mirrors
/
sonarqube
зеркало из https://github.com/SonarSource/sonarqube.git
Следить 1
В избранное 0
Форкнуть 0
Код Задачи 0 Релизы 237 Вики Активность
Просмотр исходного кода

SONAR-18628 Drop GlobalPermissions class and replace with GlobalPermission enum.

tags/10.0.0.68432
Dimitris Kavvathas 1 год назад
Родитель
b2458a2688
Сommit
fade315189
57 измененных файлов: 768 добавлений и 882 удалений
Разделённый вид Показать статистику Diff
  1. 0
    54
      server/sonar-db-dao/src/main/java/org/sonar/core/permission/GlobalPermissions.java
  2. 9
    0
      server/sonar-db-dao/src/main/java/org/sonar/db/permission/GlobalPermission.java
  3. 18
    20
      server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java
  4. 29
    0
      server/sonar-db-dao/src/test/java/org/sonar/db/permission/GlobalPermissionTest.java
  5. 44
    51
      server/sonar-db-dao/src/test/java/org/sonar/db/permission/GroupPermissionDaoTest.java
  6. 79
    89
      server/sonar-db-dao/src/test/java/org/sonar/db/permission/UserPermissionDaoTest.java
  7. 14
    14
      server/sonar-db-dao/src/test/java/org/sonar/db/permission/UserPermissionDaoWithPersisterTest.java
  8. 12
    12
      server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/GroupWithPermissionTemplateDaoTest.java
  9. 20
    24
      server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/PermissionTemplateDaoTest.java
  10. 1
    1
      server/sonar-db-dao/src/test/java/org/sonar/db/purge/PurgeCommandsTest.java
  11. 2
    2
      server/sonar-db-dao/src/test/java/org/sonar/db/user/RoleDaoTest.java
  12. 6
    4
      server/sonar-db-dao/src/testFixtures/java/org/sonar/db/permission/PermissionsTestHelper.java
  13. 9
    11
      server/sonar-db-dao/src/testFixtures/java/org/sonar/db/user/UserDbTester.java
  14. 2
    2
      server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierNotificationHandlerTest.java
  15. 102
    109
      server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java
  16. 8
    8
      server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java
  17. 8
    9
      server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java
  18. 1
    1
      server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/PermissionChange.java
  19. 3
    3
      server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/RequestValidator.java
  20. 6
    6
      server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/UserPermissionChanger.java
  21. 2
    2
      server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/WsParameters.java
  22. 2
    2
      server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java
  23. 4
    4
      server/sonar-webserver-webapi/src/main/java/org/sonar/server/webhook/ws/WebhookSupport.java
  24. 0
    1
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/almintegration/ws/bitbucketserver/ImportBitbucketServerProjectActionTest.java
  25. 4
    7
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/batch/ProjectDataLoaderTest.java
  26. 2
    2
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/branch/ws/ListActionTest.java
  27. 5
    6
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/ce/queue/BranchReportSubmitterTest.java
  28. 5
    6
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/ce/queue/ReportSubmitterTest.java
  29. 4
    6
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/ce/ws/TaskActionTest.java
  30. 16
    16
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java
  31. 46
    48
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java
  32. 48
    57
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java
  33. 25
    31
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java
  34. 23
    27
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
  35. 26
    29
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java
  36. 42
    49
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java
  37. 39
    48
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java
  38. 24
    30
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java
  39. 2
    2
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java
  40. 1
    2
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java
  41. 2
    2
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java
  42. 2
    2
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
  43. 2
    2
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateActionTest.java
  44. 2
    2
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java
  45. 2
    2
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/TemplateGroupsActionTest.java
  46. 5
    7
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/project/ws/DeleteActionTest.java
  47. 1
    1
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java
  48. 8
    11
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java
  49. 2
    4
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java
  50. 1
    1
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/user/ws/AnonymizeActionTest.java
  51. 10
    13
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/user/ws/DeactivateActionTest.java
  52. 5
    6
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java
  53. 1
    2
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java
  54. 11
    11
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/webhook/ws/CreateActionTest.java
  55. 5
    5
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/webhook/ws/DeleteActionTest.java
  56. 8
    8
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/webhook/ws/ListActionTest.java
  57. 8
    8
      server/sonar-webserver-webapi/src/test/java/org/sonar/server/webhook/ws/UpdateActionTest.java

+ 0
- 54
server/sonar-db-dao/src/main/java/org/sonar/core/permission/GlobalPermissions.java Просмотреть файл

@@ -1,54 +0,0 @@
/*
* SonarQube
* Copyright (C) 2009-2023 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package org.sonar.core.permission;

import com.google.common.base.Joiner;
import java.util.List;
import org.sonar.db.permission.GlobalPermission;

/**
* Holds the constants representing the various global permissions that can be assigned to users & groups
*
* @deprecated replaced by enum {@link GlobalPermission}
*/
@Deprecated
public final class GlobalPermissions {
public static final String SYSTEM_ADMIN = "admin";
public static final String QUALITY_PROFILE_ADMIN = "profileadmin";
public static final String QUALITY_GATE_ADMIN = "gateadmin";
public static final String SCAN_EXECUTION = "scan";
public static final String PROVISIONING = "provisioning";

/**
* All the global permissions values, ordered from {@link #SYSTEM_ADMIN} to {@link #PROVISIONING}.
*/
public static final List<String> ALL = List.of(
SYSTEM_ADMIN,
QUALITY_PROFILE_ADMIN,
QUALITY_GATE_ADMIN,
SCAN_EXECUTION,
PROVISIONING
);
public static final String ALL_ON_ONE_LINE = Joiner.on(", ").join(GlobalPermissions.ALL);

private GlobalPermissions() {
// only static methods
}
}

+ 9
- 0
server/sonar-db-dao/src/main/java/org/sonar/db/permission/GlobalPermission.java Просмотреть файл

@@ -19,6 +19,9 @@
*/
package org.sonar.db.permission;

import java.util.Arrays;
import java.util.stream.Collectors;

public enum GlobalPermission {

ADMINISTER("admin"),
@@ -33,6 +36,8 @@ public enum GlobalPermission {
APPLICATION_CREATOR("applicationcreator"),
PORTFOLIO_CREATOR("portfoliocreator");

public static final String ALL_ON_ONE_LINE = Arrays.stream(values()).map(GlobalPermission::getKey).collect(Collectors.joining(", "));

private final String key;

GlobalPermission(String key) {
@@ -56,4 +61,8 @@ public enum GlobalPermission {
}
throw new IllegalArgumentException("Unsupported permission: " + key);
}

public static boolean contains(String key) {
return Arrays.stream(values()).anyMatch(v -> v.getKey().equals(key));
}
}

+ 18
- 20
server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java Просмотреть файл

@@ -45,7 +45,6 @@ import org.sonar.db.user.UserDto;
import static com.google.common.collect.Sets.newHashSet;
import static java.util.Collections.singleton;
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_PROFILES;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
@@ -53,7 +52,6 @@ import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
public class AuthorizationDaoTest {

private static final String PROJECT_UUID = "uuid";
private static final int MISSING_ID = -1;
private static final String MISSING_UUID = "unknown";
private static final String A_PERMISSION = "a-permission";
private static final String DOES_NOT_EXIST = "does-not-exist";
@@ -207,7 +205,7 @@ public class AuthorizationDaoTest {
db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);
db.users().insertMember(group1, user1);
db.users().insertMember(group1, user2);
db.users().insertPermissionOnUser(user3, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user3, ADMINISTER);
db.users().insertPermissionOnAnyone(ADMINISTER);

assertThat(underTest.selectUserUuidsWithGlobalPermission(db.getSession(), ADMINISTER.getKey()))
@@ -869,10 +867,10 @@ public class AuthorizationDaoTest {
@Test
public void selectQualityProfileAdministratorLogins_return_users_with_quality_profile_administrator_permission() {
UserDto user1 = db.users().insertUser(withEmail("user1"));
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES);
db.users().insertGlobalPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES);

UserDto user2 = db.users().insertUser(withEmail("user2"));
db.users().insertPermissionOnUser(user2, ADMINISTER_QUALITY_PROFILES);
db.users().insertGlobalPermissionOnUser(user2, ADMINISTER_QUALITY_PROFILES);

Set<EmailSubscriberDto> subscribers = underTest.selectQualityProfileAdministratorLogins(dbSession);

@@ -898,7 +896,7 @@ public class AuthorizationDaoTest {
@Test
public void selectQualityProfileAdministratorLogins_does_not_return_non_quality_profile_administrator() {
UserDto user1 = db.users().insertUser(withEmail("user1"));
db.users().insertPermissionOnUser(user1, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user1, ADMINISTER);
db.users().insertUser(withoutEmail("user2"));

Set<EmailSubscriberDto> subscribers = underTest.selectQualityProfileAdministratorLogins(dbSession);
@@ -909,9 +907,9 @@ public class AuthorizationDaoTest {
@Test
public void selectQualityProfileAdministratorLogins_does_not_return_quality_profile_administrator_without_email() {
UserDto user1NoEmail = db.users().insertUser(withoutEmail("user1NoEmail"));
db.users().insertPermissionOnUser(user1NoEmail, ADMINISTER_QUALITY_PROFILES);
db.users().insertGlobalPermissionOnUser(user1NoEmail, ADMINISTER_QUALITY_PROFILES);
UserDto user1WithEmail = db.users().insertUser(withEmail("user1WithEmail"));
db.users().insertPermissionOnUser(user1WithEmail, ADMINISTER_QUALITY_PROFILES);
db.users().insertGlobalPermissionOnUser(user1WithEmail, ADMINISTER_QUALITY_PROFILES);
GroupDto qualityProfileAdministratorGroup1 = db.users().insertGroup();
db.users().insertPermissionOnGroup(qualityProfileAdministratorGroup1, ADMINISTER_QUALITY_PROFILES);
UserDto user2NoEmail = db.users().insertUser(withoutEmail("user2NoEmail"));
@@ -926,13 +924,13 @@ public class AuthorizationDaoTest {
UserDto user3WithEmail = db.users().insertUser(withEmail("user3WithEmail"));
db.users().insertMember(qualityProfileAdministratorGroup2, user3WithEmail);
UserDto user4NoEmail = db.users().insertUser(withoutEmail("user4NoEmail"));
db.users().insertPermissionOnUser(user4NoEmail, ADMINISTER_QUALITY_PROFILES);
db.users().insertGlobalPermissionOnUser(user4NoEmail, ADMINISTER_QUALITY_PROFILES);
UserDto user4WithEmail = db.users().insertUser(withEmail("user4WithEmail"));
db.users().insertPermissionOnUser(user4WithEmail, ADMINISTER_QUALITY_PROFILES);
db.users().insertGlobalPermissionOnUser(user4WithEmail, ADMINISTER_QUALITY_PROFILES);
UserDto user5NoEmail = db.users().insertUser(withoutEmail("user5NoEmail"));
db.users().insertPermissionOnUser(user5NoEmail, ADMINISTER_QUALITY_PROFILES);
db.users().insertGlobalPermissionOnUser(user5NoEmail, ADMINISTER_QUALITY_PROFILES);
UserDto user5WithEmail = db.users().insertUser(withEmail("user5WithEmail"));
db.users().insertPermissionOnUser(user5WithEmail, ADMINISTER_QUALITY_PROFILES);
db.users().insertGlobalPermissionOnUser(user5WithEmail, ADMINISTER_QUALITY_PROFILES);
db.users().insertUser(withoutEmail("user6NoEmail"));
db.users().insertUser(withEmail("user6WithEmail"));

@@ -950,10 +948,10 @@ public class AuthorizationDaoTest {
@Test
public void selectGlobalAdministerEmailSubscribers_returns_only_global_administers() {
UserDto user1 = db.users().insertUser(withEmail("user1"));
db.users().insertPermissionOnUser(user1, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user1, ADMINISTER);

UserDto user2 = db.users().insertUser(withEmail("user2"));
db.users().insertPermissionOnUser(user2, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user2, ADMINISTER);

// user3 is global administer via a group
GroupDto administratorGroup2 = db.users().insertGroup();
@@ -962,7 +960,7 @@ public class AuthorizationDaoTest {
db.users().insertMember(administratorGroup2, user3);
// user4 has another global permission via a group
GroupDto administratorGroup3 = db.users().insertGroup();
db.users().insertPermissionOnGroup(administratorGroup3, QUALITY_PROFILE_ADMIN);
db.users().insertPermissionOnGroup(administratorGroup3, ADMINISTER_QUALITY_PROFILES);
UserDto user4 = db.users().insertUser(withEmail("user4"));
db.users().insertMember(administratorGroup3, user4);

@@ -974,7 +972,7 @@ public class AuthorizationDaoTest {
db.users().insertProjectPermissionOnUser(user5, "admin", project);
// user6 has other global permission
UserDto user6 = db.users().insertUser(withEmail("user6"));
db.users().insertPermissionOnUser(user6, ADMINISTER_QUALITY_PROFILES);
db.users().insertGlobalPermissionOnUser(user6, ADMINISTER_QUALITY_PROFILES);
// user7 has no permission
db.users().insertUser(withEmail("user7"));

@@ -990,14 +988,14 @@ public class AuthorizationDaoTest {
public void selectGlobalAdministerEmailSubscribers_ignores_global_administers_without_email() {
// user1 and user1NoEmail are global administers
UserDto user1 = db.users().insertUser(withEmail("user1"));
db.users().insertPermissionOnUser(user1, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user1, ADMINISTER);
UserDto user1NoEmail = db.users().insertUser(withoutEmail("user1NoEmail"));
db.users().insertPermissionOnUser(user1NoEmail, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user1NoEmail, ADMINISTER);
// user2 and user2NoEmail are global administers
UserDto user2 = db.users().insertUser(withEmail("user2"));
db.users().insertPermissionOnUser(user2, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user2, ADMINISTER);
UserDto user2NoEmail = db.users().insertUser(withoutEmail("user2NoEmail"));
db.users().insertPermissionOnUser(user2NoEmail, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user2NoEmail, ADMINISTER);

// user3 and user3NoEmail are global administer via a group
GroupDto administratorGroup2 = db.users().insertGroup();

+ 29
- 0
server/sonar-db-dao/src/test/java/org/sonar/db/permission/GlobalPermissionTest.java Просмотреть файл

@@ -19,9 +19,11 @@
*/
package org.sonar.db.permission;

import java.util.Arrays;
import org.junit.Test;

import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;

public class GlobalPermissionTest {

@@ -31,4 +33,31 @@ public class GlobalPermissionTest {
assertThat(GlobalPermission.fromKey(p.getKey())).isEqualTo(p);
}
}

@Test
public void fromKey_throws_exception_for_non_existing_keys() {
String non_existing_permission = "non_existing";
assertThatThrownBy(() -> GlobalPermission.fromKey(non_existing_permission))
.isInstanceOf(IllegalArgumentException.class);
}

@Test
public void contains_returns_true_for_existing_permissions() {
Arrays.stream(GlobalPermission.values())
.map(GlobalPermission::getKey)
.forEach(key -> {
assertThat(GlobalPermission.contains(key)).isTrue();
});
}

@Test
public void contains_returns_false_for_non_existing_permissions() {
String non_existing_permission = "non_existing";
assertThat(GlobalPermission.contains(non_existing_permission)).isFalse();
}

@Test
public void all_in_one_line_contains_all_permissions() {
assertThat(GlobalPermission.ALL_ON_ONE_LINE).isEqualTo("admin, gateadmin, profileadmin, provisioning, scan, applicationcreator, portfoliocreator");
}
}

+ 44
- 51
server/sonar-db-dao/src/test/java/org/sonar/db/permission/GroupPermissionDaoTest.java Просмотреть файл

@@ -42,13 +42,6 @@ import static java.util.Collections.singletonList;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.api.security.DefaultGroups.ANYONE;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE;

public class GroupPermissionDaoTest {
@@ -71,19 +64,19 @@ public class GroupPermissionDaoTest {
ComponentDto project2 = db.components().insertPrivateProject();
ComponentDto project3 = db.components().insertPrivateProject();

db.users().insertProjectPermissionOnGroup(group1, ISSUE_ADMIN, project1);
db.users().insertProjectPermissionOnGroup(group1, ADMIN, project2);
db.users().insertProjectPermissionOnGroup(group2, ADMIN, project2);
db.users().insertProjectPermissionOnGroup(group3, ADMIN, project2);
db.users().insertProjectPermissionOnGroup(group1, USER, project2);
db.users().insertProjectPermissionOnGroup(group1, USER, project3);
db.users().insertProjectPermissionOnGroup(group1, UserRole.ISSUE_ADMIN, project1);
db.users().insertProjectPermissionOnGroup(group1, UserRole.ADMIN, project2);
db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project2);
db.users().insertProjectPermissionOnGroup(group3, UserRole.ADMIN, project2);
db.users().insertProjectPermissionOnGroup(group1, UserRole.USER, project2);
db.users().insertProjectPermissionOnGroup(group1, UserRole.USER, project3);

final List<CountPerProjectPermission> result = new ArrayList<>();
underTest.groupsCountByComponentUuidAndPermission(dbSession, asList(project2.uuid(), project3.uuid(), "789"),
context -> result.add(context.getResultObject()));

assertThat(result).hasSize(3);
assertThat(result).extracting("permission").containsOnly(ADMIN, USER);
assertThat(result).extracting("permission").containsOnly(UserRole.ADMIN, UserRole.USER);
assertThat(result).extracting("componentUuid").containsOnly(project2.uuid(), project3.uuid());
assertThat(result).extracting("count").containsOnly(3, 1);
}
@@ -121,8 +114,8 @@ public class GroupPermissionDaoTest {
GroupDto group2 = db.users().insertGroup("Group-2");
GroupDto group3 = db.users().insertGroup("Group-3");
GroupDto group1 = db.users().insertGroup("Group-1");
db.users().insertPermissionOnAnyone(SCAN);
db.users().insertPermissionOnGroup(group3, SCAN);
db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
db.users().insertPermissionOnGroup(group3, GlobalPermission.SCAN);

assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().build()))
.containsExactly(ANYONE, group3.getName(), group1.getName(), group2.getName());
@@ -134,10 +127,10 @@ public class GroupPermissionDaoTest {
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> {
GroupDto group = db.users().insertGroup("Group-" + i);
// Add permission on project to be sure projects are excluded
db.users().insertProjectPermissionOnGroup(group, SCAN.getKey(), project);
db.users().insertProjectPermissionOnGroup(group, GlobalPermission.SCAN.getKey(), project);
});
String lastGroupName = "Group-" + (DEFAULT_PAGE_SIZE + 1);
db.users().insertPermissionOnGroup(db.users().selectGroup(lastGroupName).get(), SCAN);
db.users().insertPermissionOnGroup(db.users().selectGroup(lastGroupName).get(), GlobalPermission.SCAN);

assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().build()))
.hasSize(DEFAULT_PAGE_SIZE)
@@ -149,11 +142,11 @@ public class GroupPermissionDaoTest {
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> {
GroupDto group = db.users().insertGroup("Group-" + i);
// Add global permission to be sure they are excluded
db.users().insertPermissionOnGroup(group, SCAN.getKey());
db.users().insertPermissionOnGroup(group, GlobalPermission.SCAN.getKey());
});
ComponentDto project = db.components().insertPrivateProject();
String lastGroupName = "Group-" + (DEFAULT_PAGE_SIZE + 1);
db.users().insertProjectPermissionOnGroup(db.users().selectGroup(lastGroupName).get(), SCAN.getKey(), project);
db.users().insertProjectPermissionOnGroup(db.users().selectGroup(lastGroupName).get(), GlobalPermission.SCAN.getKey(), project);

assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery()
.setComponent(project)
@@ -167,13 +160,13 @@ public class GroupPermissionDaoTest {
GroupDto group1 = db.users().insertGroup("Group-1");
db.users().insertGroup("Group-2");
db.users().insertGroup("Group-3");
db.users().insertPermissionOnAnyone(SCAN);
db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);
db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
db.users().insertPermissionOnGroup(group1, GlobalPermission.PROVISION_PROJECTS);

assertThat(underTest.countGroupsByQuery(dbSession,
newQuery().build())).isEqualTo(4);
assertThat(underTest.countGroupsByQuery(dbSession,
newQuery().setPermission(PROVISION_PROJECTS.getKey()).build())).isOne();
newQuery().setPermission(GlobalPermission.PROVISION_PROJECTS.getKey()).build())).isOne();
assertThat(underTest.countGroupsByQuery(dbSession,
newQuery().withAtLeastOnePermission().build())).isEqualTo(2);
assertThat(underTest.countGroupsByQuery(dbSession,
@@ -190,20 +183,20 @@ public class GroupPermissionDaoTest {

ComponentDto project = db.components().insertPrivateProject();

db.users().insertPermissionOnAnyone(SCAN);
db.users().insertPermissionOnAnyone(PROVISION_PROJECTS);
db.users().insertPermissionOnGroup(group1, SCAN);
db.users().insertPermissionOnGroup(group3, ADMINISTER);
db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
db.users().insertPermissionOnAnyone(GlobalPermission.PROVISION_PROJECTS);
db.users().insertPermissionOnGroup(group1, GlobalPermission.SCAN);
db.users().insertPermissionOnGroup(group3, GlobalPermission.ADMINISTER);
db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project);

assertThat(underTest.selectGroupNamesByQuery(dbSession,
newQuery().setPermission(SCAN.getKey()).build())).containsExactly(ANYONE, group1.getName());
newQuery().setPermission(GlobalPermission.SCAN.getKey()).build())).containsExactly(ANYONE, group1.getName());

assertThat(underTest.selectGroupNamesByQuery(dbSession,
newQuery().setPermission(ADMINISTER.getKey()).build())).containsExactly(group3.getName());
newQuery().setPermission(GlobalPermission.ADMINISTER.getKey()).build())).containsExactly(group3.getName());

assertThat(underTest.selectGroupNamesByQuery(dbSession,
newQuery().setPermission(PROVISION_PROJECTS.getKey()).build())).containsExactly(ANYONE);
newQuery().setPermission(GlobalPermission.PROVISION_PROJECTS.getKey()).build())).containsExactly(ANYONE);
}

@Test
@@ -243,21 +236,21 @@ public class GroupPermissionDaoTest {
ComponentDto project = db.components().insertPrivateProject();
ComponentDto anotherProject = db.components().insertPrivateProject();

db.users().insertProjectPermissionOnGroup(group1, SCAN.getKey(), project);
db.users().insertProjectPermissionOnGroup(group1, PROVISION_PROJECTS.getKey(), project);
db.users().insertProjectPermissionOnGroup(group1, GlobalPermission.SCAN.getKey(), project);
db.users().insertProjectPermissionOnGroup(group1, GlobalPermission.PROVISION_PROJECTS.getKey(), project);

db.users().insertProjectPermissionOnGroup(group1, ADMIN, anotherProject);
db.users().insertProjectPermissionOnGroup(group1, UserRole.ADMIN, anotherProject);
db.users().insertProjectPermissionOnGroup(group3, UserRole.SCAN, anotherProject);
db.users().insertPermissionOnGroup(group2, SCAN);
db.users().insertPermissionOnGroup(group2, GlobalPermission.SCAN);

PermissionQuery.Builder builderOnComponent = newQuery()
.setComponent(project);
assertThat(underTest.selectGroupNamesByQuery(dbSession,
builderOnComponent.withAtLeastOnePermission().build())).containsOnlyOnce(group1.getName());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
builderOnComponent.setPermission(SCAN_EXECUTION).build())).containsOnlyOnce(group1.getName());
builderOnComponent.setPermission(GlobalPermission.SCAN.getKey()).build())).containsOnlyOnce(group1.getName());
assertThat(underTest.selectGroupNamesByQuery(dbSession,
builderOnComponent.setPermission(USER).build())).isEmpty();
builderOnComponent.setPermission(UserRole.USER).build())).isEmpty();
}

