mirrors
/
sonarqube
огледало от https://github.com/SonarSource/sonarqube.git
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Версии 237 Уики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30154 Ревизии
59 Клонове
ИН на ревизия: 276abb4233
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от '276abb4233'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java

RemoveUserActionTest.java 13KB
Директен файл Blame История

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2020 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.permission.ws;

  21. 

  22. import org.junit.Before;

  23. import org.junit.Test;

  24. import org.sonar.api.resources.Qualifiers;

  25. import org.sonar.api.resources.ResourceTypes;

  26. import org.sonar.api.web.UserRole;

  27. import org.sonar.db.component.ComponentDto;

  28. import org.sonar.db.component.ResourceTypesRule;

  29. import org.sonar.db.user.UserDto;

  30. import org.sonar.server.exceptions.BadRequestException;

  31. import org.sonar.server.exceptions.ForbiddenException;

  32. import org.sonar.server.exceptions.NotFoundException;

  33. import org.sonar.server.exceptions.ServerException;

  34. import org.sonar.server.permission.PermissionService;

  35. import org.sonar.server.permission.PermissionServiceImpl;

  36. 

  37. import static java.lang.String.format;

  38. import static org.assertj.core.api.Assertions.assertThat;

  39. import static org.sonar.api.web.UserRole.ADMIN;

  40. import static org.sonar.api.web.UserRole.CODEVIEWER;

  41. import static org.sonar.api.web.UserRole.ISSUE_ADMIN;

  42. import static org.sonar.api.web.UserRole.USER;

  43. import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;

  44. import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;

  45. import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;

  46. import static org.sonar.db.component.ComponentTesting.newDirectory;

  47. import static org.sonar.db.component.ComponentTesting.newFileDto;

  48. import static org.sonar.db.component.ComponentTesting.newModuleDto;

  49. import static org.sonar.db.component.ComponentTesting.newSubView;

  50. import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;

  51. import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;

  52. import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;

  53. import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;

  54. import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;

  55. import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;

  56. import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_USER_LOGIN;

  57. 

  58. public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction> {

  59. 

  60.   private static final String A_PROJECT_UUID = "project-uuid";

  61.   private static final String A_PROJECT_KEY = "project-key";

  62.   private static final String A_LOGIN = "ray.bradbury";

  63. 

  64.   private UserDto user;

  65.   private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);

  66.   private PermissionService permissionService = new PermissionServiceImpl(resourceTypes);

  67.   private WsParameters wsParameters = new WsParameters(permissionService);

  68. 

  69.   @Before

  70.   public void setUp() {

  71.     user = db.users().insertUser(A_LOGIN);

  72.   }

  73. 

  74.   @Override

  75.   protected RemoveUserAction buildWsAction() {

  76.     return new RemoveUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionService);

  77.   }

  78. 

  79.   @Test

  80.   public void remove_permission_from_user() {

  81.     db.users().insertPermissionOnUser(user, PROVISION_PROJECTS);

  82.     db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES);

  83.     loginAsAdmin();

  84. 

  85.     newRequest()

  86.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  87.       .setParam(PARAM_PERMISSION, QUALITY_GATE_ADMIN)

  88.       .execute();

  89. 

  90.     assertThat(db.users().selectPermissionsOfUser(user)).containsOnly(PROVISION_PROJECTS);

  91.   }

  92. 

  93.   @Test

  94.   public void fail_to_remove_admin_permission_if_last_admin() {

  95.     db.users().insertPermissionOnUser(user, ADMINISTER);

  96.     loginAsAdmin();

  97. 

  98.     expectedException.expect(BadRequestException.class);

  99.     expectedException.expectMessage("Last user with permission 'admin'. Permission cannot be removed.");

  100. 

  101.     newRequest()

  102.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  103.       .setParam(PARAM_PERMISSION, ADMIN)

  104.       .execute();

  105.   }

  106. 

  107.   @Test

  108.   public void remove_permission_from_project() {

  109.     ComponentDto project = db.components().insertPrivateProject();

  110.     db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);

  111.     db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);

  112.     loginAsAdmin();

  113. 

  114.     newRequest()

  115.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  116.       .setParam(PARAM_PROJECT_ID, project.uuid())

  117.       .setParam(PARAM_PERMISSION, CODEVIEWER)

  118.       .execute();

  119. 

  120.     assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(ISSUE_ADMIN);

  121.   }

  122. 

  123.   @Test

  124.   public void remove_with_project_key() {

  125.     ComponentDto project = db.components().insertPrivateProject();

  126.     db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);

  127.     db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);

  128.     loginAsAdmin();

  129. 

