mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31233 Commits
59 Branches
Tree: 680aed78d5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '680aed78d5'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest....

GroupPermissionChangerTest.java 19KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2021 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.permission;

  21. 

  22. import org.apache.commons.lang.StringUtils;

  23. import org.junit.Before;

  24. import org.junit.Rule;

  25. import org.junit.Test;

  26. import org.junit.rules.ExpectedException;

  27. import org.sonar.api.resources.Qualifiers;

  28. import org.sonar.api.resources.ResourceTypes;

  29. import org.sonar.api.utils.System2;

  30. import org.sonar.api.web.UserRole;

  31. import org.sonar.core.permission.GlobalPermissions;

  32. import org.sonar.core.util.SequenceUuidFactory;

  33. import org.sonar.core.util.Uuids;

  34. import org.sonar.db.DbTester;

  35. import org.sonar.db.component.ComponentDto;

  36. import org.sonar.db.component.ResourceTypesRule;

  37. import org.sonar.db.permission.GlobalPermission;

  38. import org.sonar.db.permission.GroupPermissionDto;

  39. import org.sonar.db.user.GroupDto;

  40. import org.sonar.db.user.UserDto;

  41. import org.sonar.server.exceptions.BadRequestException;

  42. 

  43. import static org.assertj.core.api.Assertions.assertThat;

  44. import static org.assertj.core.api.Assertions.fail;

  45. import static org.sonar.db.permission.GlobalPermission.ADMINISTER;

  46. import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;

  47. import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS;

  48. 

  49. public class GroupPermissionChangerTest {

  50. 

  51.   @Rule

  52.   public DbTester db = DbTester.create(System2.INSTANCE);

  53.   @Rule

  54.   public ExpectedException expectedException = ExpectedException.none();

  55. 

  56.   private final ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);

  57.   private final PermissionService permissionService = new PermissionServiceImpl(resourceTypes);

  58.   private final GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient(), new SequenceUuidFactory());

  59.   private GroupDto group;

  60.   private ComponentDto privateProject;

  61.   private ComponentDto publicProject;

  62. 

  63.   @Before

  64.   public void setUp() {

  65.     group = db.users().insertGroup("a-group");

  66.     privateProject = db.components().insertPrivateProject();

  67.     publicProject = db.components().insertPublicProject();

  68.   }

  69. 

  70.   @Test

  71.   public void apply_adds_global_permission_to_group() {

  72.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  73. 

  74.     apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupUuid, permissionService));

  75. 

  76.     assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);

  77.   }

  78. 

  79.   @Test

  80.   public void apply_adds_global_permission_to_group_AnyOne() {

  81.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

  82. 

  83.     apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupUuid, permissionService));

  84. 

  85.     assertThat(db.users().selectAnyonePermissions(null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);

  86.   }

  87. 

  88.   @Test

  89.   public void apply_fails_with_BadRequestException_when_adding_any_permission_to_group_AnyOne_on_private_project() {

  90.     GroupUuidOrAnyone anyOneGroup = GroupUuidOrAnyone.forAnyone();

  91.     permissionService.getAllProjectPermissions()

  92.       .forEach(perm -> {

  93.         GroupPermissionChange change = new GroupPermissionChange(PermissionChange.Operation.ADD, perm, privateProject, anyOneGroup, permissionService);

  94.         try {

  95.           apply(change);

  96.           fail("a BadRequestException should have been thrown");

  97.         } catch (BadRequestException e) {

  98.           assertThat(e).hasMessage("No permission can be granted to Anyone on a private component");

  99.         }

  100.       });

  101.   }

  102. 

  103.   @Test

  104.   public void apply_has_no_effect_when_removing_any_permission_to_group_AnyOne_on_private_project() {

  105.     permissionService.getAllProjectPermissions()

  106.       .forEach(this::unsafeInsertProjectPermissionOnAnyone);

  107. 

  108.     GroupUuidOrAnyone anyOneGroup = GroupUuidOrAnyone.forAnyone();

  109.     permissionService.getAllProjectPermissions()

  110.       .forEach(perm -> {

  111.         apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, perm, privateProject, anyOneGroup, permissionService));

  112. 

  113.         assertThat(db.users().selectAnyonePermissions(privateProject)).contains(perm);

  114.       });

  115.   }

  116. 

  117.   @Test

  118.   public void apply_adds_permission_USER_to_group_on_private_project() {

  119.     applyAddsPermissionToGroupOnPrivateProject(UserRole.USER);

  120.   }

  121. 

