mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30155 Commits
59 Branches
Tree: 4d8f0c4bf3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4d8f0c4bf3'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/ws/template/DeleteTemplateActionTest.java

DeleteTemplateActionTest.java 15KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2020 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.permission.ws.template;

  21. 

  22. import java.util.Arrays;

  23. import javax.annotation.Nullable;

  24. import org.junit.Before;

  25. import org.junit.Rule;

  26. import org.junit.Test;

  27. import org.junit.rules.ExpectedException;

  28. import org.sonar.api.impl.utils.AlwaysIncreasingSystem2;

  29. import org.sonar.api.resources.Qualifiers;

  30. import org.sonar.api.web.UserRole;

  31. import org.sonar.db.DbClient;

  32. import org.sonar.db.DbTester;

  33. import org.sonar.db.component.ResourceTypesRule;

  34. import org.sonar.db.permission.template.PermissionTemplateDto;

  35. import org.sonar.db.permission.template.PermissionTemplateTesting;

  36. import org.sonar.db.user.GroupDto;

  37. import org.sonar.db.user.GroupTesting;

  38. import org.sonar.db.user.UserDto;

  39. import org.sonar.db.user.UserTesting;

  40. import org.sonar.server.component.ComponentFinder;

  41. import org.sonar.server.exceptions.BadRequestException;

  42. import org.sonar.server.exceptions.ForbiddenException;

  43. import org.sonar.server.exceptions.NotFoundException;

  44. import org.sonar.server.exceptions.UnauthorizedException;

  45. import org.sonar.server.organization.DefaultOrganizationProvider;

  46. import org.sonar.server.organization.TestDefaultOrganizationProvider;

  47. import org.sonar.server.permission.DefaultTemplatesResolver;

  48. import org.sonar.server.permission.DefaultTemplatesResolverImpl;

  49. import org.sonar.server.permission.ws.PermissionWsSupport;

  50. import org.sonar.server.tester.UserSessionRule;

  51. import org.sonar.server.usergroups.DefaultGroupFinder;

  52. import org.sonar.server.usergroups.ws.GroupWsSupport;

  53. import org.sonar.server.ws.TestRequest;

  54. import org.sonar.server.ws.TestResponse;

  55. import org.sonar.server.ws.WsActionTester;

  56. 

  57. import static org.assertj.core.api.Assertions.assertThat;

  58. import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;

  59. import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;

  60. import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;

  61. 

  62. public class DeleteTemplateActionTest {

  63. 

  64.   @Rule

  65.   public DbTester db = DbTester.create(new AlwaysIncreasingSystem2());

  66.   @Rule

  67.   public ExpectedException expectedException = ExpectedException.none();

  68. 

  69.   private UserSessionRule userSession = UserSessionRule.standalone();

  70.   private DbClient dbClient = db.getDbClient();

  71.   private final ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);

  72.   private final ResourceTypesRule resourceTypesWithViews = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW);

  73. 

  74.   private DefaultTemplatesResolver defaultTemplatesResolver = new DefaultTemplatesResolverImpl(resourceTypes);

  75.   private DefaultTemplatesResolver defaultTemplatesResolverWithViews = new DefaultTemplatesResolverImpl(resourceTypesWithViews);

  76. 

  77.   private WsActionTester underTestWithoutViews;

  78.   private WsActionTester underTestWithViews;

  79. 

  80.   @Before

  81.   public void setUp() {

  82.     DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);

  83.     GroupWsSupport groupWsSupport = new GroupWsSupport(dbClient, new DefaultGroupFinder(db.getDbClient()));

  84.     this.underTestWithoutViews = new WsActionTester(new DeleteTemplateAction(dbClient, userSession,

  85.       new PermissionWsSupport(dbClient, new ComponentFinder(dbClient, resourceTypes), groupWsSupport), defaultTemplatesResolver, defaultOrganizationProvider));

  86.     this.underTestWithViews = new WsActionTester(new DeleteTemplateAction(dbClient, userSession,

  87.       new PermissionWsSupport(dbClient, new ComponentFinder(dbClient, resourceTypes), groupWsSupport), defaultTemplatesResolverWithViews, defaultOrganizationProvider));

  88.   }

  89. 

  90.   @Test

  91.   public void delete_template_in_db() throws Exception {

  92.     runOnAllUnderTests((underTest) -> {

  93.       PermissionTemplateDto template = insertTemplateAndAssociatedPermissions();

  94.       db.organizations().setDefaultTemplates(

  95.         db.permissionTemplates().insertTemplate(),

  96.         null, db.permissionTemplates().insertTemplate()

  97.       );

  98.       loginAsAdmin();

  99. 

