@@ -39,6 +39,8 @@ import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; | |||
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; | |||
import static org.sonar.db.permission.OrganizationPermission.SCAN; | |||
public class AuthorizationDaoTest { | |||
@@ -432,7 +434,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_exist() { | |||
// another user | |||
db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); | |||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, MISSING_ID, SYSTEM_ADMIN); | |||
@@ -441,7 +443,7 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_have_permission_at_all() { | |||
db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); | |||
// user is not part of this group | |||
db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION); | |||
@@ -486,10 +488,10 @@ public class AuthorizationDaoTest { | |||
@Test | |||
public void selectOrganizationUuidsOfUserWithGlobalPermission_ignores_anonymous_permissions() { | |||
db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION); | |||
db.users().insertPermissionOnUser(org, user, QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnAnyone(org, SCAN); | |||
db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_GATES); | |||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN_EXECUTION); | |||
Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey()); | |||
assertThat(orgUuids).isEmpty(); | |||
} |
@@ -46,6 +46,9 @@ import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; | |||
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.component.ComponentTesting.newProjectDto; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; | |||
import static org.sonar.db.permission.OrganizationPermission.SCAN; | |||
public class GroupPermissionDaoTest { | |||
@@ -98,7 +101,7 @@ public class GroupPermissionDaoTest { | |||
GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2"); | |||
GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3"); | |||
GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); | |||
db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION); | |||
db.users().insertPermissionOnAnyone(organizationDto, SCAN); | |||
assertThat(underTest.selectGroupNamesByQuery(dbSession, organizationDto.getUuid(), PermissionQuery.builder().build())) | |||
.containsExactly(ANYONE, group1.getName(), group2.getName(), group3.getName()); | |||
@@ -110,13 +113,13 @@ public class GroupPermissionDaoTest { | |||
GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); | |||
db.users().insertGroup(organizationDto, "Group-2"); | |||
db.users().insertGroup(organizationDto, "Group-3"); | |||
db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION); | |||
db.users().insertPermissionOnGroup(group1, PROVISIONING); | |||
db.users().insertPermissionOnAnyone(organizationDto, SCAN); | |||
db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS); | |||
assertThat(underTest.countGroupsByQuery(dbSession, | |||
defaultOrganizationUuid, PermissionQuery.builder().build())).isEqualTo(4); | |||
assertThat(underTest.countGroupsByQuery(dbSession, | |||
defaultOrganizationUuid, PermissionQuery.builder().setPermission(PROVISIONING).build())).isEqualTo(1); | |||
defaultOrganizationUuid, PermissionQuery.builder().setPermission(PROVISION_PROJECTS.getKey()).build())).isEqualTo(1); | |||
assertThat(underTest.countGroupsByQuery(dbSession, | |||
defaultOrganizationUuid, PermissionQuery.builder().withAtLeastOnePermission().build())).isEqualTo(2); | |||
assertThat(underTest.countGroupsByQuery(dbSession, | |||
@@ -134,20 +137,20 @@ public class GroupPermissionDaoTest { | |||
ComponentDto project = db.components().insertComponent(newProjectDto(organizationDto)); | |||
db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION); | |||
db.users().insertPermissionOnAnyone(organizationDto, PROVISIONING); | |||
db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION); | |||
db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnAnyone(organizationDto, SCAN); | |||
db.users().insertPermissionOnAnyone(organizationDto, PROVISION_PROJECTS); | |||
db.users().insertPermissionOnGroup(group1, SCAN); | |||
db.users().insertPermissionOnGroup(group3, ADMINISTER); | |||
db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project); | |||
assertThat(underTest.selectGroupNamesByQuery(dbSession, | |||
organizationDto.getUuid(), PermissionQuery.builder().setPermission(SCAN_EXECUTION).build())).containsExactly(ANYONE, group1.getName()); | |||
organizationDto.getUuid(), PermissionQuery.builder().setPermission(SCAN.getKey()).build())).containsExactly(ANYONE, group1.getName()); | |||
assertThat(underTest.selectGroupNamesByQuery(dbSession, | |||
organizationDto.getUuid(), PermissionQuery.builder().setPermission(SYSTEM_ADMIN).build())).containsExactly(group3.getName()); | |||
organizationDto.getUuid(), PermissionQuery.builder().setPermission(ADMINISTER.getKey()).build())).containsExactly(group3.getName()); | |||
assertThat(underTest.selectGroupNamesByQuery(dbSession, | |||
organizationDto.getUuid(), PermissionQuery.builder().setPermission(PROVISIONING).build())).containsExactly(ANYONE); | |||
organizationDto.getUuid(), PermissionQuery.builder().setPermission(PROVISION_PROJECTS.getKey()).build())).containsExactly(ANYONE); | |||
} | |||
@Test | |||
@@ -166,7 +169,7 @@ public class GroupPermissionDaoTest { | |||
db.users().insertProjectPermissionOnGroup(group1, SYSTEM_ADMIN, anotherProject); | |||
db.users().insertProjectPermissionOnAnyone(SYSTEM_ADMIN, anotherProject); | |||
db.users().insertProjectPermissionOnGroup(group3, SCAN_EXECUTION, anotherProject); | |||
db.users().insertPermissionOnGroup(group2, SCAN_EXECUTION); | |||
db.users().insertPermissionOnGroup(group2, SCAN); | |||
PermissionQuery.Builder builderOnComponent = PermissionQuery.builder().setComponentUuid(project.uuid()); | |||
assertThat(underTest.selectGroupNamesByQuery(dbSession, | |||
@@ -190,7 +193,7 @@ public class GroupPermissionDaoTest { | |||
public void selectGroupNamesByQuery_with_search_query() { | |||
GroupDto group = db.users().insertGroup(db.getDefaultOrganization(), "group-anyone"); | |||
db.users().insertGroup(db.getDefaultOrganization(), "unknown"); | |||
db.users().insertPermissionOnGroup(group, SCAN_EXECUTION); | |||
db.users().insertPermissionOnGroup(group, SCAN); | |||
assertThat(underTest.selectGroupNamesByQuery(dbSession, | |||
defaultOrganizationUuid, PermissionQuery.builder().setSearchQuery("any").build())).containsOnlyOnce(ANYONE, group.getName()); | |||
@@ -211,18 +214,18 @@ public class GroupPermissionDaoTest { | |||
OrganizationDto organizationDto = db.organizations().insert(); | |||
GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); | |||
