mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36262 Commits
59 Branches
Tree: 412f42cb11
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '412f42cb11'
${ noResults }
sonarqube/server/sonar-webserver-common/src/it/java/org/sonar/server/common/permission/UserPermissionChangerIT.java

UserPermissionChangerIT.java 16KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2024 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.common.permission;

  21. 

  22. import java.util.Set;

  23. import org.apache.commons.lang3.StringUtils;

  24. import org.junit.Before;

  25. import org.junit.Rule;

  26. import org.junit.Test;

  27. import org.sonar.api.resources.Qualifiers;

  28. import org.sonar.api.resources.ResourceTypes;

  29. import org.sonar.api.utils.System2;

  30. import org.sonar.api.web.UserRole;

  31. import org.sonar.core.util.SequenceUuidFactory;

  32. import org.sonar.db.DbSession;

  33. import org.sonar.db.DbTester;

  34. import org.sonar.db.component.ResourceTypesRule;

  35. import org.sonar.db.entity.EntityDto;

  36. import org.sonar.db.permission.GlobalPermission;

  37. import org.sonar.db.user.GroupDto;

  38. import org.sonar.db.user.UserDto;

  39. import org.sonar.db.user.UserIdDto;

  40. import org.sonar.server.exceptions.BadRequestException;

  41. import org.sonar.server.permission.PermissionService;

  42. import org.sonar.server.permission.PermissionServiceImpl;

  43. 

  44. import static java.util.stream.Collectors.toSet;

  45. import static org.assertj.core.api.Assertions.assertThat;

  46. import static org.assertj.core.api.Assertions.assertThatThrownBy;

  47. import static org.sonar.server.common.permission.Operation.ADD;

  48. import static org.sonar.server.common.permission.Operation.REMOVE;

  49. import static org.sonar.server.permission.PermissionServiceImpl.ALL_PROJECT_PERMISSIONS;

  50. 

  51. public class UserPermissionChangerIT {

  52.   @Rule

  53.   public DbTester db = DbTester.create(System2.INSTANCE);

  54. 

  55.   private final ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);

  56.   private final PermissionService permissionService = new PermissionServiceImpl(resourceTypes);

  57.   private final UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient(), new SequenceUuidFactory());

  58.   private UserDto user1;

  59.   private UserDto user2;

  60.   private EntityDto privateProject;

  61.   private EntityDto publicProject;

  62. 

  63.   @Before

  64.   public void setUp() {

  65.     user1 = db.users().insertUser();

  66.     user2 = db.users().insertUser();

  67.     privateProject = db.components().insertPrivateProject().getProjectDto();

  68.     publicProject = db.components().insertPublicProject().getProjectDto();

  69.   }

  70. 

  71.   @Test

  72.   public void apply_adds_any_global_permission_to_user() {

  73.     permissionService.getGlobalPermissions()

  74.       .forEach(perm -> {

  75.         UserPermissionChange change = new UserPermissionChange(ADD, perm.getKey(), null, UserIdDto.from(user1), permissionService);

  76. 

  77.         apply(change);

  78. 

  79.         assertThat(db.users().selectPermissionsOfUser(user1)).contains(perm);

  80.       });

  81.   }

  82. 

  83.   @Test

  84.   public void apply_removes_any_global_permission_to_user() {

  85.     // give ADMIN perm to user2 so that user1 is not the only one with this permission and it can be removed from user1

  86.     db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.ADMINISTER);

  87.     permissionService.getGlobalPermissions()

  88.       .forEach(perm -> db.users().insertGlobalPermissionOnUser(user1, perm));

  89.     assertThat(db.users().selectPermissionsOfUser(user1))

  90.       .containsOnly(permissionService.getGlobalPermissions().toArray(new GlobalPermission[0]));

  91. 

  92.     permissionService.getGlobalPermissions()

  93.       .forEach(perm -> {

  94.         UserPermissionChange change = new UserPermissionChange(REMOVE, perm.getKey(), null, UserIdDto.from(user1), permissionService);

  95. 

  96.         apply(change, permissionService.getGlobalPermissions().stream().map(GlobalPermission::getKey).collect(toSet()));

  97. 

  98.         assertThat(db.users().selectPermissionsOfUser(user1)).doesNotContain(perm);

  99.       });

  100.   }

  101. 

