.uuid | ||||
inner join organization_members om on u.uuid=om.user_uuid and om.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR} | |||||
</sql> | </sql> | ||||
<sql id="sqlQueryFilters"> | <sql id="sqlQueryFilters"> | ||||
</if> | </if> | ||||
<!-- filter rows with user permissions --> | <!-- filter rows with user permissions --> | ||||
<if test="query.withAtLeastOnePermission()"> | <if test="query.withAtLeastOnePermission()"> | ||||
and ur.organization_uuid = om.organization_uuid | |||||
and ur.role is not null | and ur.role is not null | ||||
<if test="query.componentUuid==null"> | <if test="query.componentUuid==null"> | ||||
and ur.component_uuid is null | and ur.component_uuid is null | ||||
select ur.role | select ur.role | ||||
from user_roles ur | from user_roles ur | ||||
where | where | ||||
ur.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||||
ur.user_uuid = #{userUuid,jdbcType=VARCHAR} and | ur.user_uuid = #{userUuid,jdbcType=VARCHAR} and | ||||
ur.component_uuid is null | ur.component_uuid is null | ||||
</select> | </select> | ||||
<insert id="insert" parameterType="org.sonar.db.permission.UserPermissionDto" useGeneratedKeys="false"> | <insert id="insert" parameterType="org.sonar.db.permission.UserPermissionDto" useGeneratedKeys="false"> | ||||
insert into user_roles ( | insert into user_roles ( | ||||
uuid, | |||||
organization_uuid, | organization_uuid, | ||||
uuid, | |||||
user_uuid, | user_uuid, | ||||
component_uuid, | component_uuid, | ||||
role | role | ||||
) values ( | ) values ( | ||||
#{uuid,jdbcType=VARCHAR}, | |||||
#{organizationUuid,jdbcType=VARCHAR}, | |||||
#{userUuid,jdbcType=VARCHAR}, | |||||
#{componentUuid,jdbcType=VARCHAR}, | |||||
#{permission,jdbcType=VARCHAR} | |||||
#{defaultOrgUuid,jdbcType=VARCHAR}, | |||||
#{dto.uuid,jdbcType=VARCHAR}, | |||||
#{dto.userUuid,jdbcType=VARCHAR}, | |||||
#{dto.componentUuid,jdbcType=VARCHAR}, | |||||
#{dto.permission,jdbcType=VARCHAR} | |||||
) | ) | ||||
</insert> | </insert> | ||||
where | where | ||||
role = #{permission,jdbcType=VARCHAR} and | role = #{permission,jdbcType=VARCHAR} and | ||||
user_uuid = #{userUuid,jdbcType=VARCHAR} and | user_uuid = #{userUuid,jdbcType=VARCHAR} and | ||||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||||
component_uuid is null | component_uuid is null | ||||
</delete> | </delete> | ||||
and role = #{permission,jdbcType=VARCHAR} | and role = #{permission,jdbcType=VARCHAR} | ||||
</delete> | </delete> | ||||
<delete id="deleteByOrganization" parameterType="String"> | |||||
delete from | |||||
user_roles | |||||
where | |||||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||||
</delete> | |||||
<delete id="deleteOrganizationMemberPermissions" parameterType="map"> | |||||
delete from | |||||
user_roles | |||||
where | |||||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||||
user_uuid = #{userUuid,jdbcType=VARCHAR} | |||||
</delete> | |||||
<delete id="deleteByUserUuid" parameterType="String"> | <delete id="deleteByUserUuid" parameterType="String"> | ||||
DELETE FROM user_roles WHERE user_uuid=#{userUuid,jdbcType=VARCHAR} | DELETE FROM user_roles WHERE user_uuid=#{userUuid,jdbcType=VARCHAR} | ||||
</delete> | </delete> |
AND permission_reference = #{permission} | AND permission_reference = #{permission} | ||||
</delete> | </delete> | ||||
<delete id="deleteUserPermissionsByOrganization" parameterType="map"> | |||||
delete from perm_templates_users | |||||
where | |||||
user_uuid = #{userUuid,jdbcType=VARCHAR} | |||||
and template_uuid in (select uuid from permission_templates where organization_uuid=#{organizationUuid,jdbcType=VARCHAR}) | |||||
</delete> | |||||
<delete id="deleteUserPermissionsByUserUuid" parameterType="String"> | <delete id="deleteUserPermissionsByUserUuid" parameterType="String"> | ||||
delete from perm_templates_users | delete from perm_templates_users | ||||
where | where | ||||
<sql id="userLoginsByQueryAndTemplate"> | <sql id="userLoginsByQueryAndTemplate"> | ||||
FROM users u | FROM users u | ||||
LEFT JOIN perm_templates_users ptu ON ptu.user_uuid=u.uuid | |||||
AND ptu.template_uuid=#{templateUuid} | |||||
INNER JOIN organization_members om ON u.uuid=om.user_uuid | |||||
AND om.organization_uuid=#{query.organizationUuid} | |||||
LEFT JOIN perm_templates_users ptu ON ptu.user_uuid=u.uuid AND ptu.template_uuid=#{templateUuid} | |||||
<where> | <where> | ||||
u.active = ${_true} | u.active = ${_true} | ||||
<if test="query.getSearchQueryToSql() != null"> | <if test="query.getSearchQueryToSql() != null"> | ||||
<select id="selectGroupNamesByQueryAndTemplate" parameterType="map" resultType="string"> | <select id="selectGroupNamesByQueryAndTemplate" parameterType="map" resultType="string"> | ||||
select groups.name, lower(groups.name), groups.group_uuid | select groups.name, lower(groups.name), groups.group_uuid | ||||
<include refid="groupNamesByQueryAndTemplate" /> | |||||
<include refid="groupNamesByQueryAndTemplate"/> | |||||
group by groups.name, lower(groups.name), groups.group_uuid | group by groups.name, lower(groups.name), groups.group_uuid | ||||
order by case when (count(groups.permission) > 0) then 1 else 2 end asc, lower(groups.name), groups.name, groups.group_uuid | order by case when (count(groups.permission) > 0) then 1 else 2 end asc, lower(groups.name), groups.name, groups.group_uuid | ||||
</select> | </select> | ||||
SELECT COUNT(1) | SELECT COUNT(1) | ||||
FROM ( | FROM ( | ||||
SELECT DISTINCT group_uuid | SELECT DISTINCT group_uuid | ||||
<include refid="groupNamesByQueryAndTemplate" />) g | |||||
<include refid="groupNamesByQueryAndTemplate"/>) g | |||||
</select> | </select> | ||||
<sql id="groupNamesByQueryAndTemplate"> | <sql id="groupNamesByQueryAndTemplate"> | ||||
LEFT JOIN perm_templates_groups ptg ON | LEFT JOIN perm_templates_groups ptg ON | ||||
ptg.group_uuid=g.uuid | ptg.group_uuid=g.uuid | ||||
AND ptg.template_uuid=#{templateUuid} | AND ptg.template_uuid=#{templateUuid} | ||||
where | |||||
g.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR} | |||||
UNION ALL | UNION ALL | ||||
SELECT | SELECT | ||||
'Anyone' AS group_uuid, | 'Anyone' AS group_uuid, | ||||
FROM groups g | FROM groups g | ||||
LEFT JOIN perm_templates_groups ptg ON | LEFT JOIN perm_templates_groups ptg ON | ||||
ptg.template_uuid=#{templateUuid} | ptg.template_uuid=#{templateUuid} | ||||
<if test="query.withAtLeastOnePermission()"> | |||||
<where> | <where> | ||||
g.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR} | |||||
<if test="query.withAtLeastOnePermission()"> | |||||
AND ptg.group_uuid IS NULL | |||||
</if> | |||||
ptg.group_uuid IS NULL | |||||
</where> | </where> | ||||
</if> | |||||
) groups | ) groups | ||||
<where> | <where> | ||||
<if test="query.searchQueryToSql != null"> | <if test="query.searchQueryToSql != null"> | ||||
</sql> | </sql> | ||||
<sql id="templateColumns"> | <sql id="templateColumns"> | ||||
organization_uuid as organizationUuid, name, uuid, description, key_pattern AS keyPattern, created_at AS createdAt, updated_at AS updatedAt | |||||
name, uuid, description, key_pattern AS keyPattern, created_at AS createdAt, updated_at AS updatedAt | |||||
</sql> | </sql> | ||||
<select id="selectByUuid" parameterType="String" resultType="PermissionTemplate"> | <select id="selectByUuid" parameterType="String" resultType="PermissionTemplate"> | ||||
select | select | ||||
<include refid="templateColumns"/> | <include refid="templateColumns"/> | ||||
from permission_templates | from permission_templates | ||||
where | |||||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||||
<if test="upperCaseNameLikeSql != null"> | <if test="upperCaseNameLikeSql != null"> | ||||
and upper(name) like #{upperCaseNameLikeSql} escape '/' | |||||
where upper(name) like #{upperCaseNameLikeSql} escape '/' | |||||
</if> | </if> | ||||
order by upper(name), name | order by upper(name), name | ||||
</select> | </select> | ||||
<include refid="templateColumns"/> | <include refid="templateColumns"/> | ||||
from permission_templates | from permission_templates | ||||
where | where | ||||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||||
upper(name) = #{name,jdbcType=VARCHAR} | upper(name) = #{name,jdbcType=VARCHAR} | ||||
</select> | </select> | ||||
</if> | </if> | ||||
</select> | </select> | ||||
<select id="selectTemplateUuidsByOrganization" resultType="String"> | |||||
<select id="selectTemplateUuidsn" resultType="String"> | |||||
select | select | ||||
uuid | uuid | ||||
from | from | ||||
permission_templates | permission_templates | ||||
where | |||||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||||
</select> | </select> | ||||
<select id="selectAllGroupPermissionTemplatesByGroupUuid" parameterType="string" resultType="PermissionTemplateGroup"> | <select id="selectAllGroupPermissionTemplatesByGroupUuid" parameterType="string" resultType="PermissionTemplateGroup"> |
g.uuid as uuid, | g.uuid as uuid, | ||||
g.name as name, | g.name as name, | ||||
g.description as description, | g.description as description, | ||||
g.organization_uuid as organizationUuid, | |||||
g.created_at as "createdAt", | g.created_at as "createdAt", | ||||
g.updated_at as "updatedAt" | g.updated_at as "updatedAt" | ||||
</sql> | </sql> | ||||
select | select | ||||
<include refid="groupColumns"/> | <include refid="groupColumns"/> | ||||
from groups g | from groups g | ||||
where g.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and g.name = #{name,jdbcType=VARCHAR} | |||||
where g.name = #{name,jdbcType=VARCHAR} | |||||
</select> | </select> | ||||
<select id="selectByUuids" parameterType="String" resultType="Group"> | <select id="selectByUuids" parameterType="String" resultType="Group"> | ||||
</where> | </where> | ||||
</delete> | </delete> | ||||
<delete id="deleteByOrganization" parameterType="String"> | |||||
delete from | |||||
groups | |||||
where | |||||
organization_uuid=#{organizationUuid,jdbcType=VARCHAR} | |||||
</delete> | |||||
<select id="selectByUserLogin" parameterType="string" resultType="Group"> | <select id="selectByUserLogin" parameterType="string" resultType="Group"> | ||||
select | select | ||||
<include refid="groupColumns"/> | <include refid="groupColumns"/> | ||||
<include refid="groupColumns"/> | <include refid="groupColumns"/> | ||||
from groups g | from groups g | ||||
where | where | ||||
g.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and | |||||
g.name in | g.name in | ||||
<foreach item="name" index="index" collection="names" open="(" separator="," close=")"> | <foreach item="name" index="index" collection="names" open="(" separator="," close=")"> | ||||
#{name,jdbcType=VARCHAR} | #{name,jdbcType=VARCHAR} | ||||
updated_at | updated_at | ||||
) values ( | ) values ( | ||||
#{uuid,jdbcType=VARCHAR}, | #{uuid,jdbcType=VARCHAR}, | ||||
#{organizationUuid,jdbcType=VARCHAR}, | |||||
'asd', | |||||
#{name,jdbcType=VARCHAR}, | #{name,jdbcType=VARCHAR}, | ||||
#{description,jdbcType=VARCHAR}, | #{description,jdbcType=VARCHAR}, | ||||
#{createdAt,jdbcType=TIMESTAMP}, | #{createdAt,jdbcType=TIMESTAMP}, | ||||
select | select | ||||
<include refid="groupColumns"/> | <include refid="groupColumns"/> | ||||
from groups g | from groups g | ||||
where | |||||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||||
<if test="query!=null"> | <if test="query!=null"> | ||||
and upper(g.name) like #{query,jdbcType=VARCHAR} escape '/' | |||||
where upper(g.name) like #{query,jdbcType=VARCHAR} escape '/' | |||||
</if> | </if> | ||||
order by upper(g.name) | order by upper(g.name) | ||||
</select> | </select> | ||||
<select id="countByQuery" parameterType="map" resultType="int"> | <select id="countByQuery" parameterType="map" resultType="int"> | ||||
select count(1) | select count(1) | ||||
from groups g | from groups g | ||||
where | |||||
organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||||
<if test="query!=null"> | <if test="query!=null"> | ||||
and upper(g.name) like #{query,jdbcType=VARCHAR} escape '/' | |||||
where upper(g.name) like #{query,jdbcType=VARCHAR} escape '/' | |||||
</if> | </if> | ||||
</select> | </select> | ||||
<select id="countGroupByOrganizationAndUuid" parameterType="map" resultType="int"> | |||||
select | |||||
count(1) | |||||
from groups g | |||||
where | |||||
g.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||||
and g.uuid = #{groupUuid,jdbcType=VARCHAR} | |||||
</select> | |||||
<select id="selectByOrganizationUuid" parameterType="map" resultType="Group"> | |||||
select | |||||
<include refid="groupColumns"/> | |||||
from groups g | |||||
where g.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} | |||||
order by upper(g.name) | |||||
</select> | |||||
</mapper> | </mapper> |
FROM groups g | FROM groups g | ||||
LEFT JOIN groups_users gu ON gu.group_uuid=g.uuid AND gu.user_uuid=#{userUuid} | LEFT JOIN groups_users gu ON gu.group_uuid=g.uuid AND gu.user_uuid=#{userUuid} | ||||
<where> | <where> | ||||
AND g.organization_uuid=#{organizationUuid} | |||||
<choose> | <choose> | ||||
<when test="query.membership() == 'IN'"> | <when test="query.membership() == 'IN'"> | ||||
AND gu.user_uuid IS NOT NULL | AND gu.user_uuid IS NOT NULL | ||||
GROUP BY g.name | GROUP BY g.name | ||||
</select> | </select> | ||||
<select id="selectGroupsByLogins" parameterType="string" resultType="org.sonar.db.user.LoginGroup"> | |||||
<select id="selectGroupsByLogins" parameterType="string" resultType="org.sonar.db.user.LoginGroup"> | |||||
SELECT u.login as login, g.name as groupName | SELECT u.login as login, g.name as groupName | ||||
FROM users u | FROM users u | ||||
LEFT JOIN groups_users gu ON gu.user_uuid=u.uuid | LEFT JOIN groups_users gu ON gu.user_uuid=u.uuid | ||||
ORDER BY u.login, g.name, g.created_at | ORDER BY u.login, g.name, g.created_at | ||||
</select> | </select> | ||||
<select id="selectGroupsByLoginsAndOrganization" parameterType="map" resultType="org.sonar.db.user.LoginGroup"> | |||||
SELECT u.login as login, g.name as groupName | |||||
<select id="countGroupsByLogins" parameterType="string" resultType="org.sonar.db.user.LoginGroupCount"> | |||||
SELECT u.login as login, count(gu.group_uuid) as groupCount | |||||
FROM users u | FROM users u | ||||
LEFT JOIN groups_users gu ON gu.user_uuid=u.uuid | LEFT JOIN groups_users gu ON gu.user_uuid=u.uuid | ||||
INNER JOIN groups g ON gu.group_uuid=g.uuid | |||||
<where> | <where> | ||||
u.login in | u.login in | ||||
<foreach collection="logins" open="(" close=")" item="login" separator=","> | <foreach collection="logins" open="(" close=")" item="login" separator=","> | ||||
#{login} | #{login} | ||||
</foreach> | </foreach> | ||||
and g.organization_uuid=#{organizationUuid,jdbcType=VARCHAR} | |||||
</where> | </where> | ||||
ORDER BY u.login, g.name, g.created_at | |||||
group by g.uuid | |||||
</select> | </select> | ||||
<sql id="userCommonClauses"> | <sql id="userCommonClauses"> | ||||
FROM users u | FROM users u | ||||
LEFT JOIN groups_users gu ON gu.user_uuid=u.uuid AND gu.group_uuid=#{groupUuid} | LEFT JOIN groups_users gu ON gu.user_uuid=u.uuid AND gu.group_uuid=#{groupUuid} | ||||
INNER JOIN organization_members om ON u.uuid=om.user_uuid AND om.organization_uuid=#{organizationUuid} | |||||
<where> | <where> | ||||
<choose> | <choose> | ||||
<when test="query.membership() == 'IN'"> | <when test="query.membership() == 'IN'"> | ||||
from groups_users | from groups_users | ||||
where user_uuid = #{userUuid} | where user_uuid = #{userUuid} | ||||
</select> | </select> | ||||
</mapper> | </mapper> |
where group_uuid = #{groupUuid,jdbcType=VARCHAR} | where group_uuid = #{groupUuid,jdbcType=VARCHAR} | ||||
</delete> | </delete> | ||||
<delete id="deleteByOrganizationAndUser" parameterType="map"> | |||||
delete from groups_users | |||||
where user_uuid = #{userUuid,jdbcType=VARCHAR} and | |||||
group_uuid in (select uuid from groups where organization_uuid=#{organizationUuid,jdbcType=VARCHAR}) | |||||
</delete> | |||||
<delete id="deleteByUserUuid" parameterType="String"> | <delete id="deleteByUserUuid" parameterType="String"> | ||||
DELETE FROM groups_users WHERE user_uuid=#{userUuid,jdbcType=VARCHAR} | DELETE FROM groups_users WHERE user_uuid=#{userUuid,jdbcType=VARCHAR} | ||||
</delete> | </delete> |
/* | |||||
* SonarQube | |||||
* Copyright (C) 2009-2020 SonarSource SA | |||||
* mailto:info AT sonarsource DOT com | |||||
* | |||||
* This program is free software; you can redistribute it and/or | |||||
* modify it under the terms of the GNU Lesser General Public | |||||
* License as published by the Free Software Foundation; either | |||||
* version 3 of the License, or (at your option) any later version. | |||||
* | |||||
* This program is distributed in the hope that it will be useful, | |||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||||
* Lesser General Public License for more details. | |||||
* | |||||
* You should have received a copy of the GNU Lesser General Public License | |||||
* along with this program; if not, write to the Free Software Foundation, | |||||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||||
*/ | |||||
package org.sonar.db.organization; | |||||
import com.tngtech.java.junit.dataprovider.DataProvider; | |||||
import com.tngtech.java.junit.dataprovider.DataProviderRunner; | |||||
import com.tngtech.java.junit.dataprovider.UseDataProvider; | |||||
import java.util.List; | |||||
import java.util.Random; | |||||
import org.junit.Rule; | |||||
import org.junit.Test; | |||||
import org.junit.rules.ExpectedException; | |||||
import org.junit.runner.RunWith; | |||||
import org.sonar.api.utils.System2; | |||||
import org.sonar.db.DbSession; | |||||
import org.sonar.db.DbTester; | |||||
import org.sonar.db.user.GroupDto; | |||||
import org.sonar.db.user.UserDto; | |||||
import static java.util.Arrays.asList; | |||||
import static java.util.Collections.emptyList; | |||||
import static java.util.Collections.singletonList; | |||||
import static org.assertj.core.api.Assertions.assertThat; | |||||
import static org.mockito.Mockito.mock; | |||||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||||
@RunWith(DataProviderRunner.class) | |||||
public class OrganizationHelperTest { | |||||
private static final Random RANDOM = new Random(); | |||||
@Rule | |||||
public DbTester db = DbTester.create(mock(System2.class)).setDisableDefaultOrganization(true); | |||||
public DbSession dbSession = db.getSession(); | |||||
@Rule | |||||
public ExpectedException expectedException = ExpectedException.none(); | |||||
private final OrganizationHelper underTest = new OrganizationHelper(db.getDbClient()); | |||||
@Test | |||||
public void returns_empty_list_when_user_is_not_admin_of_any_orgs() { | |||||
UserDto user1 = db.users().insertUser(); | |||||
OrganizationDto org1 = db.organizations().insert(); | |||||
GroupDto group1 = db.users().insertGroup(org1); | |||||
db.users().insertMember(group1, user1); | |||||
assertThat(underTest.selectOrganizationsWithLastAdmin(dbSession, user1.getUuid())).isEmpty(); | |||||
} | |||||
@Test | |||||
public void returns_orgs_where_user_is_last_admin() { | |||||
UserDto user1 = db.users().insertUser(); | |||||
UserDto user2 = db.users().insertUser(); | |||||
OrganizationDto org1 = db.organizations().insert(); | |||||
OrganizationDto org2 = db.organizations().insert(); | |||||
setAsDirectOrIndirectAdmin(user1, org1); | |||||
setAsDirectOrIndirectAdmin(user2, org1); | |||||
setAsDirectOrIndirectAdmin(user1, org2); | |||||
assertThat(underTest.selectOrganizationsWithLastAdmin(dbSession, user1.getUuid())) | |||||
.extracting(OrganizationDto::getKey) | |||||
.containsExactly(org2.getKey()); | |||||
} | |||||
@Test | |||||
@UseDataProvider("adminUserCombinationsAndExpectedOrgKeys") | |||||
public void returns_correct_orgs_for_interesting_combinations_of_last_admin_or_not( | |||||
boolean user2IsAdminOfOrg1, boolean user1IsAdminOfOrg2, boolean user2IsAdminOfOrg2, List<String> expectedOrgKeys) { | |||||
UserDto user1 = db.users().insertUser(); | |||||
UserDto user2 = db.users().insertUser(); | |||||
OrganizationDto org1 = db.organizations().insert(o -> o.setKey("org1")); | |||||
OrganizationDto org2 = db.organizations().insert(o -> o.setKey("org2")); | |||||
setAsDirectOrIndirectAdmin(user1, org1); | |||||
if (user2IsAdminOfOrg1) { | |||||
setAsDirectOrIndirectAdmin(user2, org1); | |||||
} | |||||
if (user1IsAdminOfOrg2) { | |||||
setAsDirectOrIndirectAdmin(user1, org2); | |||||
} | |||||
if (user2IsAdminOfOrg2) { | |||||
setAsDirectOrIndirectAdmin(user2, org2); | |||||
} | |||||
assertThat(underTest.selectOrganizationsWithLastAdmin(dbSession, user1.getUuid())) | |||||
.extracting(OrganizationDto::getKey) | |||||
.containsExactlyInAnyOrderElementsOf(expectedOrgKeys); | |||||
} | |||||
@DataProvider | |||||
public static Object[][] adminUserCombinationsAndExpectedOrgKeys() { | |||||
return new Object[][] { | |||||
// note: user1 is always admin of org1 | |||||
// param 1: user2 is admin of org1 | |||||
// param 2: user1 is admin of org2 | |||||
// param 3: user2 is admin of org2 | |||||
// param 4: list of orgs preventing user1 to delete | |||||
{true, true, true, emptyList()}, | |||||
{true, true, false, singletonList("org2")}, | |||||
{true, false, true, emptyList()}, | |||||
{true, false, false, emptyList()}, | |||||
{false, true, true, singletonList("org1")}, | |||||
{false, true, false, asList("org1", "org2")}, | |||||
{false, false, true, singletonList("org1")}, | |||||
{false, false, false, singletonList("org1")}, | |||||
}; | |||||
} | |||||
private void setAsDirectOrIndirectAdmin(UserDto user, OrganizationDto organization) { | |||||
boolean useDirectAdmin = RANDOM.nextBoolean(); | |||||
if (useDirectAdmin) { | |||||
db.users().insertPermissionOnUser(organization, user, ADMINISTER); | |||||
} else { | |||||
GroupDto group = db.users().insertGroup(organization); | |||||
db.users().insertPermissionOnGroup(group, ADMINISTER); | |||||
db.users().insertMember(group, user); | |||||
} | |||||
} | |||||
} |
import org.sonar.db.EmailSubscriberDto; | import org.sonar.db.EmailSubscriberDto; | ||||
import org.sonar.db.component.BranchType; | import org.sonar.db.component.BranchType; | ||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import static com.google.common.collect.Sets.newHashSet; | import static com.google.common.collect.Sets.newHashSet; | ||||
import static java.util.Collections.singleton; | import static java.util.Collections.singleton; | ||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; | |||||
import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; | import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; | ||||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | ||||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; | |||||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; | import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; | ||||
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; | import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; | ||||
import static org.sonar.db.permission.OrganizationPermission.SCAN; | |||||
public class AuthorizationDaoTest { | public class AuthorizationDaoTest { | ||||
private final Random random = new Random(); | private final Random random = new Random(); | ||||
private DbSession dbSession = db.getSession(); | private DbSession dbSession = db.getSession(); | ||||
private AuthorizationDao underTest = new AuthorizationDao(); | private AuthorizationDao underTest = new AuthorizationDao(); | ||||
private OrganizationDto organization; | |||||
private UserDto user; | private UserDto user; | ||||
private GroupDto group1; | private GroupDto group1; | ||||
private GroupDto group2; | private GroupDto group2; | ||||
@Before | @Before | ||||
public void setUp() { | public void setUp() { | ||||
organization = db.organizations().insert(); | |||||
user = db.users().insertUser(); | user = db.users().insertUser(); | ||||
group1 = db.users().insertGroup(organization, "group1"); | |||||
group2 = db.users().insertGroup(organization, "group2"); | |||||
group1 = db.users().insertGroup("group1"); | |||||
group2 = db.users().insertGroup("group2"); | |||||
randomExistingUserUuids = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | randomExistingUserUuids = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | ||||
.mapToObj(i -> db.users().insertUser().getUuid()) | .mapToObj(i -> db.users().insertUser().getUuid()) | ||||
.collect(MoreCollectors.toSet()); | .collect(MoreCollectors.toSet()); | ||||
randomPublicProjectUuids = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | randomPublicProjectUuids = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | ||||
.mapToObj(i -> db.components().insertPublicProject(organization).uuid()) | |||||
.mapToObj(i -> db.components().insertPublicProject().uuid()) | |||||
.collect(MoreCollectors.toSet()); | .collect(MoreCollectors.toSet()); | ||||
randomPrivateProjectUuids = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | randomPrivateProjectUuids = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | ||||
.mapToObj(i -> db.components().insertPrivateProject(organization).uuid()) | |||||
.mapToObj(i -> db.components().insertPrivateProject().uuid()) | |||||
.collect(MoreCollectors.toSet()); | .collect(MoreCollectors.toSet()); | ||||
} | } | ||||
*/ | */ | ||||
@Test | @Test | ||||
public void selectOrganizationPermissions_for_logged_in_user() { | public void selectOrganizationPermissions_for_logged_in_user() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
db.users().insertMember(group1, user); | db.users().insertMember(group1, user); | ||||
db.users().insertPermissionOnUser(organization, user, "perm1"); | |||||
db.users().insertPermissionOnUser(user, "perm1"); | |||||
db.users().insertProjectPermissionOnUser(user, "perm42", project); | db.users().insertProjectPermissionOnUser(user, "perm42", project); | ||||
db.users().insertPermissionOnGroup(group1, "perm2"); | db.users().insertPermissionOnGroup(group1, "perm2"); | ||||
db.users().insertPermissionOnAnyone(organization, "perm3"); | |||||
db.users().insertPermissionOnAnyone("perm3"); | |||||
// ignored permissions, user is not member of this group | // ignored permissions, user is not member of this group | ||||
db.users().insertPermissionOnGroup(group2, "ignored"); | db.users().insertPermissionOnGroup(group2, "ignored"); | ||||
Set<String> permissions = underTest.selectOrganizationPermissions(dbSession, organization.getUuid(), user.getUuid()); | |||||
Set<String> permissions = underTest.selectGlobalPermissions(dbSession, user.getUuid()); | |||||
assertThat(permissions).containsOnly("perm1", "perm2", "perm3"); | assertThat(permissions).containsOnly("perm1", "perm2", "perm3"); | ||||
} | } | ||||
/** | |||||
* Anonymous user only benefits from the permissions granted to | |||||
* "Anyone" | |||||
*/ | |||||
@Test | |||||
public void selectOrganizationPermissions_for_anonymous_user() { | |||||
db.users().insertPermissionOnAnyone(organization, "perm1"); | |||||
// ignored permissions | |||||
db.users().insertPermissionOnUser(organization, user, "ignored"); | |||||
db.users().insertPermissionOnGroup(group1, "ignored"); | |||||
Set<String> permissions = underTest.selectOrganizationPermissionsOfAnonymous(dbSession, organization.getUuid()); | |||||
assertThat(permissions).containsOnly("perm1"); | |||||
} | |||||
@Test | @Test | ||||
public void countUsersWithGlobalPermissionExcludingGroup() { | public void countUsersWithGlobalPermissionExcludingGroup() { | ||||
// users with global permission "perm1" : | // users with global permission "perm1" : | ||||
UserDto user4 = db.users().insertUser(); | UserDto user4 = db.users().insertUser(); | ||||
UserDto user5 = db.users().insertUser(); | UserDto user5 = db.users().insertUser(); | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto group1 = db.users().insertGroup(organization, "g1"); | |||||
GroupDto group1 = db.users().insertGroup("g1"); | |||||
db.users().insertPermissionOnGroup(group1, "perm1"); | db.users().insertPermissionOnGroup(group1, "perm1"); | ||||
db.users().insertPermissionOnGroup(group1, "perm2"); | db.users().insertPermissionOnGroup(group1, "perm2"); | ||||
db.users().insertMember(group1, user1); | db.users().insertMember(group1, user1); | ||||
db.users().insertMember(group1, user2); | db.users().insertMember(group1, user2); | ||||
GroupDto group2 = db.users().insertGroup(organization, "g2"); | |||||
GroupDto group2 = db.users().insertGroup("g2"); | |||||
db.users().insertPermissionOnGroup(group2, "perm1"); | db.users().insertPermissionOnGroup(group2, "perm1"); | ||||
db.users().insertPermissionOnGroup(group2, "perm2"); | db.users().insertPermissionOnGroup(group2, "perm2"); | ||||
db.users().insertMember(group2, user1); | db.users().insertMember(group2, user1); | ||||
db.users().insertMember(group2, user3); | db.users().insertMember(group2, user3); | ||||
// group3 has the permission "perm1" but has no users | // group3 has the permission "perm1" but has no users | ||||
GroupDto group3 = db.users().insertGroup(organization, "g2"); | |||||
GroupDto group3 = db.users().insertGroup("g2"); | |||||
db.users().insertPermissionOnGroup(group3, "perm1"); | db.users().insertPermissionOnGroup(group3, "perm1"); | ||||
db.users().insertPermissionOnUser(organization, user4, "perm1"); | |||||
db.users().insertPermissionOnUser(organization, user4, "perm2"); | |||||
db.users().insertPermissionOnAnyone(organization, "perm1"); | |||||
// other organizations are ignored | |||||
OrganizationDto org2 = db.organizations().insert(); | |||||
db.users().insertPermissionOnUser(org2, user1, "perm1"); | |||||
db.users().insertPermissionOnUser(user4, "perm1"); | |||||
db.users().insertPermissionOnUser(user4, "perm2"); | |||||
db.users().insertPermissionOnAnyone("perm1"); | |||||
// excluding group "g1" -> remain u1, u3 and u4 | // excluding group "g1" -> remain u1, u3 and u4 | ||||
assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | ||||
organization.getUuid(), "perm1", group1.getUuid())).isEqualTo(3); | |||||
"perm1", group1.getUuid())).isEqualTo(3); | |||||
// excluding group "g2" -> remain u1, u2 and u4 | // excluding group "g2" -> remain u1, u2 and u4 | ||||
assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | ||||
organization.getUuid(), "perm1", group2.getUuid())).isEqualTo(3); | |||||
"perm1", group2.getUuid())).isEqualTo(3); | |||||
// excluding group "g3" -> remain u1, u2, u3 and u4 | // excluding group "g3" -> remain u1, u2, u3 and u4 | ||||
assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | ||||
organization.getUuid(), "perm1", group3.getUuid())).isEqualTo(4); | |||||
"perm1", group3.getUuid())).isEqualTo(4); | |||||
// nobody has the permission | // nobody has the permission | ||||
assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | assertThat(underTest.countUsersWithGlobalPermissionExcludingGroup(db.getSession(), | ||||
organization.getUuid(), "missingPermission", group1.getUuid())).isEqualTo(0); | |||||
"missingPermission", group1.getUuid())).isEqualTo(0); | |||||
} | } | ||||
@Test | @Test | ||||
UserDto user2 = db.users().insertUser(); | UserDto user2 = db.users().insertUser(); | ||||
UserDto user3 = db.users().insertUser(); | UserDto user3 = db.users().insertUser(); | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto group1 = db.users().insertGroup(organization, "g1"); | |||||
GroupDto group1 = db.users().insertGroup("g1"); | |||||
db.users().insertPermissionOnGroup(group1, "p1"); | db.users().insertPermissionOnGroup(group1, "p1"); | ||||
db.users().insertPermissionOnGroup(group1, "p2"); | db.users().insertPermissionOnGroup(group1, "p2"); | ||||
db.users().insertMember(group1, user1); | db.users().insertMember(group1, user1); | ||||
db.users().insertMember(group1, user2); | db.users().insertMember(group1, user2); | ||||
db.users().insertPermissionOnUser(organization, user3, "p1"); | |||||
db.users().insertPermissionOnAnyone(organization, "p1"); | |||||
// other organizations are ignored | |||||
OrganizationDto org2 = db.organizations().insert(); | |||||
db.users().insertPermissionOnUser(org2, user1, "p1"); | |||||
db.users().insertPermissionOnUser(user3, "p1"); | |||||
db.users().insertPermissionOnAnyone("p1"); | |||||
// excluding user1 -> remain user2 and user3 | // excluding user1 -> remain user2 and user3 | ||||
assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | ||||
organization.getUuid(), "p1", user1.getUuid())).isEqualTo(2); | |||||
"p1", user1.getUuid())).isEqualTo(2); | |||||
// excluding user3 -> remain the members of group g1 | // excluding user3 -> remain the members of group g1 | ||||
assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | ||||
organization.getUuid(), "p1", user3.getUuid())).isEqualTo(2); | |||||
"p1", user3.getUuid())).isEqualTo(2); | |||||
// excluding unknown user | // excluding unknown user | ||||
assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | ||||
organization.getUuid(), "p1", "-1")).isEqualTo(3); | |||||
"p1", "-1")).isEqualTo(3); | |||||
// nobody has the permission | // nobody has the permission | ||||
assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | assertThat(underTest.countUsersWithGlobalPermissionExcludingUser(db.getSession(), | ||||
organization.getUuid(), "missingPermission", user1.getUuid())).isEqualTo(0); | |||||
"missingPermission", user1.getUuid())).isEqualTo(0); | |||||
} | } | ||||
@Test | @Test | ||||
UserDto user2 = db.users().insertUser(); | UserDto user2 = db.users().insertUser(); | ||||
UserDto user3 = db.users().insertUser(); | UserDto user3 = db.users().insertUser(); | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto group1 = db.users().insertGroup(organization); | |||||
GroupDto group1 = db.users().insertGroup(); | |||||
db.users().insertPermissionOnGroup(group1, ADMINISTER); | db.users().insertPermissionOnGroup(group1, ADMINISTER); | ||||
db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS); | db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS); | ||||
db.users().insertMember(group1, user1); | db.users().insertMember(group1, user1); | ||||
db.users().insertMember(group1, user2); | db.users().insertMember(group1, user2); | ||||
db.users().insertPermissionOnUser(organization, user3, ADMINISTER); | |||||
db.users().insertPermissionOnAnyone(organization, ADMINISTER); | |||||
db.users().insertPermissionOnUser(user3, ADMINISTER); | |||||
db.users().insertPermissionOnAnyone(ADMINISTER); | |||||
assertThat(underTest.selectUserUuidsWithGlobalPermission(db.getSession(), organization.getUuid(), ADMINISTER.getKey())) | |||||
assertThat(underTest.selectUserUuidsWithGlobalPermission(db.getSession(), ADMINISTER.getKey())) | |||||
.containsExactlyInAnyOrder(user1.getUuid(), user2.getUuid(), user3.getUuid()); | .containsExactlyInAnyOrder(user1.getUuid(), user2.getUuid(), user3.getUuid()); | ||||
assertThat(underTest.selectUserUuidsWithGlobalPermission(db.getSession(), organization.getUuid(), PROVISION_PROJECTS.getKey())) | |||||
assertThat(underTest.selectUserUuidsWithGlobalPermission(db.getSession(), PROVISION_PROJECTS.getKey())) | |||||
.containsExactlyInAnyOrder(user1.getUuid(), user2.getUuid()); | .containsExactlyInAnyOrder(user1.getUuid(), user2.getUuid()); | ||||
} | } | ||||
@Test | @Test | ||||
public void keepAuthorizedProjectUuids_returns_public_project_if_user_is_granted_project_permission_directly() { | public void keepAuthorizedProjectUuids_returns_public_project_if_user_is_granted_project_permission_directly() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
ComponentDto otherProject = db.components().insertPublicProject(); | |||||
UserDto otherUser = db.users().insertUser(); | UserDto otherUser = db.users().insertUser(); | ||||
db.users().insertProjectPermissionOnUser(user, randomPermission, project); | db.users().insertProjectPermissionOnUser(user, randomPermission, project); | ||||
@Test | @Test | ||||
public void keepAuthorizedProjectUuids_returns_public_project_if_user_is_granted_project_permission_by_group() { | public void keepAuthorizedProjectUuids_returns_public_project_if_user_is_granted_project_permission_by_group() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
ComponentDto otherProject = db.components().insertPublicProject(); | |||||
UserDto otherUser = db.users().insertUser(); | UserDto otherUser = db.users().insertUser(); | ||||
db.users().insertMember(group1, user); | db.users().insertMember(group1, user); | ||||
db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | ||||
@Test | @Test | ||||
public void keepAuthorizedProjectUuids_returns_public_project_if_group_AnyOne_is_granted_project_permission_directly() { | public void keepAuthorizedProjectUuids_returns_public_project_if_group_AnyOne_is_granted_project_permission_directly() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
ComponentDto otherProject = db.components().insertPublicProject(); | |||||
db.users().insertProjectPermissionOnAnyone(randomPermission, project); | db.users().insertProjectPermissionOnAnyone(randomPermission, project); | ||||
assertThat(underTest.keepAuthorizedProjectUuids(dbSession, singleton(project.uuid()), null, randomPermission)) | assertThat(underTest.keepAuthorizedProjectUuids(dbSession, singleton(project.uuid()), null, randomPermission)) | ||||
@Test | @Test | ||||
public void keepAuthorizedProjectUuids_returns_private_project_if_user_is_granted_project_permission_directly() { | public void keepAuthorizedProjectUuids_returns_private_project_if_user_is_granted_project_permission_directly() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto otherProject = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
ComponentDto otherProject = db.components().insertPrivateProject(); | |||||
UserDto otherUser = db.users().insertUser(); | UserDto otherUser = db.users().insertUser(); | ||||
db.users().insertProjectPermissionOnUser(user, randomPermission, project); | db.users().insertProjectPermissionOnUser(user, randomPermission, project); | ||||
@Test | @Test | ||||
public void keepAuthorizedProjectUuids_returns_private_project_if_user_is_granted_project_permission_by_group() { | public void keepAuthorizedProjectUuids_returns_private_project_if_user_is_granted_project_permission_by_group() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto otherProject = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
ComponentDto otherProject = db.components().insertPrivateProject(); | |||||
UserDto otherUser = db.users().insertUser(); | UserDto otherUser = db.users().insertUser(); | ||||
db.users().insertMember(group1, user); | db.users().insertMember(group1, user); | ||||
db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | ||||
@Test | @Test | ||||
public void user_should_be_authorized() { | public void user_should_be_authorized() { | ||||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project3 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
ComponentDto project3 = db.components().insertPrivateProject(); | |||||
UserDto user = db.users().insertUser("u1"); | UserDto user = db.users().insertUser("u1"); | ||||
GroupDto group = db.users().insertGroup(organization); | |||||
GroupDto group = db.users().insertGroup(); | |||||
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project2); | db.users().insertProjectPermissionOnUser(user, UserRole.USER, project2); | ||||
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project3); | db.users().insertProjectPermissionOnUser(user, UserRole.USER, project3); | ||||
db.users().insertMember(group, user); | db.users().insertMember(group, user); | ||||
@Test | @Test | ||||
public void group_should_be_authorized() { | public void group_should_be_authorized() { | ||||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project3 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
ComponentDto project3 = db.components().insertPrivateProject(); | |||||
UserDto user1 = db.users().insertUser("u1"); | UserDto user1 = db.users().insertUser("u1"); | ||||
GroupDto group = db.users().insertGroup(organization); | |||||
GroupDto group = db.users().insertGroup(); | |||||
db.users().insertMembers(group, user1); | db.users().insertMembers(group, user1); | ||||
db.users().insertProjectPermissionOnUser(user1, UserRole.USER, project1); | db.users().insertProjectPermissionOnUser(user1, UserRole.USER, project1); | ||||
db.users().insertProjectPermissionOnGroup(group, UserRole.USER, project2); | db.users().insertProjectPermissionOnGroup(group, UserRole.USER, project2); | ||||
@Test | @Test | ||||
public void anonymous_should_be_authorized() { | public void anonymous_should_be_authorized() { | ||||
ComponentDto project1 = db.components().insertPublicProject(organization); | |||||
ComponentDto project2 = db.components().insertPublicProject(organization); | |||||
ComponentDto project1 = db.components().insertPublicProject(); | |||||
ComponentDto project2 = db.components().insertPublicProject(); | |||||
UserDto user1 = db.users().insertUser("u1"); | UserDto user1 = db.users().insertUser("u1"); | ||||
GroupDto group = db.users().insertGroup(organization); | |||||
GroupDto group = db.users().insertGroup(); | |||||
db.users().insertMembers(group, user1); | db.users().insertMembers(group, user1); | ||||
assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(project1.uuid(), project2.uuid()), null, UserRole.USER)) | assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(project1.uuid(), project2.uuid()), null, UserRole.USER)) | ||||
@Test | @Test | ||||
public void keepAuthorizedProjectUuids_should_be_able_to_handle_lots_of_projects() { | public void keepAuthorizedProjectUuids_should_be_able_to_handle_lots_of_projects() { | ||||
List<ComponentDto> projects = IntStream.range(0, 2000).mapToObj(i -> db.components().insertPublicProject(organization)).collect(Collectors.toList()); | |||||
List<ComponentDto> projects = IntStream.range(0, 2000).mapToObj(i -> db.components().insertPublicProject()).collect(Collectors.toList()); | |||||
Collection<String> uuids = projects.stream().map(ComponentDto::uuid).collect(Collectors.toSet()); | Collection<String> uuids = projects.stream().map(ComponentDto::uuid).collect(Collectors.toSet()); | ||||
assertThat(underTest.keepAuthorizedProjectUuids(dbSession, uuids, null, UserRole.USER)) | assertThat(underTest.keepAuthorizedProjectUuids(dbSession, uuids, null, UserRole.USER)) | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_if_user_set_is_empty_on_public_project() { | public void keepAuthorizedUsersForRoleAndProject_returns_empty_if_user_set_is_empty_on_public_project() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, Collections.emptySet(), UserRole.USER, project.uuid())) | assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, Collections.emptySet(), UserRole.USER, project.uuid())) | ||||
.isEmpty(); | .isEmpty(); | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_non_existent_users() { | public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_non_existent_users() { | ||||
ComponentDto project = random.nextBoolean() ? db.components().insertPublicProject(organization) : db.components().insertPrivateProject(organization); | |||||
ComponentDto project = random.nextBoolean() ? db.components().insertPublicProject() : db.components().insertPrivateProject(); | |||||
Set<String> randomNonExistingUserUuidsSet = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | Set<String> randomNonExistingUserUuidsSet = IntStream.range(0, 1 + Math.abs(random.nextInt(5))) | ||||
.mapToObj(i -> Uuids.createFast()) | .mapToObj(i -> Uuids.createFast()) | ||||
.collect(MoreCollectors.toSet()); | .collect(MoreCollectors.toSet()); | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_any_users_for_public_project_without_any_permission_in_DB_and_permission_USER() { | public void keepAuthorizedUsersForRoleAndProject_returns_any_users_for_public_project_without_any_permission_in_DB_and_permission_USER() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.USER, project.uuid())) | assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.USER, project.uuid())) | ||||
.containsAll(randomExistingUserUuids); | .containsAll(randomExistingUserUuids); | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_any_users_for_public_project_without_any_permission_in_DB_and_permission_CODEVIEWER() { | public void keepAuthorizedUsersForRoleAndProject_returns_any_users_for_public_project_without_any_permission_in_DB_and_permission_CODEVIEWER() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.CODEVIEWER, project.uuid())) | assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.CODEVIEWER, project.uuid())) | ||||
.containsAll(randomExistingUserUuids); | .containsAll(randomExistingUserUuids); | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_users_on_public_project_without_any_permission_in_DB() { | public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_users_on_public_project_without_any_permission_in_DB() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, randomPermission, project.uuid())) | assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, randomPermission, project.uuid())) | ||||
.isEmpty(); | .isEmpty(); | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_directly_on_public_project() { | public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_directly_on_public_project() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
ComponentDto otherProject = db.components().insertPublicProject(); | |||||
UserDto otherUser = db.users().insertUser(); | UserDto otherUser = db.users().insertUser(); | ||||
db.users().insertProjectPermissionOnUser(user, randomPermission, project); | db.users().insertProjectPermissionOnUser(user, randomPermission, project); | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_by_group_on_public_project() { | public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_by_group_on_public_project() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
ComponentDto otherProject = db.components().insertPublicProject(); | |||||
UserDto otherUser = db.users().insertUser(); | UserDto otherUser = db.users().insertUser(); | ||||
db.users().insertMember(group1, user); | db.users().insertMember(group1, user); | ||||
db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_does_not_return_user_if_granted_project_permission_by_AnyOne_on_public_project() { | public void keepAuthorizedUsersForRoleAndProject_does_not_return_user_if_granted_project_permission_by_AnyOne_on_public_project() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
ComponentDto otherProject = db.components().insertPublicProject(); | |||||
UserDto otherUser = db.users().insertUser(); | UserDto otherUser = db.users().insertUser(); | ||||
db.users().insertProjectPermissionOnAnyone(randomPermission, project); | db.users().insertProjectPermissionOnAnyone(randomPermission, project); | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_user_on_private_project_without_any_permission_in_DB_and_permission_USER() { | public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_user_on_private_project_without_any_permission_in_DB_and_permission_USER() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.USER, project.uuid())) | assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.USER, project.uuid())) | ||||
.isEmpty(); | .isEmpty(); | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_user_on_private_project_without_any_permission_in_DB_and_permission_CODEVIEWER() { | public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_user_on_private_project_without_any_permission_in_DB_and_permission_CODEVIEWER() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.CODEVIEWER, project.uuid())) | assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserUuids, UserRole.CODEVIEWER, project.uuid())) | ||||
.isEmpty(); | .isEmpty(); | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_users_and_any_permission_on_private_project_without_any_permission_in_DB() { | public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_users_and_any_permission_on_private_project_without_any_permission_in_DB() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
PermissionsTestHelper.ALL_PERMISSIONS | PermissionsTestHelper.ALL_PERMISSIONS | ||||
.forEach(perm -> { | .forEach(perm -> { | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_directly_on_private_project() { | public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_directly_on_private_project() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
ComponentDto otherProject = db.components().insertPublicProject(); | |||||
UserDto otherUser = db.users().insertUser(); | UserDto otherUser = db.users().insertUser(); | ||||
db.users().insertProjectPermissionOnUser(user, randomPermission, project); | db.users().insertProjectPermissionOnUser(user, randomPermission, project); | ||||
@Test | @Test | ||||
public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_by_group_on_private_project() { | public void keepAuthorizedUsersForRoleAndProject_returns_user_if_granted_project_permission_by_group_on_private_project() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto otherProject = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
ComponentDto otherProject = db.components().insertPublicProject(); | |||||
UserDto otherUser = db.users().insertUser(); | UserDto otherUser = db.users().insertUser(); | ||||
db.users().insertMember(group1, user); | db.users().insertMember(group1, user); | ||||
db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | db.users().insertProjectPermissionOnGroup(group1, randomPermission, project); | ||||
@Test | @Test | ||||
public void keep_authorized_users_returns_empty_list_for_role_and_project_for_anonymous() { | public void keep_authorized_users_returns_empty_list_for_role_and_project_for_anonymous() { | ||||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project3 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
ComponentDto project3 = db.components().insertPrivateProject(); | |||||
UserDto user1 = db.users().insertUser("u1"); | UserDto user1 = db.users().insertUser("u1"); | ||||
UserDto user2 = db.users().insertUser("u2"); | UserDto user2 = db.users().insertUser("u2"); | ||||
UserDto user3 = db.users().insertUser("u3"); | UserDto user3 = db.users().insertUser("u3"); | ||||
GroupDto group1 = db.users().insertGroup(organization); | |||||
GroupDto group2 = db.users().insertGroup(organization); | |||||
GroupDto group1 = db.users().insertGroup(); | |||||
GroupDto group2 = db.users().insertGroup(); | |||||
db.users().insertMembers(group1, user1, user2); | db.users().insertMembers(group1, user1, user2); | ||||
db.users().insertMembers(group2, user3); | db.users().insertMembers(group2, user3); | ||||
db.users().insertProjectPermissionOnUser(user1, UserRole.USER, project1); | db.users().insertProjectPermissionOnUser(user1, UserRole.USER, project1); | ||||
public void countUsersWithGlobalPermissionExcludingGroupMember() { | public void countUsersWithGlobalPermissionExcludingGroupMember() { | ||||
// u1 has the direct permission, u2 and u3 have the permission through their group | // u1 has the direct permission, u2 and u3 have the permission through their group | ||||
UserDto u1 = db.users().insertUser(); | UserDto u1 = db.users().insertUser(); | ||||
db.users().insertPermissionOnUser(organization, u1, A_PERMISSION); | |||||
db.users().insertPermissionOnUser(u1, A_PERMISSION); | |||||
db.users().insertPermissionOnGroup(group1, A_PERMISSION); | db.users().insertPermissionOnGroup(group1, A_PERMISSION); | ||||
db.users().insertPermissionOnGroup(group1, "another-permission"); | db.users().insertPermissionOnGroup(group1, "another-permission"); | ||||
UserDto u2 = db.users().insertUser(); | UserDto u2 = db.users().insertUser(); | ||||
db.users().insertMember(group1, u3); | db.users().insertMember(group1, u3); | ||||
// excluding u2 membership --> remain u1 and u3 | // excluding u2 membership --> remain u1 and u3 | ||||
int count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), A_PERMISSION, group1.getUuid(), u2.getUuid()); | |||||
int count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, A_PERMISSION, group1.getUuid(), u2.getUuid()); | |||||
assertThat(count).isEqualTo(2); | assertThat(count).isEqualTo(2); | ||||
// excluding unknown memberships | // excluding unknown memberships | ||||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), A_PERMISSION, group1.getUuid(), MISSING_UUID); | |||||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, A_PERMISSION, group1.getUuid(), MISSING_UUID); | |||||
assertThat(count).isEqualTo(3); | assertThat(count).isEqualTo(3); | ||||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), A_PERMISSION, MISSING_UUID, u2.getUuid()); | |||||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, A_PERMISSION, MISSING_UUID, u2.getUuid()); | |||||
assertThat(count).isEqualTo(3); | assertThat(count).isEqualTo(3); | ||||
// another organization | |||||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, DOES_NOT_EXIST, A_PERMISSION, group1.getUuid(), u2.getUuid()); | |||||
assertThat(count).isEqualTo(0); | |||||
// another permission | // another permission | ||||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), DOES_NOT_EXIST, group1.getUuid(), u2.getUuid()); | |||||
count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, DOES_NOT_EXIST, group1.getUuid(), u2.getUuid()); | |||||
assertThat(count).isEqualTo(0); | assertThat(count).isEqualTo(0); | ||||
} | } | ||||
public void countUsersWithGlobalPermissionExcludingUserPermission() { | public void countUsersWithGlobalPermissionExcludingUserPermission() { | ||||
// u1 and u2 have the direct permission, u3 has the permission through his group | // u1 and u2 have the direct permission, u3 has the permission through his group | ||||
UserDto u1 = db.users().insertUser(); | UserDto u1 = db.users().insertUser(); | ||||
db.users().insertPermissionOnUser(organization, u1, A_PERMISSION); | |||||
db.users().insertPermissionOnUser(u1, A_PERMISSION); | |||||
UserDto u2 = db.users().insertUser(); | UserDto u2 = db.users().insertUser(); | ||||
db.users().insertPermissionOnUser(organization, u2, A_PERMISSION); | |||||
db.users().insertPermissionOnUser(u2, A_PERMISSION); | |||||
db.users().insertPermissionOnGroup(group1, A_PERMISSION); | db.users().insertPermissionOnGroup(group1, A_PERMISSION); | ||||
UserDto u3 = db.users().insertUser(); | UserDto u3 = db.users().insertUser(); | ||||
db.users().insertMember(group1, u3); | db.users().insertMember(group1, u3); | ||||
// excluding u2 permission --> remain u1 and u3 | // excluding u2 permission --> remain u1 and u3 | ||||
int count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, organization.getUuid(), A_PERMISSION, u2.getUuid()); | |||||
int count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, A_PERMISSION, u2.getUuid()); | |||||
assertThat(count).isEqualTo(2); | assertThat(count).isEqualTo(2); | ||||
// excluding unknown user | // excluding unknown user | ||||
count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, organization.getUuid(), A_PERMISSION, MISSING_UUID); | |||||
count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, A_PERMISSION, MISSING_UUID); | |||||
assertThat(count).isEqualTo(3); | assertThat(count).isEqualTo(3); | ||||
// another organization | |||||
count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, DOES_NOT_EXIST, A_PERMISSION, u2.getUuid()); | |||||
assertThat(count).isEqualTo(0); | |||||
// another permission | // another permission | ||||
count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, organization.getUuid(), DOES_NOT_EXIST, u2.getUuid()); | |||||
count = underTest.countUsersWithGlobalPermissionExcludingUserPermission(dbSession, DOES_NOT_EXIST, u2.getUuid()); | |||||
assertThat(count).isEqualTo(0); | assertThat(count).isEqualTo(0); | ||||
} | } | ||||
@Test | |||||
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_exist() { | |||||
// another user | |||||
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); | |||||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, MISSING_UUID, SYSTEM_ADMIN); | |||||
assertThat(orgUuids).isEmpty(); | |||||
} | |||||
@Test | |||||
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_have_permission_at_all() { | |||||
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); | |||||
// user is not part of this group | |||||
db.users().insertPermissionOnGroup(group1, SCAN); | |||||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getUuid(), SCAN.getKey()); | |||||
assertThat(orgUuids).isEmpty(); | |||||
} | |||||
@Test | |||||
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_organizations_on_which_user_has_permission() { | |||||
db.users().insertPermissionOnGroup(group1, SCAN); | |||||
db.users().insertPermissionOnGroup(group2, QUALITY_GATE_ADMIN); | |||||
db.users().insertMember(group1, user); | |||||
db.users().insertMember(group2, user); | |||||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getUuid(), SCAN.getKey()); | |||||