db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION); | |||
db.users().insertPermissionOnGroup(group1, SCAN); | |||
GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2"); | |||
ComponentDto project = db.components().insertComponent(newProjectDto(organizationDto)); | |||
db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project); | |||
GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3"); | |||
db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(group3, ADMINISTER); | |||
// Anyone | |||
db.users().insertPermissionOnAnyone(organizationDto, SCAN_EXECUTION); | |||
db.users().insertPermissionOnAnyone(organizationDto, PROVISIONING); | |||
db.users().insertPermissionOnAnyone(organizationDto, SCAN); | |||
db.users().insertPermissionOnAnyone(organizationDto, PROVISION_PROJECTS); | |||
assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(group1.getId()), null)) | |||
.extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId) | |||
@@ -249,7 +252,7 @@ public class GroupPermissionDaoTest { | |||
public void selectByGroupIds_on_projects() { | |||
OrganizationDto org = db.organizations().insert(); | |||
GroupDto group1 = db.users().insertGroup(org, "Group-1"); | |||
db.users().insertPermissionOnGroup(group1, PROVISIONING); | |||
db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS); | |||
GroupDto group2 = db.users().insertGroup(org, "Group-2"); | |||
ComponentDto project = db.components().insertComponent(newProjectDto(org)); | |||
@@ -259,7 +262,7 @@ public class GroupPermissionDaoTest { | |||
db.users().insertProjectPermissionOnGroup(group3, USER, project); | |||
// Anyone group | |||
db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION); | |||
db.users().insertPermissionOnAnyone(org, SCAN); | |||
db.users().insertProjectPermissionOnAnyone(PROVISIONING, project); | |||
assertThat(underTest.selectByGroupIds(dbSession, defaultOrganizationUuid, singletonList(group1.getId()), project.getId())).isEmpty(); |
@@ -25,12 +25,12 @@ import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbSession; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.component.ComponentDto; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
public class RoleDaoTest { | |||
@@ -58,7 +58,7 @@ public class RoleDaoTest { | |||
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project1); | |||
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2); | |||
// global permission - not returned | |||
db.users().insertPermissionOnUser(user1, UserRole.ADMIN); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER); | |||
// project permission on another user id - not returned | |||
db.users().insertProjectPermissionOnUser(user2, UserRole.ADMIN, project1); | |||
// project permission on another permission - not returned | |||
@@ -77,10 +77,10 @@ public class RoleDaoTest { | |||
db.users().insertMember(group1, user1); | |||
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2); | |||
// global permission - not returned | |||
db.users().insertPermissionOnUser(user1, GlobalPermissions.SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(group1, GlobalPermissions.SYSTEM_ADMIN); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER); | |||
db.users().insertPermissionOnGroup(group1, ADMINISTER); | |||
// project permission on another user id - not returned | |||
db.users().insertPermissionOnGroup(group2, GlobalPermissions.SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(group2, ADMINISTER); | |||
db.users().insertMember(group2, user2); | |||
// project permission on another permission - not returned | |||
db.users().insertProjectPermissionOnGroup(group1, UserRole.ISSUE_ADMIN, project1); |
@@ -42,6 +42,7 @@ import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.junit.Assert.fail; | |||
import static org.mockito.Mockito.mock; | |||
import static org.mockito.Mockito.when; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.user.GroupMembershipQuery.IN; | |||
import static org.sonar.db.user.GroupMembershipQuery.builder; | |||
import static org.sonar.db.user.GroupTesting.newGroupDto; | |||
@@ -390,7 +391,7 @@ public class UserDaoTest { | |||
public void deactivate_user() throws Exception { | |||
UserDto user = newActiveUser(); | |||
PropertyDto property = insertProperty(user); | |||
db.users().insertPermissionOnUser(user, "perm"); | |||
db.users().insertPermissionOnUser(user, ADMINISTER); | |||
insertUserGroup(user); | |||
UserDto otherUser = newActiveUser(); |
@@ -25,15 +25,17 @@ import java.util.Optional; | |||
import java.util.function.Consumer; | |||
import javax.annotation.CheckForNull; | |||
import javax.annotation.Nullable; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.core.util.stream.Collectors; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.GroupPermissionDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.permission.UserPermissionDto; | |||
import static com.google.common.base.Preconditions.checkArgument; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.user.GroupTesting.newGroupDto; | |||
import static org.sonar.db.user.UserTesting.newUserDto; | |||
@@ -83,7 +85,7 @@ public class UserDbTester { | |||
public UserDto insertAdminByUserPermission(OrganizationDto org) { | |||
UserDto user = insertUser(); | |||
insertPermissionOnUser(org, user, GlobalPermissions.SYSTEM_ADMIN); | |||
insertPermissionOnUser(org, user, ADMINISTER); | |||
return user; | |||
} | |||
@@ -166,6 +168,10 @@ public class UserDbTester { | |||
return dto; | |||
} | |||
public GroupPermissionDto insertPermissionOnAnyone(OrganizationDto org, OrganizationPermission permission) { | |||
return insertPermissionOnAnyone(org, permission.getKey()); | |||
} | |||
public GroupPermissionDto insertPermissionOnGroup(GroupDto group, String permission) { | |||
GroupPermissionDto dto = new GroupPermissionDto() | |||
.setOrganizationUuid(group.getOrganizationUuid()) | |||
@@ -176,6 +182,10 @@ public class UserDbTester { | |||
return dto; | |||
} | |||
public GroupPermissionDto insertPermissionOnGroup(GroupDto group, OrganizationPermission permission) { | |||
return insertPermissionOnGroup(group, permission.getKey()); | |||
} | |||
public void deletePermissionFromGroup(GroupDto group, String permission) { | |||
db.getDbClient().groupPermissionDao().delete(db.getSession(), permission, group.getOrganizationUuid(), group.getId(), null); | |||
db.commit(); | |||
@@ -219,22 +229,23 @@ public class UserDbTester { | |||
org.getUuid(), null); | |||
} | |||
checkArgument(org.getUuid().equals(project.getOrganizationUuid()), "Different organizations"); | |||
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), | |||
org.getUuid(), null, project.getId()); | |||