  102.   @Test

  103.   public void apply_has_no_effect_when_adding_permission_USER_on_a_public_project() {

  104.     UserPermissionChange change = new UserPermissionChange(ADD, UserRole.USER, publicProject, UserIdDto.from(user1), permissionService);

  105. 

  106.     apply(change);

  107. 

  108.     assertThat(db.users().selectEntityPermissionOfUser(user1, publicProject.getUuid())).doesNotContain(UserRole.USER);

  109.   }

  110. 

  111.   @Test

  112.   public void apply_has_no_effect_when_adding_permission_CODEVIEWER_on_a_public_project() {

  113.     UserPermissionChange change = new UserPermissionChange(ADD, UserRole.CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);

  114. 

  115.     apply(change);

  116. 

  117.     assertThat(db.users().selectEntityPermissionOfUser(user1, publicProject.getUuid())).doesNotContain(UserRole.CODEVIEWER);

  118.   }

  119. 

  120.   @Test

  121.   public void apply_adds_permission_ADMIN_on_a_public_project() {

  122.     applyAddsPermissionOnAPublicProject(UserRole.ADMIN);

  123.   }

  124. 

  125.   @Test

  126.   public void apply_adds_permission_ISSUE_ADMIN_on_a_public_project() {

  127.     applyAddsPermissionOnAPublicProject(UserRole.ISSUE_ADMIN);

  128.   }

  129. 

  130.   @Test

  131.   public void apply_adds_permission_SCAN_EXECUTION_on_a_public_project() {

  132.     applyAddsPermissionOnAPublicProject(GlobalPermission.SCAN.getKey());

  133.   }

  134. 

  135.   private void applyAddsPermissionOnAPublicProject(String permission) {

  136.     UserPermissionChange change = new UserPermissionChange(ADD, permission, publicProject, UserIdDto.from(user1), permissionService);

  137. 

  138.     apply(change);

  139. 

  140.     assertThat(db.users().selectEntityPermissionOfUser(user1, publicProject.getUuid())).containsOnly(permission);

  141.   }

  142. 

  143.   @Test

  144.   public void apply_fails_with_BadRequestException_when_removing_permission_USER_from_a_public_project() {

  145.     UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.USER, publicProject, UserIdDto.from(user1), permissionService);

  146. 

  147.     assertThatThrownBy(() -> apply(change))

  148.       .isInstanceOf(BadRequestException.class)

  149.       .hasMessage("Permission user can't be removed from a public component");

  150.   }

  151. 

  152.   @Test

  153.   public void apply_fails_with_BadRequestException_when_removing_permission_CODEVIEWER_from_a_public_project() {

  154.     UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);

  155. 

  156.     assertThatThrownBy(() -> apply(change))

  157.       .isInstanceOf(BadRequestException.class)

  158.       .hasMessage("Permission codeviewer can't be removed from a public component");

  159.   }

  160. 

  161.   @Test

  162.   public void apply_removes_permission_ADMIN_from_a_public_project() {

  163.     applyRemovesPermissionFromPublicProject(UserRole.ADMIN);

  164.   }

  165. 

  166.   @Test

  167.   public void apply_removes_permission_ISSUE_ADMIN_from_a_public_project() {

  168.     applyRemovesPermissionFromPublicProject(UserRole.ISSUE_ADMIN);

  169.   }

  170. 

  171.   @Test

  172.   public void apply_removes_permission_SCAN_EXECUTION_from_a_public_project() {

  173.     applyRemovesPermissionFromPublicProject(GlobalPermission.SCAN.getKey());

  174.   }

  175. 

  176.   private void applyRemovesPermissionFromPublicProject(String permission) {

  177.     db.users().insertProjectPermissionOnUser(user1, permission, publicProject);

  178.     UserPermissionChange change = new UserPermissionChange(REMOVE, permission, publicProject, UserIdDto.from(user1), permissionService);

  179. 

  180.     apply(change, Set.of(permission));

  181. 

  182.     assertThat(db.users().selectEntityPermissionOfUser(user1, publicProject.getUuid())).isEmpty();

  183.   }

  184. 

  185.   @Test

  186.   public void apply_adds_any_permission_to_a_private_project() {

  187.     permissionService.getAllProjectPermissions()

  188.       .forEach(permission -> {

  189.         UserPermissionChange change = new UserPermissionChange(ADD, permission, privateProject, UserIdDto.from(user1), permissionService);

  190. 