assertThat(orgUuids).containsExactly(group1.getOrganizationUuid()); | |||||
} | |||||
@Test | |||||
public void selectOrganizationUuidsOfUserWithGlobalPermission_handles_user_permissions_and_group_permissions() { | |||||
// organization: through group membership | |||||
db.users().insertPermissionOnGroup(group1, SCAN); | |||||
db.users().insertMember(group1, user); | |||||
// org2 : direct user permission | |||||
OrganizationDto org2 = db.organizations().insert(); | |||||
db.users().insertPermissionOnUser(org2, user, SCAN); | |||||
// org3 : another permission QUALITY_GATE_ADMIN | |||||
OrganizationDto org3 = db.organizations().insert(); | |||||
db.users().insertPermissionOnUser(org3, user, QUALITY_GATE_ADMIN); | |||||
// exclude project permission | |||||
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, db.components().insertPrivateProject()); | |||||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getUuid(), SCAN.getKey()); | |||||
assertThat(orgUuids).containsOnly(organization.getUuid(), org2.getUuid()); | |||||
} | |||||
@Test | |||||
public void selectOrganizationUuidsOfUserWithGlobalPermission_ignores_anonymous_permissions() { | |||||
db.users().insertPermissionOnAnyone(organization, SCAN); | |||||
db.users().insertPermissionOnUser(organization, user, ADMINISTER_QUALITY_GATES); | |||||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getUuid(), SCAN.getKey()); | |||||
assertThat(orgUuids).isEmpty(); | |||||
} | |||||
@Test | @Test | ||||
public void selectProjectPermissionsOfAnonymous_returns_permissions_of_anonymous_user_on_specified_public_project() { | public void selectProjectPermissionsOfAnonymous_returns_permissions_of_anonymous_user_on_specified_public_project() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
db.users().insertProjectPermissionOnAnyone("p1", project); | db.users().insertProjectPermissionOnAnyone("p1", project); | ||||
db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p2", project); | db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p2", project); | ||||
ComponentDto otherProject = db.components().insertPublicProject(); | ComponentDto otherProject = db.components().insertPublicProject(); | ||||
@Test | @Test | ||||
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_public_project_through_anonymous_permissions() { | public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_public_project_through_anonymous_permissions() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
db.users().insertProjectPermissionOnAnyone("p1", project); | db.users().insertProjectPermissionOnAnyone("p1", project); | ||||
db.users().insertProjectPermissionOnAnyone("p2", project); | db.users().insertProjectPermissionOnAnyone("p2", project); | ||||
@Test | @Test | ||||
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_project() { | public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_project() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project); | db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project); | ||||
db.users().insertProjectPermissionOnUser(db.users().insertUser(), UserRole.ISSUE_ADMIN, project); | db.users().insertProjectPermissionOnUser(db.users().insertUser(), UserRole.ISSUE_ADMIN, project); | ||||
@Test | @Test | ||||
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_project_through_group_membership() { | public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_project_through_group_membership() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
db.users().insertProjectPermissionOnGroup(group1, UserRole.CODEVIEWER, project); | db.users().insertProjectPermissionOnGroup(group1, UserRole.CODEVIEWER, project); | ||||
db.users().insertProjectPermissionOnGroup(group2, UserRole.ISSUE_ADMIN, project); | db.users().insertProjectPermissionOnGroup(group2, UserRole.ISSUE_ADMIN, project); | ||||
db.users().insertMember(group1, user); | db.users().insertMember(group1, user); | ||||
@Test | @Test | ||||
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_private_project_through_all_possible_configurations() { | public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_private_project_through_all_possible_configurations() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project); | db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project); | ||||
db.users().insertProjectPermissionOnGroup(group1, UserRole.USER, project); | db.users().insertProjectPermissionOnGroup(group1, UserRole.USER, project); | ||||
db.users().insertMember(group1, user); | db.users().insertMember(group1, user); | ||||
@Test | @Test | ||||
public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_public_project_through_all_possible_configurations() { | public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_public_project_through_all_possible_configurations() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
db.users().insertProjectPermissionOnUser(user, "p1", project); | db.users().insertProjectPermissionOnUser(user, "p1", project); | ||||
db.users().insertProjectPermissionOnAnyone("p2", project); | db.users().insertProjectPermissionOnAnyone("p2", project); | ||||
db.users().insertProjectPermissionOnGroup(group1, "p3", project); | db.users().insertProjectPermissionOnGroup(group1, "p3", project); | ||||
@Test | @Test | ||||
public void keepAuthorizedProjectUuids_filters_projects_authorized_to_logged_in_user_by_direct_permission() { | public void keepAuthorizedProjectUuids_filters_projects_authorized_to_logged_in_user_by_direct_permission() { | ||||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); | db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); | ||||
@Test | @Test | ||||
public void keepAuthorizedProjectUuids_filters_projects_authorized_to_logged_in_user_by_group_permission() { | public void keepAuthorizedProjectUuids_filters_projects_authorized_to_logged_in_user_by_group_permission() { | ||||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
GroupDto group = db.users().insertGroup(organization); | |||||
GroupDto group = db.users().insertGroup(); | |||||
db.users().insertMember(group, user); | db.users().insertMember(group, user); | ||||
db.users().insertProjectPermissionOnGroup(group, UserRole.ADMIN, privateProject); | db.users().insertProjectPermissionOnGroup(group, UserRole.ADMIN, privateProject); | ||||
@Test | @Test | ||||
public void keepAuthorizedProjectUuids_returns_empty_list_if_input_is_empty() { | public void keepAuthorizedProjectUuids_returns_empty_list_if_input_is_empty() { | ||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
assertThat(underTest.keepAuthorizedProjectUuids(dbSession, Collections.emptySet(), user.getUuid(), UserRole.USER)) | assertThat(underTest.keepAuthorizedProjectUuids(dbSession, Collections.emptySet(), user.getUuid(), UserRole.USER)) | ||||
@Test | @Test | ||||
public void keepAuthorizedProjectUuids_returns_empty_list_if_input_does_not_reference_existing_projects() { | public void keepAuthorizedProjectUuids_returns_empty_list_if_input_does_not_reference_existing_projects() { | ||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet("does_not_exist"), user.getUuid(), UserRole.USER)) | assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet("does_not_exist"), user.getUuid(), UserRole.USER)) | ||||
@Test | @Test | ||||
public void keepAuthorizedProjectUuids_returns_public_projects_if_permission_USER_or_CODEVIEWER() { | public void keepAuthorizedProjectUuids_returns_public_projects_if_permission_USER_or_CODEVIEWER() { | ||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
// logged-in user | // logged-in user | ||||
@Test | @Test | ||||
public void selectQualityProfileAdministratorLogins_return_users_with_quality_profile_administrator_permission() { | public void selectQualityProfileAdministratorLogins_return_users_with_quality_profile_administrator_permission() { | ||||
OrganizationDto organization1 = db.organizations().insert(); | |||||
UserDto user1 = db.users().insertUser(withEmail("user1")); | UserDto user1 = db.users().insertUser(withEmail("user1")); | ||||
db.users().insertPermissionOnUser(organization1, user1, ADMINISTER_QUALITY_PROFILES); | |||||
OrganizationDto organization2 = db.organizations().insert(); | |||||
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES); | |||||
UserDto user2 = db.users().insertUser(withEmail("user2")); | UserDto user2 = db.users().insertUser(withEmail("user2")); | ||||
db.users().insertPermissionOnUser(organization2, user2, ADMINISTER_QUALITY_PROFILES); | |||||
db.users().insertPermissionOnUser(user2, ADMINISTER_QUALITY_PROFILES); | |||||
Set<EmailSubscriberDto> subscribers = underTest.selectQualityProfileAdministratorLogins(dbSession); | Set<EmailSubscriberDto> subscribers = underTest.selectQualityProfileAdministratorLogins(dbSession); | ||||
@Test | @Test | ||||
public void selectQualityProfileAdministratorLogins_return_users_within_quality_profile_administrator_group() { | public void selectQualityProfileAdministratorLogins_return_users_within_quality_profile_administrator_group() { | ||||
OrganizationDto organization1 = db.organizations().insert(); | |||||
GroupDto qualityProfileAdministratorGroup1 = db.users().insertGroup(organization1); | |||||
GroupDto qualityProfileAdministratorGroup1 = db.users().insertGroup(); | |||||
db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup1, ADMINISTER_QUALITY_PROFILES); | db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup1, ADMINISTER_QUALITY_PROFILES); | ||||
UserDto user1 = db.users().insertUser(withEmail("user1")); | UserDto user1 = db.users().insertUser(withEmail("user1")); | ||||
db.users().insertMember(qualityProfileAdministratorGroup1, user1); | db.users().insertMember(qualityProfileAdministratorGroup1, user1); | ||||
OrganizationDto organization2 = db.organizations().insert(); | |||||
GroupDto qualityProfileAdministratorGroup2 = db.users().insertGroup(organization2); | |||||
GroupDto qualityProfileAdministratorGroup2 = db.users().insertGroup(); | |||||
db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup2, ADMINISTER_QUALITY_PROFILES); | db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup2, ADMINISTER_QUALITY_PROFILES); | ||||
UserDto user2 = db.users().insertUser(withEmail("user2")); | UserDto user2 = db.users().insertUser(withEmail("user2")); | ||||
db.users().insertMember(qualityProfileAdministratorGroup2, user2); | db.users().insertMember(qualityProfileAdministratorGroup2, user2); | ||||
@Test | @Test | ||||
public void selectQualityProfileAdministratorLogins_does_not_return_non_quality_profile_administrator() { | public void selectQualityProfileAdministratorLogins_does_not_return_non_quality_profile_administrator() { | ||||
OrganizationDto organization1 = db.organizations().insert(); | |||||
UserDto user1 = db.users().insertUser(withEmail("user1")); | UserDto user1 = db.users().insertUser(withEmail("user1")); | ||||
db.users().insertPermissionOnUser(organization1, user1, ADMINISTER); | |||||
db.users().insertPermissionOnUser(user1, ADMINISTER); | |||||
db.users().insertUser(withoutEmail("user2")); | db.users().insertUser(withoutEmail("user2")); | ||||
Set<EmailSubscriberDto> subscribers = underTest.selectQualityProfileAdministratorLogins(dbSession); | Set<EmailSubscriberDto> subscribers = underTest.selectQualityProfileAdministratorLogins(dbSession); | ||||
@Test | @Test | ||||
public void selectQualityProfileAdministratorLogins_does_not_return_quality_profile_administrator_without_email() { | public void selectQualityProfileAdministratorLogins_does_not_return_quality_profile_administrator_without_email() { | ||||
OrganizationDto organization1 = db.organizations().insert(); | |||||
UserDto user1NoEmail = db.users().insertUser(withoutEmail("user1NoEmail")); | UserDto user1NoEmail = db.users().insertUser(withoutEmail("user1NoEmail")); | ||||
db.users().insertPermissionOnUser(organization1, user1NoEmail, ADMINISTER_QUALITY_PROFILES); | |||||
db.users().insertPermissionOnUser(user1NoEmail, ADMINISTER_QUALITY_PROFILES); | |||||
UserDto user1WithEmail = db.users().insertUser(withEmail("user1WithEmail")); | UserDto user1WithEmail = db.users().insertUser(withEmail("user1WithEmail")); | ||||
db.users().insertPermissionOnUser(organization1, user1WithEmail, ADMINISTER_QUALITY_PROFILES); | |||||
GroupDto qualityProfileAdministratorGroup1 = db.users().insertGroup(organization1); | |||||
db.users().insertPermissionOnUser(user1WithEmail, ADMINISTER_QUALITY_PROFILES); | |||||
GroupDto qualityProfileAdministratorGroup1 = db.users().insertGroup(); | |||||
db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup1, ADMINISTER_QUALITY_PROFILES); | db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup1, ADMINISTER_QUALITY_PROFILES); | ||||
UserDto user2NoEmail = db.users().insertUser(withoutEmail("user2NoEmail")); | UserDto user2NoEmail = db.users().insertUser(withoutEmail("user2NoEmail")); | ||||
db.users().insertMember(qualityProfileAdministratorGroup1, user2NoEmail); | db.users().insertMember(qualityProfileAdministratorGroup1, user2NoEmail); | ||||
UserDto user2WithEmail = db.users().insertUser(withEmail("user2WithEmail")); | UserDto user2WithEmail = db.users().insertUser(withEmail("user2WithEmail")); | ||||
db.users().insertMember(qualityProfileAdministratorGroup1, user2WithEmail); | db.users().insertMember(qualityProfileAdministratorGroup1, user2WithEmail); | ||||
OrganizationDto organization2 = db.organizations().insert(); | |||||
GroupDto qualityProfileAdministratorGroup2 = db.users().insertGroup(organization2); | |||||
GroupDto qualityProfileAdministratorGroup2 = db.users().insertGroup(); | |||||
db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup2, ADMINISTER_QUALITY_PROFILES); | db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup2, ADMINISTER_QUALITY_PROFILES); | ||||
UserDto user3NoEmail = db.users().insertUser(withoutEmail("user3NoEmail")); | UserDto user3NoEmail = db.users().insertUser(withoutEmail("user3NoEmail")); | ||||
db.users().insertMember(qualityProfileAdministratorGroup2, user3NoEmail); | db.users().insertMember(qualityProfileAdministratorGroup2, user3NoEmail); | ||||
UserDto user3WithEmail = db.users().insertUser(withEmail("user3WithEmail")); | UserDto user3WithEmail = db.users().insertUser(withEmail("user3WithEmail")); | ||||
db.users().insertMember(qualityProfileAdministratorGroup2, user3WithEmail); | db.users().insertMember(qualityProfileAdministratorGroup2, user3WithEmail); | ||||
UserDto user4NoEmail = db.users().insertUser(withoutEmail("user4NoEmail")); | UserDto user4NoEmail = db.users().insertUser(withoutEmail("user4NoEmail")); | ||||
db.users().insertPermissionOnUser(organization1, user4NoEmail, ADMINISTER_QUALITY_PROFILES); | |||||
db.users().insertPermissionOnUser(user4NoEmail, ADMINISTER_QUALITY_PROFILES); | |||||
UserDto user4WithEmail = db.users().insertUser(withEmail("user4WithEmail")); | UserDto user4WithEmail = db.users().insertUser(withEmail("user4WithEmail")); | ||||
db.users().insertPermissionOnUser(organization1, user4WithEmail, ADMINISTER_QUALITY_PROFILES); | |||||
db.users().insertPermissionOnUser(user4WithEmail, ADMINISTER_QUALITY_PROFILES); | |||||
UserDto user5NoEmail = db.users().insertUser(withoutEmail("user5NoEmail")); | UserDto user5NoEmail = db.users().insertUser(withoutEmail("user5NoEmail")); | ||||
db.users().insertPermissionOnUser(organization2, user5NoEmail, ADMINISTER_QUALITY_PROFILES); | |||||
db.users().insertPermissionOnUser(user5NoEmail, ADMINISTER_QUALITY_PROFILES); | |||||
UserDto user5WithEmail = db.users().insertUser(withEmail("user5WithEmail")); | UserDto user5WithEmail = db.users().insertUser(withEmail("user5WithEmail")); | ||||
db.users().insertPermissionOnUser(organization2, user5WithEmail, ADMINISTER_QUALITY_PROFILES); | |||||
db.users().insertPermissionOnUser(user5WithEmail, ADMINISTER_QUALITY_PROFILES); | |||||
db.users().insertUser(withoutEmail("user6NoEmail")); | db.users().insertUser(withoutEmail("user6NoEmail")); | ||||
db.users().insertUser(withEmail("user6WithEmail")); | db.users().insertUser(withEmail("user6WithEmail")); | ||||
@Test | @Test | ||||
public void selectGlobalAdministerEmailSubscribers_returns_only_global_administers() { | public void selectGlobalAdministerEmailSubscribers_returns_only_global_administers() { | ||||
OrganizationDto organization1 = db.organizations().insert(); | |||||
UserDto user1 = db.users().insertUser(withEmail("user1")); | UserDto user1 = db.users().insertUser(withEmail("user1")); | ||||
db.users().insertPermissionOnUser(organization1, user1, ADMINISTER); | |||||
OrganizationDto organization2 = db.organizations().insert(); | |||||
db.users().insertPermissionOnUser(user1, ADMINISTER); | |||||
UserDto user2 = db.users().insertUser(withEmail("user2")); | UserDto user2 = db.users().insertUser(withEmail("user2")); | ||||
db.users().insertPermissionOnUser(organization2, user2, ADMINISTER); | |||||
db.users().insertPermissionOnUser(user2, ADMINISTER); | |||||
// user3 is global administer via a group | // user3 is global administer via a group | ||||
GroupDto administratorGroup2 = db.users().insertGroup(organization2); | |||||
GroupDto administratorGroup2 = db.users().insertGroup(); | |||||
db.users().insertPermissionOnGroup(administratorGroup2, ADMINISTER); | db.users().insertPermissionOnGroup(administratorGroup2, ADMINISTER); | ||||
UserDto user3 = db.users().insertUser(withEmail("user3")); | UserDto user3 = db.users().insertUser(withEmail("user3")); | ||||
db.users().insertMember(administratorGroup2, user3); | db.users().insertMember(administratorGroup2, user3); | ||||
// user4 has another global permission via a group | // user4 has another global permission via a group | ||||
GroupDto administratorGroup3 = db.users().insertGroup(organization2); | |||||
GroupDto administratorGroup3 = db.users().insertGroup(); | |||||
db.users().insertPermissionOnGroup(administratorGroup3, QUALITY_PROFILE_ADMIN); | db.users().insertPermissionOnGroup(administratorGroup3, QUALITY_PROFILE_ADMIN); | ||||
UserDto user4 = db.users().insertUser(withEmail("user4")); | UserDto user4 = db.users().insertUser(withEmail("user4")); | ||||
db.users().insertMember(administratorGroup3, user4); | db.users().insertMember(administratorGroup3, user4); | ||||
// user5 is only project level administer | // user5 is only project level administer | ||||
UserDto user5 = db.users().insertUser(withEmail("user5")); | UserDto user5 = db.users().insertUser(withEmail("user5")); | ||||
// db.users().insertPermissionOnUser(organization1, user5, ADMINISTER); | |||||
// db.users().insertPermissionOnUser(user5, ADMINISTER); | |||||
db.users().insertProjectPermissionOnUser(user5, "admin", project); | db.users().insertProjectPermissionOnUser(user5, "admin", project); | ||||
// user6 has other global permission | // user6 has other global permission | ||||
UserDto user6 = db.users().insertUser(withEmail("user6")); | UserDto user6 = db.users().insertUser(withEmail("user6")); | ||||
db.users().insertPermissionOnUser(organization1, user6, ADMINISTER_QUALITY_PROFILES); | |||||
db.users().insertPermissionOnUser(user6, ADMINISTER_QUALITY_PROFILES); | |||||
// user7 has no permission | // user7 has no permission | ||||
db.users().insertUser(withEmail("user7")); | db.users().insertUser(withEmail("user7")); | ||||
@Test | @Test | ||||
public void selectGlobalAdministerEmailSubscribers_ignores_global_administers_without_email() { | public void selectGlobalAdministerEmailSubscribers_ignores_global_administers_without_email() { | ||||
OrganizationDto organization1 = db.organizations().insert(); | |||||
// user1 and user1NoEmail are global administers on org1 | |||||
// user1 and user1NoEmail are global administers | |||||
UserDto user1 = db.users().insertUser(withEmail("user1")); | UserDto user1 = db.users().insertUser(withEmail("user1")); | ||||
db.users().insertPermissionOnUser(organization1, user1, ADMINISTER); | |||||
db.users().insertPermissionOnUser(user1, ADMINISTER); | |||||
UserDto user1NoEmail = db.users().insertUser(withoutEmail("user1NoEmail")); | UserDto user1NoEmail = db.users().insertUser(withoutEmail("user1NoEmail")); | ||||
db.users().insertPermissionOnUser(organization1, user1NoEmail, ADMINISTER); | |||||
// user2 and user2NoEmail are global administers on org2 | |||||
OrganizationDto organization2 = db.organizations().insert(); | |||||
db.users().insertPermissionOnUser(user1NoEmail, ADMINISTER); | |||||
// user2 and user2NoEmail are global administers | |||||
UserDto user2 = db.users().insertUser(withEmail("user2")); | UserDto user2 = db.users().insertUser(withEmail("user2")); | ||||
db.users().insertPermissionOnUser(organization2, user2, ADMINISTER); | |||||
db.users().insertPermissionOnUser(user2, ADMINISTER); | |||||
UserDto user2NoEmail = db.users().insertUser(withoutEmail("user2NoEmail")); | UserDto user2NoEmail = db.users().insertUser(withoutEmail("user2NoEmail")); | ||||
db.users().insertPermissionOnUser(organization2, user2NoEmail, ADMINISTER); | |||||
db.users().insertPermissionOnUser(user2NoEmail, ADMINISTER); | |||||
// user3 and user3NoEmail are global administer via a group | // user3 and user3NoEmail are global administer via a group | ||||
GroupDto administratorGroup2 = db.users().insertGroup(organization2); | |||||
GroupDto administratorGroup2 = db.users().insertGroup(); | |||||
db.users().insertPermissionOnGroup(administratorGroup2, ADMINISTER); | db.users().insertPermissionOnGroup(administratorGroup2, ADMINISTER); | ||||
UserDto user3 = db.users().insertUser(withEmail("user3")); | UserDto user3 = db.users().insertUser(withEmail("user3")); | ||||
db.users().insertMember(administratorGroup2, user3); | db.users().insertMember(administratorGroup2, user3); | ||||
@Test | @Test | ||||
public void keepAuthorizedLoginsOnProject_return_correct_users_on_public_project() { | public void keepAuthorizedLoginsOnProject_return_correct_users_on_public_project() { | ||||
ComponentDto project = db.components().insertPublicProject(organization); | |||||
ComponentDto project = db.components().insertPublicProject(); | |||||
UserDto user1 = db.users().insertUser(); | UserDto user1 = db.users().insertUser(); | ||||
// admin2 with ADMIN role through group | // admin2 with ADMIN role through group | ||||
UserDto admin2 = db.users().insertUser(); | UserDto admin2 = db.users().insertUser(); | ||||
GroupDto adminGroup = db.users().insertGroup(organization, "ADMIN"); | |||||
GroupDto adminGroup = db.users().insertGroup("ADMIN"); | |||||
db.users().insertMember(adminGroup, admin2); | db.users().insertMember(adminGroup, admin2); | ||||
db.users().insertProjectPermissionOnGroup(adminGroup, UserRole.ADMIN, project); | db.users().insertProjectPermissionOnGroup(adminGroup, UserRole.ADMIN, project); | ||||
@Test | @Test | ||||
public void keepAuthorizedLoginsOnProject_return_correct_users_on_private_project() { | public void keepAuthorizedLoginsOnProject_return_correct_users_on_private_project() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
GroupDto userGroup = db.users().insertGroup(organization, "USERS"); | |||||
GroupDto adminGroup = db.users().insertGroup(organization, "ADMIN"); | |||||
GroupDto userGroup = db.users().insertGroup("USERS"); | |||||
GroupDto adminGroup = db.users().insertGroup("ADMIN"); | |||||
db.users().insertProjectPermissionOnGroup(userGroup, UserRole.USER, project); | db.users().insertProjectPermissionOnGroup(userGroup, UserRole.USER, project); | ||||
db.users().insertProjectPermissionOnGroup(adminGroup, UserRole.ADMIN, project); | db.users().insertProjectPermissionOnGroup(adminGroup, UserRole.ADMIN, project); | ||||
@Test | @Test | ||||
public void keepAuthorizedLoginsOnProject_return_correct_users_on_branch() { | public void keepAuthorizedLoginsOnProject_return_correct_users_on_branch() { | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
ComponentDto branch = db.components().insertProjectBranch(project, c -> c.setBranchType(BranchType.BRANCH)); | ComponentDto branch = db.components().insertProjectBranch(project, c -> c.setBranchType(BranchType.BRANCH)); | ||||
GroupDto userGroup = db.users().insertGroup(organization, "USERS"); | |||||
GroupDto adminGroup = db.users().insertGroup(organization, "ADMIN"); | |||||
GroupDto userGroup = db.users().insertGroup("USERS"); | |||||
GroupDto adminGroup = db.users().insertGroup("ADMIN"); | |||||
db.users().insertProjectPermissionOnGroup(userGroup, UserRole.USER, project); | db.users().insertProjectPermissionOnGroup(userGroup, UserRole.USER, project); | ||||
db.users().insertProjectPermissionOnGroup(adminGroup, UserRole.ADMIN, project); | db.users().insertProjectPermissionOnGroup(adminGroup, UserRole.ADMIN, project); | ||||
@Test | @Test | ||||
public void create_query() { | public void create_query() { | ||||
OrganizationDto organization = newOrganizationDto(); | OrganizationDto organization = newOrganizationDto(); | ||||
ComponentDto project= newPublicProjectDto(organization); | |||||
ComponentDto project = newPublicProjectDto(organization); | |||||
PermissionQuery query = PermissionQuery.builder() | PermissionQuery query = PermissionQuery.builder() | ||||
.setComponent(project) | .setComponent(project) | ||||
.setOrganizationUuid("ORGANIZATION_UUID") | |||||
.setPermission("user") | .setPermission("user") | ||||
.setSearchQuery("sonar") | .setSearchQuery("sonar") | ||||
.build(); | .build(); | ||||
assertThat(query.getComponentUuid()).isEqualTo(project.uuid()); | assertThat(query.getComponentUuid()).isEqualTo(project.uuid()); | ||||
assertThat(query.getOrganizationUuid()).isEqualTo("ORGANIZATION_UUID"); | |||||
assertThat(query.getPermission()).isEqualTo("user"); | assertThat(query.getPermission()).isEqualTo("user"); | ||||
assertThat(query.getSearchQuery()).isEqualTo("sonar"); | assertThat(query.getSearchQuery()).isEqualTo("sonar"); | ||||
} | } | ||||
@Test | @Test | ||||
public void create_query_with_pagination() { | public void create_query_with_pagination() { | ||||
PermissionQuery query = PermissionQuery.builder() | PermissionQuery query = PermissionQuery.builder() | ||||
.setOrganizationUuid("ORGANIZATION_UUID") | |||||
.setPageSize(10) | .setPageSize(10) | ||||
.setPageIndex(5) | .setPageIndex(5) | ||||
.build(); | .build(); | ||||
@Test | @Test | ||||
public void create_query_with_default_pagination() { | public void create_query_with_default_pagination() { | ||||
PermissionQuery query = PermissionQuery.builder() | PermissionQuery query = PermissionQuery.builder() | ||||
.setOrganizationUuid("ORGANIZATION_UUID") | |||||
.build(); | .build(); | ||||
assertThat(query.getPageOffset()).isEqualTo(0); | assertThat(query.getPageOffset()).isEqualTo(0); | ||||
assertThat(query.getPageSize()).isEqualTo(20); | assertThat(query.getPageSize()).isEqualTo(20); | ||||
} | } | ||||
@Test | |||||
public void fail_when_no_organization() { | |||||
expectedException.expect(NullPointerException.class); | |||||
expectedException.expectMessage("Organization UUID cannot be null"); | |||||
PermissionQuery.builder().setOrganizationUuid(null).build(); | |||||
} | |||||
@Test | @Test | ||||
public void fail_when_search_query_length_is_less_than_3_characters() { | public void fail_when_search_query_length_is_less_than_3_characters() { | ||||
expectedException.expect(IllegalArgumentException.class); | expectedException.expect(IllegalArgumentException.class); | ||||
expectedException.expectMessage("Search query should contains at least 3 characters"); | expectedException.expectMessage("Search query should contains at least 3 characters"); | ||||
PermissionQuery.builder() | PermissionQuery.builder() | ||||
.setOrganizationUuid("ORGANIZATION_UUID") | |||||
.setSearchQuery("so") | .setSearchQuery("so") | ||||
.build(); | .build(); | ||||
} | } |
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
import static org.assertj.core.api.Assertions.tuple; | import static org.assertj.core.api.Assertions.tuple; | ||||
import static org.sonar.api.web.UserRole.ADMIN; | import static org.sonar.api.web.UserRole.ADMIN; | ||||
import static org.sonar.api.web.UserRole.CODEVIEWER; | |||||
import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | ||||
import static org.sonar.api.web.UserRole.USER; | import static org.sonar.api.web.UserRole.USER; | ||||
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; | import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; | ||||
@Test | @Test | ||||
public void select_global_permissions() { | public void select_global_permissions() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
OrganizationDto org2 = db.organizations().insert(); | OrganizationDto org2 = db.organizations().insert(); | ||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"), organization, org2); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"), organization, org2); | |||||
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com"), organization); | |||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
UserPermissionDto global1 = addGlobalPermission(organization, SYSTEM_ADMIN, user1); | |||||
UserPermissionDto global2 = addGlobalPermission(organization, SYSTEM_ADMIN, user2); | |||||
UserPermissionDto global3 = addGlobalPermission(organization, PROVISIONING, user2); | |||||
UserPermissionDto project1Perm = addProjectPermission(organization, USER, user3, project); | |||||
// permissions on another organization, to be excluded | |||||
UserPermissionDto org2Global1 = addGlobalPermission(org2, SYSTEM_ADMIN, user1); | |||||
UserPermissionDto org2Global2 = addGlobalPermission(org2, PROVISIONING, user2); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com")); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com")); | |||||
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com")); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
UserPermissionDto global1 = addGlobalPermission(SYSTEM_ADMIN, user1); | |||||
UserPermissionDto global2 = addGlobalPermission(SYSTEM_ADMIN, user2); | |||||
UserPermissionDto global3 = addGlobalPermission(PROVISIONING, user2); | |||||
UserPermissionDto project1Perm = addProjectPermission(USER, user3, project); | |||||
// global permissions of users who has at least one global permission, ordered by user name then permission | // global permissions of users who has at least one global permission, ordered by user name then permission | ||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().build(); | |||||
PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().build(); | |||||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global3, global1); | expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global3, global1); | ||||
// default query returns all users, whatever their permissions nor organizations | // default query returns all users, whatever their permissions nor organizations | ||||
// (that's a non-sense, but still this is required for api/permissions/groups | // (that's a non-sense, but still this is required for api/permissions/groups | ||||
// when filtering users by name) | // when filtering users by name) | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid(), user3.getUuid()), global2, global3, org2Global2, global1, org2Global1, project1Perm); | |||||
query = PermissionQuery.builder().build(); | |||||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid(), user3.getUuid()), global2, global3, global1, project1Perm); | |||||
// global permissions "admin" | // global permissions "admin" | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setPermission(SYSTEM_ADMIN).build(); | |||||
query = PermissionQuery.builder().setPermission(SYSTEM_ADMIN).build(); | |||||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global1); | expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global1); | ||||
// empty if nobody has the specified global permission | // empty if nobody has the specified global permission | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setPermission("missing").build(); | |||||
query = PermissionQuery.builder().setPermission("missing").build(); | |||||
expectPermissions(query, emptyList()); | expectPermissions(query, emptyList()); | ||||
// search by user name (matches 2 users) | // search by user name (matches 2 users) | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setSearchQuery("mari").build(); | |||||
query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("mari").build(); | |||||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global3, global1); | expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global3, global1); | ||||
// search by user login | // search by user login | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setSearchQuery("ogin2").build(); | |||||
query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("ogin2").build(); | |||||
expectPermissions(query, singletonList(user2.getUuid()), global2, global3); | expectPermissions(query, singletonList(user2.getUuid()), global2, global3); | ||||
// search by user email | // search by user email | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setSearchQuery("mail2").build(); | |||||
query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("mail2").build(); | |||||
expectPermissions(query, singletonList(user2.getUuid()), global2, global3); | expectPermissions(query, singletonList(user2.getUuid()), global2, global3); | ||||
// search by user name (matches 2 users) and global permission | // search by user name (matches 2 users) and global permission | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("Mari").setPermission(PROVISIONING).build(); | |||||
query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(PROVISIONING).build(); | |||||
expectPermissions(query, singletonList(user2.getUuid()), global3); | expectPermissions(query, singletonList(user2.getUuid()), global3); | ||||
// search by user name (no match) | // search by user name (no match) | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("Unknown").build(); | |||||
query = PermissionQuery.builder().setSearchQuery("Unknown").build(); | |||||
expectPermissions(query, emptyList()); | expectPermissions(query, emptyList()); | ||||
} | } | ||||
@Test | @Test | ||||
public void select_project_permissions() { | public void select_project_permissions() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"), organization); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"), organization); | |||||
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com"), organization); | |||||
addGlobalPermission(organization, SYSTEM_ADMIN, user1); | |||||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||||
UserPermissionDto perm1 = addProjectPermission(organization, USER, user1, project1); | |||||
UserPermissionDto perm2 = addProjectPermission(organization, ISSUE_ADMIN, user1, project1); | |||||
UserPermissionDto perm3 = addProjectPermission(organization, ISSUE_ADMIN, user2, project1); | |||||
addProjectPermission(organization, ISSUE_ADMIN, user3, project2); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com")); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com")); | |||||
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com")); | |||||
addGlobalPermission(SYSTEM_ADMIN, user1); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
UserPermissionDto perm1 = addProjectPermission(USER, user1, project1); | |||||
UserPermissionDto perm2 = addProjectPermission(ISSUE_ADMIN, user1, project1); | |||||
UserPermissionDto perm3 = addProjectPermission(ISSUE_ADMIN, user2, project1); | |||||
addProjectPermission(ISSUE_ADMIN, user3, project2); | |||||
// project permissions of users who has at least one permission on this project | // project permissions of users who has at least one permission on this project | ||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setComponent(project1).build(); | |||||
PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().setComponent(project1).build(); | |||||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2, perm1); | expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2, perm1); | ||||
// empty if nobody has the specified global permission | // empty if nobody has the specified global permission | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setPermission("missing").setComponent(project1).build(); | |||||
query = PermissionQuery.builder().setPermission("missing").setComponent(project1).build(); | |||||
expectPermissions(query, emptyList()); | expectPermissions(query, emptyList()); | ||||
// search by user name (matches 2 users), users with at least one permission | // search by user name (matches 2 users), users with at least one permission | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("Mari").withAtLeastOnePermission().setComponent(project1).build(); | |||||
query = PermissionQuery.builder().setSearchQuery("Mari").withAtLeastOnePermission().setComponent(project1).build(); | |||||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2, perm1); | expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2, perm1); | ||||
// search by user name (matches 2 users) and project permission | // search by user name (matches 2 users) and project permission | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("Mari").setPermission(ISSUE_ADMIN).setComponent(project1).build(); | |||||
query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(ISSUE_ADMIN).setComponent(project1).build(); | |||||
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2); | expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2); | ||||
// search by user name (no match) | // search by user name (no match) | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("Unknown").setComponent(project1).build(); | |||||
query = PermissionQuery.builder().setSearchQuery("Unknown").setComponent(project1).build(); | |||||
expectPermissions(query, emptyList()); | expectPermissions(query, emptyList()); | ||||
// permissions of unknown project | // permissions of unknown project | ||||
query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).setComponent(newPrivateProjectDto(organization)).withAtLeastOnePermission().build(); | |||||
query = PermissionQuery.builder().setComponent(newPrivateProjectDto(db.getDefaultOrganization())).withAtLeastOnePermission().build(); | |||||
expectPermissions(query, emptyList()); | expectPermissions(query, emptyList()); | ||||
} | } | ||||
@Test | @Test | ||||
public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase() { | public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com"), organization); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com"), organization); | |||||
UserDto user3 = insertUser(u -> u.setLogin("login3").setName("Z").setEmail("zanother3@another.com"), organization); | |||||
UserDto user4 = insertUser(u -> u.setLogin("login4").setName("A").setEmail("zanother3@another.com"), organization); | |||||
addGlobalPermission(organization, SYSTEM_ADMIN, user1); | |||||
addGlobalPermission(organization, QUALITY_PROFILE_ADMIN, user2); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com")); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com")); | |||||
UserDto user3 = insertUser(u -> u.setLogin("login3").setName("Z").setEmail("zanother3@another.com")); | |||||
UserDto user4 = insertUser(u -> u.setLogin("login4").setName("A").setEmail("zanother3@another.com")); | |||||
addGlobalPermission(SYSTEM_ADMIN, user1); | |||||
addGlobalPermission(QUALITY_PROFILE_ADMIN, user2); | |||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||||
PermissionQuery query = PermissionQuery.builder().build(); | |||||
assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query)) | assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query)) | ||||
.containsExactly(user2.getUuid(), user1.getUuid(), user4.getUuid(), user3.getUuid()); | .containsExactly(user2.getUuid(), user1.getUuid(), user4.getUuid(), user3.getUuid()); | ||||
@Test | @Test | ||||
public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase_when_high_number_of_users_for_global_permissions() { | public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase_when_high_number_of_users_for_global_permissions() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | ||||
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i), organization); | |||||
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i)); | |||||
// Add permission on project to be sure projects are excluded | // Add permission on project to be sure projects are excluded | ||||
db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project); | db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project); | ||||
}); | }); | ||||
String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1); | String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1); | ||||
UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin); | UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin); | ||||
addGlobalPermission(organization, SYSTEM_ADMIN, lastUser); | |||||
addGlobalPermission(SYSTEM_ADMIN, lastUser); | |||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||||
PermissionQuery query = PermissionQuery.builder().build(); | |||||
assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query)) | assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query)) | ||||
.hasSize(DEFAULT_PAGE_SIZE) | .hasSize(DEFAULT_PAGE_SIZE) | ||||
@Test | @Test | ||||
public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase_when_high_number_of_users_for_project_permissions() { | public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase_when_high_number_of_users_for_project_permissions() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | ||||
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i), organization); | |||||
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i)); | |||||
// Add global permission to be sure they are excluded | // Add global permission to be sure they are excluded | ||||
addGlobalPermission(organization, SYSTEM_ADMIN, user); | |||||
addGlobalPermission(SYSTEM_ADMIN, user); | |||||
}); | }); | ||||
String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1); | String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1); | ||||
UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin); | UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin); | ||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
db.users().insertProjectPermissionOnUser(lastUser, SCAN.getKey(), project); | db.users().insertProjectPermissionOnUser(lastUser, SCAN.getKey(), project); | ||||
PermissionQuery query = PermissionQuery.builder() | PermissionQuery query = PermissionQuery.builder() | ||||
.setComponent(project) | .setComponent(project) | ||||
.setOrganizationUuid(organization.getUuid()).build(); | |||||
.build(); | |||||
assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query)) | assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query)) | ||||
.hasSize(DEFAULT_PAGE_SIZE) | .hasSize(DEFAULT_PAGE_SIZE) | ||||
@Test | @Test | ||||
public void selectUserUuidsByQuery_is_not_ordering_by_number_of_permissions() { | public void selectUserUuidsByQuery_is_not_ordering_by_number_of_permissions() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com"), organization); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com"), organization); | |||||
addGlobalPermission(organization, SYSTEM_ADMIN, user1); | |||||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||||
addProjectPermission(organization, USER, user2, project1); | |||||
addProjectPermission(organization, USER, user1, project1); | |||||
addProjectPermission(organization, ADMIN, user1, project1); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com")); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com")); | |||||
addGlobalPermission(SYSTEM_ADMIN, user1); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
addProjectPermission(USER, user2, project1); | |||||
addProjectPermission(USER, user1, project1); | |||||
addProjectPermission(ADMIN, user1, project1); | |||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||||
PermissionQuery query = PermissionQuery.builder().build(); | |||||
// Even if user1 has 3 permissions, the name is used to order | // Even if user1 has 3 permissions, the name is used to order | ||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)) | assertThat(underTest.selectUserUuidsByQuery(dbSession, query)) | ||||
@Test | @Test | ||||
public void countUsersByProjectPermission() { | public void countUsersByProjectPermission() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(organization); | |||||
UserDto user2 = insertUser(organization); | |||||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||||
addGlobalPermission(organization, SYSTEM_ADMIN, user1); | |||||
addProjectPermission(organization, USER, user1, project1); | |||||
addProjectPermission(organization, ISSUE_ADMIN, user1, project1); | |||||
addProjectPermission(organization, ISSUE_ADMIN, user2, project1); | |||||
addProjectPermission(organization, ISSUE_ADMIN, user2, project2); | |||||
UserDto user1 = insertUser(); | |||||
UserDto user2 = insertUser(); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
addGlobalPermission(SYSTEM_ADMIN, user1); | |||||
addProjectPermission(USER, user1, project1); | |||||
addProjectPermission(ISSUE_ADMIN, user1, project1); | |||||
addProjectPermission(ISSUE_ADMIN, user2, project1); | |||||
addProjectPermission(ISSUE_ADMIN, user2, project2); | |||||
// no projects -> return empty list | // no projects -> return empty list | ||||
assertThat(underTest.countUsersByProjectPermission(dbSession, emptyList())).isEmpty(); | assertThat(underTest.countUsersByProjectPermission(dbSession, emptyList())).isEmpty(); | ||||
@Test | @Test | ||||
public void selectUserUuidsByQuery() { | public void selectUserUuidsByQuery() { | ||||
OrganizationDto org1 = db.organizations().insert(); | |||||
OrganizationDto org2 = db.organizations().insert(); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"), org1, org2); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"), org1, org2); | |||||
ComponentDto project1 = db.components().insertPrivateProject(org1); | |||||
ComponentDto project2 = db.components().insertPrivateProject(org2); | |||||
addProjectPermission(org1, USER, user1, project1); | |||||
addProjectPermission(org1, USER, user2, project1); | |||||
addProjectPermission(org2, USER, user1, project2); | |||||
addProjectPermission(org1, ISSUE_ADMIN, user2, project1); | |||||
addProjectPermission(org2, ISSUE_ADMIN, user2, project2); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com")); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com")); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
addProjectPermission(USER, user1, project1); | |||||
addProjectPermission(USER, user2, project1); | |||||
addProjectPermission(ISSUE_ADMIN, user2, project1); | |||||
// logins are ordered by user name: user2 ("Marie") then user1 ("Marius") | // logins are ordered by user name: user2 ("Marie") then user1 ("Marius") | ||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(project1.getOrganizationUuid()).setComponent(project1).withAtLeastOnePermission().build(); | |||||
PermissionQuery query = PermissionQuery.builder().setComponent(project1).withAtLeastOnePermission().build(); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user2.getUuid(), user1.getUuid()); | assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user2.getUuid(), user1.getUuid()); | ||||
query = PermissionQuery.builder().setOrganizationUuid("anotherOrg").setComponent(project1).withAtLeastOnePermission().build(); | |||||
query = PermissionQuery.builder().setComponent(project2).withAtLeastOnePermission().build(); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).isEmpty(); | assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).isEmpty(); | ||||
// on a project without permissions | // on a project without permissions | ||||
query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setComponent(newPrivateProjectDto(org1)).withAtLeastOnePermission().build(); | |||||
query = PermissionQuery.builder().setComponent(newPrivateProjectDto(db.getDefaultOrganization())).withAtLeastOnePermission().build(); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).isEmpty(); | assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).isEmpty(); | ||||
// search all users whose name matches "mar", whatever the permissions | // search all users whose name matches "mar", whatever the permissions | ||||
query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setSearchQuery("mar").build(); | |||||
query = PermissionQuery.builder().setSearchQuery("mar").build(); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user2.getUuid(), user1.getUuid()); | assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user2.getUuid(), user1.getUuid()); | ||||
// search all users whose name matches "mariu", whatever the permissions | // search all users whose name matches "mariu", whatever the permissions | ||||
query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setSearchQuery("mariu").build(); | |||||
query = PermissionQuery.builder().setSearchQuery("mariu").build(); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user1.getUuid()); | assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user1.getUuid()); | ||||
// search all users whose name matches "mariu", whatever the permissions | // search all users whose name matches "mariu", whatever the permissions | ||||
query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setSearchQuery("mariu").setComponent(project1).build(); | |||||
query = PermissionQuery.builder().setSearchQuery("mariu").setComponent(project1).build(); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user1.getUuid()); | assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user1.getUuid()); | ||||
// search all users whose name matches "mariu", whatever the organization | |||||
query = PermissionQuery.builder().setOrganizationUuid("missingOrg").setSearchQuery("mariu").build(); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
public void selectUserUuidsByQueryAndScope_with_organization_scope() { | public void selectUserUuidsByQueryAndScope_with_organization_scope() { | ||||
OrganizationDto org1 = db.organizations().insert(); | |||||
OrganizationDto org2 = db.organizations().insert(); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"), org1, org2); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"), org1, org2); | |||||
ComponentDto project1 = db.components().insertPrivateProject(org1); | |||||
ComponentDto project2 = db.components().insertPrivateProject(org2); | |||||
addProjectPermission(org1, USER, user1, project1); | |||||
addGlobalPermission(org1, PROVISIONING, user1); | |||||
addProjectPermission(org2, ISSUE_ADMIN, user2, project2); | |||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).build(); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com")); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com")); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
addProjectPermission(USER, user1, project1); | |||||
addGlobalPermission(PROVISIONING, user1); | |||||
addProjectPermission(ISSUE_ADMIN, user2, project2); | |||||
PermissionQuery query = PermissionQuery.builder().build(); | |||||
List<String> result = underTest.selectUserUuidsByQueryAndScope(dbSession, query); | List<String> result = underTest.selectUserUuidsByQueryAndScope(dbSession, query); | ||||
@Test | @Test | ||||
public void selectUserUuidsByQueryAndScope_with_project_scope() { | public void selectUserUuidsByQueryAndScope_with_project_scope() { | ||||
OrganizationDto org1 = db.organizations().insert(); | |||||
OrganizationDto org2 = db.organizations().insert(); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"), org1, org2); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"), org1, org2); | |||||
ComponentDto project1 = db.components().insertPrivateProject(org1); | |||||
ComponentDto project2 = db.components().insertPrivateProject(org2); | |||||
addProjectPermission(org1, USER, user1, project1); | |||||
addGlobalPermission(org1, PROVISIONING, user1); | |||||
addProjectPermission(org2, ISSUE_ADMIN, user2, project2); | |||||
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com")); | |||||
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com")); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
addProjectPermission(USER, user1, project1); | |||||
addGlobalPermission(PROVISIONING, user1); | |||||
addProjectPermission(ISSUE_ADMIN, user2, project2); | |||||
PermissionQuery query = PermissionQuery.builder() | PermissionQuery query = PermissionQuery.builder() | ||||
.setOrganizationUuid(org1.getUuid()) | |||||
.setComponent(project1) | .setComponent(project1) | ||||
.build(); | .build(); | ||||
@Test | @Test | ||||
public void selectUserUuidsByQuery_is_paginated() { | public void selectUserUuidsByQuery_is_paginated() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
List<String> userUuids = new ArrayList<>(); | List<String> userUuids = new ArrayList<>(); | ||||
for (int i = 0; i < 10; i++) { | for (int i = 0; i < 10; i++) { | ||||
String name = "user-" + i; | String name = "user-" + i; | ||||
UserDto user = insertUser(u -> u.setName(name), organization); | |||||
addGlobalPermission(organization, PROVISIONING, user); | |||||
addGlobalPermission(organization, SYSTEM_ADMIN, user); | |||||
UserDto user = insertUser(u -> u.setName(name)); | |||||
addGlobalPermission(PROVISIONING, user); | |||||
addGlobalPermission(SYSTEM_ADMIN, user); | |||||
userUuids.add(user.getUuid()); | userUuids.add(user.getUuid()); | ||||
} | } | ||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().setOrganizationUuid(organization.getUuid()) | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder() | |||||
.setPageSize(3).setPageIndex(1).build())) | .setPageSize(3).setPageIndex(1).build())) | ||||
.containsExactly(userUuids.get(0), userUuids.get(1), userUuids.get(2)); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().setOrganizationUuid(organization.getUuid()) | |||||
.containsExactly(userUuids.get(0), userUuids.get(1), userUuids.get(2)); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder() | |||||
.setPageSize(2).setPageIndex(3).build())) | .setPageSize(2).setPageIndex(3).build())) | ||||
.containsExactly(userUuids.get(4), userUuids.get(5)); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().setOrganizationUuid(organization.getUuid()) | |||||
.containsExactly(userUuids.get(4), userUuids.get(5)); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder() | |||||
.setPageSize(50).setPageIndex(1).build())) | .setPageSize(50).setPageIndex(1).build())) | ||||
.hasSize(10); | |||||
.hasSize(10); | |||||
} | } | ||||
@Test | @Test | ||||
public void selectUserUuidsByQuery_is_sorted_by_insensitive_name() { | public void selectUserUuidsByQuery_is_sorted_by_insensitive_name() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(u -> u.setName("user1"), organization); | |||||
addGlobalPermission(organization, PROVISIONING, user1); | |||||
UserDto user3 = insertUser(u -> u.setName("user3"), organization); | |||||
addGlobalPermission(organization, SYSTEM_ADMIN, user3); | |||||
UserDto user2 = insertUser(u -> u.setName("User2"), organization); | |||||
addGlobalPermission(organization, PROVISIONING, user2); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build())) | |||||
UserDto user1 = insertUser(u -> u.setName("user1")); | |||||
addGlobalPermission(PROVISIONING, user1); | |||||
UserDto user3 = insertUser(u -> u.setName("user3")); | |||||
addGlobalPermission(SYSTEM_ADMIN, user3); | |||||
UserDto user2 = insertUser(u -> u.setName("User2")); | |||||
addGlobalPermission(PROVISIONING, user2); | |||||
assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().build())) | |||||
.containsExactly(user1.getUuid(), user2.getUuid(), user3.getUuid()); | .containsExactly(user1.getUuid(), user2.getUuid(), user3.getUuid()); | ||||
} | } | ||||
@Test | @Test | ||||
public void deleteGlobalPermission() { | public void deleteGlobalPermission() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(organization); | |||||
UserDto user2 = insertUser(organization); | |||||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||||
addGlobalPermission(organization, "perm1", user1); | |||||
addGlobalPermission(organization, "perm2", user1); | |||||
addProjectPermission(organization, "perm1", user1, project1); | |||||
addProjectPermission(organization, "perm3", user2, project1); | |||||
addProjectPermission(organization, "perm4", user2, project2); | |||||
UserDto user1 = insertUser(); | |||||
UserDto user2 = insertUser(); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
addGlobalPermission("perm1", user1); | |||||
addGlobalPermission("perm2", user1); | |||||
addProjectPermission("perm1", user1, project1); | |||||
addProjectPermission("perm3", user2, project1); | |||||
addProjectPermission("perm4", user2, project2); | |||||
