*/ | */ | ||||
package org.sonar.server.permission.ws.template; | package org.sonar.server.permission.ws.template; | ||||
import com.google.common.base.Predicate; | |||||
import java.util.List; | import java.util.List; | ||||
import org.sonar.api.server.ws.Request; | import org.sonar.api.server.ws.Request; | ||||
import org.sonar.api.server.ws.Response; | import org.sonar.api.server.ws.Response; | ||||
import org.sonar.api.server.ws.WebService; | import org.sonar.api.server.ws.WebService; | ||||
import org.sonar.db.DbClient; | import org.sonar.db.DbClient; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.permission.OldPermissionQuery; | |||||
import org.sonar.db.permission.PermissionQuery; | |||||
import org.sonar.db.permission.template.PermissionTemplateDto; | import org.sonar.db.permission.template.PermissionTemplateDto; | ||||
import org.sonar.db.permission.UserWithPermissionDto; | |||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.server.permission.ws.PermissionDependenciesFinder; | import org.sonar.server.permission.ws.PermissionDependenciesFinder; | ||||
import org.sonar.server.permission.ws.PermissionsWsAction; | import org.sonar.server.permission.ws.PermissionsWsAction; | ||||
import org.sonar.server.user.UserSession; | import org.sonar.server.user.UserSession; | ||||
import org.sonarqube.ws.client.permission.AddUserToTemplateWsRequest; | import org.sonarqube.ws.client.permission.AddUserToTemplateWsRequest; | ||||
import static com.google.common.collect.FluentIterable.from; | |||||
import static org.sonar.db.user.GroupMembershipQuery.IN; | |||||
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser; | import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser; | ||||
import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; | import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission; | ||||
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; | import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; | ||||
} | } | ||||
private boolean isUserAlreadyAdded(DbSession dbSession, long templateId, String userLogin, String permission) { | private boolean isUserAlreadyAdded(DbSession dbSession, long templateId, String userLogin, String permission) { | ||||
OldPermissionQuery permissionQuery = OldPermissionQuery.builder().permission(permission).membership(IN).build(); | |||||
List<UserWithPermissionDto> usersWithPermission = dbClient.permissionTemplateDao().selectUsers(dbSession, permissionQuery, templateId, 0, Integer.MAX_VALUE); | |||||
return from(usersWithPermission).anyMatch(new HasUserPredicate(userLogin)); | |||||
} | |||||
private static class HasUserPredicate implements Predicate<UserWithPermissionDto> { | |||||
private final String userLogin; | |||||
public HasUserPredicate(String userLogin) { | |||||
this.userLogin = userLogin; | |||||
} | |||||
@Override | |||||
public boolean apply(UserWithPermissionDto userWithPermission) { | |||||
return userLogin.equals(userWithPermission.getLogin()); | |||||
} | |||||
PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build(); | |||||
List<String> usersWithPermission = dbClient.permissionTemplateDao().selectUserLoginsByQueryAndTemplate(dbSession, permissionQuery, templateId); | |||||
return usersWithPermission.stream().anyMatch(s -> s.equals(userLogin)); | |||||
} | } | ||||
} | } |
private void insertDefaultTemplate() { | private void insertDefaultTemplate() { | ||||
DbSession dbSession = dbClient.openSession(false); | DbSession dbSession = dbClient.openSession(false); | ||||
try { | try { | ||||
PermissionTemplateDto defaultPermissionTemplate = | |||||
dbClient.permissionTemplateDao().insert(dbSession, DefaultPermissionTemplates.DEFAULT_TEMPLATE); | |||||
PermissionTemplateDto defaultPermissionTemplate = dbClient.permissionTemplateDao().insert(dbSession, DefaultPermissionTemplates.DEFAULT_TEMPLATE); | |||||
addGroupPermission(defaultPermissionTemplate, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS); | addGroupPermission(defaultPermissionTemplate, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS); | ||||
addGroupPermission(defaultPermissionTemplate, UserRole.ISSUE_ADMIN, DefaultGroups.ADMINISTRATORS); | addGroupPermission(defaultPermissionTemplate, UserRole.ISSUE_ADMIN, DefaultGroups.ADMINISTRATORS); | ||||
addGroupPermission(defaultPermissionTemplate, UserRole.USER, DefaultGroups.ANYONE); | addGroupPermission(defaultPermissionTemplate, UserRole.USER, DefaultGroups.ANYONE); | ||||
} | } | ||||
private void addGroupPermission(PermissionTemplateDto template, String permission, String groupName) { | private void addGroupPermission(PermissionTemplateDto template, String permission, String groupName) { | ||||
Long groupId = null; | |||||
if (DefaultGroups.isAnyone(groupName)) { | |||||
groupId = null; | |||||
} else { | |||||
DbSession dbSession = dbClient.openSession(false); | |||||
try { | |||||
DbSession dbSession = dbClient.openSession(false); | |||||
try { | |||||
Long groupId = null; | |||||
if (DefaultGroups.isAnyone(groupName)) { | |||||
groupId = null; | |||||
} else { | |||||
GroupDto groupDto = dbClient.groupDao().selectByName(dbSession, groupName); | GroupDto groupDto = dbClient.groupDao().selectByName(dbSession, groupName); | ||||
if (groupDto != null) { | if (groupDto != null) { | ||||
groupId = groupDto.getId(); | groupId = groupDto.getId(); | ||||
} else { | } else { | ||||
LOG.error("Cannot setup default permission for group: " + groupName); | LOG.error("Cannot setup default permission for group: " + groupName); | ||||
} | } | ||||
} finally { | |||||
dbClient.closeSession(dbSession); | |||||
} | } | ||||
dbClient.permissionTemplateDao().insertGroupPermission(dbSession, template.getId(), groupId, permission); | |||||
} finally { | |||||
dbClient.closeSession(dbSession); | |||||
} | } | ||||
dbClient.permissionTemplateDao().insertGroupPermission(template.getId(), groupId, permission); | |||||
} | } | ||||
private void registerInitialization() { | private void registerInitialization() { |
private void createDefaultPermissionTemplate(String permission) { | private void createDefaultPermissionTemplate(String permission) { | ||||
PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().insert(dbSession, newPermissionTemplateDto().setName("Default")); | PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().insert(dbSession, newPermissionTemplateDto().setName("Default")); | ||||
settings.setProperty("sonar.permission.template.default", permissionTemplateDto.getKee()); | settings.setProperty("sonar.permission.template.default", permissionTemplateDto.getKee()); | ||||
dbClient.permissionTemplateDao().insertGroupPermission(permissionTemplateDto.getId(), null, permission); | |||||
dbClient.permissionTemplateDao().insertGroupPermission(dbSession, permissionTemplateDto.getId(), null, permission); | |||||
dbSession.commit(); | dbSession.commit(); | ||||
} | } | ||||
return dbClient.userDao().insert(dbSession, userDto.setActive(true)); | return dbClient.userDao().insert(dbSession, userDto.setActive(true)); | ||||
} | } | ||||
private void addUserToTemplate(PermissionTemplateUserDto userRoleDto) { | |||||
dbClient.permissionTemplateDao().insertUserPermission(dbSession, userRoleDto); | |||||
private void addUserToTemplate(PermissionTemplateUserDto dto) { | |||||
dbClient.permissionTemplateDao().insertUserPermission(dbSession, dto.getTemplateId(), dto.getUserId(), dto.getPermission()); | |||||
} | } | ||||
private void commit() { | private void commit() { |
*/ | */ | ||||
package org.sonar.server.permission.ws.template; | package org.sonar.server.permission.ws.template; | ||||
import com.google.common.base.Function; | |||||
import java.util.List; | import java.util.List; | ||||
import javax.annotation.Nonnull; | |||||
import javax.annotation.Nullable; | import javax.annotation.Nullable; | ||||
import org.junit.Before; | import org.junit.Before; | ||||
import org.junit.Rule; | import org.junit.Rule; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.component.ResourceTypesRule; | import org.sonar.db.component.ResourceTypesRule; | ||||
import org.sonar.db.permission.GroupWithPermissionDto; | |||||
import org.sonar.db.permission.OldPermissionQuery; | |||||
import org.sonar.db.permission.PermissionQuery; | |||||
import org.sonar.db.permission.template.PermissionTemplateDto; | import org.sonar.db.permission.template.PermissionTemplateDto; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.server.component.ComponentFinder; | import org.sonar.server.component.ComponentFinder; | ||||
import org.sonar.server.ws.TestRequest; | import org.sonar.server.ws.TestRequest; | ||||
import org.sonar.server.ws.WsActionTester; | import org.sonar.server.ws.WsActionTester; | ||||
import static com.google.common.collect.FluentIterable.from; | |||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
import static org.sonar.api.security.DefaultGroups.ANYONE; | import static org.sonar.api.security.DefaultGroups.ANYONE; | ||||
import static org.sonar.api.web.UserRole.ADMIN; | import static org.sonar.api.web.UserRole.ADMIN; | ||||
import static org.sonar.api.web.UserRole.CODEVIEWER; | import static org.sonar.api.web.UserRole.CODEVIEWER; | ||||
import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | ||||
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; | import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; | ||||
import static org.sonar.db.user.GroupMembershipQuery.IN; | |||||