return db.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(db.getSession(), org.getUuid(), null, project.getId()); | |||
} | |||
// USER PERMISSIONS | |||
/** | |||
* Grant global permission on default organization | |||
* Grant permission on default organization | |||
*/ | |||
public UserPermissionDto insertPermissionOnUser(UserDto user, String permission) { | |||
public UserPermissionDto insertPermissionOnUser(UserDto user, OrganizationPermission permission) { | |||
return insertPermissionOnUser(db.getDefaultOrganization(), user, permission); | |||
} | |||
/** | |||
* Grant global permission | |||
* @deprecated use {@link #insertPermissionOnUser(OrganizationDto, UserDto, OrganizationPermission)} | |||
*/ | |||
@Deprecated | |||
public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, String permission) { | |||
UserPermissionDto dto = new UserPermissionDto(org.getUuid(), permission, user.getId(), null); | |||
db.getDbClient().userPermissionDao().insert(db.getSession(), dto); | |||
@@ -242,8 +253,15 @@ public class UserDbTester { | |||
return dto; | |||
} | |||
public void deletePermissionFromUser(OrganizationDto org, UserDto user, String permission) { | |||
db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getId(), permission, org.getUuid()); | |||
/** | |||
* Grant organization permission to user | |||
*/ | |||
public UserPermissionDto insertPermissionOnUser(OrganizationDto org, UserDto user, OrganizationPermission permission) { | |||
return insertPermissionOnUser(org, user, permission.getKey()); | |||
} | |||
public void deletePermissionFromUser(OrganizationDto org, UserDto user, OrganizationPermission permission) { | |||
db.getDbClient().userPermissionDao().deleteGlobalPermission(db.getSession(), user.getId(), permission.getKey(), org.getUuid()); | |||
db.commit(); | |||
} | |||
@@ -262,11 +280,19 @@ public class UserDbTester { | |||
return dto; | |||
} | |||
public List<String> selectGlobalPermissionsOfUser(UserDto user, OrganizationDto organization) { | |||
return db.getDbClient().userPermissionDao().selectGlobalPermissionsOfUser(db.getSession(), user.getId(), organization.getUuid()); | |||
public List<OrganizationPermission> selectPermissionsOfUser(UserDto user, OrganizationDto organization) { | |||
return toListOfOrganizationPermissions(db.getDbClient().userPermissionDao() | |||
.selectGlobalPermissionsOfUser(db.getSession(), user.getId(), organization.getUuid())); | |||
} | |||
public List<String> selectProjectPermissionsOfUser(UserDto user, ComponentDto project) { | |||
return db.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(db.getSession(), user.getId(), project.getId()); | |||
} | |||
private static List<OrganizationPermission> toListOfOrganizationPermissions(List<String> keys) { | |||
return keys | |||
.stream() | |||
.map(OrganizationPermission::fromKey) | |||
.collect(Collectors.toList()); | |||
} | |||
} |
@@ -19,14 +19,15 @@ | |||
*/ | |||
package org.sonar.server.organization.ws; | |||
import java.util.Arrays; | |||
import org.junit.Rule; | |||
import org.junit.Test; | |||
import org.sonar.api.server.ws.WebService; | |||
import org.sonar.api.utils.System2; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.DbClient; | |||
import org.sonar.db.DbTester; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.tester.UserSessionRule; | |||
@@ -35,6 +36,7 @@ import org.sonar.server.ws.WsActionTester; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.test.JsonAssert.assertJson; | |||
public class SearchMyOrganizationsActionTest { | |||
@@ -125,16 +127,16 @@ public class SearchMyOrganizationsActionTest { | |||
public void returns_organizations_of_authenticated_user_when_user_has_ADMIN_group_permission_on_some_organization() { | |||
UserDto user = dbTester.users().insertUser(); | |||
GroupDto defaultGroup = dbTester.users().insertGroup(dbTester.getDefaultOrganization()); | |||
dbTester.users().insertPermissionOnGroup(defaultGroup, SYSTEM_ADMIN); | |||
dbTester.users().insertPermissionOnGroup(defaultGroup, ADMINISTER); | |||
dbTester.users().insertMember(defaultGroup, user); | |||
OrganizationDto organization1 = dbTester.organizations().insert(); | |||
GroupDto group1 = dbTester.users().insertGroup(organization1); | |||
dbTester.users().insertPermissionOnGroup(group1, SYSTEM_ADMIN); | |||
dbTester.users().insertPermissionOnGroup(group1, ADMINISTER); | |||
dbTester.users().insertMember(group1, user); | |||
UserDto otherUser = dbTester.users().insertUser(); | |||
OrganizationDto organization2 = dbTester.organizations().insert(); | |||
GroupDto group2 = dbTester.users().insertGroup(organization2); | |||
dbTester.users().insertPermissionOnGroup(group2, SYSTEM_ADMIN); | |||
dbTester.users().insertPermissionOnGroup(group2, ADMINISTER); | |||
dbTester.users().insertMember(group2, otherUser); | |||
userSessionRule.logIn(user); | |||
@@ -159,8 +161,8 @@ public class SearchMyOrganizationsActionTest { | |||
OrganizationDto organization2 = dbTester.organizations().insert(); | |||
GroupDto group = dbTester.users().insertGroup(organization2); | |||
dbTester.users().insertMember(group, user); | |||
GlobalPermissions.ALL.stream() | |||
.filter(s -> !s.equals(SYSTEM_ADMIN)) | |||
Arrays.stream(OrganizationPermission.values()) | |||
.filter(s -> s != ADMINISTER) | |||
.forEach(s -> { | |||
dbTester.users().insertPermissionOnUser(organization1, user, s); | |||
dbTester.users().insertPermissionOnGroup(group, s); | |||
@@ -175,7 +177,7 @@ public class SearchMyOrganizationsActionTest { | |||
UserDto user = dbTester.users().insertUser(); | |||
OrganizationDto organization = dbTester.organizations().insert(); | |||
GroupDto group1 = dbTester.users().insertGroup(organization); | |||
dbTester.users().insertPermissionOnGroup(group1, SYSTEM_ADMIN); | |||
dbTester.users().insertPermissionOnGroup(group1, ADMINISTER); | |||
dbTester.users().insertPermissionOnUser(organization, user, SYSTEM_ADMIN); | |||
userSessionRule.logIn(user); |
@@ -35,6 +35,9 @@ import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.usergroups.ws.GroupIdOrAnyone; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; | |||
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; | |||
public class GroupPermissionChangerTest { | |||
@@ -98,11 +101,11 @@ public class GroupPermissionChangerTest { | |||
@Test | |||
public void do_nothing_when_adding_permission_that_already_exists() { | |||
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group); | |||
db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); | |||
apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); | |||
apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupId)); | |||
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN); | |||
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey()); | |||