// user2 does not have global permissions -> do nothing | // user2 does not have global permissions -> do nothing | ||||
underTest.deleteGlobalPermission(dbSession, user2.getUuid(), "perm1", db.getDefaultOrganization().getUuid()); | |||||
underTest.deleteGlobalPermission(dbSession, user2.getUuid(), "perm1"); | |||||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5); | assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5); | ||||
// global permission is not granted -> do nothing | // global permission is not granted -> do nothing | ||||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "notGranted", db.getDefaultOrganization().getUuid()); | |||||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "notGranted"); | |||||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5); | assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5); | ||||
// permission is on project -> do nothing | // permission is on project -> do nothing | ||||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "perm3", db.getDefaultOrganization().getUuid()); | |||||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5); | |||||
// global permission on another organization-> do nothing | |||||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "notGranted", "anotherOrg"); | |||||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "perm3"); | |||||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5); | assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5); | ||||
// global permission exists -> delete it, but not the project permission with the same name ! | // global permission exists -> delete it, but not the project permission with the same name ! | ||||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "perm1", organization.getUuid()); | |||||
underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "perm1"); | |||||
assertThat(db.countSql(dbSession, "select count(uuid) from user_roles where role='perm1' and component_uuid is null")).isEqualTo(0); | assertThat(db.countSql(dbSession, "select count(uuid) from user_roles where role='perm1' and component_uuid is null")).isEqualTo(0); | ||||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(4); | assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(4); | ||||
} | } | ||||
@Test | @Test | ||||
public void deleteProjectPermission() { | public void deleteProjectPermission() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(organization); | |||||
UserDto user2 = insertUser(organization); | |||||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||||
addGlobalPermission(organization, "perm", user1); | |||||
addProjectPermission(organization, "perm", user1, project1); | |||||
addProjectPermission(organization, "perm", user1, project2); | |||||
addProjectPermission(organization, "perm", user2, project1); | |||||
UserDto user1 = insertUser(); | |||||
UserDto user2 = insertUser(); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
addGlobalPermission("perm", user1); | |||||
addProjectPermission("perm", user1, project1); | |||||
addProjectPermission("perm", user1, project2); | |||||
addProjectPermission("perm", user2, project1); | |||||
// no such provision -> ignore | // no such provision -> ignore | ||||
underTest.deleteProjectPermission(dbSession, user1.getUuid(), "anotherPerm", project1.uuid()); | underTest.deleteProjectPermission(dbSession, user1.getUuid(), "anotherPerm", project1.uuid()); | ||||
@Test | @Test | ||||
public void deleteProjectPermissions() { | public void deleteProjectPermissions() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(organization); | |||||
UserDto user2 = insertUser(organization); | |||||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||||
addGlobalPermission(organization, "perm", user1); | |||||
addProjectPermission(organization, "perm", user1, project1); | |||||
addProjectPermission(organization, "perm", user2, project1); | |||||
addProjectPermission(organization, "perm", user1, project2); | |||||
UserDto user1 = insertUser(); | |||||
UserDto user2 = insertUser(); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
addGlobalPermission("perm", user1); | |||||
addProjectPermission("perm", user1, project1); | |||||
addProjectPermission("perm", user2, project1); | |||||
addProjectPermission("perm", user1, project2); | |||||
underTest.deleteProjectPermissions(dbSession, project1.uuid()); | underTest.deleteProjectPermissions(dbSession, project1.uuid()); | ||||
assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(2); | assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(2); | ||||
@Test | @Test | ||||
public void selectGlobalPermissionsOfUser() { | public void selectGlobalPermissionsOfUser() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(organization); | |||||
UserDto user2 = insertUser(organization); | |||||
UserDto user3 = insertUser(organization); | |||||
OrganizationDto org = db.organizations().insert(); | |||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
addGlobalPermission(db.getDefaultOrganization(), "perm1", user1); | |||||
addGlobalPermission(org, "perm2", user2); | |||||
addGlobalPermission(org, "perm3", user1); | |||||
addProjectPermission(organization, "perm4", user1, project); | |||||
addProjectPermission(organization, "perm5", user1, project); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid(), org.getUuid())).containsOnly("perm3"); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid(), db.getDefaultOrganization().getUuid())).containsOnly("perm1"); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid(), "otherOrg")).isEmpty(); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user3.getUuid(), org.getUuid())).isEmpty(); | |||||
UserDto user1 = insertUser(); | |||||
UserDto user2 = insertUser(); | |||||
UserDto user3 = insertUser(); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
addGlobalPermission("perm1", user1); | |||||
addGlobalPermission("perm2", user2); | |||||
addGlobalPermission("perm3", user1); | |||||
addProjectPermission("perm4", user1, project); | |||||
addProjectPermission("perm5", user2, project); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly("perm1", "perm3"); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly("perm2"); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user3.getUuid())).isEmpty(); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, "unknown")).isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
public void selectProjectPermissionsOfUser() { | public void selectProjectPermissionsOfUser() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(organization); | |||||
UserDto user2 = insertUser(organization); | |||||
ComponentDto project1 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project2 = db.components().insertPrivateProject(organization); | |||||
ComponentDto project3 = db.components().insertPrivateProject(organization); | |||||
addGlobalPermission(organization, "perm1", user1); | |||||
addProjectPermission(organization, "perm2", user1, project1); | |||||
addProjectPermission(organization, "perm3", user1, project1); | |||||
addProjectPermission(organization, "perm4", user1, project2); | |||||
addProjectPermission(organization, "perm5", user2, project1); | |||||
UserDto user1 = insertUser(); | |||||
UserDto user2 = insertUser(); | |||||
ComponentDto project1 = db.components().insertPrivateProject(); | |||||
ComponentDto project2 = db.components().insertPrivateProject(); | |||||
ComponentDto project3 = db.components().insertPrivateProject(); | |||||
addGlobalPermission("perm1", user1); | |||||
addProjectPermission("perm2", user1, project1); | |||||
addProjectPermission("perm3", user1, project1); | |||||
addProjectPermission("perm4", user1, project2); | |||||
addProjectPermission("perm5", user2, project1); | |||||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).containsOnly("perm2", "perm3"); | assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).containsOnly("perm2", "perm3"); | ||||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly("perm4"); | assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly("perm4"); | ||||
@Test | @Test | ||||
public void selectGroupUuidsWithPermissionOnProjectBut_returns_empty_if_project_does_not_exist() { | public void selectGroupUuidsWithPermissionOnProjectBut_returns_empty_if_project_does_not_exist() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto project = randomPublicOrPrivateProject(organization); | |||||
UserDto user = insertUser(organization); | |||||
ComponentDto project = randomPublicOrPrivateProject(); | |||||
UserDto user = insertUser(); | |||||
db.users().insertProjectPermissionOnUser(user, "foo", project); | db.users().insertProjectPermissionOnUser(user, "foo", project); | ||||
assertThat(underTest.selectUserUuidsWithPermissionOnProjectBut(dbSession, "1234", UserRole.USER)) | assertThat(underTest.selectUserUuidsWithPermissionOnProjectBut(dbSession, "1234", UserRole.USER)) | ||||
@Test | @Test | ||||
public void selectGroupUuidsWithPermissionOnProjectBut_returns_only_users_of_projects_which_do_not_have_permission() { | public void selectGroupUuidsWithPermissionOnProjectBut_returns_only_users_of_projects_which_do_not_have_permission() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto project = randomPublicOrPrivateProject(organization); | |||||
UserDto user1 = insertUser(organization); | |||||
UserDto user2 = insertUser(organization); | |||||
ComponentDto project = randomPublicOrPrivateProject(); | |||||
UserDto user1 = insertUser(); | |||||
UserDto user2 = insertUser(); | |||||
db.users().insertProjectPermissionOnUser(user1, "p1", project); | db.users().insertProjectPermissionOnUser(user1, "p1", project); | ||||
db.users().insertProjectPermissionOnUser(user2, "p2", project); | db.users().insertProjectPermissionOnUser(user2, "p2", project); | ||||
@Test | @Test | ||||
public void selectGroupUuidsWithPermissionOnProjectBut_does_not_return_groups_which_have_no_permission_at_all_on_specified_project() { | public void selectGroupUuidsWithPermissionOnProjectBut_does_not_return_groups_which_have_no_permission_at_all_on_specified_project() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto project = randomPublicOrPrivateProject(organization); | |||||
UserDto user1 = insertUser(organization); | |||||
UserDto user2 = insertUser(organization); | |||||
ComponentDto project = randomPublicOrPrivateProject(); | |||||
UserDto user1 = insertUser(); | |||||
UserDto user2 = insertUser(); | |||||
db.users().insertProjectPermissionOnUser(user1, "p1", project); | db.users().insertProjectPermissionOnUser(user1, "p1", project); | ||||
db.users().insertProjectPermissionOnUser(user2, "p2", project); | db.users().insertProjectPermissionOnUser(user2, "p2", project); | ||||
.containsOnly(user2.getUuid()); | .containsOnly(user2.getUuid()); | ||||
} | } | ||||
@Test | |||||
public void deleteByOrganization_does_not_fail_if_table_is_empty() { | |||||
underTest.deleteByOrganization(dbSession, "some uuid"); | |||||
dbSession.commit(); | |||||
} | |||||
@Test | |||||
public void deleteByOrganization_does_not_fail_if_organization_has_no_user_permission() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
underTest.deleteByOrganization(dbSession, organization.getUuid()); | |||||
dbSession.commit(); | |||||
} | |||||
@Test | |||||
public void deleteByOrganization_deletes_all_user_permission_of_specified_organization() { | |||||
OrganizationDto organization1 = db.organizations().insert(); | |||||
OrganizationDto organization2 = db.organizations().insert(); | |||||
OrganizationDto organization3 = db.organizations().insert(); | |||||
UserDto user1 = insertUser(organization1, organization2, organization3); | |||||
UserDto user2 = insertUser(organization1, organization2, organization3); | |||||
UserDto user3 = insertUser(organization1, organization2, organization3); | |||||
db.users().insertPermissionOnUser(organization1, user1, "foo"); | |||||
db.users().insertPermissionOnUser(organization1, user2, "foo"); | |||||
db.users().insertPermissionOnUser(organization1, user2, "bar"); | |||||
db.users().insertPermissionOnUser(organization2, user2, "foo"); | |||||
db.users().insertPermissionOnUser(organization2, user3, "foo"); | |||||
db.users().insertPermissionOnUser(organization2, user3, "bar"); | |||||
db.users().insertPermissionOnUser(organization3, user3, "foo"); | |||||
db.users().insertPermissionOnUser(organization3, user1, "foo"); | |||||
db.users().insertPermissionOnUser(organization3, user1, "bar"); | |||||
underTest.deleteByOrganization(dbSession, organization3.getUuid()); | |||||
dbSession.commit(); | |||||
verifyOrganizationUuidsInTable(organization1.getUuid(), organization2.getUuid()); | |||||
underTest.deleteByOrganization(dbSession, organization2.getUuid()); | |||||
dbSession.commit(); | |||||
verifyOrganizationUuidsInTable(organization1.getUuid()); | |||||
underTest.deleteByOrganization(dbSession, organization1.getUuid()); | |||||
dbSession.commit(); | |||||
verifyOrganizationUuidsInTable(); | |||||
} | |||||
@Test | |||||
public void delete_permissions_of_an_organization_member() { | |||||
OrganizationDto organization1 = db.organizations().insert(); | |||||
OrganizationDto organization2 = db.organizations().insert(); | |||||
ComponentDto project = db.components().insertPrivateProject(organization1); | |||||
UserDto user1 = insertUser(organization1, organization2); | |||||
UserDto user2 = insertUser(organization1, organization2); | |||||
// user 1 permissions | |||||
db.users().insertPermissionOnUser(organization1, user1, SCAN); | |||||
db.users().insertPermissionOnUser(organization1, user1, ADMINISTER); | |||||
db.users().insertProjectPermissionOnUser(user1, UserRole.CODEVIEWER, project); | |||||
db.users().insertPermissionOnUser(organization2, user1, SCAN); | |||||
// user 2 permission | |||||
db.users().insertPermissionOnUser(organization1, user2, SCAN); | |||||
db.users().insertProjectPermissionOnUser(user2, UserRole.CODEVIEWER, project); | |||||
underTest.deleteOrganizationMemberPermissions(dbSession, organization1.getUuid(), user1.getUuid()); | |||||
dbSession.commit(); | |||||
// user 1 permissions | |||||
assertOrgPermissionsOfUser(user1, organization1); | |||||
assertOrgPermissionsOfUser(user1, organization2, SCAN); | |||||
assertProjectPermissionsOfUser(user1, project); | |||||
// user 2 permissions | |||||
assertOrgPermissionsOfUser(user2, organization1, SCAN); | |||||
assertProjectPermissionsOfUser(user2, project, CODEVIEWER); | |||||
} | |||||
@Test | @Test | ||||
public void deleteByUserId() { | public void deleteByUserId() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(organization); | |||||
UserDto user2 = insertUser(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
UserDto user1 = insertUser(); | |||||
UserDto user2 = insertUser(); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
db.users().insertPermissionOnUser(user1, SCAN); | db.users().insertPermissionOnUser(user1, SCAN); | ||||
db.users().insertPermissionOnUser(user1, ADMINISTER); | db.users().insertPermissionOnUser(user1, ADMINISTER); | ||||
db.users().insertProjectPermissionOnUser(user1, ADMINISTER_QUALITY_GATES.getKey(), project); | db.users().insertProjectPermissionOnUser(user1, ADMINISTER_QUALITY_GATES.getKey(), project); | ||||
@Test | @Test | ||||
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_exist() { | public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_exist() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user = insertUser(organization); | |||||
db.users().insertPermissionOnUser(organization, user, SCAN); | |||||
UserDto user = insertUser(); | |||||
db.users().insertPermissionOnUser(user, SCAN); | |||||
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, "124", SCAN.getKey()); | int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, "124", SCAN.getKey()); | ||||
assertThat(deletedCount).isEqualTo(0); | assertThat(deletedCount).isEqualTo(0); | ||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey()); | |||||
} | } | ||||
@Test | @Test | ||||
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_has_no_permission_at_all() { | public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_has_no_permission_at_all() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user = insertUser(organization); | |||||
db.users().insertPermissionOnUser(organization, user, SCAN); | |||||
ComponentDto project = randomPublicOrPrivateProject(organization); | |||||
UserDto user = insertUser(); | |||||
db.users().insertPermissionOnUser(user, SCAN); | |||||
ComponentDto project = randomPublicOrPrivateProject(); | |||||
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project.uuid(), SCAN.getKey()); | int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project.uuid(), SCAN.getKey()); | ||||
assertThat(deletedCount).isEqualTo(0); | assertThat(deletedCount).isEqualTo(0); | ||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey()); | |||||
} | } | ||||
@Test | @Test | ||||
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_have_specified_permission() { | public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_have_specified_permission() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user = insertUser(organization); | |||||
db.users().insertPermissionOnUser(organization, user, SCAN); | |||||
ComponentDto project = randomPublicOrPrivateProject(organization); | |||||
UserDto user = insertUser(); | |||||
db.users().insertPermissionOnUser(user, SCAN); | |||||
ComponentDto project = randomPublicOrPrivateProject(); | |||||
db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project); | db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project); | ||||
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project.uuid(), "p1"); | int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project.uuid(), "p1"); | ||||
assertThat(deletedCount).isEqualTo(0); | assertThat(deletedCount).isEqualTo(0); | ||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user.getUuid(), project.uuid())).containsOnly(SCAN.getKey()); | assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user.getUuid(), project.uuid())).containsOnly(SCAN.getKey()); | ||||
} | } | ||||
@Test | @Test | ||||
public void deleteProjectPermissionOfAnyUser_deletes_specified_permission_for_any_user_on_the_specified_component() { | public void deleteProjectPermissionOfAnyUser_deletes_specified_permission_for_any_user_on_the_specified_component() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user1 = insertUser(organization); | |||||
UserDto user2 = insertUser(organization); | |||||
db.users().insertPermissionOnUser(organization, user1, SCAN); | |||||
db.users().insertPermissionOnUser(organization, user2, SCAN); | |||||
ComponentDto project1 = randomPublicOrPrivateProject(organization); | |||||
ComponentDto project2 = randomPublicOrPrivateProject(organization); | |||||
UserDto user1 = insertUser(); | |||||
UserDto user2 = insertUser(); | |||||
db.users().insertPermissionOnUser(user1, SCAN); | |||||
db.users().insertPermissionOnUser(user2, SCAN); | |||||
ComponentDto project1 = randomPublicOrPrivateProject(); | |||||
ComponentDto project2 = randomPublicOrPrivateProject(); | |||||
db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project1); | db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project1); | ||||
db.users().insertProjectPermissionOnUser(user2, SCAN.getKey(), project1); | db.users().insertProjectPermissionOnUser(user2, SCAN.getKey(), project1); | ||||
db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project2); | db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project2); | ||||
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project1.uuid(), SCAN.getKey()); | int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project1.uuid(), SCAN.getKey()); | ||||
assertThat(deletedCount).isEqualTo(2); | assertThat(deletedCount).isEqualTo(2); | ||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty(); | assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty(); | ||||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty(); | assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty(); | ||||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly(SCAN.getKey()); | assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly(SCAN.getKey()); | ||||
deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project2.uuid(), SCAN.getKey()); | deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project2.uuid(), SCAN.getKey()); | ||||
assertThat(deletedCount).isEqualTo(2); | assertThat(deletedCount).isEqualTo(2); | ||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid(), organization.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(SCAN.getKey()); | |||||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty(); | assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty(); | ||||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty(); | assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty(); | ||||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly(); | assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly(); | ||||
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(PROVISION_PROJECTS.getKey()); | assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(PROVISION_PROJECTS.getKey()); | ||||
} | } | ||||
private ComponentDto randomPublicOrPrivateProject(OrganizationDto organization) { | |||||
return new Random().nextBoolean() ? db.components().insertPrivateProject(organization) : db.components().insertPublicProject(organization); | |||||
private ComponentDto randomPublicOrPrivateProject() { | |||||
return new Random().nextBoolean() ? db.components().insertPrivateProject() : db.components().insertPublicProject(); | |||||
} | } | ||||
private UserDto insertUser(Consumer<UserDto> populateUserDto, OrganizationDto... organizations) { | |||||
private UserDto insertUser(Consumer<UserDto> populateUserDto) { | |||||
UserDto user = db.users().insertUser(populateUserDto); | UserDto user = db.users().insertUser(populateUserDto); | ||||
stream(organizations).forEach(organization -> db.organizations().addMember(organization, user)); | |||||
return user; | return user; | ||||
} | } | ||||
private UserDto insertUser(OrganizationDto... organizations) { | |||||
private UserDto insertUser() { | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
stream(organizations).forEach(organization -> db.organizations().addMember(organization, user)); | |||||
return user; | return user; | ||||
} | } | ||||
private void verifyOrganizationUuidsInTable(String... organizationUuids) { | |||||
assertThat(db.select("select organization_uuid as \"organizationUuid\" from user_roles")) | |||||
.extracting((row) -> (String) row.get("organizationUuid")) | |||||
.containsOnly(organizationUuids); | |||||
} | |||||
private void expectCount(List<String> projectUuids, CountPerProjectPermission... expected) { | private void expectCount(List<String> projectUuids, CountPerProjectPermission... expected) { | ||||
List<CountPerProjectPermission> got = underTest.countUsersByProjectPermission(dbSession, projectUuids); | List<CountPerProjectPermission> got = underTest.countUsersByProjectPermission(dbSession, projectUuids); | ||||
assertThat(got).hasSize(expected.length); | assertThat(got).hasSize(expected.length); | ||||
List<UserPermissionDto> currentPermissions = underTest.selectUserPermissionsByQuery(dbSession, query, expectedUserUuids); | List<UserPermissionDto> currentPermissions = underTest.selectUserPermissionsByQuery(dbSession, query, expectedUserUuids); | ||||
assertThat(currentPermissions).hasSize(expectedPermissions.length); | assertThat(currentPermissions).hasSize(expectedPermissions.length); | ||||
Tuple[] expectedPermissionsAsTuple = Arrays.stream(expectedPermissions) | Tuple[] expectedPermissionsAsTuple = Arrays.stream(expectedPermissions) | ||||
.map(expectedPermission -> tuple(expectedPermission.getUserUuid(), expectedPermission.getPermission(), expectedPermission.getComponentUuid(), | |||||
expectedPermission.getOrganizationUuid())) | |||||
.map(expectedPermission -> tuple(expectedPermission.getUserUuid(), expectedPermission.getPermission(), expectedPermission.getComponentUuid())) | |||||
.toArray(Tuple[]::new); | .toArray(Tuple[]::new); | ||||
assertThat(currentPermissions) | assertThat(currentPermissions) | ||||
.extracting(UserPermissionDto::getUserUuid, UserPermissionDto::getPermission, UserPermissionDto::getComponentUuid, UserPermissionDto::getOrganizationUuid) | |||||
.extracting(UserPermissionDto::getUserUuid, UserPermissionDto::getPermission, UserPermissionDto::getComponentUuid) | |||||
.containsOnly(expectedPermissionsAsTuple); | .containsOnly(expectedPermissionsAsTuple); | ||||
// test method "countUsers()" | // test method "countUsers()" | ||||
assertThat((long) underTest.countUsersByQuery(dbSession, query)).isEqualTo(distinctUsers); | assertThat((long) underTest.countUsersByQuery(dbSession, query)).isEqualTo(distinctUsers); | ||||
} | } | ||||
private UserPermissionDto addGlobalPermission(OrganizationDto org, String permission, UserDto user) { | |||||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), org.getUuid(), permission, user.getUuid(), null); | |||||
underTest.insert(dbSession, dto); | |||||
private UserPermissionDto addGlobalPermission(String permission, UserDto user) { | |||||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), null); | |||||
underTest.insert(dbSession, dto, db.getDefaultOrganization().getUuid()); | |||||
db.commit(); | db.commit(); | ||||
return dto; | return dto; | ||||
} | } | ||||
private UserPermissionDto addProjectPermission(OrganizationDto org, String permission, UserDto user, ComponentDto project) { | |||||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), org.getUuid(), permission, user.getUuid(), project.uuid()); | |||||
underTest.insert(dbSession, dto); | |||||
private UserPermissionDto addProjectPermission(String permission, UserDto user, ComponentDto project) { | |||||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), project.uuid()); | |||||
underTest.insert(dbSession, dto, db.getDefaultOrganization().getUuid()); | |||||
db.commit(); | db.commit(); | ||||
return dto; | return dto; | ||||
} | } | ||||
assertThat(db.countSql(dbSession, "select count(uuid) from user_roles where component_uuid='" + project.uuid() + "'")).isEqualTo(0); | assertThat(db.countSql(dbSession, "select count(uuid) from user_roles where component_uuid='" + project.uuid() + "'")).isEqualTo(0); | ||||
} | } | ||||
private void assertOrgPermissionsOfUser(UserDto user, OrganizationDto organization, OrganizationPermission... permissions) { | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid(), organization.getUuid()).stream() | |||||
private void assertGlobalPermissionsOfUser(UserDto user, OrganizationPermission... permissions) { | |||||
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid()).stream() | |||||
.map(OrganizationPermission::fromKey)) | .map(OrganizationPermission::fromKey)) | ||||
.containsOnly(permissions); | |||||
.containsOnly(permissions); | |||||
} | } | ||||
private void assertProjectPermissionsOfUser(UserDto user, ComponentDto project, String... permissions) { | private void assertProjectPermissionsOfUser(UserDto user, ComponentDto project, String... permissions) { |
import org.sonar.api.web.UserRole; | import org.sonar.api.web.UserRole; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.PermissionQuery; | import org.sonar.db.permission.PermissionQuery; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
@Test | @Test | ||||
public void select_group_names_by_query_and_template() { | public void select_group_names_by_query_and_template() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto group1 = db.users().insertGroup(organization, "Group-1"); | |||||
GroupDto group2 = db.users().insertGroup(organization, "Group-2"); | |||||
GroupDto group3 = db.users().insertGroup(organization, "Group-3"); | |||||
GroupDto group1 = db.users().insertGroup("Group-1"); | |||||
GroupDto group2 = db.users().insertGroup("Group-2"); | |||||
GroupDto group3 = db.users().insertGroup("Group-3"); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER); | permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER); | ||||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN); | permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN); | ||||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING); | permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING); | ||||
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate(organization); | |||||
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate(); | |||||
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER); | permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER); | ||||
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING); | permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING); | ||||
assertThat(selectGroupNamesByQueryAndTemplate(builder(), organization, template)) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder(), template)) | |||||
.containsOnly("Group-1", "Group-2", "Group-3", "Anyone"); | .containsOnly("Group-1", "Group-2", "Group-3", "Anyone"); | ||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission(), organization, template)) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission(), template)) | |||||
.containsOnly("Group-1", "Group-2"); | .containsOnly("Group-1", "Group-2"); | ||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPermission(USER), organization, template)) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPermission(USER), template)) | |||||
.containsOnly("Group-1"); | .containsOnly("Group-1"); | ||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPermission(USER), organization, anotherTemplate)) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPermission(USER), anotherTemplate)) | |||||
.containsOnly("Anyone"); | .containsOnly("Anyone"); | ||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("groU"), organization, template)) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("groU"), template)) | |||||
.containsOnly("Group-1", "Group-2", "Group-3"); | .containsOnly("Group-1", "Group-2", "Group-3"); | ||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("nYo"), organization, template)) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("nYo"), template)) | |||||
.containsOnly("Anyone"); | .containsOnly("Anyone"); | ||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("p-2"), organization, template)) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("p-2"), template)) | |||||
.containsOnly("Group-2"); | .containsOnly("Group-2"); | ||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().build(), organization, "123")) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission().build(), "123")) | |||||
.isEmpty(); | .isEmpty(); | ||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("unknown"), organization, template)) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("unknown"), template)) | |||||
.isEmpty(); | .isEmpty(); | ||||
} | } | ||||
@Test | @Test | ||||
public void selectGroupNamesByQueryAndTemplate_is_ordering_results_by_groups_with_permission_then_by_name() { | public void selectGroupNamesByQueryAndTemplate_is_ordering_results_by_groups_with_permission_then_by_name() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||||
GroupDto group1 = db.users().insertGroup(organization, "A"); | |||||
GroupDto group2 = db.users().insertGroup(organization, "B"); | |||||
GroupDto group3 = db.users().insertGroup(organization, "C"); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||||
GroupDto group1 = db.users().insertGroup("A"); | |||||
GroupDto group2 = db.users().insertGroup("B"); | |||||
GroupDto group3 = db.users().insertGroup("C"); | |||||
permissionTemplateDbTester.addGroupToTemplate(template, group3, UserRole.USER); | permissionTemplateDbTester.addGroupToTemplate(template, group3, UserRole.USER); | ||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||||
PermissionQuery query = PermissionQuery.builder().build(); | |||||
assertThat(underTest.selectGroupNamesByQueryAndTemplate(db.getSession(), query, template.getUuid())) | assertThat(underTest.selectGroupNamesByQueryAndTemplate(db.getSession(), query, template.getUuid())) | ||||
.containsExactly("Anyone", group3.getName(), group1.getName(), group2.getName()); | .containsExactly("Anyone", group3.getName(), group1.getName(), group2.getName()); | ||||
} | } | ||||
@Test | @Test | ||||
public void selectGroupNamesByQueryAndTemplate_is_order_by_groups_with_permission_then_by_name_when_many_groups() { | public void selectGroupNamesByQueryAndTemplate_is_order_by_groups_with_permission_then_by_name_when_many_groups() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||||
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | ||||
db.users().insertGroup(organization, "Group-" + i); | |||||
db.users().insertGroup("Group-" + i); | |||||
}); | }); | ||||
String lastGroupName = "Group-" + (DEFAULT_PAGE_SIZE + 1); | String lastGroupName = "Group-" + (DEFAULT_PAGE_SIZE + 1); | ||||
permissionTemplateDbTester.addGroupToTemplate(template, db.users().selectGroup(organization, lastGroupName).get(), UserRole.USER); | |||||
permissionTemplateDbTester.addGroupToTemplate(template, db.users().selectGroup(lastGroupName).get(), UserRole.USER); | |||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||||
PermissionQuery query = PermissionQuery.builder().build(); | |||||
assertThat(underTest.selectGroupNamesByQueryAndTemplate(db.getSession(), query, template.getUuid())) | assertThat(underTest.selectGroupNamesByQueryAndTemplate(db.getSession(), query, template.getUuid())) | ||||
.hasSize(DEFAULT_PAGE_SIZE) | .hasSize(DEFAULT_PAGE_SIZE) | ||||
.startsWith("Anyone", lastGroupName, "Group-1"); | .startsWith("Anyone", lastGroupName, "Group-1"); | ||||
@Test | @Test | ||||
public void selectGroupNamesByQueryAndTemplate_ignores_other_template_and_is_ordered_by_groups_with_permission_then_by_name_when_many_groups() { | public void selectGroupNamesByQueryAndTemplate_ignores_other_template_and_is_ordered_by_groups_with_permission_then_by_name_when_many_groups() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||||
PermissionTemplateDto otherTemplate = permissionTemplateDbTester.insertTemplate(organization); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||||
PermissionTemplateDto otherTemplate = permissionTemplateDbTester.insertTemplate(); | |||||
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | ||||
GroupDto group = db.users().insertGroup(organization, "Group-" + i); | |||||
GroupDto group = db.users().insertGroup("Group-" + i); | |||||
permissionTemplateDbTester.addGroupToTemplate(otherTemplate, group, UserRole.USER); | permissionTemplateDbTester.addGroupToTemplate(otherTemplate, group, UserRole.USER); | ||||
}); | }); | ||||
String lastGroupName = "Group-" + (DEFAULT_PAGE_SIZE + 1); | String lastGroupName = "Group-" + (DEFAULT_PAGE_SIZE + 1); | ||||
permissionTemplateDbTester.addGroupToTemplate(template, db.users().selectGroup(organization, lastGroupName).get(), UserRole.USER); | |||||
permissionTemplateDbTester.addGroupToTemplate(template, db.users().selectGroup(lastGroupName).get(), UserRole.USER); | |||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||||
PermissionQuery query = PermissionQuery.builder().build(); | |||||
assertThat(underTest.selectGroupNamesByQueryAndTemplate(db.getSession(), query, template.getUuid())) | assertThat(underTest.selectGroupNamesByQueryAndTemplate(db.getSession(), query, template.getUuid())) | ||||
.hasSize(DEFAULT_PAGE_SIZE) | .hasSize(DEFAULT_PAGE_SIZE) | ||||
.startsWith("Anyone", lastGroupName, "Group-1"); | .startsWith("Anyone", lastGroupName, "Group-1"); | ||||
@Test | @Test | ||||
public void select_group_names_by_query_and_template_is_paginated() { | public void select_group_names_by_query_and_template_is_paginated() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
IntStream.rangeClosed(0, 9).forEach(i -> db.users().insertGroup(organization, i + "-name")); | |||||
IntStream.rangeClosed(0, 9).forEach(i -> db.users().insertGroup(i + "-name")); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPageIndex(1).setPageSize(1), organization, template)) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPageIndex(1).setPageSize(1), template)) | |||||
.containsExactly("0-name"); | .containsExactly("0-name"); | ||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPageIndex(2).setPageSize(3), organization, template)) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setPageIndex(2).setPageSize(3), template)) | |||||
.containsExactly("3-name", "4-name", "5-name"); | .containsExactly("3-name", "4-name", "5-name"); | ||||
} | } | ||||
@Test | @Test | ||||
public void select_group_names_by_query_and_template_returns_anyone() { | public void select_group_names_by_query_and_template_returns_anyone() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||||
GroupDto group = db.users().insertGroup(organization, "Group"); | |||||
PermissionTemplateDto otherTemplate = permissionTemplateDbTester.insertTemplate(organization); | |||||
GroupDto group = db.users().insertGroup("Group"); | |||||
PermissionTemplateDto otherTemplate = permissionTemplateDbTester.insertTemplate(); | |||||
permissionTemplateDbTester.addGroupToTemplate(otherTemplate.getUuid(), group.getUuid(), USER); | permissionTemplateDbTester.addGroupToTemplate(otherTemplate.getUuid(), group.getUuid(), USER); | ||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("nyo"), organization, template)) | |||||
assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("nyo"), template)) | |||||
.containsExactly("Anyone"); | .containsExactly("Anyone"); | ||||
} | } | ||||
@Test | @Test | ||||
public void count_group_names_by_query_and_template() { | public void count_group_names_by_query_and_template() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto group1 = db.users().insertGroup(organization, "Group-1"); | |||||
GroupDto group2 = db.users().insertGroup(organization, "Group-2"); | |||||
GroupDto group3 = db.users().insertGroup(organization, "Group-3"); | |||||
GroupDto group1 = db.users().insertGroup("Group-1"); | |||||
GroupDto group2 = db.users().insertGroup("Group-2"); | |||||
GroupDto group3 = db.users().insertGroup("Group-3"); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(organization); | |||||
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate(); | |||||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER); | permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER); | ||||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN); | permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN); | ||||
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING); | permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING); | ||||
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate(organization); | |||||
PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate(); | |||||
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER); | permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER); | ||||
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING); | permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING); | ||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()), organization, template)) | |||||
assertThat(countGroupNamesByQueryAndTemplate(builder(), template)) | |||||
.isEqualTo(4); | .isEqualTo(4); | ||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission(), organization, template)) | |||||
assertThat(countGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission(), template)) | |||||
.isEqualTo(2); | .isEqualTo(2); | ||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setPermission(USER), organization, template)).isEqualTo(1); | |||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setPermission(USER), organization, anotherTemplate)) | |||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setPermission(USER), template)).isEqualTo(1); | |||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setPermission(USER), anotherTemplate)) | |||||
.isEqualTo(1); | .isEqualTo(1); | ||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("groU"), organization, template)) | |||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("groU"), template)) | |||||
.isEqualTo(3); | .isEqualTo(3); | ||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("nYo"), organization, template)) | |||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("nYo"), template)) | |||||
.isEqualTo(1); | .isEqualTo(1); | ||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("p-2"), organization, template)) | |||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("p-2"), template)) | |||||
.isEqualTo(1); | .isEqualTo(1); | ||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().build(), organization, "123")) | |||||
assertThat(countGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission().build(), "123")) | |||||
.isZero(); | .isZero(); | ||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("unknown"), organization, template)) | |||||
assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("unknown"), template)) | |||||
.isZero(); | .isZero(); | ||||
} | } | ||||
assertThat(underTest.selectGroupPermissionsByTemplateUuid(session, "321")).isEmpty(); | assertThat(underTest.selectGroupPermissionsByTemplateUuid(session, "321")).isEmpty(); | ||||
} | } | ||||
private List<String> selectGroupNamesByQueryAndTemplate(PermissionQuery.Builder queryBuilder, OrganizationDto organization, PermissionTemplateDto permissionTemplateDto) { | |||||
return selectGroupNamesByQueryAndTemplate(queryBuilder.setOrganizationUuid(organization.getUuid()).build(), organization, permissionTemplateDto.getUuid()); | |||||
private List<String> selectGroupNamesByQueryAndTemplate(PermissionQuery.Builder queryBuilder, PermissionTemplateDto permissionTemplateDto) { | |||||
return selectGroupNamesByQueryAndTemplate(queryBuilder.build(), permissionTemplateDto.getUuid()); | |||||
} | } | ||||
private List<String> selectGroupNamesByQueryAndTemplate(PermissionQuery query, OrganizationDto organization, String templateUuid) { | |||||
private List<String> selectGroupNamesByQueryAndTemplate(PermissionQuery query, String templateUuid) { | |||||
return underTest.selectGroupNamesByQueryAndTemplate(session, query, templateUuid); | return underTest.selectGroupNamesByQueryAndTemplate(session, query, templateUuid); | ||||
} | } | ||||
private int countGroupNamesByQueryAndTemplate(PermissionQuery.Builder queryBuilder, OrganizationDto organization, PermissionTemplateDto permissionTemplateDto) { | |||||
return countGroupNamesByQueryAndTemplate(queryBuilder.build(), organization, permissionTemplateDto.getUuid()); | |||||
private int countGroupNamesByQueryAndTemplate(PermissionQuery.Builder queryBuilder, PermissionTemplateDto permissionTemplateDto) { | |||||
return countGroupNamesByQueryAndTemplate(queryBuilder.build(), permissionTemplateDto.getUuid()); | |||||
} | } | ||||
private int countGroupNamesByQueryAndTemplate(PermissionQuery query, OrganizationDto organization, String templateUuid) { | |||||
return underTest.countGroupNamesByQueryAndTemplate(session, query, organization.getUuid(), templateUuid); | |||||
private int countGroupNamesByQueryAndTemplate(PermissionQuery query, String templateUuid) { | |||||
return underTest.countGroupNamesByQueryAndTemplate(session, query, templateUuid); | |||||
} | } | ||||
} | } |
@Test | @Test | ||||
public void create_permission_template() { | public void create_permission_template() { | ||||
PermissionTemplateDto permissionTemplate = underTest.insert(db.getSession(), newPermissionTemplateDto() | PermissionTemplateDto permissionTemplate = underTest.insert(db.getSession(), newPermissionTemplateDto() | ||||
.setOrganizationUuid(db.getDefaultOrganization().getUuid()) | |||||
.setUuid("ABCD") | .setUuid("ABCD") | ||||
.setName("my template") | .setName("my template") | ||||
.setDescription("my description") | .setDescription("my description") | ||||
.setKeyPattern("myregexp") | .setKeyPattern("myregexp") | ||||
.setOrganizationUuid("org") | |||||
.setCreatedAt(PAST) | .setCreatedAt(PAST) | ||||
.setUpdatedAt(NOW)); | .setUpdatedAt(NOW)); | ||||
db.commit(); | db.commit(); | ||||
assertThat(underTest.selectByUuid(db.getSession(), permissionTemplate.getUuid())) | assertThat(underTest.selectByUuid(db.getSession(), permissionTemplate.getUuid())) | ||||
.extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription, PermissionTemplateDto::getKeyPattern, | .extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription, PermissionTemplateDto::getKeyPattern, | ||||
PermissionTemplateDto::getOrganizationUuid, PermissionTemplateDto::getCreatedAt, PermissionTemplateDto::getUpdatedAt) | |||||
.containsOnly("ABCD", "my template", "my description", "myregexp", "org", PAST, NOW); | |||||
PermissionTemplateDto::getCreatedAt, PermissionTemplateDto::getUpdatedAt) | |||||
.containsOnly("ABCD", "my template", "my description", "myregexp", PAST, NOW); | |||||
} | } | ||||
@Test | @Test | ||||
.setUuid("ABCD") | .setUuid("ABCD") | ||||
.setName("my template") | .setName("my template") | ||||
.setDescription("my description") | .setDescription("my description") | ||||
.setKeyPattern("myregexp") | |||||
.setOrganizationUuid("org")); | |||||
.setKeyPattern("myregexp")); | |||||
assertThat(underTest.selectByUuid(db.getSession(), "ABCD")) | assertThat(underTest.selectByUuid(db.getSession(), "ABCD")) | ||||
.extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription, PermissionTemplateDto::getKeyPattern, | |||||
PermissionTemplateDto::getOrganizationUuid) | |||||
.containsOnly("ABCD", "my template", "my description", "myregexp", "org"); | |||||
.extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription, PermissionTemplateDto::getKeyPattern) | |||||
.containsOnly("ABCD", "my template", "my description", "myregexp"); | |||||
} | } | ||||
@Test | @Test | ||||
templateDb.insertTemplate(newPermissionTemplateDto() | templateDb.insertTemplate(newPermissionTemplateDto() | ||||
.setUuid("tpl1") | .setUuid("tpl1") | ||||
.setName("template1") | .setName("template1") | ||||
.setDescription("description1") | |||||
.setOrganizationUuid("org")); | |||||
.setDescription("description1")); | |||||
templateDb.insertTemplate(newPermissionTemplateDto() | templateDb.insertTemplate(newPermissionTemplateDto() | ||||
.setUuid("tpl2") | .setUuid("tpl2") | ||||
.setName("template2") | .setName("template2") | ||||
.setDescription("description2") | |||||
.setOrganizationUuid("org")); | |||||
.setDescription("description2")); | |||||
templateDb.insertTemplate(newPermissionTemplateDto() | templateDb.insertTemplate(newPermissionTemplateDto() | ||||
.setUuid("tpl3") | .setUuid("tpl3") | ||||
.setName("template3") | .setName("template3") | ||||
.setDescription("description3") | |||||
.setOrganizationUuid("org")); | |||||
.setDescription("description3")); | |||||
assertThat(underTest.selectAll(dbSession, "org", null)) | |||||
assertThat(underTest.selectAll(dbSession, null)) | |||||
.extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription) | .extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription) | ||||
.containsOnly( | .containsOnly( | ||||
tuple("tpl1", "template1", "description1"), | tuple("tpl1", "template1", "description1"), | ||||
tuple("tpl2", "template2", "description2"), | tuple("tpl2", "template2", "description2"), | ||||
tuple("tpl3", "template3", "description3")); | tuple("tpl3", "template3", "description3")); | ||||
assertThat(underTest.selectAll(dbSession, "missingOrg", null)).isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
public void selectAll_with_name_filtering() { | public void selectAll_with_name_filtering() { | ||||
PermissionTemplateDto t1InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("aBcDeF").setOrganizationUuid("org1")); | |||||
PermissionTemplateDto t2InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("cdefgh").setOrganizationUuid("org1")); | |||||
PermissionTemplateDto t3InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("hijkl").setOrganizationUuid("org2")); | |||||
PermissionTemplateDto t4InOrg2 = templateDb.insertTemplate(newPermissionTemplateDto().setName("cdefgh").setOrganizationUuid("org2")); | |||||
PermissionTemplateDto t1InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("aBcDeF")); | |||||
PermissionTemplateDto t2InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("cdefgh")); | |||||
PermissionTemplateDto t3InOrg1 = templateDb.insertTemplate(newPermissionTemplateDto().setName("hijkl")); | |||||
assertThat(underTest.selectAll(dbSession, "org1", "def")).extracting(PermissionTemplateDto::getUuid).containsExactly(t1InOrg1.getUuid(), t2InOrg1.getUuid()); | |||||
assertThat(underTest.selectAll(dbSession, "org1", "missing")).isEmpty(); | |||||
assertThat(underTest.selectAll(dbSession, "def")).extracting(PermissionTemplateDto::getUuid).containsExactly(t1InOrg1.getUuid(), t2InOrg1.getUuid()); | |||||
assertThat(underTest.selectAll(dbSession, "missing")).isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
.setName("name") | .setName("name") | ||||
.setDescription("description") | .setDescription("description") | ||||
.setKeyPattern("regexp") | .setKeyPattern("regexp") | ||||
.setOrganizationUuid("org") | |||||
.setCreatedAt(PAST) | .setCreatedAt(PAST) | ||||
.setUpdatedAt(PAST)); | .setUpdatedAt(PAST)); | ||||
.setUpdatedAt(NOW) | .setUpdatedAt(NOW) | ||||
// Invariant fields, should not be updated | // Invariant fields, should not be updated | ||||
.setUuid("ABCD") | .setUuid("ABCD") | ||||
.setOrganizationUuid("new org") | |||||
.setCreatedAt(NOW)); | .setCreatedAt(NOW)); | ||||
db.commit(); | db.commit(); | ||||
assertThat(underTest.selectByUuid(db.getSession(), "ABCD")) | assertThat(underTest.selectByUuid(db.getSession(), "ABCD")) | ||||
.extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription, PermissionTemplateDto::getKeyPattern, | .extracting(PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription, PermissionTemplateDto::getKeyPattern, | ||||
PermissionTemplateDto::getOrganizationUuid, PermissionTemplateDto::getCreatedAt, PermissionTemplateDto::getUpdatedAt) | |||||
.containsOnly("ABCD", "new_name", "new_description", "new_regexp", "org", PAST, NOW); | |||||
PermissionTemplateDto::getCreatedAt, PermissionTemplateDto::getUpdatedAt) | |||||
.containsOnly("ABCD", "new_name", "new_description", "new_regexp", PAST, NOW); | |||||
} | } | ||||
@Test | @Test | ||||
UserDto user2 = db.users().insertUser(); | UserDto user2 = db.users().insertUser(); | ||||
GroupDto group1 = db.users().insertGroup(); | GroupDto group1 = db.users().insertGroup(); | ||||
GroupDto group2 = db.users().insertGroup(); | GroupDto group2 = db.users().insertGroup(); | ||||
PermissionTemplateDto permissionTemplate1 = templateDb.insertTemplate(db.getDefaultOrganization()); | |||||
PermissionTemplateDto permissionTemplate2 = templateDb.insertTemplate(db.getDefaultOrganization()); | |||||
PermissionTemplateDto permissionTemplate1 = templateDb.insertTemplate(); | |||||
PermissionTemplateDto permissionTemplate2 = templateDb.insertTemplate(); | |||||
templateDb.addUserToTemplate(permissionTemplate1, user1, "user"); | templateDb.addUserToTemplate(permissionTemplate1, user1, "user"); | ||||
templateDb.addUserToTemplate(permissionTemplate1, user2, "user"); | templateDb.addUserToTemplate(permissionTemplate1, user2, "user"); | ||||
templateDb.addUserToTemplate(permissionTemplate1, user2, "admin"); | templateDb.addUserToTemplate(permissionTemplate1, user2, "admin"); | ||||
underTest.deleteByUuid(dbSession, permissionTemplate1.getUuid()); | underTest.deleteByUuid(dbSession, permissionTemplate1.getUuid()); | ||||
dbSession.commit(); | dbSession.commit(); | ||||
assertThat(underTest.selectAll(db.getSession(), db.getDefaultOrganization().getUuid(), null)) | |||||
assertThat(underTest.selectAll(db.getSession(), null)) | |||||
.extracting(PermissionTemplateDto::getUuid) | .extracting(PermissionTemplateDto::getUuid) | ||||
.containsOnly(permissionTemplate2.getUuid()); | .containsOnly(permissionTemplate2.getUuid()); | ||||
assertThat(db.getDbClient().permissionTemplateDao().selectUserPermissionsByTemplateId(db.getSession(), permissionTemplate1.getUuid())).isEmpty(); | assertThat(db.getDbClient().permissionTemplateDao().selectUserPermissionsByTemplateId(db.getSession(), permissionTemplate1.getUuid())).isEmpty(); | ||||
@Test | @Test | ||||
public void add_user_permission_to_template() { | public void add_user_permission_to_template() { | ||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
underTest.insertUserPermission(dbSession, permissionTemplate.getUuid(), user.getUuid(), "user"); | underTest.insertUserPermission(dbSession, permissionTemplate.getUuid(), user.getUuid(), "user"); | ||||
@Test | @Test | ||||
public void remove_user_permission_from_template() { | public void remove_user_permission_from_template() { | ||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||||
UserDto user1 = db.users().insertUser(); | UserDto user1 = db.users().insertUser(); | ||||
UserDto user2 = db.users().insertUser(); | UserDto user2 = db.users().insertUser(); | ||||
templateDb.addUserToTemplate(permissionTemplate, user1, "user"); | templateDb.addUserToTemplate(permissionTemplate, user1, "user"); | ||||
@Test | @Test | ||||
public void add_group_permission_to_template() { | public void add_group_permission_to_template() { | ||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||||
GroupDto group = db.users().insertGroup(); | GroupDto group = db.users().insertGroup(); | ||||
underTest.insertGroupPermission(dbSession, permissionTemplate.getUuid(), group.getUuid(), "user"); | underTest.insertGroupPermission(dbSession, permissionTemplate.getUuid(), group.getUuid(), "user"); | ||||
@Test | @Test | ||||
public void remove_by_group() { | public void remove_by_group() { | ||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||||
GroupDto group1 = db.users().insertGroup(); | GroupDto group1 = db.users().insertGroup(); | ||||
GroupDto group2 = db.users().insertGroup(); | GroupDto group2 = db.users().insertGroup(); | ||||
templateDb.addGroupToTemplate(permissionTemplate, group1, "user"); | templateDb.addGroupToTemplate(permissionTemplate, group1, "user"); | ||||
@Test | @Test | ||||
public void add_group_permission_to_anyone() { | public void add_group_permission_to_anyone() { | ||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||||
underTest.insertGroupPermission(dbSession, permissionTemplate.getUuid(), null, "user"); | underTest.insertGroupPermission(dbSession, permissionTemplate.getUuid(), null, "user"); | ||||
dbSession.commit(); | dbSession.commit(); | ||||
@Test | @Test | ||||
public void selectAllGroupPermissionTemplatesByGroupUuid() { | public void selectAllGroupPermissionTemplatesByGroupUuid() { | ||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(db.getDefaultOrganization()); | |||||
PermissionTemplateDto permissionTemplate = templateDb.insertTemplate(); | |||||
GroupDto group1 = db.users().insertGroup(); | GroupDto group1 = db.users().insertGroup(); | ||||
GroupDto group2 = db.users().insertGroup(); | GroupDto group2 = db.users().insertGroup(); | ||||
templateDb.addGroupToTemplate(permissionTemplate, group1, "user"); | templateDb.addGroupToTemplate(permissionTemplate, group1, "user"); | ||||
.containsOnly(tuple(group1.getUuid(), "user"), tuple(group1.getUuid(), "admin")); | .containsOnly(tuple(group1.getUuid(), "user"), tuple(group1.getUuid(), "admin")); | ||||
} | } | ||||
@Test | |||||
public void deleteByOrganization_does_not_fail_on_empty_db() { | |||||
underTest.deleteByOrganization(dbSession, "some uuid"); | |||||
dbSession.commit(); | |||||
} | |||||
@Test | |||||
public void deleteByOrganization_does_not_fail_when_organization_has_no_template() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
underTest.deleteByOrganization(dbSession, organization.getUuid()); | |||||
dbSession.commit(); | |||||
} | |||||
@Test | |||||
public void deleteByOrganization_delete_all_templates_of_organization_and_content_of_child_tables() { | |||||
OrganizationDto organization1 = db.organizations().insert(); | |||||
OrganizationDto organization2 = db.organizations().insert(); | |||||
OrganizationDto organization3 = db.organizations().insert(); | |||||
PermissionTemplateDto[] templates = { | |||||
createTemplate(organization1), | |||||
createTemplate(organization2), | |||||
createTemplate(organization3), | |||||
createTemplate(organization1), | |||||
createTemplate(organization2) | |||||
}; | |||||
verifyTemplateUuidsInDb(templates[0].getUuid(), templates[1].getUuid(), templates[2].getUuid(), templates[3].getUuid(), templates[4].getUuid()); | |||||
underTest.deleteByOrganization(dbSession, organization2.getUuid()); | |||||
dbSession.commit(); | |||||
verifyTemplateUuidsInDb(templates[0].getUuid(), templates[2].getUuid(), templates[3].getUuid()); | |||||