import static org.sonar.db.user.GroupTesting.newGroupDto; | import static org.sonar.db.user.GroupTesting.newGroupDto; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; | ||||
public class AddGroupToTemplateActionTest { | public class AddGroupToTemplateActionTest { | ||||
private static final String GROUP_NAME = "group-name"; | private static final String GROUP_NAME = "group-name"; | ||||
} | } | ||||
private List<String> getGroupNamesInTemplateAndPermission(long templateId, String permission) { | private List<String> getGroupNamesInTemplateAndPermission(long templateId, String permission) { | ||||
OldPermissionQuery permissionQuery = OldPermissionQuery.builder().permission(permission).membership(IN).build(); | |||||
return from(dbClient.permissionTemplateDao() | |||||
.selectGroups(dbSession, permissionQuery, templateId)) | |||||
.transform(GroupWithPermissionToGroupName.INSTANCE) | |||||
.toList(); | |||||
} | |||||
private enum GroupWithPermissionToGroupName implements Function<GroupWithPermissionDto, String> { | |||||
INSTANCE; | |||||
@Override | |||||
public String apply(@Nonnull GroupWithPermissionDto groupWithPermission) { | |||||
return groupWithPermission.getName(); | |||||
} | |||||
PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build(); | |||||
return dbClient.permissionTemplateDao() | |||||
.selectGroupNamesByQueryAndTemplate(dbSession, permissionQuery, templateId); | |||||
} | } | ||||
} | } |
*/ | */ | ||||
package org.sonar.server.permission.ws.template; | package org.sonar.server.permission.ws.template; | ||||
import com.google.common.base.Function; | |||||
import java.util.List; | import java.util.List; | ||||
import javax.annotation.Nonnull; | |||||
import javax.annotation.Nullable; | import javax.annotation.Nullable; | ||||
import org.junit.Before; | import org.junit.Before; | ||||
import org.junit.Rule; | import org.junit.Rule; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.component.ResourceTypesRule; | import org.sonar.db.component.ResourceTypesRule; | ||||
import org.sonar.db.permission.OldPermissionQuery; | |||||
import org.sonar.db.permission.PermissionQuery; | |||||
import org.sonar.db.permission.template.PermissionTemplateDto; | import org.sonar.db.permission.template.PermissionTemplateDto; | ||||
import org.sonar.db.permission.UserWithPermissionDto; | |||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.server.component.ComponentFinder; | import org.sonar.server.component.ComponentFinder; | ||||
import org.sonar.server.exceptions.BadRequestException; | import org.sonar.server.exceptions.BadRequestException; | ||||
import org.sonar.server.ws.TestRequest; | import org.sonar.server.ws.TestRequest; | ||||
import org.sonar.server.ws.WsActionTester; | import org.sonar.server.ws.WsActionTester; | ||||
import static com.google.common.collect.FluentIterable.from; | |||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
import static org.sonar.api.web.UserRole.CODEVIEWER; | import static org.sonar.api.web.UserRole.CODEVIEWER; | ||||
import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | ||||
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; | import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; | ||||
import static org.sonar.db.user.GroupMembershipQuery.IN; | |||||
import static org.sonar.db.user.UserTesting.newUserDto; | import static org.sonar.db.user.UserTesting.newUserDto; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; | ||||
} | } | ||||
private List<String> getLoginsInTemplateAndPermission(long templateId, String permission) { | private List<String> getLoginsInTemplateAndPermission(long templateId, String permission) { | ||||
OldPermissionQuery permissionQuery = OldPermissionQuery.builder().permission(permission).membership(IN).build(); | |||||
return from(dbClient.permissionTemplateDao() | |||||
.selectUsers(dbSession, permissionQuery, templateId, 0, Integer.MAX_VALUE)) | |||||
.transform(UserWithPermissionToUserLogin.INSTANCE) | |||||
.toList(); | |||||
} | |||||
private enum UserWithPermissionToUserLogin implements Function<UserWithPermissionDto, String> { | |||||
INSTANCE; | |||||
@Override | |||||
public String apply(@Nonnull UserWithPermissionDto userWithPermission) { | |||||
return userWithPermission.getLogin(); | |||||
} | |||||
PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build(); | |||||
return dbClient.permissionTemplateDao() | |||||
.selectUserLoginsByQueryAndTemplate(dbSession, permissionQuery, templateId); | |||||
} | } | ||||
} | } |
*/ | */ | ||||
package org.sonar.server.permission.ws.template; | package org.sonar.server.permission.ws.template; | ||||
import com.google.common.base.Predicate; | |||||
import com.google.common.collect.FluentIterable; | |||||
import java.util.List; | import java.util.List; | ||||
import javax.annotation.Nullable; | import javax.annotation.Nullable; | ||||
import org.junit.Before; | import org.junit.Before; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.component.ResourceTypesRule; | import org.sonar.db.component.ResourceTypesRule; | ||||
import org.sonar.db.permission.GroupWithPermissionDto; | |||||
import org.sonar.db.permission.OldPermissionQuery; | |||||
import org.sonar.db.permission.PermissionQuery; | |||||
import org.sonar.db.permission.PermissionRepository; | import org.sonar.db.permission.PermissionRepository; | ||||
import org.sonar.db.permission.UserWithPermissionDto; | |||||
import org.sonar.db.permission.template.PermissionTemplateDto; | import org.sonar.db.permission.template.PermissionTemplateDto; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.GroupRoleDto; | import org.sonar.db.user.GroupRoleDto; | ||||
import static org.mockito.Mockito.verify; | import static org.mockito.Mockito.verify; | ||||
import static org.sonar.db.component.ComponentTesting.newProjectDto; | import static org.sonar.db.component.ComponentTesting.newProjectDto; | ||||
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; | import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; | ||||
import static org.sonar.db.user.GroupMembershipQuery.IN; | |||||
import static org.sonar.db.user.GroupTesting.newGroupDto; | import static org.sonar.db.user.GroupTesting.newGroupDto; | ||||
import static org.sonar.db.user.UserTesting.newUserDto; | import static org.sonar.db.user.UserTesting.newUserDto; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; | ||||
public class ApplyTemplateActionTest { | public class ApplyTemplateActionTest { | ||||
@Rule | @Rule | ||||
} | } | ||||
private void assertTemplate1AppliedToProject() { | private void assertTemplate1AppliedToProject() { | ||||
assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).extracting("name").containsExactly(group1.getName()); | |||||
assertThat(selectProjectPermissionGroups(project, UserRole.USER)).extracting("name").containsExactly(group2.getName()); | |||||
assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).containsExactly(group1.getName()); | |||||
assertThat(selectProjectPermissionGroups(project, UserRole.USER)).containsExactly(group2.getName()); | |||||
assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty(); | assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty(); | ||||
assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).extracting("login").containsExactly(user1.getLogin()); | |||||
assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).extracting("login").containsExactly(user2.getLogin()); | |||||
assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).containsExactly(user1.getLogin()); | |||||
assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).containsExactly(user2.getLogin()); | |||||
} | } | ||||
private TestResponse newRequest(@Nullable String templateUuid, @Nullable String projectUuid, @Nullable String projectKey) { | private TestResponse newRequest(@Nullable String templateUuid, @Nullable String projectUuid, @Nullable String projectKey) { | ||||
.setGroupId(group.getId())); | .setGroupId(group.getId())); | ||||
} | } | ||||
private List<GroupWithPermissionDto> selectProjectPermissionGroups(ComponentDto project, String permission) { | |||||
return FluentIterable.from(dbClient.permissionDao().selectGroups(dbSession, query(permission), project.getId())) | |||||
.filter(new PermissionNotNull()) | |||||
.toList(); | |||||
private List<String> selectProjectPermissionGroups(ComponentDto project, String permission) { | |||||
PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build(); | |||||
return dbClient.permissionDao().selectGroupNamesByPermissionQuery(dbSession, query); | |||||
} | } | ||||
private List<UserWithPermissionDto> selectProjectPermissionUsers(ComponentDto project, String permission) { | |||||
return dbClient.permissionDao().selectUsers(dbSession, query(permission), project.getId(), 0, Integer.MAX_VALUE); | |||||
private List<String> selectProjectPermissionUsers(ComponentDto project, String permission) { | |||||
PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build(); | |||||
return dbClient.permissionDao().selectLoginsByPermissionQuery(dbSession, query); | |||||
} | } | ||||
private void commit() { | private void commit() { | ||||
dbSession.commit(); | dbSession.commit(); | ||||
} | } | ||||
private static OldPermissionQuery query(String permission) { | |||||
return OldPermissionQuery.builder().membership(IN).permission(permission).build(); | |||||
} | |||||
private static class PermissionNotNull implements Predicate<GroupWithPermissionDto> { | |||||