@Test
@@ -273,7 +266,7 @@ public class GroupPermissionDaoTest {
public void selectGroupNamesByQuery_with_search_query() {
GroupDto group = db.users().insertGroup("group-anyone");
db.users().insertGroup("unknown");
db.users().insertPermissionOnGroup(group, SCAN);
db.users().insertPermissionOnGroup(group, GlobalPermission.SCAN);

assertThat(underTest.selectGroupNamesByQuery(dbSession,
newQuery().setSearchQuery("any").build())).containsOnlyOnce(ANYONE, group.getName());
@@ -292,34 +285,34 @@ public class GroupPermissionDaoTest {
@Test
public void selectByGroupUuids_on_global_permissions() {
GroupDto group1 = db.users().insertGroup("Group-1");
db.users().insertPermissionOnGroup(group1, SCAN);
db.users().insertPermissionOnGroup(group1, GlobalPermission.SCAN);

GroupDto group2 = db.users().insertGroup("Group-2");
ComponentDto project = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project);

GroupDto group3 = db.users().insertGroup("Group-3");
db.users().insertPermissionOnGroup(group3, ADMINISTER);
db.users().insertPermissionOnGroup(group3, GlobalPermission.ADMINISTER);

// Anyone
db.users().insertPermissionOnAnyone(SCAN);
db.users().insertPermissionOnAnyone(PROVISION_PROJECTS);
db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
db.users().insertPermissionOnAnyone(GlobalPermission.PROVISION_PROJECTS);

assertThat(underTest.selectByGroupUuids(dbSession, asList(group1.getUuid()), null))
.extracting(GroupPermissionDto::getGroupUuid, GroupPermissionDto::getRole, GroupPermissionDto::getComponentUuid)
.containsOnly(tuple(group1.getUuid(), SCAN_EXECUTION, null));
.containsOnly(tuple(group1.getUuid(), GlobalPermission.SCAN.getKey(), null));

assertThat(underTest.selectByGroupUuids(dbSession, asList(group2.getUuid()), null)).isEmpty();

assertThat(underTest.selectByGroupUuids(dbSession, asList(group3.getUuid()), null))
.extracting(GroupPermissionDto::getGroupUuid, GroupPermissionDto::getRole, GroupPermissionDto::getComponentUuid)
.containsOnly(tuple(group3.getUuid(), ADMINISTER.getKey(), null));
.containsOnly(tuple(group3.getUuid(), GlobalPermission.ADMINISTER.getKey(), null));

assertThat(underTest.selectByGroupUuids(dbSession, asList(ANYONE_UUID), null))
.extracting(GroupPermissionDto::getGroupUuid, GroupPermissionDto::getRole, GroupPermissionDto::getComponentUuid)
.containsOnly(
tuple(ANYONE_UUID, SCAN.getKey(), null),
tuple(ANYONE_UUID, PROVISION_PROJECTS.getKey(), null));
tuple(ANYONE_UUID, GlobalPermission.SCAN.getKey(), null),
tuple(ANYONE_UUID, GlobalPermission.PROVISION_PROJECTS.getKey(), null));

assertThat(underTest.selectByGroupUuids(dbSession, asList(group1.getUuid(), group2.getUuid(), ANYONE_UUID), null)).hasSize(3);
assertThat(underTest.selectByGroupUuids(dbSession, asList(MISSING_UUID), null)).isEmpty();
@@ -365,27 +358,27 @@ public class GroupPermissionDaoTest {
@Test
public void selectByGroupUuids_on_private_projects() {
GroupDto group1 = db.users().insertGroup("Group-1");
db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);
db.users().insertPermissionOnGroup(group1, GlobalPermission.PROVISION_PROJECTS);

GroupDto group2 = db.users().insertGroup("Group-2");
ComponentDto project = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnGroup(group2, USER, project);
db.users().insertProjectPermissionOnGroup(group2, UserRole.USER, project);

GroupDto group3 = db.users().insertGroup("Group-3");
db.users().insertProjectPermissionOnGroup(group3, USER, project);
db.users().insertProjectPermissionOnGroup(group3, UserRole.USER, project);

// Anyone group
db.users().insertPermissionOnAnyone(SCAN);
db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);

assertThat(underTest.selectByGroupUuids(dbSession, singletonList(group1.getUuid()), project.uuid())).isEmpty();

assertThat(underTest.selectByGroupUuids(dbSession, singletonList(group2.getUuid()), project.uuid()))
.extracting(GroupPermissionDto::getGroupUuid, GroupPermissionDto::getRole, GroupPermissionDto::getComponentUuid)
.containsOnly(tuple(group2.getUuid(), USER, project.uuid()));
.containsOnly(tuple(group2.getUuid(), UserRole.USER, project.uuid()));

assertThat(underTest.selectByGroupUuids(dbSession, singletonList(group3.getUuid()), project.uuid()))
.extracting(GroupPermissionDto::getGroupUuid, GroupPermissionDto::getRole, GroupPermissionDto::getComponentUuid)
.containsOnly(tuple(group3.getUuid(), USER, project.uuid()));
.containsOnly(tuple(group3.getUuid(), UserRole.USER, project.uuid()));

assertThat(underTest.selectByGroupUuids(dbSession, singletonList(ANYONE_UUID), project.uuid()))
.isEmpty();

+ 79
- 89
server/sonar-db-dao/src/test/java/org/sonar/db/permission/UserPermissionDaoTest.java Просмотреть файл

@@ -44,17 +44,7 @@ import static java.util.Collections.emptyList;
import static java.util.Collections.singletonList;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE;

public class UserPermissionDaoTest {
@@ -71,10 +61,10 @@ public class UserPermissionDaoTest {
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com"));
ComponentDto project = db.components().insertPrivateProject();
UserPermissionDto global1 = addGlobalPermission(SYSTEM_ADMIN, user1);
UserPermissionDto global2 = addGlobalPermission(SYSTEM_ADMIN, user2);
UserPermissionDto global3 = addGlobalPermission(PROVISIONING, user2);
UserPermissionDto project1Perm = addProjectPermission(USER, user3, project);
UserPermissionDto global1 = addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user1);
UserPermissionDto global2 = addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user2);
UserPermissionDto global3 = addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user2);
UserPermissionDto project1Perm = addProjectPermission(UserRole.USER, user3, project);

// global permissions of users who has at least one global permission, ordered by user name then permission
PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().build();
@@ -87,14 +77,14 @@ public class UserPermissionDaoTest {
expectPermissions(query, asList(user2.getUuid(), user1.getUuid(), user3.getUuid()), global2, global3, global1, project1Perm);

// global permissions "admin"
query = PermissionQuery.builder().setPermission(SYSTEM_ADMIN).build();
query = PermissionQuery.builder().setPermission(GlobalPermission.ADMINISTER.getKey()).build();
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global1);

// empty if nobody has the specified global permission
query = PermissionQuery.builder().setPermission("missing").build();
expectPermissions(query, emptyList());

// search by user name (matches 2 users)
// search by username (matches 2 users)
query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("mari").build();
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global3, global1);

@@ -107,7 +97,7 @@ public class UserPermissionDaoTest {
expectPermissions(query, singletonList(user2.getUuid()), global2, global3);

// search by user name (matches 2 users) and global permission
query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(PROVISIONING).build();
query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(GlobalPermission.PROVISION_PROJECTS.getKey()).build();
expectPermissions(query, singletonList(user2.getUuid()), global3);

// search by user name (no match)
@@ -120,13 +110,13 @@ public class UserPermissionDaoTest {
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));
UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com"));
addGlobalPermission(SYSTEM_ADMIN, user1);
addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user1);
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
UserPermissionDto perm1 = addProjectPermission(USER, user1, project1);
UserPermissionDto perm2 = addProjectPermission(ISSUE_ADMIN, user1, project1);
UserPermissionDto perm3 = addProjectPermission(ISSUE_ADMIN, user2, project1);
addProjectPermission(ISSUE_ADMIN, user3, project2);
UserPermissionDto perm1 = addProjectPermission(UserRole.USER, user1, project1);
UserPermissionDto perm2 = addProjectPermission(UserRole.ISSUE_ADMIN, user1, project1);
UserPermissionDto perm3 = addProjectPermission(UserRole.ISSUE_ADMIN, user2, project1);
addProjectPermission(UserRole.ISSUE_ADMIN, user3, project2);

// project permissions of users who has at least one permission on this project
PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().setComponent(project1).build();
@@ -141,7 +131,7 @@ public class UserPermissionDaoTest {
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2, perm1);

// search by user name (matches 2 users) and project permission
query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(ISSUE_ADMIN).setComponent(project1).build();
query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(UserRole.ISSUE_ADMIN).setComponent(project1).build();
expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2);

// search by user name (no match)
@@ -159,8 +149,8 @@ public class UserPermissionDaoTest {
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com"));
UserDto user3 = insertUser(u -> u.setLogin("login3").setName("Z").setEmail("zanother3@another.com"));
UserDto user4 = insertUser(u -> u.setLogin("login4").setName("A").setEmail("zanother3@another.com"));
addGlobalPermission(SYSTEM_ADMIN, user1);
addGlobalPermission(QUALITY_PROFILE_ADMIN, user2);
addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user1);
addGlobalPermission(GlobalPermission.ADMINISTER_QUALITY_PROFILES.getKey(), user2);

PermissionQuery query = PermissionQuery.builder().build();

@@ -174,11 +164,11 @@ public class UserPermissionDaoTest {
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> {
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i));
// Add permission on project to be sure projects are excluded
db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project);
db.users().insertProjectPermissionOnUser(user, GlobalPermission.SCAN.getKey(), project);
});
String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1);
UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin);
addGlobalPermission(SYSTEM_ADMIN, lastUser);
addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), lastUser);

PermissionQuery query = PermissionQuery.builder().build();

@@ -192,12 +182,12 @@ public class UserPermissionDaoTest {
IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> {
UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i));
// Add global permission to be sure they are excluded
addGlobalPermission(SYSTEM_ADMIN, user);
addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user);
});
String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1);
UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin);
ComponentDto project = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnUser(lastUser, SCAN.getKey(), project);
db.users().insertProjectPermissionOnUser(lastUser, GlobalPermission.SCAN.getKey(), project);

PermissionQuery query = PermissionQuery.builder()
.setComponent(project)
@@ -212,11 +202,11 @@ public class UserPermissionDaoTest {
public void selectUserUuidsByQuery_is_not_ordering_by_number_of_permissions() {
UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com"));
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com"));
addGlobalPermission(SYSTEM_ADMIN, user1);
addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user1);
ComponentDto project1 = db.components().insertPrivateProject();
addProjectPermission(USER, user2, project1);
addProjectPermission(USER, user1, project1);
addProjectPermission(ADMIN, user1, project1);
addProjectPermission(UserRole.USER, user2, project1);
addProjectPermission(UserRole.USER, user1, project1);
addProjectPermission(UserRole.ADMIN, user1, project1);

PermissionQuery query = PermissionQuery.builder().build();

@@ -231,25 +221,25 @@ public class UserPermissionDaoTest {
UserDto user2 = insertUser();
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
addGlobalPermission(SYSTEM_ADMIN, user1);
addProjectPermission(USER, user1, project1);
addProjectPermission(ISSUE_ADMIN, user1, project1);
addProjectPermission(ISSUE_ADMIN, user2, project1);
addProjectPermission(ISSUE_ADMIN, user2, project2);
addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user1);
addProjectPermission(UserRole.USER, user1, project1);
addProjectPermission(UserRole.ISSUE_ADMIN, user1, project1);
addProjectPermission(UserRole.ISSUE_ADMIN, user2, project1);
addProjectPermission(UserRole.ISSUE_ADMIN, user2, project2);

// no projects -> return empty list
assertThat(underTest.countUsersByProjectPermission(dbSession, emptyList())).isEmpty();

// one project
expectCount(singletonList(project1.uuid()),
new CountPerProjectPermission(project1.uuid(), USER, 1),
new CountPerProjectPermission(project1.uuid(), ISSUE_ADMIN, 2));
new CountPerProjectPermission(project1.uuid(), UserRole.USER, 1),
new CountPerProjectPermission(project1.uuid(), UserRole.ISSUE_ADMIN, 2));

// multiple projects
expectCount(asList(project1.uuid(), project2.uuid(), "invalid"),
new CountPerProjectPermission(project1.uuid(), USER, 1),
new CountPerProjectPermission(project1.uuid(), ISSUE_ADMIN, 2),
new CountPerProjectPermission(project2.uuid(), ISSUE_ADMIN, 1));
new CountPerProjectPermission(project1.uuid(), UserRole.USER, 1),
new CountPerProjectPermission(project1.uuid(), UserRole.ISSUE_ADMIN, 2),
new CountPerProjectPermission(project2.uuid(), UserRole.ISSUE_ADMIN, 1));
}

@Test
@@ -258,9 +248,9 @@ public class UserPermissionDaoTest {
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
addProjectPermission(USER, user1, project1);
addProjectPermission(USER, user2, project1);
addProjectPermission(ISSUE_ADMIN, user2, project1);
addProjectPermission(UserRole.USER, user1, project1);
addProjectPermission(UserRole.USER, user2, project1);
addProjectPermission(UserRole.ISSUE_ADMIN, user2, project1);

// logins are ordered by user name: user2 ("Marie") then user1 ("Marius")
PermissionQuery query = PermissionQuery.builder().setComponent(project1).withAtLeastOnePermission().build();
@@ -291,9 +281,9 @@ public class UserPermissionDaoTest {
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
addProjectPermission(USER, user1, project1);
addGlobalPermission(PROVISIONING, user1);
addProjectPermission(ISSUE_ADMIN, user2, project2);
addProjectPermission(UserRole.USER, user1, project1);
addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user1);
addProjectPermission(UserRole.ISSUE_ADMIN, user2, project2);
PermissionQuery query = PermissionQuery.builder().build();

List<String> result = underTest.selectUserUuidsByQueryAndScope(dbSession, query);
@@ -308,9 +298,9 @@ public class UserPermissionDaoTest {
UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
addProjectPermission(USER, user1, project1);
addGlobalPermission(PROVISIONING, user1);
addProjectPermission(ISSUE_ADMIN, user2, project2);
addProjectPermission(UserRole.USER, user1, project1);
addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user1);
addProjectPermission(UserRole.ISSUE_ADMIN, user2, project2);
PermissionQuery query = PermissionQuery.builder()
.setComponent(project1)
.build();
@@ -327,8 +317,8 @@ public class UserPermissionDaoTest {
for (int i = 0; i < 10; i++) {
String name = "user-" + i;
UserDto user = insertUser(u -> u.setName(name));
addGlobalPermission(PROVISIONING, user);
addGlobalPermission(SYSTEM_ADMIN, user);
addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user);
addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user);
userUuids.add(user.getUuid());
}

@@ -346,11 +336,11 @@ public class UserPermissionDaoTest {
@Test
public void selectUserUuidsByQuery_is_sorted_by_insensitive_name() {
UserDto user1 = insertUser(u -> u.setName("user1"));
addGlobalPermission(PROVISIONING, user1);
addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user1);
UserDto user3 = insertUser(u -> u.setName("user3"));
addGlobalPermission(SYSTEM_ADMIN, user3);
addGlobalPermission(GlobalPermission.ADMINISTER.getKey(), user3);
UserDto user2 = insertUser(u -> u.setName("User2"));
addGlobalPermission(PROVISIONING, user2);
addGlobalPermission(GlobalPermission.PROVISION_PROJECTS.getKey(), user2);

assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().build()))
.containsExactly(user1.getUuid(), user2.getUuid(), user3.getUuid());
@@ -509,91 +499,91 @@ public class UserPermissionDaoTest {
UserDto user1 = insertUser();
UserDto user2 = insertUser();
ComponentDto project = db.components().insertPrivateProject();
db.users().insertPermissionOnUser(user1, SCAN);
db.users().insertPermissionOnUser(user1, ADMINISTER);
db.users().insertProjectPermissionOnUser(user1, ADMINISTER_QUALITY_GATES.getKey(), project);
db.users().insertPermissionOnUser(user2, SCAN);
db.users().insertProjectPermissionOnUser(user2, ADMINISTER_QUALITY_GATES.getKey(), project);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER);
db.users().insertProjectPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), project);
db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.SCAN);
db.users().insertProjectPermissionOnUser(user2, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), project);

underTest.deleteByUserUuid(dbSession, user1);
dbSession.commit();

assertThat(db.select("select user_uuid as \"userUuid\", component_uuid as \"projectUuid\", role as \"permission\" from user_roles"))
.extracting((row) -> row.get("userUuid"), (row) -> row.get("projectUuid"), (row) -> row.get("permission"))
.containsOnly(tuple(user2.getUuid(), null, SCAN.getKey()), tuple(user2.getUuid(), project.uuid(), ADMINISTER_QUALITY_GATES.getKey()));
.containsOnly(tuple(user2.getUuid(), null, GlobalPermission.SCAN.getKey()), tuple(user2.getUuid(), project.uuid(), GlobalPermission.ADMINISTER_QUALITY_GATES.getKey()));
}

@Test
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_exist() {
UserDto user = insertUser();
db.users().insertPermissionOnUser(user, SCAN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
ComponentDto component = newPrivateProjectDto();

int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), component);
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, GlobalPermission.SCAN.getKey(), component);

assertThat(deletedCount).isZero();
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey());
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
}

@Test
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_has_no_permission_at_all() {
UserDto user = insertUser();
db.users().insertPermissionOnUser(user, SCAN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
ComponentDto project = randomPublicOrPrivateProject();

int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), project);
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, GlobalPermission.SCAN.getKey(), project);

assertThat(deletedCount).isZero();
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey());
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
}

@Test
public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_have_specified_permission() {
UserDto user = insertUser();
db.users().insertPermissionOnUser(user, SCAN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
ComponentDto project = randomPublicOrPrivateProject();
db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project);
db.users().insertProjectPermissionOnUser(user, GlobalPermission.SCAN.getKey(), project);

int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, "p1", project);

assertThat(deletedCount).isZero();
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey());
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user.getUuid(), project.uuid())).containsOnly(SCAN.getKey());
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user.getUuid(), project.uuid())).containsOnly(GlobalPermission.SCAN.getKey());
}

@Test
public void deleteProjectPermissionOfAnyUser_deletes_specified_permission_for_any_user_on_the_specified_component() {
UserDto user1 = insertUser();
UserDto user2 = insertUser();
db.users().insertPermissionOnUser(user1, SCAN);
db.users().insertPermissionOnUser(user2, SCAN);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.SCAN);
ComponentDto project1 = randomPublicOrPrivateProject();
ComponentDto project2 = randomPublicOrPrivateProject();
db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project1);
db.users().insertProjectPermissionOnUser(user2, SCAN.getKey(), project1);
db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project2);
db.users().insertProjectPermissionOnUser(user2, SCAN.getKey(), project2);
db.users().insertProjectPermissionOnUser(user2, PROVISION_PROJECTS.getKey(), project2);
db.users().insertProjectPermissionOnUser(user1, GlobalPermission.SCAN.getKey(), project1);
db.users().insertProjectPermissionOnUser(user2, GlobalPermission.SCAN.getKey(), project1);
db.users().insertProjectPermissionOnUser(user1, GlobalPermission.SCAN.getKey(), project2);
db.users().insertProjectPermissionOnUser(user2, GlobalPermission.SCAN.getKey(), project2);
db.users().insertProjectPermissionOnUser(user2, GlobalPermission.PROVISION_PROJECTS.getKey(), project2);

int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), project1);
int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, GlobalPermission.SCAN.getKey(), project1);

assertThat(deletedCount).isEqualTo(2);
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(SCAN.getKey());
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(SCAN.getKey());
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty();
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty();
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly(SCAN.getKey());
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(SCAN.getKey(), PROVISION_PROJECTS.getKey());
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly(GlobalPermission.SCAN.getKey());
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(GlobalPermission.SCAN.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());

deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), project2);
deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, GlobalPermission.SCAN.getKey(), project2);

assertThat(deletedCount).isEqualTo(2);
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(SCAN.getKey());
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(SCAN.getKey());
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(GlobalPermission.SCAN.getKey());
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty();
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty();
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly();
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(PROVISION_PROJECTS.getKey());
assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(GlobalPermission.PROVISION_PROJECTS.getKey());
}

private ComponentDto randomPublicOrPrivateProject() {

+ 14
- 14
server/sonar-db-dao/src/test/java/org/sonar/db/permission/UserPermissionDaoWithPersisterTest.java Просмотреть файл

@@ -39,8 +39,8 @@ import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;

public class UserPermissionDaoWithPersisterTest {
@@ -56,7 +56,7 @@ public class UserPermissionDaoWithPersisterTest {
@Test
public void userGlobalPermissionInsertAndDeleteArePersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), null);
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), null);
underTest.insert(dbSession, dto, null, user, null);

verify(auditPersister).addUserPermission(eq(dbSession), newValueCaptor.capture());
@@ -64,7 +64,7 @@ public class UserPermissionDaoWithPersisterTest {
assertNewValue(newValue, dto.getUuid(), user.getUuid(), user.getLogin(), null, dto.getPermission(), null, null, null);
assertThat(newValue.toString()).doesNotContain("projectUuid");

underTest.deleteGlobalPermission(dbSession, user, SYSTEM_ADMIN);
underTest.deleteGlobalPermission(dbSession, user, ADMINISTER.getKey());

verify(auditPersister).deleteUserPermission(eq(dbSession), newValueCaptor.capture());
newValue = newValueCaptor.getValue();
@@ -77,7 +77,7 @@ public class UserPermissionDaoWithPersisterTest {
PermissionTemplateDto templateDto = newPermissionTemplateDto();
db.getDbClient().permissionTemplateDao().insert(db.getSession(), templateDto);
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), null);
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), null);
underTest.insert(dbSession, dto, null, user, templateDto);

verify(auditPersister).addUserPermission(eq(dbSession), newValueCaptor.capture());
@@ -96,7 +96,7 @@ public class UserPermissionDaoWithPersisterTest {
public void userProjectPermissionInsertAndDeleteArePersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto project = db.components().insertPrivateProject();
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), project.uuid());
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), project.uuid());
underTest.insert(dbSession, dto, project, user, null);

verify(auditPersister).addUserPermission(eq(dbSession), newValueCaptor.capture());
@@ -105,7 +105,7 @@ public class UserPermissionDaoWithPersisterTest {
project.getKey(), project.name(), "TRK");
assertThat(newValue.toString()).contains("componentUuid");

underTest.deleteProjectPermission(dbSession, user, SYSTEM_ADMIN, project);
underTest.deleteProjectPermission(dbSession, user, ADMINISTER.getKey(), project);

verify(auditPersister).deleteUserPermission(eq(dbSession), newValueCaptor.capture());
newValue = newValueCaptor.getValue();
@@ -119,7 +119,7 @@ public class UserPermissionDaoWithPersisterTest {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto project = db.components().insertPrivateProject();

underTest.deleteProjectPermission(dbSession, user, SYSTEM_ADMIN, project);
underTest.deleteProjectPermission(dbSession, user, ADMINISTER.getKey(), project);

verify(auditPersister).addUser(any(), any());
verify(auditPersister).addComponent(any(), any());
@@ -130,7 +130,7 @@ public class UserPermissionDaoWithPersisterTest {
public void userPortfolioPermissionIsPersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto portfolio = db.components().insertPublicPortfolio();
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), portfolio.uuid());
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), portfolio.uuid());
underTest.insert(dbSession, dto, portfolio, user, null);

verify(auditPersister).addUserPermission(eq(dbSession), newValueCaptor.capture());
@@ -144,7 +144,7 @@ public class UserPermissionDaoWithPersisterTest {
public void userApplicationPermissionIsPersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto application = db.components().insertPublicApplication();
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), application.uuid());
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), application.uuid());
underTest.insert(dbSession, dto, application, user, null);

verify(auditPersister).addUserPermission(eq(dbSession), newValueCaptor.capture());
@@ -158,9 +158,9 @@ public class UserPermissionDaoWithPersisterTest {
public void deleteUserPermissionOfAnyUserIsPersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto project = db.components().insertPrivateProject();
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SCAN_EXECUTION, user.getUuid(), project.uuid());
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SCAN.getKey(), user.getUuid(), project.uuid());
underTest.insert(dbSession, dto, project, user, null);
underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN_EXECUTION, project);
underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), project);

verify(auditPersister).deleteUserPermission(eq(dbSession), newValueCaptor.capture());
UserPermissionNewValue newValue = newValueCaptor.getValue();
@@ -173,7 +173,7 @@ public class UserPermissionDaoWithPersisterTest {
public void deleteUserPermissionOfAnyUserWithoutAffectedRowsIsNotPersisted() {
ComponentDto project = db.components().insertPrivateProject();

underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN_EXECUTION, project);
underTest.deleteProjectPermissionOfAnyUser(dbSession, SCAN.getKey(), project);

verify(auditPersister).addComponent(any(), any());
verifyNoMoreInteractions(auditPersister);
@@ -183,7 +183,7 @@ public class UserPermissionDaoWithPersisterTest {
public void deleteUserPermissionByUserUuidIsPersisted() {
UserDto user = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));
ComponentDto project = db.components().insertPrivateProject();
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), SYSTEM_ADMIN, user.getUuid(), project.uuid());
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), ADMINISTER.getKey(), user.getUuid(), project.uuid());
underTest.insert(dbSession, dto, project, user, null);
underTest.deleteByUserUuid(dbSession, user);