underTest.deleteByOrganization(dbSession, organization3.getUuid()); | |||||
dbSession.commit(); | |||||
verifyTemplateUuidsInDb(templates[0].getUuid(), templates[3].getUuid()); | |||||
underTest.deleteByOrganization(dbSession, organization1.getUuid()); | |||||
dbSession.commit(); | |||||
verifyTemplateUuidsInDb(); | |||||
} | |||||
@Test | |||||
public void delete_user_permissions_by_organization() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||||
UserDto user = db.users().insertUser(); | |||||
UserDto anotherUser = db.users().insertUser(); | |||||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(organization); | |||||
PermissionTemplateDto anotherTemplate = db.permissionTemplates().insertTemplate(anotherOrganization); | |||||
String permission = "PERMISSION"; | |||||
db.permissionTemplates().addUserToTemplate(template.getUuid(), user.getUuid(), permission); | |||||
db.permissionTemplates().addUserToTemplate(template.getUuid(), anotherUser.getUuid(), permission); | |||||
db.permissionTemplates().addUserToTemplate(anotherTemplate.getUuid(), user.getUuid(), permission); | |||||
underTest.deleteUserPermissionsByOrganization(dbSession, organization.getUuid(), user.getUuid()); | |||||
assertThat(underTest.selectUserPermissionsByTemplateId(dbSession, template.getUuid())).extracting(PermissionTemplateUserDto::getUserUuid).containsOnly(anotherUser.getUuid()); | |||||
assertThat(underTest.selectUserPermissionsByTemplateId(dbSession, anotherTemplate.getUuid())).extracting(PermissionTemplateUserDto::getUserUuid).containsOnly(user.getUuid()); | |||||
} | |||||
@Test | @Test | ||||
public void delete_user_permissions_by_user_uuid() { | public void delete_user_permissions_by_user_uuid() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
UserDto anotherUser = db.users().insertUser(); | UserDto anotherUser = db.users().insertUser(); | ||||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(organization); | |||||
PermissionTemplateDto anotherTemplate = db.permissionTemplates().insertTemplate(anotherOrganization); | |||||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(); | |||||
String permission = "PERMISSION"; | String permission = "PERMISSION"; | ||||
db.permissionTemplates().addUserToTemplate(template.getUuid(), user.getUuid(), permission); | db.permissionTemplates().addUserToTemplate(template.getUuid(), user.getUuid(), permission); | ||||
db.permissionTemplates().addUserToTemplate(template.getUuid(), anotherUser.getUuid(), permission); | db.permissionTemplates().addUserToTemplate(template.getUuid(), anotherUser.getUuid(), permission); | ||||
db.permissionTemplates().addUserToTemplate(anotherTemplate.getUuid(), user.getUuid(), permission); | |||||
underTest.deleteUserPermissionsByUserUuid(dbSession, user.getUuid()); | underTest.deleteUserPermissionsByUserUuid(dbSession, user.getUuid()); | ||||
db.commit(); | db.commit(); | ||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
GroupDto group = db.users().insertGroup(); | GroupDto group = db.users().insertGroup(); | ||||
db.users().insertMember(group, user); | db.users().insertMember(group, user); | ||||
PermissionTemplateDto template = templateDb.insertTemplate(organization); | |||||
PermissionTemplateDto template = templateDb.insertTemplate(); | |||||
templateDb.addProjectCreatorToTemplate(template.getUuid(), SCAN_EXECUTION); | templateDb.addProjectCreatorToTemplate(template.getUuid(), SCAN_EXECUTION); | ||||
templateDb.addProjectCreatorToTemplate(template.getUuid(), UserRole.ADMIN); | templateDb.addProjectCreatorToTemplate(template.getUuid(), UserRole.ADMIN); | ||||
templateDb.addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.USER); | templateDb.addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.USER); | ||||
templateDb.addGroupToTemplate(template.getUuid(), null, UserRole.ISSUE_ADMIN); | templateDb.addGroupToTemplate(template.getUuid(), null, UserRole.ISSUE_ADMIN); | ||||
return template; | return template; | ||||
} | } | ||||
private void verifyTemplateUuidsInDb(String... expectedTemplateUuids) { | |||||
assertThat(db.select("select distinct template_uuid as \"templateUuid\" from perm_templates_groups")) | |||||
.extracting((row) -> (String) row.get("templateUuid")) | |||||
.containsOnly(expectedTemplateUuids); | |||||
assertThat(db.select("select distinct template_uuid as \"templateUuid\" from perm_templates_users")) | |||||
.extracting((row) -> (String) row.get("templateUuid")) | |||||
.containsOnly(expectedTemplateUuids); | |||||
assertThat(db.select("select distinct template_uuid as \"templateUuid\" from perm_tpl_characteristics")) | |||||
.extracting((row) -> (String) row.get("templateUuid")) | |||||
.containsOnly(expectedTemplateUuids); | |||||
assertThat(db.select("select distinct uuid as \"templateUuid\" from permission_templates")) | |||||
.extracting((row) -> (String) row.get("templateUuid")) | |||||
.containsOnly(expectedTemplateUuids); | |||||
} | |||||
} | } |
PermissionTemplateDto anotherPermissionTemplate = db.permissionTemplates().insertTemplate(); | PermissionTemplateDto anotherPermissionTemplate = db.permissionTemplates().insertTemplate(); | ||||
db.permissionTemplates().addUserToTemplate(anotherPermissionTemplate, user1, USER); | db.permissionTemplates().addUserToTemplate(anotherPermissionTemplate, user1, USER); | ||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | |||||
builder().setOrganizationUuid(organization.getUuid()).build(), | |||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, builder().build(), | |||||
permissionTemplate.getUuid())) | permissionTemplate.getUuid())) | ||||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin(), user3.getLogin()); | |||||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin(), user3.getLogin()); | |||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | ||||
builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setPermission(USER).build(), | |||||
builder().withAtLeastOnePermission().setPermission(USER).build(), | |||||
permissionTemplate.getUuid())) | permissionTemplate.getUuid())) | ||||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||||
} | } | ||||
@Test | @Test | ||||
db.permissionTemplates().addUserToTemplate(permissionTemplate, user, USER); | db.permissionTemplates().addUserToTemplate(permissionTemplate, user, USER); | ||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | ||||
builder().setOrganizationUuid(organization.getUuid()).setPermission(USER).withAtLeastOnePermission().build(), "999")) | |||||
.isEmpty(); | |||||
builder().setPermission(USER).withAtLeastOnePermission().build(), "999")) | |||||
.isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
db.permissionTemplates().addUserToTemplate(anotherPermissionTemplate, user1, USER); | db.permissionTemplates().addUserToTemplate(anotherPermissionTemplate, user1, USER); | ||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | ||||
builder().setOrganizationUuid(organization.getUuid()).setPermission(USER).withAtLeastOnePermission().build(), | |||||
builder().setPermission(USER).withAtLeastOnePermission().build(), | |||||
permissionTemplate.getUuid())) | permissionTemplate.getUuid())) | ||||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||||
} | } | ||||
@Test | @Test | ||||
db.permissionTemplates().addUserToTemplate(permissionTemplate, disabledUser, USER); | db.permissionTemplates().addUserToTemplate(permissionTemplate, disabledUser, USER); | ||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | ||||
builder().setOrganizationUuid(organization.getUuid()).setPermission(USER).build(), permissionTemplate.getUuid())) | |||||
.containsExactlyInAnyOrder(user.getLogin()); | |||||
builder().setPermission(USER).build(), permissionTemplate.getUuid())) | |||||
.containsExactlyInAnyOrder(user.getLogin()); | |||||
} | } | ||||
@Test | @Test | ||||
db.permissionTemplates().addUserToTemplate(permissionTemplate, user2, USER); | db.permissionTemplates().addUserToTemplate(permissionTemplate, user2, USER); | ||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate( | assertThat(underTest.selectUserLoginsByQueryAndTemplate( | ||||
dbSession, builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setPermission(USER).setSearchQuery("SEr1").build(), | |||||
dbSession, builder().withAtLeastOnePermission().setPermission(USER).setSearchQuery("SEr1").build(), | |||||
permissionTemplate.getUuid())) | permissionTemplate.getUuid())) | ||||
.containsExactlyInAnyOrder(user1.getLogin()); | |||||
.containsExactlyInAnyOrder(user1.getLogin()); | |||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate( | assertThat(underTest.selectUserLoginsByQueryAndTemplate( | ||||
dbSession, builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setPermission(USER).setSearchQuery("user").build(), | |||||
dbSession, builder().withAtLeastOnePermission().setPermission(USER).setSearchQuery("user").build(), | |||||
permissionTemplate.getUuid())) | permissionTemplate.getUuid())) | ||||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||||
} | } | ||||
@Test | @Test | ||||
public void selectUserLoginsByQueryAndTemplate_is_ordering_result_by_users_with_permissions_then_by_name() { | public void selectUserLoginsByQueryAndTemplate_is_ordering_result_by_users_with_permissions_then_by_name() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(organization); | |||||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(); | |||||
UserDto user1 = db.users().insertUser(u -> u.setName("A")); | UserDto user1 = db.users().insertUser(u -> u.setName("A")); | ||||
UserDto user2 = db.users().insertUser(u -> u.setName("B")); | UserDto user2 = db.users().insertUser(u -> u.setName("B")); | ||||
UserDto user3 = db.users().insertUser(u -> u.setName("C")); | UserDto user3 = db.users().insertUser(u -> u.setName("C")); | ||||
db.organizations().addMember(organization, user1, user2, user3); | |||||
//db.organizations().addMember(organization, user1, user2, user3); | |||||
db.permissionTemplates().addUserToTemplate(template.getUuid(), user3.getUuid(), UserRole.USER); | db.permissionTemplates().addUserToTemplate(template.getUuid(), user3.getUuid(), UserRole.USER); | ||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||||
PermissionQuery query = PermissionQuery.builder().build(); | |||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(db.getSession(), query, template.getUuid())) | assertThat(underTest.selectUserLoginsByQueryAndTemplate(db.getSession(), query, template.getUuid())) | ||||
.containsExactly(user3.getLogin(), user1.getLogin(), user2.getLogin()); | .containsExactly(user3.getLogin(), user1.getLogin(), user2.getLogin()); | ||||
} | } | ||||
@Test | @Test | ||||
public void selectUserLoginsByQueryAndTemplate_is_order_by_groups_with_permission_when_many_users() { | public void selectUserLoginsByQueryAndTemplate_is_order_by_groups_with_permission_when_many_users() { | ||||
OrganizationDto organization = db.organizations().insert(); | OrganizationDto organization = db.organizations().insert(); | ||||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(organization); | |||||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(); | |||||
// Add another template having some users with permission to make sure it's correctly ignored | // Add another template having some users with permission to make sure it's correctly ignored | ||||
PermissionTemplateDto otherTemplate = db.permissionTemplates().insertTemplate(organization); | |||||
PermissionTemplateDto otherTemplate = db.permissionTemplates().insertTemplate(); | |||||
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> { | ||||
UserDto user = db.users().insertUser("User-" + i); | UserDto user = db.users().insertUser("User-" + i); | ||||
db.organizations().addMember(organization, user); | db.organizations().addMember(organization, user); | ||||
String lastLogin = "User-" + (DEFAULT_PAGE_SIZE + 1); | String lastLogin = "User-" + (DEFAULT_PAGE_SIZE + 1); | ||||
db.permissionTemplates().addUserToTemplate(template, db.users().selectUserByLogin(lastLogin).get(), UserRole.USER); | db.permissionTemplates().addUserToTemplate(template, db.users().selectUserByLogin(lastLogin).get(), UserRole.USER); | ||||
PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organization.getUuid()).build(); | |||||
PermissionQuery query = PermissionQuery.builder().build(); | |||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(db.getSession(), query, template.getUuid())) | assertThat(underTest.selectUserLoginsByQueryAndTemplate(db.getSession(), query, template.getUuid())) | ||||
.hasSize(DEFAULT_PAGE_SIZE) | .hasSize(DEFAULT_PAGE_SIZE) | ||||
.startsWith(lastLogin); | .startsWith(lastLogin); | ||||
db.permissionTemplates().addUserToTemplate(permissionTemplate, user2, USER); | db.permissionTemplates().addUserToTemplate(permissionTemplate, user2, USER); | ||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | ||||
builder().setOrganizationUuid(organization.getUuid()).setPageIndex(1).setPageSize(2).build(), permissionTemplate.getUuid())) | |||||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||||
builder().setPageIndex(1).setPageSize(2).build(), permissionTemplate.getUuid())) | |||||
.containsExactlyInAnyOrder(user1.getLogin(), user2.getLogin()); | |||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | ||||
builder().setOrganizationUuid(organization.getUuid()).setPageIndex(2).setPageSize(2).build(), permissionTemplate.getUuid())) | |||||
.containsExactlyInAnyOrder(user3.getLogin()); | |||||
builder().setPageIndex(2).setPageSize(2).build(), permissionTemplate.getUuid())) | |||||
.containsExactlyInAnyOrder(user3.getLogin()); | |||||
assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, | ||||
builder().setOrganizationUuid(organization.getUuid()).setPageIndex(3).setPageSize(1).build(), permissionTemplate.getUuid())) | |||||
.containsExactlyInAnyOrder(user3.getLogin()); | |||||
builder().setPageIndex(3).setPageSize(1).build(), permissionTemplate.getUuid())) | |||||
.containsExactlyInAnyOrder(user3.getLogin()); | |||||
} | } | ||||
@Test | @Test | ||||
db.permissionTemplates().addUserToTemplate(permissionTemplate, user2, USER); | db.permissionTemplates().addUserToTemplate(permissionTemplate, user2, USER); | ||||
assertThat(underTest.countUserLoginsByQueryAndTemplate(dbSession, | assertThat(underTest.countUserLoginsByQueryAndTemplate(dbSession, | ||||
builder().setOrganizationUuid(organization.getUuid()).build(), permissionTemplate.getUuid())) | |||||
.isEqualTo(3); | |||||
builder().build(), permissionTemplate.getUuid())) | |||||
.isEqualTo(3); | |||||
assertThat(underTest.countUserLoginsByQueryAndTemplate(dbSession, | assertThat(underTest.countUserLoginsByQueryAndTemplate(dbSession, | ||||
builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().setPermission("user").build(), permissionTemplate.getUuid())) | |||||
.isEqualTo(2); | |||||
builder().withAtLeastOnePermission().setPermission("user").build(), permissionTemplate.getUuid())) | |||||
.isEqualTo(2); | |||||
} | } | ||||
@Test | @Test |
public void deletePermissions_deletes_permissions_of_public_project() { | public void deletePermissions_deletes_permissions_of_public_project() { | ||||
OrganizationDto organization = dbTester.organizations().insert(); | OrganizationDto organization = dbTester.organizations().insert(); | ||||
ComponentDto project = dbTester.components().insertPublicProject(organization); | ComponentDto project = dbTester.components().insertPublicProject(organization); | ||||
addPermissions(organization, project); | |||||
addPermissions(project); | |||||
PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler, system2); | PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler, system2); | ||||
purgeCommands.deletePermissions(project.uuid()); | purgeCommands.deletePermissions(project.uuid()); | ||||
public void deletePermissions_deletes_permissions_of_private_project() { | public void deletePermissions_deletes_permissions_of_private_project() { | ||||
OrganizationDto organization = dbTester.organizations().insert(); | OrganizationDto organization = dbTester.organizations().insert(); | ||||
ComponentDto project = dbTester.components().insertPrivateProject(organization); | ComponentDto project = dbTester.components().insertPrivateProject(organization); | ||||
addPermissions(organization, project); | |||||
addPermissions(project); | |||||
PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler, system2); | PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler, system2); | ||||
purgeCommands.deletePermissions(project.uuid()); | purgeCommands.deletePermissions(project.uuid()); | ||||
public void deletePermissions_deletes_permissions_of_view() { | public void deletePermissions_deletes_permissions_of_view() { | ||||
OrganizationDto organization = dbTester.organizations().insert(); | OrganizationDto organization = dbTester.organizations().insert(); | ||||
ComponentDto project = dbTester.components().insertPublicPortfolio(organization); | ComponentDto project = dbTester.components().insertPublicPortfolio(organization); | ||||
addPermissions(organization, project); | |||||
addPermissions(project); | |||||
PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler, system2); | PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler, system2); | ||||
purgeCommands.deletePermissions(project.uuid()); | purgeCommands.deletePermissions(project.uuid()); | ||||
assertThat(dbTester.countRowsOfTable("user_dismissed_messages")).isEqualTo(1); | assertThat(dbTester.countRowsOfTable("user_dismissed_messages")).isEqualTo(1); | ||||
} | } | ||||
private void addPermissions(OrganizationDto organization, ComponentDto root) { | |||||
private void addPermissions(ComponentDto root) { | |||||
if (!root.isPrivate()) { | if (!root.isPrivate()) { | ||||
dbTester.users().insertProjectPermissionOnAnyone("foo1", root); | dbTester.users().insertProjectPermissionOnAnyone("foo1", root); | ||||
dbTester.users().insertPermissionOnAnyone(organization, "not project level"); | |||||
dbTester.users().insertPermissionOnAnyone("not project level"); | |||||
} | } | ||||
GroupDto group = dbTester.users().insertGroup(organization); | |||||
GroupDto group = dbTester.users().insertGroup(); | |||||
dbTester.users().insertProjectPermissionOnGroup(group, "bar", root); | dbTester.users().insertProjectPermissionOnGroup(group, "bar", root); | ||||
dbTester.users().insertPermissionOnGroup(group, "not project level"); | dbTester.users().insertPermissionOnGroup(group, "not project level"); | ||||
import org.sonar.api.utils.System2; | import org.sonar.api.utils.System2; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import static java.util.Arrays.asList; | import static java.util.Arrays.asList; | ||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
import static org.mockito.Mockito.mock; | import static org.mockito.Mockito.mock; | ||||
import static org.mockito.Mockito.when; | import static org.mockito.Mockito.when; | ||||
import static org.sonar.db.organization.OrganizationDto.Subscription.SONARQUBE; | |||||
import static org.sonar.db.user.GroupTesting.newGroupDto; | import static org.sonar.db.user.GroupTesting.newGroupDto; | ||||
public class GroupDaoTest { | public class GroupDaoTest { | ||||
private static final long NOW = 1_500_000L; | private static final long NOW = 1_500_000L; | ||||
private static final String MISSING_UUID = "unknown"; | private static final String MISSING_UUID = "unknown"; | ||||
private static final OrganizationDto AN_ORGANIZATION = new OrganizationDto() | |||||
.setKey("an-org") | |||||
.setName("An Org") | |||||
.setDefaultQualityGateUuid("1") | |||||
.setSubscription(SONARQUBE) | |||||
.setUuid("abcde"); | |||||
private System2 system2 = mock(System2.class); | private System2 system2 = mock(System2.class); | ||||
private final GroupDto aGroup = new GroupDto() | private final GroupDto aGroup = new GroupDto() | ||||
.setUuid("uuid") | .setUuid("uuid") | ||||
.setName("the-name") | .setName("the-name") | ||||
.setDescription("the description") | |||||
.setOrganizationUuid(AN_ORGANIZATION.getUuid()); | |||||
.setDescription("the description"); | |||||
@Before | @Before | ||||
public void setUp() { | public void setUp() { | ||||
when(system2.now()).thenReturn(NOW); | when(system2.now()).thenReturn(NOW); | ||||
db.getDbClient().organizationDao().insert(dbSession, AN_ORGANIZATION, false); | |||||
} | } | ||||
@Test | @Test | ||||
public void selectByName() { | public void selectByName() { | ||||
db.getDbClient().groupDao().insert(dbSession, aGroup); | db.getDbClient().groupDao().insert(dbSession, aGroup); | ||||
GroupDto group = underTest.selectByName(dbSession, AN_ORGANIZATION.getUuid(), aGroup.getName()).get(); | |||||
GroupDto group = underTest.selectByName(dbSession, aGroup.getName()).get(); | |||||
assertThat(group.getUuid()).isNotNull(); | assertThat(group.getUuid()).isNotNull(); | ||||
assertThat(group.getOrganizationUuid()).isEqualTo(aGroup.getOrganizationUuid()); | |||||
assertThat(group.getName()).isEqualTo(aGroup.getName()); | assertThat(group.getName()).isEqualTo(aGroup.getName()); | ||||
assertThat(group.getDescription()).isEqualTo(aGroup.getDescription()); | assertThat(group.getDescription()).isEqualTo(aGroup.getDescription()); | ||||
assertThat(group.getCreatedAt()).isEqualTo(new Date(NOW)); | assertThat(group.getCreatedAt()).isEqualTo(new Date(NOW)); | ||||
@Test | @Test | ||||
public void selectByName_returns_absent() { | public void selectByName_returns_absent() { | ||||
Optional<GroupDto> group = underTest.selectByName(dbSession, AN_ORGANIZATION.getUuid(), "missing"); | |||||
Optional<GroupDto> group = underTest.selectByName(dbSession, "missing"); | |||||
assertThat(group).isNotPresent(); | assertThat(group).isNotPresent(); | ||||
} | } | ||||
@Test | @Test | ||||
public void selectByNames() { | public void selectByNames() { | ||||
GroupDto group1InOrg1 = underTest.insert(dbSession, newGroupDto().setName("group1").setOrganizationUuid("org1")); | |||||
GroupDto group2InOrg1 = underTest.insert(dbSession, newGroupDto().setName("group2").setOrganizationUuid("org1")); | |||||
GroupDto group1InOrg2 = underTest.insert(dbSession, newGroupDto().setName("group1").setOrganizationUuid("org2")); | |||||
GroupDto group3InOrg2 = underTest.insert(dbSession, newGroupDto().setName("group3").setOrganizationUuid("org2")); | |||||
dbSession.commit(); | |||||
GroupDto group1 = underTest.insert(dbSession, newGroupDto().setName("group1")); | |||||
GroupDto group2 = underTest.insert(dbSession, newGroupDto().setName("group2")); | |||||
assertThat(underTest.selectByNames(dbSession, "org1", asList("group1", "group2", "group3", "missingGroup"))).extracting(GroupDto::getUuid) | |||||
.containsOnly(group1InOrg1.getUuid(), group2InOrg1.getUuid()); | |||||
dbSession.commit(); | |||||
assertThat(underTest.selectByNames(dbSession, "org1", Collections.emptyList())).isEmpty(); | |||||
assertThat(underTest.selectByNames(dbSession, "missingOrg", asList("group1"))).isEmpty(); | |||||
assertThat(underTest.selectByNames(dbSession, asList("group1", "group2", "group3", "missingGroup"))).extracting(GroupDto::getUuid) | |||||
.containsOnly(group1.getUuid(), group2.getUuid()); | |||||
assertThat(underTest.selectByNames(dbSession, Collections.emptyList())).isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
.setUuid(aGroup.getUuid()) | .setUuid(aGroup.getUuid()) | ||||
.setName("new-name") | .setName("new-name") | ||||
.setDescription("New description") | .setDescription("New description") | ||||
.setOrganizationUuid("another-org") | |||||
.setCreatedAt(new Date(NOW + 1_000L)); | .setCreatedAt(new Date(NOW + 1_000L)); | ||||
underTest.update(dbSession, dto); | underTest.update(dbSession, dto); | ||||
assertThat(reloaded.getDescription()).isEqualTo("New description"); | assertThat(reloaded.getDescription()).isEqualTo("New description"); | ||||
// immutable fields --> to be ignored | // immutable fields --> to be ignored | ||||
assertThat(reloaded.getOrganizationUuid()).isEqualTo(aGroup.getOrganizationUuid()); | |||||
assertThat(reloaded.getCreatedAt()).isEqualTo(aGroup.getCreatedAt()); | assertThat(reloaded.getCreatedAt()).isEqualTo(aGroup.getCreatedAt()); | ||||
} | } | ||||
@Test | @Test | ||||
public void selectByQuery() { | public void selectByQuery() { | ||||
OrganizationDto organization1 = db.organizations().insert(organizationDto -> organizationDto.setUuid("org1")); | |||||
OrganizationDto organization2 = db.organizations().insert(organizationDto -> organizationDto.setUuid("org2")); | |||||
db.users().insertGroup(organization1, "sonar-users"); | |||||
db.users().insertGroup(organization1, "SONAR-ADMINS"); | |||||
db.users().insertGroup(organization1, "customers-group1"); | |||||
db.users().insertGroup(organization1, "customers-group2"); | |||||
db.users().insertGroup(organization1, "customers-group3"); | |||||
// Group on another organization | |||||
db.users().insertGroup(organization2, "customers-group4"); | |||||
db.users().insertGroup("sonar-users"); | |||||
db.users().insertGroup("SONAR-ADMINS"); | |||||
db.users().insertGroup("customers-group1"); | |||||
db.users().insertGroup("customers-group2"); | |||||
db.users().insertGroup("customers-group3"); | |||||
/* | /* | ||||
* Ordering and paging are not fully tested, case insensitive sort is broken on MySQL | * Ordering and paging are not fully tested, case insensitive sort is broken on MySQL | ||||
*/ | */ | ||||
// Null query | // Null query | ||||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 0, 10)) | |||||
assertThat(underTest.selectByQuery(dbSession, null, 0, 10)) | |||||
.hasSize(5) | .hasSize(5) | ||||
.extracting("name").containsOnly("customers-group1", "customers-group2", "customers-group3", "SONAR-ADMINS", "sonar-users"); | .extracting("name").containsOnly("customers-group1", "customers-group2", "customers-group3", "SONAR-ADMINS", "sonar-users"); | ||||
// Empty query | // Empty query | ||||
assertThat(underTest.selectByQuery(dbSession, "org1", "", 0, 10)) | |||||
assertThat(underTest.selectByQuery(dbSession, "", 0, 10)) | |||||
.hasSize(5) | .hasSize(5) | ||||
.extracting("name").containsOnly("customers-group1", "customers-group2", "customers-group3", "SONAR-ADMINS", "sonar-users"); | .extracting("name").containsOnly("customers-group1", "customers-group2", "customers-group3", "SONAR-ADMINS", "sonar-users"); | ||||
// Filter on name | // Filter on name | ||||
assertThat(underTest.selectByQuery(dbSession, "org1", "sonar", 0, 10)) | |||||
assertThat(underTest.selectByQuery(dbSession, "sonar", 0, 10)) | |||||
.hasSize(2) | .hasSize(2) | ||||
.extracting("name").containsOnly("SONAR-ADMINS", "sonar-users"); | .extracting("name").containsOnly("SONAR-ADMINS", "sonar-users"); | ||||
// Pagination | // Pagination | ||||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 0, 3)) | |||||
assertThat(underTest.selectByQuery(dbSession, null, 0, 3)) | |||||
.hasSize(3); | .hasSize(3); | ||||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 3, 3)) | |||||
assertThat(underTest.selectByQuery(dbSession, null, 3, 3)) | |||||
.hasSize(2); | .hasSize(2); | ||||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 6, 3)).isEmpty(); | |||||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 0, 5)) | |||||
assertThat(underTest.selectByQuery(dbSession, null, 6, 3)).isEmpty(); | |||||
assertThat(underTest.selectByQuery(dbSession, null, 0, 5)) | |||||
.hasSize(5); | .hasSize(5); | ||||
assertThat(underTest.selectByQuery(dbSession, "org1", null, 5, 5)).isEmpty(); | |||||
assertThat(underTest.selectByQuery(dbSession, null, 5, 5)).isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
public void select_by_query_with_special_characters() { | public void select_by_query_with_special_characters() { | ||||
String groupNameWithSpecialCharacters = "group%_%/name"; | String groupNameWithSpecialCharacters = "group%_%/name"; | ||||
underTest.insert(dbSession, newGroupDto().setName(groupNameWithSpecialCharacters).setOrganizationUuid("org1")); | |||||
underTest.insert(dbSession, newGroupDto().setName(groupNameWithSpecialCharacters)); | |||||
db.commit(); | db.commit(); | ||||
List<GroupDto> result = underTest.selectByQuery(dbSession, "org1", "roup%_%/nam", 0, 10); | |||||
int resultCount = underTest.countByQuery(dbSession, "org1", "roup%_%/nam"); | |||||
List<GroupDto> result = underTest.selectByQuery(dbSession, "roup%_%/nam", 0, 10); | |||||
int resultCount = underTest.countByQuery(dbSession, "roup%_%/nam"); | |||||
assertThat(result).hasSize(1); | assertThat(result).hasSize(1); | ||||
assertThat(result.get(0).getName()).isEqualTo(groupNameWithSpecialCharacters); | assertThat(result.get(0).getName()).isEqualTo(groupNameWithSpecialCharacters); | ||||
@Test | @Test | ||||
public void countByQuery() { | public void countByQuery() { | ||||
OrganizationDto organization1 = db.organizations().insert(organizationDto -> organizationDto.setUuid("org1")); | |||||
OrganizationDto organization2 = db.organizations().insert(organizationDto -> organizationDto.setUuid("org2")); | |||||
db.users().insertGroup(organization1, "sonar-users"); | |||||
db.users().insertGroup(organization1, "SONAR-ADMINS"); | |||||
db.users().insertGroup(organization1, "customers-group1"); | |||||
db.users().insertGroup(organization1, "customers-group2"); | |||||
db.users().insertGroup(organization1, "customers-group3"); | |||||
// Group on another organization | |||||
db.users().insertGroup(organization2, "customers-group4"); | |||||
db.users().insertGroup("sonar-users"); | |||||
db.users().insertGroup("SONAR-ADMINS"); | |||||
db.users().insertGroup("customers-group1"); | |||||
db.users().insertGroup("customers-group2"); | |||||
db.users().insertGroup("customers-group3"); | |||||
// Null query | // Null query | ||||
assertThat(underTest.countByQuery(dbSession, "org1", null)).isEqualTo(5); | |||||
assertThat(underTest.countByQuery(dbSession, null)).isEqualTo(5); | |||||
// Empty query | // Empty query | ||||
assertThat(underTest.countByQuery(dbSession, "org1", "")).isEqualTo(5); | |||||
assertThat(underTest.countByQuery(dbSession, "")).isEqualTo(5); | |||||
// Filter on name | // Filter on name | ||||
assertThat(underTest.countByQuery(dbSession, "org1", "sonar")).isEqualTo(2); | |||||
assertThat(underTest.countByQuery(dbSession, "sonar")).isEqualTo(2); | |||||
} | } | ||||
@Test | @Test | ||||
assertThat(db.countRowsOfTable(dbSession, "groups")).isEqualTo(0); | assertThat(db.countRowsOfTable(dbSession, "groups")).isEqualTo(0); | ||||
} | } | ||||
@Test | |||||
public void deleteByOrganization_does_not_fail_when_table_is_empty() { | |||||
underTest.deleteByOrganization(dbSession, "some uuid"); | |||||
dbSession.commit(); | |||||
} | |||||
@Test | |||||
public void deleteByOrganization_does_not_fail_when_organization_has_no_group() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
underTest.deleteByOrganization(dbSession, organization.getUuid()); | |||||
dbSession.commit(); | |||||
} | |||||
@Test | |||||
public void deleteByOrganization_deletes_all_groups_in_specified_organization() { | |||||
OrganizationDto organization1 = db.organizations().insert(); | |||||
OrganizationDto organization2 = db.organizations().insert(); | |||||
OrganizationDto organization3 = db.organizations().insert(); | |||||
db.users().insertGroup(organization1); | |||||
db.users().insertGroup(organization2); | |||||
db.users().insertGroup(organization3); | |||||
db.users().insertGroup(organization3); | |||||
db.users().insertGroup(organization2); | |||||
underTest.deleteByOrganization(dbSession, organization2.getUuid()); | |||||
dbSession.commit(); | |||||
verifyOrganizationUuidsInTable(organization1.getUuid(), organization3.getUuid()); | |||||
underTest.deleteByOrganization(dbSession, organization1.getUuid()); | |||||
dbSession.commit(); | |||||
verifyOrganizationUuidsInTable(organization3.getUuid()); | |||||
underTest.deleteByOrganization(dbSession, organization3.getUuid()); | |||||
dbSession.commit(); | |||||
verifyOrganizationUuidsInTable(); | |||||
} | |||||
private void verifyOrganizationUuidsInTable(String... organizationUuids) { | |||||
assertThat(db.select("select distinct organization_uuid as \"organizationUuid\" from groups")) | |||||
.extracting(row -> (String) row.get("organizationUuid")) | |||||
.containsOnly(organizationUuids); | |||||
} | |||||
} | } |
import org.junit.Rule; | import org.junit.Rule; | ||||
import org.junit.Test; | import org.junit.Test; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import static java.util.Arrays.asList; | import static java.util.Arrays.asList; | ||||
import static java.util.Collections.emptyList; | import static java.util.Collections.emptyList; | ||||
@Rule | @Rule | ||||
public DbTester db = DbTester.create(); | public DbTester db = DbTester.create(); | ||||
private OrganizationDto organizationDto; | |||||
private UserDto user1; | private UserDto user1; | ||||
private UserDto user2; | private UserDto user2; | ||||
private UserDto user3; | private UserDto user3; | ||||
@Before | @Before | ||||
public void setUp() { | public void setUp() { | ||||
organizationDto = db.organizations().insert(); | |||||
user1 = db.users().insertUser(u -> u.setLogin("admin login").setName("Admin name").setEmail("admin@email.com")); | user1 = db.users().insertUser(u -> u.setLogin("admin login").setName("Admin name").setEmail("admin@email.com")); | ||||
user2 = db.users().insertUser(u -> u.setLogin("not.admin").setName("Not Admin").setEmail("Not Admin")); | user2 = db.users().insertUser(u -> u.setLogin("not.admin").setName("Not Admin").setEmail("Not Admin")); | ||||
user3 = db.users().insertUser(u -> u.setLogin("inactive").setActive(false)); | user3 = db.users().insertUser(u -> u.setLogin("inactive").setActive(false)); | ||||
group1 = db.users().insertGroup(organizationDto, "sonar-administrators"); | |||||
group2 = db.users().insertGroup(organizationDto, "sonar-users"); | |||||
group3 = db.users().insertGroup(organizationDto, "sonar-reviewers"); | |||||
db.organizations().addMember(organizationDto, user1); | |||||
db.organizations().addMember(organizationDto, user2); | |||||
group1 = db.users().insertGroup("sonar-administrators"); | |||||
group2 = db.users().insertGroup("sonar-users"); | |||||
group3 = db.users().insertGroup("sonar-reviewers"); | |||||
} | } | ||||
@Test | @Test | ||||
db.users().insertMember(group2, user2); | db.users().insertMember(group2, user2); | ||||
// user1 is member of 3 groups | // user1 is member of 3 groups | ||||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user1.getUuid())).isEqualTo(3); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user1.getUuid())).isZero(); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().membership(IN).build(), user1.getUuid())).isEqualTo(3); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().membership(OUT).build(), user1.getUuid())).isZero(); | |||||
// user2 is member of 1 group on 3 | // user2 is member of 1 group on 3 | ||||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user2.getUuid())).isEqualTo(1); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user2.getUuid())).isEqualTo(2); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().membership(IN).build(), user2.getUuid())).isEqualTo(1); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().membership(OUT).build(), user2.getUuid())).isEqualTo(2); | |||||
// user3 is member of 0 group | // user3 is member of 0 group | ||||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user3.getUuid())).isZero(); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user3.getUuid())).isEqualTo(3); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().membership(IN).build(), user3.getUuid())).isZero(); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().membership(OUT).build(), user3.getUuid())).isEqualTo(3); | |||||
// unknown user is member of 0 group | // unknown user is member of 0 group | ||||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), "999")).isZero(); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), "999")).isEqualTo(3); | |||||
} | |||||
@Test | |||||
public void count_groups_only_from_given_organization() { | |||||
OrganizationDto otherOrganization = db.organizations().insert(); | |||||
GroupDto otherGroup = db.users().insertGroup(otherOrganization, "sonar-administrators-other_orga"); | |||||
db.users().insertMember(group1, user1); | |||||
db.users().insertMember(otherGroup, user1); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user1.getUuid())).isEqualTo(1); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().membership(IN).build(), "999")).isZero(); | |||||
assertThat(underTest.countGroups(db.getSession(), builder().membership(OUT).build(), "999")).isEqualTo(3); | |||||
} | } | ||||
@Test | @Test | ||||
db.users().insertMember(group2, user2); | db.users().insertMember(group2, user2); | ||||
// user1 is member of 3 groups | // user1 is member of 3 groups | ||||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user1.getUuid(), 0, 10)).hasSize(3); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user1.getUuid(), 0, 10)).isEmpty(); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(IN).build(), user1.getUuid(), 0, 10)).hasSize(3); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(OUT).build(), user1.getUuid(), 0, 10)).isEmpty(); | |||||
// user2 is member of 1 group on 3 | // user2 is member of 1 group on 3 | ||||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user2.getUuid(), 0, 10)).hasSize(1); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user2.getUuid(), 0, 10)).hasSize(2); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(IN).build(), user2.getUuid(), 0, 10)).hasSize(1); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(OUT).build(), user2.getUuid(), 0, 10)).hasSize(2); | |||||
// user3 is member of 0 group | // user3 is member of 0 group | ||||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user3.getUuid(), 0, 10)).isEmpty(); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), user3.getUuid(), 0, 10)).hasSize(3); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(IN).build(), user3.getUuid(), 0, 10)).isEmpty(); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(OUT).build(), user3.getUuid(), 0, 10)).hasSize(3); | |||||
// unknown user is member of 0 group | // unknown user is member of 0 group | ||||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), "999", 0, 10)).isEmpty(); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(OUT).build(), "999", 0, 10)).hasSize(3); | |||||
} | |||||
@Test | |||||
public void select_groups_only_from_given_organization() { | |||||
OrganizationDto otherOrganization = db.organizations().insert(); | |||||
GroupDto otherGroup = db.users().insertGroup(otherOrganization, "sonar-administrators-other_orga"); | |||||
db.users().insertMember(group1, user1); | |||||
db.users().insertMember(otherGroup, user1); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().organizationUuid(organizationDto.getUuid()).membership(IN).build(), user1.getUuid(), 0, 10)).hasSize(1); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(IN).build(), "999", 0, 10)).isEmpty(); | |||||
assertThat(underTest.selectGroups(db.getSession(), builder().membership(OUT).build(), "999", 0, 10)).hasSize(3); | |||||
} | } | ||||
@Test | @Test | ||||
public void count_users_by_group() { | public void count_users_by_group() { | ||||
GroupDto emptyGroup = db.users().insertGroup(organizationDto, "sonar-nobody"); | |||||
GroupDto emptyGroup = db.users().insertGroup("sonar-nobody"); | |||||
db.users().insertMember(group1, user1); | db.users().insertMember(group1, user1); | ||||
db.users().insertMember(group2, user1); | db.users().insertMember(group2, user1); | ||||
db.users().insertMember(group3, user1); | db.users().insertMember(group3, user1); | ||||
@Test | @Test | ||||
public void count_members() { | public void count_members() { | ||||
GroupDto emptyGroup = db.users().insertGroup(organizationDto, "sonar-nobody"); | |||||
GroupDto emptyGroup = db.users().insertGroup("sonar-nobody"); | |||||
db.users().insertMember(group1, user1); | db.users().insertMember(group1, user1); | ||||
db.users().insertMember(group2, user1); | db.users().insertMember(group2, user1); | ||||
db.users().insertMember(group3, user1); | db.users().insertMember(group3, user1); | ||||
@Test | @Test | ||||
public void select_group_members_by_query() { | public void select_group_members_by_query() { | ||||
GroupDto emptyGroup = db.users().insertGroup(organizationDto, "sonar-nobody"); | |||||
GroupDto emptyGroup = db.users().insertGroup("sonar-nobody"); | |||||
db.users().insertMember(group1, user1); | db.users().insertMember(group1, user1); | ||||
db.users().insertMember(group2, user1); | db.users().insertMember(group2, user1); | ||||
db.users().insertMember(group3, user1); | db.users().insertMember(group3, user1); | ||||
@Test | @Test | ||||
public void select_users_not_affected_to_a_group_by_query() { | public void select_users_not_affected_to_a_group_by_query() { | ||||
GroupDto emptyGroup = db.users().insertGroup(organizationDto, "sonar-nobody"); | |||||
GroupDto emptyGroup = db.users().insertGroup("sonar-nobody"); | |||||
db.users().insertMember(group1, user1); | db.users().insertMember(group1, user1); | ||||
db.users().insertMember(group2, user1); | db.users().insertMember(group2, user1); | ||||
db.users().insertMember(group3, user1); | db.users().insertMember(group3, user1); | ||||
} | } | ||||
private UserMembershipQuery.Builder newQuery() { | private UserMembershipQuery.Builder newQuery() { | ||||
return UserMembershipQuery.builder().organizationUuid(organizationDto.getUuid()); | |||||
return UserMembershipQuery.builder(); | |||||
} | } | ||||
} | } |
.membership(GroupMembershipQuery.IN) | .membership(GroupMembershipQuery.IN) | ||||
.pageIndex(2) | .pageIndex(2) | ||||
.pageSize(10) | .pageSize(10) | ||||
.organizationUuid("organization_uuid") | |||||
.build(); | .build(); | ||||
assertThat(underTest.groupSearch()).isEqualTo("sonar-users"); | assertThat(underTest.groupSearch()).isEqualTo("sonar-users"); | ||||
assertThat(underTest.membership()).isEqualTo("IN"); | assertThat(underTest.membership()).isEqualTo("IN"); | ||||
assertThat(underTest.pageIndex()).isEqualTo(2); | assertThat(underTest.pageIndex()).isEqualTo(2); | ||||
assertThat(underTest.pageSize()).isEqualTo(10); | assertThat(underTest.pageSize()).isEqualTo(10); | ||||
assertThat(underTest.organizationUuid()).isEqualTo("organization_uuid"); | |||||
} | |||||
@Test | |||||
public void fail_on_null_organization() { | |||||
expectedException.expect(NullPointerException.class); | |||||
expectedException.expectMessage("Organization uuid cant be null"); | |||||
GroupMembershipQuery.builder() | |||||
.organizationUuid(null) | |||||
.build(); | |||||
} | } | ||||
@Test | @Test | ||||
expectedException.expectMessage("Membership is not valid (got unknwown). Availables values are [ANY, IN, OUT]"); | expectedException.expectMessage("Membership is not valid (got unknwown). Availables values are [ANY, IN, OUT]"); | ||||
GroupMembershipQuery.builder() | GroupMembershipQuery.builder() | ||||
.organizationUuid("organization_uuid") | |||||
.membership("unknwown") | .membership("unknwown") | ||||
.build(); | .build(); | ||||
} | } | ||||
} | } |
db.users().insertPermissionOnGroup(group1, "gateadmin"); | db.users().insertPermissionOnGroup(group1, "gateadmin"); | ||||
db.users().insertPermissionOnGroup(group2, "gateadmin"); | db.users().insertPermissionOnGroup(group2, "gateadmin"); | ||||
db.users().insertProjectPermissionOnGroup(group2, "admin", project); | db.users().insertProjectPermissionOnGroup(group2, "admin", project); | ||||
db.users().insertPermissionOnAnyone(db.getDefaultOrganization(), "scan"); | |||||
db.users().insertPermissionOnAnyone(db.getDefaultOrganization(), "provisioning"); | |||||
db.users().insertPermissionOnAnyone("scan"); | |||||
db.users().insertPermissionOnAnyone("provisioning"); | |||||
underTest.deleteGroupRolesByGroupUuid(db.getSession(), group1.getUuid()); | underTest.deleteGroupRolesByGroupUuid(db.getSession(), group1.getUuid()); | ||||
db.getSession().commit(); | db.getSession().commit(); | ||||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), db.getDefaultOrganization().getUuid(), group1.getUuid())).isEmpty(); | |||||
assertThat(db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), db.getDefaultOrganization().getUuid(), group1.getUuid(), project.uuid())) | |||||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), group1.getUuid())).isEmpty(); | |||||
assertThat(db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), group1.getUuid(), project.uuid())) | |||||
.isEmpty(); | .isEmpty(); | ||||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), db.getDefaultOrganization().getUuid(), group2.getUuid())) | |||||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), group2.getUuid())) | |||||
.containsOnly("gateadmin"); | .containsOnly("gateadmin"); | ||||
assertThat(db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), db.getDefaultOrganization().getUuid(), group2.getUuid(), project.uuid())) | |||||
assertThat(db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), group2.getUuid(), project.uuid())) | |||||
.containsOnly("admin"); | .containsOnly("admin"); | ||||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), db.getDefaultOrganization().getUuid(), null)).containsOnly("scan", | |||||
assertThat(db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), null)).containsOnly("scan", | |||||
"provisioning"); | "provisioning"); | ||||
} | } | ||||
} | } |
import org.sonar.db.DbClient; | import org.sonar.db.DbClient; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
assertThat(dbTester.getDbClient().groupMembershipDao().selectGroupUuidsByUserUuid(dbTester.getSession(), user2.getUuid())).containsOnly(group2.getUuid()); | assertThat(dbTester.getDbClient().groupMembershipDao().selectGroupUuidsByUserUuid(dbTester.getSession(), user2.getUuid())).containsOnly(group2.getUuid()); | ||||
} | } | ||||
@Test | |||||
public void delete_organization_member() { | |||||
OrganizationDto organization = dbTester.organizations().insert(); | |||||
OrganizationDto anotherOrganization = dbTester.organizations().insert(); | |||||
UserDto user = dbTester.users().insertUser(); | |||||
UserDto anotherUser = dbTester.users().insertUser(); | |||||
GroupDto group = dbTester.users().insertGroup(organization); | |||||
GroupDto anotherGroup = dbTester.users().insertGroup(anotherOrganization); | |||||
dbTester.users().insertMembers(group, user, anotherUser); | |||||
dbTester.users().insertMembers(anotherGroup, user, anotherUser); | |||||
underTest.deleteByOrganizationAndUser(dbSession, organization.getUuid(), user.getUuid()); | |||||
assertThat(dbClient.groupMembershipDao().selectGroupUuidsByUserUuid(dbSession, user.getUuid())) | |||||
.containsOnly(anotherGroup.getUuid()); | |||||
assertThat(dbClient.groupMembershipDao().selectGroupUuidsByUserUuid(dbSession, anotherUser.getUuid())) | |||||
.containsOnly(group.getUuid(), anotherGroup.getUuid()); | |||||
} | |||||
@Test | @Test | ||||
public void delete_by_user() { | public void delete_by_user() { | ||||
UserDto user1 = dbTester.users().insertUser(); | UserDto user1 = dbTester.users().insertUser(); |
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.permission.template.PermissionTemplateDto; | import org.sonar.db.permission.template.PermissionTemplateDto; | ||||
import org.sonar.db.user.GroupMembershipDto; | |||||
import org.sonar.db.user.GroupMembershipQuery; | |||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import static com.google.common.base.Preconditions.checkArgument; | |||||
import static org.assertj.core.api.Assertions.assertThat; | |||||
import static org.sonar.db.user.GroupMembershipQuery.IN; | |||||
public class OrganizationDbTester { | public class OrganizationDbTester { | ||||
private final DbTester db; | private final DbTester db; | ||||
public void setDefaultTemplates(PermissionTemplateDto projectDefaultTemplate, @Nullable PermissionTemplateDto applicationDefaultTemplate, | public void setDefaultTemplates(PermissionTemplateDto projectDefaultTemplate, @Nullable PermissionTemplateDto applicationDefaultTemplate, | ||||
@Nullable PermissionTemplateDto portfolioDefaultTemplate) { | @Nullable PermissionTemplateDto portfolioDefaultTemplate) { | ||||
checkArgument(portfolioDefaultTemplate == null | |||||
|| portfolioDefaultTemplate.getOrganizationUuid().equals(projectDefaultTemplate.getOrganizationUuid()), | |||||
"default template for project and portfolio must belong to the same organization"); | |||||
checkArgument(applicationDefaultTemplate == null | |||||
|| applicationDefaultTemplate.getOrganizationUuid().equals(projectDefaultTemplate.getOrganizationUuid()), | |||||
"default template for project and application must belong to the same organization"); | |||||
DbSession dbSession = db.getSession(); | DbSession dbSession = db.getSession(); | ||||
db.getDbClient().organizationDao().setDefaultTemplates(dbSession, projectDefaultTemplate.getOrganizationUuid(), | |||||
db.getDbClient().organizationDao().setDefaultTemplates(dbSession, db.getDefaultOrganization().getUuid(), | |||||
new DefaultTemplates() | new DefaultTemplates() | ||||
.setProjectUuid(projectDefaultTemplate.getUuid()) | .setProjectUuid(projectDefaultTemplate.getUuid()) | ||||
.setPortfoliosUuid(portfolioDefaultTemplate == null ? null : portfolioDefaultTemplate.getUuid()) | .setPortfoliosUuid(portfolioDefaultTemplate == null ? null : portfolioDefaultTemplate.getUuid()) | ||||
dbSession.commit(); | dbSession.commit(); | ||||
} | } | ||||
public void setDefaultTemplates(OrganizationDto defaultOrganization, String projectDefaultTemplateUuid, | |||||
@Nullable String applicationDefaultTemplateUuid, @Nullable String portfoliosDefaultTemplateUuid) { | |||||
public void setDefaultTemplates(String projectDefaultTemplateUuid, @Nullable String applicationDefaultTemplateUuid, @Nullable String portfoliosDefaultTemplateUuid) { | |||||
DbSession dbSession = db.getSession(); | DbSession dbSession = db.getSession(); | ||||
db.getDbClient().organizationDao().setDefaultTemplates(dbSession, defaultOrganization.getUuid(), | |||||
db.getDbClient().organizationDao().setDefaultTemplates(dbSession, db.getDefaultOrganization().getUuid(), | |||||
new DefaultTemplates() | new DefaultTemplates() | ||||
.setProjectUuid(projectDefaultTemplateUuid) | .setProjectUuid(projectDefaultTemplateUuid) | ||||
.setApplicationsUuid(applicationDefaultTemplateUuid) | .setApplicationsUuid(applicationDefaultTemplateUuid) | ||||
public boolean getNewProjectPrivate(OrganizationDto organization) { | public boolean getNewProjectPrivate(OrganizationDto organization) { | ||||
return db.getDbClient().organizationDao().getNewProjectPrivate(db.getSession(), organization); | return db.getDbClient().organizationDao().getNewProjectPrivate(db.getSession(), organization); | ||||
} | } | ||||
public void assertUserIsMemberOfOrganization(OrganizationDto organization, UserDto user) { | |||||
assertThat(db.getDbClient().organizationMemberDao().select(db.getSession(), organization.getUuid(), user.getUuid())).as("User is not member of the organization").isPresent(); | |||||
String defaultGroupUuid = db.getDbClient().organizationDao().getDefaultGroupUuid(db.getSession(), organization.getUuid()).get(); | |||||
assertThat(db.getDbClient().groupMembershipDao().selectGroups( | |||||
db.getSession(), | |||||
GroupMembershipQuery.builder().membership(IN).organizationUuid(organization.getUuid()).build(), | |||||
user.getUuid(), 0, 10)) | |||||
.extracting(GroupMembershipDto::getUuid) | |||||
.as("User is not member of the default group of the organization") | |||||
.containsOnly(defaultGroupUuid); | |||||
} | |||||
public void assertUserIsNotMemberOfOrganization(OrganizationDto organization, UserDto user) { | |||||
assertThat(db.getDbClient().organizationMemberDao().select(db.getSession(), organization.getUuid(), user.getUuid())).as("User is still member of the organization") | |||||
.isNotPresent(); | |||||
assertThat(db.getDbClient().groupMembershipDao().countGroups(db.getSession(), | |||||
GroupMembershipQuery.builder().membership(IN).organizationUuid(organization.getUuid()).build(), | |||||
user.getUuid())).isZero(); | |||||
} | |||||
} | } |
import org.sonar.db.DbClient; | import org.sonar.db.DbClient; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
return insertTemplate(newPermissionTemplateDto()); | return insertTemplate(newPermissionTemplateDto()); | ||||
} | } | ||||
public PermissionTemplateDto insertTemplate(OrganizationDto organizationDto) { | |||||
return insertTemplate(newPermissionTemplateDto().setOrganizationUuid(organizationDto.getUuid())); | |||||
} | |||||
public PermissionTemplateDto insertTemplate(PermissionTemplateDto template) { | public PermissionTemplateDto insertTemplate(PermissionTemplateDto template) { | ||||
template.setOrganizationUuid(db.getDefaultOrganization().getUuid()); | |||||
PermissionTemplateDto templateInDb = dbClient.permissionTemplateDao().insert(dbSession, template); | PermissionTemplateDto templateInDb = dbClient.permissionTemplateDao().insert(dbSession, template); | ||||
db.commit(); | db.commit(); | ||||
return new PermissionTemplateDto() | return new PermissionTemplateDto() | ||||
.setName(randomAlphanumeric(60)) | .setName(randomAlphanumeric(60)) | ||||
.setDescription(randomAscii(500)) | .setDescription(randomAscii(500)) | ||||
.setOrganizationUuid(randomAlphanumeric(40)) | |||||
.setUuid(Uuids.create()) | .setUuid(Uuids.create()) | ||||
.setCreatedAt(new Date()) | .setCreatedAt(new Date()) | ||||
.setUpdatedAt(new Date()); | .setUpdatedAt(new Date()); |
public static GroupDto newGroupDto() { | public static GroupDto newGroupDto() { | ||||
return new GroupDto() | return new GroupDto() | ||||
.setUuid(randomAlphanumeric(40)) | .setUuid(randomAlphanumeric(40)) | ||||
.setOrganizationUuid(randomAlphanumeric(40)) | |||||
.setName(randomAlphanumeric(255)) | .setName(randomAlphanumeric(255)) | ||||
.setDescription(randomAlphanumeric(200)) | .setDescription(randomAlphanumeric(200)) | ||||
.setCreatedAt(new Date(nextLong())) | .setCreatedAt(new Date(nextLong())) |
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.ce.CeTaskMessageType; | import org.sonar.db.ce.CeTaskMessageType; | ||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.GroupPermissionDto; | import org.sonar.db.permission.GroupPermissionDto; | ||||
import org.sonar.db.permission.OrganizationPermission; | import org.sonar.db.permission.OrganizationPermission; | ||||
import org.sonar.db.permission.UserPermissionDto; | import org.sonar.db.permission.UserPermissionDto; | ||||
return dbClient.userDao().selectByLogin(db.getSession(), userDto.getLogin()); | return dbClient.userDao().selectByLogin(db.getSession(), userDto.getLogin()); | ||||
} | } | ||||
public UserDto insertAdminByUserPermission(OrganizationDto org) { | |||||
public UserDto insertAdminByUserPermission() { | |||||
UserDto user = insertUser(); | UserDto user = insertUser(); | ||||
insertPermissionOnUser(org, user, ADMINISTER); | |||||
insertPermissionOnUser(user, ADMINISTER); | |||||
return user; | return user; | ||||
} | } | ||||
// GROUPS | // GROUPS | ||||
public GroupDto insertGroup(OrganizationDto organization, String name) { | |||||
GroupDto group = GroupTesting.newGroupDto().setName(name).setOrganizationUuid(organization.getUuid()); | |||||
return insertGroup(group); | |||||
} | |||||
public GroupDto insertGroup(String name) { | public GroupDto insertGroup(String name) { | ||||
GroupDto group = GroupTesting.newGroupDto().setName(name).setOrganizationUuid(db.getDefaultOrganization().getUuid()); | |||||
GroupDto group = GroupTesting.newGroupDto().setName(name); | |||||
return insertGroup(group); | return insertGroup(group); | ||||
} | } | ||||
/** | |||||
* Create group in default organization | |||||
*/ | |||||
public GroupDto insertGroup() { | public GroupDto insertGroup() { | ||||
GroupDto group = GroupTesting.newGroupDto().setOrganizationUuid(db.getDefaultOrganization().getUuid()); | |||||
return insertGroup(group); | |||||
} | |||||
/** | |||||
* Create group in specified organization | |||||
*/ | |||||
public GroupDto insertGroup(OrganizationDto organizationDto) { | |||||
GroupDto group = GroupTesting.newGroupDto().setOrganizationUuid(organizationDto.getUuid()); | |||||
GroupDto group = GroupTesting.newGroupDto(); | |||||
return insertGroup(group); | return insertGroup(group); | ||||
} | } | ||||
} | } | ||||
public GroupDto insertDefaultGroup(GroupDto dto) { | public GroupDto insertDefaultGroup(GroupDto dto) { | ||||
String organizationUuid = dto.getOrganizationUuid(); | |||||
db.getDbClient().organizationDao().getDefaultGroupUuid(db.getSession(), organizationUuid) | |||||
db.getDbClient().organizationDao().getDefaultGroupUuid(db.getSession(), db.getDefaultOrganization().getUuid()) | |||||