} | |||
@Test | |||
@@ -128,24 +131,24 @@ public class GroupPermissionChangerTest { | |||
@Test | |||
public void remove_permission_from_group() { | |||
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group); | |||
db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnGroup(group, GlobalPermissions.PROVISIONING); | |||
db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); | |||
db.users().insertPermissionOnGroup(group, PROVISION_PROJECTS); | |||
apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); | |||
apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupId)); | |||
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.PROVISIONING); | |||
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(PROVISION_PROJECTS.getKey()); | |||
} | |||
@Test | |||
public void remove_project_permission_from_group() { | |||
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group); | |||
db.users().insertPermissionOnGroup(group, GlobalPermissions.QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); | |||
db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project); | |||
db.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, project); | |||
apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(project), groupId)); | |||
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN); | |||
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey()); | |||
assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(UserRole.CODEVIEWER); | |||
} | |||
@@ -162,22 +165,22 @@ public class GroupPermissionChangerTest { | |||
@Test | |||
public void fail_to_remove_admin_permission_if_no_more_admins() { | |||
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group); | |||
db.users().insertPermissionOnGroup(group, GlobalPermissions.SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(group, ADMINISTER); | |||
expectedException.expect(BadRequestException.class); | |||
expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed."); | |||
underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.SYSTEM_ADMIN, null, groupId)); | |||
underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId)); | |||
} | |||
@Test | |||
public void remove_admin_group_if_still_other_admins() { | |||
GroupIdOrAnyone groupId = new GroupIdOrAnyone(group); | |||
db.users().insertPermissionOnGroup(group, GlobalPermissions.SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(group, ADMINISTER); | |||
UserDto admin = db.users().insertUser(); | |||
db.users().insertPermissionOnUser(org, admin, GlobalPermissions.SYSTEM_ADMIN); | |||
db.users().insertPermissionOnUser(org, admin, ADMINISTER); | |||
apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, GlobalPermissions.SYSTEM_ADMIN, null, groupId)); | |||
apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId)); | |||
assertThat(db.users().selectGroupPermissions(group, null)).isEmpty(); | |||
} |
@@ -30,8 +30,6 @@ import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.exceptions.BadRequestException; | |||
import org.sonar.server.organization.DefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | |||
@@ -39,6 +37,9 @@ import static org.sonar.api.web.UserRole.USER; | |||
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; | |||
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; | |||
import static org.sonar.db.permission.OrganizationPermission.SCAN; | |||
import static org.sonar.server.permission.PermissionChange.Operation.ADD; | |||
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE; | |||
@@ -71,10 +72,10 @@ public class UserPermissionChangerTest { | |||
UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), SCAN_EXECUTION, null, UserId.from(user1)); | |||
apply(change); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).containsOnly(SCAN_EXECUTION); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user1, org2)).isEmpty(); | |||
assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN); | |||
assertThat(db.users().selectPermissionsOfUser(user1, org2)).isEmpty(); | |||
assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).isEmpty(); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).isEmpty(); | |||
assertThat(db.users().selectPermissionsOfUser(user2, org1)).isEmpty(); | |||
assertThat(db.users().selectProjectPermissionsOfUser(user2, project)).isEmpty(); | |||
} | |||
@@ -83,20 +84,20 @@ public class UserPermissionChangerTest { | |||
UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), ISSUE_ADMIN, new ProjectId(project), UserId.from(user1)); | |||
apply(change); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty(); | |||
assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); | |||
assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).contains(ISSUE_ADMIN); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).isEmpty(); | |||
assertThat(db.users().selectPermissionsOfUser(user2, org1)).isEmpty(); | |||
assertThat(db.users().selectProjectPermissionsOfUser(user2, project)).isEmpty(); | |||
} | |||
@Test | |||
public void do_nothing_when_adding_global_permission_that_already_exists() { | |||
db.users().insertPermissionOnUser(org1, user1, QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnUser(org1, user1, ADMINISTER_QUALITY_GATES); | |||
UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); | |||
apply(change); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).hasSize(1).containsOnly(QUALITY_GATE_ADMIN); | |||
assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(ADMINISTER_QUALITY_GATES); | |||
} | |||
@Test | |||
@@ -128,16 +129,16 @@ public class UserPermissionChangerTest { | |||
UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); | |||
apply(change); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).containsOnly(SCAN_EXECUTION); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user1, org2)).containsOnly(QUALITY_GATE_ADMIN); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user2, org1)).containsOnly(QUALITY_GATE_ADMIN); | |||
assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN); | |||
assertThat(db.users().selectPermissionsOfUser(user1, org2)).containsOnly(ADMINISTER_QUALITY_GATES); | |||
assertThat(db.users().selectPermissionsOfUser(user2, org1)).containsOnly(ADMINISTER_QUALITY_GATES); | |||
assertThat(db.users().selectProjectPermissionsOfUser(user1, project)).containsOnly(ISSUE_ADMIN); | |||
} | |||
@Test | |||
public void remove_project_permission_from_user() { | |||
ComponentDto project2 = db.components().insertProject(org1); | |||
db.users().insertPermissionOnUser(user1, QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES); | |||
db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, project); | |||
db.users().insertProjectPermissionOnUser(user1, USER, project); | |||