+ 12
- 12
server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/GroupWithPermissionTemplateDaoTest.java Просмотреть файл

@@ -36,7 +36,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE;
import static org.sonar.db.permission.PermissionQuery.builder;
import static org.sonar.db.user.GroupTesting.newGroupDto;
@@ -59,11 +59,11 @@ public class GroupWithPermissionTemplateDaoTest {
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING, template.getName(), group2.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISION_PROJECTS.getKey(), template.getName(), group2.getName());

PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER, anotherTemplate.getName(), null);
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING, anotherTemplate.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISION_PROJECTS.getKey(), anotherTemplate.getName(), group1.getName());

assertThat(selectGroupNamesByQueryAndTemplate(builder(), template))
.containsOnly("Group-1", "Group-2", "Group-3", "Anyone");
@@ -165,11 +165,11 @@ public class GroupWithPermissionTemplateDaoTest {
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING, template.getName(), group2.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISION_PROJECTS.getKey(), template.getName(), group2.getName());

PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER, anotherTemplate.getName(), null);
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING, anotherTemplate.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISION_PROJECTS.getKey(), anotherTemplate.getName(), group1.getName());

assertThat(countGroupNamesByQueryAndTemplate(builder(), template))
.isEqualTo(4);
@@ -200,11 +200,11 @@ public class GroupWithPermissionTemplateDaoTest {
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING, template.getName(), group2.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISION_PROJECTS.getKey(), template.getName(), group2.getName());

PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER, anotherTemplate.getName(), null);
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING, anotherTemplate.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISION_PROJECTS.getKey(), anotherTemplate.getName(), group1.getName());

assertThat(underTest.selectGroupPermissionsByTemplateIdAndGroupNames(session, template.getUuid(), asList("Group-1")))
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getGroupName, PermissionTemplateGroupDto::getPermission)
@@ -215,7 +215,7 @@ public class GroupWithPermissionTemplateDaoTest {
assertThat(underTest.selectGroupPermissionsByTemplateIdAndGroupNames(session, anotherTemplate.getUuid(), asList("Group-1")))
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getGroupName, PermissionTemplateGroupDto::getPermission)
.containsOnly(
tuple(group1.getUuid(), "Group-1", PROVISIONING));
tuple(group1.getUuid(), "Group-1", PROVISION_PROJECTS.getKey()));

assertThat(underTest.selectGroupPermissionsByTemplateIdAndGroupNames(session, anotherTemplate.getUuid(), asList("Anyone")))
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getGroupName, PermissionTemplateGroupDto::getPermission)
@@ -236,22 +236,22 @@ public class GroupWithPermissionTemplateDaoTest {
PermissionTemplateDto template = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), USER, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group1.getUuid(), ADMIN, template.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISIONING, template.getName(), group2.getName());
permissionTemplateDbTester.addGroupToTemplate(template.getUuid(), group2.getUuid(), PROVISION_PROJECTS.getKey(), template.getName(), group2.getName());

PermissionTemplateDto anotherTemplate = permissionTemplateDbTester.insertTemplate();
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), null, USER, anotherTemplate.getName(), null);
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISIONING, anotherTemplate.getName(), group1.getName());
permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getUuid(), group1.getUuid(), PROVISION_PROJECTS.getKey(), anotherTemplate.getName(), group1.getName());

assertThat(underTest.selectGroupPermissionsByTemplateUuid(session, template.getUuid()))
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getGroupName, PermissionTemplateGroupDto::getPermission)
.containsOnly(
tuple(group1.getUuid(), "Group-1", USER),
tuple(group1.getUuid(), "Group-1", ADMIN),
tuple(group2.getUuid(), "Group-2", PROVISIONING));
tuple(group2.getUuid(), "Group-2", PROVISION_PROJECTS.getKey()));
assertThat(underTest.selectGroupPermissionsByTemplateUuid(session, anotherTemplate.getUuid()))
.extracting(PermissionTemplateGroupDto::getGroupUuid, PermissionTemplateGroupDto::getGroupName, PermissionTemplateGroupDto::getPermission)
.containsOnly(
tuple(group1.getUuid(), "Group-1", PROVISIONING),
tuple(group1.getUuid(), "Group-1", PROVISION_PROJECTS.getKey()),
tuple("Anyone", "Anyone", USER));

assertThat(underTest.selectGroupPermissionsByTemplateUuid(session, "321")).isEmpty();

+ 20
- 24
server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/PermissionTemplateDaoTest.java Просмотреть файл

@@ -32,6 +32,7 @@ import org.sonar.core.util.UuidFactoryFast;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.audit.NoOpAuditPersister;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;

@@ -40,11 +41,6 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.tuple;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
import static org.sonar.db.user.GroupTesting.newGroupDto;

@@ -275,20 +271,20 @@ public class PermissionTemplateDaoTest {
GroupDto group1 = db.users().insertGroup(newGroupDto());
GroupDto group2 = db.users().insertGroup(newGroupDto());
GroupDto group3 = db.users().insertGroup(newGroupDto());
templateDb.addGroupToTemplate(template1.getUuid(), group1.getUuid(), CODEVIEWER, template1.getName(), group1.getName());
templateDb.addGroupToTemplate(template1.getUuid(), group2.getUuid(), CODEVIEWER, template1.getName(), group2.getName());
templateDb.addGroupToTemplate(template1.getUuid(), group3.getUuid(), CODEVIEWER, template1.getName(), group3.getName());
templateDb.addGroupToTemplate(template1.getUuid(), null, CODEVIEWER, template1.getName(), null);
templateDb.addGroupToTemplate(template1.getUuid(), group1.getUuid(), ADMIN, template1.getName(), group1.getName());
templateDb.addGroupToTemplate(template2.getUuid(), group1.getUuid(), ADMIN, template2.getName(), group1.getName());
templateDb.addGroupToTemplate(template4.getUuid(), group1.getUuid(), ISSUE_ADMIN, template4.getName(), group1.getName());
templateDb.addGroupToTemplate(template1.getUuid(), group1.getUuid(), UserRole.CODEVIEWER, template1.getName(), group1.getName());
templateDb.addGroupToTemplate(template1.getUuid(), group2.getUuid(), UserRole.CODEVIEWER, template1.getName(), group2.getName());
templateDb.addGroupToTemplate(template1.getUuid(), group3.getUuid(), UserRole.CODEVIEWER, template1.getName(), group3.getName());
templateDb.addGroupToTemplate(template1.getUuid(), null, UserRole.CODEVIEWER, template1.getName(), null);
templateDb.addGroupToTemplate(template1.getUuid(), group1.getUuid(), UserRole.ADMIN, template1.getName(), group1.getName());
templateDb.addGroupToTemplate(template2.getUuid(), group1.getUuid(), UserRole.ADMIN, template2.getName(), group1.getName());
templateDb.addGroupToTemplate(template4.getUuid(), group1.getUuid(), UserRole.ISSUE_ADMIN, template4.getName(), group1.getName());

final List<CountByTemplateAndPermissionDto> result = new ArrayList<>();
underTest.groupsCountByTemplateUuidAndPermission(dbSession, asList(template1.getUuid(), template2.getUuid(), template3.getUuid()),
context -> result.add(context.getResultObject()));

assertThat(result).extracting(CountByTemplateAndPermissionDto::getPermission, CountByTemplateAndPermissionDto::getTemplateUuid, CountByTemplateAndPermissionDto::getCount)
.containsOnly(tuple(ADMIN, template1.getUuid(), 1), tuple(CODEVIEWER, template1.getUuid(), 4), tuple(ADMIN, template2.getUuid(), 1));
.containsOnly(tuple(UserRole.ADMIN, template1.getUuid(), 1), tuple(UserRole.CODEVIEWER, template1.getUuid(), 4), tuple(UserRole.ADMIN, template2.getUuid(), 1));
}

@Test
@@ -302,12 +298,12 @@ public class PermissionTemplateDaoTest {
UserDto user2 = db.users().insertUser();
UserDto user3 = db.users().insertUser();

templateDb.addUserToTemplate(template1.getUuid(), user1.getUuid(), ADMIN, template1.getName(), user1.getLogin());
templateDb.addUserToTemplate(template1.getUuid(), user2.getUuid(), ADMIN, template1.getName(), user2.getLogin());
templateDb.addUserToTemplate(template1.getUuid(), user3.getUuid(), ADMIN, template1.getName(), user3.getLogin());
templateDb.addUserToTemplate(template1.getUuid(), user1.getUuid(), USER, template1.getName(), user1.getLogin());
templateDb.addUserToTemplate(template2.getUuid(), user1.getUuid(), USER, template2.getName(), user1.getLogin());
templateDb.addUserToTemplate(anotherTemplate.getUuid(), user1.getUuid(), ISSUE_ADMIN, anotherTemplate.getName(), user1.getLogin());
templateDb.addUserToTemplate(template1.getUuid(), user1.getUuid(), UserRole.ADMIN, template1.getName(), user1.getLogin());
templateDb.addUserToTemplate(template1.getUuid(), user2.getUuid(), UserRole.ADMIN, template1.getName(), user2.getLogin());
templateDb.addUserToTemplate(template1.getUuid(), user3.getUuid(), UserRole.ADMIN, template1.getName(), user3.getLogin());
templateDb.addUserToTemplate(template1.getUuid(), user1.getUuid(), UserRole.USER, template1.getName(), user1.getLogin());
templateDb.addUserToTemplate(template2.getUuid(), user1.getUuid(), UserRole.USER, template2.getName(), user1.getLogin());
templateDb.addUserToTemplate(anotherTemplate.getUuid(), user1.getUuid(), UserRole.ISSUE_ADMIN, anotherTemplate.getName(), user1.getLogin());

final List<CountByTemplateAndPermissionDto> result = new ArrayList<>();
underTest.usersCountByTemplateUuidAndPermission(dbSession, asList(template1.getUuid(), template2.getUuid(), template3.getUuid()),
@@ -315,9 +311,9 @@ public class PermissionTemplateDaoTest {
assertThat(result)
.extracting(CountByTemplateAndPermissionDto::getPermission, CountByTemplateAndPermissionDto::getTemplateUuid, CountByTemplateAndPermissionDto::getCount)
.containsExactlyInAnyOrder(
tuple(ADMIN, template1.getUuid(), 3),
tuple(USER, template1.getUuid(), 1),
tuple(USER, template2.getUuid(), 1));
tuple(UserRole.ADMIN, template1.getUuid(), 3),
tuple(UserRole.USER, template1.getUuid(), 1),
tuple(UserRole.USER, template2.getUuid(), 1));
}

@Test
@@ -343,7 +339,7 @@ public class PermissionTemplateDaoTest {
GroupDto group = db.users().insertGroup(newGroupDto());
db.users().insertMember(group, user);
PermissionTemplateDto template = templateDb.insertTemplate();
templateDb.addProjectCreatorToTemplate(template.getUuid(), SCAN_EXECUTION, template.getName());
templateDb.addProjectCreatorToTemplate(template.getUuid(), GlobalPermission.SCAN.getKey(), template.getName());
templateDb.addProjectCreatorToTemplate(template.getUuid(), UserRole.ADMIN, template.getName());
templateDb.addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.USER, template.getName(), user.getLogin());
templateDb.addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.ADMIN, template.getName(), user.getLogin());
@@ -354,7 +350,7 @@ public class PermissionTemplateDaoTest {
List<String> resultWithUser = underTest.selectPotentialPermissionsByUserUuidAndTemplateUuid(dbSession, user.getUuid(), template.getUuid());
List<String> resultWithoutUser = underTest.selectPotentialPermissionsByUserUuidAndTemplateUuid(dbSession, null, template.getUuid());

assertThat(resultWithUser).containsOnlyOnce(SCAN_EXECUTION, UserRole.ADMIN, UserRole.USER, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN);
assertThat(resultWithUser).containsOnlyOnce(GlobalPermission.SCAN.getKey(), UserRole.ADMIN, UserRole.USER, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN);
// only permission from anyone group
assertThat(resultWithoutUser).containsOnly(UserRole.ISSUE_ADMIN);
}

+ 1
- 1
server/sonar-db-dao/src/test/java/org/sonar/db/purge/PurgeCommandsTest.java Просмотреть файл

@@ -743,7 +743,7 @@ public class PurgeCommandsTest {

UserDto user = dbTester.users().insertUser();
dbTester.users().insertProjectPermissionOnUser(user, "doh", root);
dbTester.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
dbTester.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);

assertThat(dbTester.countRowsOfTable("group_roles")).isEqualTo(root.isPrivate() ? 2 : 4);
assertThat(dbTester.countRowsOfTable("user_roles")).isEqualTo(2);

+ 2
- 2
server/sonar-db-dao/src/test/java/org/sonar/db/user/RoleDaoTest.java Просмотреть файл

@@ -77,7 +77,7 @@ public class RoleDaoTest {
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project1);
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2);
// global permission - not returned
db.users().insertPermissionOnUser(user1, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user1, ADMINISTER);
// project permission on another user id - not returned
db.users().insertProjectPermissionOnUser(user2, UserRole.ADMIN, project1);
// project permission on another permission - not returned
@@ -96,7 +96,7 @@ public class RoleDaoTest {
db.users().insertMember(group1, user1);
db.users().insertProjectPermissionOnUser(user1, UserRole.ADMIN, project2);
// global permission - not returned
db.users().insertPermissionOnUser(user1, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user1, ADMINISTER);
db.users().insertPermissionOnGroup(group1, ADMINISTER);
// project permission on another user id - not returned
db.users().insertPermissionOnGroup(group2, ADMINISTER);

+ 6
- 4
server/sonar-db-dao/src/testFixtures/java/org/sonar/db/permission/PermissionsTestHelper.java Просмотреть файл

@@ -19,15 +19,17 @@
*/
package org.sonar.db.permission;

import com.google.common.collect.ImmutableSet;
import java.util.Set;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;

import static org.sonar.db.permission.GlobalPermission.APPLICATION_CREATOR;
import static org.sonar.db.permission.GlobalPermission.PORTFOLIO_CREATOR;
import static org.sonar.db.permission.GlobalPermission.SCAN;

public class PermissionsTestHelper {

public static final Set<String> ALL_PERMISSIONS = ImmutableSet.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN,
GlobalPermissions.SCAN_EXECUTION, UserRole.USER, GlobalPermission.APPLICATION_CREATOR.getKey(), GlobalPermission.PORTFOLIO_CREATOR.getKey());
public static final Set<String> ALL_PERMISSIONS = Set.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN,
SCAN.getKey(), UserRole.USER, APPLICATION_CREATOR.getKey(), PORTFOLIO_CREATOR.getKey());

private PermissionsTestHelper() {
}

+ 9
- 11
server/sonar-db-dao/src/testFixtures/java/org/sonar/db/user/UserDbTester.java Просмотреть файл

@@ -19,7 +19,6 @@
*/
package org.sonar.db.user;

import com.google.common.collect.ImmutableSet;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
@@ -47,7 +46,8 @@ import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.user.GroupTesting.newGroupDto;

public class UserDbTester {
private static final Set<String> PUBLIC_PERMISSIONS = ImmutableSet.of(UserRole.USER, UserRole.CODEVIEWER); // FIXME to check with Simon
private static final Set<String> PUBLIC_PERMISSIONS = Set.of(UserRole.USER, UserRole.CODEVIEWER);
public static final String PERMISSIONS_CANT_BE_GRANTED_ON_BRANCHES = "Permissions can't be granted on branches";

private final DbTester db;
private final DbClient dbClient;
@@ -90,7 +90,7 @@ public class UserDbTester {

public UserDto insertAdminByUserPermission() {
UserDto user = insertUser();
insertPermissionOnUser(user, ADMINISTER);
insertGlobalPermissionOnUser(user, ADMINISTER);
return user;
}

@@ -211,7 +211,7 @@ public class UserDbTester {
checkArgument(!project.isPrivate(), "No permission to group AnyOne can be granted on a private project");
checkArgument(!PUBLIC_PERMISSIONS.contains(permission),
"permission %s can't be granted on a public project", permission);
checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches");
checkArgument(project.getMainBranchProjectUuid() == null, PERMISSIONS_CANT_BE_GRANTED_ON_BRANCHES);
GroupPermissionDto dto = new GroupPermissionDto()
.setUuid(Uuids.createFast())
.setGroupUuid(null)
@@ -231,7 +231,7 @@ public class UserDbTester {
public GroupPermissionDto insertProjectPermissionOnGroup(GroupDto group, String permission, ComponentDto project) {
checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission),
"%s can't be granted on a public project", permission);
checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches");
checkArgument(project.getMainBranchProjectUuid() == null, PERMISSIONS_CANT_BE_GRANTED_ON_BRANCHES);
GroupPermissionDto dto = new GroupPermissionDto()
.setUuid(Uuids.createFast())
.setGroupUuid(group.getUuid())
@@ -261,17 +261,15 @@ public class UserDbTester {
// USER PERMISSIONS

/**
* Grant permission
* Grant global permission
*/
public UserPermissionDto insertPermissionOnUser(UserDto user, GlobalPermission permission) {
public UserPermissionDto insertGlobalPermissionOnUser(UserDto user, GlobalPermission permission) {
return insertPermissionOnUser(user, permission.getKey());
}

/**
* Grant global permission
* @deprecated use {@link #insertPermissionOnUser(UserDto, GlobalPermission)}
* Grant permission
*/
@Deprecated
public UserPermissionDto insertPermissionOnUser(UserDto user, String permission) {
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), null);
db.getDbClient().userPermissionDao().insert(db.getSession(), dto, null, user, null);
@@ -295,7 +293,7 @@ public class UserDbTester {
public UserPermissionDto insertProjectPermissionOnUser(UserDto user, String permission, ComponentDto project) {
checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission),
"%s can't be granted on a public project", permission);
checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches");
checkArgument(project.getMainBranchProjectUuid() == null, PERMISSIONS_CANT_BE_GRANTED_ON_BRANCHES);
UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), project.uuid());
db.getDbClient().userPermissionDao().insert(db.getSession(), dto, project, user, null);
db.commit();

+ 2
- 2
server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierNotificationHandlerTest.java Просмотреть файл

@@ -61,8 +61,8 @@ public class DefaultAdminCredentialsVerifierNotificationHandlerTest {
// Users granted admin permission directly
UserDto admin1 = db.users().insertUser(u -> u.setEmail("admin1"));
UserDto adminWithNoEmail = db.users().insertUser(u -> u.setEmail(null));
db.users().insertPermissionOnUser(admin1, ADMINISTER);
db.users().insertPermissionOnUser(adminWithNoEmail, ADMINISTER);
db.users().insertGlobalPermissionOnUser(admin1, ADMINISTER);
db.users().insertGlobalPermissionOnUser(adminWithNoEmail, ADMINISTER);
// User granted admin permission by group membership
UserDto admin2 = db.users().insertUser(u -> u.setEmail("admin2"));
GroupDto adminGroup = db.users().insertGroup();

+ 102
- 109
server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java Просмотреть файл

@@ -27,9 +27,11 @@ import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
@@ -39,18 +41,9 @@ import static com.google.common.base.Preconditions.checkState;
import static java.util.Arrays.asList;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newChildComponent;
import static org.sonar.db.component.ComponentTesting.newProjectCopy;
import static org.sonar.db.component.ComponentTesting.newSubPortfolio;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.GlobalPermission.SCAN;

public class ServerUserSessionTest {

@@ -142,23 +135,23 @@ public class ServerUserSessionTest {
public void checkComponentUuidPermission_fails_with_FE_when_user_has_not_permission_for_specified_uuid_in_db() {
UserDto user = db.users().insertUser();
ComponentDto project = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnUser(user, USER, project);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project);
UserSession session = newUserSession(user);

assertThatForbiddenExceptionIsThrown(() -> session.checkComponentUuidPermission(USER, "another-uuid"));
assertThatForbiddenExceptionIsThrown(() -> session.checkComponentUuidPermission(UserRole.USER, "another-uuid"));
}

@Test
public void checkChildProjectsPermission_succeeds_if_user_has_permissions_on_all_application_child_projects() {
UserDto user = db.users().insertUser();
ComponentDto project = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnUser(user, USER, project);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project);
ComponentDto application = db.components().insertPrivateApplication();
db.components().addApplicationProject(application, project);

UserSession underTest = newUserSession(user);

assertThat(underTest.checkChildProjectsPermission(USER, application)).isSameAs(underTest);
assertThat(underTest.checkChildProjectsPermission(UserRole.USER, application)).isSameAs(underTest);
}

@Test
@@ -168,7 +161,7 @@ public class ServerUserSessionTest {

UserSession underTest = newUserSession(user);

assertThat(underTest.checkChildProjectsPermission(USER, project)).isSameAs(underTest);
assertThat(underTest.checkChildProjectsPermission(UserRole.USER, project)).isSameAs(underTest);
}

@Test
@@ -182,76 +175,76 @@ public class ServerUserSessionTest {

UserSession underTest = newUserSession(user);

assertThatForbiddenExceptionIsThrown(() -> underTest.checkChildProjectsPermission(USER, application));
assertThatForbiddenExceptionIsThrown(() -> underTest.checkChildProjectsPermission(UserRole.USER, application));
}

@Test
public void checkPermission_throws_ForbiddenException_when_user_doesnt_have_the_specified_permission() {
UserDto user = db.users().insertUser();

assertThatForbiddenExceptionIsThrown(() -> newUserSession(user).checkPermission(PROVISION_PROJECTS));
assertThatForbiddenExceptionIsThrown(() -> newUserSession(user).checkPermission(GlobalPermission.PROVISION_PROJECTS));
}

@Test
public void checkPermission_succeeds_when_user_has_the_specified_permission() {
UserDto adminUser = db.users().insertAdminByUserPermission();
db.users().insertPermissionOnUser(adminUser, PROVISIONING);
db.users().insertGlobalPermissionOnUser(adminUser, GlobalPermission.PROVISION_PROJECTS);

newUserSession(adminUser).checkPermission(PROVISION_PROJECTS);
newUserSession(adminUser).checkPermission(GlobalPermission.PROVISION_PROJECTS);
}

@Test
public void test_hasPermission_for_logged_in_user() {
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser();
db.users().insertPermissionOnUser(user, PROVISION_PROJECTS);
db.users().insertProjectPermissionOnUser(user, ADMIN, project);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project);

UserSession session = newUserSession(user);
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
assertThat(session.hasPermission(ADMINISTER)).isFalse();
assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
assertThat(session.hasPermission(GlobalPermission.ADMINISTER)).isFalse();
}

@Test
public void test_hasPermission_for_anonymous_user() {
db.users().insertPermissionOnAnyone(PROVISION_PROJECTS);
db.users().insertPermissionOnAnyone(GlobalPermission.PROVISION_PROJECTS);

UserSession session = newAnonymousSession();
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
assertThat(session.hasPermission(ADMINISTER)).isFalse();
assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
assertThat(session.hasPermission(GlobalPermission.ADMINISTER)).isFalse();
}

@Test
public void hasPermission_keeps_cache_of_permissions_of_logged_in_user() {
UserDto user = db.users().insertUser();
db.users().insertPermissionOnUser(user, PROVISIONING);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);