  191.         apply(change);

  192. 

  193.         assertThat(db.users().selectEntityPermissionOfUser(user1, privateProject.getUuid())).contains(permission);

  194.       });

  195.   }

  196. 

  197.   @Test

  198.   public void apply_removes_any_permission_from_a_private_project() {

  199.     permissionService.getAllProjectPermissions()

  200.       .forEach(permission -> db.users().insertProjectPermissionOnUser(user1, permission, privateProject));

  201. 

  202.     permissionService.getAllProjectPermissions()

  203.       .forEach(permission -> {

  204.         UserPermissionChange change = new UserPermissionChange(REMOVE, permission, privateProject, UserIdDto.from(user1), permissionService);

  205. 

  206.         apply(change, ALL_PROJECT_PERMISSIONS);

  207. 

  208.         assertThat(db.users().selectEntityPermissionOfUser(user1, privateProject.getUuid())).doesNotContain(permission);

  209.       });

  210.   }

  211. 

  212.   @Test

  213.   public void add_global_permission_to_user() {

  214.     UserPermissionChange change = new UserPermissionChange(ADD, GlobalPermission.SCAN.getKey(), null, UserIdDto.from(user1), permissionService);

  215. 

  216.     apply(change);

  217. 

  218.     assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(GlobalPermission.SCAN);

  219.     assertThat(db.users().selectEntityPermissionOfUser(user1, privateProject.getUuid())).isEmpty();

  220.     assertThat(db.users().selectPermissionsOfUser(user2)).isEmpty();

  221.     assertThat(db.users().selectEntityPermissionOfUser(user2, privateProject.getUuid())).isEmpty();

  222.   }

  223. 

  224.   @Test

  225.   public void add_project_permission_to_user() {

  226.     UserPermissionChange change = new UserPermissionChange(ADD, UserRole.ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);

  227.     apply(change);

  228. 

  229.     assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();

  230.     assertThat(db.users().selectEntityPermissionOfUser(user1, privateProject.getUuid())).contains(UserRole.ISSUE_ADMIN);

  231.     assertThat(db.users().selectPermissionsOfUser(user2)).isEmpty();

  232.     assertThat(db.users().selectEntityPermissionOfUser(user2, privateProject.getUuid())).isEmpty();

  233.   }

  234. 

  235.   @Test

  236.   public void do_nothing_when_adding_global_permission_that_already_exists() {

  237.     db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES);

  238. 

  239.     UserPermissionChange change = new UserPermissionChange(ADD, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), null, UserIdDto.from(user1), permissionService);

  240.     apply(change);

  241. 

  242.     assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(GlobalPermission.ADMINISTER_QUALITY_GATES);

  243.   }

  244. 

  245.   @Test

  246.   public void fail_to_add_global_permission_on_project() {

  247.     assertThatThrownBy(() -> {

  248.       UserPermissionChange change = new UserPermissionChange(ADD, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), privateProject, UserIdDto.from(user1), permissionService);

  249.       apply(change);

  250.     })

  251.       .isInstanceOf(BadRequestException.class)

  252.       .hasMessage("Invalid project permission 'gateadmin'. Valid values are [" + StringUtils.join(permissionService.getAllProjectPermissions(), ", ") + "]");

  253.   }

  254. 

  255.   @Test

  256.   public void fail_to_add_project_permission() {

  257.     assertThatThrownBy(() -> {

  258.       UserPermissionChange change = new UserPermissionChange(ADD, UserRole.ISSUE_ADMIN, null, UserIdDto.from(user1), permissionService);

  259.       apply(change);

  260.     })

  261.       .isInstanceOf(BadRequestException.class)

  262.       .hasMessage("Invalid global permission 'issueadmin'. Valid values are [admin, gateadmin, profileadmin, provisioning, scan]");

  263.   }

  264. 

  265.   @Test

  266.   public void remove_global_permission_from_user() {

  267.     db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES);

  268.     db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.SCAN);

  269.     db.users().insertGlobalPermissionOnUser(user2, GlobalPermission.ADMINISTER_QUALITY_GATES);

  270.     db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, privateProject);

  271. 