.ifPresent(groupUuid -> { | .ifPresent(groupUuid -> { | ||||
throw new IllegalArgumentException(format("Organization '%s' has already a default group", organizationUuid)); | |||||
throw new IllegalArgumentException(format("Organization '%s' has already a default group", db.getDefaultOrganization().getUuid())); | |||||
}); | }); | ||||
db.getDbClient().groupDao().insert(db.getSession(), dto); | db.getDbClient().groupDao().insert(db.getSession(), dto); | ||||
db.getDbClient().organizationDao().setDefaultGroupUuid(db.getSession(), organizationUuid, dto); | |||||
db.getDbClient().organizationDao().setDefaultGroupUuid(db.getSession(), db.getDefaultOrganization().getUuid(), dto); | |||||
db.commit(); | db.commit(); | ||||
return dto; | return dto; | ||||
} | } | ||||
public GroupDto insertDefaultGroup(OrganizationDto organization, String name) { | |||||
return insertDefaultGroup(GroupTesting.newGroupDto().setName(name).setOrganizationUuid(organization.getUuid())); | |||||
public GroupDto insertDefaultGroup(String name) { | |||||
return insertDefaultGroup(GroupTesting.newGroupDto().setName(name)); | |||||
} | } | ||||
public GroupDto insertDefaultGroup(OrganizationDto organization) { | |||||
return insertDefaultGroup(GroupTesting.newGroupDto().setOrganizationUuid(organization.getUuid())); | |||||
public GroupDto insertDefaultGroup() { | |||||
return insertDefaultGroup(GroupTesting.newGroupDto()); | |||||
} | } | ||||
@CheckForNull | @CheckForNull | ||||
return db.getDbClient().groupDao().selectByUuid(db.getSession(), groupUuid); | return db.getDbClient().groupDao().selectByUuid(db.getSession(), groupUuid); | ||||
} | } | ||||
public Optional<GroupDto> selectGroup(OrganizationDto org, String name) { | |||||
return db.getDbClient().groupDao().selectByName(db.getSession(), org.getUuid(), name); | |||||
} | |||||
public List<GroupDto> selectGroups(OrganizationDto org) { | |||||
return db.getDbClient().groupDao().selectByOrganizationUuid(db.getSession(), org.getUuid()); | |||||
public Optional<GroupDto> selectGroup(String name) { | |||||
return db.getDbClient().groupDao().selectByName(db.getSession(), name); | |||||
} | } | ||||
// GROUP MEMBERSHIP | // GROUP MEMBERSHIP | ||||
// GROUP PERMISSIONS | // GROUP PERMISSIONS | ||||
public GroupPermissionDto insertPermissionOnAnyone(OrganizationDto org, String permission) { | |||||
public GroupPermissionDto insertPermissionOnAnyone(String permission) { | |||||
GroupPermissionDto dto = new GroupPermissionDto() | GroupPermissionDto dto = new GroupPermissionDto() | ||||
.setUuid(Uuids.createFast()) | .setUuid(Uuids.createFast()) | ||||
.setOrganizationUuid(org.getUuid()) | |||||
.setGroupUuid(null) | .setGroupUuid(null) | ||||
.setRole(permission); | .setRole(permission); | ||||
db.getDbClient().groupPermissionDao().insert(db.getSession(), dto); | db.getDbClient().groupPermissionDao().insert(db.getSession(), dto); | ||||
return dto; | return dto; | ||||
} | } | ||||
public GroupPermissionDto insertPermissionOnAnyone(OrganizationDto org, OrganizationPermission permission) { | |||||
return insertPermissionOnAnyone(org, permission.getKey()); | |||||
public GroupPermissionDto insertPermissionOnAnyone(OrganizationPermission permission) { | |||||
return insertPermissionOnAnyone(permission.getKey()); | |||||
} | } | ||||
public GroupPermissionDto insertPermissionOnGroup(GroupDto group, String permission) { | public GroupPermissionDto insertPermissionOnGroup(GroupDto group, String permission) { | ||||
GroupPermissionDto dto = new GroupPermissionDto() | GroupPermissionDto dto = new GroupPermissionDto() | ||||
.setUuid(Uuids.createFast()) | .setUuid(Uuids.createFast()) | ||||
.setOrganizationUuid(group.getOrganizationUuid()) | |||||
.setGroupUuid(group.getUuid()) | .setGroupUuid(group.getUuid()) | ||||
.setRole(permission); | .setRole(permission); | ||||
db.getDbClient().groupPermissionDao().insert(db.getSession(), dto); | db.getDbClient().groupPermissionDao().insert(db.getSession(), dto); | ||||
} | } | ||||
public void deletePermissionFromGroup(GroupDto group, String permission) { | public void deletePermissionFromGroup(GroupDto group, String permission) { | ||||
db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, group.getOrganizationUuid(), group.getUuid(), null); | |||||
db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, group.getUuid(), null); | |||||
db.commit(); | db.commit(); | ||||
} | } | ||||
checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); | checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); | ||||
GroupPermissionDto dto = new GroupPermissionDto() | GroupPermissionDto dto = new GroupPermissionDto() | ||||
.setUuid(Uuids.createFast()) | .setUuid(Uuids.createFast()) | ||||
.setOrganizationUuid(project.getOrganizationUuid()) | |||||
.setGroupUuid(null) | .setGroupUuid(null) | ||||
.setRole(permission) | .setRole(permission) | ||||
.setComponentUuid(project.uuid()); | .setComponentUuid(project.uuid()); | ||||
} | } | ||||
public void deleteProjectPermissionFromAnyone(ComponentDto project, String permission) { | public void deleteProjectPermissionFromAnyone(ComponentDto project, String permission) { | ||||
db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, project.getOrganizationUuid(), null, project.uuid()); | |||||
db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, null, project.uuid()); | |||||
db.commit(); | db.commit(); | ||||
} | } | ||||
public GroupPermissionDto insertProjectPermissionOnGroup(GroupDto group, String permission, ComponentDto project) { | public GroupPermissionDto insertProjectPermissionOnGroup(GroupDto group, String permission, ComponentDto project) { | ||||
checkArgument(group.getOrganizationUuid().equals(project.getOrganizationUuid()), "Different organizations"); | |||||
checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission), | checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission), | ||||
"%s can't be granted on a public project", permission); | "%s can't be granted on a public project", permission); | ||||
checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); | checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); | ||||
GroupPermissionDto dto = new GroupPermissionDto() | GroupPermissionDto dto = new GroupPermissionDto() | ||||
.setUuid(Uuids.createFast()) | .setUuid(Uuids.createFast()) | ||||
.setOrganizationUuid(group.getOrganizationUuid()) | |||||
.setGroupUuid(group.getUuid()) | .setGroupUuid(group.getUuid()) | ||||
.setRole(permission) | .setRole(permission) | ||||
.setComponentUuid(project.uuid()); | .setComponentUuid(project.uuid()); | ||||
public List<String> selectGroupPermissions(GroupDto group, @Nullable ComponentDto project) { | public List<String> selectGroupPermissions(GroupDto group, @Nullable ComponentDto project) { | ||||
if (project == null) { | if (project == null) { | ||||
return db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), | |||||
group.getOrganizationUuid(), group.getUuid()); | |||||
return db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), group.getUuid()); | |||||
} | } | ||||
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), | |||||
group.getOrganizationUuid(), group.getUuid(), project.uuid()); | |||||
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), group.getUuid(), project.uuid()); | |||||
} | } | ||||
public List<String> selectAnyonePermissions(OrganizationDto org, @Nullable ComponentDto project) { | |||||
public List<String> selectAnyonePermissions(@Nullable ComponentDto project) { | |||||
if (project == null) { | if (project == null) { | ||||
return db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), | |||||
org.getUuid(), null); | |||||
return db.getDbClient().groupPermissionDao().selectGlobalPermissionsOfGroup(db.getSession(), null); | |||||
} | } | ||||
checkArgument(org.getUuid().equals(project.getOrganizationUuid()), "Different organizations"); | |||||
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), org.getUuid(), null, project.uuid()); | |||||
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), null, project.uuid()); | |||||
} | } | ||||
// USER PERMISSIONS | // USER PERMISSIONS | ||||
/** | /** | ||||
* Grant permission on default organization | |||||
* Grant permission | |||||
*/ | */ | ||||
public UserPermissionDto insertPermissionOnUser(UserDto user, OrganizationPermission permission) { | public UserPermissionDto insertPermissionOnUser(UserDto user, OrganizationPermission permission) { | ||||
return insertPermissionOnUser(db.getDefaultOrganization(), user, permission); | |||||
return insertPermissionOnUser(user, permission.getKey()); | |||||
} | } | ||||
/** | /** | ||||
* Grant global permission | * Grant global permission | ||||
* @deprecated use {@link #insertPermissionOnUser(OrganizationDto, UserDto, OrganizationPermission)} | |||||
* @deprecated use {@link #insertPermissionOnUser(UserDto, OrganizationPermission)} | |||||
*/ | */ | ||||
@Deprecated | @Deprecated | ||||
public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, String permission) { | |||||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), org.getUuid(), permission, user.getUuid(), null); | |||||
db.getDbClient().userPermissionDao().insert(db.getSession(), dto); | |||||
public UserPermissionDto insertPermissionOnUser(UserDto user, String permission) { | |||||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), null); | |||||
db.getDbClient().userPermissionDao().insert(db.getSession(), dto, db.getDefaultOrganization().getUuid()); | |||||
db.commit(); | db.commit(); | ||||
return dto; | return dto; | ||||
} | } | ||||
/** | |||||
* Grant organization permission to user | |||||
*/ | |||||
public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, OrganizationPermission permission) { | |||||
return insertPermissionOnUser(org, user, permission.getKey()); | |||||
} | |||||
public void deletePermissionFromUser(OrganizationDto org, UserDto user, OrganizationPermission permission) { | |||||
db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getUuid(), permission.getKey(), org.getUuid()); | |||||
public void deletePermissionFromUser(UserDto user, OrganizationPermission permission) { | |||||
db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getUuid(), permission.getKey()); | |||||
db.commit(); | db.commit(); | ||||
} | } | ||||
checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission), | checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission), | ||||
"%s can't be granted on a public project", permission); | "%s can't be granted on a public project", permission); | ||||
checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); | checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); | ||||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), project.getOrganizationUuid(), permission, user.getUuid(), project.uuid()); | |||||
db.getDbClient().userPermissionDao().insert(db.getSession(), dto); | |||||
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), project.uuid()); | |||||
db.getDbClient().userPermissionDao().insert(db.getSession(), dto, db.getDefaultOrganization().getUuid()); | |||||
db.commit(); | db.commit(); | ||||
return dto; | return dto; | ||||
} | } | ||||
public List<OrganizationPermission> selectPermissionsOfUser(UserDto user, OrganizationDto organization) { | |||||
public List<OrganizationPermission> selectPermissionsOfUser(UserDto user) { | |||||
return toListOfOrganizationPermissions(db.getDbClient().userPermissionDao() | return toListOfOrganizationPermissions(db.getDbClient().userPermissionDao() | ||||
.selectGlobalPermissionsOfUser(db.getSession(), user.getUuid(), organization.getUuid())); | |||||
.selectGlobalPermissionsOfUser(db.getSession(), user.getUuid())); | |||||
} | } | ||||
public List<String> selectProjectPermissionsOfUser(UserDto user, ComponentDto project) { | public List<String> selectProjectPermissionsOfUser(UserDto user, ComponentDto project) { |
* Returns the active users (at most 3) who are associated to the given SCM account. This method can be used | * Returns the active users (at most 3) who are associated to the given SCM account. This method can be used | ||||
* to detect user conflicts. | * to detect user conflicts. | ||||
*/ | */ | ||||
public List<UserDoc> getAtMostThreeActiveUsersForScmAccount(String scmAccount, String organizationUuid) { | |||||
public List<UserDoc> getAtMostThreeActiveUsersForScmAccount(String scmAccount) { | |||||
List<UserDoc> result = new ArrayList<>(); | List<UserDoc> result = new ArrayList<>(); | ||||
if (!StringUtils.isEmpty(scmAccount)) { | if (!StringUtils.isEmpty(scmAccount)) { | ||||
SearchRequestBuilder request = esClient.prepareSearch(UserIndexDefinition.TYPE_USER) | SearchRequestBuilder request = esClient.prepareSearch(UserIndexDefinition.TYPE_USER) | ||||
.setQuery(boolQuery().must(matchAllQuery()).filter( | .setQuery(boolQuery().must(matchAllQuery()).filter( | ||||
boolQuery() | boolQuery() | ||||
.must(termQuery(FIELD_ACTIVE, true)) | .must(termQuery(FIELD_ACTIVE, true)) | ||||
.must(termQuery(FIELD_ORGANIZATION_UUIDS, organizationUuid)) | |||||
.should(termQuery(FIELD_LOGIN, scmAccount)) | .should(termQuery(FIELD_LOGIN, scmAccount)) | ||||
.should(matchQuery(SORTABLE_ANALYZER.subField(FIELD_EMAIL), scmAccount)) | .should(matchQuery(SORTABLE_ANALYZER.subField(FIELD_EMAIL), scmAccount)) | ||||
.should(matchQuery(SORTABLE_ANALYZER.subField(FIELD_SCM_ACCOUNTS), scmAccount)))) | .should(matchQuery(SORTABLE_ANALYZER.subField(FIELD_SCM_ACCOUNTS), scmAccount)))) |
public class UserIndexTest { | public class UserIndexTest { | ||||
private static final String ORGANIZATION_UUID = "my-organization"; | |||||
private static final String USER1_LOGIN = "user1"; | private static final String USER1_LOGIN = "user1"; | ||||
private static final String USER2_LOGIN = "user2"; | private static final String USER2_LOGIN = "user2"; | ||||
es.putDocuments(TYPE_USER, user2); | es.putDocuments(TYPE_USER, user2); | ||||
es.putDocuments(TYPE_USER, user3); | es.putDocuments(TYPE_USER, user3); | ||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.scmAccounts().get(0), ORGANIZATION_UUID)).extractingResultOf("login").containsOnly(user1.login()); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.login(), ORGANIZATION_UUID)).extractingResultOf("login").containsOnly(user1.login()); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.scmAccounts().get(0))).extractingResultOf("login").containsOnly(user1.login()); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.login())).extractingResultOf("login").containsOnly(user1.login()); | |||||
// both users share the same email | // both users share the same email | ||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.email(), ORGANIZATION_UUID)).extracting(UserDoc::login).containsOnly(user1.login(), user2.login()); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user1.email())).extracting(UserDoc::login).containsOnly(user1.login(), user2.login()); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("", ORGANIZATION_UUID)).isEmpty(); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("unknown", ORGANIZATION_UUID)).isEmpty(); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("")).isEmpty(); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("unknown")).isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
UserDoc user = newUser(USER1_LOGIN, singletonList(scmAccount)).setActive(false); | UserDoc user = newUser(USER1_LOGIN, singletonList(scmAccount)).setActive(false); | ||||
es.putDocuments(TYPE_USER, user); | es.putDocuments(TYPE_USER, user); | ||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user.login(), ORGANIZATION_UUID)).isEmpty(); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(scmAccount, ORGANIZATION_UUID)).isEmpty(); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(user.login())).isEmpty(); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(scmAccount)).isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
es.putDocuments(TYPE_USER, user4); | es.putDocuments(TYPE_USER, user4); | ||||
// restrict results to 3 users | // restrict results to 3 users | ||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(email, ORGANIZATION_UUID)).hasSize(3); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount(email)).hasSize(3); | |||||
} | } | ||||
@Test | @Test | ||||
UserDoc user = newUser("the_login", singletonList("John.Smith")); | UserDoc user = newUser("the_login", singletonList("John.Smith")); | ||||
es.putDocuments(TYPE_USER, user); | es.putDocuments(TYPE_USER, user); | ||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_login", ORGANIZATION_UUID)).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_Login", ORGANIZATION_UUID)).isEmpty(); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_login")).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_Login")).isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
UserDoc user = newUser("the_login", "the_EMAIL@corp.com", singletonList("John.Smith")); | UserDoc user = newUser("the_login", "the_EMAIL@corp.com", singletonList("John.Smith")); | ||||
es.putDocuments(TYPE_USER, user); | es.putDocuments(TYPE_USER, user); | ||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_EMAIL@corp.com", ORGANIZATION_UUID)).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_email@corp.com", ORGANIZATION_UUID)).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("email", ORGANIZATION_UUID)).isEmpty(); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_EMAIL@corp.com")).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("the_email@corp.com")).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("email")).isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
UserDoc user = newUser("the_login", singletonList("John.Smith")); | UserDoc user = newUser("the_login", singletonList("John.Smith")); | ||||
es.putDocuments(TYPE_USER, user); | es.putDocuments(TYPE_USER, user); | ||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("John.Smith", ORGANIZATION_UUID)).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN.SMIth", ORGANIZATION_UUID)).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN.SMITH", ORGANIZATION_UUID)).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN", ORGANIZATION_UUID)).isEmpty(); | |||||
} | |||||
@Test | |||||
public void getAtMostThreeActiveUsersForScmAccount_search_only_user_within_given_organization() { | |||||
UserDoc user1 = newUser("user1", singletonList("same_scm")).setOrganizationUuids(singletonList(ORGANIZATION_UUID)); | |||||
UserDoc user2 = newUser("user2", singletonList("same_scm")).setOrganizationUuids(singletonList("another_organization")); | |||||
es.putDocuments(TYPE_USER, user1); | |||||
es.putDocuments(TYPE_USER, user2); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("same_scm", ORGANIZATION_UUID)).extractingResultOf("login").containsOnly(user1.login()); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("John.Smith")).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN.SMIth")).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN.SMITH")).hasSize(1); | |||||
assertThat(underTest.getAtMostThreeActiveUsersForScmAccount("JOHN")).isEmpty(); | |||||
} | } | ||||
@Test | @Test | ||||
.setName(login.toUpperCase(Locale.ENGLISH)) | .setName(login.toUpperCase(Locale.ENGLISH)) | ||||
.setEmail(login + "@mail.com") | .setEmail(login + "@mail.com") | ||||
.setActive(true) | .setActive(true) | ||||
.setScmAccounts(scmAccounts) | |||||
.setOrganizationUuids(singletonList(ORGANIZATION_UUID)); | |||||
.setScmAccounts(scmAccounts); | |||||
} | } | ||||
private static UserDoc newUser(String login, String email, List<String> scmAccounts) { | private static UserDoc newUser(String login, String email, List<String> scmAccounts) { | ||||
.setName(login.toUpperCase(Locale.ENGLISH)) | .setName(login.toUpperCase(Locale.ENGLISH)) | ||||
.setEmail(email) | .setEmail(email) | ||||
.setActive(true) | .setActive(true) | ||||
.setScmAccounts(scmAccounts) | |||||
.setOrganizationUuids(singletonList(ORGANIZATION_UUID)); | |||||
.setScmAccounts(scmAccounts); | |||||
} | } | ||||
} | } |
import java.util.Optional; | import java.util.Optional; | ||||
import javax.annotation.CheckForNull; | import javax.annotation.CheckForNull; | ||||
import javax.annotation.concurrent.Immutable; | import javax.annotation.concurrent.Immutable; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.OrganizationPermission; | import org.sonar.db.permission.OrganizationPermission; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.server.user.AbstractUserSession; | import org.sonar.server.user.AbstractUserSession; | ||||
@Immutable | @Immutable | ||||
public class SafeModeUserSession extends AbstractUserSession { | public class SafeModeUserSession extends AbstractUserSession { | ||||
@Override | @Override | ||||
protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { | |||||
protected boolean hasPermissionImpl(OrganizationPermission permission) { | |||||
return false; | return false; | ||||
} | } | ||||
return false; | return false; | ||||
} | } | ||||
@Override | |||||
protected boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||||
return false; | |||||
} | |||||
@CheckForNull | @CheckForNull | ||||
@Override | @Override | ||||
public String getLogin() { | public String getLogin() { |
import org.sonar.api.utils.log.Loggers; | import org.sonar.api.utils.log.Loggers; | ||||
import org.sonar.db.DbClient; | import org.sonar.db.DbClient; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.alm.ALM; | |||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.db.user.UserGroupDto; | import org.sonar.db.user.UserGroupDto; | ||||
import org.sonar.server.authentication.UserRegistration.ExistingEmailStrategy; | import org.sonar.server.authentication.UserRegistration.ExistingEmailStrategy; | ||||
import org.sonar.server.authentication.event.AuthenticationException; | import org.sonar.server.authentication.event.AuthenticationException; | ||||
import org.sonar.server.authentication.exception.EmailAlreadyExistsRedirectionException; | import org.sonar.server.authentication.exception.EmailAlreadyExistsRedirectionException; | ||||
import org.sonar.server.organization.DefaultOrganization; | |||||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||||
import org.sonar.server.organization.MemberUpdater; | |||||
import org.sonar.server.organization.OrganizationFlags; | |||||
import org.sonar.server.user.ExternalIdentity; | import org.sonar.server.user.ExternalIdentity; | ||||
import org.sonar.server.user.NewUser; | import org.sonar.server.user.NewUser; | ||||
import org.sonar.server.user.UpdateUser; | import org.sonar.server.user.UpdateUser; | ||||
import org.sonar.server.user.UserSession; | |||||
import org.sonar.server.user.UserUpdater; | import org.sonar.server.user.UserUpdater; | ||||
import org.sonar.server.usergroups.DefaultGroupFinder; | import org.sonar.server.usergroups.DefaultGroupFinder; | ||||
private final DbClient dbClient; | private final DbClient dbClient; | ||||
private final UserUpdater userUpdater; | private final UserUpdater userUpdater; | ||||
private final DefaultOrganizationProvider defaultOrganizationProvider; | |||||
private final OrganizationFlags organizationFlags; | |||||
private final DefaultGroupFinder defaultGroupFinder; | private final DefaultGroupFinder defaultGroupFinder; | ||||
private final MemberUpdater memberUpdater; | |||||
public UserRegistrarImpl(DbClient dbClient, UserUpdater userUpdater, DefaultOrganizationProvider defaultOrganizationProvider, OrganizationFlags organizationFlags, | |||||
DefaultGroupFinder defaultGroupFinder, MemberUpdater memberUpdater) { | |||||
public UserRegistrarImpl(DbClient dbClient, UserUpdater userUpdater, DefaultGroupFinder defaultGroupFinder) { | |||||
this.dbClient = dbClient; | this.dbClient = dbClient; | ||||
this.userUpdater = userUpdater; | this.userUpdater = userUpdater; | ||||
this.defaultOrganizationProvider = defaultOrganizationProvider; | |||||
this.organizationFlags = organizationFlags; | |||||
this.defaultGroupFinder = defaultGroupFinder; | this.defaultGroupFinder = defaultGroupFinder; | ||||
this.memberUpdater = memberUpdater; | |||||
} | } | ||||
@Override | @Override | ||||
private Consumer<UserDto> beforeCommit(DbSession dbSession, boolean isNewUser, UserRegistration authenticatorParameters) { | private Consumer<UserDto> beforeCommit(DbSession dbSession, boolean isNewUser, UserRegistration authenticatorParameters) { | ||||
return user -> { | return user -> { | ||||
syncGroups(dbSession, authenticatorParameters.getUserIdentity(), user); | syncGroups(dbSession, authenticatorParameters.getUserIdentity(), user); | ||||
synchronizeOrganizationMembership(dbSession, user, authenticatorParameters, isNewUser); | |||||
}; | }; | ||||
} | } | ||||
Collection<String> groupsToRemove = Sets.difference(userGroups, identityGroups); | Collection<String> groupsToRemove = Sets.difference(userGroups, identityGroups); | ||||
Collection<String> allGroups = new ArrayList<>(groupsToAdd); | Collection<String> allGroups = new ArrayList<>(groupsToAdd); | ||||
allGroups.addAll(groupsToRemove); | allGroups.addAll(groupsToRemove); | ||||
DefaultOrganization defaultOrganization = defaultOrganizationProvider.get(); | |||||
Map<String, GroupDto> groupsByName = dbClient.groupDao().selectByNames(dbSession, defaultOrganization.getUuid(), allGroups) | |||||
Map<String, GroupDto> groupsByName = dbClient.groupDao().selectByNames(dbSession, allGroups) | |||||
.stream() | .stream() | ||||
.collect(uniqueIndex(GroupDto::getName)); | .collect(uniqueIndex(GroupDto::getName)); | ||||
} | } | ||||
private Optional<GroupDto> getDefaultGroup(DbSession dbSession) { | private Optional<GroupDto> getDefaultGroup(DbSession dbSession) { | ||||
return organizationFlags.isEnabled(dbSession) ? Optional.empty() : Optional.of(defaultGroupFinder.findDefaultGroup(dbSession, defaultOrganizationProvider.get().getUuid())); | |||||
} | |||||
private void synchronizeOrganizationMembership(DbSession dbSession, UserDto userDto, UserRegistration authenticatorParameters, boolean isNewUser) { | |||||
Set<String> almOrganizationIds = authenticatorParameters.getOrganizationAlmIds(); | |||||
if (almOrganizationIds == null || !isNewUser || !organizationFlags.isEnabled(dbSession)) { | |||||
return; | |||||
} | |||||
UserSession.IdentityProvider identityProvider = UserSession.IdentityProvider.getFromKey(authenticatorParameters.getProvider().getKey()); | |||||
if (identityProvider != UserSession.IdentityProvider.GITHUB) { | |||||
return; | |||||
} | |||||
memberUpdater.synchronizeUserOrganizationMembership(dbSession, userDto, ALM.GITHUB, almOrganizationIds); | |||||
return Optional.of(defaultGroupFinder.findDefaultGroup(dbSession)); | |||||
} | } | ||||
private static NewUser createNewUser(UserRegistration authenticatorParameters) { | private static NewUser createNewUser(UserRegistration authenticatorParameters) { |
.setOrganizationUuid(organization.getUuid()) | .setOrganizationUuid(organization.getUuid()) | ||||
.setUserUuid(user.getUuid())); | .setUserUuid(user.getUuid())); | ||||
dbClient.userGroupDao().insert(dbSession, | dbClient.userGroupDao().insert(dbSession, | ||||
new UserGroupDto().setGroupUuid(defaultGroupFinder.findDefaultGroup(dbSession, organization.getUuid()).getUuid()).setUserUuid(user.getUuid())); | |||||
new UserGroupDto().setGroupUuid(defaultGroupFinder.findDefaultGroup(dbSession).getUuid()).setUserUuid(user.getUuid())); | |||||
} | } | ||||
public void removeMember(DbSession dbSession, OrganizationDto organization, UserDto user) { | public void removeMember(DbSession dbSession, OrganizationDto organization, UserDto user) { | ||||
} | } | ||||
Set<String> userUuidsToRemove = usersToRemove.stream().map(UserDto::getUuid).collect(toSet()); | Set<String> userUuidsToRemove = usersToRemove.stream().map(UserDto::getUuid).collect(toSet()); | ||||
Set<String> adminUuids = new HashSet<>(dbClient.authorizationDao().selectUserUuidsWithGlobalPermission(dbSession, organization.getUuid(), ADMINISTER.getKey())); | |||||
Set<String> adminUuids = new HashSet<>(dbClient.authorizationDao().selectUserUuidsWithGlobalPermission(dbSession, ADMINISTER.getKey())); | |||||
checkArgument(!difference(adminUuids, userUuidsToRemove).isEmpty(), "The last administrator member cannot be removed"); | checkArgument(!difference(adminUuids, userUuidsToRemove).isEmpty(), "The last administrator member cannot be removed"); | ||||
usersToRemove.forEach(u -> removeMemberInDb(dbSession, organization, u)); | usersToRemove.forEach(u -> removeMemberInDb(dbSession, organization, u)); | ||||
private void removeMemberInDb(DbSession dbSession, OrganizationDto organization, UserDto user) { | private void removeMemberInDb(DbSession dbSession, OrganizationDto organization, UserDto user) { | ||||
String userUuid = user.getUuid(); | String userUuid = user.getUuid(); | ||||
String organizationUuid = organization.getUuid(); | String organizationUuid = organization.getUuid(); | ||||
dbClient.userPermissionDao().deleteOrganizationMemberPermissions(dbSession, organizationUuid, userUuid); | |||||
dbClient.permissionTemplateDao().deleteUserPermissionsByOrganization(dbSession, organizationUuid, userUuid); | |||||
dbClient.userGroupDao().deleteByOrganizationAndUser(dbSession, organizationUuid, userUuid); | |||||
// dbClient.userPermissionDao().deleteOrganizationMemberPermissions(dbSession, userUuid); | |||||
//dbClient.permissionTemplateDao().deleteUserPermissionsByOrganization(dbSession, organizationUuid, userUuid); | |||||
dbClient.propertiesDao().deleteByOrganizationAndUser(dbSession, organizationUuid, userUuid); | dbClient.propertiesDao().deleteByOrganizationAndUser(dbSession, organizationUuid, userUuid); | ||||
dbClient.propertiesDao().deleteByOrganizationAndMatchingLogin(dbSession, organizationUuid, user.getLogin(), singletonList(DEFAULT_ISSUE_ASSIGNEE)); | dbClient.propertiesDao().deleteByOrganizationAndMatchingLogin(dbSession, organizationUuid, user.getLogin(), singletonList(DEFAULT_ISSUE_ASSIGNEE)); | ||||
} | } | ||||
private void createDefaultMembersGroup(DbSession dbSession, String defaultOrganizationUuid) { | private void createDefaultMembersGroup(DbSession dbSession, String defaultOrganizationUuid) { | ||||
GroupDto sonarUsersGroup = defaultGroupFinder.findDefaultGroup(dbSession, defaultOrganizationUuid); | |||||
GroupDto members = defaultGroupCreator.create(dbSession, defaultOrganizationUuid); | |||||
copySonarUsersGroupPermissionsToMembersGroup(dbSession, defaultOrganizationUuid, sonarUsersGroup, members); | |||||
GroupDto sonarUsersGroup = defaultGroupFinder.findDefaultGroup(dbSession); | |||||
GroupDto members = defaultGroupCreator.create(dbSession); | |||||
copySonarUsersGroupPermissionsToMembersGroup(dbSession, sonarUsersGroup, members); | |||||
copySonarUsersGroupPermissionTemplatesToMembersGroup(dbSession, sonarUsersGroup, members); | copySonarUsersGroupPermissionTemplatesToMembersGroup(dbSession, sonarUsersGroup, members); | ||||
associateMembersOfDefaultOrganizationToGroup(dbSession, defaultOrganizationUuid, members); | associateMembersOfDefaultOrganizationToGroup(dbSession, defaultOrganizationUuid, members); | ||||
} | } | ||||
organizationMembers.forEach(member -> dbClient.userGroupDao().insert(dbSession, new UserGroupDto().setGroupUuid(membersGroup.getUuid()).setUserUuid(member))); | organizationMembers.forEach(member -> dbClient.userGroupDao().insert(dbSession, new UserGroupDto().setGroupUuid(membersGroup.getUuid()).setUserUuid(member))); | ||||
} | } | ||||
private void copySonarUsersGroupPermissionsToMembersGroup(DbSession dbSession, String defaultOrganizationUuid, GroupDto sonarUsersGroup, GroupDto membersGroup) { | |||||
dbClient.groupPermissionDao().selectAllPermissionsByGroupUuid(dbSession, defaultOrganizationUuid, sonarUsersGroup.getUuid(), | |||||
private void copySonarUsersGroupPermissionsToMembersGroup(DbSession dbSession, GroupDto sonarUsersGroup, GroupDto membersGroup) { | |||||
dbClient.groupPermissionDao().selectAllPermissionsByGroupUuid(dbSession, sonarUsersGroup.getUuid(), | |||||
context -> { | context -> { | ||||
GroupPermissionDto groupPermissionDto = (GroupPermissionDto) context.getResultObject(); | GroupPermissionDto groupPermissionDto = (GroupPermissionDto) context.getResultObject(); | ||||
dbClient.groupPermissionDao().insert(dbSession, | dbClient.groupPermissionDao().insert(dbSession, | ||||
new GroupPermissionDto() | new GroupPermissionDto() | ||||
.setUuid(uuidFactory.create()) | .setUuid(uuidFactory.create()) | ||||
.setOrganizationUuid(defaultOrganizationUuid) | |||||
.setGroupUuid(membersGroup.getUuid()) | .setGroupUuid(membersGroup.getUuid()) | ||||
.setRole(groupPermissionDto.getRole()) | .setRole(groupPermissionDto.getRole()) | ||||
.setComponentUuid(groupPermissionDto.getComponentUuid())); | .setComponentUuid(groupPermissionDto.getComponentUuid())); |
insertOrganizationMember(dbSession, organization, userCreator.getUuid()); | insertOrganizationMember(dbSession, organization, userCreator.getUuid()); | ||||
dbClient.qualityGateDao().associate(dbSession, uuidFactory.create(), organization, builtInQualityGate); | dbClient.qualityGateDao().associate(dbSession, uuidFactory.create(), organization, builtInQualityGate); | ||||
GroupDto ownerGroup = insertOwnersGroup(dbSession, organization); | GroupDto ownerGroup = insertOwnersGroup(dbSession, organization); | ||||
GroupDto defaultGroup = defaultGroupCreator.create(dbSession, organization.getUuid()); | |||||
GroupDto defaultGroup = defaultGroupCreator.create(dbSession); | |||||
insertDefaultTemplateOnGroups(dbSession, organization, ownerGroup, defaultGroup); | insertDefaultTemplateOnGroups(dbSession, organization, ownerGroup, defaultGroup); | ||||
addCurrentUserToGroup(dbSession, ownerGroup, userCreator.getUuid()); | addCurrentUserToGroup(dbSession, ownerGroup, userCreator.getUuid()); | ||||
addCurrentUserToGroup(dbSession, defaultGroup, userCreator.getUuid()); | addCurrentUserToGroup(dbSession, defaultGroup, userCreator.getUuid()); | ||||
PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().insert( | PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().insert( | ||||
dbSession, | dbSession, | ||||
new PermissionTemplateDto() | new PermissionTemplateDto() | ||||
.setOrganizationUuid(organizationDto.getUuid()) | |||||
.setUuid(uuidFactory.create()) | .setUuid(uuidFactory.create()) | ||||
.setName(PERM_TEMPLATE_NAME) | .setName(PERM_TEMPLATE_NAME) | ||||
.setOrganizationUuid(organizationDto.getUuid()) | |||||
.setDescription(format(PERM_TEMPLATE_DESCRIPTION_PATTERN, organizationDto.getName())) | .setDescription(format(PERM_TEMPLATE_DESCRIPTION_PATTERN, organizationDto.getName())) | ||||
.setCreatedAt(now) | .setCreatedAt(now) | ||||
.setUpdatedAt(now)); | .setUpdatedAt(now)); | ||||
private GroupDto insertOwnersGroup(DbSession dbSession, OrganizationDto organization) { | private GroupDto insertOwnersGroup(DbSession dbSession, OrganizationDto organization) { | ||||
GroupDto group = dbClient.groupDao().insert(dbSession, new GroupDto() | GroupDto group = dbClient.groupDao().insert(dbSession, new GroupDto() | ||||
.setUuid(uuidFactory.create()) | .setUuid(uuidFactory.create()) | ||||
.setOrganizationUuid(organization.getUuid()) | |||||
.setName(OWNERS_GROUP_NAME) | .setName(OWNERS_GROUP_NAME) | ||||
.setDescription(OWNERS_GROUP_DESCRIPTION)); | .setDescription(OWNERS_GROUP_DESCRIPTION)); | ||||
permissionService.getAllOrganizationPermissions().forEach(p -> addPermissionToGroup(dbSession, group, p)); | permissionService.getAllOrganizationPermissions().forEach(p -> addPermissionToGroup(dbSession, group, p)); | ||||
dbSession, | dbSession, | ||||
new GroupPermissionDto() | new GroupPermissionDto() | ||||
.setUuid(uuidFactory.create()) | .setUuid(uuidFactory.create()) | ||||
.setOrganizationUuid(group.getOrganizationUuid()) | |||||
.setGroupUuid(group.getUuid()) | .setGroupUuid(group.getUuid()) | ||||
.setRole(permission.getKey())); | .setRole(permission.getKey())); | ||||
} | } |
import javax.annotation.concurrent.Immutable; | import javax.annotation.concurrent.Immutable; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import static java.util.Objects.requireNonNull; | |||||
/** | /** | ||||
* Reference to a user group, as used internally by the backend. It does | * Reference to a user group, as used internally by the backend. It does | ||||
* not support reference to virtual groups "anyone". | * not support reference to virtual groups "anyone". | ||||
public class GroupUuid { | public class GroupUuid { | ||||
private final String uuid; | private final String uuid; | ||||
private final String organizationUuid; | |||||
private GroupUuid(String organizationUuid, String uuid) { | |||||
private GroupUuid(String uuid) { | |||||
this.uuid = uuid; | this.uuid = uuid; | ||||
this.organizationUuid = requireNonNull(organizationUuid); | |||||
} | } | ||||
public String getUuid() { | public String getUuid() { | ||||
return uuid; | return uuid; | ||||
} | } | ||||
public String getOrganizationUuid() { | |||||
return organizationUuid; | |||||
} | |||||
public static GroupUuid from(GroupDto dto) { | public static GroupUuid from(GroupDto dto) { | ||||
return new GroupUuid(dto.getOrganizationUuid(), dto.getUuid()); | |||||
return new GroupUuid(dto.getUuid()); | |||||
} | } | ||||
} | } |
import javax.annotation.concurrent.Immutable; | import javax.annotation.concurrent.Immutable; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import static java.util.Objects.requireNonNull; | |||||
/** | /** | ||||
* Reference to a user group, as used internally by the backend. Contrary to | * Reference to a user group, as used internally by the backend. Contrary to | ||||
* {@link GroupUuid}, it supports reference to virtual groups "anyone". In these | * {@link GroupUuid}, it supports reference to virtual groups "anyone". In these | ||||
public class GroupUuidOrAnyone { | public class GroupUuidOrAnyone { | ||||
private final String uuid; | private final String uuid; | ||||
private final String organizationUuid; | |||||
private GroupUuidOrAnyone(String organizationUuid, @Nullable String uuid) { | |||||
private GroupUuidOrAnyone(@Nullable String uuid) { | |||||
this.uuid = uuid; | this.uuid = uuid; | ||||
this.organizationUuid = requireNonNull(organizationUuid, "organizationUuid can't be null"); | |||||
} | } | ||||
public boolean isAnyone() { | public boolean isAnyone() { | ||||
return uuid; | return uuid; | ||||
} | } | ||||
public String getOrganizationUuid() { | |||||
return organizationUuid; | |||||
} | |||||
public static GroupUuidOrAnyone from(GroupDto dto) { | public static GroupUuidOrAnyone from(GroupDto dto) { | ||||
return new GroupUuidOrAnyone(dto.getOrganizationUuid(), dto.getUuid()); | |||||
return new GroupUuidOrAnyone(dto.getUuid()); | |||||
} | } | ||||
public static GroupUuidOrAnyone forAnyone(String organizationUuid) { | |||||
return new GroupUuidOrAnyone(organizationUuid, null); | |||||
public static GroupUuidOrAnyone forAnyone() { | |||||
return new GroupUuidOrAnyone(null); | |||||
} | } | ||||
} | } |
import org.sonar.api.web.UserRole; | import org.sonar.api.web.UserRole; | ||||
import org.sonar.core.util.stream.MoreCollectors; | import org.sonar.core.util.stream.MoreCollectors; | ||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.OrganizationPermission; | import org.sonar.db.permission.OrganizationPermission; | ||||
import org.sonar.db.project.ProjectDto; | import org.sonar.db.project.ProjectDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.server.exceptions.ForbiddenException; | import org.sonar.server.exceptions.ForbiddenException; | ||||
import org.sonar.server.exceptions.UnauthorizedException; | import org.sonar.server.exceptions.UnauthorizedException; | ||||
import static java.lang.String.format; | |||||
import static org.apache.commons.lang.StringUtils.defaultString; | import static org.apache.commons.lang.StringUtils.defaultString; | ||||
import static org.sonar.server.user.UserSession.IdentityProvider.SONARQUBE; | import static org.sonar.server.user.UserSession.IdentityProvider.SONARQUBE; | ||||
} | } | ||||
@Override | @Override | ||||
public final boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { | |||||
return hasPermission(permission, organization.getUuid()); | |||||
public final boolean hasPermission(OrganizationPermission permission) { | |||||
return isRoot() || hasPermissionImpl(permission); | |||||
} | } | ||||
@Override | |||||
public final boolean hasPermission(OrganizationPermission permission, String organizationUuid) { | |||||
return isRoot() || hasPermissionImpl(permission, organizationUuid); | |||||
} | |||||
protected abstract boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid); | |||||
protected abstract boolean hasPermissionImpl(OrganizationPermission permission); | |||||
@Override | @Override | ||||
public final boolean hasComponentPermission(String permission, ComponentDto component) { | public final boolean hasComponentPermission(String permission, ComponentDto component) { | ||||
protected abstract boolean hasProjectUuidPermission(String permission, String projectUuid); | protected abstract boolean hasProjectUuidPermission(String permission, String projectUuid); | ||||
@Override | |||||
public final boolean hasMembership(OrganizationDto organizationDto) { | |||||
return isRoot() || hasMembershipImpl(organizationDto); | |||||
} | |||||
protected abstract boolean hasMembershipImpl(OrganizationDto organizationDto); | |||||
@Override | @Override | ||||
public final List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components) { | public final List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components) { | ||||
if (isRoot()) { | if (isRoot()) { | ||||
} | } | ||||
@Override | @Override | ||||
public final UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { | |||||
return checkPermission(permission, organization.getUuid()); | |||||
} | |||||
@Override | |||||
public final UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { | |||||
if (!hasPermission(permission, organizationUuid)) { | |||||
public final UserSession checkPermission(OrganizationPermission permission) { | |||||
if (!hasPermission(permission)) { | |||||
throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); | throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE); | ||||
} | } | ||||
return this; | return this; | ||||
} | } | ||||
return this; | return this; | ||||
} | } | ||||
@Override | |||||
public UserSession checkMembership(OrganizationDto organization) { | |||||
if (!hasMembership(organization)) { | |||||
throw new ForbiddenException(format("You're not member of organization '%s'", organization.getKey())); | |||||
} | |||||
return this; | |||||
} | |||||
} | } |
import java.util.Collection; | import java.util.Collection; | ||||
import java.util.Collections; | import java.util.Collections; | ||||
import java.util.Optional; | import java.util.Optional; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.OrganizationPermission; | import org.sonar.db.permission.OrganizationPermission; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
} | } | ||||
@Override | @Override | ||||
protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { | |||||
protected boolean hasPermissionImpl(OrganizationPermission permission) { | |||||
return true; | return true; | ||||
} | } | ||||
return true; | return true; | ||||
} | } | ||||
@Override | |||||
public boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||||
return true; | |||||
} | |||||
} | } | ||||
private void start() { | private void start() { |
*/ | */ | ||||
package org.sonar.server.user; | package org.sonar.server.user; | ||||
import com.google.common.base.Supplier; | |||||
import com.google.common.base.Suppliers; | |||||
import com.google.common.collect.ImmutableSet; | |||||
import java.util.Collection; | import java.util.Collection; | ||||
import java.util.Collections; | import java.util.Collections; | ||||
import java.util.HashMap; | import java.util.HashMap; | ||||
import org.sonar.db.DbClient; | import org.sonar.db.DbClient; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.organization.OrganizationMemberDto; | |||||
import org.sonar.db.permission.OrganizationPermission; | import org.sonar.db.permission.OrganizationPermission; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||||
import org.sonar.server.organization.OrganizationFlags; | |||||
import static java.util.Objects.requireNonNull; | |||||
import static java.util.Optional.of; | import static java.util.Optional.of; | ||||
import static java.util.Optional.ofNullable; | import static java.util.Optional.ofNullable; | ||||
import static org.apache.commons.lang.StringUtils.defaultIfEmpty; | import static org.apache.commons.lang.StringUtils.defaultIfEmpty; | ||||
@CheckForNull | @CheckForNull | ||||
private final UserDto userDto; | private final UserDto userDto; | ||||
private final DbClient dbClient; | private final DbClient dbClient; | ||||
private final OrganizationFlags organizationFlags; | |||||
private final DefaultOrganizationProvider defaultOrganizationProvider; | |||||
private final Supplier<Collection<GroupDto>> groups = Suppliers.memoize(this::loadGroups); | |||||
private final Supplier<Boolean> isSystemAdministratorSupplier = Suppliers.memoize(this::loadIsSystemAdministrator); | |||||
private final Map<String, String> projectUuidByComponentUuid = new HashMap<>(); | private final Map<String, String> projectUuidByComponentUuid = new HashMap<>(); | ||||
private Map<String, Set<OrganizationPermission>> permissionsByOrganizationUuid; | |||||
private Collection<GroupDto> groups; | |||||
private Boolean isSystemAdministrator; | |||||
private Set<OrganizationPermission> permissions; | |||||
private Map<String, Set<String>> permissionsByProjectUuid; | private Map<String, Set<String>> permissionsByProjectUuid; | ||||
private Set<String> organizationMembership = new HashSet<>(); | |||||
ServerUserSession(DbClient dbClient, OrganizationFlags organizationFlags, | |||||
DefaultOrganizationProvider defaultOrganizationProvider, @Nullable UserDto userDto) { | |||||
ServerUserSession(DbClient dbClient, @Nullable UserDto userDto) { | |||||
this.dbClient = dbClient; | this.dbClient = dbClient; | ||||
this.organizationFlags = organizationFlags; | |||||
this.defaultOrganizationProvider = defaultOrganizationProvider; | |||||
this.userDto = userDto; | this.userDto = userDto; | ||||
} | } | ||||
@Override | @Override | ||||
public Collection<GroupDto> getGroups() { | public Collection<GroupDto> getGroups() { | ||||
return groups.get(); | |||||
if (groups == null) { | |||||
groups = loadGroups(); | |||||
} | |||||
return groups; | |||||
} | } | ||||
@Override | @Override | ||||
} | } | ||||
@Override | @Override | ||||
protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { | |||||
if (permissionsByOrganizationUuid == null) { | |||||
permissionsByOrganizationUuid = new HashMap<>(); | |||||
protected boolean hasPermissionImpl(OrganizationPermission permission) { | |||||
if (permissions == null) { | |||||
permissions = loadGlobalPermissions(); | |||||
} | } | ||||
Set<OrganizationPermission> permissions = permissionsByOrganizationUuid.computeIfAbsent(organizationUuid, this::loadOrganizationPermissions); | |||||
return permissions.contains(permission); | return permissions.contains(permission); | ||||
} | } | ||||
private Set<OrganizationPermission> loadOrganizationPermissions(String organizationUuid) { | |||||
Set<String> permissionKeys; | |||||
try (DbSession dbSession = dbClient.openSession(false)) { | |||||
if (userDto != null && userDto.getUuid() != null) { | |||||
permissionKeys = dbClient.authorizationDao().selectOrganizationPermissions(dbSession, organizationUuid, userDto.getUuid()); | |||||
} else { | |||||
permissionKeys = dbClient.authorizationDao().selectOrganizationPermissionsOfAnonymous(dbSession, organizationUuid); | |||||
} | |||||
} | |||||
return permissionKeys.stream() | |||||
.map(OrganizationPermission::fromKey) | |||||
.collect(MoreCollectors.toSet(permissionKeys.size())); | |||||
} | |||||
@Override | @Override | ||||
protected Optional<String> componentUuidToProjectUuid(String componentUuid) { | protected Optional<String> componentUuidToProjectUuid(String componentUuid) { | ||||
String projectUuid = projectUuidByComponentUuid.get(componentUuid); | String projectUuid = projectUuidByComponentUuid.get(componentUuid); | ||||
if (component.get().isPrivate()) { | if (component.get().isPrivate()) { | ||||
return loadDbPermissions(dbSession, projectUuid); | return loadDbPermissions(dbSession, projectUuid); | ||||
} | } | ||||
ImmutableSet.Builder<String> builder = ImmutableSet.builder(); | |||||
builder.addAll(PUBLIC_PERMISSIONS); | |||||
builder.addAll(loadDbPermissions(dbSession, projectUuid)); | |||||
return builder.build(); | |||||
Set<String> permissions = new HashSet<>(); | |||||
permissions.addAll(PUBLIC_PERMISSIONS); | |||||
permissions.addAll(loadDbPermissions(dbSession, projectUuid)); | |||||
return Collections.unmodifiableSet(permissions); | |||||
} | |||||
} | |||||
private Set<OrganizationPermission> loadGlobalPermissions() { | |||||
Set<String> permissionKeys; | |||||
try (DbSession dbSession = dbClient.openSession(false)) { | |||||
if (userDto != null && userDto.getUuid() != null) { | |||||
permissionKeys = dbClient.authorizationDao().selectGlobalPermissions(dbSession, userDto.getUuid()); | |||||
} else { | |||||
permissionKeys = dbClient.authorizationDao().selectGlobalPermissionsOfAnonymous(dbSession); | |||||
} | |||||
} | } | ||||
return permissionKeys.stream() | |||||
.map(OrganizationPermission::fromKey) | |||||
.collect(MoreCollectors.toSet(permissionKeys.size())); | |||||
} | } | ||||
private Set<String> loadDbPermissions(DbSession dbSession, String projectUuid) { | private Set<String> loadDbPermissions(DbSession dbSession, String projectUuid) { | ||||
@Override | @Override | ||||
public boolean isSystemAdministrator() { | public boolean isSystemAdministrator() { | ||||
return isSystemAdministratorSupplier.get(); | |||||
} | |||||
private boolean loadIsSystemAdministrator() { | |||||
if (isRoot()) { | |||||
return true; | |||||
} | |||||
try (DbSession dbSession = dbClient.openSession(false)) { | |||||
if (!organizationFlags.isEnabled(dbSession)) { | |||||
String uuidOfDefaultOrg = defaultOrganizationProvider.get().getUuid(); | |||||
return hasPermission(OrganizationPermission.ADMINISTER, uuidOfDefaultOrg); | |||||
} | |||||
// organization feature is enabled -> requires to be root | |||||
return false; | |||||
if (isSystemAdministrator == null) { | |||||
isSystemAdministrator = loadIsSystemAdministrator(); | |||||
} | } | ||||
return isSystemAdministrator; | |||||
} | } | ||||
@Override | |||||
public boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||||
return isMember(organizationDto.getUuid()); | |||||
} | |||||
private boolean isMember(String organizationUuid) { | |||||
if (!isLoggedIn()) { | |||||
return false; | |||||
} | |||||
private boolean loadIsSystemAdministrator() { | |||||
if (isRoot()) { | if (isRoot()) { | ||||
return true; | return true; | ||||
} | } | ||||
if (organizationMembership.contains(organizationUuid)) { | |||||
return true; | |||||
} | |||||
try (DbSession dbSession = dbClient.openSession(false)) { | |||||
Optional<OrganizationMemberDto> organizationMemberDto = dbClient.organizationMemberDao().select(dbSession, organizationUuid, requireNonNull(getUuid())); | |||||
if (organizationMemberDto.isPresent()) { | |||||
organizationMembership.add(organizationUuid); | |||||
} | |||||
return organizationMembership.contains(organizationUuid); | |||||
} | |||||
return hasPermission(OrganizationPermission.ADMINISTER); | |||||
} | } | ||||
} | } |
import java.util.Optional; | import java.util.Optional; | ||||
import javax.annotation.CheckForNull; | import javax.annotation.CheckForNull; | ||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.OrganizationPermission; | import org.sonar.db.permission.OrganizationPermission; | ||||
import org.sonar.db.project.ProjectDto; | import org.sonar.db.project.ProjectDto; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
} | } | ||||
@Override | @Override | ||||
public boolean hasPermission(OrganizationPermission permission, String organizationUuid) { | |||||
return get().hasPermission(permission, organizationUuid); | |||||
public boolean hasPermission(OrganizationPermission permission) { | |||||
return get().hasPermission(permission); | |||||
} | } | ||||
@Override | @Override | ||||
public UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { | |||||
get().checkPermission(permission, organizationUuid); | |||||
public UserSession checkPermission(OrganizationPermission permission) { | |||||
get().checkPermission(permission); | |||||
return this; | return this; | ||||
} | } | ||||
return get().hasComponentUuidPermission(permission, componentUuid); | return get().hasComponentUuidPermission(permission, componentUuid); | ||||
} | } | ||||
@Override | |||||
public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { | |||||
get().checkPermission(permission, organization); | |||||
return this; | |||||
} | |||||
@Override | |||||
public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { | |||||
return get().hasPermission(permission, organization); | |||||
} | |||||
@Override | @Override | ||||
public List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components) { | public List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components) { | ||||
return get().keepAuthorizedComponents(permission, components); | return get().keepAuthorizedComponents(permission, components); | ||||
public List<ProjectDto> keepAuthorizedProjects(String permission, Collection<ProjectDto> projects) { | public List<ProjectDto> keepAuthorizedProjects(String permission, Collection<ProjectDto> projects) { | ||||
return get().keepAuthorizedProjects(permission, projects); | return get().keepAuthorizedProjects(permission, projects); | ||||
} | } | ||||
@Override | |||||
public boolean hasMembership(OrganizationDto organizationDto) { | |||||
return get().hasMembership(organizationDto); | |||||
} | |||||
@Override | |||||
public UserSession checkMembership(OrganizationDto organization) { | |||||
get().checkMembership(organization); | |||||
return this; | |||||
} | |||||
} | } |
import javax.annotation.CheckForNull; | import javax.annotation.CheckForNull; | ||||
import javax.annotation.concurrent.Immutable; | import javax.annotation.concurrent.Immutable; | ||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.OrganizationPermission; | import org.sonar.db.permission.OrganizationPermission; | ||||
import org.sonar.db.project.ProjectDto; | import org.sonar.db.project.ProjectDto; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
return false; | return false; | ||||
} | } | ||||
ExternalIdentity that = (ExternalIdentity) o; | ExternalIdentity that = (ExternalIdentity) o; | ||||
return Objects.equals(id, that.id) && | |||||
Objects.equals(login, that.login); | |||||
return Objects.equals(id, that.id) && Objects.equals(login, that.login); | |||||
} | } | ||||
@Override | @Override | ||||
* Always returns {@code true} if {@link #isRoot()} is {@code true}, even if | * Always returns {@code true} if {@link #isRoot()} is {@code true}, even if | ||||
* organization does not exist. | * organization does not exist. | ||||
*/ | */ | ||||
boolean hasPermission(OrganizationPermission permission, OrganizationDto organization); | |||||
boolean hasPermission(OrganizationPermission permission, String organizationUuid); | |||||
boolean hasPermission(OrganizationPermission permission); | |||||
/** | /** | ||||
* Ensures that {@link #hasPermission(OrganizationPermission, OrganizationDto)} is {@code true}, | |||||
* Ensures that {@link #hasPermission(OrganizationPermission)} is {@code true}, | |||||
* otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | * otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | ||||
*/ | */ | ||||
UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization); | |||||
UserSession checkPermission(OrganizationPermission permission, String organizationUuid); | |||||
UserSession checkPermission(OrganizationPermission permission); | |||||
/** | /** | ||||
* Returns {@code true} if the permission is granted to user on the component, | * Returns {@code true} if the permission is granted to user on the component, | ||||
List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components); | List<ComponentDto> keepAuthorizedComponents(String permission, Collection<ComponentDto> components); | ||||
List<ProjectDto> keepAuthorizedProjects(String permission, Collection<ProjectDto> projects); | List<ProjectDto> keepAuthorizedProjects(String permission, Collection<ProjectDto> projects); | ||||
/** | /** | ||||
