mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 236 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30155 Commits
59 Branches
Tree: 4d8f0c4bf3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4d8f0c4bf3'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java

RemoveUserActionTest.java 8.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2020 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.usergroups.ws;

  21. 

  22. import org.junit.Rule;

  23. import org.junit.Test;

  24. import org.junit.rules.ExpectedException;

  25. import org.sonar.api.impl.utils.AlwaysIncreasingSystem2;

  26. import org.sonar.api.server.ws.Change;

  27. import org.sonar.api.server.ws.WebService.Action;

  28. import org.sonar.core.permission.GlobalPermissions;

  29. import org.sonar.db.DbTester;

  30. import org.sonar.db.user.GroupDto;

  31. import org.sonar.db.user.UserDto;

  32. import org.sonar.server.exceptions.BadRequestException;

  33. import org.sonar.server.exceptions.ForbiddenException;

  34. import org.sonar.server.exceptions.NotFoundException;

  35. import org.sonar.server.tester.UserSessionRule;

  36. import org.sonar.server.usergroups.DefaultGroupFinder;

  37. import org.sonar.server.ws.TestRequest;

  38. import org.sonar.server.ws.TestResponse;

  39. import org.sonar.server.ws.WsActionTester;

  40. 

  41. import static java.net.HttpURLConnection.HTTP_NO_CONTENT;

  42. import static org.assertj.core.api.Assertions.assertThat;

  43. import static org.assertj.core.api.Assertions.tuple;

  44. import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;

  45. import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_GROUP_NAME;

  46. import static org.sonar.server.usergroups.ws.GroupWsSupport.PARAM_LOGIN;

  47. 

  48. public class RemoveUserActionTest {

  49. 

  50.   @Rule

  51.   public DbTester db = DbTester.create(new AlwaysIncreasingSystem2());

  52.   @Rule

  53.   public UserSessionRule userSession = UserSessionRule.standalone();

  54.   @Rule

  55.   public ExpectedException expectedException = ExpectedException.none();

  56. 

  57.   private final WsActionTester ws = new WsActionTester(

  58.     new RemoveUserAction(db.getDbClient(), userSession, new GroupWsSupport(db.getDbClient(), new DefaultGroupFinder(db.getDbClient()))));

  59. 

  60.   @Test

  61.   public void verify_definition() {

  62.     Action wsDef = ws.getDef();

  63. 

  64.     assertThat(wsDef.isInternal()).isFalse();

  65.     assertThat(wsDef.since()).isEqualTo("5.2");

  66.     assertThat(wsDef.isPost()).isTrue();

  67.     assertThat(wsDef.changelog()).extracting(Change::getVersion, Change::getDescription).containsOnly(

  68.       tuple("8.4", "Parameter 'id' is deprecated. Format changes from integer to string. Use 'name' instead."));

  69.   }

  70. 

  71.   @Test

  72.   public void does_nothing_if_user_is_not_in_group() {

  73.     // keep an administrator

  74.     insertAnAdministrator();

  75.     insertDefaultGroup();

  76. 

  77.     GroupDto group = db.users().insertGroup("admins");

  78.     UserDto user = db.users().insertUser("my-admin");

  79.     loginAsAdmin();

  80. 

  81.     newRequest()

  82.       .setParam("id", group.getUuid())

  83.       .setParam("login", user.getLogin())

  84.       .execute();

  85. 

  86.     assertThat(db.users().selectGroupUuidsOfUser(user)).isEmpty();

  87.   }

  88. 

  89.   @Test

  90.   public void remove_user_by_group_id() {

  91.     // keep an administrator

  92.     insertAnAdministrator();

  93.     insertDefaultGroup();

  94.     GroupDto users = db.users().insertGroup("users");

  95.     UserDto user = db.users().insertUser("my-admin");

  96.     db.users().insertMember(users, user);

  97.     loginAsAdmin();

  98. 

  99.     newRequest()

  100.       .setParam("id", users.getUuid())

  101.       .setParam("login", user.getLogin())

  102.       .execute();

  103. 

  104.     assertThat(db.users().selectGroupUuidsOfUser(user)).isEmpty();

  105.   }

  106. 

  107.   @Test

  108.   public void remove_user_by_group_name() {

  109.     insertAnAdministrator();

  110.     insertDefaultGroup();

  111.     GroupDto group = db.users().insertGroup("a_group");

  112.     UserDto user = db.users().insertUser("a_user");

  113.     db.users().insertMember(group, user);

  114.     loginAsAdmin();

  115. 

  116.     newRequest()

  117.       .setParam(PARAM_GROUP_NAME, group.getName())

  118.       .setParam(PARAM_LOGIN, user.getLogin())

  119.       .execute();

  120. 

  121.     assertThat(db.users().selectGroupUuidsOfUser(user)).isEmpty();

  122.   }

  123. 

