return newDocForProject(Uuids.createFast(), project); | return newDocForProject(Uuids.createFast(), project); | ||||
} | } | ||||
/** | |||||
* main branch definition should not be done based on main branch uuid. | |||||
* Use org.sonar.server.issue.IssueDocTesting#newDoc(java.lang.String, java.lang.String, boolean, org.sonar.db.component.ComponentDto) instead. | |||||
*/ | |||||
@Deprecated | |||||
public static IssueDoc newDoc(String key, String projectUuid, ComponentDto componentDto) { | public static IssueDoc newDoc(String key, String projectUuid, ComponentDto componentDto) { | ||||
return newDoc(key, projectUuid, componentDto.branchUuid().equals(projectUuid), componentDto); | |||||
} | |||||
public static IssueDoc newDoc(String key, String projectUuid, boolean isMainBranch, ComponentDto componentDto) { | |||||
return newDoc() | return newDoc() | ||||
.setKey(key) | .setKey(key) | ||||
.setBranchUuid(componentDto.branchUuid()) | .setBranchUuid(componentDto.branchUuid()) | ||||
.setProjectUuid(projectUuid) | .setProjectUuid(projectUuid) | ||||
// File path make no sens on modules and projects | // File path make no sens on modules and projects | ||||
.setFilePath(!componentDto.scope().equals(Scopes.PROJECT) ? componentDto.path() : null) | .setFilePath(!componentDto.scope().equals(Scopes.PROJECT) ? componentDto.path() : null) | ||||
.setIsMainBranch(componentDto.branchUuid().equals(projectUuid)) | |||||
.setIsMainBranch(isMainBranch) | |||||
.setFuncCreationDate(Date.from(LocalDateTime.of(1970, 1, 1, 1, 1).toInstant(ZoneOffset.UTC))); | .setFuncCreationDate(Date.from(LocalDateTime.of(1970, 1, 1, 1, 1).toInstant(ZoneOffset.UTC))); | ||||
} | } | ||||
import org.junit.Test; | import org.junit.Test; | ||||
import org.sonar.api.issue.Issue; | import org.sonar.api.issue.Issue; | ||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.component.ProjectData; | |||||
import org.sonar.db.rule.RuleDto; | import org.sonar.db.rule.RuleDto; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
import org.sonar.db.user.UserDto; | import org.sonar.db.user.UserDto; | ||||
@Test | @Test | ||||
public void authorized_issues_on_groups() { | public void authorized_issues_on_groups() { | ||||
ComponentDto project1 = newPrivateProjectDto(); | |||||
ComponentDto project2 = newPrivateProjectDto(); | |||||
ComponentDto project3 = newPrivateProjectDto(); | |||||
ComponentDto file1 = newFileDto(project1); | |||||
ComponentDto file2 = newFileDto(project2); | |||||
ComponentDto file3 = newFileDto(project3); | |||||
ProjectData project1 = db.components().insertPublicProject(); | |||||
ProjectData project2 = db.components().insertPublicProject(); | |||||
ProjectData project3 = db.components().insertPublicProject(); | |||||
ComponentDto file1 = newFileDto(project1.getMainBranchComponent()); | |||||
ComponentDto file2 = newFileDto(project2.getMainBranchComponent()); | |||||
ComponentDto file3 = newFileDto(project3.getMainBranchComponent()); | |||||
GroupDto group1 = newGroupDto(); | GroupDto group1 = newGroupDto(); | ||||
GroupDto group2 = newGroupDto(); | GroupDto group2 = newGroupDto(); | ||||
// project1 can be seen by group1 | // project1 can be seen by group1 | ||||
indexIssue(newDoc("I1", project1.uuid(), file1)); | |||||
authorizationIndexer.allowOnlyGroup(project1, group1); | |||||
indexIssue(newDoc("I1", project1.projectUuid(), true, file1)); | |||||
authorizationIndexer.allowOnlyGroup(project1.getProjectDto(), group1); | |||||
