|
|
@@ -25,7 +25,6 @@ import org.assertj.core.api.ThrowableAssert.ThrowingCallable; |
|
|
|
import org.junit.Rule; |
|
|
|
import org.junit.Test; |
|
|
|
import org.sonar.api.utils.System2; |
|
|
|
import org.sonar.api.web.UserRole; |
|
|
|
import org.sonar.db.DbClient; |
|
|
|
import org.sonar.db.DbTester; |
|
|
|
import org.sonar.db.component.ComponentDto; |
|
|
@@ -37,10 +36,15 @@ import static com.google.common.base.Preconditions.checkState; |
|
|
|
import static java.util.Arrays.asList; |
|
|
|
import static org.assertj.core.api.Assertions.assertThat; |
|
|
|
import static org.assertj.core.api.Assertions.assertThatThrownBy; |
|
|
|
import static org.sonar.api.web.UserRole.ADMIN; |
|
|
|
import static org.sonar.api.web.UserRole.CODEVIEWER; |
|
|
|
import static org.sonar.api.web.UserRole.ISSUE_ADMIN; |
|
|
|
import static org.sonar.api.web.UserRole.USER; |
|
|
|
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; |
|
|
|
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; |
|
|
|
import static org.sonar.db.component.ComponentTesting.newChildComponent; |
|
|
|
import static org.sonar.db.component.ComponentTesting.newFileDto; |
|
|
|
import static org.sonar.db.component.ComponentTesting.newProjectCopy; |
|
|
|
import static org.sonar.db.permission.GlobalPermission.ADMINISTER; |
|
|
|
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS; |
|
|
|
import static org.sonar.db.permission.GlobalPermission.SCAN; |
|
|
@@ -48,8 +52,8 @@ import static org.sonar.db.permission.GlobalPermission.SCAN; |
|
|
|
public class ServerUserSessionTest { |
|
|
|
|
|
|
|
@Rule |
|
|
|
public DbTester db = DbTester.create(System2.INSTANCE); |
|
|
|
private DbClient dbClient = db.getDbClient(); |
|
|
|
public final DbTester db = DbTester.create(System2.INSTANCE); |
|
|
|
private final DbClient dbClient = db.getDbClient(); |
|
|
|
|
|
|
|
@Test |
|
|
|
public void anonymous_is_not_logged_in_and_does_not_have_login() { |
|
|
@@ -157,9 +161,9 @@ public class ServerUserSessionTest { |
|
|
|
|
|
|
|
UserSession underTest = newUserSession(root); |
|
|
|
|
|
|
|
assertThat(underTest.hasComponentUuidPermission(UserRole.USER, file.uuid())).isTrue(); |
|
|
|
assertThat(underTest.hasComponentUuidPermission(UserRole.CODEVIEWER, file.uuid())).isTrue(); |
|
|
|
assertThat(underTest.hasComponentUuidPermission(UserRole.ADMIN, file.uuid())).isTrue(); |
|
|
|
assertThat(underTest.hasComponentUuidPermission(USER, file.uuid())).isTrue(); |
|
|
|
assertThat(underTest.hasComponentUuidPermission(CODEVIEWER, file.uuid())).isTrue(); |
|
|
|
assertThat(underTest.hasComponentUuidPermission(ADMIN, file.uuid())).isTrue(); |
|
|
|
assertThat(underTest.hasComponentUuidPermission("whatever", "who cares?")).isTrue(); |
|
|
|
} |
|
|
|
|
|
|
@@ -172,7 +176,7 @@ public class ServerUserSessionTest { |
|
|
|
|
|
|
|
UserSession underTest = newUserSession(root); |
|
|
|
|
|
|
|
assertThat(underTest.checkComponentUuidPermission(UserRole.USER, file.uuid())).isSameAs(underTest); |
|
|
|
assertThat(underTest.checkComponentUuidPermission(USER, file.uuid())).isSameAs(underTest); |
|
|
|
assertThat(underTest.checkComponentUuidPermission("whatever", "who cares?")).isSameAs(underTest); |
|
|
|
} |
|
|
|
|
|
|
@@ -180,10 +184,60 @@ public class ServerUserSessionTest { |
|
|
|
public void checkComponentUuidPermission_fails_with_FE_when_user_has_not_permission_for_specified_uuid_in_db() { |
|
|
|
UserDto user = db.users().insertUser(); |
|
|
|
ComponentDto project = db.components().insertPrivateProject(); |
|
|
|
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project); |
|
|
|
db.users().insertProjectPermissionOnUser(user, USER, project); |
|
|
|
UserSession session = newUserSession(user); |
|
|
|
|
|
|
|
assertThatForbiddenExceptionIsThrown(() -> session.checkComponentUuidPermission(UserRole.USER, "another-uuid")); |
|
|
|
assertThatForbiddenExceptionIsThrown(() -> session.checkComponentUuidPermission(USER, "another-uuid")); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
|
public void checkChildProjectsPermission_succeeds_if_user_is_root() { |
|
|
|
UserDto root = db.users().insertUser(); |
|
|
|
root = db.users().makeRoot(root); |
|
|
|
ComponentDto project = db.components().insertPrivateProject(); |
|
|
|
ComponentDto application = db.components().insertPrivateApplication(); |
|
|
|
db.components().addApplicationProject(application, project); |
|
|
|
|
|
|
|
UserSession underTest = newUserSession(root); |
|
|
|
|
|
|
|
assertThat(underTest.checkChildProjectsPermission(USER, application)).isSameAs(underTest); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
|