db.users().insertProjectPermissionOnUser(user2, ISSUE_ADMIN, project); | |||
@@ -156,7 +157,7 @@ public class UserPermissionChangerTest { | |||
UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); | |||
apply(change); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty(); | |||
assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); | |||
} | |||
@Test | |||
@@ -180,15 +181,15 @@ public class UserPermissionChangerTest { | |||
@Test | |||
public void remove_admin_user_if_still_other_admins() { | |||
db.users().insertPermissionOnUser(org1, user1, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnUser(org1, user1, ADMINISTER); | |||
GroupDto admins = db.users().insertGroup(org1, "admins"); | |||
db.users().insertMember(admins, user2); | |||
db.users().insertPermissionOnGroup(admins, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(admins, ADMINISTER); | |||
UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), SYSTEM_ADMIN, null, UserId.from(user1)); | |||
UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1)); | |||
underTest.apply(db.getSession(), change); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user1, org1)).isEmpty(); | |||
assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); | |||
} | |||
private void apply(UserPermissionChange change) { |
@@ -38,6 +38,7 @@ import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.component.ComponentTesting.newFileDto; | |||
import static org.sonar.db.component.ComponentTesting.newProjectDto; | |||
import static org.sonar.db.component.ComponentTesting.newView; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; | |||
@@ -66,7 +67,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> { | |||
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN) | |||
.execute(); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(SYSTEM_ADMIN); | |||
assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(ADMINISTER); | |||
} | |||
@Test | |||
@@ -79,7 +80,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> { | |||
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN) | |||
.execute(); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user, organization)).containsOnly(SYSTEM_ADMIN); | |||
assertThat(db.users().selectPermissionsOfUser(user, organization)).containsOnly(ADMINISTER); | |||
} | |||
@Test | |||
@@ -94,7 +95,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> { | |||
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN) | |||
.execute(); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user, organization)).isEmpty(); | |||
assertThat(db.users().selectPermissionsOfUser(user, organization)).isEmpty(); | |||
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN); | |||
} | |||
@@ -109,7 +110,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> { | |||
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN) | |||
.execute(); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty(); | |||
assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty(); | |||
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN); | |||
} | |||
@@ -124,7 +125,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> { | |||
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN) | |||
.execute(); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty(); | |||
assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty(); | |||
assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(SYSTEM_ADMIN); | |||
} | |||
@@ -36,9 +36,10 @@ import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY; | |||
import static org.sonar.api.web.UserRole.ADMIN; | |||
import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | |||
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.component.ComponentTesting.newProjectDto; | |||
import static org.sonar.db.component.ComponentTesting.newView; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.permission.OrganizationPermission.SCAN; | |||
import static org.sonar.test.JsonAssert.assertJson; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; | |||
@@ -64,10 +65,10 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> { | |||
group1 = db.users().insertGroup(defOrg, "group-1-name"); | |||
group2 = db.users().insertGroup(defOrg, "group-2-name"); | |||
group3 = db.users().insertGroup(defOrg, "group-3-name"); | |||
db.users().insertPermissionOnGroup(group1, SCAN_EXECUTION); | |||
db.users().insertPermissionOnGroup(group2, SCAN_EXECUTION); | |||
db.users().insertPermissionOnGroup(group3, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnAnyone(defOrg, SCAN_EXECUTION); | |||
db.users().insertPermissionOnGroup(group1, SCAN); | |||
db.users().insertPermissionOnGroup(group2, SCAN); | |||
db.users().insertPermissionOnGroup(group3, ADMINISTER); | |||
db.users().insertPermissionOnAnyone(defOrg, SCAN); | |||
db.commit(); | |||
} | |||
@@ -76,7 +77,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> { | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
String json = newRequest() | |||
.setParam(PARAM_PERMISSION, SCAN_EXECUTION) | |||
.setParam(PARAM_PERMISSION, SCAN.getKey()) | |||
.execute() | |||
.getInput(); | |||
assertJson(json).isSimilarTo("{\n" + | |||
@@ -114,7 +115,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> { | |||
public void search_with_selection() throws Exception { | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
String result = newRequest() | |||
.setParam(PARAM_PERMISSION, SCAN_EXECUTION) | |||
.setParam(PARAM_PERMISSION, SCAN.getKey()) | |||
.execute() | |||
.getInput(); | |||
@@ -125,7 +126,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> { | |||
public void search_groups_with_pagination() throws Exception { | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
String result = newRequest() | |||
.setParam(PARAM_PERMISSION, SCAN_EXECUTION) | |||
.setParam(PARAM_PERMISSION, SCAN.getKey()) | |||
.setParam(PAGE_SIZE, "1") | |||
.setParam(PAGE, "3") | |||
.execute() | |||
@@ -140,7 +141,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> { | |||
public void search_groups_with_query() throws Exception { | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
String result = newRequest() | |||
.setParam(PARAM_PERMISSION, SCAN_EXECUTION) | |||
.setParam(PARAM_PERMISSION, SCAN.getKey()) | |||
.setParam(TEXT_QUERY, "group-") | |||
.execute() | |||
.getInput(); | |||
@@ -259,7 +260,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> { | |||
userSession.anonymous(); | |||
newRequest() | |||
.setParam(PARAM_PERMISSION, "scan") | |||
.setParam(PARAM_PERMISSION, SCAN.getKey()) | |||
.execute(); | |||
} | |||
@@ -269,7 +270,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> { | |||
userSession.logIn("login"); | |||
newRequest() | |||