// project2 can be seen by group2 | // project2 can be seen by group2 | ||||
indexIssue(newDoc("I2", project2.uuid(), file2)); | |||||
authorizationIndexer.allowOnlyGroup(project2, group2); | |||||
indexIssue(newDoc("I2", project2.projectUuid(), true, file2)); | |||||
authorizationIndexer.allowOnlyGroup(project2.getProjectDto(), group2); | |||||
// project3 can be seen by nobody but root | // project3 can be seen by nobody but root | ||||
indexIssue(newDoc("I3", project3.uuid(), file3)); | |||||
indexIssue(newDoc("I3", project3.projectUuid(), true, file3)); | |||||
userSessionRule.logIn().setGroups(group1); | userSessionRule.logIn().setGroups(group1); | ||||
assertThatSearchReturnsOnly(IssueQuery.builder(), "I1"); | assertThatSearchReturnsOnly(IssueQuery.builder(), "I1"); | ||||
assertThatSearchReturnsEmpty(IssueQuery.builder()); | assertThatSearchReturnsEmpty(IssueQuery.builder()); | ||||
userSessionRule.logIn().setGroups(group1, group2); | userSessionRule.logIn().setGroups(group1, group2); | ||||
assertThatSearchReturnsEmpty(IssueQuery.builder().projectUuids(singletonList(project3.uuid()))); | |||||
assertThatSearchReturnsEmpty(IssueQuery.builder().projectUuids(singletonList(project3.projectUuid()))); | |||||
} | } | ||||
@Test | @Test | ||||
public void authorized_issues_on_user() { | public void authorized_issues_on_user() { | ||||
ComponentDto project1 = newPrivateProjectDto(); | |||||
ComponentDto project2 = newPrivateProjectDto(); | |||||
ComponentDto project3 = newPrivateProjectDto(); | |||||
ComponentDto file1 = newFileDto(project1); | |||||
ComponentDto file2 = newFileDto(project2); | |||||
ComponentDto file3 = newFileDto(project3); | |||||
ProjectData project1 = db.components().insertPublicProject(); | |||||
ProjectData project2 = db.components().insertPublicProject(); | |||||
ProjectData project3 = db.components().insertPublicProject(); | |||||
ComponentDto file1 = newFileDto(project1.getMainBranchComponent()); | |||||
ComponentDto file2 = newFileDto(project2.getMainBranchComponent()); | |||||
ComponentDto file3 = newFileDto(project3.getMainBranchComponent()); | |||||
UserDto user1 = newUserDto(); | UserDto user1 = newUserDto(); | ||||
UserDto user2 = newUserDto(); | UserDto user2 = newUserDto(); | ||||
// project1 can be seen by john, project2 by max, project3 cannot be seen by anyone | // project1 can be seen by john, project2 by max, project3 cannot be seen by anyone | ||||
indexIssue(newDoc("I1", project1.uuid(), file1)); | |||||
authorizationIndexer.allowOnlyUser(project1, user1); | |||||
indexIssue(newDoc("I2", project2.uuid(), file2)); | |||||
authorizationIndexer.allowOnlyUser(project2, user2); | |||||
indexIssue(newDoc("I3", project3.uuid(), file3)); | |||||
indexIssue(newDoc("I1", project1.projectUuid(), true, file1)); | |||||
authorizationIndexer.allowOnlyUser(project1.getProjectDto(), user1); | |||||
indexIssue(newDoc("I2", project2.projectUuid(), true, file2)); | |||||
authorizationIndexer.allowOnlyUser(project2.getProjectDto(), user2); | |||||
indexIssue(newDoc("I3", project3.projectUuid(), true, file3)); | |||||
userSessionRule.logIn(user1); | userSessionRule.logIn(user1); | ||||
assertThatSearchReturnsOnly(IssueQuery.builder(), "I1"); | assertThatSearchReturnsOnly(IssueQuery.builder(), "I1"); | ||||
assertThatSearchReturnsEmpty(IssueQuery.builder().projectUuids(singletonList(project3.getKey()))); | |||||
assertThatSearchReturnsEmpty(IssueQuery.builder().projectUuids(singletonList(project3.projectUuid()))); | |||||
