mirrors
/
sonarqube
镜像自地址 https://github.com/SonarSource/sonarqube.git
关注 1
点赞 0
派生 0
代码 工单 0 版本发布 237 百科 动态
浏览代码

Support OrganizationPermission in UserDbTester

tags/6.4-RC1
Simon Brandhof 7 年前
父节点
b15e5e7a05
当前提交
c37884c9e5
共有 17 个文件被更改,包括 220 次插入170 次删除
分列视图 显示文件统计
  1. 7
    5
      server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java
  2. 22
    19
      server/sonar-db-dao/src/test/java/org/sonar/db/permission/GroupPermissionDaoTest.java
  3. 5
    5
      server/sonar-db-dao/src/test/java/org/sonar/db/user/RoleDaoTest.java
  4. 2
    1
      server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDaoTest.java
  5. 36
    10
      server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java
  6. 9
    7
      server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchMyOrganizationsActionTest.java
  7. 17
    14
      server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java
  8. 19
    18
      server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java
  9. 6
    5
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
  10. 12
    11
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java
  11. 18
    16
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java
  12. 7
    5
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java
  13. 16
    14
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java
  14. 2
    2
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java
  15. 11
    10
      server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java
  16. 27
    25
      server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
  17. 4
    3
      server/sonar-server/src/test/java/org/sonar/server/user/ws/DeactivateActionTest.java

+ 7
- 5
server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java 查看文件

@@ -39,6 +39,8 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.OrganizationPermission.SCAN;

public class AuthorizationDaoTest {

@@ -432,7 +434,7 @@ public class AuthorizationDaoTest {
@Test
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_exist() {
// another user
db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);

Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, MISSING_ID, SYSTEM_ADMIN);

@@ -441,7 +443,7 @@ public class AuthorizationDaoTest {

@Test
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_have_permission_at_all() {
db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);
// user is not part of this group
db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION);

@@ -486,10 +488,10 @@ public class AuthorizationDaoTest {

@Test
public void selectOrganizationUuidsOfUserWithGlobalPermission_ignores_anonymous_permissions() {
db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION);
db.users().insertPermissionOnUser(org, user, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnAnyone(org, SCAN);
db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_GATES);

Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN_EXECUTION);
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey());

assertThat(orgUuids).isEmpty();
}

+ 22
- 19
server/sonar-db-dao/src/test/java/org/sonar/db/permission/GroupPermissionDaoTest.java 查看文件

@@ -46,6 +46,9 @@ import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.OrganizationPermission.SCAN;

public class GroupPermissionDaoTest {

@@ -98,7 +101,7 @@ public class GroupPermissionDaoTest {
GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2");
GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3");
GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1");
db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION);
db.users().insertPermissionOnAnyone(organizationDto, SCAN);

assertThat(underTest.selectGroupNamesByQuery(dbSession, organizationDto.getUuid(), PermissionQuery.builder().build()))
.containsExactly(ANYONE, group1.getName(), group2.getName(), group3.getName());
@@ -110,13 +113,13 @@ public class GroupPermissionDaoTest {
GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1");
db.users().insertGroup(organizationDto, "Group-2");
db.users().insertGroup(organizationDto, "Group-3");
db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION);
db.users().insertPermissionOnGroup(group1, PROVISIONING);
db.users().insertPermissionOnAnyone(organizationDto, SCAN);
db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);

assertThat(underTest.countGroupsByQuery(dbSession,
defaultOrganizationUuid, PermissionQuery.builder().build())).isEqualTo(4);
assertThat(underTest.countGroupsByQuery(dbSession,
defaultOrganizationUuid, PermissionQuery.builder().setPermission(PROVISIONING).build())).isEqualTo(1);
defaultOrganizationUuid, PermissionQuery.builder().setPermission(PROVISION_PROJECTS.getKey()).build())).isEqualTo(1);
assertThat(underTest.countGroupsByQuery(dbSession,
defaultOrganizationUuid, PermissionQuery.builder().withAtLeastOnePermission().build())).isEqualTo(2);
assertThat(underTest.countGroupsByQuery(dbSession,
@@ -134,20 +137,20 @@ public class GroupPermissionDaoTest {

ComponentDto project = db.components().insertComponent(newProjectDto(organizationDto));

db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION);
db.users().insertPermissionOnAnyone(organizationDto, PROVISIONING);
db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION);
db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN);
db.users().insertPermissionOnAnyone(organizationDto, SCAN);
db.users().insertPermissionOnAnyone(organizationDto, PROVISION_PROJECTS);
db.users().insertPermissionOnGroup(group1, SCAN);
db.users().insertPermissionOnGroup(group3, ADMINISTER);
db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project);

assertThat(underTest.selectGroupNamesByQuery(dbSession,
organizationDto.getUuid(), PermissionQuery.builder().setPermission(SCAN_EXECUTION).build())).containsExactly(ANYONE, group1.getName());
organizationDto.getUuid(), PermissionQuery.builder().setPermission(SCAN.getKey()).build())).containsExactly(ANYONE, group1.getName());

assertThat(underTest.selectGroupNamesByQuery(dbSession,
organizationDto.getUuid(), PermissionQuery.builder().setPermission(SYSTEM_ADMIN).build())).containsExactly(group3.getName());
organizationDto.getUuid(), PermissionQuery.builder().setPermission(ADMINISTER.getKey()).build())).containsExactly(group3.getName());

assertThat(underTest.selectGroupNamesByQuery(dbSession,
organizationDto.getUuid(), PermissionQuery.builder().setPermission(PROVISIONING).build())).containsExactly(ANYONE);
organizationDto.getUuid(), PermissionQuery.builder().setPermission(PROVISION_PROJECTS.getKey()).build())).containsExactly(ANYONE);
}