UserSession session = newUserSession(user);

// feed the cache
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();

// change permissions without updating the cache
db.users().deletePermissionFromUser(user, PROVISION_PROJECTS);
db.users().insertPermissionOnUser(user, SCAN);
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
assertThat(session.hasPermission(ADMINISTER)).isFalse();
assertThat(session.hasPermission(SCAN)).isFalse();
db.users().deletePermissionFromUser(user, GlobalPermission.PROVISION_PROJECTS);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
assertThat(session.hasPermission(GlobalPermission.ADMINISTER)).isFalse();
assertThat(session.hasPermission(GlobalPermission.SCAN)).isFalse();
}

@Test
public void hasPermission_keeps_cache_of_permissions_of_anonymous_user() {
db.users().insertPermissionOnAnyone(PROVISION_PROJECTS);
db.users().insertPermissionOnAnyone(GlobalPermission.PROVISION_PROJECTS);

UserSession session = newAnonymousSession();

// feed the cache
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();

// change permissions without updating the cache
db.users().insertPermissionOnAnyone(SCAN);
assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();
assertThat(session.hasPermission(SCAN)).isFalse();
db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
assertThat(session.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
assertThat(session.hasPermission(GlobalPermission.SCAN)).isFalse();
}

@Test
@@ -259,7 +252,7 @@ public class ServerUserSessionTest {
ComponentDto project1 = db.components().insertPrivateProject();
ComponentDto project2 = db.components().insertPrivateProject();
UserDto user = db.users().insertUser();
db.users().insertProjectPermissionOnUser(user, USER, project1);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project1);

ComponentDto application = db.components().insertPrivateApplication();
db.components().addApplicationProject(application, project1);
@@ -267,30 +260,30 @@ public class ServerUserSessionTest {
db.components().insertComponent(newProjectCopy(project1, application));

UserSession session = newUserSession(user);
assertThat(session.hasChildProjectsPermission(USER, application)).isTrue();
assertThat(session.hasChildProjectsPermission(UserRole.USER, application)).isTrue();

db.components().addApplicationProject(application, project2);
db.components().insertComponent(newProjectCopy(project2, application));

assertThat(session.hasChildProjectsPermission(USER, application)).isFalse();
assertThat(session.hasChildProjectsPermission(UserRole.USER, application)).isFalse();
}

@Test
public void test_hasChildProjectsPermission_for_anonymous_user() {
ComponentDto project = db.components().insertPrivateProject();
db.users().insertPermissionOnAnyone(USER);
db.users().insertPermissionOnAnyone(UserRole.USER);
ComponentDto application = db.components().insertPrivateApplication();
db.components().addApplicationProject(application, project);
// add computed project
db.components().insertComponent(newProjectCopy(project, application));

UserSession session = newAnonymousSession();
assertThat(session.hasChildProjectsPermission(USER, application)).isFalse();
assertThat(session.hasChildProjectsPermission(UserRole.USER, application)).isFalse();
}

@Test
public void hasChildProjectsPermission_keeps_cache_of_permissions_of_anonymous_user() {
db.users().insertPermissionOnAnyone(USER);
db.users().insertPermissionOnAnyone(UserRole.USER);

ComponentDto project = db.components().insertPublicProject();
ComponentDto application = db.components().insertPublicApplication();
@@ -299,11 +292,11 @@ public class ServerUserSessionTest {
UserSession session = newAnonymousSession();

// feed the cache
assertThat(session.hasChildProjectsPermission(USER, application)).isTrue();
assertThat(session.hasChildProjectsPermission(UserRole.USER, application)).isTrue();

// change privacy of the project without updating the cache
db.getDbClient().componentDao().setPrivateForBranchUuidWithoutAudit(db.getSession(), project.uuid(), true);
assertThat(session.hasChildProjectsPermission(USER, application)).isTrue();
assertThat(session.hasChildProjectsPermission(UserRole.USER, application)).isTrue();
}

@Test
@@ -324,44 +317,44 @@ public class ServerUserSessionTest {
db.components().addPortfolioProject(portfolio, project1);
db.components().insertComponent(newProjectCopy(project1, portfolio));

assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue();
assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, portfolio)).isTrue();

// Add private project2 with USER permissions to private portfolio
db.users().insertProjectPermissionOnUser(user, USER, project2);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project2);
db.components().addPortfolioProject(portfolio, project2);
db.components().insertComponent(newProjectCopy(project2, portfolio));

assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue();
assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, portfolio)).isTrue();

// Add private project4 with USER permissions to sub-portfolio
db.users().insertProjectPermissionOnUser(user, USER, project4);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project4);
db.components().addPortfolioProject(subPortfolio, project4);
db.components().insertComponent(newProjectCopy(project4, subPortfolio));
db.components().addPortfolioReference(portfolio, subPortfolio.uuid());

// The predicate should work both on view and subview components
assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue();
assertThat(session.hasPortfolioChildProjectsPermission(USER, subPortfolio)).isTrue();
assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, portfolio)).isTrue();
assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, subPortfolio)).isTrue();

// Add private project3 without permissions to private portfolio
db.components().addPortfolioProject(portfolio, project3);
db.components().insertComponent(newProjectCopy(project3, portfolio));

assertThat(session.hasChildProjectsPermission(USER, portfolio)).isFalse();
assertThat(session.hasChildProjectsPermission(UserRole.USER, portfolio)).isFalse();

// Add private project5 without permissions to sub-portfolio
db.components().addPortfolioProject(subPortfolio, project5);
db.components().insertComponent(newProjectCopy(project5, subPortfolio));

assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isFalse();
assertThat(session.hasPortfolioChildProjectsPermission(USER, subPortfolio)).isFalse();
assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, portfolio)).isFalse();
assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, subPortfolio)).isFalse();
}

@Test
public void test_hasPortfolioChildProjectsPermission_for_anonymous_user() {
ComponentDto project = db.components().insertPrivateProject();

db.users().insertPermissionOnAnyone(USER);
db.users().insertPermissionOnAnyone(UserRole.USER);

ComponentDto portfolio = db.components().insertPrivatePortfolio();

@@ -370,12 +363,12 @@ public class ServerUserSessionTest {
db.components().insertComponent(newProjectCopy(project, portfolio));

UserSession session = newAnonymousSession();
assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isFalse();
assertThat(session.hasPortfolioChildProjectsPermission(UserRole.USER, portfolio)).isFalse();
}

@Test
public void hasPortfolioChildProjectsPermission_keeps_cache_of_permissions_of_anonymous_user() {
db.users().insertPermissionOnAnyone(USER);
db.users().insertPermissionOnAnyone(UserRole.USER);

ComponentDto project = db.components().insertPublicProject();
ComponentDto portfolio = db.components().insertPublicPortfolio();
@@ -384,11 +377,11 @@ public class ServerUserSessionTest {
UserSession session = newAnonymousSession();

// feed the cache
assertThat(session.hasChildProjectsPermission(USER, portfolio)).isTrue();
assertThat(session.hasChildProjectsPermission(UserRole.USER, portfolio)).isTrue();

// change privacy of the project without updating the cache
db.getDbClient().componentDao().setPrivateForBranchUuidWithoutAudit(db.getSession(), project.uuid(), true);
assertThat(session.hasChildProjectsPermission(USER, portfolio)).isTrue();
assertThat(session.hasChildProjectsPermission(UserRole.USER, portfolio)).isTrue();
}

@Test
@@ -397,8 +390,8 @@ public class ServerUserSessionTest {

ServerUserSession underTest = newAnonymousSession();

assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();
}

@Test
@@ -408,8 +401,8 @@ public class ServerUserSessionTest {

ServerUserSession underTest = newAnonymousSession();

assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();
}

@Test
@@ -419,8 +412,8 @@ public class ServerUserSessionTest {

ServerUserSession underTest = newAnonymousSession();

assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();
}

@Test
@@ -430,8 +423,8 @@ public class ServerUserSessionTest {

ServerUserSession underTest = newAnonymousSession();

assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();
}

@Test
@@ -441,8 +434,8 @@ public class ServerUserSessionTest {

ServerUserSession underTest = newUserSession(user);

assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, privateProject)).isFalse();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, privateProject)).isFalse();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse();
}

@Test
@@ -453,8 +446,8 @@ public class ServerUserSessionTest {

ServerUserSession underTest = newUserSession(user);

assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, privateProject)).isFalse();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, privateProject)).isFalse();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse();
}

@Test
@@ -465,8 +458,8 @@ public class ServerUserSessionTest {

ServerUserSession underTest = newUserSession(user);

assertThat(hasComponentPermissionByDtoOrUuid(underTest, USER, privateProject)).isFalse();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, CODEVIEWER, privateProject)).isFalse();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse();
}

@Test
@@ -527,35 +520,35 @@ public class ServerUserSessionTest {
public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_logged_in_user() {
UserDto user = db.users().insertUser();
ComponentDto publicProject = db.components().insertPublicProject();
db.users().insertProjectPermissionOnUser(user, ADMIN, publicProject);
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, publicProject);

UserSession underTest = newUserSession(user);

// feed the cache
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();

// change permissions without updating the cache
db.users().deletePermissionFromUser(publicProject, user, ADMIN);
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, publicProject);
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ISSUE_ADMIN, publicProject)).isFalse();
db.users().deletePermissionFromUser(publicProject, user, UserRole.ADMIN);
db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, publicProject);
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ISSUE_ADMIN, publicProject)).isFalse();
}

@Test
public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_anonymous_user() {
ComponentDto publicProject = db.components().insertPublicProject();
db.users().insertProjectPermissionOnAnyone(ADMIN, publicProject);
db.users().insertProjectPermissionOnAnyone(UserRole.ADMIN, publicProject);

UserSession underTest = newAnonymousSession();

// feed the cache
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();

// change permissions without updating the cache
db.users().deleteProjectPermissionFromAnyone(publicProject, ADMIN);
db.users().insertProjectPermissionOnAnyone(ISSUE_ADMIN, publicProject);
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ADMIN, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, ISSUE_ADMIN, publicProject)).isFalse();
db.users().deleteProjectPermissionFromAnyone(publicProject, UserRole.ADMIN);
db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject);
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();
assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ISSUE_ADMIN, publicProject)).isFalse();
}

private boolean hasComponentPermissionByDtoOrUuid(UserSession underTest, String permission, ComponentDto component) {
@@ -572,31 +565,31 @@ public class ServerUserSessionTest {

UserSession underTest = newAnonymousSession();

assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty();
assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty();
}

@Test
public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_anonymous() {
ComponentDto publicProject = db.components().insertPublicProject();
ComponentDto privateProject = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnAnyone(ISSUE_ADMIN, publicProject);
db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject);

UserSession underTest = newAnonymousSession();

assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty();
assertThat(underTest.keepAuthorizedComponents(ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(publicProject);
assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty();
assertThat(underTest.keepAuthorizedComponents(UserRole.ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(publicProject);
}

@Test
public void keepAuthorizedComponents_on_branches() {
UserDto user = db.users().insertUser();
ComponentDto privateProject = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnUser(user, ADMIN, privateProject);
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject);
ComponentDto privateBranchProject = db.components().insertProjectBranch(privateProject);

UserSession underTest = newUserSession(user);

assertThat(underTest.keepAuthorizedComponents(ADMIN, asList(privateProject, privateBranchProject)))
assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, asList(privateProject, privateBranchProject)))
.containsExactlyInAnyOrder(privateProject, privateBranchProject);
}

@@ -613,13 +606,13 @@ public class ServerUserSessionTest {
UserSession underTest = newUserSession(user);

ComponentDto portfolio = db.components().insertPrivatePortfolio();
db.users().insertProjectPermissionOnUser(user, USER, portfolio);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, portfolio);

ComponentDto subPortfolio = db.components().insertComponent(newSubPortfolio(portfolio));
db.users().insertProjectPermissionOnUser(user, USER, subPortfolio);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, subPortfolio);

ComponentDto app = db.components().insertPrivateApplication();
db.users().insertProjectPermissionOnUser(user, USER, app);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, app);

ComponentDto app2 = db.components().insertPrivateApplication();

@@ -628,12 +621,12 @@ public class ServerUserSessionTest {
var copyProject1 = db.components().insertComponent(newProjectCopy(project1, portfolio));

// Add private project2 with USER permissions to private portfolio
db.users().insertProjectPermissionOnUser(user, USER, project2);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project2);
db.components().addPortfolioProject(portfolio, project2);
var copyProject2 = db.components().insertComponent(newProjectCopy(project2, portfolio));

// Add private project4 with USER permissions to sub-portfolio
db.users().insertProjectPermissionOnUser(user, USER, project4);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project4);
db.components().addPortfolioProject(subPortfolio, project4);
var copyProject4 = db.components().insertComponent(newProjectCopy(project4, subPortfolio));
db.components().addPortfolioReference(portfolio, subPortfolio.uuid());
@@ -643,7 +636,7 @@ public class ServerUserSessionTest {
var copyProject3 = db.components().insertComponent(newProjectCopy(project3, portfolio));

// Add private project5 with USER permissions to app
db.users().insertProjectPermissionOnUser(user, USER, project5);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project5);
db.components().addApplicationProject(app, project5);
var copyProject5 = db.components().insertComponent(newProjectCopy(project5, app));
db.components().addPortfolioReference(portfolio, app.uuid());
@@ -653,16 +646,16 @@ public class ServerUserSessionTest {
var copyProject6 = db.components().insertComponent(newProjectCopy(project6, app2));
db.components().addPortfolioReference(portfolio, app2.uuid());

assertThat(underTest.keepAuthorizedComponents(ADMIN, List.of(portfolio))).isEmpty();
assertThat(underTest.keepAuthorizedComponents(USER, List.of(portfolio))).containsExactly(portfolio);
assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, List.of(portfolio))).isEmpty();
assertThat(underTest.keepAuthorizedComponents(UserRole.USER, List.of(portfolio))).containsExactly(portfolio);

assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(app, subPortfolio, app2))).isEmpty();
assertThat(underTest.keepAuthorizedComponents(USER, Arrays.asList(app, subPortfolio, app2))).containsExactly(app, subPortfolio);
assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(app, subPortfolio, app2))).isEmpty();
assertThat(underTest.keepAuthorizedComponents(UserRole.USER, Arrays.asList(app, subPortfolio, app2))).containsExactly(app, subPortfolio);

assertThat(underTest.keepAuthorizedComponents(ADMIN, Arrays.asList(project1, project2, project3, project4, project5, project6))).isEmpty();
assertThat(underTest.keepAuthorizedComponents(USER, Arrays.asList(project1, project2, project3, project4, project5, project6))).containsExactly(project1, project2, project4, project5);
assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(project1, project2, project3, project4, project5, project6))).isEmpty();
assertThat(underTest.keepAuthorizedComponents(UserRole.USER, Arrays.asList(project1, project2, project3, project4, project5, project6))).containsExactly(project1, project2, project4, project5);

assertThat(underTest.keepAuthorizedComponents(USER, Arrays.asList(copyProject1, copyProject2, copyProject3, copyProject4, copyProject5, copyProject6)))
assertThat(underTest.keepAuthorizedComponents(UserRole.USER, Arrays.asList(copyProject1, copyProject2, copyProject3, copyProject4, copyProject5, copyProject6)))
.containsExactly(copyProject1, copyProject2, copyProject4, copyProject5);
}

@@ -678,7 +671,7 @@ public class ServerUserSessionTest {
@Test
public void isSystemAdministrator_returns_true_if_user_is_administrator() {
UserDto user = db.users().insertUser();
db.users().insertPermissionOnUser(user, SYSTEM_ADMIN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);

UserSession session = newUserSession(user);

@@ -688,7 +681,7 @@ public class ServerUserSessionTest {
@Test
public void isSystemAdministrator_returns_false_if_user_is_not_administrator() {
UserDto user = db.users().insertUser();
db.users().insertPermissionOnUser(user, PROVISIONING);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);

UserSession session = newUserSession(user);

@@ -698,7 +691,7 @@ public class ServerUserSessionTest {
@Test
public void keep_isSystemAdministrator_flag_in_cache() {
UserDto user = db.users().insertUser();
db.users().insertPermissionOnUser(user, SYSTEM_ADMIN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);

UserSession session = newUserSession(user);

@@ -745,7 +738,7 @@ public class ServerUserSessionTest {
ComponentDto privateProject = db.components().insertPrivateProject();

Set<ProjectDto> projectDto = Set.of(getProjectDto(publicProject), getProjectDto(privateProject));
List<ProjectDto> projectDtos = newUserSession(null).keepAuthorizedProjects(USER, projectDto);
List<ProjectDto> projectDtos = newUserSession(null).keepAuthorizedProjects(UserRole.USER, projectDto);

assertThat(projectDtos).containsExactly(db.components().getProjectDto(publicProject));
}
@@ -757,7 +750,7 @@ public class ServerUserSessionTest {
ComponentDto privateProject = db.components().insertPrivateProject();

Set<ProjectDto> projectDto = Set.of(getProjectDto(publicProject), getProjectDto(privateProject));
List<ProjectDto> projectDtos = newUserSession(userDto).keepAuthorizedProjects(USER, projectDto);
List<ProjectDto> projectDtos = newUserSession(userDto).keepAuthorizedProjects(UserRole.USER, projectDto);

assertThat(projectDtos).containsExactly(db.components().getProjectDto(publicProject));
}

+ 8
- 8
server/sonar-webserver-auth/src/test/java/org/sonar/server/user/TokenUserSessionTest.java Просмотреть файл

@@ -95,7 +95,7 @@ public class TokenUserSessionTest {

UserDto user = db.users().insertUser();

db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);

TokenUserSession userSession = mockProjectAnalysisTokenUserSession(user,project1);

@@ -106,7 +106,7 @@ public class TokenUserSessionTest {
@Test
public void test_hasGlobalPermission_for_UserToken() {
UserDto user = db.users().insertUser();
db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);

TokenUserSession userSession = mockTokenUserSession(user);

@@ -123,7 +123,7 @@ public class TokenUserSessionTest {
db.users().insertProjectPermissionOnUser(user, SCAN, project1);
db.users().insertProjectPermissionOnUser(user, SCAN, project2);

db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);

TokenUserSession userSession = mockProjectAnalysisTokenUserSession(user,project1);

@@ -136,7 +136,7 @@ public class TokenUserSessionTest {

UserDto user = db.users().insertUser();

db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);

TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);

@@ -148,8 +148,8 @@ public class TokenUserSessionTest {
public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsTrueIfUserIsGranted() {
UserDto user = db.users().insertUser();

db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
db.users().insertPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);

TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);

@@ -160,7 +160,7 @@ public class TokenUserSessionTest {
public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsFalseIfUserIsNotGranted() {
UserDto user = db.users().insertUser();

db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);

TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);

@@ -171,7 +171,7 @@ public class TokenUserSessionTest {
public void test_hasAdministerGlobalPermission_for_GlobalAnalysisToken_returnsFalse() {
UserDto user = db.users().insertUser();

db.users().insertPermissionOnUser(user, GlobalPermission.ADMINISTER);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);

TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);


+ 8
- 9
server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java Просмотреть файл

@@ -21,18 +21,17 @@ package org.sonar.server.permission;

import java.util.List;
import java.util.Optional;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.api.web.UserRole;
import org.sonar.core.util.UuidFactory;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.db.user.GroupDto;

import static com.google.common.base.Preconditions.checkNotNull;
import static java.lang.String.format;
import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.server.exceptions.BadRequestException.checkRequest;
import static org.sonar.server.permission.PermissionChange.Operation.ADD;
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;
@@ -78,7 +77,7 @@ public class GroupPermissionChanger {
private static boolean isAttemptToAddPublicPermissionToPublicComponent(GroupPermissionChange change, ComponentDto project) {
return !project.isPrivate()
&& change.getOperation() == ADD
&& PUBLIC_PERMISSIONS.contains(change.getPermission());
&& UserRole.PUBLIC_PERMISSIONS.contains(change.getPermission());
}

private static boolean isAttemptToRemovePermissionFromAnyoneOnPrivateComponent(GroupPermissionChange change, ComponentDto project) {
@@ -108,7 +107,7 @@ public class GroupPermissionChanger {
private static boolean isAttemptToRemovePublicPermissionFromPublicComponent(GroupPermissionChange change, ComponentDto project) {
return !project.isPrivate()
&& change.getOperation() == REMOVE
&& PUBLIC_PERMISSIONS.contains(change.getPermission());
&& UserRole.PUBLIC_PERMISSIONS.contains(change.getPermission());
}

private boolean addPermission(DbSession dbSession, GroupPermissionChange change) {
@@ -136,7 +135,7 @@ public class GroupPermissionChanger {
}

private static void validateNotAnyoneAndAdminPermission(String permission, GroupUuidOrAnyone group) {
checkRequest(!GlobalPermissions.SYSTEM_ADMIN.equals(permission) || !group.isAnyone(),
checkRequest(!GlobalPermission.ADMINISTER.getKey().equals(permission) || !group.isAnyone(),
format("It is not possible to add the '%s' permission to group 'Anyone'.", permission));
}

@@ -173,13 +172,13 @@ public class GroupPermissionChanger {

private void checkIfRemainingGlobalAdministrators(DbSession dbSession, GroupPermissionChange change) {
GroupUuidOrAnyone groupUuidOrAnyone = change.getGroupUuidOrAnyone();
if (SYSTEM_ADMIN.equals(change.getPermission()) &&
if (GlobalPermission.ADMINISTER.getKey().equals(change.getPermission()) &&
!groupUuidOrAnyone.isAnyone() &&
change.getProjectUuid() == null) {
String groupUuid = checkNotNull(groupUuidOrAnyone.getUuid());
// removing global admin permission from group
int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroup(dbSession, SYSTEM_ADMIN, groupUuid);
checkRequest(remaining > 0, "Last group with permission '%s'. Permission cannot be removed.", SYSTEM_ADMIN);
int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroup(dbSession, GlobalPermission.ADMINISTER.getKey(), groupUuid);
checkRequest(remaining > 0, "Last group with permission '%s'. Permission cannot be removed.", GlobalPermission.ADMINISTER.getKey());
}
}


+ 1
- 1
server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/PermissionChange.java Просмотреть файл

@@ -21,8 +21,8 @@ package org.sonar.server.permission;

import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.component.ComponentDto;

import static java.util.Objects.requireNonNull;
import static org.sonar.core.util.stream.MoreCollectors.toList;

+ 3
- 3
server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/RequestValidator.java Просмотреть файл

@@ -27,7 +27,7 @@ import java.util.stream.Collectors;
import javax.annotation.Nullable;
import org.sonar.api.resources.ResourceType;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.server.exceptions.BadRequestException;

import static com.google.common.base.Strings.isNullOrEmpty;
@@ -55,8 +55,8 @@ public class RequestValidator {
}

public static void validateGlobalPermission(String permission) {
checkRequest(GlobalPermissions.ALL.contains(permission),
format("The '%s' parameter for global permissions must be one of %s. '%s' was passed.", PARAM_PERMISSION, GlobalPermissions.ALL_ON_ONE_LINE, permission));
checkRequest(GlobalPermission.contains(permission),
format("The '%s' parameter for global permissions must be one of %s. '%s' was passed.", PARAM_PERMISSION, GlobalPermission.ALL_ON_ONE_LINE, permission));
}

public static void validateQualifier(@Nullable String qualifier, ResourceTypes resourceTypes) {

+ 6
- 6
server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/UserPermissionChanger.java Просмотреть файл