@Override | |||||
public boolean apply(@Nullable GroupWithPermissionDto input) { | |||||
return input.getPermission() != null; | |||||
} | |||||
} | |||||
} | } |
package org.sonar.server.permission.ws.template; | package org.sonar.server.permission.ws.template; | ||||
import com.google.common.base.Predicate; | import com.google.common.base.Predicate; | ||||
import com.google.common.collect.FluentIterable; | |||||
import java.util.List; | import java.util.List; | ||||
import javax.annotation.Nullable; | import javax.annotation.Nullable; | ||||
import org.junit.Before; | import org.junit.Before; | ||||
import org.sonar.db.component.ResourceTypesRule; | import org.sonar.db.component.ResourceTypesRule; | ||||
import org.sonar.db.permission.GroupWithPermissionDto; | import org.sonar.db.permission.GroupWithPermissionDto; | ||||
import org.sonar.db.permission.OldPermissionQuery; | import org.sonar.db.permission.OldPermissionQuery; | ||||
import org.sonar.db.permission.PermissionQuery; | |||||
import org.sonar.db.permission.PermissionRepository; | import org.sonar.db.permission.PermissionRepository; | ||||
import org.sonar.db.permission.UserWithPermissionDto; | |||||
import org.sonar.db.permission.template.PermissionTemplateDto; | import org.sonar.db.permission.template.PermissionTemplateDto; | ||||
import org.sonar.db.user.GroupDbTester; | import org.sonar.db.user.GroupDbTester; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
} | } | ||||
private void assertTemplate1AppliedToProject(ComponentDto project) { | private void assertTemplate1AppliedToProject(ComponentDto project) { | ||||
assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).extracting("name").containsExactly(group1.getName()); | |||||
assertThat(selectProjectPermissionGroups(project, UserRole.USER)).extracting("name").containsExactly(group2.getName()); | |||||
assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).containsExactly(group1.getName()); | |||||
assertThat(selectProjectPermissionGroups(project, UserRole.USER)).containsExactly(group2.getName()); | |||||
assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty(); | assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty(); | ||||
assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).extracting("login").containsExactly(user1.getLogin()); | |||||
assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).extracting("login").containsExactly(user2.getLogin()); | |||||
assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).containsExactly(user1.getLogin()); | |||||
assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).containsExactly(user2.getLogin()); | |||||
} | } | ||||
private void assertNoPermissionOnProject(ComponentDto project) { | private void assertNoPermissionOnProject(ComponentDto project) { | ||||
.setGroupId(group.getId())); | .setGroupId(group.getId())); | ||||
} | } | ||||
private List<GroupWithPermissionDto> selectProjectPermissionGroups(ComponentDto project, String permission) { | |||||
return FluentIterable.from(dbClient.permissionDao().selectGroups(dbSession, query(permission), project.getId())) | |||||
.filter(new PermissionNotNull()) | |||||
.toList(); | |||||
private List<String> selectProjectPermissionGroups(ComponentDto project, String permission) { | |||||
PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build(); | |||||
return dbClient.permissionDao().selectGroupNamesByPermissionQuery(dbSession, query); | |||||
} | } | ||||
private List<UserWithPermissionDto> selectProjectPermissionUsers(ComponentDto project, String permission) { | |||||
return dbClient.permissionDao().selectUsers(dbSession, query(permission), project.getId(), 0, Integer.MAX_VALUE); | |||||
private List<String> selectProjectPermissionUsers(ComponentDto project, String permission) { | |||||
PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build(); | |||||
return dbClient.permissionDao().selectLoginsByPermissionQuery(dbSession, query); | |||||
} | } | ||||
private void commit() { | private void commit() { |
*/ | */ | ||||
package org.sonar.server.permission.ws.template; | package org.sonar.server.permission.ws.template; | ||||
import com.google.common.base.Function; | |||||
import java.util.List; | import java.util.List; | ||||
import javax.annotation.Nonnull; | |||||
import javax.annotation.Nullable; | import javax.annotation.Nullable; | ||||
import org.junit.Before; | import org.junit.Before; | ||||
import org.junit.Rule; | import org.junit.Rule; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.component.ResourceTypesRule; | import org.sonar.db.component.ResourceTypesRule; | ||||
import org.sonar.db.permission.GroupWithPermissionDto; | |||||
import org.sonar.db.permission.OldPermissionQuery; | |||||
import org.sonar.db.permission.PermissionQuery; | |||||
import org.sonar.db.permission.template.PermissionTemplateDto; | import org.sonar.db.permission.template.PermissionTemplateDto; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.server.component.ComponentFinder; | import org.sonar.server.component.ComponentFinder; | ||||
import org.sonar.server.ws.TestRequest; | import org.sonar.server.ws.TestRequest; | ||||
import org.sonar.server.ws.WsActionTester; | import org.sonar.server.ws.WsActionTester; | ||||
import static com.google.common.collect.FluentIterable.from; | |||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
import static org.sonar.api.security.DefaultGroups.ANYONE; | import static org.sonar.api.security.DefaultGroups.ANYONE; | ||||
import static org.sonar.api.web.UserRole.CODEVIEWER; | import static org.sonar.api.web.UserRole.CODEVIEWER; | ||||
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; | import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; | ||||
import static org.sonar.db.user.GroupMembershipQuery.IN; | |||||
import static org.sonar.db.user.GroupTesting.newGroupDto; | import static org.sonar.db.user.GroupTesting.newGroupDto; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; | ||||
public class RemoveGroupFromTemplateActionTest { | public class RemoveGroupFromTemplateActionTest { | ||||
private static final String GROUP_NAME = "group-name"; | private static final String GROUP_NAME = "group-name"; | ||||
} | } | ||||
private List<String> getGroupNamesInTemplateAndPermission(long templateId, String permission) { | private List<String> getGroupNamesInTemplateAndPermission(long templateId, String permission) { | ||||
OldPermissionQuery permissionQuery = OldPermissionQuery.builder().permission(permission).membership(IN).build(); | |||||
return from(dbClient.permissionTemplateDao() | |||||
.selectGroups(dbSession, permissionQuery, templateId)) | |||||
.transform(GroupWithPermissionToGroupName.INSTANCE) | |||||
.toList(); | |||||
} | |||||
private enum GroupWithPermissionToGroupName implements Function<GroupWithPermissionDto, String> { | |||||
INSTANCE; | |||||
@Override | |||||
public String apply(@Nonnull GroupWithPermissionDto groupWithPermission) { | |||||
return groupWithPermission.getName(); | |||||
} | |||||
PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build(); | |||||
return dbClient.permissionTemplateDao() | |||||
.selectGroupNamesByQueryAndTemplate(dbSession, permissionQuery, templateId); | |||||
} | } | ||||
} | } |
*/ | */ | ||||
package org.sonar.server.permission.ws.template; | package org.sonar.server.permission.ws.template; | ||||
import com.google.common.base.Function; | |||||
import java.util.List; | import java.util.List; | ||||
import javax.annotation.Nonnull; | |||||
import javax.annotation.Nullable; | import javax.annotation.Nullable; | ||||
import org.junit.Before; | import org.junit.Before; | ||||
import org.junit.Rule; | import org.junit.Rule; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.component.ResourceTypesRule; | import org.sonar.db.component.ResourceTypesRule; | ||||
import org.sonar.db.permission.OldPermissionQuery; | |||||
import org.sonar.db.permission.PermissionQuery; | |||||
import org.sonar.db.permission.template.PermissionTemplateDto; | import org.sonar.db.permission.template.PermissionTemplateDto; | ||||
import org.sonar.db.permission.UserWithPermissionDto; | |||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
import org.sonar.server.component.ComponentFinder; | import org.sonar.server.component.ComponentFinder; | ||||
import org.sonar.server.exceptions.BadRequestException; | import org.sonar.server.exceptions.BadRequestException; | ||||
import org.sonar.server.ws.TestRequest; | import org.sonar.server.ws.TestRequest; | ||||
import org.sonar.server.ws.WsActionTester; | import org.sonar.server.ws.WsActionTester; | ||||
import static com.google.common.collect.FluentIterable.from; | |||||
import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||
import static org.sonar.api.web.UserRole.CODEVIEWER; | import static org.sonar.api.web.UserRole.CODEVIEWER; | ||||
import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | ||||
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; | import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto; | ||||
import static org.sonar.db.user.GroupMembershipQuery.IN; | |||||
import static org.sonar.db.user.UserTesting.newUserDto; | import static org.sonar.db.user.UserTesting.newUserDto; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; | ||||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; | import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; | ||||