  100.       TestResponse result = newRequestByUuid(underTest, template.getUuid());

  101. 

  102.       assertThat(result.getInput()).isEmpty();

  103.       assertTemplateDoesNotExist(template);

  104.     });

  105.   }

  106. 

  107.   @Test

  108.   public void delete_template_by_name_case_insensitive() throws Exception {

  109.     runOnAllUnderTests((underTest) -> {

  110.       db.organizations().setDefaultTemplates(

  111.         db.permissionTemplates().insertTemplate(),

  112.         db.permissionTemplates().insertTemplate(), db.permissionTemplates().insertTemplate()

  113.       );

  114.       PermissionTemplateDto template = insertTemplateAndAssociatedPermissions();

  115.       loginAsAdmin();

  116.       newRequestByName(underTest, template);

  117. 

  118.       assertTemplateDoesNotExist(template);

  119.     });

  120.   }

  121. 

  122.   @Test

  123.   public void fail_if_uuid_is_not_known_without_views() {

  124.     userSession.logIn();

  125. 

  126.     expectedException.expect(NotFoundException.class);

  127. 

  128.     newRequestByUuid(underTestWithoutViews, "unknown-template-uuid");

  129.   }

  130. 

  131.   @Test

  132.   public void fail_if_uuid_is_not_known_with_views() {

  133.     userSession.logIn();

  134. 

  135.     expectedException.expect(NotFoundException.class);

  136. 

  137.     newRequestByUuid(underTestWithViews, "unknown-template-uuid");

  138.   }

  139. 

  140.   @Test

  141.   public void fail_to_delete_by_uuid_if_template_is_default_template_for_project_without_views() {

  142.     fail_to_delete_by_uuid_if_template_is_default_template_for_project(this.underTestWithoutViews);

  143.   }

  144. 

  145.   @Test

  146.   public void fail_to_delete_by_uuid_if_template_is_default_template_for_project_with_views() {

  147.     fail_to_delete_by_uuid_if_template_is_default_template_for_project(this.underTestWithViews);

  148.   }

  149. 

  150.   private void fail_to_delete_by_uuid_if_template_is_default_template_for_project(WsActionTester underTest) {

  151.     PermissionTemplateDto projectTemplate = insertTemplateAndAssociatedPermissions();

  152.     db.organizations().setDefaultTemplates(projectTemplate,

  153.       null, db.permissionTemplates().insertTemplate());

  154.     loginAsAdmin();

  155. 

  156.     expectedException.expect(BadRequestException.class);

  157.     expectedException.expectMessage("It is not possible to delete the default permission template for projects");

  158. 

  159.     newRequestByUuid(underTest, projectTemplate.getUuid());

  160.   }

  161. 

  162.   @Test

  163.   public void fail_to_delete_by_name_if_template_is_default_template_for_project_without_views() {

  164.     fail_to_delete_by_name_if_template_is_default_template_for_project(this.underTestWithoutViews);

  165.   }

  166. 

  167.   @Test

  168.   public void fail_to_delete_by_name_if_template_is_default_template_for_project_with_views() {

  169.     fail_to_delete_by_name_if_template_is_default_template_for_project(this.underTestWithViews);

  170.   }

  171. 

  172.   private void fail_to_delete_by_name_if_template_is_default_template_for_project(WsActionTester underTest) {

  173.     PermissionTemplateDto projectTemplate = insertTemplateAndAssociatedPermissions();

  174.     db.organizations().setDefaultTemplates(projectTemplate, null, db.permissionTemplates().insertTemplate());

  175.     loginAsAdmin();

  176. 

  177.     expectedException.expect(BadRequestException.class);

  178.     expectedException.expectMessage("It is not possible to delete the default permission template for projects");

  179. 

  180.     newRequestByName(underTest, projectTemplate.getName());

  181.   }

  182. 

  183.   @Test

  184.   public void fail_to_delete_by_uuid_if_template_is_default_template_for_portfolios_with_views() {

  185.     PermissionTemplateDto template = insertTemplateAndAssociatedPermissions();

  186.     db.organizations().setDefaultTemplates(db.permissionTemplates().insertTemplate(), null, template);

  187.     loginAsAdmin();

  188. 

  189.     expectedException.expect(BadRequestException.class);

  190.     expectedException.expectMessage("It is not possible to delete the default permission template for portfolios");

  191. 

  192.     newRequestByUuid(this.underTestWithViews, template.getUuid());

  193.   }

  194. 