@@ -20,14 +20,14 @@
package org.sonar.server.permission;

import java.util.List;
import org.sonar.api.web.UserRole;
import org.sonar.core.util.UuidFactory;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.permission.UserPermissionDto;

import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.server.exceptions.BadRequestException.checkRequest;
import static org.sonar.server.permission.PermissionChange.Operation.ADD;
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;
@@ -75,7 +75,7 @@ public class UserPermissionChanger {
private static boolean isAttemptToAddPublicPermissionToPublicComponent(UserPermissionChange change, ComponentDto project) {
return !project.isPrivate()
&& change.getOperation() == ADD
&& PUBLIC_PERMISSIONS.contains(change.getPermission());
&& UserRole.PUBLIC_PERMISSIONS.contains(change.getPermission());
}

private static void ensureConsistencyWithVisibility(UserPermissionChange change) {
@@ -89,7 +89,7 @@ public class UserPermissionChanger {
private static boolean isAttemptToRemovePublicPermissionFromPublicComponent(UserPermissionChange change, ComponentDto projectUuid) {
return !projectUuid.isPrivate()
&& change.getOperation() == REMOVE
&& PUBLIC_PERMISSIONS.contains(change.getPermission());
&& UserRole.PUBLIC_PERMISSIONS.contains(change.getPermission());
}

private boolean addPermission(DbSession dbSession, UserPermissionChange change) {
@@ -125,9 +125,9 @@ public class UserPermissionChanger {
}

private void checkOtherAdminsExist(DbSession dbSession, UserPermissionChange change) {
if (SYSTEM_ADMIN.equals(change.getPermission()) && change.getProjectUuid() == null) {
if (GlobalPermission.ADMINISTER.getKey().equals(change.getPermission()) && change.getProjectUuid() == null) {
int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUserPermission(dbSession, change.getPermission(), change.getUserId().getUuid());
checkRequest(remaining > 0, "Last user with permission '%s'. Permission cannot be removed.", SYSTEM_ADMIN);
checkRequest(remaining > 0, "Last user with permission '%s'. Permission cannot be removed.", GlobalPermission.ADMINISTER.getKey());
}
}
}

+ 2
- 2
server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/WsParameters.java Просмотреть файл

@@ -21,7 +21,7 @@ package org.sonar.server.permission.ws;

import com.google.common.base.Joiner;
import org.sonar.api.server.ws.WebService;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.server.permission.PermissionService;

import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01;
@@ -50,7 +50,7 @@ public class WsParameters {
"<li>Possible values for global permissions: %s</li>" +
"<li>Possible values for project permissions %s</li>" +
"</ul>",
GlobalPermissions.ALL_ON_ONE_LINE,
GlobalPermission.ALL_ON_ONE_LINE,
allProjectsPermissionsOnOneLine);
projectPermissionParamDescription = String.format("Permission" +
"<ul>" +

+ 2
- 2
server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java Просмотреть файл

@@ -33,7 +33,7 @@ import org.sonar.server.permission.ws.WsParameters;
import org.sonar.server.user.UserSession;

import static java.lang.String.format;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.server.exceptions.BadRequestException.checkRequest;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
import static org.sonar.server.permission.ws.WsParameters.createGroupNameParameter;
@@ -79,7 +79,7 @@ public class AddGroupToTemplateAction implements PermissionsWsAction {
try (DbSession dbSession = dbClient.openSession(false)) {
String permission = request.mandatoryParam(PARAM_PERMISSION);
GroupUuidOrAnyone group = support.findGroup(dbSession, request);
checkRequest(!SYSTEM_ADMIN.equals(permission) || !group.isAnyone(),
checkRequest(!ADMINISTER.getKey().equals(permission) || !group.isAnyone(),
format("It is not possible to add the '%s' permission to the group 'Anyone'.", permission));

PermissionTemplateDto template = support.findTemplate(dbSession, fromRequest(request));

+ 4
- 4
server/sonar-webserver-webapi/src/main/java/org/sonar/server/webhook/ws/WebhookSupport.java Просмотреть файл

@@ -24,13 +24,13 @@ import java.net.SocketException;
import java.net.UnknownHostException;
import okhttp3.HttpUrl;
import org.sonar.api.config.Configuration;
import org.sonar.api.web.UserRole;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.server.user.UserSession;

import static org.sonar.api.CoreProperties.SONAR_VALIDATE_WEBHOOKS_DEFAULT_VALUE;
import static org.sonar.api.CoreProperties.SONAR_VALIDATE_WEBHOOKS_PROPERTY;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;

public class WebhookSupport {

@@ -45,11 +45,11 @@ public class WebhookSupport {
}

void checkPermission(ProjectDto projectDto) {
userSession.checkProjectPermission(ADMIN, projectDto);
userSession.checkProjectPermission(UserRole.ADMIN, projectDto);
}

void checkPermission() {
userSession.checkPermission(ADMINISTER);
userSession.checkPermission(GlobalPermission.ADMINISTER);
}

void checkUrlPattern(String url, String message, Object... messageArguments) {

+ 0
- 1
server/sonar-webserver-webapi/src/test/java/org/sonar/server/almintegration/ws/bitbucketserver/ImportBitbucketServerProjectActionTest.java Просмотреть файл

@@ -23,7 +23,6 @@ import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;

+ 4
- 7
server/sonar-webserver-webapi/src/test/java/org/sonar/server/batch/ProjectDataLoaderTest.java Просмотреть файл

@@ -21,7 +21,6 @@ package org.sonar.server.batch;

import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.config.internal.MapSettings;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.Scopes;
import org.sonar.core.util.Uuids;
@@ -43,8 +42,8 @@ import static com.google.common.collect.ImmutableList.of;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.permission.GlobalPermission.SCAN;

public class ProjectDataLoaderTest {
@Rule
@@ -54,15 +53,13 @@ public class ProjectDataLoaderTest {

private DbClient dbClient = db.getDbClient();
private DbSession dbSession = db.getSession();
private int uuidCounter = 0;
private ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);
private MapSettings settings = new MapSettings();
private ProjectDataLoader underTest = new ProjectDataLoader(dbClient, userSession, new ComponentFinder(dbClient, resourceTypes));

@Test
public void throws_NotFoundException_when_branch_does_not_exist() {
ComponentDto project = db.components().insertPrivateProject();
userSession.logIn().addProjectPermission(SCAN_EXECUTION, project);
userSession.logIn().addProjectPermission(SCAN.getKey(), project);

assertThatThrownBy(() -> {
underTest.load(ProjectDataQuery.create()
@@ -76,7 +73,7 @@ public class ProjectDataLoaderTest {
@Test
public void return_file_data_from_single_project() {
ComponentDto project = db.components().insertPrivateProject();
userSession.logIn().addProjectPermission(SCAN_EXECUTION, project);
userSession.logIn().addProjectPermission(SCAN.getKey(), project);
ComponentDto file = db.components().insertComponent(newFileDto(project));
dbClient.fileSourceDao().insert(dbSession, newFileSourceDto(file).setSrcHash("123456"));
db.commit();
@@ -92,7 +89,7 @@ public class ProjectDataLoaderTest {
public void return_file_data_from_branch() {
ComponentDto project = db.components().insertPrivateProject();
ComponentDto branch = db.components().insertProjectBranch(project, b -> b.setKey("my_branch"));
userSession.logIn().addProjectPermission(SCAN_EXECUTION, project);
userSession.logIn().addProjectPermission(SCAN.getKey(), project);
// File on branch
ComponentDto projectFile = db.components().insertComponent(newFileDto(branch));
dbClient.fileSourceDao().insert(dbSession, newFileSourceDto(projectFile).setSrcHash("123456"));

+ 2
- 2
server/sonar-webserver-webapi/src/test/java/org/sonar/server/branch/ws/ListActionTest.java Просмотреть файл

@@ -56,10 +56,10 @@ import static org.sonar.api.rules.RuleType.BUG;
import static org.sonar.api.utils.DateUtils.dateToLong;
import static org.sonar.api.utils.DateUtils.parseDateTime;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.component.BranchDto.DEFAULT_MAIN_BRANCH_NAME;
import static org.sonar.db.component.BranchType.BRANCH;
import static org.sonar.db.component.SnapshotTesting.newAnalysis;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.test.JsonAssert.assertJson;

public class ListActionTest {
@@ -141,7 +141,7 @@ public class ListActionTest {
db.issues().insert(rule, branch, branch, i -> i.setType(BUG).setResolution(null));
indexIssues();

userSession.logIn().addProjectPermission(SCAN_EXECUTION, project);
userSession.logIn().addProjectPermission(SCAN.getKey(), project);

String json = ws.newRequest()
.setParam("project", project.getKey())

+ 5
- 6
server/sonar-webserver-webapi/src/test/java/org/sonar/server/ce/queue/BranchReportSubmitterTest.java Просмотреть файл

@@ -69,7 +69,6 @@ import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoInteractions;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
import static org.sonar.db.component.ComponentTesting.newBranchDto;
import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
@@ -108,7 +107,7 @@ public class BranchReportSubmitterTest {
public void submit_does_not_use_delegate_if_characteristics_are_empty() {
ComponentDto project = db.components().insertPublicProject();
UserDto user = db.users().insertUser();
userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, project);
userSession.logIn(user).addProjectPermission(SCAN.getKey(), project);
mockSuccessfulPrepareSubmitCall();
InputStream reportInput = IOUtils.toInputStream("{binary}", StandardCharsets.UTF_8);

@@ -122,7 +121,7 @@ public class BranchReportSubmitterTest {
ComponentDto project = db.components().insertPublicProject();
ComponentDto branch = db.components().insertProjectBranch(project, b -> b.setKey("branch1"));
UserDto user = db.users().insertUser();
userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, project);
userSession.logIn(user).addProjectPermission(SCAN.getKey(), project);
Map<String, String> randomCharacteristics = randomNonEmptyMap();
BranchSupport.ComponentKey componentKey = createComponentKeyOfBranch(project.getKey(), "branch1");
when(branchSupportDelegate.createComponentKey(project.getKey(), randomCharacteristics)).thenReturn(componentKey);
@@ -145,7 +144,7 @@ public class BranchReportSubmitterTest {
ComponentDto existingProject = db.components().insertPublicProject();
BranchDto exitingProjectMainBranch = db.getDbClient().branchDao().selectByUuid(db.getSession(), existingProject.uuid()).get();
UserDto user = db.users().insertUser();
userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, existingProject);
userSession.logIn(user).addProjectPermission(SCAN.getKey(), existingProject);
Map<String, String> randomCharacteristics = randomNonEmptyMap();
ComponentDto createdBranch = createButDoNotInsertBranch(existingProject);
BranchSupport.ComponentKey componentKey = createComponentKeyOfBranch(existingProject.getKey(), "branch1");
@@ -200,7 +199,7 @@ public class BranchReportSubmitterTest {
public void submit_fails_if_branch_support_delegate_createComponentKey_throws_an_exception() {
ComponentDto project = db.components().insertPublicProject();
UserDto user = db.users().insertUser();
userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, project);
userSession.logIn(user).addProjectPermission(SCAN.getKey(), project);
Map<String, String> randomCharacteristics = randomNonEmptyMap();
InputStream reportInput = IOUtils.toInputStream("{binary}", StandardCharsets.UTF_8);
RuntimeException expected = new RuntimeException("Faking an exception thrown by branchSupportDelegate");
@@ -218,7 +217,7 @@ public class BranchReportSubmitterTest {
public void submit_report_on_missing_branch_of_missing_project_fails_with_ForbiddenException_if_only_scan_permission() {
ComponentDto nonExistingProject = newPrivateProjectDto();
UserDto user = db.users().insertUser();
userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, nonExistingProject);
userSession.logIn(user).addProjectPermission(SCAN.getKey(), nonExistingProject);
Map<String, String> randomCharacteristics = randomNonEmptyMap();
ComponentDto createdBranch = createButDoNotInsertBranch(nonExistingProject);
BranchSupport.ComponentKey componentKey = createComponentKeyOfBranch(nonExistingProject.getKey());

+ 5
- 6
server/sonar-webserver-webapi/src/test/java/org/sonar/server/ce/queue/ReportSubmitterTest.java Просмотреть файл

@@ -65,7 +65,6 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoInteractions;
import static org.mockito.Mockito.when;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
import static org.sonar.db.component.BranchDto.DEFAULT_MAIN_BRANCH_NAME;
import static org.sonar.db.component.ComponentTesting.newDirectory;
@@ -140,7 +139,7 @@ public class ReportSubmitterTest {
public void submit_a_report_on_existing_project() {
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser();
userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, project);
userSession.logIn(user).addProjectPermission(SCAN.getKey(), project);
mockSuccessfulPrepareSubmitCall();

underTest.submit(project.getKey(), project.name(), emptyMap(), IOUtils.toInputStream("{binary}", StandardCharsets.UTF_8));
@@ -250,7 +249,7 @@ public class ReportSubmitterTest {
@Test
public void submit_a_report_on_existing_project_with_project_scan_permission() {
ComponentDto project = db.components().insertPrivateProject();
userSession.addProjectPermission(SCAN_EXECUTION, project);
userSession.addProjectPermission(SCAN.getKey(), project);
mockSuccessfulPrepareSubmitCall();

underTest.submit(project.getKey(), project.name(), emptyMap(), IOUtils.toInputStream("{binary}"));
@@ -261,7 +260,7 @@ public class ReportSubmitterTest {
@Test
public void fail_if_component_is_not_a_project() {
ComponentDto component = db.components().insertPublicPortfolio();
userSession.logIn().addProjectPermission(SCAN_EXECUTION, component);
userSession.logIn().addProjectPermission(SCAN.getKey(), component);
mockSuccessfulPrepareSubmitCall();

String dbKey = component.getKey();
@@ -277,7 +276,7 @@ public class ReportSubmitterTest {
public void fail_if_project_key_already_exists_as_other_component() {
ComponentDto project = db.components().insertPrivateProject();
ComponentDto dir = db.components().insertComponent(newDirectory(project, "path"));
userSession.logIn().addProjectPermission(SCAN_EXECUTION, project);
userSession.logIn().addProjectPermission(SCAN.getKey(), project);
mockSuccessfulPrepareSubmitCall();

String dirDbKey = dir.getKey();
@@ -304,7 +303,7 @@ public class ReportSubmitterTest {
@Test
public void fail_with_forbidden_exception_on_new_project_when_only_project_scan_permission() {
ComponentDto component = db.components().insertPrivateProject(PROJECT_UUID);
userSession.addProjectPermission(SCAN_EXECUTION, component);
userSession.addProjectPermission(SCAN.getKey(), component);
mockSuccessfulPrepareSubmitCall();

Map<String, String> emptyMap = emptyMap();

+ 4
- 6
server/sonar-webserver-webapi/src/test/java/org/sonar/server/ce/ws/TaskActionTest.java Просмотреть файл

@@ -28,7 +28,6 @@ import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.util.CloseableIterator;
import org.sonar.core.util.UuidFactoryFast;
import org.sonar.core.util.Uuids;
@@ -56,7 +55,6 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.SCAN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.ce.CeTaskCharacteristicDto.BRANCH_KEY;
import static org.sonar.db.ce.CeTaskCharacteristicDto.BRANCH_TYPE_KEY;
import static org.sonar.db.component.BranchType.BRANCH;
@@ -300,7 +298,7 @@ public class TaskActionTest {
@Test
public void get_project_queue_task_with_scan_permission_on_project() {
UserDto user = db.users().insertUser();
userSession.logIn(user).addProjectPermission(GlobalPermissions.SCAN_EXECUTION, privateProject);
userSession.logIn(user).addProjectPermission(GlobalPermission.SCAN.getKey(), privateProject);
CeQueueDto task = createAndPersistQueueTask(privateProject, user);

call(task.getUuid());
@@ -331,7 +329,7 @@ public class TaskActionTest {
@Test
public void get_project_queue_task_on_public_project() {
UserDto user = db.users().insertUser();
userSession.logIn(user).addProjectPermission(SCAN_EXECUTION, privateProject);
userSession.logIn(user).addProjectPermission(GlobalPermission.SCAN.getKey(), privateProject);
CeQueueDto task = createAndPersistQueueTask(privateProject, user);

call(task.getUuid());
@@ -379,7 +377,7 @@ public class TaskActionTest {

@Test
public void get_project_archived_task_with_scan_permission_on_project() {
userSession.logIn().addProjectPermission(GlobalPermissions.SCAN_EXECUTION, privateProject);
userSession.logIn().addProjectPermission(GlobalPermission.SCAN.getKey(), privateProject);
CeActivityDto task = createAndPersistArchivedTask(privateProject);

call(task.getUuid());
@@ -458,7 +456,7 @@ public class TaskActionTest {

@Test
public void get_warnings_on_private_project_archived_task_if_scan() {
userSession.logIn().addProjectPermission(SCAN_EXECUTION, privateProject);
userSession.logIn().addProjectPermission(GlobalPermission.SCAN.getKey(), privateProject);

getWarningsImpl(createAndPersistArchivedTask(privateProject));
}

+ 16
- 16
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java Просмотреть файл

@@ -27,7 +27,6 @@ import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.util.SequenceUuidFactory;
import org.sonar.core.util.Uuids;
import org.sonar.db.DbTester;
@@ -44,6 +43,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.Assertions.fail;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_PROFILES;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;

public class GroupPermissionChangerTest {
@@ -69,18 +69,18 @@ public class GroupPermissionChangerTest {
public void apply_adds_global_permission_to_group() {
GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupUuid, permissionService));
apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_PROFILES.getKey(), null, groupUuid, permissionService));

assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_PROFILES.getKey());
}

@Test
public void apply_adds_global_permission_to_group_AnyOne() {
GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupUuid, permissionService));
apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_PROFILES.getKey(), null, groupUuid, permissionService));

assertThat(db.users().selectAnyonePermissions(null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
assertThat(db.users().selectAnyonePermissions(null)).containsOnly(ADMINISTER_QUALITY_PROFILES.getKey());
}

@Test
@@ -134,7 +134,7 @@ public class GroupPermissionChangerTest {

@Test
public void apply_adds_permission_SCAN_EXECUTION_to_group_on_private_project() {
applyAddsPermissionToGroupOnPrivateProject(GlobalPermissions.SCAN_EXECUTION);
applyAddsPermissionToGroupOnPrivateProject(GlobalPermission.SCAN.getKey());
}

private void applyAddsPermissionToGroupOnPrivateProject(String permission) {
@@ -168,7 +168,7 @@ public class GroupPermissionChangerTest {

@Test
public void apply_removes_permission_SCAN_EXECUTION_from_on_private_project() {
applyRemovesPermissionFromGroupOnPrivateProject(GlobalPermissions.SCAN_EXECUTION);
applyRemovesPermissionFromGroupOnPrivateProject(GlobalPermission.SCAN.getKey());
}

private void applyRemovesPermissionFromGroupOnPrivateProject(String permission) {
@@ -220,9 +220,9 @@ public class GroupPermissionChangerTest {
public void apply_adds_permission_SCAN_EXECUTION_to_group_AnyOne_on_a_public_project() {
GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.SCAN_EXECUTION, publicProject, groupUuid, permissionService));
apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermission.SCAN.getKey(), publicProject, groupUuid, permissionService));

assertThat(db.users().selectAnyonePermissions(publicProject)).containsOnly(GlobalPermissions.SCAN_EXECUTION);
assertThat(db.users().selectAnyonePermissions(publicProject)).containsOnly(GlobalPermission.SCAN.getKey());
}

@Test
@@ -255,7 +255,7 @@ public class GroupPermissionChangerTest {

@Test
public void apply_removes_SCAN_EXECUTION_permission_from_group_AnyOne_on_a_public_project() {
applyRemovesPermissionFromGroupAnyOneOnAPublicProject(GlobalPermissions.SCAN_EXECUTION);
applyRemovesPermissionFromGroupAnyOneOnAPublicProject(GlobalPermission.SCAN.getKey());
}

private void applyRemovesPermissionFromGroupAnyOneOnAPublicProject(String permission) {
@@ -289,10 +289,10 @@ public class GroupPermissionChangerTest {
public void add_permission_to_anyone() {
GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupUuid, permissionService));
apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_PROFILES.getKey(), null, groupUuid, permissionService));

assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
assertThat(db.users().selectAnyonePermissions(null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);
assertThat(db.users().selectAnyonePermissions(null)).containsOnly(ADMINISTER_QUALITY_PROFILES.getKey());
}

@Test
@@ -311,7 +311,7 @@ public class GroupPermissionChangerTest {

permissionService.getGlobalPermissions().stream()
.map(GlobalPermission::getKey)
.filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm))
.filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermission.SCAN.getKey().equals(perm))
.forEach(perm -> {
try {
new GroupPermissionChange(PermissionChange.Operation.ADD, perm, privateProject, groupUuid, permissionService);
@@ -329,7 +329,7 @@ public class GroupPermissionChangerTest {

permissionService.getGlobalPermissions().stream()
.map(GlobalPermission::getKey)
.filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm))
.filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermission.SCAN.getKey().equals(perm))
.forEach(perm -> {
try {
new GroupPermissionChange(PermissionChange.Operation.ADD, perm, publicProject, groupUuid, permissionService);
@@ -347,7 +347,7 @@ public class GroupPermissionChangerTest {

permissionService.getAllProjectPermissions()
.stream()
.filter(perm -> !GlobalPermissions.SCAN_EXECUTION.equals(perm) && !GlobalPermission.ADMINISTER.getKey().equals(perm))
.filter(perm -> !GlobalPermission.SCAN.getKey().equals(perm) && !GlobalPermission.ADMINISTER.getKey().equals(perm))
.forEach(permission -> {
try {
new GroupPermissionChange(PermissionChange.Operation.ADD, permission, null, groupUuid, permissionService);
@@ -407,7 +407,7 @@ public class GroupPermissionChangerTest {
GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);
db.users().insertPermissionOnGroup(group, ADMINISTER);
UserDto admin = db.users().insertUser();
db.users().insertPermissionOnUser(admin, ADMINISTER);
db.users().insertGlobalPermissionOnUser(admin, ADMINISTER);

apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupUuid, permissionService));


+ 46
- 48
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java Просмотреть файл

@@ -31,6 +31,7 @@ import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.permission.template.PermissionTemplateDbTester;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.user.GroupDto;
@@ -46,9 +47,6 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.sonar.api.resources.Qualifiers.APP;
import static org.sonar.api.resources.Qualifiers.PROJECT;
import static org.sonar.api.resources.Qualifiers.VIEW;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.GlobalPermission.SCAN;

public class PermissionTemplateServiceTest {

@@ -101,7 +99,7 @@ public class PermissionTemplateServiceTest {
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));

assertThat(selectProjectPermissionsOfGroup(null, publicProject))
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -116,7 +114,7 @@ public class PermissionTemplateServiceTest {
underTest.applyDefaultToNewComponent(session, publicProject, null);

assertThat(selectProjectPermissionsOfGroup(null, publicProject))
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -131,7 +129,7 @@ public class PermissionTemplateServiceTest {
underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));

assertThat(selectProjectPermissionsOfGroup(group, privateProject))
.containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -147,7 +145,7 @@ public class PermissionTemplateServiceTest {
underTest.applyDefaultToNewComponent(session, privateProject, null);

assertThat(selectProjectPermissionsOfGroup(group, privateProject))
.containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -162,7 +160,7 @@ public class PermissionTemplateServiceTest {
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));

assertThat(selectProjectPermissionsOfGroup(group, publicProject))
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -178,7 +176,7 @@ public class PermissionTemplateServiceTest {
underTest.applyDefaultToNewComponent(session, publicProject, null);

assertThat(selectProjectPermissionsOfGroup(group, publicProject))
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -193,7 +191,7 @@ public class PermissionTemplateServiceTest {
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));

assertThat(selectProjectPermissionsOfUser(user, publicProject))
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -209,7 +207,7 @@ public class PermissionTemplateServiceTest {
underTest.applyDefaultToNewComponent(session, publicProject, null);

assertThat(selectProjectPermissionsOfUser(user, publicProject))
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -224,7 +222,7 @@ public class PermissionTemplateServiceTest {
underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));

assertThat(selectProjectPermissionsOfUser(user, privateProject))
.containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -240,7 +238,7 @@ public class PermissionTemplateServiceTest {
underTest.applyDefaultToNewComponent(session, privateProject, null);

assertThat(selectProjectPermissionsOfUser(user, privateProject))
.containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -256,7 +254,7 @@ public class PermissionTemplateServiceTest {
underTest.applyDefaultToNewComponent(session, publicProject, user.getUuid());

assertThat(selectProjectPermissionsOfUser(user, publicProject))
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -272,7 +270,7 @@ public class PermissionTemplateServiceTest {
underTest.applyDefaultToNewComponent(session, privateProject, user.getUuid());

assertThat(selectProjectPermissionsOfUser(user, privateProject))
.containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
.containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermission.SCAN.getKey());
}