} | } | ||||
private List<String> getLoginsInTemplateAndPermission(long templateId, String permission) { | private List<String> getLoginsInTemplateAndPermission(long templateId, String permission) { | ||||
OldPermissionQuery permissionQuery = OldPermissionQuery.builder().permission(permission).membership(IN).build(); | |||||
return from(dbClient.permissionTemplateDao() | |||||
.selectUsers(dbSession, permissionQuery, templateId, 0, Integer.MAX_VALUE)) | |||||
.transform(UserWithPermissionToUserLogin.INSTANCE) | |||||
.toList(); | |||||
} | |||||
private enum UserWithPermissionToUserLogin implements Function<UserWithPermissionDto, String> { | |||||
INSTANCE; | |||||
@Override | |||||
public String apply(@Nonnull UserWithPermissionDto userWithPermission) { | |||||
return userWithPermission.getLogin(); | |||||
} | |||||
PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build(); | |||||
return dbClient.permissionTemplateDao() | |||||
.selectUserLoginsByQueryAndTemplate(dbSession, permissionQuery, templateId); | |||||
} | } | ||||
private void addUserToTemplate(UserDto user, PermissionTemplateDto permissionTemplate, String permission) { | private void addUserToTemplate(UserDto user, PermissionTemplateDto permissionTemplate, String permission) { |
verify(loadedTemplateDao).insert(argThat(Matches.template(expectedTemplate))); | verify(loadedTemplateDao).insert(argThat(Matches.template(expectedTemplate))); | ||||
verify(permissionTemplateDao).insert(any(DbSession.class), eq(DefaultPermissionTemplates.DEFAULT_TEMPLATE)); | verify(permissionTemplateDao).insert(any(DbSession.class), eq(DefaultPermissionTemplates.DEFAULT_TEMPLATE)); | ||||
verify(permissionTemplateDao).insertGroupPermission(1L, 1L, UserRole.ADMIN); | |||||
verify(permissionTemplateDao).insertGroupPermission(1L, 1L, UserRole.ISSUE_ADMIN); | |||||
verify(permissionTemplateDao).insertGroupPermission(1L, null, UserRole.USER); | |||||
verify(permissionTemplateDao).insertGroupPermission(1L, null, UserRole.CODEVIEWER); | |||||
verify(permissionTemplateDao).insertGroupPermission(any(DbSession.class),eq(1L), eq(1L), eq(UserRole.ADMIN)); | |||||
verify(permissionTemplateDao).insertGroupPermission(any(DbSession.class), eq(1L), eq(1L), eq(UserRole.ISSUE_ADMIN)); | |||||
verify(permissionTemplateDao).insertGroupPermission(any(DbSession.class), eq(1L), eq(null), eq(UserRole.USER)); | |||||
verify(permissionTemplateDao).insertGroupPermission(any(DbSession.class), eq(1L), eq(null), eq(UserRole.CODEVIEWER)); | |||||
verifyNoMoreInteractions(permissionTemplateDao); | verifyNoMoreInteractions(permissionTemplateDao); | ||||
verify(settings).saveProperty(DEFAULT_TEMPLATE_PROPERTY, DefaultPermissionTemplates.DEFAULT_TEMPLATE.getUuid()); | verify(settings).saveProperty(DEFAULT_TEMPLATE_PROPERTY, DefaultPermissionTemplates.DEFAULT_TEMPLATE.getUuid()); | ||||
} | } |
@Test | @Test | ||||
public void delete_with_permission_templates() throws Exception { | public void delete_with_permission_templates() throws Exception { | ||||
GroupDto group = groupDao.insert(dbSession, new GroupDto().setName("to-delete")); | GroupDto group = groupDao.insert(dbSession, new GroupDto().setName("to-delete")); | ||||
permissionTemplateDao.insertGroupPermission(42L, group.getId(), UserRole.ADMIN); | |||||
permissionTemplateDao.insertGroupPermission(dbSession, 42L, group.getId(), UserRole.ADMIN); | |||||
dbSession.commit(); | dbSession.commit(); | ||||
loginAsAdmin(); | loginAsAdmin(); |
import org.sonar.api.security.DefaultGroups; | import org.sonar.api.security.DefaultGroups; | ||||
import org.sonar.db.Dao; | import org.sonar.db.Dao; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.MyBatis; | |||||
import org.sonar.db.user.GroupRoleDto; | import org.sonar.db.user.GroupRoleDto; | ||||
import org.sonar.db.user.UserPermissionDto; | import org.sonar.db.user.UserPermissionDto; | ||||
import static com.google.common.collect.Maps.newHashMap; | |||||
import static org.sonar.db.DatabaseUtils.executeLargeInputs; | import static org.sonar.db.DatabaseUtils.executeLargeInputs; | ||||
import static org.sonar.db.DatabaseUtils.executeLargeInputsWithoutOutput; | import static org.sonar.db.DatabaseUtils.executeLargeInputsWithoutOutput; | ||||
public class PermissionDao implements Dao { | public class PermissionDao implements Dao { | ||||
private static final String QUERY_PARAMETER = "query"; | |||||
private static final String COMPONENT_ID_PARAMETER = "componentId"; | private static final String COMPONENT_ID_PARAMETER = "componentId"; | ||||
private static final String ANYONE_GROUP_PARAMETER = "anyoneGroup"; | private static final String ANYONE_GROUP_PARAMETER = "anyoneGroup"; | ||||
private final MyBatis myBatis; | |||||
public PermissionDao(MyBatis myBatis) { | |||||
this.myBatis = myBatis; | |||||
} | |||||
/** | |||||
* @return a paginated list of users. | |||||
* @deprecated use {@link #selectLoginsByPermissionQuery(DbSession, PermissionQuery)} or {@link #selectUserPermissionsByLoginsAnProject(DbSession, List, Long)} instead | |||||
*/ | |||||
@Deprecated | |||||
public List<UserWithPermissionDto> selectUsers(DbSession session, OldPermissionQuery query, @Nullable Long componentId, int offset, int limit) { | |||||
Map<String, Object> params = usersParameters(query, componentId); | |||||
return mapper(session).selectUsers(params, new RowBounds(offset, limit)); | |||||
} | |||||
/** | /** | ||||
* Ordered by user names | * Ordered by user names | ||||
*/ | */ | ||||
return executeLargeInputs(logins, l -> mapper(dbSession).selectUserPermissionsByLogins(l, projectId)); | return executeLargeInputs(logins, l -> mapper(dbSession).selectUserPermissionsByLogins(l, projectId)); | ||||
} | } | ||||
/** | |||||
* @deprecated use {@link #countUsersByQuery(DbSession, PermissionQuery)} instead | |||||
*/ | |||||
@Deprecated | |||||
public int countUsers(DbSession session, OldPermissionQuery query, @Nullable Long componentId) { | |||||
Map<String, Object> params = usersParameters(query, componentId); | |||||
return mapper(session).countUsers(params); | |||||
} | |||||
private static Map<String, Object> usersParameters(OldPermissionQuery query, @Nullable Long componentId) { | |||||
Map<String, Object> params = newHashMap(); | |||||
params.put(QUERY_PARAMETER, query); | |||||
params.put(COMPONENT_ID_PARAMETER, componentId); | |||||
return params; | |||||
} | |||||
/** | |||||
* 'Anyone' group is not returned when it has not the asked permission. | |||||
* Membership parameter from query is not taking into account in order to deal more easily with the 'Anyone' group | |||||
* | |||||
* @return a non paginated list of groups. | |||||
* @deprecated use {@link #selectGroupNamesByPermissionQuery(DbSession, PermissionQuery)} or {@link #selectGroupPermissionsByGroupNamesAndProject(DbSession, List, Long)} instead | |||||
*/ | |||||
@Deprecated | |||||
public List<GroupWithPermissionDto> selectGroups(DbSession session, OldPermissionQuery query, @Nullable Long componentId) { | |||||
Map<String, Object> params = groupsParameters(query, componentId); | |||||
return mapper(session).selectGroups(params); | |||||
} | |||||
public List<GroupWithPermissionDto> selectGroups(OldPermissionQuery query, @Nullable Long componentId) { | |||||
DbSession session = myBatis.openSession(false); | |||||
try { | |||||
return selectGroups(session, query, componentId); | |||||
} finally { | |||||
MyBatis.closeQuietly(session); | |||||
} | |||||
} | |||||
public int countGroups(DbSession session, String permission, @Nullable Long componentId) { | public int countGroups(DbSession session, String permission, @Nullable Long componentId) { | ||||
Map<String, Object> parameters = new HashMap<>(); | Map<String, Object> parameters = new HashMap<>(); | ||||
parameters.put("permission", permission); | parameters.put("permission", permission); | ||||
}); | }); | ||||
} | } | ||||
private static Map<String, Object> groupsParameters(OldPermissionQuery query, @Nullable Long componentId) { | |||||
Map<String, Object> params = newHashMap(); | |||||
params.put(QUERY_PARAMETER, query); | |||||
params.put(COMPONENT_ID_PARAMETER, componentId); | |||||
params.put(ANYONE_GROUP_PARAMETER, DefaultGroups.ANYONE); | |||||
return params; | |||||
} | |||||
private static PermissionMapper mapper(SqlSession session) { | private static PermissionMapper mapper(SqlSession session) { | ||||
return session.getMapper(PermissionMapper.class); | return session.getMapper(PermissionMapper.class); | ||||
} | } |
public interface PermissionMapper { | public interface PermissionMapper { | ||||
List<UserWithPermissionDto> selectUsers(Map<String, Object> parameters, RowBounds rowBounds); | |||||
int countUsers(Map<String, Object> parameters); | |||||
List<String> selectLoginsByPermissionQuery(@Param("query") PermissionQuery query, RowBounds rowBounds); | List<String> selectLoginsByPermissionQuery(@Param("query") PermissionQuery query, RowBounds rowBounds); | ||||
int countUsersByPermissionQuery(@Param("query") PermissionQuery query); | int countUsersByPermissionQuery(@Param("query") PermissionQuery query); | ||||
List<UserPermissionDto> selectUserPermissionsByLogins(@Param("logins") List<String> logins, @Nullable @Param("projectId") Long projectId); | List<UserPermissionDto> selectUserPermissionsByLogins(@Param("logins") List<String> logins, @Nullable @Param("projectId") Long projectId); | ||||
List<GroupWithPermissionDto> selectGroups(Map<String, Object> parameters); | |||||