* Ensures that {@link #hasComponentPermission(String, ComponentDto)} is {@code true}, | * Ensures that {@link #hasComponentPermission(String, ComponentDto)} is {@code true}, | ||||
* otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | * otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | ||||
* otherwise throws {@link org.sonar.server.exceptions.ForbiddenException}. | * otherwise throws {@link org.sonar.server.exceptions.ForbiddenException}. | ||||
*/ | */ | ||||
UserSession checkIsSystemAdministrator(); | UserSession checkIsSystemAdministrator(); | ||||
/** | |||||
* Returns {@code true} if the user is member of the organization, otherwise {@code false}. | |||||
* | |||||
* If the organization does not exist, then returns {@code false}. | |||||
* | |||||
* Always returns {@code true} if {@link #isRoot()} is {@code true}, even if | |||||
* organization does not exist. | |||||
*/ | |||||
boolean hasMembership(OrganizationDto organization); | |||||
/** | |||||
* Ensures that {@link #hasMembership(OrganizationDto)} is {@code true}, | |||||
* otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}. | |||||
*/ | |||||
UserSession checkMembership(OrganizationDto organization); | |||||
} | } |
import org.sonar.db.DbClient; | import org.sonar.db.DbClient; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.server.authentication.UserLastConnectionDatesUpdater; | import org.sonar.server.authentication.UserLastConnectionDatesUpdater; | ||||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||||
import org.sonar.server.organization.OrganizationFlags; | |||||
import static java.util.Objects.requireNonNull; | import static java.util.Objects.requireNonNull; | ||||
public class UserSessionFactoryImpl implements UserSessionFactory { | public class UserSessionFactoryImpl implements UserSessionFactory { | ||||
private final DbClient dbClient; | private final DbClient dbClient; | ||||
private final DefaultOrganizationProvider defaultOrganizationProvider; | |||||
private final OrganizationFlags organizationFlags; | |||||
private final UserLastConnectionDatesUpdater userLastConnectionDatesUpdater; | private final UserLastConnectionDatesUpdater userLastConnectionDatesUpdater; | ||||
public UserSessionFactoryImpl(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider, | |||||
OrganizationFlags organizationFlags, UserLastConnectionDatesUpdater userLastConnectionDatesUpdater) { | |||||
public UserSessionFactoryImpl(DbClient dbClient, UserLastConnectionDatesUpdater userLastConnectionDatesUpdater) { | |||||
this.dbClient = dbClient; | this.dbClient = dbClient; | ||||
this.defaultOrganizationProvider = defaultOrganizationProvider; | |||||
this.organizationFlags = organizationFlags; | |||||
this.userLastConnectionDatesUpdater = userLastConnectionDatesUpdater; | this.userLastConnectionDatesUpdater = userLastConnectionDatesUpdater; | ||||
} | } | ||||
public ServerUserSession create(UserDto user) { | public ServerUserSession create(UserDto user) { | ||||
requireNonNull(user, "UserDto must not be null"); | requireNonNull(user, "UserDto must not be null"); | ||||
userLastConnectionDatesUpdater.updateLastConnectionDateIfNeeded(user); | userLastConnectionDatesUpdater.updateLastConnectionDateIfNeeded(user); | ||||
return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, user); | |||||
return new ServerUserSession(dbClient, user); | |||||
} | } | ||||
@Override | @Override | ||||
public ServerUserSession createAnonymous() { | public ServerUserSession createAnonymous() { | ||||
return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, null); | |||||
return new ServerUserSession(dbClient, null); | |||||
} | } | ||||
} | } |
import org.sonar.api.config.Configuration; | import org.sonar.api.config.Configuration; | ||||
import org.sonar.api.platform.NewUserHandler; | import org.sonar.api.platform.NewUserHandler; | ||||
import org.sonar.api.server.ServerSide; | import org.sonar.api.server.ServerSide; | ||||
import org.sonar.api.utils.System2; | |||||
import org.sonar.db.DbClient; | import org.sonar.db.DbClient; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.organization.OrganizationMemberDto; | import org.sonar.db.organization.OrganizationMemberDto; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.db.user.UserGroupDto; | import org.sonar.db.user.UserGroupDto; | ||||
import org.sonar.db.user.UserPropertyDto; | |||||
import org.sonar.server.authentication.CredentialsLocalAuthentication; | import org.sonar.server.authentication.CredentialsLocalAuthentication; | ||||
import org.sonar.server.organization.DefaultOrganizationProvider; | import org.sonar.server.organization.DefaultOrganizationProvider; | ||||
import org.sonar.server.organization.OrganizationFlags; | |||||
import org.sonar.server.user.index.UserIndexer; | import org.sonar.server.user.index.UserIndexer; | ||||
import org.sonar.server.usergroups.DefaultGroupFinder; | import org.sonar.server.usergroups.DefaultGroupFinder; | ||||
import org.sonar.server.util.Validation; | import org.sonar.server.util.Validation; | ||||
@ServerSide | @ServerSide | ||||
public class UserUpdater { | public class UserUpdater { | ||||
public static final String NOTIFICATIONS_READ_DATE = "notifications.readDate"; | |||||
private static final String SQ_AUTHORITY = "sonarqube"; | private static final String SQ_AUTHORITY = "sonarqube"; | ||||
private static final String LOGIN_PARAM = "Login"; | private static final String LOGIN_PARAM = "Login"; | ||||
private final DbClient dbClient; | private final DbClient dbClient; | ||||
private final UserIndexer userIndexer; | private final UserIndexer userIndexer; | ||||
private final DefaultOrganizationProvider defaultOrganizationProvider; | private final DefaultOrganizationProvider defaultOrganizationProvider; | ||||
private final OrganizationFlags organizationFlags; | |||||
private final DefaultGroupFinder defaultGroupFinder; | private final DefaultGroupFinder defaultGroupFinder; | ||||
private final Configuration config; | private final Configuration config; | ||||
private final CredentialsLocalAuthentication localAuthentication; | private final CredentialsLocalAuthentication localAuthentication; | ||||
private final System2 system2; | |||||
public UserUpdater(System2 system2, NewUserNotifier newUserNotifier, DbClient dbClient, UserIndexer userIndexer, OrganizationFlags organizationFlags, | |||||
public UserUpdater(NewUserNotifier newUserNotifier, DbClient dbClient, UserIndexer userIndexer, | |||||
DefaultOrganizationProvider defaultOrganizationProvider, DefaultGroupFinder defaultGroupFinder, Configuration config, | DefaultOrganizationProvider defaultOrganizationProvider, DefaultGroupFinder defaultGroupFinder, Configuration config, | ||||
CredentialsLocalAuthentication localAuthentication) { | CredentialsLocalAuthentication localAuthentication) { | ||||
this.system2 = system2; | |||||
this.newUserNotifier = newUserNotifier; | this.newUserNotifier = newUserNotifier; | ||||
this.dbClient = dbClient; | this.dbClient = dbClient; | ||||
this.userIndexer = userIndexer; | this.userIndexer = userIndexer; | ||||
this.organizationFlags = organizationFlags; | |||||
this.defaultOrganizationProvider = defaultOrganizationProvider; | this.defaultOrganizationProvider = defaultOrganizationProvider; | ||||
this.defaultGroupFinder = defaultGroupFinder; | this.defaultGroupFinder = defaultGroupFinder; | ||||
this.config = config; | this.config = config; | ||||
setOnboarded(reactivatedUser); | setOnboarded(reactivatedUser); | ||||
updateDto(dbSession, updateUser, reactivatedUser); | updateDto(dbSession, updateUser, reactivatedUser); | ||||
updateUser(dbSession, reactivatedUser); | updateUser(dbSession, reactivatedUser); | ||||
boolean isOrganizationEnabled = organizationFlags.isEnabled(dbSession); | |||||
if (isOrganizationEnabled) { | |||||
setNotificationsReadDate(dbSession, reactivatedUser); | |||||
} else { | |||||
addUserToDefaultOrganizationAndDefaultGroup(dbSession, reactivatedUser); | |||||
} | |||||
addUserToDefaultOrganizationAndDefaultGroup(dbSession, reactivatedUser); | |||||
} | } | ||||
public void updateAndCommit(DbSession dbSession, UserDto dto, UpdateUser updateUser, Consumer<UserDto> beforeCommit, UserDto... otherUsersToIndex) { | public void updateAndCommit(DbSession dbSession, UserDto dto, UpdateUser updateUser, Consumer<UserDto> beforeCommit, UserDto... otherUsersToIndex) { | ||||
private UserDto saveUser(DbSession dbSession, UserDto userDto) { | private UserDto saveUser(DbSession dbSession, UserDto userDto) { | ||||
userDto.setActive(true); | userDto.setActive(true); | ||||
UserDto res = dbClient.userDao().insert(dbSession, userDto); | UserDto res = dbClient.userDao().insert(dbSession, userDto); | ||||
boolean isOrganizationEnabled = organizationFlags.isEnabled(dbSession); | |||||
if (isOrganizationEnabled) { | |||||
setNotificationsReadDate(dbSession, userDto); | |||||
} else { | |||||
addUserToDefaultOrganizationAndDefaultGroup(dbSession, userDto); | |||||
} | |||||
addUserToDefaultOrganizationAndDefaultGroup(dbSession, userDto); | |||||
return res; | return res; | ||||
} | } | ||||
} | } | ||||
private void addDefaultGroup(DbSession dbSession, UserDto userDto) { | private void addDefaultGroup(DbSession dbSession, UserDto userDto) { | ||||
String defOrgUuid = defaultOrganizationProvider.get().getUuid(); | |||||
List<GroupDto> userGroups = dbClient.groupDao().selectByUserLogin(dbSession, userDto.getLogin()); | List<GroupDto> userGroups = dbClient.groupDao().selectByUserLogin(dbSession, userDto.getLogin()); | ||||
GroupDto defaultGroup = defaultGroupFinder.findDefaultGroup(dbSession, defOrgUuid); | |||||
GroupDto defaultGroup = defaultGroupFinder.findDefaultGroup(dbSession); | |||||
if (isUserAlreadyMemberOfDefaultGroup(defaultGroup, userGroups)) { | if (isUserAlreadyMemberOfDefaultGroup(defaultGroup, userGroups)) { | ||||
return; | return; | ||||
} | } | ||||
dbClient.userGroupDao().insert(dbSession, new UserGroupDto().setUserUuid(userDto.getUuid()).setGroupUuid(defaultGroup.getUuid())); | dbClient.userGroupDao().insert(dbSession, new UserGroupDto().setUserUuid(userDto.getUuid()).setGroupUuid(defaultGroup.getUuid())); | ||||
} | } | ||||
private void setNotificationsReadDate(DbSession dbSession, UserDto user) { | |||||
dbClient.userPropertiesDao().insertOrUpdate(dbSession, new UserPropertyDto() | |||||
.setUserUuid(user.getUuid()) | |||||
.setKey(NOTIFICATIONS_READ_DATE) | |||||
.setValue(Long.toString(system2.now()))); | |||||
} | |||||
} | } |
public interface DefaultGroupCreator { | public interface DefaultGroupCreator { | ||||
/** | /** | ||||
* Create the default group on the given organization | |||||
* Create the default group | |||||
*/ | */ | ||||
GroupDto create(DbSession dbSession, String organizationUuid); | |||||
GroupDto create(DbSession dbSession); | |||||
} | } |
import org.sonar.db.DbClient; | import org.sonar.db.DbClient; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||||
import static com.google.common.base.Preconditions.checkArgument; | import static com.google.common.base.Preconditions.checkArgument; | ||||
public static final String DEFAULT_GROUP_NAME = "Members"; | public static final String DEFAULT_GROUP_NAME = "Members"; | ||||
private final DbClient dbClient; | private final DbClient dbClient; | ||||
private final UuidFactory uuidFactory; | private final UuidFactory uuidFactory; | ||||
private final DefaultOrganizationProvider organizationProvider; | |||||
public DefaultGroupCreatorImpl(DbClient dbClient, UuidFactory uuidFactory) { | |||||
public DefaultGroupCreatorImpl(DbClient dbClient, UuidFactory uuidFactory, DefaultOrganizationProvider organizationProvider) { | |||||
this.dbClient = dbClient; | this.dbClient = dbClient; | ||||
this.uuidFactory = uuidFactory; | this.uuidFactory = uuidFactory; | ||||
this.organizationProvider = organizationProvider; | |||||
} | } | ||||
public GroupDto create(DbSession dbSession, String organizationUuid) { | |||||
Optional<GroupDto> existingMembersGroup = dbClient.groupDao().selectByName(dbSession, organizationUuid, DEFAULT_GROUP_NAME); | |||||
checkArgument(!existingMembersGroup.isPresent(), "The group '%s' already exist on organization '%s'", DEFAULT_GROUP_NAME, organizationUuid); | |||||
public GroupDto create(DbSession dbSession) { | |||||
Optional<GroupDto> existingMembersGroup = dbClient.groupDao().selectByName(dbSession, DEFAULT_GROUP_NAME); | |||||
checkArgument(!existingMembersGroup.isPresent(), "The group '%s' already exists", DEFAULT_GROUP_NAME); | |||||
GroupDto defaultGroup = new GroupDto() | GroupDto defaultGroup = new GroupDto() | ||||
.setUuid(uuidFactory.create()) | .setUuid(uuidFactory.create()) | ||||
.setName(DEFAULT_GROUP_NAME) | .setName(DEFAULT_GROUP_NAME) | ||||
.setDescription("All members of the organization") | |||||
.setOrganizationUuid(organizationUuid); | |||||
.setDescription("All members of the organization"); | |||||
dbClient.groupDao().insert(dbSession, defaultGroup); | dbClient.groupDao().insert(dbSession, defaultGroup); | ||||
dbClient.organizationDao().setDefaultGroupUuid(dbSession, organizationUuid, defaultGroup); | |||||
dbClient.organizationDao().setDefaultGroupUuid(dbSession, organizationProvider.get().getUuid(), defaultGroup); | |||||
return defaultGroup; | return defaultGroup; | ||||
} | } | ||||
import org.sonar.db.DbClient; | import org.sonar.db.DbClient; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||||
import static java.lang.String.format; | import static java.lang.String.format; | ||||
import static java.util.Objects.requireNonNull; | import static java.util.Objects.requireNonNull; | ||||
public class DefaultGroupFinder { | public class DefaultGroupFinder { | ||||
private final DbClient dbClient; | private final DbClient dbClient; | ||||
private final DefaultOrganizationProvider defaultOrganizationProvider; | |||||
public DefaultGroupFinder(DbClient dbClient) { | |||||
public DefaultGroupFinder(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) { | |||||
this.dbClient = dbClient; | this.dbClient = dbClient; | ||||
this.defaultOrganizationProvider = defaultOrganizationProvider; | |||||
} | } | ||||
public GroupDto findDefaultGroup(DbSession dbSession, String organizationUuid) { | |||||
String defaultGroupUuid = dbClient.organizationDao().getDefaultGroupUuid(dbSession, organizationUuid) | |||||
.orElseThrow(() -> new IllegalStateException(format("Default group cannot be found on organization '%s'", organizationUuid))); | |||||
public GroupDto findDefaultGroup(DbSession dbSession) { | |||||
String defaultGroupUuid = dbClient.organizationDao().getDefaultGroupUuid(dbSession, defaultOrganizationProvider.get().getUuid()) | |||||
.orElseThrow(() -> new IllegalStateException("Default group cannot be found ")); | |||||
return requireNonNull(dbClient.groupDao().selectByUuid(dbSession, defaultGroupUuid), format("Group '%s' cannot be found", defaultGroupUuid)); | return requireNonNull(dbClient.groupDao().selectByUuid(dbSession, defaultGroupUuid), format("Group '%s' cannot be found", defaultGroupUuid)); | ||||
} | } | ||||
import org.sonar.api.config.internal.MapSettings; | import org.sonar.api.config.internal.MapSettings; | ||||
import org.sonar.api.impl.utils.AlwaysIncreasingSystem2; | import org.sonar.api.impl.utils.AlwaysIncreasingSystem2; | ||||
import org.sonar.api.utils.System2; | import org.sonar.api.utils.System2; | ||||
import org.sonar.core.util.stream.MoreCollectors; | |||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.server.authentication.event.AuthenticationEvent.Source; | import org.sonar.server.authentication.event.AuthenticationEvent.Source; | ||||
import org.sonar.server.es.EsTester; | import org.sonar.server.es.EsTester; | ||||
import org.sonar.server.organization.DefaultOrganizationProvider; | import org.sonar.server.organization.DefaultOrganizationProvider; | ||||
import org.sonar.server.organization.OrganizationUpdater; | |||||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | import org.sonar.server.organization.TestDefaultOrganizationProvider; | ||||
import org.sonar.server.organization.TestOrganizationFlags; | |||||
import org.sonar.server.user.NewUserNotifier; | import org.sonar.server.user.NewUserNotifier; | ||||
import org.sonar.server.user.UserUpdater; | import org.sonar.server.user.UserUpdater; | ||||
import org.sonar.server.user.index.UserIndexer; | import org.sonar.server.user.index.UserIndexer; | ||||
private GroupDto sonarUsers; | private GroupDto sonarUsers; | ||||
private System2 system2 = mock(System2.class); | private System2 system2 = mock(System2.class); | ||||
private OrganizationUpdater organizationUpdater = mock(OrganizationUpdater.class); | |||||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | ||||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | ||||
private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); | private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); | ||||
private UserRegistrarImpl userIdentityAuthenticator = new UserRegistrarImpl( | private UserRegistrarImpl userIdentityAuthenticator = new UserRegistrarImpl( | ||||
db.getDbClient(), | db.getDbClient(), | ||||
new UserUpdater(system2, mock(NewUserNotifier.class), db.getDbClient(), userIndexer, organizationFlags, defaultOrganizationProvider, | |||||
new DefaultGroupFinder(db.getDbClient()), settings.asConfig(), localAuthentication), | |||||
defaultOrganizationProvider, organizationFlags, new DefaultGroupFinder(db.getDbClient()), null); | |||||
new UserUpdater(mock(NewUserNotifier.class), db.getDbClient(), userIndexer, defaultOrganizationProvider, new DefaultGroupFinder(db.getDbClient(), defaultOrganizationProvider), | |||||
settings.asConfig(), | |||||
localAuthentication), | |||||
new DefaultGroupFinder(db.getDbClient(), defaultOrganizationProvider)); | |||||
private HttpServletResponse response = mock(HttpServletResponse.class); | private HttpServletResponse response = mock(HttpServletResponse.class); | ||||
private JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class); | private JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class); | ||||
@Before | @Before | ||||
public void setUp() { | public void setUp() { | ||||
when(system2.now()).thenReturn(NOW); | when(system2.now()).thenReturn(NOW); | ||||
group1 = db.users().insertGroup(db.getDefaultOrganization(), GROUP1); | |||||
group2 = db.users().insertGroup(db.getDefaultOrganization(), GROUP2); | |||||
sonarUsers = db.users().insertDefaultGroup(db.getDefaultOrganization(), "sonar-users"); | |||||
group1 = db.users().insertGroup(GROUP1); | |||||
group2 = db.users().insertGroup(GROUP2); | |||||
sonarUsers = db.users().insertDefaultGroup("sonar-users"); | |||||
} | } | ||||
@Test | @Test | ||||
if (expectedGroups.length == 0) { | if (expectedGroups.length == 0) { | ||||
assertThat(db.users().selectGroupUuidsOfUser(userDto)).isEmpty(); | assertThat(db.users().selectGroupUuidsOfUser(userDto)).isEmpty(); | ||||
} else { | } else { | ||||
assertThat(db.users().selectGroupUuidsOfUser(userDto)).containsOnly(stream(expectedGroups).map(GroupDto::getUuid).collect(MoreCollectors.toList()).toArray(new String[] {})); | |||||
assertThat(db.users().selectGroupUuidsOfUser(userDto)).containsOnly(stream(expectedGroups).map(GroupDto::getUuid).toArray(String[]::new)); | |||||
} | } | ||||
} | } | ||||
private void verifyTokenIsNotUpdated() { | private void verifyTokenIsNotUpdated() { | ||||
verify(jwtHttpHandler, never()).generateToken(any(UserDto.class), anyMap(), any(HttpServletRequest.class), any(HttpServletResponse.class)); | verify(jwtHttpHandler, never()).generateToken(any(UserDto.class), anyMap(), any(HttpServletRequest.class), any(HttpServletResponse.class)); | ||||
} | } | ||||
} | } |
import org.sonar.db.permission.OrganizationPermission; | import org.sonar.db.permission.OrganizationPermission; | ||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
import static org.sonar.db.organization.OrganizationTesting.newOrganizationDto; | |||||
public class SafeModeUserSessionTest { | public class SafeModeUserSessionTest { | ||||
public void session_has_no_permissions() { | public void session_has_no_permissions() { | ||||
assertThat(underTest.isRoot()).isFalse(); | assertThat(underTest.isRoot()).isFalse(); | ||||
assertThat(underTest.isSystemAdministrator()).isFalse(); | assertThat(underTest.isSystemAdministrator()).isFalse(); | ||||
assertThat(underTest.hasPermissionImpl(OrganizationPermission.ADMINISTER, "foo")).isFalse(); | |||||
assertThat(underTest.hasPermissionImpl(OrganizationPermission.ADMINISTER)).isFalse(); | |||||
assertThat(underTest.hasProjectUuidPermission(UserRole.USER, "foo")).isFalse(); | assertThat(underTest.hasProjectUuidPermission(UserRole.USER, "foo")).isFalse(); | ||||
assertThat(underTest.hasMembership(newOrganizationDto())).isFalse(); | |||||
} | } | ||||
} | } |
/* | |||||
* SonarQube | |||||
* Copyright (C) 2009-2020 SonarSource SA | |||||
* mailto:info AT sonarsource DOT com | |||||
* | |||||
* This program is free software; you can redistribute it and/or | |||||
* modify it under the terms of the GNU Lesser General Public | |||||
* License as published by the Free Software Foundation; either | |||||
* version 3 of the License, or (at your option) any later version. | |||||
* | |||||
* This program is distributed in the hope that it will be useful, | |||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||||
* Lesser General Public License for more details. | |||||
* | |||||
* You should have received a copy of the GNU Lesser General Public License | |||||
* along with this program; if not, write to the Free Software Foundation, | |||||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||||
*/ | |||||
package org.sonar.server.authentication; | |||||
import com.google.common.collect.ImmutableSet; | |||||
import org.junit.Rule; | |||||
import org.junit.Test; | |||||
import org.junit.rules.ExpectedException; | |||||
import org.sonar.api.config.internal.MapSettings; | |||||
import org.sonar.api.impl.utils.AlwaysIncreasingSystem2; | |||||
import org.sonar.api.resources.Qualifiers; | |||||
import org.sonar.api.resources.ResourceTypes; | |||||
import org.sonar.api.server.authentication.UserIdentity; | |||||
import org.sonar.api.utils.System2; | |||||
import org.sonar.db.DbTester; | |||||
import org.sonar.db.alm.AlmAppInstallDto; | |||||
import org.sonar.db.component.ResourceTypesRule; | |||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.user.UserDto; | |||||
import org.sonar.server.authentication.UserRegistration.ExistingEmailStrategy; | |||||
import org.sonar.server.authentication.event.AuthenticationEvent.Source; | |||||
import org.sonar.server.es.EsTester; | |||||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||||
import org.sonar.server.organization.MemberUpdater; | |||||
import org.sonar.server.organization.OrganizationUpdater; | |||||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||||
import org.sonar.server.organization.TestOrganizationFlags; | |||||
import org.sonar.server.permission.PermissionService; | |||||
import org.sonar.server.permission.PermissionServiceImpl; | |||||
import org.sonar.server.user.NewUserNotifier; | |||||
import org.sonar.server.user.UserUpdater; | |||||
import org.sonar.server.user.index.UserIndexer; | |||||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||||
import static org.mockito.Mockito.mock; | |||||
import static org.sonar.db.alm.ALM.BITBUCKETCLOUD; | |||||
import static org.sonar.db.alm.ALM.GITHUB; | |||||
import static org.sonar.server.authentication.event.AuthenticationEvent.Method.BASIC; | |||||
public class UserRegistrarImplOrgMembershipSyncTest { | |||||
private System2 system2 = new AlwaysIncreasingSystem2(); | |||||
private static String USER_LOGIN = "github-johndoo"; | |||||
private static UserIdentity USER_IDENTITY = UserIdentity.builder() | |||||
.setProviderId("ABCD") | |||||
.setProviderLogin("johndoo") | |||||
.setName("John") | |||||
.setEmail("john@email.com") | |||||
.build(); | |||||
private static TestIdentityProvider GITHUB_PROVIDER = new TestIdentityProvider() | |||||
.setKey("github") | |||||
.setName("Github") | |||||
.setEnabled(true) | |||||
.setAllowsUsersToSignUp(true); | |||||
private static TestIdentityProvider BITBUCKET_PROVIDER = new TestIdentityProvider() | |||||
.setKey("bitbucket") | |||||
.setName("Bitbucket") | |||||
.setEnabled(true) | |||||
.setAllowsUsersToSignUp(true); | |||||
private MapSettings settings = new MapSettings(); | |||||
@Rule | |||||
public ExpectedException expectedException = ExpectedException.none(); | |||||
@Rule | |||||
public DbTester db = DbTester.create(new AlwaysIncreasingSystem2()); | |||||
@Rule | |||||
public EsTester es = EsTester.create(); | |||||
private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); | |||||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | |||||
private OrganizationUpdater organizationUpdater = mock(OrganizationUpdater.class); | |||||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | |||||
private UserUpdater userUpdater = new UserUpdater( | |||||
system2, | |||||
mock(NewUserNotifier.class), | |||||
db.getDbClient(), | |||||
userIndexer, | |||||
organizationFlags, | |||||
defaultOrganizationProvider, | |||||
new DefaultGroupFinder(db.getDbClient()), | |||||
settings.asConfig(), | |||||
localAuthentication); | |||||
private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); | |||||
private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); | |||||
private DefaultGroupFinder defaultGroupFinder = new DefaultGroupFinder(db.getDbClient()); | |||||
private UserRegistrarImpl underTest = new UserRegistrarImpl(db.getDbClient(), userUpdater, defaultOrganizationProvider, organizationFlags, | |||||
defaultGroupFinder, new MemberUpdater(db.getDbClient(), defaultGroupFinder, userIndexer)); | |||||
@Test | |||||
public void authenticate_new_github_user_syncs_organization() { | |||||
organizationFlags.setEnabled(true); | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization, "Members"); | |||||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||||
underTest.register(UserRegistration.builder() | |||||
.setUserIdentity(USER_IDENTITY) | |||||
.setProvider(GITHUB_PROVIDER) | |||||
.setSource(Source.realm(BASIC, GITHUB_PROVIDER.getName())) | |||||
.setExistingEmailStrategy(ExistingEmailStrategy.ALLOW) | |||||
.setOrganizationAlmIds(ImmutableSet.of(gitHubInstall.getOrganizationAlmId())) | |||||
.build()); | |||||
UserDto user = db.users().selectUserByExternalLoginAndIdentityProvider(USER_IDENTITY.getProviderLogin(), GITHUB_PROVIDER.getKey()).get(); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||||
} | |||||
@Test | |||||
public void authenticate_new_github_user_does_not_sync_organization_when_no_org_alm_ids_provided() { | |||||
organizationFlags.setEnabled(true); | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization, "Members"); | |||||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||||
underTest.register(UserRegistration.builder() | |||||
.setUserIdentity(USER_IDENTITY) | |||||
.setProvider(GITHUB_PROVIDER) | |||||
.setSource(Source.realm(BASIC, GITHUB_PROVIDER.getName())) | |||||
.setExistingEmailStrategy(ExistingEmailStrategy.ALLOW) | |||||
.setOrganizationAlmIds(null) | |||||
.build()); | |||||
UserDto user = db.users().selectUserByExternalLoginAndIdentityProvider(USER_IDENTITY.getProviderLogin(), GITHUB_PROVIDER.getKey()).get(); | |||||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||||
} | |||||
@Test | |||||
public void authenticate_new_bitbucket_user_does_not_sync_organization() { | |||||
organizationFlags.setEnabled(true); | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization, "Members"); | |||||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(BITBUCKETCLOUD)); | |||||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||||
underTest.register(UserRegistration.builder() | |||||
.setUserIdentity(USER_IDENTITY) | |||||
.setProvider(BITBUCKET_PROVIDER) | |||||
.setSource(Source.realm(BASIC, BITBUCKET_PROVIDER.getName())) | |||||
.setExistingEmailStrategy(ExistingEmailStrategy.ALLOW) | |||||
.setOrganizationAlmIds(ImmutableSet.of(gitHubInstall.getOrganizationAlmId())) | |||||
.build()); | |||||
UserDto user = db.users().selectUserByExternalLoginAndIdentityProvider(USER_IDENTITY.getProviderLogin(), BITBUCKET_PROVIDER.getKey()).get(); | |||||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||||
} | |||||
@Test | |||||
public void authenticate_new_user_using_unknown_alm_does_not_sync_organization() { | |||||
organizationFlags.setEnabled(true); | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization, "Members"); | |||||
AlmAppInstallDto almAppInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization, almAppInstall, true); | |||||
TestIdentityProvider identityProvider = new TestIdentityProvider() | |||||
.setKey("unknown") | |||||
.setName("unknown") | |||||
.setEnabled(true) | |||||
.setAllowsUsersToSignUp(true); | |||||
underTest.register(UserRegistration.builder() | |||||
.setUserIdentity(USER_IDENTITY) | |||||
.setProvider(identityProvider) | |||||
.setSource(Source.realm(BASIC, identityProvider.getName())) | |||||
.setExistingEmailStrategy(ExistingEmailStrategy.ALLOW) | |||||
.setOrganizationAlmIds(ImmutableSet.of(almAppInstall.getOrganizationAlmId())) | |||||
.build()); | |||||
UserDto user = db.users().selectUserByExternalLoginAndIdentityProvider(USER_IDENTITY.getProviderLogin(), identityProvider.getKey()).get(); | |||||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||||
} | |||||
@Test | |||||
public void authenticate_existing_github_user_does_not_sync_organization() { | |||||
organizationFlags.setEnabled(true); | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization, "Members"); | |||||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||||
UserDto user = db.users().insertUser(u -> u | |||||
.setLogin("Old login") | |||||
.setExternalId(USER_IDENTITY.getProviderId()) | |||||
.setExternalIdentityProvider(GITHUB_PROVIDER.getKey())); | |||||
underTest.register(UserRegistration.builder() | |||||
.setUserIdentity(USER_IDENTITY) | |||||
.setProvider(GITHUB_PROVIDER) | |||||
.setSource(Source.local(BASIC)) | |||||
.setExistingEmailStrategy(ExistingEmailStrategy.FORBID) | |||||
.setOrganizationAlmIds(ImmutableSet.of(gitHubInstall.getOrganizationAlmId())) | |||||
.build()); | |||||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||||
} | |||||
@Test | |||||
public void authenticate_disabled_github_user_syncs_organization() { | |||||
organizationFlags.setEnabled(true); | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization, "Members"); | |||||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||||
UserDto user = db.users().insertDisabledUser(u -> u | |||||
.setLogin(USER_LOGIN) | |||||
.setExternalId(USER_IDENTITY.getProviderId()) | |||||
.setExternalIdentityProvider(GITHUB_PROVIDER.getKey()) | |||||
); | |||||
underTest.register(UserRegistration.builder() | |||||
.setUserIdentity(USER_IDENTITY) | |||||
.setProvider(GITHUB_PROVIDER) | |||||
.setSource(Source.local(BASIC)) | |||||
.setExistingEmailStrategy(ExistingEmailStrategy.FORBID) | |||||
.setOrganizationAlmIds(ImmutableSet.of(gitHubInstall.getOrganizationAlmId())) | |||||
.build()); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||||
} | |||||
} |
import java.util.Optional; | import java.util.Optional; | ||||
import java.util.stream.Collectors; | import java.util.stream.Collectors; | ||||
import org.junit.Before; | |||||
import org.junit.Rule; | import org.junit.Rule; | ||||
import org.junit.Test; | import org.junit.Test; | ||||
import org.junit.rules.ExpectedException; | import org.junit.rules.ExpectedException; | ||||
import org.sonar.api.config.internal.MapSettings; | import org.sonar.api.config.internal.MapSettings; | ||||
import org.sonar.api.impl.utils.AlwaysIncreasingSystem2; | import org.sonar.api.impl.utils.AlwaysIncreasingSystem2; | ||||
import org.sonar.api.server.authentication.UserIdentity; | import org.sonar.api.server.authentication.UserIdentity; | ||||
import org.sonar.api.utils.System2; | |||||
import org.sonar.core.util.stream.MoreCollectors; | import org.sonar.core.util.stream.MoreCollectors; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.server.authentication.UserRegistration.ExistingEmailStrategy; | import org.sonar.server.authentication.UserRegistration.ExistingEmailStrategy; | ||||
import org.sonar.server.authentication.exception.EmailAlreadyExistsRedirectionException; | import org.sonar.server.authentication.exception.EmailAlreadyExistsRedirectionException; | ||||
import org.sonar.server.es.EsTester; | import org.sonar.server.es.EsTester; | ||||
import org.sonar.server.organization.DefaultOrganizationProvider; | import org.sonar.server.organization.DefaultOrganizationProvider; | ||||
import org.sonar.server.organization.MemberUpdater; | |||||
import org.sonar.server.organization.OrganizationUpdater; | |||||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | import org.sonar.server.organization.TestDefaultOrganizationProvider; | ||||
import org.sonar.server.organization.TestOrganizationFlags; | |||||
import org.sonar.server.user.NewUserNotifier; | import org.sonar.server.user.NewUserNotifier; | ||||
import org.sonar.server.user.UserUpdater; | import org.sonar.server.user.UserUpdater; | ||||
import org.sonar.server.user.index.UserIndexer; | import org.sonar.server.user.index.UserIndexer; | ||||
import org.sonar.server.usergroups.DefaultGroupFinder; | import org.sonar.server.usergroups.DefaultGroupFinder; | ||||
import static com.google.common.collect.Sets.newHashSet; | |||||
import static java.util.Arrays.stream; | import static java.util.Arrays.stream; | ||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
import static org.mockito.Mockito.mock; | import static org.mockito.Mockito.mock; | ||||
import static org.sonar.server.authentication.event.AuthenticationExceptionMatcher.authenticationException; | import static org.sonar.server.authentication.event.AuthenticationExceptionMatcher.authenticationException; | ||||
public class UserRegistrarImplTest { | public class UserRegistrarImplTest { | ||||
private System2 system2 = new AlwaysIncreasingSystem2(); | |||||
private static String USER_LOGIN = "johndoo"; | private static String USER_LOGIN = "johndoo"; | ||||
private static UserIdentity USER_IDENTITY = UserIdentity.builder() | private static UserIdentity USER_IDENTITY = UserIdentity.builder() | ||||
public EsTester es = EsTester.create(); | public EsTester es = EsTester.create(); | ||||
private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); | private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client()); | ||||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | ||||
private OrganizationUpdater organizationUpdater = mock(OrganizationUpdater.class); | |||||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | ||||
private DefaultGroupFinder groupFinder = new DefaultGroupFinder(db.getDbClient(), defaultOrganizationProvider); | |||||
private UserUpdater userUpdater = new UserUpdater( | private UserUpdater userUpdater = new UserUpdater( | ||||
system2, | |||||
mock(NewUserNotifier.class), | mock(NewUserNotifier.class), | ||||
db.getDbClient(), | db.getDbClient(), | ||||
userIndexer, | userIndexer, | ||||
organizationFlags, | |||||
defaultOrganizationProvider, | defaultOrganizationProvider, | ||||
new DefaultGroupFinder(db.getDbClient()), | |||||
groupFinder, | |||||
settings.asConfig(), | settings.asConfig(), | ||||
localAuthentication); | localAuthentication); | ||||
private DefaultGroupFinder defaultGroupFinder = new DefaultGroupFinder(db.getDbClient()); | |||||
private UserRegistrarImpl underTest = new UserRegistrarImpl(db.getDbClient(), userUpdater, groupFinder); | |||||
private GroupDto defaultGroup; | |||||
private UserRegistrarImpl underTest = new UserRegistrarImpl(db.getDbClient(), userUpdater, defaultOrganizationProvider, organizationFlags, | |||||
defaultGroupFinder, new MemberUpdater(db.getDbClient(), defaultGroupFinder, userIndexer)); | |||||
@Before | |||||
public void setUp() { | |||||
defaultGroup = insertDefaultGroup(); | |||||
} | |||||
@Test | @Test | ||||
public void authenticate_new_user() { | public void authenticate_new_user() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto createdUser = underTest.register(UserRegistration.builder() | UserDto createdUser = underTest.register(UserRegistration.builder() | ||||
.setUserIdentity(USER_IDENTITY) | .setUserIdentity(USER_IDENTITY) | ||||
.setProvider(IDENTITY_PROVIDER) | .setProvider(IDENTITY_PROVIDER) | ||||
assertThat(user.getExternalIdentityProvider()).isEqualTo("github"); | assertThat(user.getExternalIdentityProvider()).isEqualTo("github"); | ||||
assertThat(user.getExternalId()).isEqualTo("ABCD"); | assertThat(user.getExternalId()).isEqualTo("ABCD"); | ||||
assertThat(user.isRoot()).isFalse(); | assertThat(user.isRoot()).isFalse(); | ||||
checkGroupMembership(user); | |||||
checkGroupMembership(user, defaultGroup); | |||||
} | } | ||||
@Test | @Test | ||||
public void authenticate_new_user_with_sq_identity() { | public void authenticate_new_user_with_sq_identity() { | ||||
organizationFlags.setEnabled(false); | |||||
GroupDto defaultGroup = insertDefaultGroup(); | |||||
TestIdentityProvider sqIdentityProvider = new TestIdentityProvider() | TestIdentityProvider sqIdentityProvider = new TestIdentityProvider() | ||||
.setKey("sonarqube") | .setKey("sonarqube") | ||||
.setName("sonarqube identity name") | .setName("sonarqube identity name") | ||||
@Test | @Test | ||||
public void authenticate_new_user_generate_login_when_no_login_provided() { | public void authenticate_new_user_generate_login_when_no_login_provided() { | ||||
organizationFlags.setEnabled(true); | |||||
underTest.register(UserRegistration.builder() | underTest.register(UserRegistration.builder() | ||||
.setUserIdentity(UserIdentity.builder() | .setUserIdentity(UserIdentity.builder() | ||||
.setProviderId("ABCD") | .setProviderId("ABCD") | ||||
@Test | @Test | ||||
public void authenticate_new_user_with_groups() { | public void authenticate_new_user_with_groups() { | ||||
organizationFlags.setEnabled(true); | |||||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||||
GroupDto group2 = db.users().insertGroup(db.getDefaultOrganization(), "group2"); | |||||
GroupDto group1 = db.users().insertGroup("group1"); | |||||
GroupDto group2 = db.users().insertGroup("group2"); | |||||
UserDto loggedInUser = authenticate(USER_LOGIN, "group1", "group2", "group3"); | UserDto loggedInUser = authenticate(USER_LOGIN, "group1", "group2", "group3"); | ||||
Optional<UserDto> user = db.users().selectUserByLogin(loggedInUser.getLogin()); | Optional<UserDto> user = db.users().selectUserByLogin(loggedInUser.getLogin()); | ||||
checkGroupMembership(user.get(), group1, group2); | |||||
checkGroupMembership(user.get(), group1, group2, defaultGroup); | |||||
} | } | ||||
@Test | @Test | ||||
public void authenticate_new_user_and_force_default_group_when_organizations_are_disabled() { | |||||
organizationFlags.setEnabled(false); | |||||
public void authenticate_new_user_and_force_default_group() { | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||||
GroupDto defaultGroup = insertDefaultGroup(); | |||||
GroupDto group1 = db.users().insertGroup("group1"); | |||||
db.users().insertMember(group1, user); | db.users().insertMember(group1, user); | ||||
db.users().insertMember(defaultGroup, user); | db.users().insertMember(defaultGroup, user); | ||||
checkGroupMembership(user, group1, defaultGroup); | checkGroupMembership(user, group1, defaultGroup); | ||||
} | } | ||||
@Test | |||||
public void does_not_force_default_group_when_authenticating_new_user_if_organizations_are_enabled() { | |||||
organizationFlags.setEnabled(true); | |||||
UserDto user = db.users().insertUser(newUserDto() | |||||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | |||||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | |||||
); | |||||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||||
GroupDto defaultGroup = insertDefaultGroup(); | |||||
db.users().insertMember(group1, user); | |||||
db.users().insertMember(defaultGroup, user); | |||||
authenticate(user.getExternalLogin(), "group1"); | |||||
checkGroupMembership(user, group1); | |||||
} | |||||
@Test | @Test | ||||
public void authenticate_new_user_sets_onboarded_flag_to_false_when_onboarding_setting_is_set_to_true() { | public void authenticate_new_user_sets_onboarded_flag_to_false_when_onboarding_setting_is_set_to_true() { | ||||
organizationFlags.setEnabled(true); | |||||
settings.setProperty(ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS.getKey(), true); | settings.setProperty(ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS.getKey(), true); | ||||
UserDto user = underTest.register(UserRegistration.builder() | UserDto user = underTest.register(UserRegistration.builder() | ||||
@Test | @Test | ||||
public void authenticate_new_user_sets_onboarded_flag_to_true_when_onboarding_setting_is_set_to_false() { | public void authenticate_new_user_sets_onboarded_flag_to_true_when_onboarding_setting_is_set_to_false() { | ||||
organizationFlags.setEnabled(true); | |||||
settings.setProperty(ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS.getKey(), false); | settings.setProperty(ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS.getKey(), false); | ||||
UserDto user = underTest.register(UserRegistration.builder() | UserDto user = underTest.register(UserRegistration.builder() | ||||
@Test | @Test | ||||
public void external_id_is_set_to_provider_login_when_null() { | public void external_id_is_set_to_provider_login_when_null() { | ||||
organizationFlags.setEnabled(true); | |||||
UserIdentity newUser = UserIdentity.builder() | UserIdentity newUser = UserIdentity.builder() | ||||
.setProviderId(null) | .setProviderId(null) | ||||
.setProviderLogin("johndoo") | .setProviderLogin("johndoo") | ||||
@Test | @Test | ||||
public void authenticate_new_user_update_existing_user_email_when_strategy_is_ALLOW() { | public void authenticate_new_user_update_existing_user_email_when_strategy_is_ALLOW() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | ||||
UserIdentity newUser = UserIdentity.builder() | UserIdentity newUser = UserIdentity.builder() | ||||
.setProviderLogin("johndoo") | .setProviderLogin("johndoo") | ||||
@Test | @Test | ||||
public void throw_EmailAlreadyExistException_when_authenticating_new_user_when_email_already_exists_and_strategy_is_WARN() { | public void throw_EmailAlreadyExistException_when_authenticating_new_user_when_email_already_exists_and_strategy_is_WARN() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | ||||
UserIdentity newUser = UserIdentity.builder() | UserIdentity newUser = UserIdentity.builder() | ||||
.setProviderLogin("johndoo") | .setProviderLogin("johndoo") | ||||
@Test | @Test | ||||
public void authenticate_and_update_existing_user_matching_login() { | public void authenticate_and_update_existing_user_matching_login() { | ||||
insertDefaultGroup(); | |||||
db.users().insertUser(u -> u | db.users().insertUser(u -> u | ||||
.setName("Old name") | .setName("Old name") | ||||
.setEmail("Old email") | .setEmail("Old email") | ||||
.setExistingEmailStrategy(ExistingEmailStrategy.FORBID) | .setExistingEmailStrategy(ExistingEmailStrategy.FORBID) | ||||
.build()); | .build()); | ||||
//no new user should be created | |||||
// no new user should be created | |||||
assertThat(db.countRowsOfTable(db.getSession(), "users")).isEqualTo(1); | assertThat(db.countRowsOfTable(db.getSession(), "users")).isEqualTo(1); | ||||
assertThat(db.getDbClient().userDao().selectByUuid(db.getSession(), user.getUuid())) | assertThat(db.getDbClient().userDao().selectByUuid(db.getSession(), user.getUuid())) | ||||
.extracting(UserDto::getLogin, UserDto::getName, UserDto::getEmail, UserDto::getExternalId, UserDto::getExternalLogin, UserDto::getExternalIdentityProvider, | .extracting(UserDto::getLogin, UserDto::getName, UserDto::getEmail, UserDto::getExternalId, UserDto::getExternalLogin, UserDto::getExternalIdentityProvider, | ||||
@Test | @Test | ||||
public void authenticate_existing_disabled_user() { | public void authenticate_existing_disabled_user() { | ||||
organizationFlags.setEnabled(true); | |||||
db.users().insertUser(u -> u | db.users().insertUser(u -> u | ||||
.setLogin(USER_LOGIN) | .setLogin(USER_LOGIN) | ||||
.setActive(false) | .setActive(false) | ||||
@Test | @Test | ||||
public void authenticate_existing_user_when_email_already_exists_and_strategy_is_ALLOW() { | public void authenticate_existing_user_when_email_already_exists_and_strategy_is_ALLOW() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | ||||
UserDto currentUser = db.users().insertUser(u -> u.setExternalLogin("johndoo").setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()).setEmail(null)); | UserDto currentUser = db.users().insertUser(u -> u.setExternalLogin("johndoo").setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()).setEmail(null)); | ||||
@Test | @Test | ||||
public void throw_EmailAlreadyExistException_when_authenticating_existing_user_when_email_already_exists_and_strategy_is_WARN() { | public void throw_EmailAlreadyExistException_when_authenticating_existing_user_when_email_already_exists_and_strategy_is_WARN() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | ||||
UserDto currentUser = db.users().insertUser(u -> u.setEmail(null)); | UserDto currentUser = db.users().insertUser(u -> u.setEmail(null)); | ||||
UserIdentity userIdentity = UserIdentity.builder() | UserIdentity userIdentity = UserIdentity.builder() | ||||
@Test | @Test | ||||
public void throw_AuthenticationException_when_authenticating_existing_user_when_email_already_exists_and_strategy_is_FORBID() { | public void throw_AuthenticationException_when_authenticating_existing_user_when_email_already_exists_and_strategy_is_FORBID() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com")); | ||||
UserDto currentUser = db.users().insertUser(u -> u.setEmail(null)); | UserDto currentUser = db.users().insertUser(u -> u.setEmail(null)); | ||||
UserIdentity userIdentity = UserIdentity.builder() | UserIdentity userIdentity = UserIdentity.builder() | ||||
@Test | @Test | ||||
public void does_not_fail_to_authenticate_user_when_email_has_not_changed_and_strategy_is_FORBID() { | public void does_not_fail_to_authenticate_user_when_email_has_not_changed_and_strategy_is_FORBID() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto currentUser = db.users().insertUser(u -> u.setEmail("john@email.com") | UserDto currentUser = db.users().insertUser(u -> u.setEmail("john@email.com") | ||||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey())); | .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey())); | ||||
UserIdentity userIdentity = UserIdentity.builder() | UserIdentity userIdentity = UserIdentity.builder() | ||||
@Test | @Test | ||||
public void authenticate_existing_user_and_add_new_groups() { | public void authenticate_existing_user_and_add_new_groups() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto user = db.users().insertUser(newUserDto() | UserDto user = db.users().insertUser(newUserDto() | ||||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | ||||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | .setExternalLogin(USER_IDENTITY.getProviderLogin()) | ||||
.setActive(true) | .setActive(true) | ||||
.setName("John")); | .setName("John")); | ||||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||||
GroupDto group2 = db.users().insertGroup(db.getDefaultOrganization(), "group2"); | |||||
GroupDto group1 = db.users().insertGroup("group1"); | |||||
GroupDto group2 = db.users().insertGroup("group2"); | |||||
authenticate(USER_IDENTITY.getProviderLogin(), "group1", "group2", "group3"); | authenticate(USER_IDENTITY.getProviderLogin(), "group1", "group2", "group3"); | ||||
@Test | @Test | ||||
public void authenticate_existing_user_and_remove_groups() { | public void authenticate_existing_user_and_remove_groups() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto user = db.users().insertUser(newUserDto() | UserDto user = db.users().insertUser(newUserDto() | ||||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | ||||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | .setExternalLogin(USER_IDENTITY.getProviderLogin()) | ||||
.setActive(true) | .setActive(true) | ||||
.setName("John")); | .setName("John")); | ||||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||||
GroupDto group2 = db.users().insertGroup(db.getDefaultOrganization(), "group2"); | |||||
GroupDto group1 = db.users().insertGroup("group1"); | |||||
GroupDto group2 = db.users().insertGroup("group2"); | |||||
db.users().insertMember(group1, user); | db.users().insertMember(group1, user); | ||||
db.users().insertMember(group2, user); | db.users().insertMember(group2, user); | ||||
} | } | ||||
@Test | @Test | ||||
public void authenticate_existing_user_and_remove_all_groups_expect_default_when_organizations_are_disabled() { | |||||
organizationFlags.setEnabled(false); | |||||
public void authenticate_existing_user_and_remove_all_groups_expect_default() { | |||||
UserDto user = db.users().insertUser(newUserDto() | UserDto user = db.users().insertUser(newUserDto() | ||||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | ||||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | |||||
); | |||||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||||
GroupDto group2 = db.users().insertGroup(db.getDefaultOrganization(), "group2"); | |||||
GroupDto defaultGroup = insertDefaultGroup(); | |||||
.setExternalLogin(USER_IDENTITY.getProviderLogin())); | |||||
GroupDto group1 = db.users().insertGroup("group1"); | |||||
GroupDto group2 = db.users().insertGroup("group2"); | |||||
db.users().insertMember(group1, user); | db.users().insertMember(group1, user); | ||||
db.users().insertMember(group2, user); | db.users().insertMember(group2, user); | ||||
db.users().insertMember(defaultGroup, user); | db.users().insertMember(defaultGroup, user); | ||||
checkGroupMembership(user, defaultGroup); | checkGroupMembership(user, defaultGroup); | ||||
} | } | ||||
@Test | |||||
public void does_not_force_default_group_when_authenticating_existing_user_when_organizations_are_enabled() { | |||||
organizationFlags.setEnabled(true); | |||||
UserDto user = db.users().insertUser(newUserDto() | |||||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | |||||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | |||||
); | |||||
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1"); | |||||
GroupDto defaultGroup = insertDefaultGroup(); | |||||
db.users().insertMember(group1, user); | |||||
db.users().insertMember(defaultGroup, user); | |||||
authenticate(user.getExternalLogin(), "group1"); | |||||
checkGroupMembership(user, group1); | |||||
} | |||||
@Test | |||||
public void ignore_groups_on_non_default_organizations() { | |||||
organizationFlags.setEnabled(true); | |||||
OrganizationDto org = db.organizations().insert(); | |||||
UserDto user = db.users().insertUser(newUserDto() | |||||
.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()) | |||||
.setExternalLogin(USER_IDENTITY.getProviderLogin()) | |||||
.setActive(true) | |||||
.setName("John")); | |||||
String groupName = "a-group"; | |||||
GroupDto groupInDefaultOrg = db.users().insertGroup(db.getDefaultOrganization(), groupName); | |||||
GroupDto groupInOrg = db.users().insertGroup(org, groupName); | |||||
// adding a group with the same name than in non-default organization | |||||
underTest.register(UserRegistration.builder() | |||||
.setUserIdentity(UserIdentity.builder() | |||||
.setProviderLogin("johndoo") | |||||
.setName(user.getName()) | |||||
.setGroups(newHashSet(groupName)) | |||||
.build()) | |||||
.setProvider(IDENTITY_PROVIDER) | |||||
.setSource(Source.local(BASIC)) | |||||
.setExistingEmailStrategy(ExistingEmailStrategy.FORBID) | |||||
.build()); | |||||
checkGroupMembership(user, groupInDefaultOrg); | |||||
} | |||||
private UserDto authenticate(String providerLogin, String... groups) { | private UserDto authenticate(String providerLogin, String... groups) { | ||||
return underTest.register(UserRegistration.builder() | return underTest.register(UserRegistration.builder() | ||||
.setUserIdentity(UserIdentity.builder() | .setUserIdentity(UserIdentity.builder() | ||||
} | } | ||||
private void checkGroupMembership(UserDto user, GroupDto... expectedGroups) { | private void checkGroupMembership(UserDto user, GroupDto... expectedGroups) { | ||||
assertThat(db.users().selectGroupUuidsOfUser(user)).containsOnly(stream(expectedGroups).map(GroupDto::getUuid).collect(Collectors.toList()).toArray(new String[]{})); | |||||
assertThat(db.users().selectGroupUuidsOfUser(user)).containsOnly(stream(expectedGroups).map(GroupDto::getUuid).collect(Collectors.toList()).toArray(new String[] {})); | |||||
} | } | ||||
private GroupDto insertDefaultGroup() { | private GroupDto insertDefaultGroup() { | ||||
return db.users().insertDefaultGroup(db.getDefaultOrganization(), "sonar-users"); | |||||
return db.users().insertDefaultGroup("sonar-users"); | |||||
} | } | ||||
} | } |
/* | |||||
* SonarQube | |||||
* Copyright (C) 2009-2020 SonarSource SA | |||||
* mailto:info AT sonarsource DOT com | |||||
* | |||||
* This program is free software; you can redistribute it and/or | |||||
* modify it under the terms of the GNU Lesser General Public | |||||
* License as published by the Free Software Foundation; either | |||||
* version 3 of the License, or (at your option) any later version. | |||||
* | |||||
* This program is distributed in the hope that it will be useful, | |||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||||
* Lesser General Public License for more details. | |||||
* | |||||
* You should have received a copy of the GNU Lesser General Public License | |||||
* along with this program; if not, write to the Free Software Foundation, | |||||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||||
*/ | |||||
package org.sonar.server.organization; | |||||
import com.google.common.collect.ImmutableSet; | |||||
import java.util.HashSet; | |||||
import javax.annotation.Nullable; | |||||
import org.assertj.core.groups.Tuple; | |||||
import org.elasticsearch.action.search.SearchRequestBuilder; | |||||
import org.junit.Rule; | |||||
import org.junit.Test; | |||||
import org.junit.rules.ExpectedException; | |||||
import org.sonar.api.utils.System2; | |||||
import org.sonar.db.DbClient; | |||||
import org.sonar.db.DbTester; | |||||
import org.sonar.db.alm.AlmAppInstallDto; | |||||
import org.sonar.db.component.ComponentDto; | |||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.OrganizationPermission; | |||||
import org.sonar.db.permission.template.PermissionTemplateDto; | |||||
import org.sonar.db.permission.template.PermissionTemplateUserDto; | |||||
import org.sonar.db.property.PropertyDto; | |||||
import org.sonar.db.property.PropertyQuery; | |||||
import org.sonar.db.user.GroupDto; | |||||
import org.sonar.db.user.UserDto; | |||||
import org.sonar.server.es.EsTester; | |||||
import org.sonar.server.es.SearchOptions; | |||||
import org.sonar.server.user.index.UserDoc; | |||||
import org.sonar.server.user.index.UserIndex; | |||||
import org.sonar.server.user.index.UserIndexDefinition; | |||||
import org.sonar.server.user.index.UserIndexer; | |||||
import org.sonar.server.user.index.UserQuery; | |||||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||||
import static java.lang.String.format; | |||||
import static java.util.Arrays.asList; | |||||
import static java.util.Collections.singletonList; | |||||
import static org.assertj.core.api.Assertions.assertThat; | |||||
import static org.assertj.core.api.Assertions.tuple; | |||||
import static org.elasticsearch.index.query.QueryBuilders.boolQuery; | |||||
import static org.elasticsearch.index.query.QueryBuilders.termQuery; | |||||
import static org.sonar.api.CoreProperties.DEFAULT_ISSUE_ASSIGNEE; | |||||
import static org.sonar.api.web.UserRole.CODEVIEWER; | |||||
import static org.sonar.api.web.UserRole.USER; | |||||
import static org.sonar.db.alm.ALM.GITHUB; | |||||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||||
import static org.sonar.db.permission.OrganizationPermission.SCAN; | |||||
import static org.sonar.server.user.index.UserIndexDefinition.FIELD_ORGANIZATION_UUIDS; | |||||
import static org.sonar.server.user.index.UserIndexDefinition.FIELD_UUID; | |||||
public class MemberUpdaterTest { | |||||
@Rule | |||||
public ExpectedException expectedException = ExpectedException.none(); | |||||
@Rule | |||||
public EsTester es = EsTester.create(); | |||||
@Rule | |||||
public DbTester db = DbTester.create(); | |||||
private DbClient dbClient = db.getDbClient(); | |||||
private UserIndex userIndex = new UserIndex(es.client(), System2.INSTANCE); | |||||