@Test
@@ -280,14 +278,14 @@ public class PermissionTemplateServiceTest {
ComponentDto portfolio = dbTester.components().insertPrivatePortfolio();
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, ADMINISTER.getKey());
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);

underTest.applyDefaultToNewComponent(session, portfolio, null);

assertThat(selectProjectPermissionsOfGroup(group, portfolio))
.containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
.containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
}

@Test
@@ -296,14 +294,14 @@ public class PermissionTemplateServiceTest {
PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
PermissionTemplateDto appPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, ADMINISTER.getKey());
dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, appPermissionTemplate, null);

underTest.applyDefaultToNewComponent(session, view, null);

assertThat(selectProjectPermissionsOfGroup(group, view))
.containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
.containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
}

@Test
@@ -312,14 +310,14 @@ public class PermissionTemplateServiceTest {
PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
PermissionTemplateDto portPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, ADMINISTER.getKey());
dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, portPermissionTemplate);

underTest.applyDefaultToNewComponent(session, view, null);

assertThat(selectProjectPermissionsOfGroup(group, view))
.containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
.containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
}

@Test
@@ -327,12 +325,12 @@ public class PermissionTemplateServiceTest {
ComponentDto view = dbTester.components().insertPrivatePortfolio();
PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, null);

underTest.applyDefaultToNewComponent(session, view, null);

assertThat(selectProjectPermissionsOfGroup(group, view)).containsOnly(PROVISION_PROJECTS.getKey());
assertThat(selectProjectPermissionsOfGroup(group, view)).containsOnly(GlobalPermission.PROVISION_PROJECTS.getKey());
}

@Test
@@ -340,14 +338,14 @@ public class PermissionTemplateServiceTest {
ComponentDto application = dbTester.components().insertPublicApplication();
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, ADMINISTER.getKey());
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(permissionTemplate, null, null);

underTest.applyDefaultToNewComponent(session, application, null);

assertThat(selectProjectPermissionsOfGroup(group, application))
.containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
.containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
}

@Test
@@ -357,14 +355,14 @@ public class PermissionTemplateServiceTest {
PermissionTemplateDto appPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
PermissionTemplateDto portPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, ADMINISTER.getKey());
dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.ADMINISTER.getKey());
dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, appPermissionTemplate, portPermissionTemplate);

underTest.applyDefaultToNewComponent(session, application, null);

assertThat(selectProjectPermissionsOfGroup(group, application))
.containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
.containsOnly(GlobalPermission.ADMINISTER.getKey(), GlobalPermission.PROVISION_PROJECTS.getKey());
}

@Test
@@ -372,12 +370,12 @@ public class PermissionTemplateServiceTest {
ComponentDto application = dbTester.components().insertPublicApplication();
PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate();
GroupDto group = dbTester.users().insertGroup();
dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, GlobalPermission.PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().setDefaultTemplates(projectPermissionTemplate, null, null);

underTest.applyDefaultToNewComponent(session, application, null);

assertThat(selectProjectPermissionsOfGroup(group, application)).containsOnly(PROVISION_PROJECTS.getKey());
assertThat(selectProjectPermissionsOfGroup(group, application)).containsOnly(GlobalPermission.PROVISION_PROJECTS.getKey());
}

@Test
@@ -386,17 +384,17 @@ public class PermissionTemplateServiceTest {
ComponentDto project = dbTester.components().insertPrivateProject();
GroupDto adminGroup = dbTester.users().insertGroup();
GroupDto userGroup = dbTester.users().insertGroup();
dbTester.users().insertPermissionOnGroup(adminGroup, "admin");
dbTester.users().insertPermissionOnGroup(userGroup, "user");
dbTester.users().insertPermissionOnUser(user, "admin");
dbTester.users().insertPermissionOnGroup(adminGroup, GlobalPermission.ADMINISTER.getKey());
dbTester.users().insertPermissionOnGroup(userGroup, UserRole.USER);
dbTester.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate();
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, "admin");
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, "issueadmin");
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, "user");
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, "codeviewer");
dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "user");
dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "codeviewer");
dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "admin");
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, GlobalPermission.ADMINISTER.getKey());
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, UserRole.ISSUE_ADMIN);
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, UserRole.USER);
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, UserRole.CODEVIEWER);
dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, UserRole.USER);
dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, UserRole.CODEVIEWER);
dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, GlobalPermission.ADMINISTER.getKey());

assertThat(selectProjectPermissionsOfGroup(adminGroup, project)).isEmpty();
assertThat(selectProjectPermissionsOfGroup(userGroup, project)).isEmpty();
@@ -405,10 +403,10 @@ public class PermissionTemplateServiceTest {

underTest.applyAndCommit(session, permissionTemplate, singletonList(project));

assertThat(selectProjectPermissionsOfGroup(adminGroup, project)).containsOnly("admin", "issueadmin");
assertThat(selectProjectPermissionsOfGroup(userGroup, project)).containsOnly("user", "codeviewer");
assertThat(selectProjectPermissionsOfGroup(adminGroup, project)).containsOnly(GlobalPermission.ADMINISTER.getKey(), UserRole.ISSUE_ADMIN);
assertThat(selectProjectPermissionsOfGroup(userGroup, project)).containsOnly(UserRole.USER, UserRole.CODEVIEWER);
assertThat(selectProjectPermissionsOfGroup(null, project)).isEmpty();
assertThat(selectProjectPermissionsOfUser(user, project)).containsOnly("admin");
assertThat(selectProjectPermissionsOfUser(user, project)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}

private List<String> selectProjectPermissionsOfGroup(@Nullable GroupDto groupDto, ComponentDto project) {
@@ -427,7 +425,7 @@ public class PermissionTemplateServiceTest {
dbTester.users().insertMember(group, user);
PermissionTemplateDto template = templateDb.insertTemplate();
dbTester.permissionTemplates().setDefaultTemplates(template, null, null);
templateDb.addProjectCreatorToTemplate(template.getUuid(), SCAN.getKey(), template.getName());
templateDb.addProjectCreatorToTemplate(template.getUuid(), GlobalPermission.SCAN.getKey(), template.getName());
templateDb.addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.USER, template.getName(), user.getLogin());
templateDb.addGroupToTemplate(template.getUuid(), group.getUuid(), UserRole.CODEVIEWER, template.getName(), group.getName());
templateDb.addGroupToTemplate(template.getUuid(), null, UserRole.ISSUE_ADMIN, template.getName(), null);

+ 48
- 57
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java Просмотреть файл

@@ -26,6 +26,7 @@ import org.junit.Test;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
import org.sonar.core.util.SequenceUuidFactory;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
@@ -38,16 +39,6 @@ import org.sonar.server.exceptions.BadRequestException;

import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.server.permission.PermissionChange.Operation.ADD;
import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;

@@ -87,9 +78,9 @@ public class UserPermissionChangerTest {
@Test
public void apply_removes_any_global_permission_to_user() {
// give ADMIN perm to user2 so that user1 is not the only one with this permission and it can be removed from user1
db.users().insertPermissionOnUser(user2, GlobalPermission.ADMINISTER);
db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.ADMINISTER);
permissionService.getGlobalPermissions()
.forEach(perm -> db.users().insertPermissionOnUser(user1, perm));
.forEach(perm -> db.users().insertGlobalPermissionOnUser(user1, perm));
assertThat(db.users().selectPermissionsOfUser(user1))
.containsOnly(permissionService.getGlobalPermissions().toArray(new GlobalPermission[0]));

@@ -105,35 +96,35 @@ public class UserPermissionChangerTest {

@Test
public void apply_has_no_effect_when_adding_permission_USER_on_a_public_project() {
UserPermissionChange change = new UserPermissionChange(ADD, USER, publicProject, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(ADD, UserRole.USER, publicProject, UserIdDto.from(user1), permissionService);

apply(change);

assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).doesNotContain(USER);
assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).doesNotContain(UserRole.USER);
}

@Test
public void apply_has_no_effect_when_adding_permission_CODEVIEWER_on_a_public_project() {
UserPermissionChange change = new UserPermissionChange(ADD, CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(ADD, UserRole.CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);

apply(change);

assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).doesNotContain(CODEVIEWER);
assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).doesNotContain(UserRole.CODEVIEWER);
}

@Test
public void apply_adds_permission_ADMIN_on_a_public_project() {
applyAddsPermissionOnAPublicProject(ADMIN);
applyAddsPermissionOnAPublicProject(UserRole.ADMIN);
}

@Test
public void apply_adds_permission_ISSUE_ADMIN_on_a_public_project() {
applyAddsPermissionOnAPublicProject(ISSUE_ADMIN);
applyAddsPermissionOnAPublicProject(UserRole.ISSUE_ADMIN);
}

@Test
public void apply_adds_permission_SCAN_EXECUTION_on_a_public_project() {
applyAddsPermissionOnAPublicProject(SCAN_EXECUTION);
applyAddsPermissionOnAPublicProject(GlobalPermission.SCAN.getKey());
}

private void applyAddsPermissionOnAPublicProject(String permission) {
@@ -146,7 +137,7 @@ public class UserPermissionChangerTest {

@Test
public void apply_fails_with_BadRequestException_when_removing_permission_USER_from_a_public_project() {
UserPermissionChange change = new UserPermissionChange(REMOVE, USER, publicProject, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.USER, publicProject, UserIdDto.from(user1), permissionService);

assertThatThrownBy(() -> apply(change))
.isInstanceOf(BadRequestException.class)
@@ -155,7 +146,7 @@ public class UserPermissionChangerTest {

@Test
public void apply_fails_with_BadRequestException_when_removing_permission_CODEVIEWER_from_a_public_project() {
UserPermissionChange change = new UserPermissionChange(REMOVE, CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);

assertThatThrownBy(() -> apply(change))
.isInstanceOf(BadRequestException.class)
@@ -164,17 +155,17 @@ public class UserPermissionChangerTest {

@Test
public void apply_removes_permission_ADMIN_from_a_public_project() {
applyRemovesPermissionFromPublicProject(ADMIN);
applyRemovesPermissionFromPublicProject(UserRole.ADMIN);
}

@Test
public void apply_removes_permission_ISSUE_ADMIN_from_a_public_project() {
applyRemovesPermissionFromPublicProject(ISSUE_ADMIN);
applyRemovesPermissionFromPublicProject(UserRole.ISSUE_ADMIN);
}

@Test
public void apply_removes_permission_SCAN_EXECUTION_from_a_public_project() {
applyRemovesPermissionFromPublicProject(SCAN_EXECUTION);
applyRemovesPermissionFromPublicProject(GlobalPermission.SCAN.getKey());
}

private void applyRemovesPermissionFromPublicProject(String permission) {
@@ -215,11 +206,11 @@ public class UserPermissionChangerTest {

@Test
public void add_global_permission_to_user() {
UserPermissionChange change = new UserPermissionChange(ADD, SCAN_EXECUTION, null, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(ADD, GlobalPermission.SCAN.getKey(), null, UserIdDto.from(user1), permissionService);

apply(change);

assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(SCAN);
assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(GlobalPermission.SCAN);
assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).isEmpty();
assertThat(db.users().selectPermissionsOfUser(user2)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).isEmpty();
@@ -227,29 +218,29 @@ public class UserPermissionChangerTest {

@Test
public void add_project_permission_to_user() {
UserPermissionChange change = new UserPermissionChange(ADD, ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(ADD, UserRole.ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
apply(change);

assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).contains(ISSUE_ADMIN);
assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).contains(UserRole.ISSUE_ADMIN);
assertThat(db.users().selectPermissionsOfUser(user2)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).isEmpty();
}

@Test
public void do_nothing_when_adding_global_permission_that_already_exists() {
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES);

UserPermissionChange change = new UserPermissionChange(ADD, QUALITY_GATE_ADMIN, null, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(ADD, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), null, UserIdDto.from(user1), permissionService);
apply(change);

assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(ADMINISTER_QUALITY_GATES);
assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(GlobalPermission.ADMINISTER_QUALITY_GATES);
}

@Test
public void fail_to_add_global_permission_on_project() {
assertThatThrownBy(() -> {
UserPermissionChange change = new UserPermissionChange(ADD, QUALITY_GATE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(ADD, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), privateProject, UserIdDto.from(user1), permissionService);
apply(change);
})
.isInstanceOf(BadRequestException.class)
@@ -259,7 +250,7 @@ public class UserPermissionChangerTest {
@Test
public void fail_to_add_project_permission() {
assertThatThrownBy(() -> {
UserPermissionChange change = new UserPermissionChange(ADD, ISSUE_ADMIN, null, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(ADD, UserRole.ISSUE_ADMIN, null, UserIdDto.from(user1), permissionService);
apply(change);
})
.isInstanceOf(BadRequestException.class)
@@ -268,39 +259,39 @@ public class UserPermissionChangerTest {

@Test
public void remove_global_permission_from_user() {
db.users().insertPermissionOnUser(user1, QUALITY_GATE_ADMIN);
db.users().insertPermissionOnUser(user1, SCAN_EXECUTION);
db.users().insertPermissionOnUser(user2, QUALITY_GATE_ADMIN);
db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, privateProject);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.ADMINISTER_QUALITY_GATES);
db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, privateProject);

UserPermissionChange change = new UserPermissionChange(REMOVE, QUALITY_GATE_ADMIN, null, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), null, UserIdDto.from(user1), permissionService);
apply(change);

assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(SCAN);
assertThat(db.users().selectPermissionsOfUser(user2)).containsOnly(ADMINISTER_QUALITY_GATES);
assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(ISSUE_ADMIN);
assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(GlobalPermission.SCAN);
assertThat(db.users().selectPermissionsOfUser(user2)).containsOnly(GlobalPermission.ADMINISTER_QUALITY_GATES);
assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(UserRole.ISSUE_ADMIN);
}

@Test
public void remove_project_permission_from_user() {
ComponentDto project2 = db.components().insertPrivateProject();
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);
db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, privateProject);
db.users().insertProjectPermissionOnUser(user1, USER, privateProject);
db.users().insertProjectPermissionOnUser(user2, ISSUE_ADMIN, privateProject);
db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, project2);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES);
db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, privateProject);
db.users().insertProjectPermissionOnUser(user1, UserRole.USER, privateProject);
db.users().insertProjectPermissionOnUser(user2, UserRole.ISSUE_ADMIN, privateProject);
db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, project2);

UserPermissionChange change = new UserPermissionChange(REMOVE, ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
apply(change);

assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(USER);
assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).containsOnly(ISSUE_ADMIN);
assertThat(db.users().selectProjectPermissionsOfUser(user1, project2)).containsOnly(ISSUE_ADMIN);
assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(UserRole.USER);
assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).containsOnly(UserRole.ISSUE_ADMIN);
assertThat(db.users().selectProjectPermissionsOfUser(user1, project2)).containsOnly(UserRole.ISSUE_ADMIN);
}

@Test
public void do_not_fail_if_removing_a_global_permission_that_does_not_exist() {
UserPermissionChange change = new UserPermissionChange(REMOVE, QUALITY_GATE_ADMIN, null, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), null, UserIdDto.from(user1), permissionService);
apply(change);

assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();
@@ -308,7 +299,7 @@ public class UserPermissionChangerTest {

@Test
public void do_not_fail_if_removing_a_project_permission_that_does_not_exist() {
UserPermissionChange change = new UserPermissionChange(REMOVE, ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);
apply(change);

assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).isEmpty();
@@ -316,10 +307,10 @@ public class UserPermissionChangerTest {

@Test
public void fail_to_remove_admin_global_permission_if_no_more_admins() {
db.users().insertPermissionOnUser(user1, SYSTEM_ADMIN);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER);

assertThatThrownBy(() -> {
UserPermissionChange change = new UserPermissionChange(REMOVE, SYSTEM_ADMIN, null, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER.getKey(), null, UserIdDto.from(user1), permissionService);
underTest.apply(db.getSession(), change);
})
.isInstanceOf(BadRequestException.class)
@@ -328,12 +319,12 @@ public class UserPermissionChangerTest {

@Test
public void remove_admin_user_if_still_other_admins() {
db.users().insertPermissionOnUser(user1, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER);
GroupDto admins = db.users().insertGroup("admins");
db.users().insertMember(admins, user2);
db.users().insertPermissionOnGroup(admins, ADMINISTER);
db.users().insertPermissionOnGroup(admins, GlobalPermission.ADMINISTER);

UserPermissionChange change = new UserPermissionChange(REMOVE, ADMINISTER.getKey(), null, UserIdDto.from(user1), permissionService);
UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER.getKey(), null, UserIdDto.from(user1), permissionService);
underTest.apply(db.getSession(), change);

assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();

+ 25
- 31
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java Просмотреть файл

@@ -28,6 +28,7 @@ import org.sonar.api.web.UserRole;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
@@ -41,17 +42,10 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.Assertions.fail;
import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newDirectory;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
import static org.sonar.db.component.ComponentTesting.newSubPortfolio;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
@@ -90,7 +84,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {

newRequest()
.setParam(PARAM_GROUP_NAME, "sonar-administrators")
.setParam(PARAM_PERMISSION, ADMINISTER.getKey())
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();

assertThat(db.users().selectGroupPermissions(group, null)).containsOnly("admin");
@@ -103,7 +97,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {

newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PERMISSION, PROVISION_PROJECTS.getKey())
.setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.execute();

assertThat(db.users().selectGroupPermissions(group, null)).containsOnly("provisioning");
@@ -119,11 +113,11 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, A_PROJECT_UUID)
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();

assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}

@Test
@@ -135,11 +129,11 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_KEY, A_PROJECT_KEY)
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();

assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}

@Test
@@ -151,11 +145,11 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, portfolio.uuid())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();

assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();
assertThat(db.users().selectGroupPermissions(group, portfolio)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectGroupPermissions(group, portfolio)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}

@Test
@@ -167,7 +161,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, "not-found")
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class);
@@ -205,7 +199,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, file.uuid())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class)
@@ -234,7 +228,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, file.uuid())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class);
@@ -248,7 +242,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setMethod("GET")
.setParam(PARAM_GROUP_NAME, "sonar-administrators")
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(ServerException.class);
@@ -260,7 +254,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(IllegalArgumentException.class)
@@ -302,7 +296,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
@@ -314,12 +308,12 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
@Test
public void adding_global_permission_fails_if_not_administrator() {
GroupDto group = db.users().insertGroup("sonar-administrators");
userSession.logIn().addPermission(SCAN);
userSession.logIn().addPermission(GlobalPermission.SCAN);

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PERMISSION, PROVISION_PROJECTS.getKey())
.setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
@@ -334,7 +328,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PERMISSION, PROVISION_PROJECTS.getKey())
.setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
})
@@ -353,10 +347,10 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();

assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(ISSUE_ADMIN);
assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(UserRole.ISSUE_ADMIN);
}

@Test
@@ -387,7 +381,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_GROUP_NAME, "anyone")
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, USER)
.setParam(PARAM_PERMISSION, UserRole.USER)
.execute();

assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
@@ -401,7 +395,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_GROUP_NAME, "anyone")
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, CODEVIEWER)
.setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();

assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
@@ -416,7 +410,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, USER)
.setParam(PARAM_PERMISSION, UserRole.USER)
.execute();

assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
@@ -431,7 +425,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, CODEVIEWER)
.setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();

assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
@@ -448,7 +442,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
newRequest()
.setParam(PARAM_PROJECT_ID, branch.uuid())
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
})
.isInstanceOf(NotFoundException.class)

+ 23
- 27
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java Просмотреть файл

@@ -28,6 +28,7 @@ import org.sonar.api.web.UserRole;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
@@ -41,14 +42,9 @@ import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.Mockito.mock;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newDirectory;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newSubPortfolio;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
@@ -78,10 +74,10 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();

assertThat(db.users().selectPermissionsOfUser(user)).containsOnly(ADMINISTER);
assertThat(db.users().selectPermissionsOfUser(user)).containsOnly(GlobalPermission.ADMINISTER);
}

@Test
@@ -92,11 +88,11 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();

assertThat(db.users().selectPermissionsOfUser(user)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}

@Test
@@ -107,11 +103,11 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();

assertThat(db.users().selectPermissionsOfUser(user)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}

@Test
@@ -122,11 +118,11 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, view.uuid())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();

assertThat(db.users().selectPermissionsOfUser(user)).isEmpty();
assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(SYSTEM_ADMIN);
assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}

@Test
@@ -137,7 +133,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, "unknown-project-uuid")
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class);
@@ -174,7 +170,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, file.uuid())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class)
@@ -204,7 +200,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, "file-uuid")
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class);
@@ -218,7 +214,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
newRequest()
.setMethod("GET")
.setParam(PARAM_USER_LOGIN, "george.orwell")
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(ServerException.class);
@@ -230,7 +226,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(IllegalArgumentException.class);
@@ -255,7 +251,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, "project-uuid")
.setParam(PARAM_PROJECT_KEY, "project-key")
@@ -272,7 +268,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
@@ -285,7 +281,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

TestRequest request = newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_KEY, project.getKey());

assertThatThrownBy(() -> request.execute())
@@ -299,7 +295,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

TestRequest request = newRequest()
.setParam(PARAM_USER_LOGIN, "unknown")
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_KEY, project.getKey());
assertThatThrownBy(() -> request.execute())
.isInstanceOf(ForbiddenException.class);
@@ -311,7 +307,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
userSession.logIn();

TestRequest request = newRequest()
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_KEY, project.getKey());

assertThatThrownBy(() -> request.execute())
@@ -333,7 +329,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();

assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(ISSUE_ADMIN);
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(UserRole.ISSUE_ADMIN);
}

@Test
@@ -344,7 +340,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, USER)
.setParam(PARAM_PERMISSION, UserRole.USER)
.execute();

assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
@@ -358,7 +354,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, CODEVIEWER)
.setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();

assertThat(db.users().selectAnyonePermissions(project)).isEmpty();
@@ -373,7 +369,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
TestRequest request = newRequest()
.setParam(PARAM_PROJECT_ID, branch.uuid())
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN);
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey());

assertThatThrownBy(() -> request.execute())
.isInstanceOf(NotFoundException.class)

+ 26
- 29
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java Просмотреть файл

@@ -26,9 +26,11 @@ import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.WebService.Action;
import org.sonar.api.web.UserRole;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
@@ -44,12 +46,7 @@ import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.api.server.ws.WebService.Param.PAGE;
import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
@@ -76,10 +73,10 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
group1 = db.users().insertGroup("group-1-name");
group2 = db.users().insertGroup("group-2-name");
GroupDto group3 = db.users().insertGroup("group-3-name");
db.users().insertPermissionOnGroup(group1, SCAN);
db.users().insertPermissionOnGroup(group2, SCAN);
db.users().insertPermissionOnGroup(group3, ADMINISTER);
db.users().insertPermissionOnAnyone(SCAN);
db.users().insertPermissionOnGroup(group1, GlobalPermission.SCAN);
db.users().insertPermissionOnGroup(group2, GlobalPermission.SCAN);
db.users().insertPermissionOnGroup(group3, GlobalPermission.ADMINISTER);
db.users().insertPermissionOnAnyone(GlobalPermission.SCAN);
db.commit();
}

@@ -100,7 +97,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
loginAsAdmin();

String json = newRequest()
.setParam(PARAM_PERMISSION, SCAN.getKey())
.setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.execute()
.getInput();
assertJson(json).isSimilarTo("{\n" +
@@ -138,7 +135,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
public void search_with_selection() {
loginAsAdmin();
String result = newRequest()
.setParam(PARAM_PERMISSION, SCAN.getKey())
.setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.execute()
.getInput();