  195.   @Test

  196.   public void fail_to_delete_by_uuid_if_template_is_default_template_for_applications_with_views() {

  197.     PermissionTemplateDto template = insertTemplateAndAssociatedPermissions();

  198.     db.organizations().setDefaultTemplates(db.permissionTemplates().insertTemplate(), template, null);

  199.     loginAsAdmin();

  200. 

  201.     expectedException.expect(BadRequestException.class);

  202.     expectedException.expectMessage("It is not possible to delete the default permission template for applications");

  203. 

  204.     newRequestByUuid(this.underTestWithViews, template.getUuid());

  205.   }

  206. 

  207.   @Test

  208.   public void default_template_for_views_can_be_deleted_by_uuid_if_views_is_not_installed_and_default_template_for_views_is_reset() {

  209.     PermissionTemplateDto projectTemplate = db.permissionTemplates().insertTemplate();

  210.     PermissionTemplateDto viewTemplate = insertTemplateAndAssociatedPermissions();

  211.     db.organizations().setDefaultTemplates(projectTemplate, null, viewTemplate);

  212.     loginAsAdmin();

  213. 

  214.     newRequestByUuid(this.underTestWithoutViews, viewTemplate.getUuid());

  215. 

  216.     assertTemplateDoesNotExist(viewTemplate);

  217. 

  218.     assertThat(db.getDbClient().organizationDao().getDefaultTemplates(db.getSession(), db.getDefaultOrganization().getUuid())

  219.       .get().getApplicationsUuid())

  220.       .isNull();

  221.   }

  222. 

  223.   @Test

  224.   public void fail_to_delete_by_uuid_if_not_logged_in_without_views() {

  225.     expectedException.expect(UnauthorizedException.class);

  226. 

  227.     newRequestByUuid(underTestWithoutViews, "uuid");

  228.   }

  229. 

  230.   @Test

  231.   public void fail_to_delete_by_uuid_if_not_logged_in_with_views() {

  232.     expectedException.expect(UnauthorizedException.class);

  233. 

  234.     newRequestByUuid(underTestWithViews, "uuid");

  235.   }

  236. 

  237.   @Test

  238.   public void fail_to_delete_by_name_if_not_logged_in_without_views() {

  239.     expectedException.expect(UnauthorizedException.class);

  240.     newRequestByName(underTestWithoutViews, "name");

  241.   }

  242. 

  243.   @Test

  244.   public void fail_to_delete_by_name_if_not_logged_in_with_views() {

  245.     expectedException.expect(UnauthorizedException.class);

  246.     newRequestByName(underTestWithViews, "name");

  247.   }

  248. 

  249.   @Test

  250.   public void fail_to_delete_by_uuid_if_not_admin_without_views() {

  251.     PermissionTemplateDto template = insertTemplateAndAssociatedPermissions();

  252.     userSession.logIn();

  253. 

  254.     expectedException.expect(ForbiddenException.class);

  255. 

  256.     newRequestByUuid(underTestWithoutViews, template.getUuid());

  257.   }

  258. 

  259.   @Test

  260.   public void fail_to_delete_by_uuid_if_not_admin_with_views() {

  261.     PermissionTemplateDto template = insertTemplateAndAssociatedPermissions();

  262.     userSession.logIn();

  263. 

  264.     expectedException.expect(ForbiddenException.class);

  265. 

  266.     newRequestByUuid(underTestWithViews, template.getUuid());

  267.   }

  268. 

  269.   @Test

  270.   public void fail_to_delete_by_name_if_not_admin_without_views() {

  271.     PermissionTemplateDto template = db.permissionTemplates().insertTemplate();

  272.     userSession.logIn();

  273. 

  274.     expectedException.expect(ForbiddenException.class);

  275. 

  276.     newRequestByName(underTestWithoutViews, template.getName());

  277.   }

  278. 

  279.   @Test

  280.   public void fail_to_delete_by_name_if_not_admin_with_views() {

  281.     PermissionTemplateDto template = db.permissionTemplates().insertTemplate(PermissionTemplateTesting.newPermissionTemplateDto()

  282.       .setName("the name"));

  283.     userSession.logIn();

  284. 

  285.     expectedException.expect(ForbiddenException.class);

  286. 

  287.     newRequestByName(underTestWithViews, template);

  288.   }

  289. 

  290.   @Test

  291.   public void fail_if_neither_uuid_nor_name_is_provided_without_views() {

  292.     userSession.logIn();

  293. 

  294.     expectedException.expect(BadRequestException.class);

  295. 

  296.     newRequestByUuid(underTestWithoutViews, null);

  297.   }

  298. 

  299.   @Test

  300.   public void fail_if_neither_uuid_nor_name_is_provided_with_views() {

  301.     userSession.logIn();

  302. 

  303.     expectedException.expect(BadRequestException.class);

  304. 