@Test
@@ -166,7 +169,7 @@ public class GroupPermissionDaoTest {
db.users().insertProjectPermissionOnGroup(group1, SYSTEM_ADMIN, anotherProject);
db.users().insertProjectPermissionOnAnyone(SYSTEM_ADMIN, anotherProject);
db.users().insertProjectPermissionOnGroup(group3, SCAN_EXECUTION, anotherProject);
db.users().insertPermissionOnGroup(group2, SCAN_EXECUTION);
db.users().insertPermissionOnGroup(group2, SCAN);

PermissionQuery.Builder builderOnComponent = PermissionQuery.builder().setComponentUuid(project.uuid());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
@@ -190,7 +193,7 @@ public class GroupPermissionDaoTest {
public void selectGroupNamesByQuery_with_search_query() {
GroupDto group = db.users().insertGroup(db.getDefaultOrganization(), "group-anyone");
db.users().insertGroup(db.getDefaultOrganization(), "unknown");
db.users().insertPermissionOnGroup(group, SCAN_EXECUTION);
db.users().insertPermissionOnGroup(group, SCAN);

assertThat(underTest.selectGroupNamesByQuery(dbSession,
defaultOrganizationUuid, PermissionQuery.builder().setSearchQuery("any").build())).containsOnlyOnce(ANYONE, group.getName());
@@ -211,18 +214,18 @@ public class GroupPermissionDaoTest {
OrganizationDto organizationDto = db.organizations().insert();

GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1");
db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION);
db.users().insertPermissionOnGroup(group1, SCAN);

GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2");
ComponentDto project = db.components().insertComponent(newProjectDto(organizationDto));
db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project);

GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3");
db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(group3, ADMINISTER);

// Anyone
db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION);
db.users().insertPermissionOnAnyone(organizationDto, PROVISIONING);
db.users().insertPermissionOnAnyone(organizationDto, SCAN);
db.users().insertPermissionOnAnyone(organizationDto, PROVISION_PROJECTS);

assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(group1.getId()), null))
.extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId)
@@ -249,7 +252,7 @@ public class GroupPermissionDaoTest {
public void selectByGroupIds_on_projects() {
OrganizationDto org = db.organizations().insert();
GroupDto group1 = db.users().insertGroup(org, "Group-1");
db.users().insertPermissionOnGroup(group1, PROVISIONING);
db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);

GroupDto group2 = db.users().insertGroup(org, "Group-2");
ComponentDto project = db.components().insertComponent(newProjectDto(org));
@@ -259,7 +262,7 @@ public class GroupPermissionDaoTest {
db.users().insertProjectPermissionOnGroup(group3, USER, project);

// Anyone group
db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION);
db.users().insertPermissionOnAnyone(org, SCAN);
db.users().insertProjectPermissionOnAnyone(PROVISIONING, project);

assertThat(underTest.selectByGroupIds(dbSession, defaultOrganizationUuid, singletonList(group1.getId()), project.getId())).isEmpty();

+ 5
- 5
server/sonar-db-dao/src/test/java/org/sonar/db/user/RoleDaoTest.java 查看文件

@@ -25,12 +25,12 @@ import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;

import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;

public class RoleDaoTest {

@@ -58,7 +58,7 @@ public class RoleDaoTest {
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project1);
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2);
// global permission - not returned
db.users().insertPermissionOnUser(user1, UserRole.ADMIN);
db.users().insertPermissionOnUser(user1, ADMINISTER);
// project permission on another user id - not returned
db.users().insertProjectPermissionOnUser(user2, UserRole.ADMIN, project1);
// project permission on another permission - not returned
@@ -77,10 +77,10 @@ public class RoleDaoTest {
db.users().insertMember(group1, user1);
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2);
// global permission - not returned
db.users().insertPermissionOnUser(user1, GlobalPermissions.SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(group1, GlobalPermissions.SYSTEM_ADMIN);
db.users().insertPermissionOnUser(user1, ADMINISTER);
db.users().insertPermissionOnGroup(group1, ADMINISTER);
// project permission on another user id - not returned
db.users().insertPermissionOnGroup(group2, GlobalPermissions.SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(group2, ADMINISTER);
db.users().insertMember(group2, user2);
// project permission on another permission - not returned
db.users().insertProjectPermissionOnGroup(group1, UserRole.ISSUE_ADMIN, project1);