int countGroups(Map<String, Object> parameters); | int countGroups(Map<String, Object> parameters); | ||||
List<String> selectGroupNamesByPermissionQuery(@Param("query") PermissionQuery query, RowBounds rowBounds); | List<String> selectGroupNamesByPermissionQuery(@Param("query") PermissionQuery query, RowBounds rowBounds); |
dbClient.roleDao().deleteGroupRole(groupRole, session); | dbClient.roleDao().deleteGroupRole(groupRole, session); | ||||
} | } | ||||
public void deleteGroupPermission(@Nullable Long resourceId, String groupName, String permission, DbSession session) { | |||||
if (isAnyone(groupName)) { | |||||
deleteGroupPermission(resourceId, (Long) null, permission, session); | |||||
} else { | |||||
GroupDto group = dbClient.groupDao().selectByName(session, groupName); | |||||
if (group != null) { | |||||
deleteGroupPermission(resourceId, group.getId(), permission, session); | |||||
} | |||||
} | |||||
} | |||||
/** | /** | ||||
* For each modification of permission on a project, update the authorization_updated_at to help ES reindex only relevant changes | * For each modification of permission on a project, update the authorization_updated_at to help ES reindex only relevant changes | ||||
*/ | */ |
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.MyBatis; | import org.sonar.db.MyBatis; | ||||
import org.sonar.db.permission.CountByProjectAndPermissionDto; | import org.sonar.db.permission.CountByProjectAndPermissionDto; | ||||
import org.sonar.db.permission.GroupWithPermissionDto; | |||||
import org.sonar.db.permission.OldPermissionQuery; | import org.sonar.db.permission.OldPermissionQuery; | ||||
import org.sonar.db.permission.PermissionQuery; | import org.sonar.db.permission.PermissionQuery; | ||||
import org.sonar.db.permission.UserWithPermissionDto; | |||||
import static java.lang.String.format; | import static java.lang.String.format; | ||||
import static org.sonar.api.security.DefaultGroups.ANYONE; | import static org.sonar.api.security.DefaultGroups.ANYONE; | ||||
this.system = system; | this.system = system; | ||||
} | } | ||||
@Deprecated | |||||
public List<UserWithPermissionDto> selectUsers(DbSession session, OldPermissionQuery query, Long templateId, int offset, int limit) { | |||||
return mapper(session).selectUsers(query, templateId, new RowBounds(offset, limit)); | |||||
} | |||||
/** | /** | ||||
* @return a paginated list of user logins. | * @return a paginated list of user logins. | ||||
*/ | */ | ||||
return executeLargeInputs(logins, l -> mapper(dbSession).selectUserPermissionsByTemplateIdAndUserLogins(templateId, l)); | return executeLargeInputs(logins, l -> mapper(dbSession).selectUserPermissionsByTemplateIdAndUserLogins(templateId, l)); | ||||
} | } | ||||
public List<PermissionTemplateUserDto> selectUserPermissionsByTemplateId(DbSession dbSession, long templateId) { | |||||
private List<PermissionTemplateUserDto> selectUserPermissionsByTemplateId(DbSession dbSession, long templateId) { | |||||
return mapper(dbSession).selectUserPermissionsByTemplateIdAndUserLogins(templateId, Collections.emptyList()); | return mapper(dbSession).selectUserPermissionsByTemplateIdAndUserLogins(templateId, Collections.emptyList()); | ||||
} | } | ||||
return executeLargeInputs(groups, g -> mapper(dbSession).selectGroupPermissionsByTemplateIdAndGroupNames(templateId, g)); | return executeLargeInputs(groups, g -> mapper(dbSession).selectGroupPermissionsByTemplateIdAndGroupNames(templateId, g)); | ||||
} | } | ||||
public List<PermissionTemplateGroupDto> selectGroupPermissionsByTemplateId(DbSession dbSession, long templateId) { | |||||
List<PermissionTemplateGroupDto> selectGroupPermissionsByTemplateId(DbSession dbSession, long templateId) { | |||||
return mapper(dbSession).selectGroupPermissionsByTemplateIdAndGroupNames(templateId, Collections.emptyList()); | return mapper(dbSession).selectGroupPermissionsByTemplateIdAndGroupNames(templateId, Collections.emptyList()); | ||||
} | } | ||||
/** | |||||
* 'Anyone' group is not returned when it has not the asked permission. | |||||
* Membership parameter from query is not taking into account in order to deal more easily with the 'Anyone' group. | |||||
* @return a non paginated list of groups. | |||||
*/ | |||||
@Deprecated | |||||
public List<GroupWithPermissionDto> selectGroups(DbSession session, OldPermissionQuery query, Long templateId) { | |||||
return selectGroups(session, query, templateId, 0, Integer.MAX_VALUE); | |||||
} | |||||
@Deprecated | |||||
public List<GroupWithPermissionDto> selectGroups(DbSession session, OldPermissionQuery query, Long templateId, int offset, int limit) { | |||||
return mapper(session).selectGroups(query, templateId, ANYONE, ADMIN, new RowBounds(offset, limit)); | |||||
} | |||||
@Deprecated | |||||
public List<GroupWithPermissionDto> selectGroups(OldPermissionQuery query, Long templateId) { | |||||
DbSession session = myBatis.openSession(false); | |||||
try { | |||||
return selectGroups(session, query, templateId); | |||||
} finally { | |||||
MyBatis.closeQuietly(session); | |||||
} | |||||
} | |||||
@Deprecated | |||||
public int countGroups(DbSession session, OldPermissionQuery query, long templateId) { | |||||
return countGroups(session, query, templateId, null); | |||||
} | |||||
private static int countGroups(DbSession session, OldPermissionQuery query, long templateId, @Nullable String groupName) { | private static int countGroups(DbSession session, OldPermissionQuery query, long templateId, @Nullable String groupName) { | ||||
return mapper(session).countGroups(query, templateId, ANYONE, ADMIN, groupName != null ? groupName.toUpperCase(Locale.ENGLISH) : null); | return mapper(session).countGroups(query, templateId, ANYONE, ADMIN, groupName != null ? groupName.toUpperCase(Locale.ENGLISH) : null); | ||||
} | } | ||||
return mapper(session).selectByUuid(templateUuid); | return mapper(session).selectByUuid(templateUuid); | ||||
} | } | ||||
@CheckForNull | |||||
public PermissionTemplateDto selectByUuid(String templateUuid) { | |||||
DbSession session = myBatis.openSession(false); | |||||
try { | |||||
return selectByUuid(session, templateUuid); | |||||
} finally { | |||||
MyBatis.closeQuietly(session); | |||||
} | |||||
} | |||||
@CheckForNull | @CheckForNull | ||||
public PermissionTemplate selectByUuidWithUserAndGroupPermissions(DbSession session, String templateUuid) { | public PermissionTemplate selectByUuidWithUserAndGroupPermissions(DbSession session, String templateUuid) { | ||||
PermissionTemplateMapper mapper = mapper(session); | PermissionTemplateMapper mapper = mapper(session); | ||||
return mapper(session).selectAll(null); | return mapper(session).selectAll(null); | ||||
} | } | ||||
public List<PermissionTemplateDto> selectAll() { | |||||
DbSession session = myBatis.openSession(false); | |||||
try { | |||||
return selectAll(session); | |||||
} finally { | |||||
MyBatis.closeQuietly(session); | |||||
} | |||||
} | |||||
public int countAll(DbSession dbSession, String nameQuery) { | public int countAll(DbSession dbSession, String nameQuery) { | ||||
String upperCasedNameQuery = toUppercaseSqlQuery(nameQuery); | String upperCasedNameQuery = toUppercaseSqlQuery(nameQuery); | ||||
mapper.delete(templateId); | mapper.delete(templateId); | ||||
} | } | ||||
/** | |||||
* @deprecated since 5.2 use {@link #update(DbSession, PermissionTemplateDto)} | |||||
*/ | |||||
@Deprecated | |||||
public void update(Long templateId, String templateName, @Nullable String description, @Nullable String projectPattern) { | |||||
PermissionTemplateDto permissionTemplate = new PermissionTemplateDto() | |||||
.setId(templateId) | |||||
.setName(templateName) | |||||
.setDescription(description) | |||||
.setKeyPattern(projectPattern) | |||||
.setUpdatedAt(now()); | |||||
DbSession session = myBatis.openSession(false); | |||||
try { | |||||
update(session, permissionTemplate); | |||||
} finally { | |||||
MyBatis.closeQuietly(session); | |||||
} | |||||
} | |||||
public PermissionTemplateDto update(DbSession session, PermissionTemplateDto permissionTemplate) { | public PermissionTemplateDto update(DbSession session, PermissionTemplateDto permissionTemplate) { | ||||
mapper(session).update(permissionTemplate); | mapper(session).update(permissionTemplate); | ||||
session.commit(); | session.commit(); | ||||
return permissionTemplate; | return permissionTemplate; | ||||
} | } | ||||
/** | |||||
* @deprecated since 5.2 {@link #insertUserPermission(DbSession, Long, Long, String)} | |||||
*/ | |||||
@Deprecated | |||||
public void insertUserPermission(Long templateId, Long userId, String permission) { | |||||
DbSession session = myBatis.openSession(false); | |||||
try { | |||||
insertUserPermission(session, templateId, userId, permission); | |||||
} finally { | |||||
MyBatis.closeQuietly(session); | |||||
} | |||||
} | |||||
public void insertUserPermission(DbSession session, Long templateId, Long userId, String permission) { | public void insertUserPermission(DbSession session, Long templateId, Long userId, String permission) { | ||||
PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto() | PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto() | ||||
.setTemplateId(templateId) | .setTemplateId(templateId) | ||||
session.commit(); | session.commit(); | ||||
} | } | ||||
public void insertUserPermission(DbSession session, PermissionTemplateUserDto permissionTemplateUserDto) { | |||||