public void checkChildProjectsPermission_succeeds_if_user_has_permissions_on_all_application_child_projects() { |
|
|
|
UserDto user = db.users().insertUser(); |
|
|
|
ComponentDto project = db.components().insertPrivateProject(); |
|
|
|
db.users().insertProjectPermissionOnUser(user, USER, project); |
|
|
|
ComponentDto application = db.components().insertPrivateApplication(); |
|
|
|
db.components().addApplicationProject(application, project); |
|
|
|
|
|
|
|
UserSession underTest = newUserSession(user); |
|
|
|
|
|
|
|
assertThat(underTest.checkChildProjectsPermission(USER, application)).isSameAs(underTest); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
|
public void checkChildProjectsPermission_succeeds_if_component_is_not_an_application() { |
|
|
|
UserDto user = db.users().insertUser(); |
|
|
|
ComponentDto project = db.components().insertPrivateProject(); |
|
|
|
|
|
|
|
UserSession underTest = newUserSession(user); |
|
|
|
|
|
|
|
assertThat(underTest.checkChildProjectsPermission(USER, project)).isSameAs(underTest); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
|
public void checkChildProjectsPermission_fails_with_FE_when_user_has_not_permission_for_specified_uuid_in_db() { |
|
|
|
UserDto user = db.users().insertUser(); |
|
|
|
ComponentDto project = db.components().insertPrivateProject(); |
|
|
|
ComponentDto application = db.components().insertPrivateApplication(); |
|
|
|
db.components().addApplicationProject(application, project); |
|
|
|
//add computed project |
|
|
|
db.components().insertComponent(newProjectCopy(project, application)); |
|
|
|
|
|
|
|
UserSession underTest = newUserSession(user); |
|
|
|
|
|
|
|
assertThatForbiddenExceptionIsThrown(() -> underTest.checkChildProjectsPermission(USER, application)); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
@@ -215,7 +269,7 @@ public class ServerUserSessionTest { |
|
|
|
ComponentDto project = db.components().insertPrivateProject(); |
|
|
|
UserDto user = db.users().insertUser(); |
|
|
|
db.users().insertPermissionOnUser(user, PROVISION_PROJECTS); |
|
|
|
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project); |
|
|
|
db.users().insertProjectPermissionOnUser(user, ADMIN, project); |
|
|
|
|
|
|
|
UserSession session = newUserSession(user); |
|
|
|
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue(); |
|
|
@@ -264,14 +318,91 @@ public class ServerUserSessionTest { |
|
|
|
assertThat(session.hasPermission(SCAN)).isFalse(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
|
public void test_hasChildProjectsPermission_for_logged_in_user() { |
|
|
|
ComponentDto project1 = db.components().insertPrivateProject(); |
|
|
|
ComponentDto project2 = db.components().insertPrivateProject(); |
|
|
|
UserDto user = db.users().insertUser(); |
|
|
|
db.users().insertProjectPermissionOnUser(user, USER, project1); |
|
|
|
|
|
|
|
ComponentDto application = db.components().insertPrivateApplication(); |
|
|
|
db.components().addApplicationProject(application, project1); |
|
|
|
// add computed project |
|
|
|
db.components().insertComponent(newProjectCopy(project1, application)); |
|
|
|
|
|
|
|
UserSession session = newUserSession(user); |
|
|
|
assertThat(session.hasChildProjectsPermission(USER, application)).isTrue(); |
|
|
|
|
|
|
|
db.components().addApplicationProject(application, project2); |
|
|
|
db.components().insertComponent(newProjectCopy(project2, application)); |
|
|
|
|
|
|
|
assertThat(session.hasChildProjectsPermission(USER, application)).isFalse(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
|
public void test_hasChildProjectsPermission_for_anonymous_user() { |
|
|
|
ComponentDto project = db.components().insertPrivateProject(); |
|
|
|
db.users().insertPermissionOnAnyone(USER); |
|
|
|
ComponentDto application = db.components().insertPrivateApplication(); |
|
|
|
db.components().addApplicationProject(application, project); |
|
|
|
// add computed project |
|
|
|
db.components().insertComponent(newProjectCopy(project, application)); |
|
|
|
|
|
|
|
UserSession session = newAnonymousSession(); |
|
|
|
assertThat(session.hasChildProjectsPermission(USER, application)).isFalse(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
|
public void hasChildProjectsPermission_keeps_cache_of_permissions_of_logged_in_user() { |
|
|
|
ComponentDto project = db.components().insertPrivateProject(); |
|
|
|
UserDto user = db.users().insertUser(); |
|
|
|
db.users().insertProjectPermissionOnUser(user, USER, project); |
|
|
|
|
|
|
|
ComponentDto application = db.components().insertPrivateApplication(); |
|
|
|
db.components().addApplicationProject(application, project); |
|
|
|
// add computed project |