@@ -149,7 +146,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
public void search_groups_with_pagination() {
loginAsAdmin();
String result = newRequest()
.setParam(PARAM_PERMISSION, SCAN.getKey())
.setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.setParam(PAGE_SIZE, "1")
.setParam(PAGE, "3")
.execute()
@@ -164,7 +161,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
public void search_groups_with_query() {
loginAsAdmin();
String result = newRequest()
.setParam(PARAM_PERMISSION, SCAN.getKey())
.setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.setParam(TEXT_QUERY, "group-")
.execute()
.getInput();
@@ -178,17 +175,17 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
public void search_groups_with_project_permissions() {
ComponentDto project = db.components().insertPrivateProject();
GroupDto group = db.users().insertGroup("project-group-name");
db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);

ComponentDto anotherProject = db.components().insertPrivateProject();
GroupDto anotherGroup = db.users().insertGroup("another-project-group-name");
db.users().insertProjectPermissionOnGroup(anotherGroup, ISSUE_ADMIN, anotherProject);
db.users().insertProjectPermissionOnGroup(anotherGroup, UserRole.ISSUE_ADMIN, anotherProject);

GroupDto groupWithoutPermission = db.users().insertGroup("group-without-permission");

userSession.logIn().addProjectPermission(ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
String result = newRequest()
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, project.uuid())
.execute()
.getInput();
@@ -202,14 +199,14 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
public void return_also_groups_without_permission_when_search_query() {
ComponentDto project = db.components().insertPrivateProject();
GroupDto group = db.users().insertGroup("group-with-permission");
db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);

GroupDto groupWithoutPermission = db.users().insertGroup("group-without-permission");
GroupDto anotherGroup = db.users().insertGroup("another-group");

loginAsAdmin();
String result = newRequest()
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(TEXT_QUERY, "group-with")
.execute()
@@ -224,13 +221,13 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
public void return_only_groups_with_permission_when_no_search_query() {
ComponentDto project = db.components().insertComponent(newPrivateProjectDto("project-uuid"));
GroupDto group = db.users().insertGroup("project-group-name");
db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);

GroupDto groupWithoutPermission = db.users().insertGroup("group-without-permission");

loginAsAdmin();
String result = newRequest()
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, project.uuid())
.execute()
.getInput();
@@ -243,7 +240,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
public void return_anyone_group_when_search_query_and_no_param_permission() {
ComponentDto project = db.components().insertPrivateProject();
GroupDto group = db.users().insertGroup("group-with-permission");
db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);

loginAsAdmin();
String result = newRequest()
@@ -259,11 +256,11 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
public void search_groups_on_views() {
ComponentDto view = db.components().insertComponent(ComponentTesting.newPortfolio("view-uuid").setKey("view-key"));
GroupDto group = db.users().insertGroup("project-group-name");
db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, view);
db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, view);

loginAsAdmin();
String result = newRequest()
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, "view-uuid")
.execute()
.getInput();
@@ -280,7 +277,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
userSession.anonymous();

newRequest()
.setParam(PARAM_PERMISSION, SCAN.getKey())
.setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.execute();
})
.isInstanceOf(UnauthorizedException.class);
@@ -291,7 +288,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
assertThatThrownBy(() -> {
userSession.logIn("login");
newRequest()
.setParam(PARAM_PERMISSION, SCAN.getKey())
.setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
@@ -304,7 +301,7 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
assertThatThrownBy(() -> {
loginAsAdmin();
newRequest()
.setParam(PARAM_PERMISSION, SCAN_EXECUTION)
.setParam(PARAM_PERMISSION, GlobalPermission.SCAN.getKey())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
@@ -317,12 +314,12 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
ComponentDto project = db.components().insertPublicProject();
ComponentDto branch = db.components().insertProjectBranch(project);
GroupDto group = db.users().insertGroup();
db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, project);
loginAsAdmin();

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, branch.uuid())
.execute();
})

+ 42
- 49
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java Просмотреть файл

@@ -29,6 +29,7 @@ import org.sonar.api.web.UserRole;
import org.sonar.core.util.Uuids;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.db.user.GroupDto;
import org.sonar.server.exceptions.BadRequestException;
@@ -41,17 +42,9 @@ import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newDirectory;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newSubPortfolio;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
@@ -88,80 +81,80 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio

@Test
public void remove_permission_using_group_name() {
db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS);
db.users().insertPermissionOnGroup(aGroup, GlobalPermission.ADMINISTER);
db.users().insertPermissionOnGroup(aGroup, GlobalPermission.PROVISION_PROJECTS);
loginAsAdmin();

newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PERMISSION, PROVISIONING)
.setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.execute();

assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(GlobalPermission.ADMINISTER.getKey());
}

@Test
public void remove_project_permission() {
ComponentDto project = db.components().insertPrivateProject();
db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, project);
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project);
db.users().insertPermissionOnGroup(aGroup, GlobalPermission.ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ADMIN, project);
db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ISSUE_ADMIN, project);
loginAsAdmin();

newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ADMIN)
.execute();

assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(ISSUE_ADMIN);
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(GlobalPermission.ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(UserRole.ISSUE_ADMIN);
}

@Test
public void remove_with_view_uuid() {
ComponentDto view = db.components().insertPrivatePortfolio();
db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, view);
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, view);
db.users().insertPermissionOnGroup(aGroup, GlobalPermission.ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ADMIN, view);
db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ISSUE_ADMIN, view);
loginAsAdmin();

newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, view.uuid())
.setParam(PARAM_PERMISSION, ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ADMIN)
.execute();

assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, view)).containsOnly(ISSUE_ADMIN);
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(GlobalPermission.ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, view)).containsOnly(UserRole.ISSUE_ADMIN);
}

@Test
public void remove_with_project_key() {
ComponentDto project = db.components().insertPrivateProject();
db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, ADMIN, project);
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project);
db.users().insertPermissionOnGroup(aGroup, GlobalPermission.ADMINISTER);
db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ADMIN, project);
db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ISSUE_ADMIN, project);
loginAsAdmin();

newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.setParam(PARAM_PERMISSION, ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ADMIN)
.execute();

assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(ISSUE_ADMIN);
assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(GlobalPermission.ADMINISTER.getKey());
assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(UserRole.ISSUE_ADMIN);
}

@Test
public void fail_to_remove_last_admin_permission() {
db.users().insertPermissionOnGroup(aGroup, ADMINISTER);
db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS);
db.users().insertPermissionOnGroup(aGroup, GlobalPermission.ADMINISTER);
db.users().insertPermissionOnGroup(aGroup, GlobalPermission.PROVISION_PROJECTS);
loginAsAdmin();

assertThatThrownBy(() -> {
executeRequest(aGroup, SYSTEM_ADMIN);
executeRequest(aGroup, GlobalPermission.ADMINISTER.getKey());
})
.isInstanceOf(BadRequestException.class)
.hasMessage("Last group with permission 'admin'. Permission cannot be removed.");
@@ -175,7 +168,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, "unknown-project-uuid")
.setParam(PARAM_PERMISSION, ADMINISTER.getKey())
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class)
@@ -186,7 +179,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
public void fail_when_project_project_permission_without_project() {
loginAsAdmin();

assertThatThrownBy(() -> executeRequest(aGroup, ISSUE_ADMIN))
assertThatThrownBy(() -> executeRequest(aGroup, UserRole.ISSUE_ADMIN))
.isInstanceOf(BadRequestException.class)
.hasMessage("Invalid global permission 'issueadmin'. Valid values are [admin, gateadmin, profileadmin, provisioning, scan]");
}
@@ -222,7 +215,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, file.uuid())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class)
@@ -235,7 +228,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(IllegalArgumentException.class)
@@ -263,7 +256,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
@@ -286,7 +279,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PERMISSION, PROVISIONING)
.setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
@@ -300,7 +293,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PERMISSION, PROVISIONING)
.setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
})
@@ -313,17 +306,17 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
@Test
public void removing_project_permission_is_allowed_to_project_administrators() {
ComponentDto project = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnGroup(aGroup, CODEVIEWER, project);
db.users().insertProjectPermissionOnGroup(aGroup, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnGroup(aGroup, UserRole.CODEVIEWER, project);
db.users().insertProjectPermissionOnGroup(aGroup, UserRole.ISSUE_ADMIN, project);

userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
newRequest()
.setParam(PARAM_GROUP_NAME, aGroup.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();

assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(CODEVIEWER);
assertThat(db.users().selectGroupPermissions(aGroup, project)).containsOnly(UserRole.CODEVIEWER);
}

@Test
@@ -354,7 +347,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
newRequest()
.setParam(PARAM_GROUP_NAME, "anyone")
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, USER)
.setParam(PARAM_PERMISSION, UserRole.USER)
.execute();
})
.isInstanceOf(BadRequestException.class)
@@ -370,7 +363,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
newRequest()
.setParam(PARAM_GROUP_NAME, "anyone")
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, CODEVIEWER)
.setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();
})
.isInstanceOf(BadRequestException.class)
@@ -387,7 +380,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, USER)
.setParam(PARAM_PERMISSION, UserRole.USER)
.execute();
})
.isInstanceOf(BadRequestException.class)
@@ -404,7 +397,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
newRequest()
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, CODEVIEWER)
.setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();
})
.isInstanceOf(BadRequestException.class)
@@ -422,7 +415,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
newRequest()
.setParam(PARAM_PROJECT_ID, branch.uuid())
.setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class)

+ 39
- 48
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java Просмотреть файл

@@ -26,6 +26,7 @@ import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.web.UserRole;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
@@ -38,19 +39,9 @@ import org.sonar.server.ws.TestRequest;
import static java.lang.String.format;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.component.ComponentTesting.newDirectory;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.component.ComponentTesting.newSubPortfolio;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
@@ -79,28 +70,28 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>

@Test
public void remove_permission_from_user() {
db.users().insertPermissionOnUser(user, PROVISION_PROJECTS);
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER_QUALITY_GATES);
loginAsAdmin();

newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, QUALITY_GATE_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey())
.execute();

assertThat(db.users().selectPermissionsOfUser(user)).containsOnly(PROVISION_PROJECTS);
assertThat(db.users().selectPermissionsOfUser(user)).containsOnly(GlobalPermission.PROVISION_PROJECTS);
}

@Test
public void admin_can_not_remove_his_global_admin_right() {
db.users().insertPermissionOnUser(user, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
loginAsAdmin();
UserDto admin = db.users().insertUser(userSession.getLogin());
db.users().insertPermissionOnUser(admin, ADMINISTER);
db.users().insertGlobalPermissionOnUser(admin, GlobalPermission.ADMINISTER);

TestRequest request = newRequest()
.setParam(PARAM_USER_LOGIN, userSession.getLogin())
.setParam(PARAM_PERMISSION, ADMINISTER.getKey());
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey());

assertThatThrownBy(() -> request.execute())
.isInstanceOf(BadRequestException.class)
@@ -112,12 +103,12 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
loginAsAdmin();
UserDto admin = db.users().insertUser(userSession.getLogin());
ComponentDto project = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnUser(admin, ADMINISTER.getKey(), project);
db.users().insertProjectPermissionOnUser(admin, GlobalPermission.ADMINISTER.getKey(), project);

TestRequest request = newRequest()
.setParam(PARAM_USER_LOGIN, userSession.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, ADMINISTER.getKey());
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey());

assertThatThrownBy(() -> request.execute())
.isInstanceOf(BadRequestException.class)
@@ -126,13 +117,13 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>

@Test
public void fail_to_remove_admin_permission_if_last_admin() {
db.users().insertPermissionOnUser(user, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
loginAsAdmin();

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ADMIN)
.execute();
})
.isInstanceOf(BadRequestException.class)
@@ -142,49 +133,49 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
@Test
public void remove_permission_from_project() {
ComponentDto project = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project);
db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
loginAsAdmin();

newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, CODEVIEWER)
.setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();

assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(ISSUE_ADMIN);
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(UserRole.ISSUE_ADMIN);
}

@Test
public void remove_with_project_key() {
ComponentDto project = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);
db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project);
loginAsAdmin();

newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();

assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(CODEVIEWER);
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(UserRole.CODEVIEWER);
}

@Test
public void remove_with_view_uuid() {
ComponentDto view = db.components().insertPrivatePortfolio();
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, view);
db.users().insertProjectPermissionOnUser(user, ADMIN, view);
db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, view);
db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, view);
loginAsAdmin();

newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_KEY, view.getKey())
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();

assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(ADMIN);
assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(UserRole.ADMIN);
}

@Test
@@ -195,7 +186,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, "unknown-project-uuid")
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
})
.isInstanceOf(NotFoundException.class);
@@ -208,7 +199,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();
})
.isInstanceOf(BadRequestException.class);
@@ -245,7 +236,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, file.uuid())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(BadRequestException.class)
@@ -260,7 +251,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
newRequest()
.setMethod("GET")
.setParam(PARAM_USER_LOGIN, "george.orwell")
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(ServerException.class);
@@ -272,7 +263,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(IllegalArgumentException.class);
@@ -297,7 +288,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PROJECT_KEY, project.getKey())
@@ -314,7 +305,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, PROVISIONING)
.setParam(PARAM_PERMISSION, GlobalPermission.PROVISION_PROJECTS.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
@@ -328,7 +319,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
})
@@ -341,17 +332,17 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
@Test
public void removing_project_permission_is_allowed_to_project_administrators() {
ComponentDto project = db.components().insertPrivateProject();
db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project);
db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.execute();

assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(CODEVIEWER);
assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(UserRole.CODEVIEWER);
}

@Test
@@ -363,7 +354,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, USER)
.setParam(PARAM_PERMISSION, UserRole.USER)
.execute();
})
.isInstanceOf(BadRequestException.class)
@@ -380,7 +371,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
newRequest()
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PERMISSION, CODEVIEWER)
.setParam(PARAM_PERMISSION, UserRole.CODEVIEWER)
.execute();
})
.isInstanceOf(BadRequestException.class)
@@ -397,7 +388,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
newRequest()
.setParam(PARAM_PROJECT_ID, branch.uuid())
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class)

+ 24
- 30
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java Просмотреть файл

@@ -27,6 +27,7 @@ import org.sonar.api.server.ws.WebService.SelectionMode;
import org.sonar.api.web.UserRole;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
@@ -44,13 +45,6 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.sonar.api.server.ws.WebService.Param.PAGE;
import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
import static org.sonar.api.server.ws.WebService.Param.TEXT_QUERY;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_PROFILES;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.user.UserTesting.newUserDto;
import static org.sonar.test.JsonAssert.assertJson;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
@@ -75,10 +69,10 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
UserDto user1 = db.users().insertUser(newUserDto().setLogin("admin").setName("Administrator").setEmail("admin@admin.com"));
UserDto user2 = db.users().insertUser(newUserDto().setLogin("adam.west").setName("Adam West").setEmail("adamwest@adamwest.com"));
UserDto user3 = db.users().insertUser(newUserDto().setLogin("george.orwell").setName("George Orwell").setEmail("george.orwell@1984.net"));
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_PROFILES);
db.users().insertPermissionOnUser(user1, ADMINISTER);
db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);
db.users().insertPermissionOnUser(user3, SCAN);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_PROFILES);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES);
db.users().insertGlobalPermissionOnUser(user3, GlobalPermission.SCAN);

loginAsAdmin();
String result = newRequest().execute().getInput();
@@ -101,19 +95,19 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
// User has permission on project
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser(newUserDto());
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);

// User has permission on another project
ComponentDto anotherProject = db.components().insertPrivateProject();
UserDto userHavePermissionOnAnotherProject = db.users().insertUser(newUserDto());
db.users().insertProjectPermissionOnUser(userHavePermissionOnAnotherProject, ISSUE_ADMIN, anotherProject);
db.users().insertProjectPermissionOnUser(userHavePermissionOnAnotherProject, UserRole.ISSUE_ADMIN, anotherProject);

// User has no permission
UserDto withoutPermission = db.users().insertUser(newUserDto());

userSession.logIn().addProjectPermission(SYSTEM_ADMIN, project);
userSession.logIn().addProjectPermission(GlobalPermission.ADMINISTER.getKey(), project);
String result = newRequest()
.setParam(PARAM_PERMISSION, ISSUE_ADMIN)
.setParam(PARAM_PERMISSION, UserRole.ISSUE_ADMIN)
.setParam(PARAM_PROJECT_ID, project.uuid())
.execute()
.getInput();
@@ -128,7 +122,7 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
// User with permission on project
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser(newUserDto("with-permission-login", "with-permission-name", "with-permission-email"));
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);

// User without permission
UserDto withoutPermission = db.users().insertUser(newUserDto("without-permission-login", "without-permission-name", "without-permission-email"));
@@ -149,7 +143,7 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
// User with permission on project
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser(newUserDto("with-permission-login", "with-permission-name", "with-permission-email"));
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);

// User without permission
UserDto withoutPermission = db.users().insertUser(newUserDto("without-permission-login", "without-permission-name", "without-permission-email"));
@@ -166,7 +160,7 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
// User with permission on project
ComponentDto project = db.components().insertPrivateProject();
UserDto user = db.users().insertUser(newUserDto("with-permission-login", "with-permission-name", "with-permission-email"));
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);

// User without permission
UserDto withoutPermission = db.users().insertUser(newUserDto("without-permission-login", "without-permission-name", "without-permission-email"));
@@ -210,8 +204,8 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
public void search_for_users_is_paginated() {
for (int i = 9; i >= 0; i--) {
UserDto user = db.users().insertUser(newUserDto().setName("user-" + i));
db.users().insertPermissionOnUser(user, ADMINISTER);
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER_QUALITY_GATES);
}
loginAsAdmin();

@@ -252,8 +246,8 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
loginAsAdmin();
for (int i = 0; i < 30; i++) {
UserDto user = db.users().insertUser(newUserDto().setLogin("user-" + i));
db.users().insertPermissionOnUser(user, SCAN);
db.users().insertPermissionOnUser(user, PROVISION_PROJECTS);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
}

String result = newRequest()
@@ -283,7 +277,7 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {

assertThatThrownBy(() -> {
newRequest()
.setParam("permission", SYSTEM_ADMIN)
.setParam("permission", GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(ForbiddenException.class);
@@ -295,7 +289,7 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {

assertThatThrownBy(() -> {
newRequest()
.setParam("permission", SYSTEM_ADMIN)
.setParam("permission", GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(UnauthorizedException.class);
@@ -308,7 +302,7 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.setParam(PARAM_PROJECT_ID, project.uuid())
.setParam(PARAM_PROJECT_KEY, project.getKey())
.execute();
@@ -331,14 +325,14 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
UserDto user = db.users().insertUser(newUserDto());
ComponentDto project = db.components().insertPublicProject();
ComponentDto branch = db.components().insertProjectBranch(project);
db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PROJECT_ID, branch.uuid())
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
.setParam(PARAM_PERMISSION, GlobalPermission.ADMINISTER.getKey())
.execute();
})
.isInstanceOf(NotFoundException.class)
@@ -349,9 +343,9 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
UserDto user1 = db.users().insertUser(newUserDto("login-1", "name-1", "email-1"));
UserDto user2 = db.users().insertUser(newUserDto("login-2", "name-2", "email-2"));
UserDto user3 = db.users().insertUser(newUserDto("login-3", "name-3", "email-3"));
db.users().insertPermissionOnUser(user1, SCAN);
db.users().insertPermissionOnUser(user2, SCAN);
db.users().insertPermissionOnUser(user3, ADMINISTER);
db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user3, GlobalPermission.ADMINISTER);
}

}

+ 2
- 2
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java Просмотреть файл

@@ -28,7 +28,6 @@ import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.WebService.Action;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.template.PermissionTemplateDto;
@@ -49,6 +48,7 @@ import static org.sonar.api.security.DefaultGroups.ANYONE;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
@@ -139,7 +139,7 @@ public class AddGroupToTemplateActionTest extends BasePermissionWsTest<AddGroupT
public void fail_if_not_a_project_permission() {
loginAsAdmin();

assertThatThrownBy(() -> newRequest(group.getName(), template.getUuid(), GlobalPermissions.PROVISIONING))
assertThatThrownBy(() -> newRequest(group.getName(), template.getUuid(), PROVISION_PROJECTS.getKey()))
.isInstanceOf(IllegalArgumentException.class);
}


+ 1
- 2
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java Просмотреть файл

@@ -42,7 +42,6 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.when;
import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
@@ -125,7 +124,7 @@ public class AddProjectCreatorToTemplateActionTest extends BasePermissionWsTest<

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, QUALITY_GATE_ADMIN)
.setParam(PARAM_PERMISSION, ADMINISTER_QUALITY_GATES.getKey())
.setParam(PARAM_TEMPLATE_ID, template.getUuid())
.execute();
})

+ 2
- 2
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java Просмотреть файл

@@ -25,7 +25,6 @@ import org.junit.Before;
import org.junit.Test;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.template.PermissionTemplateDto;
@@ -44,6 +43,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_PROFILES;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
@@ -105,7 +105,7 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT
loginAsAdmin();

assertThatThrownBy(() -> {
newRequest(user.getLogin(), permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
newRequest(user.getLogin(), permissionTemplate.getUuid(), PROVISION_PROJECTS.getKey());
})
.isInstanceOf(IllegalArgumentException.class);
}

+ 2
- 2
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java Просмотреть файл

@@ -27,7 +27,6 @@ import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.WebService.Action;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.template.PermissionTemplateDto;
@@ -47,6 +46,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.api.security.DefaultGroups.ANYONE;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
@@ -126,7 +126,7 @@ public class RemoveGroupFromTemplateActionTest extends BasePermissionWsTest<Remo

@Test
public void fail_if_not_a_project_permission() {
assertThatThrownBy(() -> newRequest(group.getName(), template.getUuid(), GlobalPermissions.PROVISIONING))
assertThatThrownBy(() -> newRequest(group.getName(), template.getUuid(), PROVISION_PROJECTS.getKey()))
.isInstanceOf(IllegalArgumentException.class);
}


+ 2
- 2
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateActionTest.java Просмотреть файл

@@ -26,7 +26,6 @@ import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.util.Uuids;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto;
@@ -44,6 +43,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
@@ -119,7 +119,7 @@ public class RemoveProjectCreatorFromTemplateActionTest extends BasePermissionWs
public void fail_if_permission_is_not_a_project_permission() {
assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, GlobalPermissions.QUALITY_GATE_ADMIN)
.setParam(PARAM_PERMISSION, ADMINISTER_QUALITY_GATES.getKey())
.setParam(PARAM_TEMPLATE_ID, template.getUuid())
.execute();
})

+ 2
- 2
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java Просмотреть файл

@@ -25,7 +25,6 @@ import org.junit.Before;
import org.junit.Test;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.template.PermissionTemplateDto;
@@ -45,6 +44,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
@@ -129,7 +129,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov
loginAsAdmin();

assertThatThrownBy(() -> {
newRequest(user.getLogin(), template.getUuid(), GlobalPermissions.PROVISIONING);
newRequest(user.getLogin(), template.getUuid(), PROVISION_PROJECTS.getKey());
})
.isInstanceOf(IllegalArgumentException.class);
}

+ 2
- 2
server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/TemplateGroupsActionTest.java Просмотреть файл

@@ -26,7 +26,6 @@ import org.sonar.api.resources.Qualifiers;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.web.UserRole;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.permission.template.PermissionTemplateGroupDto;
@@ -51,6 +50,7 @@ import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;
import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE;
import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateGroupDto;
import static org.sonar.db.user.GroupTesting.newGroupDto;
@@ -362,7 +362,7 @@ public class TemplateGroupsActionTest extends BasePermissionWsTest<TemplateGroup

assertThatThrownBy(() -> {
newRequest()
.setParam(PARAM_PERMISSION, GlobalPermissions.QUALITY_GATE_ADMIN)
.setParam(PARAM_PERMISSION, ADMINISTER_QUALITY_GATES.getKey())
.setParam(PARAM_TEMPLATE_ID, template1.getUuid())
.execute();
})

+ 5
- 7
server/sonar-webserver-webapi/src/test/java/org/sonar/server/project/ws/DeleteActionTest.java Просмотреть файл