mapper(session).insertUserPermission(permissionTemplateUserDto); | |||||
} | |||||
/** | |||||
* @deprecated since 5.2 {@link #deleteUserPermission(DbSession, Long, Long, String)} | |||||
*/ | |||||
@Deprecated | |||||
public void deleteUserPermission(Long templateId, Long userId, String permission) { | |||||
DbSession session = myBatis.openSession(false); | |||||
try { | |||||
deleteUserPermission(session, templateId, userId, permission); | |||||
} finally { | |||||
MyBatis.closeQuietly(session); | |||||
} | |||||
} | |||||
public void deleteUserPermission(DbSession session, Long templateId, Long userId, String permission) { | public void deleteUserPermission(DbSession session, Long templateId, Long userId, String permission) { | ||||
PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto() | PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto() | ||||
.setTemplateId(templateId) | .setTemplateId(templateId) | ||||
session.commit(); | session.commit(); | ||||
} | } | ||||
/** | |||||
* @deprecated since 5.2 use {@link #insertGroupPermission(DbSession, Long, Long, String)} | |||||
*/ | |||||
@Deprecated | |||||
public void insertGroupPermission(Long templateId, @Nullable Long groupId, String permission) { | |||||
DbSession session = myBatis.openSession(false); | |||||
try { | |||||
insertGroupPermission(session, templateId, groupId, permission); | |||||
} finally { | |||||
MyBatis.closeQuietly(session); | |||||
} | |||||
} | |||||
public void insertGroupPermission(DbSession session, Long templateId, @Nullable Long groupId, String permission) { | public void insertGroupPermission(DbSession session, Long templateId, @Nullable Long groupId, String permission) { | ||||
PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto() | PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto() | ||||
.setTemplateId(templateId) | .setTemplateId(templateId) | ||||
mapper(session).insertGroupPermission(permissionTemplateGroup); | mapper(session).insertGroupPermission(permissionTemplateGroup); | ||||
} | } | ||||
/** | |||||
* @deprecated since 5.2 use {@link #deleteGroupPermission(DbSession, Long, Long, String)} | |||||
*/ | |||||
@Deprecated | |||||
public void deleteGroupPermission(Long templateId, @Nullable Long groupId, String permission) { | |||||
DbSession session = myBatis.openSession(false); | |||||
try { | |||||
deleteGroupPermission(session, templateId, groupId, permission); | |||||
} finally { | |||||
MyBatis.closeQuietly(session); | |||||
} | |||||
} | |||||
public void deleteGroupPermission(DbSession session, Long templateId, @Nullable Long groupId, String permission) { | public void deleteGroupPermission(DbSession session, Long templateId, @Nullable Long groupId, String permission) { | ||||
PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto() | PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto() | ||||
.setTemplateId(templateId) | .setTemplateId(templateId) |
<mapper namespace="org.sonar.db.permission.PermissionMapper"> | <mapper namespace="org.sonar.db.permission.PermissionMapper"> | ||||
<select id="selectUsers" parameterType="map" resultType="UserWithPermission"> | |||||
SELECT u.login as login, u.name as name, u.email as email, user_role.role as permission | |||||
<include refid="usersSelection"/> | |||||
ORDER BY u.name | |||||
</select> | |||||
<select id="countUsers" parameterType="map" resultType="int"> | |||||
SELECT count(u.login) | |||||
<include refid="usersSelection"/> | |||||
</select> | |||||
<sql id="usersSelection"> | <sql id="usersSelection"> | ||||
FROM users u | FROM users u | ||||
LEFT JOIN user_roles user_role ON user_role.user_id=u.id | LEFT JOIN user_roles user_role ON user_role.user_id=u.id | ||||
) groups | ) groups | ||||
</select> | </select> | ||||
<select id="selectGroups" parameterType="map" resultType="GroupWithPermission"> | |||||
SELECT id, name, description, permission FROM | |||||
(SELECT g.id as id, g.name as name, g.description as description, group_role.role as permission | |||||
FROM groups g | |||||
LEFT JOIN group_roles group_role ON group_role.group_id=g.id | |||||
AND group_role.role=#{query.permission} | |||||
<if test="componentId != null"> | |||||
AND group_role.resource_id=#{componentId} | |||||
</if> | |||||
<if test="componentId == null"> | |||||
AND group_role.resource_id IS NULL | |||||
</if> | |||||
UNION | |||||
-- Add Anyone group permission | |||||
SELECT 0 as id, #{anyoneGroup} as name, NULL as description, group_role.role as permission | |||||
FROM group_roles group_role | |||||
<where> | |||||
AND group_role.role=#{query.permission} | |||||
AND group_role.group_id IS NULL | |||||
<if test="componentId != null"> | |||||
AND group_role.resource_id=#{componentId} | |||||
</if> | |||||
<if test="componentId == null"> | |||||
AND group_role.resource_id IS NULL | |||||
</if> | |||||
</where> | |||||
) groups | |||||
<where> | |||||
<if test="query.search() != null"> | |||||
AND (UPPER(groups.name) LIKE #{query.searchSql} ESCAPE '/') | |||||
</if> | |||||
</where> | |||||
ORDER BY groups.name | |||||
</select> | |||||
<select id="selectGroupNamesByPermissionQuery" parameterType="map" resultType="string"> | <select id="selectGroupNamesByPermissionQuery" parameterType="map" resultType="string"> | ||||
select distinct gr.name, lower(gr.name), gr.group_id | select distinct gr.name, lower(gr.name), gr.group_id | ||||
<include refid="groupsByQuery" /> | <include refid="groupsByQuery" /> |
@Rule | @Rule | ||||
public DbTester db = DbTester.create(System2.INSTANCE); | public DbTester db = DbTester.create(System2.INSTANCE); | ||||
GroupDbTester groupDb = new GroupDbTester(db); | |||||
PermissionDbTester permissionDb = new PermissionDbTester(db); | |||||
ComponentDbTester componentDb = new ComponentDbTester(db); | |||||
DbSession dbSession = db.getSession(); | |||||
private GroupDbTester groupDb = new GroupDbTester(db); | |||||
private PermissionDbTester permissionDb = new PermissionDbTester(db); | |||||
private ComponentDbTester componentDb = new ComponentDbTester(db); | |||||
private DbSession dbSession = db.getSession(); | |||||
PermissionDao underTest = new PermissionDao(db.myBatis()); | |||||
@Test | |||||
public void select_groups_for_project_permission() { | |||||
db.prepareDbUnit(getClass(), "groups_with_permissions.xml"); | |||||
OldPermissionQuery query = OldPermissionQuery.builder().permission("user").build(); | |||||
List<GroupWithPermissionDto> result = underTest.selectGroups(dbSession, query, COMPONENT_ID); | |||||
assertThat(result).hasSize(4); | |||||
GroupWithPermissionDto anyone = result.get(0); | |||||
assertThat(anyone.getName()).isEqualTo("Anyone"); | |||||
assertThat(anyone.getDescription()).isNull(); | |||||
assertThat(anyone.getPermission()).isNotNull(); | |||||
GroupWithPermissionDto group1 = result.get(1); | |||||
assertThat(group1.getName()).isEqualTo("sonar-administrators"); | |||||
assertThat(group1.getDescription()).isEqualTo("System administrators"); | |||||
assertThat(group1.getPermission()).isNotNull(); | |||||
GroupWithPermissionDto group2 = result.get(2); | |||||
assertThat(group2.getName()).isEqualTo("sonar-reviewers"); | |||||
assertThat(group2.getDescription()).isEqualTo("Reviewers"); | |||||
assertThat(group2.getPermission()).isNull(); | |||||
GroupWithPermissionDto group3 = result.get(3); | |||||
assertThat(group3.getName()).isEqualTo("sonar-users"); | |||||
assertThat(group3.getDescription()).isEqualTo("Any new users created will automatically join this group"); | |||||
assertThat(group3.getPermission()).isNotNull(); | |||||
} | |||||
@Test | |||||
public void anyone_group_is_not_returned_when_it_has_no_permission() { | |||||
db.prepareDbUnit(getClass(), "groups_with_permissions.xml"); | |||||
// Anyone group has not the permission 'admin', so it's not returned | |||||
OldPermissionQuery query = OldPermissionQuery.builder().permission("admin").build(); | |||||
List<GroupWithPermissionDto> result = underTest.selectGroups(dbSession, query, COMPONENT_ID); | |||||
assertThat(result).hasSize(3); | |||||
GroupWithPermissionDto group1 = result.get(0); | |||||
assertThat(group1.getName()).isEqualTo("sonar-administrators"); | |||||
assertThat(group1.getPermission()).isNotNull(); | |||||
GroupWithPermissionDto group2 = result.get(1); | |||||
assertThat(group2.getName()).isEqualTo("sonar-reviewers"); | |||||
assertThat(group2.getPermission()).isNull(); | |||||
GroupWithPermissionDto group3 = result.get(2); | |||||
assertThat(group3.getName()).isEqualTo("sonar-users"); | |||||
assertThat(group3.getPermission()).isNull(); | |||||
} | |||||
@Test | |||||
public void select_groups_for_global_permission() { | |||||
db.prepareDbUnit(getClass(), "groups_with_permissions.xml"); | |||||
OldPermissionQuery query = OldPermissionQuery.builder().permission("admin").build(); | |||||
List<GroupWithPermissionDto> result = underTest.selectGroups(dbSession, query, null); | |||||
assertThat(result).hasSize(3); | |||||
GroupWithPermissionDto group1 = result.get(0); | |||||
assertThat(group1.getName()).isEqualTo("sonar-administrators"); | |||||
assertThat(group1.getPermission()).isNotNull(); | |||||
GroupWithPermissionDto group2 = result.get(1); | |||||
assertThat(group2.getName()).isEqualTo("sonar-reviewers"); | |||||
assertThat(group2.getPermission()).isNull(); | |||||
GroupWithPermissionDto group3 = result.get(2); | |||||