|
|
|
db.components().insertComponent(newProjectCopy(project, application)); |
|
|
|
|
|
|
|
UserSession session = newUserSession(user); |
|
|
|
|
|
|
|
// feed the cache |
|
|
|
assertThat(session.hasChildProjectsPermission(USER, application)).isTrue(); |
|
|
|
|
|
|
|
// change permissions without updating the cache |
|
|
|
db.users().deletePermissionFromUser(project, user, USER); |
|
|
|
assertThat(session.hasChildProjectsPermission(USER, application)).isTrue(); |
|
|
|
|
|
|
|
// cache is refreshed when user logs in again |
|
|
|
session = newUserSession(user); |
|
|
|
assertThat(session.hasChildProjectsPermission(USER, application)).isFalse(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
|
public void hasChildProjectsPermission_keeps_cache_of_permissions_of_anonymous_user() { |
|
|
|
db.users().insertPermissionOnAnyone(USER); |
|
|
|
|
|
|
|
ComponentDto project = db.components().insertPublicProject(); |
|
|
|
ComponentDto application = db.components().insertPublicApplication(); |
|
|
|
db.components().addApplicationProject(application, project); |
|
|
|
|
|
|
|
UserSession session = newAnonymousSession(); |
|
|
|
|
|
|
|
// feed the cache |
|
|
|
assertThat(session.hasChildProjectsPermission(USER, application)).isTrue(); |
|
|
|
|
|
|
|
// change privacy of the project without updating the cache |
|
|
|
db.getDbClient().componentDao().setPrivateForRootComponentUuidWithoutAudit(db.getSession(), project.uuid(), true); |
|
|
|
assertThat(session.hasChildProjectsPermission(USER, application)).isTrue(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
|
public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_without_permissions() { |
|
|
|
ComponentDto publicProject = db.components().insertPublicProject(); |
|
|
|
|
|
|
|
ServerUserSession underTest = newAnonymousSession(); |
|
|
|
|
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
@@ -281,8 +412,8 @@ public class ServerUserSessionTest { |
|
|
|
|
|
|
|
ServerUserSession underTest = newAnonymousSession(); |
|
|
|
|
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
@@ -292,8 +423,8 @@ public class ServerUserSessionTest { |
|
|
|
|
|
|
|
ServerUserSession underTest = newAnonymousSession(); |
|
|
|
|
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
@@ -303,8 +434,8 @@ public class ServerUserSessionTest { |
|
|
|
|
|
|
|
ServerUserSession underTest = newAnonymousSession(); |
|
|
|
|
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
@@ -314,8 +445,8 @@ public class ServerUserSessionTest { |
|
|
|
|
|
|
|
ServerUserSession underTest = newUserSession(user); |
|
|
|
|
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, privateProject)).isFalse(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, privateProject)).isFalse(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
@@ -326,8 +457,8 @@ public class ServerUserSessionTest { |
|
|
|
|
|
|
|
ServerUserSession underTest = newUserSession(user); |
|
|
|
|
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, privateProject)).isFalse(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, privateProject)).isFalse(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
@@ -338,8 +469,8 @@ public class ServerUserSessionTest { |
|
|
|
|
|
|
|
ServerUserSession underTest = newUserSession(user); |
|
|
|
|
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, privateProject)).isFalse(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, privateProject)).isFalse(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
@@ -411,35 +542,35 @@ public class ServerUserSessionTest { |
|
|
|
public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_logged_in_user() { |
|
|
|
UserDto user = db.users().insertUser(); |
|
|
|
ComponentDto publicProject = db.components().insertPublicProject(); |
|
|
|
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, publicProject); |
|
|
|
db.users().insertProjectPermissionOnUser(user, ADMIN, publicProject); |
|
|
|
|
|
|
|
UserSession underTest = newUserSession(user); |
|
|
|
|
|
|
|
// feed the cache |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue(); |
|
|
|
|
|
|
|
// change permissions without updating the cache |
|
|
|
db.users().deletePermissionFromUser(publicProject, user, UserRole.ADMIN); |
|
|
|
db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, publicProject); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ISSUE_ADMIN, publicProject)).isFalse(); |
|
|
|
db.users().deletePermissionFromUser(publicProject, user, ADMIN); |
|
|
|
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, publicProject); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ISSUE_ADMIN, publicProject)).isFalse(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