userSessionRule.logIn(user2); | userSessionRule.logIn(user2); | ||||
assertThatSearchReturnsOnly(IssueQuery.builder(), "I2"); | assertThatSearchReturnsOnly(IssueQuery.builder(), "I2"); |
*/ | */ | ||||
package org.sonar.server.permission.index; | package org.sonar.server.permission.index; | ||||
import com.google.common.base.Preconditions; | |||||
import java.util.List; | import java.util.List; | ||||
import java.util.stream.Stream; | import java.util.stream.Stream; | ||||
import org.assertj.core.api.Assertions; | |||||
import org.sonar.api.resources.Qualifiers; | |||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.entity.EntityDto; | import org.sonar.db.entity.EntityDto; | ||||
import org.sonar.db.user.GroupDto; | import org.sonar.db.user.GroupDto; | ||||
this.permissionIndexer = new PermissionIndexer(null, esTester.client(), indexers); | this.permissionIndexer = new PermissionIndexer(null, esTester.client(), indexers); | ||||
} | } | ||||
public PermissionIndexerTester allowOnlyAnyone(ComponentDto... projects) { | |||||
return allow(stream(projects).map(project -> new IndexPermissions(project.uuid(), project.qualifier()).allowAnyone()).toList()); | |||||
public PermissionIndexerTester allowOnlyAnyone(ComponentDto... portfolios) { | |||||
stream(portfolios) | |||||
.forEach(p -> Preconditions.checkArgument(p.qualifier().equals(Qualifiers.VIEW), "Permission should be applied on a portfolio")); | |||||
return allow(stream(portfolios).map(project -> new IndexPermissions(project.uuid(), project.qualifier()).allowAnyone()).toList()); | |||||
} | } | ||||
public PermissionIndexerTester allowOnlyAnyone(EntityDto... entities) { | public PermissionIndexerTester allowOnlyAnyone(EntityDto... entities) { | ||||
return allow(stream(entities).map(entity -> new IndexPermissions(entity.getUuid(), entity.getQualifier()).allowAnyone()).toList()); | return allow(stream(entities).map(entity -> new IndexPermissions(entity.getUuid(), entity.getQualifier()).allowAnyone()).toList()); | ||||
} | } | ||||
public PermissionIndexerTester allowOnlyUser(ComponentDto project, UserDto user) { | |||||
IndexPermissions dto = new IndexPermissions(project.uuid(), project.qualifier()) | |||||
.addUserUuid(user.getUuid()); | |||||
return allow(dto); | |||||
} | |||||
public PermissionIndexerTester allowOnlyUser(EntityDto entityDto, UserDto user) { | public PermissionIndexerTester allowOnlyUser(EntityDto entityDto, UserDto user) { | ||||
IndexPermissions dto = new IndexPermissions(entityDto.getUuid(), entityDto.getQualifier()) | IndexPermissions dto = new IndexPermissions(entityDto.getUuid(), entityDto.getQualifier()) | ||||
.addUserUuid(user.getUuid()); | .addUserUuid(user.getUuid()); | ||||
return allow(dto); | return allow(dto); | ||||
} | } | ||||
public PermissionIndexerTester allowOnlyGroup(ComponentDto project, GroupDto group) { | |||||
IndexPermissions dto = new IndexPermissions(project.uuid(), project.qualifier()) | |||||
.addGroupUuid(group.getUuid()); | |||||
return allow(dto); | |||||
} | |||||
public PermissionIndexerTester allowOnlyGroup(EntityDto entityDto, GroupDto group) { | public PermissionIndexerTester allowOnlyGroup(EntityDto entityDto, GroupDto group) { | ||||
IndexPermissions dto = new IndexPermissions(entityDto.getUuid(), entityDto.getQualifier()) | IndexPermissions dto = new IndexPermissions(entityDto.getUuid(), entityDto.getQualifier()) | ||||
.addGroupUuid(group.getUuid()); | .addGroupUuid(group.getUuid()); |
@Test | @Test | ||||