  130.     newRequest()

  131.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  132.       .setParam(PARAM_PROJECT_KEY, project.getDbKey())

  133.       .setParam(PARAM_PERMISSION, ISSUE_ADMIN)

  134.       .execute();

  135. 

  136.     assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(CODEVIEWER);

  137.   }

  138. 

  139.   @Test

  140.   public void remove_with_view_uuid() {

  141.     ComponentDto view = db.components().insertView();

  142.     db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, view);

  143.     db.users().insertProjectPermissionOnUser(user, ADMIN, view);

  144.     loginAsAdmin();

  145. 

  146.     newRequest()

  147.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  148.       .setParam(PARAM_PROJECT_KEY, view.getDbKey())

  149.       .setParam(PARAM_PERMISSION, ISSUE_ADMIN)

  150.       .execute();

  151. 

  152.     assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(ADMIN);

  153.   }

  154. 

  155.   @Test

  156.   public void fail_when_project_does_not_exist() {

  157.     loginAsAdmin();

  158. 

  159.     expectedException.expect(NotFoundException.class);

  160. 

  161.     newRequest()

  162.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  163.       .setParam(PARAM_PROJECT_ID, "unknown-project-uuid")

  164.       .setParam(PARAM_PERMISSION, ISSUE_ADMIN)

  165.       .execute();

  166.   }

  167. 

  168.   @Test

  169.   public void fail_when_project_permission_without_permission() {

  170.     loginAsAdmin();

  171. 

  172.     expectedException.expect(BadRequestException.class);

  173. 

  174.     newRequest()

  175.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  176.       .setParam(PARAM_PERMISSION, ISSUE_ADMIN)

  177.       .execute();

  178.   }

  179. 

  180.   @Test

  181.   public void fail_when_component_is_a_module() {

  182.     ComponentDto project = db.components().insertPrivateProject();

  183.     ComponentDto module = db.components().insertComponent(newModuleDto(project));

  184. 

  185.     failIfComponentIsNotAProjectOrView(module);

  186.   }

  187. 

  188.   @Test

  189.   public void fail_when_component_is_a_directory() {

  190.     ComponentDto project = db.components().insertPrivateProject();

  191.     ComponentDto file = db.components().insertComponent(newDirectory(project, "A/B"));

  192. 

  193.     failIfComponentIsNotAProjectOrView(file);

  194.   }

  195. 

  196.   @Test

  197.   public void fail_when_component_is_a_file() {

  198.     ComponentDto project = db.components().insertPrivateProject();

  199.     ComponentDto file = db.components().insertComponent(newFileDto(project, null, "file-uuid"));

  200. 

  201.     failIfComponentIsNotAProjectOrView(file);

  202.   }

  203. 

  204.   @Test

  205.   public void fail_when_component_is_a_subview() {

  206.     ComponentDto portfolio = db.components().insertPrivatePortfolio();

  207.     ComponentDto file = db.components().insertComponent(newSubView(portfolio));

  208. 

  209.     failIfComponentIsNotAProjectOrView(file);

  210.   }

  211. 

  212.   private void failIfComponentIsNotAProjectOrView(ComponentDto file) {

  213.     loginAsAdmin();

  214. 

  215.     expectedException.expect(BadRequestException.class);

  216.     expectedException.expectMessage("Component '" + file.getDbKey() + "' (id: " + file.uuid() + ") must be a project or a view.");

  217. 

  218.     newRequest()

  219.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  220.       .setParam(PARAM_PROJECT_ID, file.uuid())

  221.       .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)

  222.       .execute();

  223.   }

  224. 

  225.   @Test

  226.   public void fail_when_get_request() {

  227.     loginAsAdmin();

  228. 

  229.     expectedException.expect(ServerException.class);

  230. 

  231.     newRequest()

  232.       .setMethod("GET")

  233.       .setParam(PARAM_USER_LOGIN, "george.orwell")

  234.       .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)

  235.       .execute();

  236.   }

  237. 

  238.   @Test

  239.   public void fail_when_user_login_is_missing() {

  240.     loginAsAdmin();

  241. 

  242.     expectedException.expect(IllegalArgumentException.class);

  243. 

  244.     newRequest()

  245.       .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)

  246.       .execute();

  247.   }

  248. 

  249.   @Test

  250.   public void fail_when_permission_is_missing() {

  251.     loginAsAdmin();

  252. 

  253.     expectedException.expect(IllegalArgumentException.class);

  254. 

  255.     newRequest()

  256.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  257.       .execute();

  258.   }

  259. 