private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | |||||
private MemberUpdater underTest = new MemberUpdater(dbClient, new DefaultGroupFinder(dbClient), userIndexer); | |||||
@Test | |||||
public void add_member_in_db_and_user_index() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto user = db.users().insertUser(); | |||||
underTest.addMember(db.getSession(), organization, user); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||||
assertThat(userIndex.search(UserQuery.builder().build(), new SearchOptions()).getDocs()) | |||||
.extracting(UserDoc::login, UserDoc::organizationUuids) | |||||
.containsExactlyInAnyOrder(tuple(user.getLogin(), singletonList(organization.getUuid()))); | |||||
} | |||||
@Test | |||||
public void does_not_fail_to_add_member_if_user_already_added_in_organization() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto user = db.users().insertUser(); | |||||
db.organizations().addMember(organization, user); | |||||
db.users().insertMember(defaultGroup, user); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||||
underTest.addMember(db.getSession(), organization, user); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||||
} | |||||
@Test | |||||
public void add_member_fails_when_organization_has_no_default_group() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user = db.users().insertUser(); | |||||
expectedException.expect(IllegalStateException.class); | |||||
expectedException.expectMessage(format("Default group cannot be found on organization '%s'", organization.getUuid())); | |||||
underTest.addMember(db.getSession(), organization, user); | |||||
} | |||||
@Test | |||||
public void add_members_in_db_and_user_index() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto user1 = db.users().insertUser(); | |||||
UserDto user2 = db.users().insertUser(); | |||||
UserDto disableUser = db.users().insertDisabledUser(); | |||||
underTest.addMembers(db.getSession(), organization, asList(user1, user2, disableUser)); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, user1); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, user2); | |||||
assertUserIsNotMember(organization, disableUser); | |||||
assertThat(userIndex.search(UserQuery.builder().build(), new SearchOptions()).getDocs()) | |||||
.extracting(UserDoc::login, UserDoc::organizationUuids) | |||||
.containsExactlyInAnyOrder( | |||||
tuple(user1.getLogin(), singletonList(organization.getUuid())), | |||||
tuple(user2.getLogin(), singletonList(organization.getUuid()))); | |||||
} | |||||
@Test | |||||
public void add_members_does_not_fail_when_one_user_is_already_member_of_organization() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto userAlreadyMember = db.users().insertUser(); | |||||
db.organizations().addMember(organization, userAlreadyMember); | |||||
db.users().insertMember(defaultGroup, userAlreadyMember); | |||||
UserDto userNotMember = db.users().insertUser(); | |||||
userIndexer.indexOnStartup(new HashSet<>()); | |||||
underTest.addMembers(db.getSession(), organization, asList(userAlreadyMember, userNotMember)); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, userAlreadyMember); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, userNotMember); | |||||
assertThat(userIndex.search(UserQuery.builder().build(), new SearchOptions()).getDocs()) | |||||
.extracting(UserDoc::login, UserDoc::organizationUuids) | |||||
.containsExactlyInAnyOrder( | |||||
tuple(userAlreadyMember.getLogin(), singletonList(organization.getUuid())), | |||||
tuple(userNotMember.getLogin(), singletonList(organization.getUuid()))); | |||||
} | |||||
@Test | |||||
public void remove_member_from_db_and_user_index() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto user = db.users().insertUser(); | |||||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||||
db.organizations().addMember(organization, user, adminUser); | |||||
db.users().insertMember(defaultGroup, user); | |||||
userIndexer.indexOnStartup(new HashSet<>()); | |||||
underTest.removeMember(db.getSession(), organization, user); | |||||
assertUserIsNotMember(organization, user); | |||||
} | |||||
@Test | |||||
public void remove_members_from_db_and_user_index() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto user1 = db.users().insertUser(); | |||||
UserDto user2 = db.users().insertUser(); | |||||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||||
db.organizations().addMember(organization, user1, user2, adminUser); | |||||
db.users().insertMember(defaultGroup, user1); | |||||
db.users().insertMember(defaultGroup, user2); | |||||
db.users().insertMember(defaultGroup, adminUser); | |||||
userIndexer.indexOnStartup(new HashSet<>()); | |||||
underTest.removeMembers(db.getSession(), organization, asList(user1, user2)); | |||||
assertUserIsNotMember(organization, user1); | |||||
assertUserIsNotMember(organization, user2); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, adminUser); | |||||
} | |||||
@Test | |||||
public void remove_member_removes_permissions() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto user = db.users().insertUser(); | |||||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||||
db.organizations().addMember(organization, user, adminUser); | |||||
db.users().insertMember(defaultGroup, user); | |||||
UserDto anotherUser = db.users().insertUser(); | |||||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||||
ComponentDto anotherProject = db.components().insertPrivateProject(anotherOrganization); | |||||
userIndexer.indexOnStartup(new HashSet<>()); | |||||
db.users().insertPermissionOnUser(organization, user, ADMINISTER); | |||||
db.users().insertPermissionOnUser(organization, user, SCAN); | |||||
db.users().insertPermissionOnUser(anotherOrganization, user, ADMINISTER); | |||||
db.users().insertPermissionOnUser(anotherOrganization, user, SCAN); | |||||
db.users().insertPermissionOnUser(organization, anotherUser, ADMINISTER); | |||||
db.users().insertPermissionOnUser(organization, anotherUser, SCAN); | |||||
db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project); | |||||
db.users().insertProjectPermissionOnUser(user, USER, project); | |||||
db.users().insertProjectPermissionOnUser(user, CODEVIEWER, anotherProject); | |||||
db.users().insertProjectPermissionOnUser(user, USER, anotherProject); | |||||
db.users().insertProjectPermissionOnUser(anotherUser, CODEVIEWER, project); | |||||
db.users().insertProjectPermissionOnUser(anotherUser, USER, project); | |||||
underTest.removeMember(db.getSession(), organization, user); | |||||
assertUserIsNotMember(organization, user); | |||||
assertOrgPermissionsOfUser(user, organization); | |||||
assertOrgPermissionsOfUser(user, anotherOrganization, ADMINISTER, SCAN); | |||||
assertOrgPermissionsOfUser(anotherUser, organization, ADMINISTER, SCAN); | |||||
assertProjectPermissionsOfUser(user, project); | |||||
assertProjectPermissionsOfUser(user, anotherProject, CODEVIEWER, USER); | |||||
assertProjectPermissionsOfUser(anotherUser, project, CODEVIEWER, USER); | |||||
} | |||||
@Test | |||||
public void remove_member_removes_template_permissions() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto user = db.users().insertUser(); | |||||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||||
db.organizations().addMember(organization, user, adminUser); | |||||
db.users().insertMember(defaultGroup, user); | |||||
userIndexer.indexOnStartup(new HashSet<>()); | |||||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||||
UserDto anotherUser = db.users().insertUser(); | |||||
PermissionTemplateDto template = db.permissionTemplates().insertTemplate(organization); | |||||
PermissionTemplateDto anotherTemplate = db.permissionTemplates().insertTemplate(anotherOrganization); | |||||
String permission = "browse"; | |||||
db.permissionTemplates().addUserToTemplate(template.getUuid(), user.getUuid(), permission); | |||||
db.permissionTemplates().addUserToTemplate(template.getUuid(), anotherUser.getUuid(), permission); | |||||
db.permissionTemplates().addUserToTemplate(anotherTemplate.getUuid(), user.getUuid(), permission); | |||||
underTest.removeMember(db.getSession(), organization, user); | |||||
assertThat(dbClient.permissionTemplateDao().selectUserPermissionsByTemplateId(db.getSession(), template.getUuid())).extracting(PermissionTemplateUserDto::getUserUuid) | |||||
.containsOnly(anotherUser.getUuid()); | |||||
assertThat(dbClient.permissionTemplateDao().selectUserPermissionsByTemplateId(db.getSession(), anotherTemplate.getUuid())).extracting(PermissionTemplateUserDto::getUserUuid) | |||||
.containsOnly(user.getUuid()); | |||||
} | |||||
@Test | |||||
public void remove_member_removes_user_from_organization_groups() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto user = db.users().insertUser(); | |||||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||||
db.organizations().addMember(organization, user, adminUser); | |||||
db.users().insertMember(defaultGroup, user); | |||||
userIndexer.indexOnStartup(new HashSet<>()); | |||||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||||
UserDto anotherUser = db.users().insertUser(); | |||||
GroupDto group = db.users().insertGroup(organization); | |||||
GroupDto anotherGroup = db.users().insertGroup(anotherOrganization); | |||||
db.users().insertMembers(group, user, anotherUser); | |||||
db.users().insertMembers(anotherGroup, user, anotherUser); | |||||
underTest.removeMember(db.getSession(), organization, user); | |||||
assertThat(dbClient.groupMembershipDao().selectGroupUuidsByUserUuid(db.getSession(), user.getUuid())) | |||||
.containsOnly(anotherGroup.getUuid()); | |||||
assertThat(dbClient.groupMembershipDao().selectGroupUuidsByUserUuid(db.getSession(), anotherUser.getUuid())) | |||||
.containsOnly(group.getUuid(), anotherGroup.getUuid()); | |||||
} | |||||
@Test | |||||
public void remove_member_removes_user_from_default_organization_group() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto user = db.users().insertUser(); | |||||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||||
db.organizations().addMember(organization, user, adminUser); | |||||
db.users().insertMember(defaultGroup, user); | |||||
userIndexer.indexOnStartup(new HashSet<>()); | |||||
underTest.removeMember(db.getSession(), organization, user); | |||||
assertThat(dbClient.groupMembershipDao().selectGroupUuidsByUserUuid(db.getSession(), user.getUuid())).isEmpty(); | |||||
} | |||||
@Test | |||||
public void remove_member_removes_user_from_org_properties() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto user = db.users().insertUser(); | |||||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||||
db.organizations().addMember(organization, user, adminUser); | |||||
db.users().insertMember(defaultGroup, user); | |||||
userIndexer.indexOnStartup(new HashSet<>()); | |||||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||||
ComponentDto anotherProject = db.components().insertPrivateProject(anotherOrganization); | |||||
UserDto anotherUser = db.users().insertUser(); | |||||
insertProperty("KEY_11", "VALUE", project.uuid(), user.getUuid()); | |||||
insertProperty("KEY_12", "VALUE", project.uuid(), user.getUuid()); | |||||
insertProperty("KEY_11", "VALUE", project.uuid(), anotherUser.getUuid()); | |||||
insertProperty("KEY_11", "VALUE", anotherProject.uuid(), user.getUuid()); | |||||
underTest.removeMember(db.getSession(), organization, user); | |||||
assertThat(dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setComponentUuid(project.uuid()).build(), db.getSession())) | |||||
.hasSize(1).extracting(PropertyDto::getUserUuid).containsOnly(anotherUser.getUuid()); | |||||
assertThat(dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setComponentUuid(anotherProject.uuid()).build(), db.getSession())) | |||||
.extracting(PropertyDto::getUserUuid) | |||||
.hasSize(1).containsOnly(user.getUuid()); | |||||
} | |||||
@Test | |||||
public void remove_member_removes_user_from_default_assignee_properties() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
UserDto user = db.users().insertUser(); | |||||
UserDto adminUser = db.users().insertAdminByUserPermission(organization); | |||||
db.organizations().addMember(organization, user, adminUser); | |||||
db.users().insertMember(defaultGroup, user); | |||||
userIndexer.indexOnStartup(new HashSet<>()); | |||||
OrganizationDto anotherOrganization = db.organizations().insert(); | |||||
ComponentDto anotherProject = db.components().insertPrivateProject(anotherOrganization); | |||||
UserDto anotherUser = db.users().insertUser(); | |||||
insertProperty(DEFAULT_ISSUE_ASSIGNEE, user.getLogin(), project.uuid(), null); | |||||
insertProperty("ANOTHER_KEY", user.getLogin(), project.uuid(), null); | |||||
insertProperty(DEFAULT_ISSUE_ASSIGNEE, anotherUser.getLogin(), project.uuid(), null); | |||||
insertProperty(DEFAULT_ISSUE_ASSIGNEE, user.getLogin(), anotherProject.uuid(), null); | |||||
underTest.removeMember(db.getSession(), organization, user); | |||||
assertThat(dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setComponentUuid(project.uuid()).build(), db.getSession())) | |||||
.hasSize(2).extracting(PropertyDto::getKey, PropertyDto::getValue) | |||||
.containsOnly(Tuple.tuple("ANOTHER_KEY", user.getLogin()), Tuple.tuple(DEFAULT_ISSUE_ASSIGNEE, anotherUser.getLogin())); | |||||
assertThat(dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setComponentUuid(anotherProject.uuid()).build(), db.getSession())).extracting(PropertyDto::getValue) | |||||
.hasSize(1).containsOnly(user.getLogin()); | |||||
} | |||||
@Test | |||||
public void fail_to_remove_members_when_no_more_admin() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
GroupDto adminGroup = db.users().insertGroup(organization); | |||||
db.users().insertPermissionOnGroup(adminGroup, ADMINISTER); | |||||
UserDto user1 = db.users().insertUser(); | |||||
UserDto admin1 = db.users().insertAdminByUserPermission(organization); | |||||
UserDto admin2 = db.users().insertUser(); | |||||
db.organizations().addMember(organization, user1, admin1, admin2); | |||||
db.users().insertMember(defaultGroup, user1); | |||||
db.users().insertMember(defaultGroup, admin1); | |||||
db.users().insertMember(defaultGroup, admin2); | |||||
db.users().insertMember(adminGroup, admin2); | |||||
userIndexer.indexOnStartup(new HashSet<>()); | |||||
expectedException.expect(IllegalArgumentException.class); | |||||
expectedException.expectMessage("The last administrator member cannot be removed"); | |||||
underTest.removeMembers(db.getSession(), organization, asList(admin1, admin2)); | |||||
} | |||||
@Test | |||||
public void synchronize_user_organization_membership() { | |||||
OrganizationDto organization1 = db.organizations().insert(); | |||||
GroupDto org1defaultGroup = db.users().insertDefaultGroup(organization1, "Members"); | |||||
AlmAppInstallDto gitHubInstall1 = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization1, gitHubInstall1, true); | |||||
OrganizationDto organization2 = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization2, "Members"); | |||||
AlmAppInstallDto gitHubInstall2 = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization2, gitHubInstall2, true); | |||||
OrganizationDto organization3 = db.organizations().insert(); | |||||
GroupDto org3defaultGroup = db.users().insertDefaultGroup(organization3, "Members"); | |||||
AlmAppInstallDto gitHubInstall3 = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization3, gitHubInstall3, true); | |||||
// User is member of organization1 and organization3, but organization3 membership will be removed and organization2 membership will be | |||||
// added | |||||
UserDto user = db.users().insertUser(); | |||||
db.organizations().addMember(organization1, user); | |||||
db.users().insertMember(org1defaultGroup, user); | |||||
db.organizations().addMember(organization3, user); | |||||
db.users().insertMember(org3defaultGroup, user); | |||||
underTest.synchronizeUserOrganizationMembership(db.getSession(), user, GITHUB, ImmutableSet.of(gitHubInstall1.getOrganizationAlmId(), gitHubInstall2.getOrganizationAlmId())); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization1, user); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization2, user); | |||||
assertUserIsNotMember(organization3, user); | |||||
} | |||||
@Test | |||||
public void synchronize_user_organization_membership_does_not_update_es_index() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization, "Members"); | |||||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||||
UserDto user = db.users().insertUser(); | |||||
underTest.synchronizeUserOrganizationMembership(db.getSession(), user, GITHUB, ImmutableSet.of(gitHubInstall.getOrganizationAlmId())); | |||||
assertThat(userIndex.search(UserQuery.builder().build(), new SearchOptions()).getDocs()).isEmpty(); | |||||
} | |||||
@Test | |||||
public void synchronize_user_organization_membership_ignores_organization_alm_ids_match_no_existing_organizations() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization, "Members"); | |||||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, true); | |||||
UserDto user = db.users().insertUser(); | |||||
underTest.synchronizeUserOrganizationMembership(db.getSession(), user, GITHUB, ImmutableSet.of("unknown")); | |||||
// User is member of no organization | |||||
assertThat(db.getDbClient().organizationMemberDao().selectOrganizationUuidsByUser(db.getSession(), user.getUuid())).isEmpty(); | |||||
} | |||||
@Test | |||||
public void synchronize_user_organization_membership_ignores_organization_with_member_sync_disabled() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertDefaultGroup(organization, "Members"); | |||||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, false); | |||||
UserDto user = db.users().insertUser(); | |||||
underTest.synchronizeUserOrganizationMembership(db.getSession(), user, GITHUB, ImmutableSet.of(gitHubInstall.getOrganizationAlmId())); | |||||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||||
} | |||||
@Test | |||||
public void synchronize_user_organization_membership_does_not_remove_existing_membership_on_organization_with_member_sync_disabled() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto org1defaultGroup = db.users().insertDefaultGroup(organization, "Members"); | |||||
AlmAppInstallDto gitHubInstall = db.alm().insertAlmAppInstall(a -> a.setAlm(GITHUB)); | |||||
db.alm().insertOrganizationAlmBinding(organization, gitHubInstall, false); | |||||
UserDto user = db.users().insertUser(); | |||||
db.users().insertMember(org1defaultGroup, user); | |||||
db.organizations().addMember(organization, user); | |||||
// User is member of a organization on which member sync is disabled | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||||
// The organization is not in the list, but membership should not be removed | |||||
underTest.synchronizeUserOrganizationMembership(db.getSession(), user, GITHUB, ImmutableSet.of("other")); | |||||
db.organizations().assertUserIsMemberOfOrganization(organization, user); | |||||
} | |||||
private void assertUserIsNotMember(OrganizationDto organization, UserDto user) { | |||||
db.organizations().assertUserIsNotMemberOfOrganization(organization, user); | |||||
SearchRequestBuilder request = es.client().prepareSearch(UserIndexDefinition.TYPE_USER) | |||||
.setQuery(boolQuery() | |||||
.must(termQuery(FIELD_ORGANIZATION_UUIDS, organization.getUuid())) | |||||
.must(termQuery(FIELD_UUID, user.getUuid()))); | |||||
assertThat(request.get().getHits().getHits()).isEmpty(); | |||||
} | |||||
private void assertOrgPermissionsOfUser(UserDto user, OrganizationDto organization, OrganizationPermission... permissions) { | |||||
assertThat(dbClient.userPermissionDao().selectGlobalPermissionsOfUser(db.getSession(), user.getUuid(), organization.getUuid()).stream() | |||||
.map(OrganizationPermission::fromKey)) | |||||
.containsOnly(permissions); | |||||
} | |||||
private void assertProjectPermissionsOfUser(UserDto user, ComponentDto project, String... permissions) { | |||||
assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(db.getSession(), user.getUuid(), project.uuid())).containsOnly(permissions); | |||||
} | |||||
private void insertProperty(String key, @Nullable String value, @Nullable String componentUuid, @Nullable String userUuid) { | |||||
PropertyDto dto = new PropertyDto().setKey(key) | |||||
.setComponentUuid(componentUuid) | |||||
.setUserUuid(userUuid) | |||||
.setValue(value); | |||||
db.properties().insertProperty(dto); | |||||
} | |||||
} |
/* | |||||
* SonarQube | |||||
* Copyright (C) 2009-2020 SonarSource SA | |||||
* mailto:info AT sonarsource DOT com | |||||
* | |||||
* This program is free software; you can redistribute it and/or | |||||
* modify it under the terms of the GNU Lesser General Public | |||||
* License as published by the Free Software Foundation; either | |||||
* version 3 of the License, or (at your option) any later version. | |||||
* | |||||
* This program is distributed in the hope that it will be useful, | |||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |||||
* Lesser General Public License for more details. | |||||
* | |||||
* You should have received a copy of the GNU Lesser General Public License | |||||
* along with this program; if not, write to the Free Software Foundation, | |||||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||||
*/ | |||||
package org.sonar.server.organization; | |||||
import java.util.ArrayList; | |||||
import java.util.List; | |||||
import java.util.Optional; | |||||
import org.junit.Rule; | |||||
import org.junit.Test; | |||||
import org.junit.rules.ExpectedException; | |||||
import org.mockito.ArgumentCaptor; | |||||
import org.sonar.api.rule.RuleStatus; | |||||
import org.sonar.core.util.SequenceUuidFactory; | |||||
import org.sonar.db.DbTester; | |||||
import org.sonar.db.component.ComponentDto; | |||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.GroupPermissionDto; | |||||
import org.sonar.db.permission.template.PermissionTemplateDto; | |||||
import org.sonar.db.permission.template.PermissionTemplateGroupDto; | |||||
import org.sonar.db.rule.RuleDefinitionDto; | |||||
import org.sonar.db.user.GroupDto; | |||||
import org.sonar.db.user.UserDto; | |||||
import org.sonar.server.es.EsTester; | |||||
import org.sonar.server.rule.index.RuleIndexer; | |||||
import org.sonar.server.usergroups.DefaultGroupCreatorImpl; | |||||
import org.sonar.server.usergroups.DefaultGroupFinder; | |||||
import static org.assertj.core.api.Assertions.assertThat; | |||||
import static org.assertj.core.api.Assertions.tuple; | |||||
import static org.mockito.ArgumentMatchers.any; | |||||
import static org.mockito.Mockito.spy; | |||||
import static org.mockito.Mockito.verify; | |||||
public class OrganisationSupportTest { | |||||
@Rule | |||||
public ExpectedException expectedException = ExpectedException.none(); | |||||
@Rule | |||||
public DbTester dbTester = DbTester.create(); | |||||
@Rule | |||||
public EsTester es = EsTester.create(); | |||||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(dbTester); | |||||
private OrganizationFlags organizationFlags = new OrganizationFlagsImpl(dbTester.getDbClient()); | |||||
private RuleIndexer ruleIndexer = spy(new RuleIndexer(es.client(), dbTester.getDbClient())); | |||||
private OrganisationSupport underTest = new OrganisationSupport(dbTester.getDbClient(), defaultOrganizationProvider, organizationFlags, | |||||
new DefaultGroupCreatorImpl(dbTester.getDbClient(), new SequenceUuidFactory()), new DefaultGroupFinder(dbTester.getDbClient()), ruleIndexer, new SequenceUuidFactory()); | |||||
@Test | |||||
public void enabling_support_saves_internal_property_and_flags_caller_as_root() { | |||||
UserDto user = dbTester.users().insertUser(); | |||||
UserDto otherUser = dbTester.users().insertUser(); | |||||
dbTester.users().insertDefaultGroup(dbTester.getDefaultOrganization(), "sonar-users"); | |||||
verifyFeatureEnabled(false); | |||||
verifyRoot(user, false); | |||||
verifyRoot(otherUser, false); | |||||
call(user.getLogin()); | |||||
verifyFeatureEnabled(true); | |||||
verifyRoot(user, true); | |||||
verifyRoot(otherUser, false); | |||||
} | |||||
@Test | |||||
public void enabling_support_creates_default_members_group_and_associate_org_members() { | |||||
OrganizationDto defaultOrganization = dbTester.getDefaultOrganization(); | |||||
OrganizationDto anotherOrganization = dbTester.organizations().insert(); | |||||
UserDto user1 = dbTester.users().insertUser(); | |||||
UserDto user2 = dbTester.users().insertUser(); | |||||
UserDto userInAnotherOrganization = dbTester.users().insertUser(); | |||||
dbTester.organizations().addMember(defaultOrganization, user1); | |||||
dbTester.organizations().addMember(defaultOrganization, user2); | |||||
dbTester.organizations().addMember(anotherOrganization, userInAnotherOrganization); | |||||
dbTester.users().insertDefaultGroup(dbTester.getDefaultOrganization(), "sonar-users"); | |||||
call(user1.getLogin()); | |||||
Optional<String> defaultGroupUuid = dbTester.getDbClient().organizationDao().getDefaultGroupUuid(dbTester.getSession(), defaultOrganization.getUuid()); | |||||
assertThat(defaultGroupUuid).isPresent(); | |||||
GroupDto membersGroup = dbTester.getDbClient().groupDao().selectByUuid(dbTester.getSession(), defaultGroupUuid.get()); | |||||
assertThat(membersGroup).isNotNull(); | |||||
assertThat(membersGroup.getName()).isEqualTo("Members"); | |||||
assertThat(dbTester.getDbClient().groupMembershipDao().selectGroupUuidsByUserUuid(dbTester.getSession(), user1.getUuid())).containsOnly(defaultGroupUuid.get()); | |||||
assertThat(dbTester.getDbClient().groupMembershipDao().selectGroupUuidsByUserUuid(dbTester.getSession(), user2.getUuid())).containsOnly(defaultGroupUuid.get()); | |||||
assertThat(dbTester.getDbClient().groupMembershipDao().selectGroupUuidsByUserUuid(dbTester.getSession(), userInAnotherOrganization.getUuid())).isEmpty(); | |||||
} | |||||
@Test | |||||
public void enabling_support_copy_sonar_users_permissions_to_members_group() { | |||||
OrganizationDto defaultOrganization = dbTester.getDefaultOrganization(); | |||||
UserDto user = dbTester.users().insertUser(); | |||||
GroupDto sonarUsersGroup = dbTester.users().insertDefaultGroup(defaultOrganization, "sonar-users"); | |||||
ComponentDto project = dbTester.components().insertPrivateProject(defaultOrganization); | |||||
dbTester.users().insertPermissionOnGroup(sonarUsersGroup, "user"); | |||||
dbTester.users().insertProjectPermissionOnGroup(sonarUsersGroup, "codeviewer", project); | |||||
// Should be ignored | |||||
GroupDto anotherGroup = dbTester.users().insertGroup(); | |||||
dbTester.users().insertPermissionOnGroup(anotherGroup, "admin"); | |||||
call(user.getLogin()); | |||||
String defaultGroupUuid = dbTester.getDbClient().organizationDao().getDefaultGroupUuid(dbTester.getSession(), defaultOrganization.getUuid()).get(); | |||||
assertThat(defaultGroupUuid).isNotEqualTo(sonarUsersGroup.getUuid()); | |||||
List<GroupPermissionDto> result = new ArrayList<>(); | |||||
dbTester.getDbClient().groupPermissionDao().selectAllPermissionsByGroupUuid(dbTester.getSession(), defaultOrganization.getUuid(), defaultGroupUuid, | |||||
context -> result.add((GroupPermissionDto) context.getResultObject())); | |||||
assertThat(result).extracting(GroupPermissionDto::getComponentUuid, GroupPermissionDto::getRole).containsOnly( | |||||
tuple(null, "user"), tuple(project.uuid(), "codeviewer")); | |||||
} | |||||
@Test | |||||
public void enabling_support_copy_sonar_users_permission_templates_to_members_group() { | |||||
OrganizationDto defaultOrganization = dbTester.getDefaultOrganization(); | |||||
UserDto user = dbTester.users().insertUser(); | |||||
GroupDto sonarUsersGroup = dbTester.users().insertDefaultGroup(defaultOrganization, "sonar-users"); | |||||
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(dbTester.getDefaultOrganization()); | |||||
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, sonarUsersGroup, "user"); | |||||
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, sonarUsersGroup, "admin"); | |||||
// Should be ignored | |||||
GroupDto otherGroup = dbTester.users().insertGroup(); | |||||
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, otherGroup, "user"); | |||||
call(user.getLogin()); | |||||
String defaultGroupUuid = dbTester.getDbClient().organizationDao().getDefaultGroupUuid(dbTester.getSession(), defaultOrganization.getUuid()).get(); | |||||
assertThat(dbTester.getDbClient().permissionTemplateDao().selectAllGroupPermissionTemplatesByGroupUuid(dbTester.getSession(), defaultGroupUuid)) | |||||
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getPermission) | |||||
.containsOnly(tuple(defaultGroupUuid, "user"), tuple(defaultGroupUuid, "admin")); | |||||
} | |||||
@Test | |||||
public void enabling_organizations_should_remove_template_rule_and_custom_rule() { | |||||
RuleDefinitionDto normal = dbTester.rules().insert(); | |||||
RuleDefinitionDto template = dbTester.rules().insert(r -> r.setIsTemplate(true)); | |||||
RuleDefinitionDto custom = dbTester.rules().insert(r -> r.setTemplateUuid(template.getUuid())); | |||||
UserDto user = dbTester.users().insertUser(); | |||||
dbTester.users().insertDefaultGroup(dbTester.getDefaultOrganization(), "sonar-users"); | |||||
assertThat(dbTester.getDbClient().ruleDao().selectAllDefinitions(dbTester.getSession())) | |||||
.extracting(RuleDefinitionDto::getKey, RuleDefinitionDto::getStatus) | |||||
.containsExactlyInAnyOrder( | |||||
tuple(normal.getKey(), RuleStatus.READY), | |||||
tuple(template.getKey(), RuleStatus.READY), | |||||
tuple(custom.getKey(), RuleStatus.READY)); | |||||
call(user.getLogin()); | |||||
assertThat(dbTester.getDbClient().ruleDao().selectAllDefinitions(dbTester.getSession())) | |||||
.extracting(RuleDefinitionDto::getKey, RuleDefinitionDto::getStatus) | |||||
.containsExactlyInAnyOrder( | |||||
tuple(normal.getKey(), RuleStatus.READY), | |||||
tuple(template.getKey(), RuleStatus.REMOVED), | |||||
tuple(custom.getKey(), RuleStatus.REMOVED)); | |||||
@SuppressWarnings("unchecked") | |||||
Class<ArrayList<String>> listClass = (Class<ArrayList<String>>) (Class) ArrayList.class; | |||||
ArgumentCaptor<ArrayList<String>> indexedRuleKeys = ArgumentCaptor.forClass(listClass); | |||||
verify(ruleIndexer).commitAndIndex(any(), indexedRuleKeys.capture()); | |||||
assertThat(indexedRuleKeys.getValue()).containsExactlyInAnyOrder(template.getUuid(), custom.getUuid()); | |||||
} | |||||
@Test | |||||
public void throw_IAE_when_members_group_already_exists() { | |||||
UserDto user = dbTester.users().insertUser(); | |||||
dbTester.users().insertDefaultGroup(dbTester.getDefaultOrganization(), "sonar-users"); | |||||
dbTester.users().insertGroup(dbTester.getDefaultOrganization(), "Members"); | |||||
expectedException.expect(IllegalArgumentException.class); | |||||
expectedException.expectMessage("The group 'Members' already exist"); | |||||
call(user.getLogin()); | |||||
} | |||||
@Test | |||||
public void do_nothing_if_support_is_already_enabled() { | |||||
dbTester.users().insertDefaultGroup(dbTester.getDefaultOrganization(), "sonar-users"); | |||||
call("foo"); | |||||
verifyFeatureEnabled(true); | |||||
// the test could be improved to verify that | |||||
// the caller user is not flagged as root | |||||
// if he was not already root | |||||
call("foo"); | |||||
verifyFeatureEnabled(true); | |||||
} | |||||
private void call(String login) { | |||||
underTest.enable(login); | |||||
} | |||||
private void verifyFeatureEnabled(boolean enabled) { | |||||
assertThat(organizationFlags.isEnabled(dbTester.getSession())).isEqualTo(enabled); | |||||
} | |||||
private void verifyRoot(UserDto user, boolean root) { | |||||
dbTester.rootFlag().verify(user.getLogin(), root); | |||||
} | |||||
} |
private OrganizationValidation organizationValidation = mock(OrganizationValidation.class); | private OrganizationValidation organizationValidation = mock(OrganizationValidation.class); | ||||
private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | ||||
private UserIndex userIndex = new UserIndex(es.client(), system2); | private UserIndex userIndex = new UserIndex(es.client(), system2); | ||||
private DefaultGroupCreator defaultGroupCreator = new DefaultGroupCreatorImpl(dbClient, uuidFactory); | |||||
private DefaultGroupCreator defaultGroupCreator = new DefaultGroupCreatorImpl(dbClient, uuidFactory, TestDefaultOrganizationProvider.from(db)); | |||||
private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); | private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); | ||||
private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); | private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); | ||||
assertThat(organization.getUpdatedAt()).isEqualTo(A_DATE); | assertThat(organization.getUpdatedAt()).isEqualTo(A_DATE); | ||||
} | } | ||||
@Test | |||||
public void create_creates_owners_group_with_all_permissions_for_new_organization_and_add_current_user_to_it() throws OrganizationUpdater.KeyConflictException { | |||||
UserDto user = db.users().insertUser(); | |||||
builtInQProfileRepositoryRule.initialize(); | |||||
db.qualityGates().insertBuiltInQualityGate(); | |||||
underTest.create(dbSession, user, FULL_POPULATED_NEW_ORGANIZATION, EMPTY_ORGANIZATION_CONSUMER); | |||||
verifyGroupOwners(user, FULL_POPULATED_NEW_ORGANIZATION.getKey(), FULL_POPULATED_NEW_ORGANIZATION.getName()); | |||||
} | |||||
@Test | @Test | ||||
public void create_creates_members_group_and_add_current_user_to_it() throws OrganizationUpdater.KeyConflictException { | public void create_creates_members_group_and_add_current_user_to_it() throws OrganizationUpdater.KeyConflictException { | ||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
assertThat(organization.getAvatarUrl()).isNull(); | assertThat(organization.getAvatarUrl()).isNull(); | ||||
} | } | ||||
@Test | |||||
public void create_creates_default_template_for_new_organization() throws OrganizationUpdater.KeyConflictException { | |||||
builtInQProfileRepositoryRule.initialize(); | |||||
UserDto user = db.users().insertUser(); | |||||
db.qualityGates().insertBuiltInQualityGate(); | |||||
underTest.create(dbSession, user, FULL_POPULATED_NEW_ORGANIZATION, EMPTY_ORGANIZATION_CONSUMER); | |||||
OrganizationDto organization = dbClient.organizationDao().selectByKey(dbSession, FULL_POPULATED_NEW_ORGANIZATION.getKey()).get(); | |||||
GroupDto ownersGroup = dbClient.groupDao().selectByName(dbSession, organization.getUuid(), "Owners").get(); | |||||
String defaultGroupUuid = dbClient.organizationDao().getDefaultGroupUuid(dbSession, organization.getUuid()).get(); | |||||
PermissionTemplateDto defaultTemplate = dbClient.permissionTemplateDao().selectByName(dbSession, organization.getUuid(), "default template"); | |||||
assertThat(defaultTemplate.getName()).isEqualTo("Default template"); | |||||
assertThat(defaultTemplate.getDescription()).isEqualTo("Default permission template of organization " + FULL_POPULATED_NEW_ORGANIZATION.getName()); | |||||
DefaultTemplates defaultTemplates = dbClient.organizationDao().getDefaultTemplates(dbSession, organization.getUuid()).get(); | |||||
assertThat(defaultTemplates.getProjectUuid()).isEqualTo(defaultTemplate.getUuid()); | |||||
assertThat(defaultTemplates.getApplicationsUuid()).isNull(); | |||||
assertThat(dbClient.permissionTemplateDao().selectGroupPermissionsByTemplateUuid(dbSession, defaultTemplate.getUuid())) | |||||
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getPermission) | |||||
.containsOnly( | |||||
tuple(ownersGroup.getUuid(), UserRole.ADMIN), | |||||
tuple(ownersGroup.getUuid(), GlobalPermissions.SCAN_EXECUTION), | |||||
tuple(defaultGroupUuid, UserRole.USER), | |||||
tuple(defaultGroupUuid, UserRole.CODEVIEWER), | |||||
tuple(defaultGroupUuid, UserRole.ISSUE_ADMIN), | |||||
tuple(defaultGroupUuid, UserRole.SECURITYHOTSPOT_ADMIN)); | |||||
} | |||||
@Test | @Test | ||||
public void create_add_current_user_as_member_of_organization() throws OrganizationUpdater.KeyConflictException { | public void create_add_current_user_as_member_of_organization() throws OrganizationUpdater.KeyConflictException { | ||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
underTest.updateOrganizationKey(dbSession, organization, "new_login"); | underTest.updateOrganizationKey(dbSession, organization, "new_login"); | ||||
} | } | ||||
private void verifyGroupOwners(UserDto user, String organizationKey, String organizationName) { | |||||
OrganizationDto organization = dbClient.organizationDao().selectByKey(dbSession, organizationKey).get(); | |||||
Optional<GroupDto> groupOpt = dbClient.groupDao().selectByName(dbSession, organization.getUuid(), "Owners"); | |||||
private void verifyGroupOwners(UserDto user, String organizationKey) { | |||||
Optional<GroupDto> groupOpt = dbClient.groupDao().selectByName(dbSession, "Owners"); | |||||
assertThat(groupOpt).isPresent(); | assertThat(groupOpt).isPresent(); | ||||
GroupDto groupDto = groupOpt.get(); | GroupDto groupDto = groupOpt.get(); | ||||
assertThat(groupDto.getDescription()).isEqualTo("Owners of organization"); | assertThat(groupDto.getDescription()).isEqualTo("Owners of organization"); | ||||
assertThat(dbClient.groupPermissionDao().selectGlobalPermissionsOfGroup(dbSession, groupDto.getOrganizationUuid(), groupDto.getUuid())) | |||||
assertThat(dbClient.groupPermissionDao().selectGlobalPermissionsOfGroup(dbSession, groupDto.getUuid())) | |||||
.containsOnly(GlobalPermissions.ALL.toArray(new String[GlobalPermissions.ALL.size()])); | .containsOnly(GlobalPermissions.ALL.toArray(new String[GlobalPermissions.ALL.size()])); | ||||
List<UserMembershipDto> members = dbClient.groupMembershipDao().selectMembers( | List<UserMembershipDto> members = dbClient.groupMembershipDao().selectMembers( | ||||
dbSession, | dbSession, | ||||
UserMembershipQuery.builder() | UserMembershipQuery.builder() | ||||
.organizationUuid(organization.getUuid()) | |||||
.groupUuid(groupDto.getUuid()) | .groupUuid(groupDto.getUuid()) | ||||
.membership(UserMembershipQuery.IN).build(), | .membership(UserMembershipQuery.IN).build(), | ||||
0, Integer.MAX_VALUE); | 0, Integer.MAX_VALUE); | ||||
private void verifyMembersGroup(UserDto user, String organizationKey) { | private void verifyMembersGroup(UserDto user, String organizationKey) { | ||||
OrganizationDto organization = dbClient.organizationDao().selectByKey(dbSession, organizationKey).get(); | OrganizationDto organization = dbClient.organizationDao().selectByKey(dbSession, organizationKey).get(); | ||||
Optional<GroupDto> groupOpt = dbClient.groupDao().selectByName(dbSession, organization.getUuid(), "Members"); | |||||
Optional<GroupDto> groupOpt = dbClient.groupDao().selectByName(dbSession,"Members"); | |||||
assertThat(groupOpt).isPresent(); | assertThat(groupOpt).isPresent(); | ||||
GroupDto groupDto = groupOpt.get(); | GroupDto groupDto = groupOpt.get(); | ||||
assertThat(groupDto.getDescription()).isEqualTo("All members of the organization"); | assertThat(groupDto.getDescription()).isEqualTo("All members of the organization"); | ||||
assertThat(dbClient.groupPermissionDao().selectGlobalPermissionsOfGroup(dbSession, groupDto.getOrganizationUuid(), groupDto.getUuid())).isEmpty(); | |||||
assertThat(dbClient.groupPermissionDao().selectGlobalPermissionsOfGroup(dbSession, groupDto.getUuid())).isEmpty(); | |||||
List<UserMembershipDto> members = dbClient.groupMembershipDao().selectMembers( | List<UserMembershipDto> members = dbClient.groupMembershipDao().selectMembers( | ||||
dbSession, | dbSession, | ||||
UserMembershipQuery.builder() | UserMembershipQuery.builder() | ||||
.organizationUuid(organization.getUuid()) | |||||
.groupUuid(groupDto.getUuid()) | .groupUuid(groupDto.getUuid()) | ||||
.membership(UserMembershipQuery.IN).build(), | .membership(UserMembershipQuery.IN).build(), | ||||
0, Integer.MAX_VALUE); | 0, Integer.MAX_VALUE); |
@Rule | @Rule | ||||
public ExpectedException expectedException = ExpectedException.none(); | public ExpectedException expectedException = ExpectedException.none(); | ||||
@Test | |||||
public void from_fails_with_NPE_if_GroupDto_organizationUuid_is_null() { | |||||
GroupDto dto = new GroupDto(); | |||||
expectOrganizationUuidNPE(); | |||||
GroupUuidOrAnyone.from(dto); | |||||
} | |||||
@Test | @Test | ||||
public void for_returns_isAnyone_if_id_is_null() { | public void for_returns_isAnyone_if_id_is_null() { | ||||
String organizationUuid = randomAlphabetic(10); | |||||
GroupDto dto = new GroupDto(); | GroupDto dto = new GroupDto(); | ||||
dto.setOrganizationUuid(organizationUuid); | |||||
GroupUuidOrAnyone underTest = GroupUuidOrAnyone.from(dto); | GroupUuidOrAnyone underTest = GroupUuidOrAnyone.from(dto); | ||||
assertThat(underTest.getOrganizationUuid()).isEqualTo(organizationUuid); | |||||
assertThat(underTest.isAnyone()).isTrue(); | assertThat(underTest.isAnyone()).isTrue(); | ||||
assertThat(underTest.getUuid()).isNull(); | assertThat(underTest.getUuid()).isNull(); | ||||
} | } | ||||
@Test | @Test | ||||
public void for_returns_isAnyone_false_if_id_is_not_null() { | public void for_returns_isAnyone_false_if_id_is_not_null() { | ||||
String uuid = randomAlphabetic(10); | String uuid = randomAlphabetic(10); | ||||
String organizationUuid = randomAlphabetic(10); | |||||
GroupDto dto = new GroupDto(); | GroupDto dto = new GroupDto(); | ||||
dto.setOrganizationUuid(organizationUuid); | |||||
dto.setUuid(uuid); | dto.setUuid(uuid); | ||||
GroupUuidOrAnyone underTest = GroupUuidOrAnyone.from(dto); | GroupUuidOrAnyone underTest = GroupUuidOrAnyone.from(dto); | ||||
assertThat(underTest.getOrganizationUuid()).isEqualTo(organizationUuid); | |||||
assertThat(underTest.isAnyone()).isFalse(); | assertThat(underTest.isAnyone()).isFalse(); | ||||
assertThat(underTest.getUuid()).isEqualTo(uuid); | assertThat(underTest.getUuid()).isEqualTo(uuid); | ||||
} | } | ||||
@Test | |||||
public void forAnyone_fails_with_NPE_if_arg_is_null() { | |||||
expectOrganizationUuidNPE(); | |||||
GroupUuidOrAnyone.forAnyone(null); | |||||
} | |||||
@Test | @Test | ||||
public void forAnyone_returns_isAnyone_true() { | public void forAnyone_returns_isAnyone_true() { | ||||
String organizationUuid = randomAlphabetic(12); | |||||
GroupUuidOrAnyone underTest = GroupUuidOrAnyone.forAnyone(organizationUuid); | |||||
GroupUuidOrAnyone underTest = GroupUuidOrAnyone.forAnyone(); | |||||
assertThat(underTest.isAnyone()).isTrue(); | assertThat(underTest.isAnyone()).isTrue(); | ||||
assertThat(underTest.getOrganizationUuid()).isEqualTo(organizationUuid); | |||||
assertThat(underTest.getUuid()).isNull(); | assertThat(underTest.getUuid()).isNull(); | ||||
} | } | ||||
private void expectOrganizationUuidNPE() { | |||||
expectedException.expect(NullPointerException.class); | |||||
expectedException.expectMessage("organizationUuid can't be null"); | |||||
} | |||||
} | } |
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
import static org.assertj.core.api.Assertions.fail; | import static org.assertj.core.api.Assertions.fail; | ||||
import static org.sonar.db.organization.OrganizationTesting.newOrganizationDto; | |||||
public class DoPrivilegedTest { | public class DoPrivilegedTest { | ||||
assertThat(catcher.userSession.isLoggedIn()).isFalse(); | assertThat(catcher.userSession.isLoggedIn()).isFalse(); | ||||
assertThat(catcher.userSession.hasComponentPermission("any permission", new ComponentDto())).isTrue(); | assertThat(catcher.userSession.hasComponentPermission("any permission", new ComponentDto())).isTrue(); | ||||
assertThat(catcher.userSession.isSystemAdministrator()).isTrue(); | assertThat(catcher.userSession.isSystemAdministrator()).isTrue(); | ||||
assertThat(catcher.userSession.hasMembership(newOrganizationDto())).isTrue(); | |||||
// verify session in place after task is done | // verify session in place after task is done | ||||
assertThat(threadLocalUserSession.get()).isSameAs(session); | assertThat(threadLocalUserSession.get()).isSameAs(session); | ||||
// verify the session used inside Privileged task | // verify the session used inside Privileged task | ||||
assertThat(catcher.userSession.isLoggedIn()).isFalse(); | assertThat(catcher.userSession.isLoggedIn()).isFalse(); | ||||
assertThat(catcher.userSession.hasComponentPermission("any permission", new ComponentDto())).isTrue(); | assertThat(catcher.userSession.hasComponentPermission("any permission", new ComponentDto())).isTrue(); | ||||
assertThat(catcher.userSession.hasMembership(newOrganizationDto())).isTrue(); | |||||
} | } | ||||
} | } | ||||
import org.sonar.db.DbClient; | import org.sonar.db.DbClient; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.server.exceptions.ForbiddenException; | import org.sonar.server.exceptions.ForbiddenException; | ||||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||||
import org.sonar.server.organization.TestOrganizationFlags; | |||||
import static com.google.common.base.Preconditions.checkState; | import static com.google.common.base.Preconditions.checkState; | ||||
import static java.util.Arrays.asList; | import static java.util.Arrays.asList; | ||||
@Rule | @Rule | ||||
public ExpectedException expectedException = ExpectedException.none(); | public ExpectedException expectedException = ExpectedException.none(); | ||||
private DbClient dbClient = db.getDbClient(); | private DbClient dbClient = db.getDbClient(); | ||||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||||
private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | |||||
@Test | @Test | ||||
public void anonymous_is_not_logged_in_and_does_not_have_login() { | public void anonymous_is_not_logged_in_and_does_not_have_login() { | ||||
public void hasComponentUuidPermission_returns_true_when_flag_root_is_true_on_UserDto_no_matter_if_user_has_project_permission_for_given_uuid() { | public void hasComponentUuidPermission_returns_true_when_flag_root_is_true_on_UserDto_no_matter_if_user_has_project_permission_for_given_uuid() { | ||||
UserDto root = db.users().insertUser(); | UserDto root = db.users().insertUser(); | ||||
root = db.users().makeRoot(root); | root = db.users().makeRoot(root); | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
ComponentDto file = db.components().insertComponent(newFileDto(project)); | ComponentDto file = db.components().insertComponent(newFileDto(project)); | ||||
UserSession underTest = newUserSession(root); | UserSession underTest = newUserSession(root); | ||||
public void checkComponentUuidPermission_succeeds_if_user_has_permission_for_specified_uuid_in_db() { | public void checkComponentUuidPermission_succeeds_if_user_has_permission_for_specified_uuid_in_db() { | ||||
UserDto root = db.users().insertUser(); | UserDto root = db.users().insertUser(); | ||||
root = db.users().makeRoot(root); | root = db.users().makeRoot(root); | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto project = db.components().insertPrivateProject(organization); | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
ComponentDto file = db.components().insertComponent(newFileDto(project)); | ComponentDto file = db.components().insertComponent(newFileDto(project)); | ||||
UserSession underTest = newUserSession(root); | UserSession underTest = newUserSession(root); | ||||
} | } | ||||
@Test | @Test | ||||
public void checkPermission_throws_ForbiddenException_when_user_doesnt_have_the_specified_permission_on_organization() { | |||||
OrganizationDto org = db.organizations().insert(); | |||||
public void checkPermission_throws_ForbiddenException_when_user_doesnt_have_the_specified_permission() { | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
expectInsufficientPrivilegesForbiddenException(); | expectInsufficientPrivilegesForbiddenException(); | ||||
newUserSession(user).checkPermission(PROVISION_PROJECTS, org); | |||||
newUserSession(user).checkPermission(PROVISION_PROJECTS); | |||||
} | } | ||||
@Test | @Test | ||||
public void checkPermission_succeeds_when_user_has_the_specified_permission_on_organization() { | |||||
OrganizationDto org = db.organizations().insert(); | |||||
public void checkPermission_succeeds_when_user_has_the_specified_permission() { | |||||
UserDto root = db.users().insertUser(); | UserDto root = db.users().insertUser(); | ||||
root = db.users().makeRoot(root); | root = db.users().makeRoot(root); | ||||
db.users().insertPermissionOnUser(org, root, PROVISIONING); | |||||
db.users().insertPermissionOnUser(root, PROVISIONING); | |||||
newUserSession(root).checkPermission(PROVISION_PROJECTS, org); | |||||
newUserSession(root).checkPermission(PROVISION_PROJECTS); | |||||
} | } | ||||
@Test | @Test | ||||
public void checkPermission_succeeds_when_user_is_root() { | public void checkPermission_succeeds_when_user_is_root() { | ||||
OrganizationDto org = db.organizations().insert(); | |||||
UserDto root = db.users().insertUser(); | UserDto root = db.users().insertUser(); | ||||
root = db.users().makeRoot(root); | root = db.users().makeRoot(root); | ||||
newUserSession(root).checkPermission(PROVISION_PROJECTS, org); | |||||
newUserSession(root).checkPermission(PROVISION_PROJECTS); | |||||
} | } | ||||
@Test | @Test | ||||
public void test_hasPermission_on_organization_for_logged_in_user() { | |||||
OrganizationDto org = db.organizations().insert(); | |||||
ComponentDto project = db.components().insertPrivateProject(org); | |||||
public void test_hasPermission_for_logged_in_user() { | |||||
ComponentDto project = db.components().insertPrivateProject(); | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
db.users().insertPermissionOnUser(org, user, PROVISION_PROJECTS); | |||||
db.users().insertPermissionOnUser(user, PROVISION_PROJECTS); | |||||
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project); | db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project); | ||||
UserSession session = newUserSession(user); | UserSession session = newUserSession(user); | ||||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||||
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); | |||||
assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse(); | |||||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||||
assertThat(session.hasPermission(ADMINISTER)).isFalse(); | |||||
} | } | ||||
@Test | @Test | ||||
public void test_hasPermission_on_organization_for_anonymous_user() { | |||||
OrganizationDto org = db.organizations().insert(); | |||||
db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS); | |||||
public void test_hasPermission_for_anonymous_user() { | |||||
db.users().insertPermissionOnAnyone(PROVISION_PROJECTS); | |||||
UserSession session = newAnonymousSession(); | UserSession session = newAnonymousSession(); | ||||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||||
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); | |||||
assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse(); | |||||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||||
assertThat(session.hasPermission(ADMINISTER)).isFalse(); | |||||
} | } | ||||
@Test | @Test | ||||
public void hasPermission_on_organization_keeps_cache_of_permissions_of_logged_in_user() { | |||||
OrganizationDto org = db.organizations().insert(); | |||||
public void hasPermission_keeps_cache_of_permissions_of_logged_in_user() { | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
db.users().insertPermissionOnUser(org, user, PROVISIONING); | |||||
db.users().insertPermissionOnUser(user, PROVISIONING); | |||||
UserSession session = newUserSession(user); | UserSession session = newUserSession(user); | ||||
// feed the cache | // feed the cache | ||||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||||
// change permissions without updating the cache | // change permissions without updating the cache | ||||
db.users().deletePermissionFromUser(org, user, PROVISION_PROJECTS); | |||||
db.users().insertPermissionOnUser(org, user, SCAN); | |||||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||||
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); | |||||
assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse(); | |||||
db.users().deletePermissionFromUser(user, PROVISION_PROJECTS); | |||||
db.users().insertPermissionOnUser(user, SCAN); | |||||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||||
assertThat(session.hasPermission(ADMINISTER)).isFalse(); | |||||
assertThat(session.hasPermission(SCAN)).isFalse(); | |||||
} | } | ||||
@Test | @Test | ||||
public void hasPermission_on_organization_keeps_cache_of_permissions_of_anonymous_user() { | |||||
OrganizationDto org = db.organizations().insert(); | |||||
db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS); | |||||
public void hasPermission_keeps_cache_of_permissions_of_anonymous_user() { | |||||
db.users().insertPermissionOnAnyone(PROVISION_PROJECTS); | |||||
UserSession session = newAnonymousSession(); | UserSession session = newAnonymousSession(); | ||||
// feed the cache | // feed the cache | ||||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||||
// change permissions without updating the cache | // change permissions without updating the cache | ||||
db.users().insertPermissionOnAnyone(org, SCAN); | |||||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||||
assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse(); | |||||
db.users().insertPermissionOnAnyone(SCAN); | |||||
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); | |||||
assertThat(session.hasPermission(SCAN)).isFalse(); | |||||
} | } | ||||
@Test | @Test | ||||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_without_permissions() { | public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_without_permissions() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
ServerUserSession underTest = newAnonymousSession(); | ServerUserSession underTest = newAnonymousSession(); | ||||
@Test | @Test | ||||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_global_permissions() { | public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_global_permissions() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
db.users().insertProjectPermissionOnAnyone("p1", publicProject); | db.users().insertProjectPermissionOnAnyone("p1", publicProject); | ||||
ServerUserSession underTest = newAnonymousSession(); | ServerUserSession underTest = newAnonymousSession(); | ||||
@Test | @Test | ||||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_group_permissions() { | public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_group_permissions() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
db.users().insertProjectPermissionOnGroup(db.users().insertGroup(organization), "p1", publicProject); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
db.users().insertProjectPermissionOnGroup(db.users().insertGroup(), "p1", publicProject); | |||||
ServerUserSession underTest = newAnonymousSession(); | ServerUserSession underTest = newAnonymousSession(); | ||||
@Test | @Test | ||||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_user_permissions() { | public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_user_permissions() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p1", publicProject); | db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p1", publicProject); | ||||
ServerUserSession underTest = newAnonymousSession(); | ServerUserSession underTest = newAnonymousSession(); | ||||
@Test | @Test | ||||
public void hasComponentPermissionByDtoOrUuid_returns_false_for_authenticated_user_for_permissions_USER_and_CODEVIEWER_on_private_projects_with_group_permissions() { | public void hasComponentPermissionByDtoOrUuid_returns_false_for_authenticated_user_for_permissions_USER_and_CODEVIEWER_on_private_projects_with_group_permissions() { | ||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||||
db.users().insertProjectPermissionOnGroup(db.users().insertGroup(organization), "p1", privateProject); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||||
db.users().insertProjectPermissionOnGroup(db.users().insertGroup(), "p1", privateProject); | |||||
ServerUserSession underTest = newUserSession(user); | ServerUserSession underTest = newUserSession(user); | ||||
@Test | @Test | ||||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_inserted_permissions_on_group_AnyOne_on_public_projects() { | public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_inserted_permissions_on_group_AnyOne_on_public_projects() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
db.users().insertProjectPermissionOnAnyone("p1", publicProject); | db.users().insertProjectPermissionOnAnyone("p1", publicProject); | ||||
ServerUserSession underTest = newAnonymousSession(); | ServerUserSession underTest = newAnonymousSession(); | ||||
@Test | @Test | ||||