  122.   @Test

  123.   public void apply_adds_permission_CODEVIEWER_to_group_on_private_project() {

  124.     applyAddsPermissionToGroupOnPrivateProject(UserRole.CODEVIEWER);

  125.   }

  126. 

  127.   @Test

  128.   public void apply_adds_permission_ADMIN_to_group_on_private_project() {

  129.     applyAddsPermissionToGroupOnPrivateProject(UserRole.ADMIN);

  130.   }

  131. 

  132.   @Test

  133.   public void apply_adds_permission_ISSUE_ADMIN_to_group_on_private_project() {

  134.     applyAddsPermissionToGroupOnPrivateProject(UserRole.ISSUE_ADMIN);

  135.   }

  136. 

  137.   @Test

  138.   public void apply_adds_permission_SCAN_EXECUTION_to_group_on_private_project() {

  139.     applyAddsPermissionToGroupOnPrivateProject(GlobalPermissions.SCAN_EXECUTION);

  140.   }

  141. 

  142.   private void applyAddsPermissionToGroupOnPrivateProject(String permission) {

  143.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  144. 

  145.     apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, privateProject, groupUuid, permissionService));

  146. 

  147.     assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();

  148.     assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(permission);

  149.   }

  150. 

  151.   @Test

  152.   public void apply_removes_permission_USER_from_group_on_private_project() {

  153.     applyRemovesPermissionFromGroupOnPrivateProject(UserRole.USER);

  154.   }

  155. 

  156.   @Test

  157.   public void apply_removes_permission_CODEVIEWER_from_group_on_private_project() {

  158.     applyRemovesPermissionFromGroupOnPrivateProject(UserRole.CODEVIEWER);

  159.   }

  160. 

  161.   @Test

  162.   public void apply_removes_permission_ADMIN_from_on_private_project() {

  163.     applyRemovesPermissionFromGroupOnPrivateProject(UserRole.ADMIN);

  164.   }

  165. 

  166.   @Test

  167.   public void apply_removes_permission_ISSUE_ADMIN_from_on_private_project() {

  168.     applyRemovesPermissionFromGroupOnPrivateProject(UserRole.ISSUE_ADMIN);

  169.   }

  170. 

  171.   @Test

  172.   public void apply_removes_permission_SCAN_EXECUTION_from_on_private_project() {

  173.     applyRemovesPermissionFromGroupOnPrivateProject(GlobalPermissions.SCAN_EXECUTION);

  174.   }

  175. 

  176.   private void applyRemovesPermissionFromGroupOnPrivateProject(String permission) {

  177.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  178.     db.users().insertProjectPermissionOnGroup(group, permission, privateProject);

  179. 

  180.     apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, privateProject, groupUuid, permissionService));

  181. 

  182.     assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(permission);

  183.   }

  184. 

  185.   @Test

  186.   public void apply_has_no_effect_when_adding_USER_permission_to_group_AnyOne_on_a_public_project() {

  187.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

  188. 

  189.     apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.USER, publicProject, groupUuid, permissionService));

  190. 

  191.     assertThat(db.users().selectAnyonePermissions(publicProject)).isEmpty();

  192.   }

  193. 

  194.   @Test

  195.   public void apply_has_no_effect_when_adding_CODEVIEWER_permission_to_group_AnyOne_on_a_public_project() {

  196.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

  197. 

  198.     apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.CODEVIEWER, publicProject, groupUuid, permissionService));

  199. 

  200.     assertThat(db.users().selectAnyonePermissions(publicProject)).isEmpty();

  201.   }

  202. 

  203.   @Test

  204.   public void apply_fails_with_BadRequestException_when_adding_permission_ADMIN_to_group_AnyOne_on_a_public_project() {

  205.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

  206. 

  207.     expectedException.expect(BadRequestException.class);

  208.     expectedException.expectMessage("It is not possible to add the 'admin' permission to group 'Anyone'");

  209. 

  210.     apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.ADMIN, publicProject, groupUuid, permissionService));

  211.   }

  212. 

  213.   @Test

  214.   public void apply_adds_permission_ISSUE_ADMIN_to_group_AnyOne_on_a_public_project() {

  215.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

  216. 

  217.     apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.ISSUE_ADMIN, publicProject, groupUuid, permissionService));

  218. 

  219.     assertThat(db.users().selectAnyonePermissions(publicProject)).containsOnly(UserRole.ISSUE_ADMIN);

  220.   }

  221. 

  222.   @Test

  223.   public void apply_adds_permission_SCAN_EXECUTION_to_group_AnyOne_on_a_public_project() {

  224.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

  225. 