+ 2
- 1
server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDaoTest.java 查看文件

@@ -42,6 +42,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.fail;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.user.GroupMembershipQuery.IN;
import static org.sonar.db.user.GroupMembershipQuery.builder;
import static org.sonar.db.user.GroupTesting.newGroupDto;
@@ -390,7 +391,7 @@ public class UserDaoTest {
public void deactivate_user() throws Exception {
UserDto user = newActiveUser();
PropertyDto property = insertProperty(user);
db.users().insertPermissionOnUser(user, "perm");
db.users().insertPermissionOnUser(user, ADMINISTER);
insertUserGroup(user);

UserDto otherUser = newActiveUser();

+ 36
- 10
server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java 查看文件

@@ -25,15 +25,17 @@ import java.util.Optional;
import java.util.function.Consumer;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.util.stream.Collectors;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.permission.UserPermissionDto;

import static com.google.common.base.Preconditions.checkArgument;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.user.GroupTesting.newGroupDto;
import static org.sonar.db.user.UserTesting.newUserDto;

@@ -83,7 +85,7 @@ public class UserDbTester {

public UserDto insertAdminByUserPermission(OrganizationDto org) {
UserDto user = insertUser();
insertPermissionOnUser(org, user, GlobalPermissions.SYSTEM_ADMIN);
insertPermissionOnUser(org, user, ADMINISTER);
return user;
}

@@ -166,6 +168,10 @@ public class UserDbTester {
return dto;
}

public GroupPermissionDto insertPermissionOnAnyone(OrganizationDto org, OrganizationPermission permission) {
return insertPermissionOnAnyone(org, permission.getKey());
}

public GroupPermissionDto insertPermissionOnGroup(GroupDto group, String permission) {
GroupPermissionDto dto = new GroupPermissionDto()
.setOrganizationUuid(group.getOrganizationUuid())
@@ -176,6 +182,10 @@ public class UserDbTester {
return dto;
}

public GroupPermissionDto insertPermissionOnGroup(GroupDto group, OrganizationPermission permission) {
return insertPermissionOnGroup(group, permission.getKey());
}

public void deletePermissionFromGroup(GroupDto group, String permission) {
db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, group.getOrganizationUuid(), group.getId(), null);
db.commit();
@@ -219,22 +229,23 @@ public class UserDbTester {
org.getUuid(), null);
}
checkArgument(org.getUuid().equals(project.getOrganizationUuid()), "Different organizations");
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(),
org.getUuid(), null, project.getId());
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), org.getUuid(), null, project.getId());
}

// USER PERMISSIONS

/**
* Grant global permission on default organization
* Grant permission on default organization
*/
public UserPermissionDto insertPermissionOnUser(UserDto user, String permission) {
public UserPermissionDto insertPermissionOnUser(UserDto user, OrganizationPermission permission) {
return insertPermissionOnUser(db.getDefaultOrganization(), user, permission);
}

/**
* Grant global permission
* @deprecated use {@link #insertPermissionOnUser(OrganizationDto, UserDto, OrganizationPermission)}
*/
@Deprecated
public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, String permission) {
UserPermissionDto dto = new UserPermissionDto(org.getUuid(), permission, user.getId(), null);
db.getDbClient().userPermissionDao().insert(db.getSession(), dto);
@@ -242,8 +253,15 @@ public class UserDbTester {
return dto;
}

public void deletePermissionFromUser(OrganizationDto org, UserDto user, String permission) {
db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getId(), permission, org.getUuid());
/**
* Grant organization permission to user
*/
public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, OrganizationPermission permission) {
return insertPermissionOnUser(org, user, permission.getKey());
}

public void deletePermissionFromUser(OrganizationDto org, UserDto user, OrganizationPermission permission) {
db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getId(), permission.getKey(), org.getUuid());
db.commit();
}

@@ -262,11 +280,19 @@ public class UserDbTester {
return dto;
}

public List<String> selectGlobalPermissionsOfUser(UserDto user, OrganizationDto organization) {
return db.getDbClient().userPermissionDao().selectGlobalPermissionsOfUser(db.getSession(), user.getId(), organization.getUuid());
public List<OrganizationPermission> selectPermissionsOfUser(UserDto user, OrganizationDto organization) {
return toListOfOrganizationPermissions(db.getDbClient().userPermissionDao()
.selectGlobalPermissionsOfUser(db.getSession(), user.getId(), organization.getUuid()));
}

public List<String> selectProjectPermissionsOfUser(UserDto user, ComponentDto project) {
return db.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(db.getSession(), user.getId(), project.getId());
}

private static List<OrganizationPermission> toListOfOrganizationPermissions(List<String> keys) {
return keys
.stream()
.map(OrganizationPermission::fromKey)
.collect(Collectors.toList());
}
}

+ 9
- 7
server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchMyOrganizationsActionTest.java 查看文件

@@ -19,14 +19,15 @@
*/
package org.sonar.server.organization.ws;

import java.util.Arrays;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.System2;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.tester.UserSessionRule;
@@ -35,6 +36,7 @@ import org.sonar.server.ws.WsActionTester;

import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.test.JsonAssert.assertJson;

public class SearchMyOrganizationsActionTest {
@@ -125,16 +127,16 @@ public class SearchMyOrganizationsActionTest {
public void returns_organizations_of_authenticated_user_when_user_has_ADMIN_group_permission_on_some_organization() {
UserDto user = dbTester.users().insertUser();
GroupDto defaultGroup = dbTester.users().insertGroup(dbTester.getDefaultOrganization());
dbTester.users().insertPermissionOnGroup(defaultGroup, SYSTEM_ADMIN);
dbTester.users().insertPermissionOnGroup(defaultGroup, ADMINISTER);
dbTester.users().insertMember(defaultGroup, user);
OrganizationDto organization1 = dbTester.organizations().insert();
GroupDto group1 = dbTester.users().insertGroup(organization1);
dbTester.users().insertPermissionOnGroup(group1, SYSTEM_ADMIN);
dbTester.users().insertPermissionOnGroup(group1, ADMINISTER);
dbTester.users().insertMember(group1, user);
UserDto otherUser = dbTester.users().insertUser();
OrganizationDto organization2 = dbTester.organizations().insert();
GroupDto group2 = dbTester.users().insertGroup(organization2);
dbTester.users().insertPermissionOnGroup(group2, SYSTEM_ADMIN);
dbTester.users().insertPermissionOnGroup(group2, ADMINISTER);
dbTester.users().insertMember(group2, otherUser);

userSessionRule.logIn(user);
@@ -159,8 +161,8 @@ public class SearchMyOrganizationsActionTest {
OrganizationDto organization2 = dbTester.organizations().insert();
GroupDto group = dbTester.users().insertGroup(organization2);
dbTester.users().insertMember(group, user);
GlobalPermissions.ALL.stream()
.filter(s -> !s.equals(SYSTEM_ADMIN))
Arrays.stream(OrganizationPermission.values())
.filter(s -> s != ADMINISTER)
.forEach(s -> {
dbTester.users().insertPermissionOnUser(organization1, user, s);
dbTester.users().insertPermissionOnGroup(group, s);
@@ -175,7 +177,7 @@ public class SearchMyOrganizationsActionTest {
UserDto user = dbTester.users().insertUser();
OrganizationDto organization = dbTester.organizations().insert();
GroupDto group1 = dbTester.users().insertGroup(organization);
dbTester.users().insertPermissionOnGroup(group1, SYSTEM_ADMIN);
dbTester.users().insertPermissionOnGroup(group1, ADMINISTER);
dbTester.users().insertPermissionOnUser(organization, user, SYSTEM_ADMIN);

userSessionRule.logIn(user);

+ 17
- 14
server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java 查看文件

@@ -35,6 +35,9 @@ import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.usergroups.ws.GroupIdOrAnyone;

import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;

public class GroupPermissionChangerTest {

@@ -98,11 +101,11 @@ public class GroupPermissionChangerTest {
@Test
public void do_nothing_when_adding_permission_that_already_exists() {
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group);
db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN);
db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES);

apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId));
apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupId));

assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey());
}

@Test
@@ -128,24 +131,24 @@ public class GroupPermissionChangerTest {
@Test
public void remove_permission_from_group() {
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group);
db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN);
db.users().insertPermissionOnGroup(group, GlobalPermissions.PROVISIONING);
db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES);
db.users().insertPermissionOnGroup(group, PROVISION_PROJECTS);

apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId));
apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupId));

assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.PROVISIONING);
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(PROVISION_PROJECTS.getKey());
}

@Test
public void remove_project_permission_from_group() {
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group);
db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN);
db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES);
db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, project);

apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(project), groupId));

assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey());
assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(UserRole.CODEVIEWER);
}

@@ -162,22 +165,22 @@ public class GroupPermissionChangerTest {
@Test
public void fail_to_remove_admin_permission_if_no_more_admins() {
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group);
db.users().insertPermissionOnGroup(group, GlobalPermissions.SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(group, ADMINISTER);

expectedException.expect(BadRequestException.class);
expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed.");

underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.SYSTEM_ADMIN, null, groupId));
underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId));
}

@Test
public void remove_admin_group_if_still_other_admins() {
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group);
db.users().insertPermissionOnGroup(group, GlobalPermissions.SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(group, ADMINISTER);
UserDto admin = db.users().insertUser();
db.users().insertPermissionOnUser(org, admin, GlobalPermissions.SYSTEM_ADMIN);
db.users().insertPermissionOnUser(org, admin, ADMINISTER);

apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.SYSTEM_ADMIN, null, groupId));
apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId));

assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
}

+ 19
- 18
server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java 查看文件

@@ -30,8 +30,6 @@ import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.organization.TestDefaultOrganizationProvider;

import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
@@ -39,6 +37,9 @@ import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.OrganizationPermission.SCAN;
import static org.sonar.server.permission.PermissionChange.Operation.ADD;
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;