public void return_last_analysis_date() { | public void return_last_analysis_date() { | ||||
userSession.logIn(); | userSession.logIn(); | ||||
ComponentDto project1 = db.components().insertPublicProject().getMainBranchComponent(); | |||||
db.components().insertSnapshot(project1, snapshot -> snapshot.setCreatedAt(10_000_000_000L).setLast(false)); | |||||
db.components().insertSnapshot(project1, snapshot -> snapshot.setCreatedAt(20_000_000_000L).setLast(true)); | |||||
authorizationIndexerTester.allowOnlyAnyone(project1); | |||||
ComponentDto project2 = db.components().insertPublicProject().getMainBranchComponent(); | |||||
db.components().insertSnapshot(project2, snapshot -> snapshot.setCreatedAt(30_000_000_000L).setLast(true)); | |||||
authorizationIndexerTester.allowOnlyAnyone(project2); | |||||
ProjectData projectData1 = db.components().insertPublicProject(); | |||||
ComponentDto mainBranch1 = projectData1.getMainBranchComponent(); | |||||
db.components().insertSnapshot(mainBranch1, snapshot -> snapshot.setCreatedAt(10_000_000_000L).setLast(false)); | |||||
db.components().insertSnapshot(mainBranch1, snapshot -> snapshot.setCreatedAt(20_000_000_000L).setLast(true)); | |||||
authorizationIndexerTester.allowOnlyAnyone(projectData1.getProjectDto()); | |||||
ProjectData projectData2 = db.components().insertPublicProject(); | |||||
ComponentDto mainBranch2 = projectData2.getMainBranchComponent(); | |||||
db.components().insertSnapshot(mainBranch2, snapshot -> snapshot.setCreatedAt(30_000_000_000L).setLast(true)); | |||||
authorizationIndexerTester.allowOnlyAnyone(projectData2.getProjectDto()); | |||||
// No snapshot on project 3 | // No snapshot on project 3 | ||||
ComponentDto project3 = db.components().insertPublicProject().getMainBranchComponent(); | |||||
authorizationIndexerTester.allowOnlyAnyone(project3); | |||||
ProjectData projectData3 = db.components().insertPublicProject(); | |||||
ComponentDto mainBranch3 = projectData3.getMainBranchComponent(); | |||||
authorizationIndexerTester.allowOnlyAnyone(projectData3.getProjectDto()); | |||||
index(); | index(); | ||||
SearchProjectsWsResponse result = call(request.setAdditionalFields(singletonList("analysisDate"))); | SearchProjectsWsResponse result = call(request.setAdditionalFields(singletonList("analysisDate"))); | ||||
assertThat(result.getComponentsList()).extracting(Component::getKey, Component::hasAnalysisDate, Component::getAnalysisDate) | assertThat(result.getComponentsList()).extracting(Component::getKey, Component::hasAnalysisDate, Component::getAnalysisDate) | ||||
.containsOnly( | .containsOnly( | ||||
tuple(project1.getKey(), true, formatDateTime(new Date(20_000_000_000L))), | |||||
tuple(project2.getKey(), true, formatDateTime(new Date(30_000_000_000L))), | |||||
tuple(project3.getKey(), false, "")); | |||||
tuple(mainBranch1.getKey(), true, formatDateTime(new Date(20_000_000_000L))), | |||||
tuple(mainBranch2.getKey(), true, formatDateTime(new Date(30_000_000_000L))), | |||||
tuple(mainBranch3.getKey(), false, "")); | |||||
} | } | ||||
@Test | @Test | ||||
@Test | @Test | ||||
public void return_visibility_flag() { | public void return_visibility_flag() { | ||||
userSession.logIn(); | userSession.logIn(); | ||||
ComponentDto privateProject = db.components().insertPublicProject().getMainBranchComponent(); | |||||
ProjectDto privateProject = db.components().insertPublicProject().getProjectDto(); | |||||