  226.     apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.SCAN_EXECUTION, publicProject, groupUuid, permissionService));

  227. 

  228.     assertThat(db.users().selectAnyonePermissions(publicProject)).containsOnly(GlobalPermissions.SCAN_EXECUTION);

  229.   }

  230. 

  231.   @Test

  232.   public void apply_fails_with_BadRequestException_when_removing_USER_permission_from_group_AnyOne_on_a_public_project() {

  233.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

  234. 

  235.     expectedException.expect(BadRequestException.class);

  236.     expectedException.expectMessage("Permission user can't be removed from a public component");

  237. 

  238.     apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.USER, publicProject, groupUuid, permissionService));

  239.   }

  240. 

  241.   @Test

  242.   public void apply_fails_with_BadRequestException_when_removing_CODEVIEWER_permission_from_group_AnyOne_on_a_public_project() {

  243.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

  244. 

  245.     expectedException.expect(BadRequestException.class);

  246.     expectedException.expectMessage("Permission codeviewer can't be removed from a public component");

  247. 

  248.     apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, publicProject, groupUuid, permissionService));

  249.   }

  250. 

  251.   @Test

  252.   public void apply_removes_ADMIN_permission_from_group_AnyOne_on_a_public_project() {

  253.     applyRemovesPermissionFromGroupAnyOneOnAPublicProject(UserRole.ADMIN);

  254.   }

  255. 

  256.   @Test

  257.   public void apply_removes_ISSUE_ADMIN_permission_from_group_AnyOne_on_a_public_project() {

  258.     applyRemovesPermissionFromGroupAnyOneOnAPublicProject(UserRole.ISSUE_ADMIN);

  259.   }

  260. 

  261.   @Test

  262.   public void apply_removes_SCAN_EXECUTION_permission_from_group_AnyOne_on_a_public_project() {

  263.     applyRemovesPermissionFromGroupAnyOneOnAPublicProject(GlobalPermissions.SCAN_EXECUTION);

  264.   }

  265. 

  266.   private void applyRemovesPermissionFromGroupAnyOneOnAPublicProject(String permission) {

  267.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

  268.     db.users().insertProjectPermissionOnAnyone(permission, publicProject);

  269. 

  270.     apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, permission, publicProject, groupUuid, permissionService));

  271. 

  272.     assertThat(db.users().selectAnyonePermissions(publicProject)).isEmpty();

  273.   }

  274. 

  275.   @Test

  276.   public void apply_fails_with_BadRequestException_when_removing_USER_permission_from_a_group_on_a_public_project() {

  277.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  278. 

  279.     expectedException.expect(BadRequestException.class);

  280.     expectedException.expectMessage("Permission user can't be removed from a public component");

  281. 

  282.     apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.USER, publicProject, groupUuid, permissionService));

  283.   }

  284. 

  285.   @Test

  286.   public void apply_fails_with_BadRequestException_when_removing_CODEVIEWER_permission_from_a_group_on_a_public_project() {

  287.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  288. 

  289.     expectedException.expect(BadRequestException.class);

  290.     expectedException.expectMessage("Permission codeviewer can't be removed from a public component");

  291. 

  292.     apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, publicProject, groupUuid, permissionService));

  293.   }

  294. 

  295.   @Test

  296.   public void add_permission_to_anyone() {

  297.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.forAnyone();

  298. 

  299.     apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupUuid, permissionService));

  300. 

  301.     assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();

  302.     assertThat(db.users().selectAnyonePermissions(null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN);

  303.   }

  304. 

  305.   @Test

  306.   public void do_nothing_when_adding_permission_that_already_exists() {

  307.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  308.     db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES);

  309. 

  310.     apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupUuid, permissionService));

  311. 

  312.     assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey());

  313.   }

  314. 

  315.   @Test

  316.   public void fail_to_add_global_permission_but_SCAN_and_ADMIN_on_private_project() {

  317.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  318. 

  319.     permissionService.getGlobalPermissions().stream()

  320.       .map(GlobalPermission::getKey)

  321.       .filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm))

  322.       .forEach(perm -> {

  323.         try {

  324.           new GroupPermissionChange(PermissionChange.Operation.ADD, perm, privateProject, groupUuid, permissionService);

  325.           fail("a BadRequestException should have been thrown for permission " + perm);

  326.         } catch (BadRequestException e) {

  327.           assertThat(e).hasMessage("Invalid project permission '" + perm +

  328.             "'. Valid values are [" + StringUtils.join(permissionService.getAllProjectPermissions(), ", ") + "]");

  329.         }

  330.       });

  331.   }

  332. 