@@ -71,10 +72,10 @@ public class UserPermissionChangerTest {
UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), SCAN_EXECUTION, null, UserId.from(user1));
apply(change);

assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).containsOnly(SCAN_EXECUTION);
assertThat(db.users().selectGlobalPermissionsOfUser(user1, org2)).isEmpty();
assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN);
assertThat(db.users().selectPermissionsOfUser(user1, org2)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).isEmpty();
assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).isEmpty();
assertThat(db.users().selectPermissionsOfUser(user2, org1)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user2, project)).isEmpty();
}

@@ -83,20 +84,20 @@ public class UserPermissionChangerTest {
UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), ISSUE_ADMIN, new ProjectId(project), UserId.from(user1));
apply(change);

assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty();
assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).contains(ISSUE_ADMIN);
assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).isEmpty();
assertThat(db.users().selectPermissionsOfUser(user2, org1)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user2, project)).isEmpty();
}

@Test
public void do_nothing_when_adding_global_permission_that_already_exists() {
db.users().insertPermissionOnUser(org1, user1, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnUser(org1, user1, ADMINISTER_QUALITY_GATES);

UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
apply(change);

assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).hasSize(1).containsOnly(QUALITY_GATE_ADMIN);
assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(ADMINISTER_QUALITY_GATES);
}

@Test
@@ -128,16 +129,16 @@ public class UserPermissionChangerTest {
UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
apply(change);

assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).containsOnly(SCAN_EXECUTION);
assertThat(db.users().selectGlobalPermissionsOfUser(user1, org2)).containsOnly(QUALITY_GATE_ADMIN);
assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).containsOnly(QUALITY_GATE_ADMIN);
assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN);
assertThat(db.users().selectPermissionsOfUser(user1, org2)).containsOnly(ADMINISTER_QUALITY_GATES);
assertThat(db.users().selectPermissionsOfUser(user2, org1)).containsOnly(ADMINISTER_QUALITY_GATES);
assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).containsOnly(ISSUE_ADMIN);
}

@Test
public void remove_project_permission_from_user() {
ComponentDto project2 = db.components().insertProject(org1);
db.users().insertPermissionOnUser(user1, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);
db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnUser(user1, USER, project);
db.users().insertProjectPermissionOnUser(user2, ISSUE_ADMIN, project);
@@ -156,7 +157,7 @@ public class UserPermissionChangerTest {
UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1));
apply(change);

assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty();
assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty();
}

@Test
@@ -180,15 +181,15 @@ public class UserPermissionChangerTest {

@Test
public void remove_admin_user_if_still_other_admins() {
db.users().insertPermissionOnUser(org1, user1, SYSTEM_ADMIN);
db.users().insertPermissionOnUser(org1, user1, ADMINISTER);
GroupDto admins = db.users().insertGroup(org1, "admins");
db.users().insertMember(admins, user2);
db.users().insertPermissionOnGroup(admins, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(admins, ADMINISTER);

UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), SYSTEM_ADMIN, null, UserId.from(user1));
UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1));
underTest.apply(db.getSession(), change);

assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty();
assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty();
}

private void apply(UserPermissionChange change) {

+ 6
- 5
server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java 查看文件

@@ -38,6 +38,7 @@ import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.component.ComponentTesting.newView;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
@@ -66,7 +67,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.execute();

assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(ADMINISTER);
}

@Test
@@ -79,7 +80,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.execute();

assertThat(db.users().selectGlobalPermissionsOfUser(user, organization)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectPermissionsOfUser(user, organization)).containsOnly(ADMINISTER);
}

@Test
@@ -94,7 +95,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.execute();

assertThat(db.users().selectGlobalPermissionsOfUser(user, organization)).isEmpty();
assertThat(db.users().selectPermissionsOfUser(user, organization)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN);
}

@@ -109,7 +110,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.execute();

assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty();
assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN);
}

@@ -124,7 +125,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.execute();

assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty();
assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(SYSTEM_ADMIN);
}


+ 12
- 11
server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java 查看文件

@@ -36,9 +36,10 @@ import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.component.ComponentTesting.newView;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.SCAN;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
@@ -64,10 +65,10 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
group1 = db.users().insertGroup(defOrg, "group-1-name");
group2 = db.users().insertGroup(defOrg, "group-2-name");
group3 = db.users().insertGroup(defOrg, "group-3-name");
db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION);
db.users().insertPermissionOnGroup(group2, SCAN_EXECUTION);
db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN);
db.users().insertPermissionOnAnyone(defOrg, SCAN_EXECUTION);
db.users().insertPermissionOnGroup(group1, SCAN);
db.users().insertPermissionOnGroup(group2, SCAN);
db.users().insertPermissionOnGroup(group3, ADMINISTER);
db.users().insertPermissionOnAnyone(defOrg, SCAN);
db.commit();
}

@@ -76,7 +77,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
loginAsAdmin(db.getDefaultOrganization());