authorizationIndexerTester.allowOnlyAnyone(privateProject); | authorizationIndexerTester.allowOnlyAnyone(privateProject); | ||||
ComponentDto publicProject = db.components().insertPrivateProject().getMainBranchComponent(); | |||||
ProjectDto publicProject = db.components().insertPrivateProject().getProjectDto(); | |||||
authorizationIndexerTester.allowOnlyAnyone(publicProject); | authorizationIndexerTester.allowOnlyAnyone(publicProject); | ||||
index(); | index(); | ||||
@Test | @Test | ||||
public void does_not_return_branches() { | public void does_not_return_branches() { | ||||
ComponentDto project = db.components().insertPublicProject().getMainBranchComponent(); | |||||
ProjectDto project = db.components().insertPublicProject().getProjectDto(); | |||||
authorizationIndexerTester.allowOnlyAnyone(project); | authorizationIndexerTester.allowOnlyAnyone(project); | ||||
ComponentDto branch = db.components().insertProjectBranch(project); | |||||
db.components().insertProjectBranch(project); | |||||
index(); | index(); | ||||
SearchProjectsWsResponse result = call(request); | SearchProjectsWsResponse result = call(request); |
import org.sonar.api.server.ws.WebService; | import org.sonar.api.server.ws.WebService; | ||||
import org.sonar.api.utils.System2; | import org.sonar.api.utils.System2; | ||||
import org.sonar.db.DbTester; | import org.sonar.db.DbTester; | ||||
import org.sonar.db.component.BranchDto; | |||||
import org.sonar.db.component.ComponentDto; | import org.sonar.db.component.ComponentDto; | ||||
import org.sonar.db.component.ComponentTesting; | import org.sonar.db.component.ComponentTesting; | ||||
import org.sonar.db.component.ProjectData; | import org.sonar.db.component.ProjectData; | ||||
@Test | @Test | ||||
public void does_not_return_branches() { | public void does_not_return_branches() { | ||||
ComponentDto project = db.components().insertPublicProject().getMainBranchComponent(); | |||||
authorizationIndexerTester.allowOnlyAnyone(project); | |||||
ComponentDto branch = db.components().insertProjectBranch(project); | |||||
ProjectDto projectDto = db.components().insertPublicProject().getProjectDto(); | |||||
authorizationIndexerTester.allowOnlyAnyone(projectDto); | |||||
db.components().insertProjectBranch(projectDto); | |||||
entityDefinitionIndexer.indexAll(); | entityDefinitionIndexer.indexAll(); | ||||
authorizationIndexerTester.allowOnlyAnyone(project); | |||||
SuggestionsWsResponse response = ws.newRequest() | SuggestionsWsResponse response = ws.newRequest() | ||||
.setMethod("POST") | .setMethod("POST") | ||||
.setParam(PARAM_QUERY, project.name()) | |||||
.setParam(PARAM_QUERY, projectDto.getName()) | |||||
.executeProtobuf(SuggestionsWsResponse.class); | .executeProtobuf(SuggestionsWsResponse.class); | ||||
assertThat(response.getResultsList()) | assertThat(response.getResultsList()) |
ComponentDto subView = db.components().insertComponent(ComponentTesting.newSubPortfolio(view, "SV1", "MySubView")); | ComponentDto subView = db.components().insertComponent(ComponentTesting.newSubPortfolio(view, "SV1", "MySubView")); | ||||
db.components().insertComponent(newProjectCopy(project, subView)); | db.components().insertComponent(newProjectCopy(project, subView)); | ||||
allowAnyoneOnProjects(projectData.getProjectDto()); | allowAnyoneOnProjects(projectData.getProjectDto()); | ||||
allowAnyoneOnPortfolios(view, subView); | |||||
allowAnyoneOnPortfolios(view); | |||||
indexIssuesAndViews(); | indexIssuesAndViews(); | ||||
ws.newRequest() | ws.newRequest() |