  260.   @Test

  261.   public void fail_when_project_uuid_and_project_key_are_provided() {

  262.     ComponentDto project = db.components().insertPrivateProject();

  263.     loginAsAdmin();

  264. 

  265.     expectedException.expect(BadRequestException.class);

  266.     expectedException.expectMessage("Project id or project key can be provided, not both.");

  267. 

  268.     newRequest()

  269.       .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)

  270.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  271.       .setParam(PARAM_PROJECT_ID, project.uuid())

  272.       .setParam(PARAM_PROJECT_KEY, project.getDbKey())

  273.       .execute();

  274.   }

  275. 

  276.   @Test

  277.   public void removing_global_permission_fails_if_not_system_administrator() {

  278.     userSession.logIn();

  279. 

  280.     expectedException.expect(ForbiddenException.class);

  281. 

  282.     newRequest()

  283.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  284.       .setParam(PARAM_PERMISSION, PROVISIONING)

  285.       .execute();

  286.   }

  287. 

  288.   @Test

  289.   public void removing_project_permission_fails_if_not_administrator_of_project() {

  290.     ComponentDto project = db.components().insertPrivateProject();

  291.     userSession.logIn();

  292. 

  293.     expectedException.expect(ForbiddenException.class);

  294. 

  295.     newRequest()

  296.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  297.       .setParam(PARAM_PERMISSION, ISSUE_ADMIN)

  298.       .setParam(PARAM_PROJECT_KEY, project.getDbKey())

  299.       .execute();

  300.   }

  301. 

  302.   /**

  303.    * User is project administrator but not system administrator

  304.    */

  305.   @Test

  306.   public void removing_project_permission_is_allowed_to_project_administrators() {

  307.     ComponentDto project = db.components().insertPrivateProject();

  308.     db.users().insertProjectPermissionOnUser(user, CODEVIEWER, project);

  309.     db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);

  310.     userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

  311. 

  312.     newRequest()

  313.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  314.       .setParam(PARAM_PROJECT_ID, project.uuid())

  315.       .setParam(PARAM_PERMISSION, ISSUE_ADMIN)

  316.       .execute();

  317. 

  318.     assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(CODEVIEWER);

  319.   }

  320. 

  321.   @Test

  322.   public void fail_when_removing_USER_permission_on_a_public_project() {

  323.     ComponentDto project = db.components().insertPublicProject();

  324.     userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

  325. 

  326.     expectedException.expect(BadRequestException.class);

  327.     expectedException.expectMessage("Permission user can't be removed from a public component");

  328. 

  329.     newRequest()

  330.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  331.       .setParam(PARAM_PROJECT_ID, project.uuid())

  332.       .setParam(PARAM_PERMISSION, USER)

  333.       .execute();

  334.   }

  335. 

  336.   @Test

  337.   public void fail_when_removing_CODEVIEWER_permission_on_a_public_project() {

  338.     ComponentDto project = db.components().insertPublicProject();

  339.     userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

  340. 

  341.     expectedException.expect(BadRequestException.class);

  342.     expectedException.expectMessage("Permission codeviewer can't be removed from a public component");

  343. 

  344.     newRequest()

  345.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  346.       .setParam(PARAM_PROJECT_ID, project.uuid())

  347.       .setParam(PARAM_PERMISSION, CODEVIEWER)

  348.       .execute();

  349.   }

  350. 

  351.   @Test

  352.   public void fail_when_using_branch_db_key() {

  353.     ComponentDto project = db.components().insertPublicProject();

  354.     userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

  355.     ComponentDto branch = db.components().insertProjectBranch(project);

  356. 

  357.     expectedException.expect(NotFoundException.class);

  358.     expectedException.expectMessage(format("Project key '%s' not found", branch.getDbKey()));

  359. 

  360.     newRequest()

  361.       .setParam(PARAM_PROJECT_KEY, branch.getDbKey())

  362.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  363.       .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)

  364.       .execute();

  365.   }

  366. 

  367.   @Test

  368.   public void fail_when_using_branch_uuid() {

  369.     ComponentDto project = db.components().insertPublicProject();

  370.     userSession.logIn().addProjectPermission(UserRole.ADMIN, project);

  371.     ComponentDto branch = db.components().insertProjectBranch(project);

  372. 

  373.     expectedException.expect(NotFoundException.class);

  374.     expectedException.expectMessage(format("Project id '%s' not found", branch.uuid()));

  375. 

  376.     newRequest()

  377.       .setParam(PARAM_PROJECT_ID, branch.uuid())

  378.       .setParam(PARAM_USER_LOGIN, user.getLogin())

  379.       .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)

  380.       .execute();

  381.   }

  382. 

  383. }