  305.     newRequestByUuid(underTestWithViews, null);

  306.   }

  307. 

  308.   @Test

  309.   public void fail_if_both_uuid_and_name_are_provided_without_views() {

  310.     userSession.logIn();

  311. 

  312.     expectedException.expect(BadRequestException.class);

  313. 

  314.     underTestWithoutViews.newRequest().setMethod("POST")

  315.       .setParam(PARAM_TEMPLATE_ID, "uuid")

  316.       .setParam(PARAM_TEMPLATE_NAME, "name")

  317.       .execute();

  318.   }

  319. 

  320.   @Test

  321.   public void fail_if_both_uuid_and_name_are_provided_with_views() {

  322.     userSession.logIn();

  323. 

  324.     expectedException.expect(BadRequestException.class);

  325. 

  326.     underTestWithViews.newRequest().setMethod("POST")

  327.       .setParam(PARAM_TEMPLATE_ID, "uuid")

  328.       .setParam(PARAM_TEMPLATE_NAME, "name")

  329.       .execute();

  330.   }

  331. 

  332.   // @Test

  333.   // public void delete_perm_tpl_characteristic_when_delete_template() throws Exception {

  334.   // db.getDbClient().permissionTemplateCharacteristicDao().insert(db.getSession(), new PermissionTemplateCharacteristicDto()

  335.   // .setPermission(UserRole.USER)

  336.   // .setTemplateId(template.getId())

  337.   // .setWithProjectCreator(true)

  338.   // .setCreatedAt(new Date().getTime())

  339.   // .setUpdatedAt(new Date().getTime()));

  340.   // db.commit();

  341.   //

  342.   // newRequest(template.getUuid());

  343.   //

  344.   // assertThat(db.getDbClient().permissionTemplateCharacteristicDao().selectByTemplateIds(db.getSession(),

  345.   // asList(template.getId()))).isEmpty();

  346.   // }

  347. 

  348.   private UserSessionRule loginAsAdmin() {

  349.     return userSession.logIn().addPermission(ADMINISTER);

  350.   }

  351. 

  352.   private void runOnAllUnderTests(ConsumerWithException<WsActionTester> consumer) throws Exception {

  353.     for (WsActionTester underTest : Arrays.asList(underTestWithoutViews, underTestWithViews)) {

  354.       consumer.accept(underTest);

  355.     }

  356.   }

  357. 

  358.   private interface ConsumerWithException<T> {

  359.     void accept(T e) throws Exception;

  360.   }

  361. 

  362.   private PermissionTemplateDto insertTemplateAndAssociatedPermissions() {

  363.     PermissionTemplateDto dto = db.permissionTemplates().insertTemplate();

  364.     UserDto user = db.getDbClient().userDao().insert(db.getSession(), UserTesting.newUserDto().setActive(true));

  365.     GroupDto group = db.getDbClient().groupDao().insert(db.getSession(), GroupTesting.newGroupDto());

  366.     db.getDbClient().permissionTemplateDao().insertUserPermission(db.getSession(), dto.getUuid(), user.getUuid(), UserRole.ADMIN);

  367.     db.getDbClient().permissionTemplateDao().insertGroupPermission(db.getSession(), dto.getUuid(), group.getUuid(), UserRole.CODEVIEWER);

  368.     db.commit();

  369.     return dto;

  370.   }

  371. 

  372.   private TestResponse newRequestByUuid(WsActionTester actionTester, @Nullable String id) {

  373.     TestRequest request = actionTester.newRequest().setMethod("POST");

  374.     if (id != null) {

  375.       request.setParam(PARAM_TEMPLATE_ID, id);

  376.     }

  377.     return request.execute();

  378.   }

  379. 

  380.   private TestResponse newRequestByName(WsActionTester actionTester, @Nullable PermissionTemplateDto permissionTemplateDto) {

  381.     return newRequestByName(

  382.       actionTester,

  383.       permissionTemplateDto == null ? null : permissionTemplateDto.getName());

  384.   }

  385. 

  386.   private TestResponse newRequestByName(WsActionTester actionTester, @Nullable String name) {

  387.     TestRequest request = actionTester.newRequest().setMethod("POST");

  388. 

  389.     if (name != null) {

  390.       request.setParam(PARAM_TEMPLATE_NAME, name);

  391.     }

  392. 

  393.     return request.execute();

  394.   }

  395. 

  396.   private void assertTemplateDoesNotExist(PermissionTemplateDto template) {

  397.     assertThat(db.getDbClient().permissionTemplateDao().selectByUuid(db.getSession(), template.getUuid())).isNull();

  398.   }

  399. 

  400. }