assertThat(group3.getName()).isEqualTo("sonar-users"); | |||||
assertThat(group3.getPermission()).isNull(); | |||||
} | |||||
@Test | |||||
public void search_by_groups_name() { | |||||
db.prepareDbUnit(getClass(), "groups_with_permissions.xml"); | |||||
List<GroupWithPermissionDto> result = underTest.selectGroups(dbSession, OldPermissionQuery.builder().permission("user").search("aDMini").build(), COMPONENT_ID); | |||||
assertThat(result).hasSize(1); | |||||
assertThat(result.get(0).getName()).isEqualTo("sonar-administrators"); | |||||
result = underTest.selectGroups(dbSession, OldPermissionQuery.builder().permission("user").search("sonar").build(), COMPONENT_ID); | |||||
assertThat(result).hasSize(3); | |||||
} | |||||
@Test | |||||
public void search_groups_should_be_sorted_by_group_name() { | |||||
db.prepareDbUnit(getClass(), "groups_with_permissions_should_be_sorted_by_group_name.xml"); | |||||
List<GroupWithPermissionDto> result = underTest.selectGroups(dbSession, OldPermissionQuery.builder().permission("user").build(), COMPONENT_ID); | |||||
int count = underTest.countGroups(dbSession, "user", COMPONENT_ID); | |||||
assertThat(result).hasSize(4); | |||||
assertThat(count).isEqualTo(2); | |||||
assertThat(result.get(0).getName()).isEqualTo("Anyone"); | |||||
assertThat(result.get(1).getName()).isEqualTo("sonar-administrators"); | |||||
assertThat(result.get(2).getName()).isEqualTo("sonar-reviewers"); | |||||
assertThat(result.get(3).getName()).isEqualTo("sonar-users"); | |||||
} | |||||
private PermissionDao underTest = new PermissionDao(); | |||||
@Test | @Test | ||||
public void group_count_by_permission_and_component_id() { | public void group_count_by_permission_and_component_id() { |
checkAuthorizationUpdatedAtIsUpdated(); | checkAuthorizationUpdatedAtIsUpdated(); | ||||
} | } | ||||
@Test | |||||
public void should_delete_group_name_permission() { | |||||
dbTester.prepareDbUnit(getClass(), "should_delete_group_permission.xml"); | |||||
underTest.deleteGroupPermission(PROJECT_ID, "devs", UserRole.USER, session); | |||||
session.commit(); | |||||
dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role"); | |||||
dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "projects", "authorization_updated_at"); | |||||
} | |||||
@Test | @Test | ||||
public void would_user_have_permission_with_default_permission_template() { | public void would_user_have_permission_with_default_permission_template() { | ||||
UserDto user = userDb.insertUser(); | UserDto user = userDb.insertUser(); |
ComponentDbTester componentDb = new ComponentDbTester(dbTester); | ComponentDbTester componentDb = new ComponentDbTester(dbTester); | ||||
DbSession session = dbTester.getSession(); | DbSession session = dbTester.getSession(); | ||||
PermissionDao underTest = new PermissionDao(dbTester.myBatis()); | |||||
PermissionDao underTest = new PermissionDao(); | |||||
@Test | @Test | ||||
public void select_logins_by_query() { | public void select_logins_by_query() { |
import org.sonar.api.utils.System2; | import org.sonar.api.utils.System2; | ||||
import org.sonar.db.DbSession; | import org.sonar.db.DbSession; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.permission.GroupWithPermissionDto; | |||||
import org.sonar.db.permission.OldPermissionQuery; | |||||
import org.sonar.db.permission.PermissionQuery; | import org.sonar.db.permission.PermissionQuery; | ||||
import org.sonar.db.user.GroupDbTester; | import org.sonar.db.user.GroupDbTester; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
public class GroupWithPermissionTemplateDaoTest { | public class GroupWithPermissionTemplateDaoTest { | ||||
private static final long TEMPLATE_ID = 50L; | |||||
@Rule | @Rule | ||||
public DbTester dbTester = DbTester.create(System2.INSTANCE); | public DbTester dbTester = DbTester.create(System2.INSTANCE); | ||||
private DbSession session = dbTester.getSession(); | |||||
private GroupDbTester groupDb = new GroupDbTester(dbTester); | |||||
private PermissionTemplateDbTester permissionTemplateDbTester = new PermissionTemplateDbTester(dbTester); | |||||
DbSession session = dbTester.getSession(); | |||||
GroupDbTester groupDb = new GroupDbTester(dbTester); | |||||
PermissionTemplateDbTester permissionTemplateDbTester = new PermissionTemplateDbTester(dbTester); | |||||
PermissionTemplateDao underTest = dbTester.getDbClient().permissionTemplateDao(); | |||||
@Test | |||||
public void select_groups() { | |||||
dbTester.prepareDbUnit(getClass(), "groups_with_permissions.xml"); | |||||
OldPermissionQuery query = OldPermissionQuery.builder().permission("user").build(); | |||||
List<GroupWithPermissionDto> result = underTest.selectGroups(session, query, TEMPLATE_ID); | |||||
int count = underTest.countGroups(session, query, TEMPLATE_ID); | |||||
assertThat(result).hasSize(4); | |||||
assertThat(count).isEqualTo(4); | |||||
GroupWithPermissionDto anyone = result.get(0); | |||||
assertThat(anyone.getName()).isEqualTo("Anyone"); | |||||
assertThat(anyone.getDescription()).isNull(); | |||||
assertThat(anyone.getPermission()).isNotNull(); | |||||
GroupWithPermissionDto group1 = result.get(1); | |||||
assertThat(group1.getName()).isEqualTo("sonar-administrators"); | |||||
assertThat(group1.getDescription()).isEqualTo("System administrators"); | |||||
assertThat(group1.getPermission()).isNotNull(); | |||||
GroupWithPermissionDto group2 = result.get(2); | |||||
assertThat(group2.getName()).isEqualTo("sonar-reviewers"); | |||||
assertThat(group2.getDescription()).isEqualTo("Reviewers"); | |||||
assertThat(group2.getPermission()).isNull(); | |||||
GroupWithPermissionDto group3 = result.get(3); | |||||
assertThat(group3.getName()).isEqualTo("sonar-users"); | |||||
assertThat(group3.getDescription()).isEqualTo("Any new users created will automatically join this group"); | |||||
assertThat(group3.getPermission()).isNotNull(); | |||||
} | |||||
@Test | |||||
public void anyone_group_is_returned_when_it_has_no_permission() { | |||||
dbTester.prepareDbUnit(getClass(), "groups_with_permissions.xml"); | |||||
// Anyone group is returned even if it doesn't have the permission | |||||
OldPermissionQuery query = OldPermissionQuery.builder().permission(USER).build(); | |||||
List<GroupWithPermissionDto> result = underTest.selectGroups(session, query, TEMPLATE_ID); | |||||
assertThat(result).hasSize(4); | |||||
GroupWithPermissionDto group1 = result.get(1); | |||||
assertThat(group1.getName()).isEqualTo("sonar-administrators"); | |||||
assertThat(group1.getPermission()).isNotNull(); | |||||
GroupWithPermissionDto group2 = result.get(2); | |||||
assertThat(group2.getName()).isEqualTo("sonar-reviewers"); | |||||
assertThat(group2.getPermission()).isNull(); | |||||
GroupWithPermissionDto group3 = result.get(3); | |||||
assertThat(group3.getName()).isEqualTo("sonar-users"); | |||||
assertThat(group3.getPermission()).isNotNull(); | |||||
} | |||||
@Test | |||||
public void search_by_groups_name() { | |||||
dbTester.prepareDbUnit(getClass(), "groups_with_permissions.xml"); | |||||
List<GroupWithPermissionDto> result = underTest.selectGroups(session, OldPermissionQuery.builder().permission("user").search("aDMini").build(), TEMPLATE_ID); | |||||
assertThat(result).hasSize(1); | |||||
assertThat(result.get(0).getName()).isEqualTo("sonar-administrators"); | |||||
result = underTest.selectGroups(session, OldPermissionQuery.builder().permission("user").search("sonar").build(), TEMPLATE_ID); | |||||
assertThat(result).hasSize(3); | |||||
} | |||||
@Test | |||||
public void search_groups_should_be_sorted_by_group_name() { | |||||
dbTester.prepareDbUnit(getClass(), "groups_with_permissions_should_be_sorted_by_group_name.xml"); | |||||
List<GroupWithPermissionDto> result = underTest.selectGroups(session, OldPermissionQuery.builder().permission("user").build(), TEMPLATE_ID); | |||||
assertThat(result).hasSize(4); | |||||
assertThat(result.get(0).getName()).isEqualTo("Anyone"); | |||||
assertThat(result.get(1).getName()).isEqualTo("sonar-administrators"); | |||||
assertThat(result.get(2).getName()).isEqualTo("sonar-reviewers"); | |||||
assertThat(result.get(3).getName()).isEqualTo("sonar-users"); | |||||
} | |||||
private PermissionTemplateDao underTest = dbTester.getDbClient().permissionTemplateDao(); | |||||
@Test | @Test | ||||
public void select_group_names_by_query_and_template() { | public void select_group_names_by_query_and_template() { |
public void should_select_permission_template_by_key() { | public void should_select_permission_template_by_key() { | ||||
db.prepareDbUnit(getClass(), "selectPermissionTemplate.xml"); | db.prepareDbUnit(getClass(), "selectPermissionTemplate.xml"); | ||||
PermissionTemplateDto permissionTemplate = underTest.selectByUuid("my_template_20130102_030405"); | |||||
PermissionTemplateDto permissionTemplate = underTest.selectByUuid(dbSession, "my_template_20130102_030405"); | |||||
assertThat(permissionTemplate).isNotNull(); | assertThat(permissionTemplate).isNotNull(); | ||||
assertThat(permissionTemplate.getId()).isEqualTo(1L); | assertThat(permissionTemplate.getId()).isEqualTo(1L); | ||||
db.prepareDbUnit(getClass(), "selectAllPermissionTemplates.xml"); | db.prepareDbUnit(getClass(), "selectAllPermissionTemplates.xml"); | ||||
commit(); | commit(); | ||||
List<PermissionTemplateDto> permissionTemplates = underTest.selectAll(); | |||||
List<PermissionTemplateDto> permissionTemplates = underTest.selectAll(dbSession); | |||||