public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_public_projects() { | public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_public_projects() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
GroupDto group = db.users().insertGroup(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
GroupDto group = db.users().insertGroup(); | |||||
db.users().insertProjectPermissionOnGroup(group, "p1", publicProject); | db.users().insertProjectPermissionOnGroup(group, "p1", publicProject); | ||||
ServerUserSession underTest = newAnonymousSession(); | ServerUserSession underTest = newAnonymousSession(); | ||||
@Test | @Test | ||||
public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_private_projects() { | public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_private_projects() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||||
GroupDto group = db.users().insertGroup(organization); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||||
GroupDto group = db.users().insertGroup(); | |||||
db.users().insertProjectPermissionOnGroup(group, "p1", privateProject); | db.users().insertProjectPermissionOnGroup(group, "p1", privateProject); | ||||
ServerUserSession underTest = newAnonymousSession(); | ServerUserSession underTest = newAnonymousSession(); | ||||
@Test | @Test | ||||
public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_user_on_public_projects() { | public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_user_on_public_projects() { | ||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
db.users().insertProjectPermissionOnUser(user, "p1", publicProject); | db.users().insertProjectPermissionOnUser(user, "p1", publicProject); | ||||
ServerUserSession underTest = newAnonymousSession(); | ServerUserSession underTest = newAnonymousSession(); | ||||
public void hasComponentPermissionByDtoOrUuid_returns_true_for_any_project_or_permission_for_root_user() { | public void hasComponentPermissionByDtoOrUuid_returns_true_for_any_project_or_permission_for_root_user() { | ||||
UserDto root = db.users().insertUser(); | UserDto root = db.users().insertUser(); | ||||
root = db.users().makeRoot(root); | root = db.users().makeRoot(root); | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
ServerUserSession underTest = newUserSession(root); | ServerUserSession underTest = newUserSession(root); | ||||
@Test | @Test | ||||
public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_logged_in_user() { | public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_logged_in_user() { | ||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, publicProject); | db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, publicProject); | ||||
UserSession underTest = newUserSession(user); | UserSession underTest = newUserSession(user); | ||||
@Test | @Test | ||||
public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_anonymous_user() { | public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_anonymous_user() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
db.users().insertProjectPermissionOnAnyone(UserRole.ADMIN, publicProject); | db.users().insertProjectPermissionOnAnyone(UserRole.ADMIN, publicProject); | ||||
UserSession underTest = newAnonymousSession(); | UserSession underTest = newAnonymousSession(); | ||||
@Test | @Test | ||||
public void keepAuthorizedComponents_returns_empty_list_if_no_permissions_are_granted() { | public void keepAuthorizedComponents_returns_empty_list_if_no_permissions_are_granted() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||||
UserSession underTest = newAnonymousSession(); | UserSession underTest = newAnonymousSession(); | ||||
@Test | @Test | ||||
public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_logged_in_user() { | public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_logged_in_user() { | ||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||||
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); | db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); | ||||
UserSession underTest = newUserSession(user); | UserSession underTest = newUserSession(user); | ||||
@Test | @Test | ||||
public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_anonymous() { | public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_anonymous() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||||
db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject); | db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject); | ||||
UserSession underTest = newAnonymousSession(); | UserSession underTest = newAnonymousSession(); | ||||
public void keepAuthorizedComponents_returns_all_specified_components_if_root() { | public void keepAuthorizedComponents_returns_all_specified_components_if_root() { | ||||
UserDto root = db.users().insertUser(); | UserDto root = db.users().insertUser(); | ||||
root = db.users().makeRoot(root); | root = db.users().makeRoot(root); | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
ComponentDto publicProject = db.components().insertPublicProject(organization); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(organization); | |||||
ComponentDto publicProject = db.components().insertPublicProject(); | |||||
ComponentDto privateProject = db.components().insertPrivateProject(); | |||||
UserSession underTest = newUserSession(root); | UserSession underTest = newUserSession(root); | ||||
@Test | @Test | ||||
public void isSystemAdministrator_returns_true_if_org_feature_is_enabled_and_user_is_root() { | public void isSystemAdministrator_returns_true_if_org_feature_is_enabled_and_user_is_root() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto root = db.users().insertUser(); | UserDto root = db.users().insertUser(); | ||||
root = db.users().makeRoot(root); | root = db.users().makeRoot(root); | ||||
@Test | @Test | ||||
public void isSystemAdministrator_returns_false_if_org_feature_is_enabled_and_user_is_not_root() { | public void isSystemAdministrator_returns_false_if_org_feature_is_enabled_and_user_is_not_root() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto user = db.users().insertUser(); | |||||
UserSession session = newUserSession(user); | |||||
assertThat(session.isSystemAdministrator()).isFalse(); | |||||
} | |||||
@Test | |||||
public void isSystemAdministrator_returns_false_if_org_feature_is_enabled_and_user_is_administrator_of_default_organization() { | |||||
organizationFlags.setEnabled(true); | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SYSTEM_ADMIN); | |||||
UserSession session = newUserSession(user); | UserSession session = newUserSession(user); | ||||
} | } | ||||
@Test | @Test | ||||
public void isSystemAdministrator_returns_true_if_org_feature_is_disabled_and_user_is_administrator_of_default_organization() { | |||||
organizationFlags.setEnabled(false); | |||||
public void isSystemAdministrator_returns_true_if_user_is_administrator() { | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SYSTEM_ADMIN); | |||||
db.users().insertPermissionOnUser(user, SYSTEM_ADMIN); | |||||
UserSession session = newUserSession(user); | UserSession session = newUserSession(user); | ||||
} | } | ||||
@Test | @Test | ||||
public void isSystemAdministrator_returns_false_if_org_feature_is_disabled_and_user_is_not_administrator_of_default_organization() { | |||||
organizationFlags.setEnabled(true); | |||||
public void isSystemAdministrator_returns_false_if_user_is_not_administrator() { | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, PROVISIONING); | |||||
db.users().insertPermissionOnUser(user, PROVISIONING); | |||||
UserSession session = newUserSession(user); | UserSession session = newUserSession(user); | ||||
@Test | @Test | ||||
public void keep_isSystemAdministrator_flag_in_cache() { | public void keep_isSystemAdministrator_flag_in_cache() { | ||||
organizationFlags.setEnabled(false); | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SYSTEM_ADMIN); | |||||
db.users().insertPermissionOnUser(user, SYSTEM_ADMIN); | |||||
UserSession session = newUserSession(user); | UserSession session = newUserSession(user); | ||||
@Test | @Test | ||||
public void checkIsSystemAdministrator_succeeds_if_system_administrator() { | public void checkIsSystemAdministrator_succeeds_if_system_administrator() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto root = db.users().insertUser(); | UserDto root = db.users().insertUser(); | ||||
root = db.users().makeRoot(root); | root = db.users().makeRoot(root); | ||||
@Test | @Test | ||||
public void checkIsSystemAdministrator_throws_ForbiddenException_if_not_system_administrator() { | public void checkIsSystemAdministrator_throws_ForbiddenException_if_not_system_administrator() { | ||||
organizationFlags.setEnabled(true); | |||||
UserDto user = db.users().insertUser(); | UserDto user = db.users().insertUser(); | ||||
UserSession session = newUserSession(user); | UserSession session = newUserSession(user); | ||||
assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", fileInBranch)).isTrue(); | assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", fileInBranch)).isTrue(); | ||||
} | } | ||||
@Test | |||||
public void hasMembership() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto notMember = db.users().insertUser(); | |||||
UserDto member = db.users().insertUser(); | |||||
db.organizations().addMember(organization, member); | |||||
UserDto root = db.users().makeRoot(db.users().insertUser()); | |||||
assertThat(newUserSession(member).hasMembership(organization)).isTrue(); | |||||
assertThat(newUserSession(notMember).hasMembership(organization)).isFalse(); | |||||
assertThat(newUserSession(root).hasMembership(organization)).isTrue(); | |||||
} | |||||
@Test | |||||
public void hasMembership_keeps_membership_in_cache() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto user = db.users().insertUser(); | |||||
db.organizations().addMember(organization, user); | |||||
ServerUserSession session = newUserSession(user); | |||||
assertThat(session.hasMembership(organization)).isTrue(); | |||||
// membership updated but not cache | |||||
db.getDbClient().organizationMemberDao().delete(db.getSession(), organization.getUuid(), user.getUuid()); | |||||
db.commit(); | |||||
assertThat(session.hasMembership(organization)).isTrue(); | |||||
} | |||||
@Test | |||||
public void checkMembership_throws_ForbiddenException_when_user_is_not_member_of_organization() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto notMember = db.users().insertUser(); | |||||
expectedException.expect(ForbiddenException.class); | |||||
expectedException.expectMessage(String.format("You're not member of organization '%s'", organization.getKey())); | |||||
newUserSession(notMember).checkMembership(organization); | |||||
} | |||||
@Test | |||||
public void checkMembership_succeeds_when_user_is_member_of_organization() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto member = db.users().insertUser(); | |||||
db.organizations().addMember(organization, member); | |||||
newUserSession(member).checkMembership(organization); | |||||
} | |||||
@Test | |||||
public void checkMembership_succeeds_when_user_is_not_member_of_organization_but_root() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
UserDto root = db.users().makeRoot(db.users().insertUser()); | |||||
newUserSession(root).checkMembership(organization); | |||||
} | |||||
private ServerUserSession newUserSession(@Nullable UserDto userDto) { | private ServerUserSession newUserSession(@Nullable UserDto userDto) { | ||||
return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, userDto); | |||||
return new ServerUserSession(dbClient, userDto); | |||||
} | } | ||||
private ServerUserSession newAnonymousSession() { | private ServerUserSession newAnonymousSession() { |
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.db.user.UserPropertyDto; | |||||
import org.sonar.server.authentication.CredentialsLocalAuthentication; | import org.sonar.server.authentication.CredentialsLocalAuthentication; | ||||
import org.sonar.server.authentication.CredentialsLocalAuthentication.HashMethod; | import org.sonar.server.authentication.CredentialsLocalAuthentication.HashMethod; | ||||
import org.sonar.server.es.EsTester; | import org.sonar.server.es.EsTester; | ||||
import org.sonar.server.exceptions.BadRequestException; | import org.sonar.server.exceptions.BadRequestException; | ||||
import org.sonar.server.organization.DefaultOrganizationProvider; | import org.sonar.server.organization.DefaultOrganizationProvider; | ||||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | import org.sonar.server.organization.TestDefaultOrganizationProvider; | ||||
import org.sonar.server.organization.TestOrganizationFlags; | |||||
import org.sonar.server.user.index.UserIndexDefinition; | import org.sonar.server.user.index.UserIndexDefinition; | ||||
import org.sonar.server.user.index.UserIndexer; | import org.sonar.server.user.index.UserIndexer; | ||||
import org.sonar.server.usergroups.DefaultGroupFinder; | import org.sonar.server.usergroups.DefaultGroupFinder; | ||||
@Rule | @Rule | ||||
public ExpectedException expectedException = ExpectedException.none(); | public ExpectedException expectedException = ExpectedException.none(); | ||||
@Rule | @Rule | ||||
public EsTester es = EsTester.create(); | public EsTester es = EsTester.create(); | ||||
@Rule | @Rule | ||||
public DbTester db = DbTester.create(system2); | public DbTester db = DbTester.create(system2); | ||||
private DbSession session = db.getSession(); | private DbSession session = db.getSession(); | ||||
private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | ||||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | ||||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||||
private MapSettings settings = new MapSettings(); | private MapSettings settings = new MapSettings(); | ||||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | ||||
private UserUpdater underTest = new UserUpdater(system2, newUserNotifier, dbClient, userIndexer, organizationFlags, defaultOrganizationProvider, | |||||
new DefaultGroupFinder(dbClient), settings.asConfig(), localAuthentication); | |||||
private UserUpdater underTest = new UserUpdater(newUserNotifier, dbClient, userIndexer, defaultOrganizationProvider, | |||||
new DefaultGroupFinder(dbClient, defaultOrganizationProvider), settings.asConfig(), localAuthentication); | |||||
@Test | @Test | ||||
public void create_user() { | public void create_user() { | ||||
assertThat(dbClient.userDao().selectByLogin(session, "user").isOnboarded()).isFalse(); | assertThat(dbClient.userDao().selectByLogin(session, "user").isOnboarded()).isFalse(); | ||||
} | } | ||||
@Test | |||||
public void set_notifications_readDate_setting_when_creating_user_and_organization_enabled() { | |||||
long now = system2.now(); | |||||
organizationFlags.setEnabled(true); | |||||
createDefaultGroup(); | |||||
UserDto user = underTest.createAndCommit(db.getSession(), NewUser.builder() | |||||
.setLogin("userLogin") | |||||
.setName("UserName") | |||||
.build(), u -> { | |||||
}); | |||||
UserPropertyDto notificationReadDateSetting = dbClient.userPropertiesDao().selectByUser(session, user).get(0); | |||||
assertThat(notificationReadDateSetting.getKey()).isEqualTo("notifications.readDate"); | |||||
assertThat(Long.parseLong(notificationReadDateSetting.getValue())).isGreaterThanOrEqualTo(now); | |||||
} | |||||
@Test | @Test | ||||
public void does_not_set_notifications_readDate_setting_when_creating_user_when_not_on_and_organization_disabled() { | public void does_not_set_notifications_readDate_setting_when_creating_user_when_not_on_and_organization_disabled() { | ||||
createDefaultGroup(); | createDefaultGroup(); | ||||
assertThat(groups.get("user")).containsOnly(defaultGroup.getName()); | assertThat(groups.get("user")).containsOnly(defaultGroup.getName()); | ||||
} | } | ||||
@Test | |||||
public void does_not_associate_default_group_when_creating_user_and_organizations_are_enabled() { | |||||
organizationFlags.setEnabled(true); | |||||
createDefaultGroup(); | |||||
underTest.createAndCommit(db.getSession(), NewUser.builder() | |||||
.setLogin("user") | |||||
.setName("User") | |||||
.setEmail("user@mail.com") | |||||
.setPassword("password") | |||||
.build(), u -> { | |||||
}); | |||||
Multimap<String, String> groups = dbClient.groupMembershipDao().selectGroupsByLogins(session, asList("user")); | |||||
assertThat(groups.get("user")).isEmpty(); | |||||
} | |||||
@Test | @Test | ||||
public void fail_to_associate_default_group_when_default_group_does_not_exist() { | public void fail_to_associate_default_group_when_default_group_does_not_exist() { | ||||
expectedException.expect(IllegalStateException.class); | expectedException.expect(IllegalStateException.class); | ||||
assertThat(dbClient.organizationMemberDao().select(db.getSession(), defaultOrganizationProvider.get().getUuid(), dto.getUuid())).isPresent(); | assertThat(dbClient.organizationMemberDao().select(db.getSession(), defaultOrganizationProvider.get().getUuid(), dto.getUuid())).isPresent(); | ||||
} | } | ||||
@Test | |||||
public void does_not_add_user_as_member_of_default_organization_when_creating_user_and_organizations_are_enabled() { | |||||
organizationFlags.setEnabled(true); | |||||
createDefaultGroup(); | |||||
UserDto dto = underTest.createAndCommit(db.getSession(), NewUser.builder() | |||||
.setLogin("user") | |||||
.setName("User") | |||||
.setEmail("user@mail.com") | |||||
.setPassword("PASSWORD") | |||||
.build(), u -> { | |||||
}); | |||||
assertThat(dbClient.organizationMemberDao().select(db.getSession(), defaultOrganizationProvider.get().getUuid(), dto.getUuid())).isNotPresent(); | |||||
} | |||||
private GroupDto createDefaultGroup() { | private GroupDto createDefaultGroup() { | ||||
return db.users().insertDefaultGroup(db.getDefaultOrganization()); | |||||
return db.users().insertDefaultGroup(); | |||||
} | } | ||||
} | } |
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.GroupTesting; | import org.sonar.db.user.GroupTesting; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.db.user.UserPropertyDto; | |||||
import org.sonar.server.authentication.CredentialsLocalAuthentication; | import org.sonar.server.authentication.CredentialsLocalAuthentication; | ||||
import org.sonar.server.authentication.CredentialsLocalAuthentication.HashMethod; | import org.sonar.server.authentication.CredentialsLocalAuthentication.HashMethod; | ||||
import org.sonar.server.es.EsTester; | import org.sonar.server.es.EsTester; | ||||
import org.sonar.server.organization.DefaultOrganizationProvider; | import org.sonar.server.organization.DefaultOrganizationProvider; | ||||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | import org.sonar.server.organization.TestDefaultOrganizationProvider; | ||||
import org.sonar.server.organization.TestOrganizationFlags; | |||||
import org.sonar.server.user.index.UserIndexer; | import org.sonar.server.user.index.UserIndexer; | ||||
import org.sonar.server.usergroups.DefaultGroupFinder; | import org.sonar.server.usergroups.DefaultGroupFinder; | ||||
@Rule | @Rule | ||||
public ExpectedException expectedException = ExpectedException.none(); | public ExpectedException expectedException = ExpectedException.none(); | ||||
@Rule | @Rule | ||||
public EsTester es = EsTester.create(); | public EsTester es = EsTester.create(); | ||||
@Rule | @Rule | ||||
public DbTester db = DbTester.create(system2); | public DbTester db = DbTester.create(system2); | ||||
private DbSession session = db.getSession(); | private DbSession session = db.getSession(); | ||||
private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | ||||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | ||||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||||
private MapSettings settings = new MapSettings(); | private MapSettings settings = new MapSettings(); | ||||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | ||||
private UserUpdater underTest = new UserUpdater(system2, newUserNotifier, dbClient, userIndexer, organizationFlags, defaultOrganizationProvider, | |||||
new DefaultGroupFinder(dbClient), settings.asConfig(), localAuthentication); | |||||
private UserUpdater underTest = new UserUpdater(newUserNotifier, dbClient, userIndexer, defaultOrganizationProvider, | |||||
new DefaultGroupFinder(dbClient, defaultOrganizationProvider), | |||||
settings.asConfig(), localAuthentication); | |||||
@Test | @Test | ||||
public void reactivate_user() { | public void reactivate_user() { | ||||
} | } | ||||
@Test | @Test | ||||
public void associate_default_groups_when_reactivating_user_and_organizations_are_disabled() { | |||||
public void associate_default_groups_when_reactivating_user() { | |||||
UserDto userDto = db.users().insertDisabledUser(); | UserDto userDto = db.users().insertDisabledUser(); | ||||
db.organizations().insertForUuid("org1"); | |||||
GroupDto groupDto = db.users().insertGroup(GroupTesting.newGroupDto().setName("sonar-devs").setOrganizationUuid("org1")); | |||||
GroupDto groupDto = db.users().insertGroup(GroupTesting.newGroupDto().setName("sonar-devs")); | |||||
db.users().insertMember(groupDto, userDto); | db.users().insertMember(groupDto, userDto); | ||||
GroupDto defaultGroup = createDefaultGroup(); | GroupDto defaultGroup = createDefaultGroup(); | ||||
assertThat(groups.get(userDto.getLogin()).stream().anyMatch(g -> g.equals(defaultGroup.getName()))).isTrue(); | assertThat(groups.get(userDto.getLogin()).stream().anyMatch(g -> g.equals(defaultGroup.getName()))).isTrue(); | ||||
} | } | ||||
@Test | |||||
public void does_not_associate_default_groups_when_reactivating_user_and_organizations_are_enabled() { | |||||
organizationFlags.setEnabled(true); | |||||
UserDto userDto = db.users().insertDisabledUser(); | |||||
db.organizations().insertForUuid("org1"); | |||||
GroupDto groupDto = db.users().insertGroup(GroupTesting.newGroupDto().setName("sonar-devs").setOrganizationUuid("org1")); | |||||
db.users().insertMember(groupDto, userDto); | |||||
GroupDto defaultGroup = createDefaultGroup(); | |||||
underTest.reactivateAndCommit(db.getSession(), userDto, NewUser.builder() | |||||
.setLogin(userDto.getLogin()) | |||||
.setName(userDto.getName()) | |||||
.build(), u -> { | |||||
}); | |||||
session.commit(); | |||||
Multimap<String, String> groups = dbClient.groupMembershipDao().selectGroupsByLogins(session, singletonList(userDto.getLogin())); | |||||
assertThat(groups.get(userDto.getLogin()).stream().anyMatch(g -> g.equals(defaultGroup.getName()))).isFalse(); | |||||
} | |||||
@Test | |||||
public void add_user_as_member_of_default_organization_when_reactivating_user_and_organizations_are_disabled() { | |||||
UserDto user = db.users().insertDisabledUser(); | |||||
createDefaultGroup(); | |||||
UserDto dto = underTest.reactivateAndCommit(db.getSession(), user, NewUser.builder().setLogin(user.getLogin()).setName(user.getName()).build(), u -> { | |||||
}); | |||||
assertThat(dbClient.organizationMemberDao().select(db.getSession(), defaultOrganizationProvider.get().getUuid(), dto.getUuid())).isPresent(); | |||||
} | |||||
@Test | |||||
public void does_not_add_user_as_member_of_default_organization_when_reactivating_user_and_organizations_are_enabled() { | |||||
organizationFlags.setEnabled(true); | |||||
UserDto user = db.users().insertDisabledUser(); | |||||
createDefaultGroup(); | |||||
UserDto dto = underTest.reactivateAndCommit(db.getSession(), user, NewUser.builder().setLogin(user.getLogin()).setName(user.getName()).build(), u -> { | |||||
}); | |||||
assertThat(dbClient.organizationMemberDao().select(db.getSession(), defaultOrganizationProvider.get().getUuid(), dto.getUuid())).isNotPresent(); | |||||
} | |||||
@Test | @Test | ||||
public void reactivate_not_onboarded_user_if_onboarding_setting_is_set_to_false() { | public void reactivate_not_onboarded_user_if_onboarding_setting_is_set_to_false() { | ||||
settings.setProperty(ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS.getKey(), false); | settings.setProperty(ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS.getKey(), false); | ||||
} | } | ||||
@Test | @Test | ||||
public void set_notifications_readDate_setting_when_reactivating_user_on_sonar_cloud() { | |||||
long now = system2.now(); | |||||
organizationFlags.setEnabled(true); | |||||
createDefaultGroup(); | |||||
UserDto user = db.users().insertDisabledUser(); | |||||
underTest.reactivateAndCommit(db.getSession(), user, NewUser.builder() | |||||
.setLogin(user.getLogin()) | |||||
.setName(user.getName()) | |||||
.build(), u -> { | |||||
}); | |||||
UserPropertyDto notificationReadDateSetting = dbClient.userPropertiesDao().selectByUser(session, user).get(0); | |||||
assertThat(notificationReadDateSetting.getKey()).isEqualTo("notifications.readDate"); | |||||
assertThat(Long.parseLong(notificationReadDateSetting.getValue())).isGreaterThanOrEqualTo(now); | |||||
} | |||||
@Test | |||||
public void does_not_set_notifications_readDate_setting_when_reactivating_user_when_not_on_sonar_cloud() { | |||||
public void does_not_set_notifications_readDate_setting_when_reactivating_user() { | |||||
createDefaultGroup(); | createDefaultGroup(); | ||||
UserDto user = db.users().insertDisabledUser(); | UserDto user = db.users().insertDisabledUser(); | ||||
} | } | ||||
private GroupDto createDefaultGroup() { | private GroupDto createDefaultGroup() { | ||||
return db.users().insertDefaultGroup(db.getDefaultOrganization()); | |||||
return db.users().insertDefaultGroup(); | |||||
} | } | ||||
} | } |
import org.sonar.server.exceptions.BadRequestException; | import org.sonar.server.exceptions.BadRequestException; | ||||
import org.sonar.server.organization.DefaultOrganizationProvider; | import org.sonar.server.organization.DefaultOrganizationProvider; | ||||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | import org.sonar.server.organization.TestDefaultOrganizationProvider; | ||||
import org.sonar.server.organization.TestOrganizationFlags; | |||||
import org.sonar.server.user.index.UserIndexDefinition; | import org.sonar.server.user.index.UserIndexDefinition; | ||||
import org.sonar.server.user.index.UserIndexer; | import org.sonar.server.user.index.UserIndexer; | ||||
import org.sonar.server.usergroups.DefaultGroupFinder; | import org.sonar.server.usergroups.DefaultGroupFinder; | ||||
@Rule | @Rule | ||||
public ExpectedException expectedException = ExpectedException.none(); | public ExpectedException expectedException = ExpectedException.none(); | ||||
@Rule | @Rule | ||||
public EsTester es = EsTester.create(); | public EsTester es = EsTester.create(); | ||||
@Rule | @Rule | ||||
public DbTester db = DbTester.create(system2); | public DbTester db = DbTester.create(system2); | ||||
private DbSession session = db.getSession(); | private DbSession session = db.getSession(); | ||||
private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); | ||||
private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); | ||||
private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); | |||||
private MapSettings settings = new MapSettings(); | private MapSettings settings = new MapSettings(); | ||||
private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient()); | ||||
private UserUpdater underTest = new UserUpdater(system2, newUserNotifier, dbClient, userIndexer, organizationFlags, defaultOrganizationProvider, | |||||
new DefaultGroupFinder(dbClient), settings.asConfig(), localAuthentication); | |||||
private UserUpdater underTest = new UserUpdater(newUserNotifier, dbClient, userIndexer, defaultOrganizationProvider, | |||||
new DefaultGroupFinder(dbClient, defaultOrganizationProvider), settings.asConfig(), localAuthentication); | |||||
@Test | @Test | ||||
public void update_user() { | public void update_user() { | ||||
underTest.updateAndCommit(session, user, new UpdateUser() | underTest.updateAndCommit(session, user, new UpdateUser() | ||||
.setLogin("new_login"), u -> { | .setLogin("new_login"), u -> { | ||||
}); | |||||
}); | |||||
assertThat(dbClient.userDao().selectByLogin(session, DEFAULT_LOGIN)).isNull(); | assertThat(dbClient.userDao().selectByLogin(session, DEFAULT_LOGIN)).isNull(); | ||||
UserDto userReloaded = dbClient.userDao().selectByUuid(session, user.getUuid()); | UserDto userReloaded = dbClient.userDao().selectByUuid(session, user.getUuid()); | ||||
} | } | ||||
private GroupDto createDefaultGroup() { | private GroupDto createDefaultGroup() { | ||||
return db.users().insertDefaultGroup(db.getDefaultOrganization()); | |||||
return db.users().insertDefaultGroup(); | |||||
} | } | ||||
} | } |
import org.sonar.db.organization.OrganizationDto; | import org.sonar.db.organization.OrganizationDto; | ||||
import org.sonar.db.permission.template.PermissionTemplateDto; | import org.sonar.db.permission.template.PermissionTemplateDto; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
@Rule | @Rule | ||||
public DbTester db = DbTester.create(); | public DbTester db = DbTester.create(); | ||||
private DefaultGroupCreator underTest = new DefaultGroupCreatorImpl(db.getDbClient(), new SequenceUuidFactory()); | |||||
private DefaultGroupCreator underTest = new DefaultGroupCreatorImpl(db.getDbClient(), new SequenceUuidFactory(), TestDefaultOrganizationProvider.from(db)); | |||||
@Test | @Test | ||||
public void create_default_group() { | public void create_default_group() { | ||||
OrganizationDto organizationDto = db.organizations().insert(); | |||||
underTest.create(db.getSession(), organizationDto.getUuid()); | |||||
underTest.create(db.getSession()); | |||||
Optional<String> defaultGroupUuid = db.getDbClient().organizationDao().getDefaultGroupUuid(db.getSession(), organizationDto.getUuid()); | |||||
Optional<String> defaultGroupUuid = db.getDbClient().organizationDao().getDefaultGroupUuid(db.getSession(), db.getDefaultOrganization().getUuid()); | |||||
assertThat(defaultGroupUuid).isPresent(); | assertThat(defaultGroupUuid).isPresent(); | ||||
assertThat(db.getDbClient().groupDao().selectByUuid(db.getSession(), defaultGroupUuid.get())) | assertThat(db.getDbClient().groupDao().selectByUuid(db.getSession(), defaultGroupUuid.get())) | ||||
.extracting(GroupDto::getName, GroupDto::getDescription) | .extracting(GroupDto::getName, GroupDto::getDescription) | ||||
public void fail_with_IAE_when_default_group_already_exist() { | public void fail_with_IAE_when_default_group_already_exist() { | ||||
OrganizationDto organizationDto = db.organizations().insert(); | OrganizationDto organizationDto = db.organizations().insert(); | ||||
PermissionTemplateDto permissionTemplate = db.permissionTemplates().insertTemplate(); | PermissionTemplateDto permissionTemplate = db.permissionTemplates().insertTemplate(); | ||||
db.organizations().setDefaultTemplates(organizationDto, permissionTemplate.getUuid(), null, null); | |||||
db.users().insertGroup(organizationDto, "Members"); | |||||
db.organizations().setDefaultTemplates(permissionTemplate.getUuid(), null, null); | |||||
db.users().insertGroup("Members"); | |||||
expectedException.expect(IllegalArgumentException.class); | expectedException.expect(IllegalArgumentException.class); | ||||
expectedException.expectMessage(String.format("The group '%s' already exist on organization '%s'", "Members", organizationDto.getUuid())); | |||||
expectedException.expectMessage(String.format("The group '%s' already exists", "Members")); | |||||
underTest.create(db.getSession(), organizationDto.getUuid()); | |||||
underTest.create(db.getSession()); | |||||
} | } | ||||
} | } |
import org.junit.Test; | import org.junit.Test; | ||||
import org.junit.rules.ExpectedException; | import org.junit.rules.ExpectedException; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||||
import static java.lang.String.format; | import static java.lang.String.format; | ||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
@Rule | @Rule | ||||
public DbTester db = DbTester.create(); | public DbTester db = DbTester.create(); | ||||
private DefaultGroupFinder underTest = new DefaultGroupFinder(db.getDbClient()); | |||||
private DefaultGroupFinder underTest = new DefaultGroupFinder(db.getDbClient(), TestDefaultOrganizationProvider.from(db)); | |||||
@Test | @Test | ||||
public void find_default_group() { | public void find_default_group() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "default"); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup("default"); | |||||
GroupDto result = underTest.findDefaultGroup(db.getSession(), organization.getUuid()); | |||||
GroupDto result = underTest.findDefaultGroup(db.getSession()); | |||||
assertThat(result.getUuid()).isEqualTo(defaultGroup.getUuid()); | assertThat(result.getUuid()).isEqualTo(defaultGroup.getUuid()); | ||||
assertThat(result.getName()).isEqualTo("default"); | assertThat(result.getName()).isEqualTo("default"); | ||||
} | } | ||||
@Test | @Test | ||||
public void fail_with_ISE_when_no_default_group_on_org() { | |||||
OrganizationDto organization = db.organizations().insert(); | |||||
db.users().insertGroup(organization); | |||||
public void fail_with_ISE_when_no_default_group() { | |||||
db.users().insertGroup(); | |||||
expectedException.expect(IllegalStateException.class); | expectedException.expect(IllegalStateException.class); | ||||
expectedException.expectMessage(format("Default group cannot be found on organization '%s'", organization.getUuid())); | |||||
expectedException.expectMessage(format("Default group cannot be found")); | |||||
underTest.findDefaultGroup(db.getSession(), organization.getUuid()); | |||||
underTest.findDefaultGroup(db.getSession()); | |||||
} | } | ||||
@Test | @Test | ||||
public void fail_with_NPE_when_default_group_does_not_exist() { | public void fail_with_NPE_when_default_group_does_not_exist() { | ||||
OrganizationDto organization = db.organizations().insert(); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup(organization, "default"); | |||||
GroupDto defaultGroup = db.users().insertDefaultGroup("default"); | |||||
db.getDbClient().groupDao().deleteByUuid(db.getSession(), defaultGroup.getUuid()); | db.getDbClient().groupDao().deleteByUuid(db.getSession(), defaultGroup.getUuid()); | ||||
expectedException.expect(NullPointerException.class); | expectedException.expect(NullPointerException.class); | ||||
expectedException.expectMessage(format("Group '%s' cannot be found", defaultGroup.getUuid())); | expectedException.expectMessage(format("Group '%s' cannot be found", defaultGroup.getUuid())); | ||||
underTest.findDefaultGroup(db.getSession(), organization.getUuid()); | |||||
underTest.findDefaultGroup(db.getSession()); | |||||
} | } | ||||
} | } |
import java.util.Set; | import java.util.Set; | ||||
import org.sonar.api.web.UserRole; | import org.sonar.api.web.UserRole; | ||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.OrganizationPermission; | import org.sonar.db.permission.OrganizationPermission; | ||||
import org.sonar.db.project.ProjectDto; | import org.sonar.db.project.ProjectDto; | ||||
import org.sonar.server.user.AbstractUserSession; | import org.sonar.server.user.AbstractUserSession; | ||||
private final Class<T> clazz; | private final Class<T> clazz; | ||||
private HashMultimap<String, String> projectUuidByPermission = HashMultimap.create(); | private HashMultimap<String, String> projectUuidByPermission = HashMultimap.create(); | ||||
private final HashMultimap<String, OrganizationPermission> permissionsByOrganizationUuid = HashMultimap.create(); | |||||
private final Set<OrganizationPermission> permissions = new HashSet<>(); | |||||
private Map<String, String> projectUuidByComponentUuid = new HashMap<>(); | private Map<String, String> projectUuidByComponentUuid = new HashMap<>(); | ||||
private Set<String> projectPermissions = new HashSet<>(); | private Set<String> projectPermissions = new HashSet<>(); | ||||
private Set<String> organizationMembership = new HashSet<>(); | |||||
private boolean systemAdministrator = false; | private boolean systemAdministrator = false; | ||||
protected AbstractMockUserSession(Class<T> clazz) { | protected AbstractMockUserSession(Class<T> clazz) { | ||||
this.clazz = clazz; | this.clazz = clazz; | ||||
} | } | ||||
public T addPermission(OrganizationPermission permission, String organizationUuid) { | |||||
permissionsByOrganizationUuid.put(organizationUuid, permission); | |||||
public T addPermission(OrganizationPermission permission) { | |||||
permissions.add(permission); | |||||
return clazz.cast(this); | return clazz.cast(this); | ||||
} | } | ||||
@Override | @Override | ||||
protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { | |||||
return permissionsByOrganizationUuid.get(organizationUuid).contains(permission); | |||||
protected boolean hasPermissionImpl(OrganizationPermission permission) { | |||||
return permissions.contains(permission); | |||||
} | } | ||||
/** | /** | ||||
return isRoot() || systemAdministrator; | return isRoot() || systemAdministrator; | ||||
} | } | ||||
@Override | |||||
protected boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||||
return organizationMembership.contains(organizationDto.getUuid()); | |||||
} | |||||
public void addOrganizationMembership(OrganizationDto organization) { | |||||
this.organizationMembership.add(organization.getUuid()); | |||||
} | |||||
} | } |
import java.util.Collection; | import java.util.Collection; | ||||
import java.util.Collections; | import java.util.Collections; | ||||
import java.util.Optional; | import java.util.Optional; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
public class AnonymousMockUserSession extends AbstractMockUserSession<AnonymousMockUserSession> { | public class AnonymousMockUserSession extends AbstractMockUserSession<AnonymousMockUserSession> { | ||||
public Optional<ExternalIdentity> getExternalIdentity() { | public Optional<ExternalIdentity> getExternalIdentity() { | ||||
return Optional.empty(); | return Optional.empty(); | ||||
} | } | ||||
@Override | |||||
public boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||||
return false; | |||||
} | |||||
} | } |
import org.junit.runner.Description; | import org.junit.runner.Description; | ||||
import org.junit.runners.model.Statement; | import org.junit.runners.model.Statement; | ||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.OrganizationPermission; | import org.sonar.db.permission.OrganizationPermission; | ||||
import org.sonar.db.project.ProjectDto; | import org.sonar.db.project.ProjectDto; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
return this; | return this; | ||||
} | } | ||||
public UserSessionRule addPermission(OrganizationPermission permission, String organizationUuid) { | |||||
ensureAbstractMockUserSession().addPermission(permission, organizationUuid); | |||||
return this; | |||||
} | |||||
public UserSessionRule addPermission(OrganizationPermission permission, OrganizationDto organization) { | |||||
ensureAbstractMockUserSession().addPermission(permission, organization.getUuid()); | |||||
public UserSessionRule addPermission(OrganizationPermission permission) { | |||||
ensureAbstractMockUserSession().addPermission(permission); | |||||
return this; | return this; | ||||
} | } | ||||
} | } | ||||
@Override | @Override | ||||
public boolean hasPermission(OrganizationPermission permission, OrganizationDto organization) { | |||||
return currentUserSession.hasPermission(permission, organization); | |||||
} | |||||
@Override | |||||
public boolean hasPermission(OrganizationPermission permission, String organizationUuid) { | |||||
return currentUserSession.hasPermission(permission, organizationUuid); | |||||
} | |||||
@Override | |||||
public UserSession checkPermission(OrganizationPermission permission, OrganizationDto organization) { | |||||
currentUserSession.checkPermission(permission, organization); | |||||
return this; | |||||
public boolean hasPermission(OrganizationPermission permission) { | |||||
return currentUserSession.hasPermission(permission); | |||||
} | } | ||||
@Override | @Override | ||||
public UserSession checkPermission(OrganizationPermission permission, String organizationUuid) { | |||||
currentUserSession.checkPermission(permission, organizationUuid); | |||||
public UserSession checkPermission(OrganizationPermission permission) { | |||||
currentUserSession.checkPermission(permission); | |||||
return this; | return this; | ||||
} | } | ||||
currentUserSession.checkIsSystemAdministrator(); | currentUserSession.checkIsSystemAdministrator(); | ||||
return this; | return this; | ||||
} | } | ||||
@Override | |||||
public boolean hasMembership(OrganizationDto organization) { | |||||
return currentUserSession.hasMembership(organization); | |||||
} | |||||
@Override | |||||
public UserSession checkMembership(OrganizationDto organization) { | |||||
currentUserSession.checkMembership(organization); | |||||
return this; | |||||
} | |||||
public UserSessionRule addMembership(OrganizationDto organization) { | |||||
ensureAbstractMockUserSession().addOrganizationMembership(organization); | |||||
return this; | |||||
} | |||||
} | } |
import java.util.Collection; | import java.util.Collection; | ||||
import java.util.Optional; | import java.util.Optional; | ||||
import javax.annotation.Nullable; | import javax.annotation.Nullable; | ||||
import org.sonar.db.organization.OrganizationDto; | |||||
import org.sonar.db.permission.OrganizationPermission; | import org.sonar.db.permission.OrganizationPermission; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
} | } | ||||
@Override | @Override | ||||
protected boolean hasPermissionImpl(OrganizationPermission permission, String organizationUuid) { | |||||
protected boolean hasPermissionImpl(OrganizationPermission permission) { | |||||
throw notImplemented(); | throw notImplemented(); | ||||
} | } | ||||
throw notImplemented(); | throw notImplemented(); | ||||
} | } | ||||
@Override | |||||
public boolean hasMembershipImpl(OrganizationDto organizationDto) { | |||||
throw notImplemented(); | |||||
} | |||||
private static RuntimeException notImplemented() { | private static RuntimeException notImplemented() { | ||||
return new UnsupportedOperationException("not implemented"); | return new UnsupportedOperationException("not implemented"); | ||||
} | } |
String defaultOrganizationUuid = defaultOrganizationProvider.get().getUuid(); | String defaultOrganizationUuid = defaultOrganizationProvider.get().getUuid(); | ||||
Optional<DefaultTemplates> defaultTemplates = dbClient.organizationDao().getDefaultTemplates(dbSession, defaultOrganizationUuid); | Optional<DefaultTemplates> defaultTemplates = dbClient.organizationDao().getDefaultTemplates(dbSession, defaultOrganizationUuid); | ||||
if (!defaultTemplates.isPresent()) { | if (!defaultTemplates.isPresent()) { | ||||
PermissionTemplateDto defaultTemplate = getOrInsertDefaultTemplate(dbSession, defaultOrganizationUuid); | |||||
PermissionTemplateDto defaultTemplate = getOrInsertDefaultTemplate(dbSession); | |||||
dbClient.organizationDao().setDefaultTemplates(dbSession, defaultOrganizationUuid, new DefaultTemplates().setProjectUuid(defaultTemplate.getUuid())); | dbClient.organizationDao().setDefaultTemplates(dbSession, defaultOrganizationUuid, new DefaultTemplates().setProjectUuid(defaultTemplate.getUuid())); | ||||
dbSession.commit(); | dbSession.commit(); | ||||
} | } | ||||
// nothing to do | // nothing to do | ||||
} | } | ||||
private PermissionTemplateDto getOrInsertDefaultTemplate(DbSession dbSession, String defaultOrganizationUuid) { | |||||
private PermissionTemplateDto getOrInsertDefaultTemplate(DbSession dbSession) { | |||||
PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().selectByUuid(dbSession, DEFAULT_TEMPLATE_UUID); | PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().selectByUuid(dbSession, DEFAULT_TEMPLATE_UUID); | ||||
if (permissionTemplateDto != null) { | if (permissionTemplateDto != null) { | ||||
return permissionTemplateDto; | return permissionTemplateDto; | ||||
} | } | ||||
PermissionTemplateDto template = new PermissionTemplateDto() | PermissionTemplateDto template = new PermissionTemplateDto() | ||||
.setOrganizationUuid(defaultOrganizationUuid) | |||||
.setOrganizationUuid(defaultOrganizationProvider.get().getUuid()) | |||||
.setName("Default template") | .setName("Default template") | ||||
.setUuid(DEFAULT_TEMPLATE_UUID) | .setUuid(DEFAULT_TEMPLATE_UUID) | ||||
.setDescription("This permission template will be used as default when no other permission configuration is available") | .setDescription("This permission template will be used as default when no other permission configuration is available") | ||||
} | } | ||||
private void insertPermissionForAdministrators(DbSession dbSession, PermissionTemplateDto template) { | private void insertPermissionForAdministrators(DbSession dbSession, PermissionTemplateDto template) { | ||||
Optional<GroupDto> admins = dbClient.groupDao().selectByName(dbSession, template.getOrganizationUuid(), DefaultGroups.ADMINISTRATORS); | |||||
Optional<GroupDto> admins = dbClient.groupDao().selectByName(dbSession, DefaultGroups.ADMINISTRATORS); | |||||
if (admins.isPresent()) { | if (admins.isPresent()) { | ||||
insertGroupPermission(dbSession, template, UserRole.ADMIN, admins.get()); | insertGroupPermission(dbSession, template, UserRole.ADMIN, admins.get()); | ||||
insertGroupPermission(dbSession, template, OrganizationPermission.APPLICATION_CREATOR.getKey(), admins.get()); | insertGroupPermission(dbSession, template, OrganizationPermission.APPLICATION_CREATOR.getKey(), admins.get()); | ||||
} | } | ||||
private void insertPermissionsForDefaultGroup(DbSession dbSession, PermissionTemplateDto template) { | private void insertPermissionsForDefaultGroup(DbSession dbSession, PermissionTemplateDto template) { | ||||
String organizationUuid = template.getOrganizationUuid(); | |||||
String defaultGroupUuid = dbClient.organizationDao().getDefaultGroupUuid(dbSession, organizationUuid) | |||||
.orElseThrow(() -> new IllegalStateException(format("Default group for organization %s is not defined", organizationUuid))); | |||||
String defaultGroupUuid = dbClient.organizationDao().getDefaultGroupUuid(dbSession, defaultOrganizationProvider.get().getUuid()) | |||||
.orElseThrow(() -> new IllegalStateException("Default group is not defined")); | |||||
GroupDto defaultGroup = Optional.ofNullable(dbClient.groupDao().selectByUuid(dbSession, defaultGroupUuid)) | GroupDto defaultGroup = Optional.ofNullable(dbClient.groupDao().selectByUuid(dbSession, defaultGroupUuid)) | ||||
.orElseThrow(() -> new IllegalStateException(format("Default group with id %s for organization %s doesn't exist", defaultGroupUuid, organizationUuid))); | |||||
.orElseThrow(() -> new IllegalStateException(format("Default group with id %s doesn't exist", defaultGroupUuid))); | |||||
insertGroupPermission(dbSession, template, UserRole.USER, defaultGroup); | insertGroupPermission(dbSession, template, UserRole.USER, defaultGroup); | ||||
insertGroupPermission(dbSession, template, UserRole.CODEVIEWER, defaultGroup); | insertGroupPermission(dbSession, template, UserRole.CODEVIEWER, defaultGroup); | ||||
insertGroupPermission(dbSession, template, UserRole.ISSUE_ADMIN, defaultGroup); | insertGroupPermission(dbSession, template, UserRole.ISSUE_ADMIN, defaultGroup); |
@Test | @Test | ||||
public void fail_with_ISE_if_default_template_must_be_created_and_no_default_group_is_defined() { | public void fail_with_ISE_if_default_template_must_be_created_and_no_default_group_is_defined() { | ||||
expectedException.expect(IllegalStateException.class); | expectedException.expect(IllegalStateException.class); | ||||
expectedException.expectMessage("Default group for organization " + db.getDefaultOrganization().getUuid() + " is not defined"); | |||||
expectedException.expectMessage("Default group is not defined"); | |||||
underTest.start(); | underTest.start(); | ||||
} | } | ||||
setDefaultGroup(new GroupDto().setUuid("22")); | setDefaultGroup(new GroupDto().setUuid("22")); | ||||
expectedException.expect(IllegalStateException.class); | expectedException.expect(IllegalStateException.class); | ||||
expectedException.expectMessage("Default group with id 22 for organization " + db.getDefaultOrganization().getUuid() + " doesn't exist"); | |||||
expectedException.expectMessage("Default group with id 22 doesn't exist"); | |||||
underTest.start(); | underTest.start(); | ||||
} | } | ||||
@Test | @Test | ||||
public void insert_default_permission_template_if_fresh_install_without_governance() { | public void insert_default_permission_template_if_fresh_install_without_governance() { | ||||
GroupDto defaultGroup = createAndSetDefaultGroup(); | GroupDto defaultGroup = createAndSetDefaultGroup(); | ||||
db.users().insertGroup(db.getDefaultOrganization(), DefaultGroups.ADMINISTRATORS); | |||||
db.users().insertGroup(DefaultGroups.ADMINISTRATORS); | |||||
when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(false); | when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(false); | ||||
when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(false); | when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(false); | ||||
@Test | @Test | ||||
public void insert_default_permission_template_if_fresh_install_with_governance() { | public void insert_default_permission_template_if_fresh_install_with_governance() { | ||||
GroupDto defaultGroup = createAndSetDefaultGroup(); | GroupDto defaultGroup = createAndSetDefaultGroup(); | ||||
db.users().insertGroup(db.getDefaultOrganization(), DefaultGroups.ADMINISTRATORS); | |||||
db.users().insertGroup(DefaultGroups.ADMINISTRATORS); | |||||
when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(true); | when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(true); | ||||
when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(true); | when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(true); | ||||
@Test | @Test | ||||
public void do_not_fail_if_default_template_exists_and_is_registered() { | public void do_not_fail_if_default_template_exists_and_is_registered() { | ||||
PermissionTemplateDto projectTemplate = db.permissionTemplates().insertTemplate(newPermissionTemplateDto() | PermissionTemplateDto projectTemplate = db.permissionTemplates().insertTemplate(newPermissionTemplateDto() | ||||
.setOrganizationUuid(db.getDefaultOrganization().getUuid()) | |||||
.setUuid(DEFAULT_TEMPLATE_UUID)); | |||||
.setOrganizationUuid(db.getDefaultOrganization().getUuid()) | |||||
.setUuid(DEFAULT_TEMPLATE_UUID)); | |||||
db.organizations().setDefaultTemplates(projectTemplate, null, null); | db.organizations().setDefaultTemplates(projectTemplate, null, null); | ||||
underTest.start(); | underTest.start(); | ||||
String expectedGroupName) { | String expectedGroupName) { | ||||
assertThat( | assertThat( | ||||
groupPermissions.stream().anyMatch(gp -> gp.getPermission().equals(expectedPermission) && Objects.equals(gp.getGroupName(), expectedGroupName))) | groupPermissions.stream().anyMatch(gp -> gp.getPermission().equals(expectedPermission) && Objects.equals(gp.getGroupName(), expectedGroupName))) | ||||
.isTrue(); | |||||
.isTrue(); | |||||
} | } | ||||
private void verifyDefaultTemplates() { | private void verifyDefaultTemplates() { | ||||
} | } | ||||
private GroupDto createAndSetDefaultGroup() { | private GroupDto createAndSetDefaultGroup() { | ||||
GroupDto res = db.users().insertGroup(db.getDefaultOrganization()); | |||||
GroupDto res = db.users().insertGroup(); | |||||
setDefaultGroup(res); | setDefaultGroup(res); | ||||
return res; | return res; | ||||
} | } |
application = componentDbTester.insertPublicApplication(organization); | application = componentDbTester.insertPublicApplication(organization); | ||||
user1 = userDbTester.insertUser(); | user1 = userDbTester.insertUser(); | ||||
user2 = userDbTester.insertUser(); | user2 = userDbTester.insertUser(); | ||||
group = userDbTester.insertGroup(organization); | |||||
group = userDbTester.insertGroup(); | |||||
} | } | ||||
@Test | @Test | ||||
projectUuids.add(project.uuid()); | projectUuids.add(project.uuid()); | ||||
GroupPermissionDto dto = new GroupPermissionDto() | GroupPermissionDto dto = new GroupPermissionDto() | ||||
.setUuid(Uuids.createFast()) | .setUuid(Uuids.createFast()) | ||||
.setOrganizationUuid(group.getOrganizationUuid()) | |||||
.setGroupUuid(group.getUuid()) | .setGroupUuid(group.getUuid()) | ||||
.setRole(USER) | .setRole(USER) | ||||
.setComponentUuid(project.uuid()); | .setComponentUuid(project.uuid()); |
ComponentDto project = componentFinder.getByKey(session, projectKey); | ComponentDto project = componentFinder.getByKey(session, projectKey); | ||||
checkRequest(project.isRootProject(), "Key '%s' belongs to a component which is not a Project", projectKey); | checkRequest(project.isRootProject(), "Key '%s' belongs to a component which is not a Project", projectKey); | ||||
boolean hasScanPerm = userSession.hasComponentPermission(UserRole.SCAN, project) || | boolean hasScanPerm = userSession.hasComponentPermission(UserRole.SCAN, project) || | ||||
userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid()); | |||||
userSession.hasPermission(OrganizationPermission.SCAN); | |||||
checkPermission(hasScanPerm); | checkPermission(hasScanPerm); | ||||
ComponentDto branchOrMainModule = (branch == null && pullRequest == null) ? project | ComponentDto branchOrMainModule = (branch == null && pullRequest == null) ? project | ||||
: componentFinder.getByKeyAndOptionalBranchOrPullRequest(session, projectKey, branch, pullRequest); | : componentFinder.getByKeyAndOptionalBranchOrPullRequest(session, projectKey, branch, pullRequest); |
private void checkPermission(ProjectDto project) { | private void checkPermission(ProjectDto project) { | ||||
if (userSession.hasProjectPermission(USER, project) || | if (userSession.hasProjectPermission(USER, project) || | ||||
userSession.hasProjectPermission(UserRole.SCAN, project) || | userSession.hasProjectPermission(UserRole.SCAN, project) || | ||||
userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid())) { | |||||
userSession.hasPermission(OrganizationPermission.SCAN)) { | |||||
return; | return; | ||||
} | } | ||||
throw insufficientPrivilegesException(); | throw insufficientPrivilegesException(); |
private void checkPermission(ProjectDto project) { | private void checkPermission(ProjectDto project) { | ||||
if (!userSession.hasProjectPermission(USER, project) && | if (!userSession.hasProjectPermission(USER, project) && | ||||
!userSession.hasProjectPermission(UserRole.SCAN, project) && | !userSession.hasProjectPermission(UserRole.SCAN, project) && | ||||
!userSession.hasPermission(SCAN, project.getOrganizationUuid())) { | |||||
!userSession.hasPermission(SCAN)) { | |||||
throw insufficientPrivilegesException(); | throw insufficientPrivilegesException(); | ||||
} | } | ||||
} | } |
// they don't have the direct permission on the project. | // they don't have the direct permission on the project. | ||||
// That means that dropping the permission on the project does not have any effects | // That means that dropping the permission on the project does not have any effects | ||||
// if user has still the permission on the organization | // if user has still the permission on the organization | ||||
if (!userSession.hasComponentPermission(UserRole.SCAN, project) && !userSession.hasPermission(OrganizationPermission.SCAN, project.getOrganizationUuid())) { | |||||
if (!userSession.hasComponentPermission(UserRole.SCAN, project) && !userSession.hasPermission(OrganizationPermission.SCAN)) { | |||||
throw insufficientPrivilegesException(); | throw insufficientPrivilegesException(); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
private ComponentDto createProject(DbSession dbSession, OrganizationDto organization, BranchSupport.ComponentKey componentKey, @Nullable String projectName) { | private ComponentDto createProject(DbSession dbSession, OrganizationDto organization, BranchSupport.ComponentKey componentKey, @Nullable String projectName) { | ||||
userSession.checkPermission(OrganizationPermission.PROVISION_PROJECTS, organization); | |||||
userSession.checkPermission(OrganizationPermission.PROVISION_PROJECTS); | |||||
String userUuid = userSession.getUuid(); | String userUuid = userSession.getUuid(); | ||||
boolean wouldCurrentUserHaveScanPermission = permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate( | boolean wouldCurrentUserHaveScanPermission = permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate( | ||||
dbSession, organization.getUuid(), userUuid, componentKey.getDbKey()); | |||||
dbSession, userUuid, componentKey.getDbKey()); | |||||
if (!wouldCurrentUserHaveScanPermission) { | if (!wouldCurrentUserHaveScanPermission) { | ||||
throw insufficientPrivilegesException(); | throw insufficientPrivilegesException(); | ||||
} | } |