String json = newRequest()
.setParam(PARAM_PERMISSION, SCAN_EXECUTION)
.setParam(PARAM_PERMISSION, SCAN.getKey())
.execute()
.getInput();
assertJson(json).isSimilarTo("{\n" +
@@ -114,7 +115,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
public void search_with_selection() throws Exception {
loginAsAdmin(db.getDefaultOrganization());
String result = newRequest()
.setParam(PARAM_PERMISSION, SCAN_EXECUTION)
.setParam(PARAM_PERMISSION, SCAN.getKey())
.execute()
.getInput();

@@ -125,7 +126,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
public void search_groups_with_pagination() throws Exception {
loginAsAdmin(db.getDefaultOrganization());
String result = newRequest()
.setParam(PARAM_PERMISSION, SCAN_EXECUTION)
.setParam(PARAM_PERMISSION, SCAN.getKey())
.setParam(PAGE_SIZE, "1")
.setParam(PAGE, "3")
.execute()
@@ -140,7 +141,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
public void search_groups_with_query() throws Exception {
loginAsAdmin(db.getDefaultOrganization());
String result = newRequest()
.setParam(PARAM_PERMISSION, SCAN_EXECUTION)
.setParam(PARAM_PERMISSION, SCAN.getKey())
.setParam(TEXT_QUERY, "group-")
.execute()
.getInput();
@@ -259,7 +260,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
userSession.anonymous();

newRequest()
.setParam(PARAM_PERMISSION, "scan")
.setParam(PARAM_PERMISSION, SCAN.getKey())
.execute();
}

@@ -269,7 +270,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {

userSession.logIn("login");
newRequest()
.setParam(PARAM_PERMISSION, "scan")
.setParam(PARAM_PERMISSION, SCAN.getKey())
.execute();
}


+ 18
- 16
server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java 查看文件

@@ -37,6 +37,8 @@ import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
@@ -60,8 +62,8 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio

@Test
public void remove_permission_using_group_name() throws Exception {
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(aGroup, PROVISIONING);
db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS);
loginAsAdmin(db.getDefaultOrganization());

newRequest()
@@ -69,27 +71,27 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
.setParam(PARAM_PERMISSION, PROVISIONING)
.execute();

assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
}

@Test
public void remove_permission_using_group_id() throws Exception {
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(aGroup, PROVISIONING);
db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS);
loginAsAdmin(db.getDefaultOrganization());

newRequest()
.setParam(PARAM_GROUP_ID, aGroup.getId().toString())
.setParam(PARAM_PERMISSION, PROVISIONING)
.setParam(PARAM_PERMISSION, PROVISION_PROJECTS.getKey())
.execute();

assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
}

@Test
public void remove_project_permission() throws Exception {
ComponentDto project = db.components().insertProject();
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, project);
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project);
loginAsAdmin(db.getDefaultOrganization());
@@ -100,14 +102,14 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
.setParam(PARAM_PERMISSION, ADMIN)
.execute();

assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(ISSUE_ADMIN);
}

@Test
public void remove_with_view_uuid() throws Exception {
ComponentDto view = db.components().insertView();
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, view);
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, view);
loginAsAdmin(db.getDefaultOrganization());
@@ -118,14 +120,14 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
.setParam(PARAM_PERMISSION, ADMIN)
.execute();

assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, view)).containsOnly(ISSUE_ADMIN);
}

@Test
public void remove_with_project_key() throws Exception {
ComponentDto project = db.components().insertProject();
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, project);
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project);
loginAsAdmin(db.getDefaultOrganization());
@@ -136,14 +138,14 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
.setParam(PARAM_PERMISSION, ADMIN)
.execute();

assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(ISSUE_ADMIN);
}

@Test
public void fail_to_remove_last_admin_permission() throws Exception {
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(aGroup, PROVISIONING);
db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS);
loginAsAdmin(db.getDefaultOrganization());

expectedException.expect(BadRequestException.class);
@@ -162,7 +164,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, "unknown-project-uuid")
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, ADMINISTER.getKey())
.execute();
}


+ 7
- 5
server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java 查看文件

@@ -39,6 +39,9 @@ import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.component.ComponentTesting.newView;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
@@ -64,8 +67,8 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>

@Test
public void remove_permission_from_user() throws Exception {
db.users().insertPermissionOnUser(user, PROVISIONING);
db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnUser(user, PROVISION_PROJECTS);
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);
loginAsAdmin(db.getDefaultOrganization());

newRequest()
@@ -73,13 +76,12 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
.setParam(PARAM_PERMISSION, QUALITY_GATE_ADMIN)
.execute();

assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(PROVISIONING);
assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(PROVISION_PROJECTS);
}

@Test
public void fail_to_remove_admin_permission_if_last_admin() throws Exception {
db.users().insertPermissionOnUser(user, CODEVIEWER);
db.users().insertPermissionOnUser(user, ADMIN);
db.users().insertPermissionOnUser(user, ADMINISTER);
loginAsAdmin(db.getDefaultOrganization());

expectedException.expect(BadRequestException.class);