  272.     UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), null, UserIdDto.from(user1), permissionService);

  273.     apply(change, Set.of(GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), GlobalPermission.SCAN.getKey(), UserRole.ISSUE_ADMIN));

  274. 

  275.     assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(GlobalPermission.SCAN);

  276.     assertThat(db.users().selectPermissionsOfUser(user2)).containsOnly(GlobalPermission.ADMINISTER_QUALITY_GATES);

  277.     assertThat(db.users().selectEntityPermissionOfUser(user1, privateProject.getUuid())).containsOnly(UserRole.ISSUE_ADMIN);

  278.   }

  279. 

  280.   @Test

  281.   public void remove_project_permission_from_user() {

  282.     EntityDto project2 = db.components().insertPrivateProject().getProjectDto();

  283.     db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER_QUALITY_GATES);

  284.     db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, privateProject);

  285.     db.users().insertProjectPermissionOnUser(user1, UserRole.USER, privateProject);

  286.     db.users().insertProjectPermissionOnUser(user2, UserRole.ISSUE_ADMIN, privateProject);

  287.     db.users().insertProjectPermissionOnUser(user1, UserRole.ISSUE_ADMIN, project2);

  288. 

  289.     UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);

  290.     apply(change, Set.of(GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), UserRole.ISSUE_ADMIN, UserRole.USER));

  291. 

  292.     assertThat(db.users().selectEntityPermissionOfUser(user1, privateProject.getUuid())).containsOnly(UserRole.USER);

  293.     assertThat(db.users().selectEntityPermissionOfUser(user2, privateProject.getUuid())).containsOnly(UserRole.ISSUE_ADMIN);

  294.     assertThat(db.users().selectEntityPermissionOfUser(user1, project2.getUuid())).containsOnly(UserRole.ISSUE_ADMIN);

  295.   }

  296. 

  297.   @Test

  298.   public void do_not_fail_if_removing_a_global_permission_that_does_not_exist() {

  299.     UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER_QUALITY_GATES.getKey(), null, UserIdDto.from(user1), permissionService);

  300.     apply(change);

  301. 

  302.     assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();

  303.   }

  304. 

  305.   @Test

  306.   public void do_not_fail_if_removing_a_project_permission_that_does_not_exist() {

  307.     UserPermissionChange change = new UserPermissionChange(REMOVE, UserRole.ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);

  308.     apply(change);

  309. 

  310.     assertThat(db.users().selectEntityPermissionOfUser(user1, privateProject.getUuid())).isEmpty();

  311.   }

  312. 

  313.   @Test

  314.   public void fail_to_remove_admin_global_permission_if_no_more_admins() {

  315.     db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER);

  316. 

  317.     UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER.getKey(), null, UserIdDto.from(user1), permissionService);

  318.     DbSession session = db.getSession();

  319.     Set<String> permissions = Set.of(GlobalPermission.ADMINISTER.getKey());

  320.     assertThatThrownBy(() -> underTest.apply(session, permissions, change))

  321.       .isInstanceOf(BadRequestException.class)

  322.       .hasMessage("Last user with permission 'admin'. Permission cannot be removed.");

  323.   }

  324. 

  325.   @Test

  326.   public void remove_admin_user_if_still_other_admins() {

  327.     db.users().insertGlobalPermissionOnUser(user1, GlobalPermission.ADMINISTER);

  328.     GroupDto admins = db.users().insertGroup("admins");

  329.     db.users().insertMember(admins, user2);

  330.     db.users().insertPermissionOnGroup(admins, GlobalPermission.ADMINISTER);

  331. 

  332.     UserPermissionChange change = new UserPermissionChange(REMOVE, GlobalPermission.ADMINISTER.getKey(), null, UserIdDto.from(user1), permissionService);

  333.     underTest.apply(db.getSession(), Set.of(GlobalPermission.ADMINISTER.getKey()), change);

  334. 

  335.     assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();

  336.   }

  337. 

  338.   private void apply(UserPermissionChange change) {

  339.     underTest.apply(db.getSession(), Set.of(), change);

  340.     db.commit();

  341.   }

  342.   private void apply(UserPermissionChange change, Set<String> existingPermissions) {

  343.     underTest.apply(db.getSession(), existingPermissions, change);

  344.     db.commit();

  345.   }

  346. }