.setParam(PARAM_PERMISSION, "scan") | |||
.setParam(PARAM_PERMISSION, SCAN.getKey()) | |||
.execute(); | |||
} | |||
@@ -37,6 +37,8 @@ import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.component.ComponentTesting.newFileDto; | |||
import static org.sonar.db.component.ComponentTesting.newProjectDto; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; | |||
@@ -60,8 +62,8 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio | |||
@Test | |||
public void remove_permission_using_group_name() throws Exception { | |||
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(aGroup, PROVISIONING); | |||
db.users().insertPermissionOnGroup(aGroup, ADMINISTER); | |||
db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS); | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
newRequest() | |||
@@ -69,27 +71,27 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio | |||
.setParam(PARAM_PERMISSION, PROVISIONING) | |||
.execute(); | |||
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN); | |||
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey()); | |||
} | |||
@Test | |||
public void remove_permission_using_group_id() throws Exception { | |||
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(aGroup, PROVISIONING); | |||
db.users().insertPermissionOnGroup(aGroup, ADMINISTER); | |||
db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS); | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
newRequest() | |||
.setParam(PARAM_GROUP_ID, aGroup.getId().toString()) | |||
.setParam(PARAM_PERMISSION, PROVISIONING) | |||
.setParam(PARAM_PERMISSION, PROVISION_PROJECTS.getKey()) | |||
.execute(); | |||
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN); | |||
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey()); | |||
} | |||
@Test | |||
public void remove_project_permission() throws Exception { | |||
ComponentDto project = db.components().insertProject(); | |||
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(aGroup, ADMINISTER); | |||
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, project); | |||
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project); | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
@@ -100,14 +102,14 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio | |||
.setParam(PARAM_PERMISSION, ADMIN) | |||
.execute(); | |||
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN); | |||
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey()); | |||
assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(ISSUE_ADMIN); | |||
} | |||
@Test | |||
public void remove_with_view_uuid() throws Exception { | |||
ComponentDto view = db.components().insertView(); | |||
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(aGroup, ADMINISTER); | |||
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, view); | |||
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, view); | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
@@ -118,14 +120,14 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio | |||
.setParam(PARAM_PERMISSION, ADMIN) | |||
.execute(); | |||
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN); | |||
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey()); | |||
assertThat(db.users().selectGroupPermissions(aGroup, view)).containsOnly(ISSUE_ADMIN); | |||
} | |||
@Test | |||
public void remove_with_project_key() throws Exception { | |||
ComponentDto project = db.components().insertProject(); | |||
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(aGroup, ADMINISTER); | |||
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, project); | |||
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project); | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
@@ -136,14 +138,14 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio | |||
.setParam(PARAM_PERMISSION, ADMIN) | |||
.execute(); | |||
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(SYSTEM_ADMIN); | |||
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey()); | |||
assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(ISSUE_ADMIN); | |||
} | |||
@Test | |||
public void fail_to_remove_last_admin_permission() throws Exception { | |||
db.users().insertPermissionOnGroup(aGroup, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(aGroup, PROVISIONING); | |||
db.users().insertPermissionOnGroup(aGroup, ADMINISTER); | |||
db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS); | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
expectedException.expect(BadRequestException.class); | |||
@@ -162,7 +164,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio | |||
newRequest() | |||
.setParam(PARAM_GROUP_NAME, aGroup.getName()) | |||
.setParam(PARAM_PROJECT_ID, "unknown-project-uuid") | |||
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN) | |||
.setParam(PARAM_PERMISSION, ADMINISTER.getKey()) | |||
.execute(); | |||
} | |||
@@ -39,6 +39,9 @@ import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.component.ComponentTesting.newFileDto; | |||
import static org.sonar.db.component.ComponentTesting.newProjectDto; | |||
import static org.sonar.db.component.ComponentTesting.newView; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; | |||
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY; | |||
@@ -64,8 +67,8 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction> | |||
@Test | |||
public void remove_permission_from_user() throws Exception { | |||
db.users().insertPermissionOnUser(user, PROVISIONING); | |||
db.users().insertPermissionOnUser(user, QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnUser(user, PROVISION_PROJECTS); | |||
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
newRequest() | |||
@@ -73,13 +76,12 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction> | |||
.setParam(PARAM_PERMISSION, QUALITY_GATE_ADMIN) | |||
.execute(); | |||
assertThat(db.users().selectGlobalPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(PROVISIONING); | |||
assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(PROVISION_PROJECTS); | |||
} | |||
@Test | |||
public void fail_to_remove_admin_permission_if_last_admin() throws Exception { | |||
db.users().insertPermissionOnUser(user, CODEVIEWER); | |||
db.users().insertPermissionOnUser(user, ADMIN); | |||
db.users().insertPermissionOnUser(user, ADMINISTER); | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
expectedException.expect(BadRequestException.class); |
@@ -36,10 +36,12 @@ import org.sonarqube.ws.WsPermissions; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; | |||
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; | |||
import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; | |||
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; | |||