  124.   @Test

  125.   public void remove_user_only_from_one_group() {

  126.     // keep an administrator

  127.     insertAnAdministrator();

  128.     insertDefaultGroup();

  129. 

  130.     GroupDto users = db.users().insertGroup("user");

  131.     GroupDto admins = db.users().insertGroup("admins");

  132.     UserDto user = db.users().insertUser("user");

  133.     db.users().insertMember(users, user);

  134.     db.users().insertMember(admins, user);

  135.     loginAsAdmin();

  136. 

  137.     newRequest()

  138.       .setParam("id", admins.getUuid())

  139.       .setParam("login", user.getLogin())

  140.       .execute();

  141. 

  142.     assertThat(db.users().selectGroupUuidsOfUser(user)).containsOnly(users.getUuid());

  143.   }

  144. 

  145.   @Test

  146.   public void response_status_is_no_content() {

  147.     // keep an administrator

  148.     insertAnAdministrator();

  149.     insertDefaultGroup();

  150.     GroupDto users = db.users().insertGroup("users");

  151.     UserDto user = db.users().insertUser("my-admin");

  152.     db.users().insertMember(users, user);

  153.     loginAsAdmin();

  154. 

  155.     TestResponse response = newRequest()

  156.       .setParam("id", users.getUuid())

  157.       .setParam("login", user.getLogin())

  158.       .execute();

  159. 

  160.     assertThat(response.getStatus()).isEqualTo(HTTP_NO_CONTENT);

  161.   }

  162. 

  163.   @Test

  164.   public void fail_if_unknown_group() {

  165.     UserDto user = db.users().insertUser("my-admin");

  166. 

  167.     expectedException.expect(NotFoundException.class);

  168. 

  169.     loginAsAdmin();

  170.     newRequest()

  171.       .setParam("id", "42")

  172.       .setParam("login", user.getLogin())

  173.       .execute();

  174.   }

  175. 

  176.   @Test

  177.   public void fail_if_unknown_user() {

  178.     insertDefaultGroup();

  179.     GroupDto group = db.users().insertGroup("admins");

  180. 

  181.     expectedException.expect(NotFoundException.class);

  182. 

  183.     loginAsAdmin();

  184.     newRequest()

  185.       .setParam("id", group.getUuid())

  186.       .setParam("login", "my-admin")

  187.       .execute();

  188.   }

  189. 

  190.   @Test

  191.   public void throw_ForbiddenException_if_not_administrator() {

  192.     GroupDto group = db.users().insertGroup("a-group");

  193.     UserDto user = db.users().insertUser();

  194.     db.users().insertMember(group, user);

  195.     userSession.logIn("admin");

  196. 

  197.     expectedException.expect(ForbiddenException.class);

  198.     expectedException.expectMessage("Insufficient privileges");

  199. 

  200.     newRequest()

  201.       .setParam("id", group.getUuid())

  202.       .setParam("login", user.getLogin())

  203.       .execute();

  204.   }

  205. 

  206.   @Test

  207.   public void fail_to_remove_the_last_administrator() {

  208.     db.users().insertDefaultGroup();

  209.     GroupDto adminGroup = db.users().insertGroup("sonar-admins");

  210.     db.users().insertPermissionOnGroup(adminGroup, GlobalPermissions.SYSTEM_ADMIN);

  211.     UserDto adminUser = db.users().insertUser("the-single-admin");

  212.     db.users().insertMember(adminGroup, adminUser);

  213.     loginAsAdmin();

  214. 

  215.     expectedException.expect(BadRequestException.class);

  216.     expectedException.expectMessage("The last administrator user cannot be removed");

  217. 

  218.     newRequest()

  219.       .setParam("id", adminGroup.getUuid())

  220.       .setParam("login", adminUser.getLogin())

  221.       .execute();

  222.   }

  223. 

  224.   @Test

  225.   public void fail_to_remove_user_from_default_group() {

  226.     UserDto user = db.users().insertUser();

  227.     GroupDto defaultGroup = db.users().insertDefaultGroup();

  228.     db.users().insertMember(defaultGroup, user);

  229.     loginAsAdmin();

  230. 

  231.     expectedException.expect(IllegalArgumentException.class);

  232.     expectedException.expectMessage("Default group 'sonar-users' cannot be used to perform this action");

  233. 

  234.     newRequest()

  235.       .setParam("id", defaultGroup.getUuid())

  236.       .setParam(PARAM_LOGIN, user.getLogin())

  237.       .execute();

  238.   }

  239. 

  240.   private TestRequest newRequest() {

  241.     return ws.newRequest();

  242.   }

  243. 

  244.   private void loginAsAdmin() {

  245.     userSession.logIn("admin").addPermission(ADMINISTER);

  246.   }

  247. 

  248.   private void insertAnAdministrator() {

  249.     db.users().insertAdminByUserPermission();

  250.   }

  251. 

  252.   private void insertDefaultGroup() {

  253.     db.users().insertDefaultGroup();

  254.   }

  255. 

  256. }