assertThat(permissionTemplates).hasSize(3); | assertThat(permissionTemplates).hasSize(3); | ||||
assertThat(permissionTemplates).extracting("id").containsOnly(1L, 2L, 3L); | assertThat(permissionTemplates).extracting("id").containsOnly(1L, 2L, 3L); | ||||
public void should_update_permission_template() { | public void should_update_permission_template() { | ||||
db.prepareDbUnit(getClass(), "updatePermissionTemplate.xml"); | db.prepareDbUnit(getClass(), "updatePermissionTemplate.xml"); | ||||
underTest.update(1L, "new_name", "new_description", "new_regexp"); | |||||
PermissionTemplateDto dto = new PermissionTemplateDto(); | |||||
dto.setId(1L); | |||||
dto.setName("new_name"); | |||||
dto.setDescription("new_description"); | |||||
dto.setKeyPattern("new_regexp"); | |||||
underTest.update(dbSession, dto); | |||||
db.assertDbUnitTable(getClass(), "updatePermissionTemplate-result.xml", "permission_templates", "id", "name", "kee", "description"); | db.assertDbUnitTable(getClass(), "updatePermissionTemplate-result.xml", "permission_templates", "id", "name", "kee", "description"); | ||||
} | } | ||||
public void should_add_user_permission_to_template() { | public void should_add_user_permission_to_template() { | ||||
db.prepareDbUnit(getClass(), "addUserPermissionToTemplate.xml"); | db.prepareDbUnit(getClass(), "addUserPermissionToTemplate.xml"); | ||||
underTest.insertUserPermission(1L, 1L, "new_permission"); | |||||
underTest.insertUserPermission(dbSession, 1L, 1L, "new_permission"); | |||||
checkTemplateTables("addUserPermissionToTemplate-result.xml"); | checkTemplateTables("addUserPermissionToTemplate-result.xml"); | ||||
} | } | ||||
public void should_remove_user_permission_from_template() { | public void should_remove_user_permission_from_template() { | ||||
db.prepareDbUnit(getClass(), "removeUserPermissionFromTemplate.xml"); | db.prepareDbUnit(getClass(), "removeUserPermissionFromTemplate.xml"); | ||||
underTest.deleteUserPermission(1L, 2L, "permission_to_remove"); | |||||
underTest.deleteUserPermission(dbSession, 1L, 2L, "permission_to_remove"); | |||||
checkTemplateTables("removeUserPermissionFromTemplate-result.xml"); | checkTemplateTables("removeUserPermissionFromTemplate-result.xml"); | ||||
} | } | ||||
public void should_add_group_permission_to_template() { | public void should_add_group_permission_to_template() { | ||||
db.prepareDbUnit(getClass(), "addGroupPermissionToTemplate.xml"); | db.prepareDbUnit(getClass(), "addGroupPermissionToTemplate.xml"); | ||||
underTest.insertGroupPermission(1L, 1L, "new_permission"); | |||||
underTest.insertGroupPermission(dbSession, 1L, 1L, "new_permission"); | |||||
checkTemplateTables("addGroupPermissionToTemplate-result.xml"); | checkTemplateTables("addGroupPermissionToTemplate-result.xml"); | ||||
} | } | ||||
@Test | |||||
public void should_remove_group_permission_from_template() { | |||||
db.prepareDbUnit(getClass(), "removeGroupPermissionFromTemplate.xml"); | |||||
underTest.deleteGroupPermission(1L, 2L, "permission_to_remove"); | |||||
checkTemplateTables("removeGroupPermissionFromTemplate-result.xml"); | |||||
} | |||||
@Test | @Test | ||||
public void remove_by_group() { | public void remove_by_group() { | ||||
db.prepareDbUnit(getClass(), "remove_by_group.xml"); | db.prepareDbUnit(getClass(), "remove_by_group.xml"); | ||||
public void should_add_group_permission_with_null_name() { | public void should_add_group_permission_with_null_name() { | ||||
db.prepareDbUnit(getClass(), "addNullGroupPermissionToTemplate.xml"); | db.prepareDbUnit(getClass(), "addNullGroupPermissionToTemplate.xml"); | ||||
underTest.insertGroupPermission(1L, null, "new_permission"); | |||||
underTest.insertGroupPermission(dbSession, 1L, null, "new_permission"); | |||||
checkTemplateTables("addNullGroupPermissionToTemplate-result.xml"); | checkTemplateTables("addNullGroupPermissionToTemplate-result.xml"); | ||||
} | } | ||||
@Test | |||||
public void should_remove_group_permission_with_null_name() { | |||||
db.prepareDbUnit(getClass(), "removeNullGroupPermissionFromTemplate.xml"); | |||||
underTest.deleteGroupPermission(1L, null, "permission_to_remove"); | |||||
checkTemplateTables("removeNullGroupPermissionFromTemplate-result.xml"); | |||||
} | |||||
@Test | @Test | ||||
public void new_permission_template_with_empty_user_group_characteristics() { | public void new_permission_template_with_empty_user_group_characteristics() { | ||||
PermissionTemplateDto template = underTest.insert(dbSession, newPermissionTemplateDto().setUuid("TEMPLATE_UUID")); | PermissionTemplateDto template = underTest.insert(dbSession, newPermissionTemplateDto().setUuid("TEMPLATE_UUID")); |
<dataset> | |||||
<groups id="200" name="sonar-administrators" description="System administrators"/> | |||||
<groups id="201" name="sonar-users" description="Any new users created will automatically join this group"/> | |||||
<groups id="202" name="sonar-reviewers" description="Reviewers"/> | |||||
<!-- Project permissions --> | |||||
<group_roles id="1" group_id="200" resource_id="100" role="user"/> | |||||
<group_roles id="2" group_id="200" resource_id="100" role="admin"/> | |||||
<group_roles id="3" group_id="200" resource_id="100" role="codeviewer"/> | |||||
<group_roles id="4" group_id="201" resource_id="100" role="user"/> | |||||
<!-- Permission 'user' for Anyone group --> | |||||
<group_roles id="5" group_id="[null]" resource_id="100" role="user"/> | |||||
<!-- Global permission --> | |||||
<group_roles id="10" group_id="200" resource_id="[null]" role="admin"/> | |||||
</dataset> |
<dataset> | |||||
<groups id="200" name="sonar-reviewers" description="Reviewers"/> | |||||
<groups id="201" name="sonar-users" description="Any new users created will automatically join this group"/> | |||||
<groups id="202" name="sonar-administrators" description="System administrators"/> | |||||
<!-- Project permissions --> | |||||
<group_roles id="1" group_id="200" resource_id="100" role="user"/> | |||||
<group_roles id="2" group_id="200" resource_id="100" role="admin"/> | |||||
<group_roles id="3" group_id="200" resource_id="100" role="codeviewer"/> | |||||
<!-- Permission for Anyone group --> | |||||
<group_roles id="4" group_id="[null]" resource_id="100" role="user"/> | |||||
</dataset> |
<dataset> | |||||
<groups id="200" name="sonar-administrators" description="System administrators"/> | |||||
<groups id="201" name="sonar-users" description="Any new users created will automatically join this group"/> | |||||
<groups id="202" name="sonar-reviewers" description="Reviewers"/> | |||||
<perm_templates_groups id="1" group_id="200" permission_reference="user" template_id="50"/> | |||||
<perm_templates_groups id="2" group_id="200" permission_reference="admin" template_id="50"/> | |||||
<perm_templates_groups id="3" group_id="200" permission_reference="codeviewer" template_id="50"/> | |||||
<perm_templates_groups id="4" group_id="201" permission_reference="user" template_id="50"/> | |||||
<!-- Permission 'user' for Anyone group --> | |||||
<perm_templates_groups id="5" group_id="[null]" permission_reference="user" template_id="50"/> | |||||
</dataset> |
<dataset> | |||||
<groups id="200" name="sonar-reviewers"/> | |||||
<groups id="201" name="sonar-users"/> | |||||
<groups id="202" name="sonar-administrators"/> | |||||
<perm_templates_groups id="1" group_id="200" permission_reference="user" template_id="50"/> | |||||
<perm_templates_groups id="2" group_id="200" permission_reference="admin" template_id="50"/> | |||||
<perm_templates_groups id="3" group_id="200" permission_reference="codeviewer" template_id="50"/> | |||||
<perm_templates_groups id="4" group_id="201" permission_reference="user" template_id="50"/> | |||||
<!-- Permission 'user' for Anyone group --> | |||||
<perm_templates_groups id="5" group_id="[null]" permission_reference="user" template_id="50"/> | |||||
</dataset> |
<dataset> | |||||
<permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/> | |||||
<perm_templates_users/> | |||||
<perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/> | |||||
<perm_templates_groups id="3" template_id="1" group_id="2" permission_reference="remaining_permission_same_group"/> | |||||
</dataset> |
<dataset> | |||||
<permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/> | |||||
<perm_templates_users/> | |||||
<perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/> | |||||
<perm_templates_groups id="2" template_id="1" group_id="2" permission_reference="permission_to_remove"/> | |||||
<perm_templates_groups id="3" template_id="1" group_id="2" permission_reference="remaining_permission_same_group"/> | |||||
</dataset> |
<dataset> | |||||
<permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/> | |||||
<perm_templates_users/> | |||||
<perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/> | |||||
<perm_templates_groups id="3" template_id="1" group_id="[null]" | |||||
permission_reference="remaining_permission_same_group"/> | |||||
</dataset> |
<dataset> | |||||
<permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/> | |||||
<perm_templates_users/> | |||||
<perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/> | |||||
<perm_templates_groups id="2" template_id="1" group_id="[null]" permission_reference="permission_to_remove"/> | |||||
<perm_templates_groups id="3" template_id="1" group_id="[null]" | |||||
permission_reference="remaining_permission_same_group"/> | |||||
</dataset> |