  333.   @Test

  334.   public void fail_to_add_global_permission_but_SCAN_and_ADMIN_on_public_project() {

  335.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  336. 

  337.     permissionService.getGlobalPermissions().stream()

  338.       .map(GlobalPermission::getKey)

  339.       .filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm))

  340.       .forEach(perm -> {

  341.         try {

  342.           new GroupPermissionChange(PermissionChange.Operation.ADD, perm, publicProject, groupUuid, permissionService);

  343.           fail("a BadRequestException should have been thrown for permission " + perm);

  344.         } catch (BadRequestException e) {

  345.           assertThat(e).hasMessage("Invalid project permission '" + perm +

  346.             "'. Valid values are [" + StringUtils.join(permissionService.getAllProjectPermissions(), ", ") + "]");

  347.         }

  348.       });

  349.   }

  350. 

  351.   @Test

  352.   public void fail_to_add_project_permission_but_SCAN_and_ADMIN_on_global_group() {

  353.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  354. 

  355.     permissionService.getAllProjectPermissions()

  356.       .stream()

  357.       .filter(perm -> !GlobalPermissions.SCAN_EXECUTION.equals(perm) && !GlobalPermission.ADMINISTER.getKey().equals(perm))

  358.       .forEach(permission -> {

  359.         try {

  360.           new GroupPermissionChange(PermissionChange.Operation.ADD, permission, null, groupUuid, permissionService);

  361.           fail("a BadRequestException should have been thrown for permission " + permission);

  362.         } catch (BadRequestException e) {

  363.           assertThat(e).hasMessage("Invalid global permission '" + permission + "'. Valid values are [admin, gateadmin, profileadmin, provisioning, scan]");

  364.         }

  365.       });

  366.   }

  367. 

  368.   @Test

  369.   public void remove_permission_from_group() {

  370.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  371.     db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES);

  372.     db.users().insertPermissionOnGroup(group, PROVISION_PROJECTS);

  373. 

  374.     apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupUuid, permissionService));

  375. 

  376.     assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(PROVISION_PROJECTS.getKey());

  377.   }

  378. 

  379.   @Test

  380.   public void remove_project_permission_from_group() {

  381.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  382.     db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES);

  383.     db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, privateProject);

  384.     db.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, privateProject);

  385. 

  386.     apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, privateProject, groupUuid, permissionService));

  387. 

  388.     assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey());

  389.     assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(UserRole.CODEVIEWER);

  390.   }

  391. 

  392.   @Test

  393.   public void do_not_fail_if_removing_a_permission_that_does_not_exist() {

  394.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  395. 

  396.     apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, privateProject, groupUuid, permissionService));

  397. 

  398.     assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();

  399.     assertThat(db.users().selectGroupPermissions(group, privateProject)).isEmpty();

  400.   }

  401. 

  402.   @Test

  403.   public void fail_to_remove_admin_permission_if_no_more_admins() {

  404.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  405.     db.users().insertPermissionOnGroup(group, ADMINISTER);

  406. 

  407.     expectedException.expect(BadRequestException.class);

  408.     expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed.");

  409. 

  410.     underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupUuid, permissionService));

  411.   }

  412. 

  413.   @Test

  414.   public void remove_admin_group_if_still_other_admins() {

  415.     GroupUuidOrAnyone groupUuid = GroupUuidOrAnyone.from(group);

  416.     db.users().insertPermissionOnGroup(group, ADMINISTER);

  417.     UserDto admin = db.users().insertUser();

  418.     db.users().insertPermissionOnUser(admin, ADMINISTER);

  419. 

  420.     apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupUuid, permissionService));

  421. 

  422.     assertThat(db.users().selectGroupPermissions(group, null)).isEmpty();

  423.   }

  424. 

  425.   private void apply(GroupPermissionChange change) {

  426.     underTest.apply(db.getSession(), change);

  427.     db.commit();

  428.   }

  429. 

  430.   private void unsafeInsertProjectPermissionOnAnyone(String perm) {

  431.     GroupPermissionDto dto = new GroupPermissionDto()

  432.       .setUuid(Uuids.createFast())

  433.       .setGroupUuid(null)

  434.       .setRole(perm)

  435.       .setComponentUuid(privateProject.uuid())

  436.       .setComponentName(privateProject.name());

  437.     db.getDbClient().groupPermissionDao().insert(db.getSession(), dto, privateProject, null);

  438.     db.commit();

  439.   }

  440. }