+ 16
- 14
server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java 查看文件

@@ -36,10 +36,12 @@ import org.sonarqube.ws.WsPermissions;

import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.OrganizationPermission.SCAN;
import static org.sonar.test.JsonAssert.assertJson;

public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest<SearchGlobalPermissionsAction> {
@@ -62,20 +64,20 @@ public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest<Sear
loginAsAdmin(org);
GroupDto adminGroup = db.users().insertGroup(newGroup(org, "sonar-admins", "Administrators"));
GroupDto userGroup = db.users().insertGroup(newGroup(org, "sonar-users", "Users"));
db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION);
db.users().insertPermissionOnGroup(userGroup, SCAN_EXECUTION);
db.users().insertPermissionOnAnyone(org, SCAN);
db.users().insertPermissionOnGroup(userGroup, SCAN);
db.users().insertPermissionOnGroup(userGroup, PROVISIONING);
db.users().insertPermissionOnGroup(adminGroup, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(adminGroup, ADMINISTER);
UserDto user = db.users().insertUser(newUserDto("user", "user-name"));
UserDto adminUser = db.users().insertUser(newUserDto("admin", "admin-name"));
db.users().insertPermissionOnUser(org, user, PROVISIONING);
db.users().insertPermissionOnUser(org, user, QUALITY_PROFILE_ADMIN);
db.users().insertPermissionOnUser(org, adminUser, QUALITY_PROFILE_ADMIN);
db.users().insertPermissionOnUser(org, user, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnUser(org, adminUser, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnUser(org, user, PROVISION_PROJECTS);
db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_PROFILES);
db.users().insertPermissionOnUser(org, adminUser, ADMINISTER_QUALITY_PROFILES);
db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_GATES);
db.users().insertPermissionOnUser(org, adminUser, ADMINISTER_QUALITY_GATES);

// to be excluded, permission on another organization (the default one)
db.users().insertPermissionOnUser(db.getDefaultOrganization(), adminUser, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnUser(db.getDefaultOrganization(), adminUser, ADMINISTER_QUALITY_GATES);

String result = newRequest()
.setParam("organization", org.getKey())
@@ -91,10 +93,10 @@ public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest<Sear
loginAsAdmin(org, db.getDefaultOrganization());

UserDto user = db.users().insertUser();
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SCAN_EXECUTION);
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SCAN);

// to be ignored, by default organization is used when searching for permissions
db.users().insertPermissionOnUser(org, user, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_GATES);

WsPermissions.WsSearchGlobalPermissionsResponse result = WsPermissions.WsSearchGlobalPermissionsResponse.parseFrom(
newRequest()

+ 2
- 2
server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java 查看文件

@@ -24,7 +24,6 @@ import org.junit.Before;
import org.junit.Test;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ResourceTypesRule;
@@ -45,6 +44,7 @@ import static org.sonar.db.component.ComponentTesting.newDeveloper;
import static org.sonar.db.component.ComponentTesting.newProjectCopy;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.component.ComponentTesting.newView;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_QUALIFIER;
@@ -89,7 +89,7 @@ public class SearchProjectPermissionsActionTest extends BasePermissionWsTest<Sea
db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, dev);
db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, view);
// global permission
db.users().insertPermissionOnUser(user1, GlobalPermissions.SYSTEM_ADMIN);
db.users().insertPermissionOnUser(user1, ADMINISTER);

GroupDto group1 = db.users().insertGroup();
GroupDto group2 = db.users().insertGroup();

+ 11
- 10
server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java 查看文件

@@ -32,11 +32,12 @@ import org.sonar.server.exceptions.UnauthorizedException;
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newProjectDto;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;
import static org.sonar.db.permission.OrganizationPermission.SCAN;
import static org.sonar.db.user.UserTesting.newUserDto;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
@@ -54,10 +55,10 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
public void search_for_users_with_response_example() throws Exception {
UserDto user1 = db.users().insertUser(newUserDto().setLogin("admin").setName("Administrator").setEmail("admin@admin.com"));
UserDto user2 = db.users().insertUser(newUserDto().setLogin("george.orwell").setName("George Orwell").setEmail("george.orwell@1984.net"));
db.users().insertPermissionOnUser(user1, SYSTEM_ADMIN);
db.users().insertPermissionOnUser(user1, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnUser(user1, QUALITY_PROFILE_ADMIN);
db.users().insertPermissionOnUser(user2, SCAN_EXECUTION);
db.users().insertPermissionOnUser(user1, ADMINISTER);
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES);
db.users().insertPermissionOnUser(user2, SCAN);

loginAsAdmin(db.getDefaultOrganization());
String result = newRequest().execute().getInput();
@@ -269,9 +270,9 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
UserDto user1 = db.users().insertUser(newUserDto("login-1", "name-1", "email-1"));
UserDto user2 = db.users().insertUser(newUserDto("login-2", "name-2", "email-2"));
UserDto user3 = db.users().insertUser(newUserDto("login-3", "name-3", "email-3"));
db.users().insertPermissionOnUser(user1, SCAN_EXECUTION);
db.users().insertPermissionOnUser(user2, SCAN_EXECUTION);
db.users().insertPermissionOnUser(user3, SYSTEM_ADMIN);
db.users().insertPermissionOnUser(user1, SCAN);
db.users().insertPermissionOnUser(user2, SCAN);
db.users().insertPermissionOnUser(user3, ADMINISTER);
}