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; | |||
import static org.sonar.db.permission.OrganizationPermission.SCAN; | |||
import static org.sonar.test.JsonAssert.assertJson; | |||
public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest<SearchGlobalPermissionsAction> { | |||
@@ -62,20 +64,20 @@ public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest<Sear | |||
loginAsAdmin(org); | |||
GroupDto adminGroup = db.users().insertGroup(newGroup(org, "sonar-admins", "Administrators")); | |||
GroupDto userGroup = db.users().insertGroup(newGroup(org, "sonar-users", "Users")); | |||
db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION); | |||
db.users().insertPermissionOnGroup(userGroup, SCAN_EXECUTION); | |||
db.users().insertPermissionOnAnyone(org, SCAN); | |||
db.users().insertPermissionOnGroup(userGroup, SCAN); | |||
db.users().insertPermissionOnGroup(userGroup, PROVISIONING); | |||
db.users().insertPermissionOnGroup(adminGroup, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnGroup(adminGroup, ADMINISTER); | |||
UserDto user = db.users().insertUser(newUserDto("user", "user-name")); | |||
UserDto adminUser = db.users().insertUser(newUserDto("admin", "admin-name")); | |||
db.users().insertPermissionOnUser(org, user, PROVISIONING); | |||
db.users().insertPermissionOnUser(org, user, QUALITY_PROFILE_ADMIN); | |||
db.users().insertPermissionOnUser(org, adminUser, QUALITY_PROFILE_ADMIN); | |||
db.users().insertPermissionOnUser(org, user, QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnUser(org, adminUser, QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnUser(org, user, PROVISION_PROJECTS); | |||
db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_PROFILES); | |||
db.users().insertPermissionOnUser(org, adminUser, ADMINISTER_QUALITY_PROFILES); | |||
db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_GATES); | |||
db.users().insertPermissionOnUser(org, adminUser, ADMINISTER_QUALITY_GATES); | |||
// to be excluded, permission on another organization (the default one) | |||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), adminUser, QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), adminUser, ADMINISTER_QUALITY_GATES); | |||
String result = newRequest() | |||
.setParam("organization", org.getKey()) | |||
@@ -91,10 +93,10 @@ public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest<Sear | |||
loginAsAdmin(org, db.getDefaultOrganization()); | |||
UserDto user = db.users().insertUser(); | |||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SCAN_EXECUTION); | |||
db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SCAN); | |||
// to be ignored, by default organization is used when searching for permissions | |||
db.users().insertPermissionOnUser(org, user, QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_GATES); | |||
WsPermissions.WsSearchGlobalPermissionsResponse result = WsPermissions.WsSearchGlobalPermissionsResponse.parseFrom( | |||
newRequest() |
@@ -24,7 +24,6 @@ import org.junit.Before; | |||
import org.junit.Test; | |||
import org.sonar.api.resources.Qualifiers; | |||
import org.sonar.api.web.UserRole; | |||
import org.sonar.core.permission.GlobalPermissions; | |||
import org.sonar.db.component.ComponentDbTester; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.component.ResourceTypesRule; | |||
@@ -45,6 +44,7 @@ import static org.sonar.db.component.ComponentTesting.newDeveloper; | |||
import static org.sonar.db.component.ComponentTesting.newProjectCopy; | |||
import static org.sonar.db.component.ComponentTesting.newProjectDto; | |||
import static org.sonar.db.component.ComponentTesting.newView; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.test.JsonAssert.assertJson; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_QUALIFIER; | |||
@@ -89,7 +89,7 @@ public class SearchProjectPermissionsActionTest extends BasePermissionWsTest<Sea | |||
db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, dev); | |||
db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, view); | |||
// global permission | |||
db.users().insertPermissionOnUser(user1, GlobalPermissions.SYSTEM_ADMIN); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER); | |||
GroupDto group1 = db.users().insertGroup(); | |||
GroupDto group2 = db.users().insertGroup(); |
@@ -32,11 +32,12 @@ import org.sonar.server.exceptions.UnauthorizedException; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY; | |||
import static org.sonar.api.web.UserRole.ISSUE_ADMIN; | |||
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; | |||
import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN; | |||
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.component.ComponentTesting.newProjectDto; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES; | |||
import static org.sonar.db.permission.OrganizationPermission.SCAN; | |||
import static org.sonar.db.user.UserTesting.newUserDto; | |||
import static org.sonar.test.JsonAssert.assertJson; | |||
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; | |||
@@ -54,10 +55,10 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> { | |||
public void search_for_users_with_response_example() throws Exception { | |||
UserDto user1 = db.users().insertUser(newUserDto().setLogin("admin").setName("Administrator").setEmail("admin@admin.com")); | |||
UserDto user2 = db.users().insertUser(newUserDto().setLogin("george.orwell").setName("George Orwell").setEmail("george.orwell@1984.net")); | |||
db.users().insertPermissionOnUser(user1, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnUser(user1, QUALITY_GATE_ADMIN); | |||
db.users().insertPermissionOnUser(user1, QUALITY_PROFILE_ADMIN); | |||
db.users().insertPermissionOnUser(user2, SCAN_EXECUTION); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES); | |||
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES); | |||
db.users().insertPermissionOnUser(user2, SCAN); | |||
loginAsAdmin(db.getDefaultOrganization()); | |||
String result = newRequest().execute().getInput(); | |||
@@ -269,9 +270,9 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> { | |||
UserDto user1 = db.users().insertUser(newUserDto("login-1", "name-1", "email-1")); | |||
UserDto user2 = db.users().insertUser(newUserDto("login-2", "name-2", "email-2")); | |||
UserDto user3 = db.users().insertUser(newUserDto("login-3", "name-3", "email-3")); | |||
db.users().insertPermissionOnUser(user1, SCAN_EXECUTION); | |||
db.users().insertPermissionOnUser(user2, SCAN_EXECUTION); | |||
db.users().insertPermissionOnUser(user3, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnUser(user1, SCAN); | |||
db.users().insertPermissionOnUser(user2, SCAN); | |||