@@ -31,6 +31,7 @@ import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.user.UserDto;
import org.sonar.db.webhook.WebhookDbTester;
@@ -38,7 +39,6 @@ import org.sonar.db.webhook.WebhookDto;
import org.sonar.server.component.ComponentCleanerService;
import org.sonar.server.es.TestProjectIndexers;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.project.Project;
import org.sonar.server.project.ProjectLifeCycleListeners;
@@ -53,8 +53,6 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.user.UserTesting.newUserDto;
import static org.sonar.server.component.TestComponentFinder.from;
import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_PROJECT;
@@ -85,7 +83,7 @@ public class DeleteActionTest {
@Test
public void global_administrator_deletes_project_by_key() {
ComponentDto project = componentDbTester.insertPrivateProject();
userSessionRule.logIn().addPermission(ADMINISTER);
userSessionRule.logIn().addPermission(GlobalPermission.ADMINISTER);

call(tester.newRequest().setParam(PARAM_PROJECT, project.getKey()));

@@ -96,7 +94,7 @@ public class DeleteActionTest {
@Test
public void project_administrator_deletes_the_project_by_key() {
ComponentDto project = componentDbTester.insertPrivateProject();
userSessionRule.logIn().addProjectPermission(ADMIN, project);
userSessionRule.logIn().addProjectPermission(UserRole.ADMIN, project);

call(tester.newRequest().setParam(PARAM_PROJECT, project.getKey()));

@@ -110,7 +108,7 @@ public class DeleteActionTest {
UserDto insert = dbClient.userDao().insert(dbSession,
newUserDto().setHomepageType("PROJECT").setHomepageParameter(project.uuid()));
dbSession.commit();
userSessionRule.logIn().addProjectPermission(ADMIN, project);
userSessionRule.logIn().addProjectPermission(UserRole.ADMIN, project);
DeleteAction underTest = new DeleteAction(
new ComponentCleanerService(dbClient, mockResourceTypes, new TestProjectIndexers()),
from(db), dbClient, userSessionRule, projectLifeCycleListeners);
@@ -133,7 +131,7 @@ public class DeleteActionTest {
webhookDbTester.insertWebhook(project);
webhookDbTester.insertWebhook(project);

userSessionRule.logIn().addProjectPermission(ADMIN, project);
userSessionRule.logIn().addProjectPermission(UserRole.ADMIN, project);
DeleteAction underTest = new DeleteAction(
new ComponentCleanerService(dbClient, mockResourceTypes, new TestProjectIndexers()),
from(db), dbClient, userSessionRule, projectLifeCycleListeners);

+ 1
- 1
server/sonar-webserver-webapi/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java Просмотреть файл

@@ -575,7 +575,7 @@ public class UpdateVisibilityActionTest {
.forEach(globalPermission -> {
dbTester.users().insertPermissionOnAnyone(globalPermission);
dbTester.users().insertPermissionOnGroup(group, globalPermission);
dbTester.users().insertPermissionOnUser(user, globalPermission);
dbTester.users().insertGlobalPermissionOnUser(user, globalPermission);
});
permissionService.getAllProjectPermissions()
.forEach(permission -> {

+ 8
- 11
server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/ListDefinitionsActionTest.java Просмотреть файл

@@ -30,11 +30,13 @@ import org.sonar.api.config.PropertyFieldDefinition;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.server.ws.WebService.Param;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.server.component.TestComponentFinder;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
@@ -51,11 +53,6 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.groups.Tuple.tuple;
import static org.sonar.api.resources.Qualifiers.PROJECT;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonarqube.ws.MediaTypes.JSON;
import static org.sonarqube.ws.Settings.Definition.CategoryOneOfCase.CATEGORYONEOF_NOT_SET;
import static org.sonarqube.ws.Settings.Definition.DefaultValueOneOfCase.DEFAULTVALUEONEOF_NOT_SET;
@@ -348,7 +345,7 @@ public class ListDefinitionsActionTest {

@Test
public void return_secured_settings_when_not_authenticated_but_with_scan_permission() {
userSession.anonymous().addPermission(SCAN);
userSession.anonymous().addPermission(GlobalPermission.SCAN);
propertyDefinitions.addComponents(asList(
PropertyDefinition.builder("foo").build(),
PropertyDefinition.builder("secret.secured").build()));
@@ -384,7 +381,7 @@ public class ListDefinitionsActionTest {

@Test
public void fail_when_user_has_not_project_browse_permission() {
userSession.logIn("project-admin").addProjectPermission(CODEVIEWER, project);
userSession.logIn("project-admin").addProjectPermission(UserRole.CODEVIEWER, project);
propertyDefinitions.addComponent(PropertyDefinition.builder("foo").build());

assertThatThrownBy(() -> executeRequest(project.getKey()))
@@ -480,17 +477,17 @@ public class ListDefinitionsActionTest {
}

private void logInAsProjectUser() {
userSession.logIn().addProjectPermission(USER, project);
userSession.logIn().addProjectPermission(UserRole.USER, project);
}

private void logInAsAdmin() {
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
}

private void logInAsProjectAdmin() {
userSession.logIn()
.addProjectPermission(ADMIN, project)
.addProjectPermission(USER, project);
.addProjectPermission(UserRole.ADMIN, project)
.addProjectPermission(UserRole.USER, project);
}

}

+ 2
- 4
server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java Просмотреть файл

@@ -56,12 +56,10 @@ import static java.util.Comparator.comparing;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.groups.Tuple.tuple;
import static org.sonar.api.resources.Qualifiers.FILE;
import static org.sonar.api.resources.Qualifiers.PROJECT;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.component.ComponentTesting.newFileDto;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.property.PropertyTesting.newComponentPropertyDto;
@@ -522,7 +520,7 @@ public class ValuesActionTest {
public void return_component_secured_settings_when_not_authenticated_but_with_project_scan_permission() {
userSession
.addProjectPermission(USER, project)
.addProjectPermission(SCAN_EXECUTION, project);
.addProjectPermission(SCAN.getKey(), project);
definitions.addComponents(asList(
PropertyDefinition.builder("foo").onQualifiers(PROJECT).build(),
PropertyDefinition.builder("global.secret.secured").build(),
@@ -543,7 +541,7 @@ public class ValuesActionTest {
public void return_component_secured_settings_even_if_not_defined_when_not_authenticated_but_with_scan_permission() {
userSession
.addProjectPermission(USER, project)
.addProjectPermission(SCAN_EXECUTION, project);
.addProjectPermission(SCAN.getKey(), project);
db.properties().insertProperties(null, project.getKey(), project.name(), project.qualifier(),
newComponentPropertyDto(project).setKey("not-defined.secured").setValue("123"));


+ 1
- 1
server/sonar-webserver-webapi/src/test/java/org/sonar/server/user/ws/AnonymizeActionTest.java Просмотреть файл

@@ -201,7 +201,7 @@ public class AnonymizeActionTest {

private UserDto createAdminUser() {
UserDto admin = db.users().insertUser();
db.users().insertPermissionOnUser(admin, ADMINISTER);
db.users().insertGlobalPermissionOnUser(admin, ADMINISTER);
db.commit();
return admin;
}

+ 10
- 13
server/sonar-webserver-webapi/src/test/java/org/sonar/server/user/ws/DeactivateActionTest.java Просмотреть файл

@@ -26,12 +26,14 @@ import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.impl.utils.AlwaysIncreasingSystem2;
import org.sonar.api.utils.System2;
import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.alm.setting.AlmSettingDto;
import org.sonar.db.ce.CeTaskMessageType;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.permission.template.PermissionTemplateUserDto;
import org.sonar.db.project.ProjectDto;
@@ -62,11 +64,6 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.elasticsearch.index.query.QueryBuilders.boolQuery;
import static org.elasticsearch.index.query.QueryBuilders.termQuery;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_PROFILES;
import static org.sonar.db.permission.GlobalPermission.SCAN;
import static org.sonar.db.property.PropertyTesting.newUserPropertyDto;
import static org.sonar.server.user.index.UserIndexDefinition.FIELD_ACTIVE;
import static org.sonar.server.user.index.UserIndexDefinition.FIELD_UUID;
@@ -184,10 +181,10 @@ public class DeactivateActionTest {
logInAsSystemAdministrator();
UserDto user = db.users().insertUser();
ComponentDto project = db.components().insertPrivateProject();
db.users().insertPermissionOnUser(user, SCAN);
db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_PROFILES);
db.users().insertProjectPermissionOnUser(user, USER, project);
db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.SCAN);
db.users().insertGlobalPermissionOnUser(user, GlobalPermission.ADMINISTER_QUALITY_PROFILES);
db.users().insertProjectPermissionOnUser(user, UserRole.USER, project);
db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project);

deactivate(user.getLogin());

@@ -202,8 +199,8 @@ public class DeactivateActionTest {
UserDto user = db.users().insertUser();
PermissionTemplateDto template = db.permissionTemplates().insertTemplate();
PermissionTemplateDto anotherTemplate = db.permissionTemplates().insertTemplate();
db.permissionTemplates().addUserToTemplate(template.getUuid(), user.getUuid(), USER, template.getName(), user.getLogin());
db.permissionTemplates().addUserToTemplate(anotherTemplate.getUuid(), user.getUuid(), CODEVIEWER, anotherTemplate.getName(), user.getLogin());
db.permissionTemplates().addUserToTemplate(template.getUuid(), user.getUuid(), UserRole.USER, template.getName(), user.getLogin());
db.permissionTemplates().addUserToTemplate(anotherTemplate.getUuid(), user.getUuid(), UserRole.CODEVIEWER, anotherTemplate.getName(), user.getLogin());

deactivate(user.getLogin());

@@ -392,7 +389,7 @@ public class DeactivateActionTest {
@Test
public void fail_to_deactivate_last_administrator() {
UserDto admin = db.users().insertUser();
db.users().insertPermissionOnUser(admin, ADMINISTER);
db.users().insertGlobalPermissionOnUser(admin, GlobalPermission.ADMINISTER);
logInAsSystemAdministrator();

assertThatThrownBy(() -> {
@@ -496,7 +493,7 @@ public class DeactivateActionTest {

private UserDto createAdminUser() {
UserDto admin = db.users().insertUser();
db.users().insertPermissionOnUser(admin, ADMINISTER);
db.users().insertGlobalPermissionOnUser(admin, GlobalPermission.ADMINISTER);
db.commit();
return admin;
}

+ 5
- 6
server/sonar-webserver-webapi/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java Просмотреть файл

@@ -43,7 +43,6 @@ import org.sonar.server.ws.WsActionTester;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.Assertions.tuple;
import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME;

@@ -200,7 +199,7 @@ public class DeleteActionTest {
public void cannot_delete_last_system_admin_group() {
insertDefaultGroup();
GroupDto group = db.users().insertGroup();
db.users().insertPermissionOnGroup(group, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(group, ADMINISTER.getKey());
loginAsAdmin();
TestRequest request = newRequest()
.setParam(PARAM_GROUP_NAME, group.getName());
@@ -215,7 +214,7 @@ public class DeleteActionTest {
// admin users are part of the group to be deleted
db.users().insertDefaultGroup();
GroupDto adminGroup = db.users().insertGroup("admins");
db.users().insertPermissionOnGroup(adminGroup, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(adminGroup, ADMINISTER.getKey());
UserDto bigBoss = db.users().insertUser();
db.users().insertMember(adminGroup, bigBoss);
loginAsAdmin();
@@ -231,9 +230,9 @@ public class DeleteActionTest {
public void delete_admin_group_succeeds_if_other_groups_have_administrators() {
db.users().insertDefaultGroup();
GroupDto adminGroup1 = db.users().insertGroup("admins");
db.users().insertPermissionOnGroup(adminGroup1, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(adminGroup1, ADMINISTER.getKey());
GroupDto adminGroup2 = db.users().insertGroup("admins2");
db.users().insertPermissionOnGroup(adminGroup2, SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(adminGroup2, ADMINISTER.getKey());
UserDto bigBoss = db.users().insertUser();
db.users().insertMember(adminGroup2, bigBoss);
loginAsAdmin();
@@ -251,7 +250,7 @@ public class DeleteActionTest {

private void addAdmin() {
UserDto admin = db.users().insertUser();
db.users().insertPermissionOnUser(admin, SYSTEM_ADMIN);
db.users().insertGlobalPermissionOnUser(admin, ADMINISTER);
}

private void loginAsAdmin() {

+ 1
- 2
server/sonar-webserver-webapi/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java Просмотреть файл

@@ -24,7 +24,6 @@ import org.junit.Test;
import org.sonar.api.impl.utils.AlwaysIncreasingSystem2;
import org.sonar.api.server.ws.Change;
import org.sonar.api.server.ws.WebService.Action;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbTester;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
@@ -185,7 +184,7 @@ public class RemoveUserActionTest {
public void fail_to_remove_the_last_administrator() {
db.users().insertDefaultGroup();
GroupDto adminGroup = db.users().insertGroup("sonar-admins");
db.users().insertPermissionOnGroup(adminGroup, GlobalPermissions.SYSTEM_ADMIN);
db.users().insertPermissionOnGroup(adminGroup, ADMINISTER);
UserDto adminUser = db.users().insertUser("the-single-admin");
db.users().insertMember(adminGroup, adminUser);
loginAsAdmin();

+ 11
- 11
server/sonar-webserver-webapi/src/test/java/org/sonar/server/webhook/ws/CreateActionTest.java Просмотреть файл

@@ -24,12 +24,14 @@ import org.junit.Test;
import org.sonar.api.config.Configuration;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.web.UserRole;
import org.sonar.core.util.UuidFactory;
import org.sonar.core.util.UuidFactoryFast;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.webhook.WebhookDbTester;
import org.sonar.server.component.ComponentFinder;
@@ -46,9 +48,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.AssertionsForClassTypes.tuple;
import static org.mockito.Mockito.mock;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.db.DbTester.create;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.server.tester.UserSessionRule.standalone;
import static org.sonar.server.webhook.ws.WebhooksWsParameters.NAME_PARAM;
import static org.sonar.server.webhook.ws.WebhooksWsParameters.PROJECT_KEY_PARAM;
@@ -98,7 +98,7 @@ public class CreateActionTest {
String longProjectKey = generateStringWithLength(400);
ComponentDto project = componentDbTester.insertPrivateProject(componentDto -> componentDto.setKey(longProjectKey));

userSession.logIn().addProjectPermission(ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

CreateWsResponse response = wsActionTester.newRequest()
.setParam("project", longProjectKey)
@@ -116,7 +116,7 @@ public class CreateActionTest {

@Test
public void create_a_webhook_with_secret() {
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);

CreateWsResponse response = wsActionTester.newRequest()
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)
@@ -133,7 +133,7 @@ public class CreateActionTest {

@Test
public void create_a_global_webhook() {
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);

CreateWsResponse response = wsActionTester.newRequest()
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)
@@ -151,7 +151,7 @@ public class CreateActionTest {
public void create_a_webhook_on_project() {
ComponentDto project = componentDbTester.insertPrivateProject();

userSession.logIn().addProjectPermission(ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

CreateWsResponse response = wsActionTester.newRequest()
.setParam("project", project.getKey())
@@ -185,7 +185,7 @@ public class CreateActionTest {
for (int i = 0; i < 10; i++) {
webhookDbTester.insertWebhook(project);
}
userSession.logIn().addProjectPermission(ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
TestRequest request = wsActionTester.newRequest()
.setParam(PROJECT_KEY_PARAM, project.getKey())
.setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)
@@ -201,7 +201,7 @@ public class CreateActionTest {
for (int i = 0; i < 10; i++) {
webhookDbTester.insertGlobalWebhook();
}
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)
.setParam(URL_PARAM, URL_WEBHOOK_EXAMPLE_001);
@@ -213,7 +213,7 @@ public class CreateActionTest {

@Test
public void fail_if_url_is_not_valid() {
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)
.setParam(URL_PARAM, "htp://www.wrong-protocol.com/");
@@ -224,7 +224,7 @@ public class CreateActionTest {

@Test
public void fail_if_credential_in_url_is_have_a_wrong_format() {
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)
.setParam(URL_PARAM, "http://:www.wrong-protocol.com/");
@@ -272,7 +272,7 @@ public class CreateActionTest {
@Test
public void throw_IllegalArgumentException_if_project_key_greater_than_400() {
String longProjectKey = generateStringWithLength(401);
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam("project", longProjectKey)
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)

+ 5
- 5
server/sonar-webserver-webapi/src/test/java/org/sonar/server/webhook/ws/DeleteActionTest.java Просмотреть файл

@@ -24,10 +24,12 @@ import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.config.Configuration;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.webhook.WebhookDbTester;
import org.sonar.db.webhook.WebhookDeliveryDao;
@@ -46,9 +48,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.AssertionsForClassTypes.tuple;
import static org.mockito.Mockito.mock;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.db.DbTester.create;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.webhook.WebhookDeliveryTesting.newDto;
import static org.sonar.server.tester.UserSessionRule.standalone;
import static org.sonar.server.webhook.ws.WebhooksWsParameters.KEY_PARAM;
@@ -94,7 +94,7 @@ public class DeleteActionTest {
webhookDeliveryDbTester.insert(newDto().setWebhookUuid(dto.getUuid()));
webhookDeliveryDbTester.insert(newDto().setWebhookUuid(dto.getUuid()));

userSession.logIn().addProjectPermission(ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

TestResponse response = wsActionTester.newRequest()
.setParam(KEY_PARAM, dto.getUuid())
@@ -114,7 +114,7 @@ public class DeleteActionTest {
WebhookDto dto = webhookDbTester.insertGlobalWebhook();
webhookDeliveryDbTester.insert(newDto().setWebhookUuid(dto.getUuid()));
webhookDeliveryDbTester.insert(newDto().setWebhookUuid(dto.getUuid()));
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestResponse response = wsActionTester.newRequest()
.setParam(KEY_PARAM, dto.getUuid())
.execute();
@@ -129,7 +129,7 @@ public class DeleteActionTest {

@Test
public void fail_if_webhook_does_not_exist() {
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam(KEY_PARAM, "inexistent-webhook-uuid");


+ 8
- 8
server/sonar-webserver-webapi/src/test/java/org/sonar/server/webhook/ws/ListActionTest.java Просмотреть файл

@@ -26,10 +26,12 @@ import org.sonar.api.config.Configuration;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.server.ws.WebService.Param;
import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.webhook.WebhookDbTester;
import org.sonar.db.webhook.WebhookDeliveryDbTester;
@@ -48,9 +50,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.AssertionsForClassTypes.tuple;
import static org.mockito.Mockito.mock;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.db.DbTester.create;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.db.webhook.WebhookDeliveryTesting.newDto;
import static org.sonar.db.webhook.WebhookTesting.newGlobalWebhook;
import static org.sonar.server.tester.UserSessionRule.standalone;
@@ -105,7 +105,7 @@ public class ListActionTest {
webhookDeliveryDbTester.insert(newDto("WH2-DELIVERY-1-UUID", webhook2.getUuid(), "COMPONENT_1", "TASK_1").setCreatedAt(BEFORE));
webhookDeliveryDbTester.insert(newDto("WH2-DELIVERY-2-UUID", webhook2.getUuid(), "COMPONENT_1", "TASK_2").setCreatedAt(NOW));

userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);

ListResponse response = wsActionTester.newRequest().executeProtobuf(ListResponse.class);

@@ -128,7 +128,7 @@ public class ListActionTest {
WebhookDto webhook1 = webhookDbTester.insert(newGlobalWebhook("aaa"), null, null);
WebhookDto webhook2 = webhookDbTester.insert(newGlobalWebhook("bbb"), null, null);

userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);

ListResponse response = wsActionTester.newRequest().executeProtobuf(ListResponse.class);

@@ -153,7 +153,7 @@ public class ListActionTest {
webhookDeliveryDbTester.insert(newDto("WH1-DELIVERY-2-UUID", webhook1.getUuid(), "COMPONENT_1", "TASK_2").setCreatedAt(NOW));
webhookDbTester.insert(newGlobalWebhook("bbb", t -> t.setUrl(url)), null, null);

userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);

ListResponse response = wsActionTester.newRequest().executeProtobuf(ListResponse.class);

@@ -171,7 +171,7 @@ public class ListActionTest {
// insert a project-specific webhook, that should not be returned when listing global webhooks
webhookDbTester.insertWebhook(componentDbTester.insertPrivateProjectDto());

userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);

ListResponse response = wsActionTester.newRequest()
.executeProtobuf(ListResponse.class);
@@ -186,7 +186,7 @@ public class ListActionTest {
@Test
public void list_project_webhooks_when_project_key_param_is_provided() {
ProjectDto project1 = componentDbTester.insertPrivateProjectDto();
userSession.logIn().addProjectPermission(ADMIN, project1);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project1);

WebhookDto dto1 = webhookDbTester.insertWebhook(project1);
WebhookDto dto2 = webhookDbTester.insertWebhook(project1);
@@ -206,7 +206,7 @@ public class ListActionTest {
public void list_global_webhooks_if_project_key_param_missing() {
WebhookDto dto1 = webhookDbTester.insertGlobalWebhook();
WebhookDto dto2 = webhookDbTester.insertGlobalWebhook();
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);

ListResponse response = wsActionTester.newRequest()
.executeProtobuf(ListResponse.class);

+ 8
- 8
server/sonar-webserver-webapi/src/test/java/org/sonar/server/webhook/ws/UpdateActionTest.java Просмотреть файл

@@ -25,9 +25,11 @@ import org.junit.Test;
import org.sonar.api.config.Configuration;
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.project.ProjectDto;
import org.sonar.db.webhook.WebhookDbTester;
import org.sonar.db.webhook.WebhookDto;
@@ -45,9 +47,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.AssertionsForClassTypes.tuple;
import static org.mockito.Mockito.mock;
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.db.DbTester.create;
import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
import static org.sonar.server.tester.UserSessionRule.standalone;
import static org.sonar.server.ws.KeyExamples.NAME_WEBHOOK_EXAMPLE_001;
import static org.sonar.server.ws.KeyExamples.URL_WEBHOOK_EXAMPLE_001;
@@ -90,7 +90,7 @@ public class UpdateActionTest {
public void update_a_project_webhook_with_required_fields() {
ProjectDto project = componentDbTester.insertPrivateProjectDto();
WebhookDto dto = webhookDbTester.insertWebhook(project);
userSession.logIn().addProjectPermission(ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

TestResponse response = wsActionTester.newRequest()
.setParam("webhook", dto.getUuid())
@@ -111,7 +111,7 @@ public class UpdateActionTest {
public void update_a_project_webhook_with_all_fields() {
ProjectDto project = componentDbTester.insertPrivateProjectDto();
WebhookDto dto = webhookDbTester.insertWebhook(project);
userSession.logIn().addProjectPermission(ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

TestResponse response = wsActionTester.newRequest()
.setParam("webhook", dto.getUuid())
@@ -132,7 +132,7 @@ public class UpdateActionTest {
@Test
public void update_a_global_webhook() {
WebhookDto dto = webhookDbTester.insertGlobalWebhook();
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);

TestResponse response = wsActionTester.newRequest()
.setParam("webhook", dto.getUuid())
@@ -152,7 +152,7 @@ public class UpdateActionTest {

@Test
public void fail_if_webhook_does_not_exist() {
userSession.logIn().addPermission(ADMINISTER);
userSession.logIn().addPermission(GlobalPermission.ADMINISTER);
TestRequest request = wsActionTester.newRequest()
.setParam("webhook", "inexistent-webhook-uuid")
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)
@@ -209,7 +209,7 @@ public class UpdateActionTest {
public void fail_if_url_is_not_valid() {
ProjectDto project = componentDbTester.insertPrivateProjectDto();
WebhookDto dto = webhookDbTester.insertWebhook(project);
userSession.logIn().addProjectPermission(ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
TestRequest request = wsActionTester.newRequest()
.setParam("webhook", dto.getUuid())
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)
@@ -223,7 +223,7 @@ public class UpdateActionTest {
public void fail_if_credential_in_url_is_have_a_wrong_format() {
ProjectDto project = componentDbTester.insertPrivateProjectDto();
WebhookDto dto = webhookDbTester.insertWebhook(project);
userSession.logIn().addProjectPermission(ADMIN, project);
userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
TestRequest request = wsActionTester.newRequest()
.setParam("webhook", dto.getUuid())
.setParam("name", NAME_WEBHOOK_EXAMPLE_001)

Редактирование Предпросмотр
Загрузка…
Отмена
Сохранить