}

+ 27
- 25
server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java 查看文件

@@ -31,17 +31,19 @@ import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.organization.TestOrganizationFlags;
import org.sonar.db.permission.OrganizationPermission;

import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.OrganizationPermission.SCAN;
import static org.sonar.db.user.UserTesting.newUserDto;

public class ServerUserSessionTest {
@@ -174,7 +176,7 @@ public class ServerUserSessionTest {

expectInsufficientPrivilegesForbiddenException();

newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org);
newUserSession(NON_ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org);
}

@Test
@@ -183,38 +185,38 @@ public class ServerUserSessionTest {
db.users().insertUser(NON_ROOT_USER_DTO);
db.users().insertPermissionOnUser(org, NON_ROOT_USER_DTO, PROVISIONING);

newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org);
newUserSession(NON_ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org);
}

@Test
public void checkPermission_succeeds_when_user_is_root() {
OrganizationDto org = db.organizations().insert();

newUserSession(ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org);
newUserSession(ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org);
}

@Test
public void test_hasPermission_on_organization_for_logged_in_user() {
OrganizationDto org = db.organizations().insert();
ComponentDto project = db.components().insertProject(org);
db.users().insertPermissionOnUser(org, userDto, PROVISIONING);
db.users().insertPermissionOnUser(org, userDto, PROVISION_PROJECTS);
db.users().insertProjectPermissionOnUser(userDto, UserRole.ADMIN, project);

UserSession session = newUserSession(userDto);
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse();
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse();
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse();
assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse();
}

@Test
public void test_hasPermission_on_organization_for_anonymous_user() {
OrganizationDto org = db.organizations().insert();
db.users().insertPermissionOnAnyone(org, PROVISIONING);
db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS);

UserSession session = newAnonymousSession();
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse();
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse();
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse();
assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse();
}

@Test
@@ -225,30 +227,30 @@ public class ServerUserSessionTest {
UserSession session = newUserSession(userDto);

// feed the cache
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();

// change permissions without updating the cache
db.users().deletePermissionFromUser(org, userDto, PROVISIONING);
db.users().insertPermissionOnUser(org, userDto, SCAN_EXECUTION);
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse();
assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse();
db.users().deletePermissionFromUser(org, userDto, PROVISION_PROJECTS);
db.users().insertPermissionOnUser(org, userDto, SCAN);
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse();
assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse();
}

@Test
public void hasPermission_on_organization_keeps_cache_of_permissions_of_anonymous_user() {
OrganizationDto org = db.organizations().insert();
db.users().insertPermissionOnAnyone(org, PROVISIONING);
db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS);

UserSession session = newAnonymousSession();

// feed the cache
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();

// change permissions without updating the cache
db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION);
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue();
assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse();
db.users().insertPermissionOnAnyone(org, SCAN);
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue();
assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse();
}

@Test
@@ -418,7 +420,7 @@ public class ServerUserSessionTest {
private void addPermissions(@Nullable ComponentDto component, String... permissions) {
for (String permission : permissions) {
if (component == null) {
db.users().insertPermissionOnUser(userDto, permission);
db.users().insertPermissionOnUser(userDto, OrganizationPermission.fromKey(permission));
} else {
db.users().insertProjectPermissionOnUser(userDto, permission, component);
}

+ 4
- 3
server/sonar-server/src/test/java/org/sonar/server/user/ws/DeactivateActionTest.java 查看文件

@@ -51,6 +51,7 @@ import static java.util.Collections.singletonList;
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.organization.OrganizationTesting.newOrganizationDto;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.user.UserTesting.newUserDto;
import static org.sonar.db.user.UserTokenTesting.newUserToken;
import static org.sonar.test.JsonAssert.assertJson;
@@ -168,7 +169,7 @@ public class DeactivateActionTest {
@Test
public void fail_to_deactivate_last_administrator_of_default_organization() throws Exception {
UserDto admin = createUser();
db.users().insertPermissionOnUser(admin, SYSTEM_ADMIN);
db.users().insertPermissionOnUser(admin, ADMINISTER);
logInAsSystemAdministrator();

expectedException.expect(BadRequestException.class);
@@ -202,8 +203,8 @@ public class DeactivateActionTest {
public void administrators_can_be_deactivated_if_there_are_still_other_administrators() throws Exception {
UserDto admin = createUser();
UserDto anotherAdmin = createUser();
db.users().insertPermissionOnUser(admin, SYSTEM_ADMIN);
db.users().insertPermissionOnUser(anotherAdmin, SYSTEM_ADMIN);
db.users().insertPermissionOnUser(admin, ADMINISTER);
db.users().insertPermissionOnUser(anotherAdmin, ADMINISTER);
db.commit();
logInAsSystemAdministrator();


撰写 预览
正在加载...
取消
保存