|
public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_anonymous_user() { |
|
|
|
ComponentDto publicProject = db.components().insertPublicProject(); |
|
|
|
db.users().insertProjectPermissionOnAnyone(UserRole.ADMIN, publicProject); |
|
|
|
db.users().insertProjectPermissionOnAnyone(ADMIN, publicProject); |
|
|
|
|
|
|
|
UserSession underTest = newAnonymousSession(); |
|
|
|
|
|
|
|
// feed the cache |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue(); |
|
|
|
|
|
|
|
// change permissions without updating the cache |
|
|
|
db.users().deleteProjectPermissionFromAnyone(publicProject, UserRole.ADMIN); |
|
|
|
db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ISSUE_ADMIN, publicProject)).isFalse(); |
|
|
|
db.users().deleteProjectPermissionFromAnyone(publicProject, ADMIN); |
|
|
|
db.users().insertProjectPermissionOnAnyone(ISSUE_ADMIN, publicProject); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue(); |
|
|
|
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ISSUE_ADMIN, publicProject)).isFalse(); |
|
|
|
} |
|
|
|
|
|
|
|
private boolean hasComponentPermissionByDtoOrUuid(UserSession underTest, String permission, ComponentDto component) { |
|
|
@@ -456,7 +587,7 @@ public class ServerUserSessionTest { |
|
|
|
|
|
|
|
UserSession underTest = newAnonymousSession(); |
|
|
|
|
|
|
|
assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty(); |
|
|
|
assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty(); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
@@ -464,24 +595,24 @@ public class ServerUserSessionTest { |
|
|
|
UserDto user = db.users().insertUser(); |
|
|
|
ComponentDto publicProject = db.components().insertPublicProject(); |
|
|
|
ComponentDto privateProject = db.components().insertPrivateProject(); |
|
|
|
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); |
|
|
|
db.users().insertProjectPermissionOnUser(user, ADMIN, privateProject); |
|
|
|
|
|
|
|
UserSession underTest = newUserSession(user); |
|
|
|
|
|
|
|
assertThat(underTest.keepAuthorizedComponents(UserRole.ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty(); |
|
|
|
assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(privateProject); |
|
|
|
assertThat(underTest.keepAuthorizedComponents(ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty(); |
|
|
|
assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(privateProject); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
|
public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_anonymous() { |
|
|
|
ComponentDto publicProject = db.components().insertPublicProject(); |
|
|
|
ComponentDto privateProject = db.components().insertPrivateProject(); |
|
|
|
db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject); |
|
|
|
db.users().insertProjectPermissionOnAnyone(ISSUE_ADMIN, publicProject); |
|
|
|
|
|
|
|
UserSession underTest = newAnonymousSession(); |
|
|
|
|
|
|
|
assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty(); |
|
|
|
assertThat(underTest.keepAuthorizedComponents(UserRole.ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(publicProject); |
|
|
|
assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty(); |
|
|
|
assertThat(underTest.keepAuthorizedComponents(ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(publicProject); |
|
|
|
} |
|
|
|
|
|
|
|
@Test |
|
|
@@ -493,7 +624,7 @@ public class ServerUserSessionTest { |
|
|
|
|
|
|
|
UserSession underTest = newUserSession(root); |
|
|
|
|
|
|
|
assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))) |
|
|
|
assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(privateProject, publicProject))) |
|
|
|
.containsExactly(privateProject, publicProject); |
|
|
|
} |
|
|
|
|
|
|
@@ -501,12 +632,12 @@ public class ServerUserSessionTest { |
|
|
|
public void keepAuthorizedComponents_on_branches() { |
|
|
|
UserDto user = db.users().insertUser(); |
|
|
|
ComponentDto privateProject = db.components().insertPrivateProject(); |
|
|
|
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); |
|
|
|
db.users().insertProjectPermissionOnUser(user, ADMIN, privateProject); |
|
|
|
ComponentDto privateBranchProject = db.components().insertProjectBranch(privateProject); |
|
|
|
|
|
|
|
UserSession underTest = newUserSession(user); |
|
|
|
|
|
|
|
assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, asList(privateProject, privateBranchProject))) |
|
|
|
assertThat(underTest.keepAuthorizedComponents(ADMIN, asList(privateProject, privateBranchProject))) |
|
|
|
.containsExactlyInAnyOrder(privateProject, privateBranchProject); |
|
|
|
} |
|
|
|
|