db.users().insertPermissionOnUser(user3, ADMINISTER); | |||
} | |||
} |
@@ -31,17 +31,19 @@ import org.sonar.db.DbTester; | |||
import org.sonar.db.component.ComponentDto; | |||
import org.sonar.db.component.ComponentTesting; | |||
import org.sonar.db.organization.OrganizationDto; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import org.sonar.db.user.GroupDto; | |||
import org.sonar.db.user.UserDto; | |||
import org.sonar.server.exceptions.ForbiddenException; | |||
import org.sonar.server.organization.TestDefaultOrganizationProvider; | |||
import org.sonar.server.organization.TestOrganizationFlags; | |||
import org.sonar.db.permission.OrganizationPermission; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; | |||
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; | |||
import static org.sonar.db.permission.OrganizationPermission.SCAN; | |||
import static org.sonar.db.user.UserTesting.newUserDto; | |||
public class ServerUserSessionTest { | |||
@@ -174,7 +176,7 @@ public class ServerUserSessionTest { | |||
expectInsufficientPrivilegesForbiddenException(); | |||
newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); | |||
newUserSession(NON_ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org); | |||
} | |||
@Test | |||
@@ -183,38 +185,38 @@ public class ServerUserSessionTest { | |||
db.users().insertUser(NON_ROOT_USER_DTO); | |||
db.users().insertPermissionOnUser(org, NON_ROOT_USER_DTO, PROVISIONING); | |||
newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); | |||
newUserSession(NON_ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org); | |||
} | |||
@Test | |||
public void checkPermission_succeeds_when_user_is_root() { | |||
OrganizationDto org = db.organizations().insert(); | |||
newUserSession(ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, org); | |||
newUserSession(ROOT_USER_DTO).checkPermission(PROVISION_PROJECTS, org); | |||
} | |||
@Test | |||
public void test_hasPermission_on_organization_for_logged_in_user() { | |||
OrganizationDto org = db.organizations().insert(); | |||
ComponentDto project = db.components().insertProject(org); | |||
db.users().insertPermissionOnUser(org, userDto, PROVISIONING); | |||
db.users().insertPermissionOnUser(org, userDto, PROVISION_PROJECTS); | |||
db.users().insertProjectPermissionOnUser(userDto, UserRole.ADMIN, project); | |||
UserSession session = newUserSession(userDto); | |||
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); | |||
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse(); | |||
} | |||
@Test | |||
public void test_hasPermission_on_organization_for_anonymous_user() { | |||
OrganizationDto org = db.organizations().insert(); | |||
db.users().insertPermissionOnAnyone(org, PROVISIONING); | |||
db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS); | |||
UserSession session = newAnonymousSession(); | |||
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); | |||
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse(); | |||
} | |||
@Test | |||
@@ -225,30 +227,30 @@ public class ServerUserSessionTest { | |||
UserSession session = newUserSession(userDto); | |||
// feed the cache | |||
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
// change permissions without updating the cache | |||
db.users().deletePermissionFromUser(org, userDto, PROVISIONING); | |||
db.users().insertPermissionOnUser(org, userDto, SCAN_EXECUTION); | |||
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(OrganizationPermission.ADMINISTER, org.getUuid())).isFalse(); | |||
assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse(); | |||
db.users().deletePermissionFromUser(org, userDto, PROVISION_PROJECTS); | |||
db.users().insertPermissionOnUser(org, userDto, SCAN); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); | |||
assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse(); | |||
} | |||
@Test | |||
public void hasPermission_on_organization_keeps_cache_of_permissions_of_anonymous_user() { | |||
OrganizationDto org = db.organizations().insert(); | |||
db.users().insertPermissionOnAnyone(org, PROVISIONING); | |||
db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS); | |||
UserSession session = newAnonymousSession(); | |||
// feed the cache | |||
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
// change permissions without updating the cache | |||
db.users().insertPermissionOnAnyone(org, SCAN_EXECUTION); | |||
assertThat(session.hasPermission(OrganizationPermission.PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(OrganizationPermission.SCAN, org.getUuid())).isFalse(); | |||
db.users().insertPermissionOnAnyone(org, SCAN); | |||
assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); | |||
assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse(); | |||
} | |||
@Test | |||
@@ -418,7 +420,7 @@ public class ServerUserSessionTest { | |||
private void addPermissions(@Nullable ComponentDto component, String... permissions) { | |||
for (String permission : permissions) { | |||
if (component == null) { | |||
db.users().insertPermissionOnUser(userDto, permission); | |||
db.users().insertPermissionOnUser(userDto, OrganizationPermission.fromKey(permission)); | |||
} else { | |||
db.users().insertProjectPermissionOnUser(userDto, permission, component); | |||
} |
@@ -51,6 +51,7 @@ import static java.util.Collections.singletonList; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; | |||
import static org.sonar.db.organization.OrganizationTesting.newOrganizationDto; | |||
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; | |||
import static org.sonar.db.user.UserTesting.newUserDto; | |||
import static org.sonar.db.user.UserTokenTesting.newUserToken; | |||
import static org.sonar.test.JsonAssert.assertJson; | |||
@@ -168,7 +169,7 @@ public class DeactivateActionTest { | |||
@Test | |||
public void fail_to_deactivate_last_administrator_of_default_organization() throws Exception { | |||
UserDto admin = createUser(); | |||
db.users().insertPermissionOnUser(admin, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnUser(admin, ADMINISTER); | |||
logInAsSystemAdministrator(); | |||
expectedException.expect(BadRequestException.class); | |||
@@ -202,8 +203,8 @@ public class DeactivateActionTest { | |||
public void administrators_can_be_deactivated_if_there_are_still_other_administrators() throws Exception { | |||
UserDto admin = createUser(); | |||
UserDto anotherAdmin = createUser(); | |||
db.users().insertPermissionOnUser(admin, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnUser(anotherAdmin, SYSTEM_ADMIN); | |||
db.users().insertPermissionOnUser(admin, ADMINISTER); | |||
db.users().insertPermissionOnUser(anotherAdmin, ADMINISTER); | |||
db.commit(); | |||
logInAsSystemAdministrator(); | |||