mirrors
/
sonarqube
镜像来自 https://github.com/SonarSource/sonarqube.git
關注 1
收藏 0
複製 0
程式碼 問題 0 版本發佈 237 Wiki 活動
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31233 提交
59 分支
目錄樹: 680aed78d5
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 '680aed78d5'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java

UserPermissionChangerTest.java 14KB
原始文件 Blame 歷史記錄

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2021 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.permission;

  21. 

  22. import org.apache.commons.lang.StringUtils;

  23. import org.junit.Before;

  24. import org.junit.Rule;

  25. import org.junit.Test;

  26. import org.junit.rules.ExpectedException;

  27. import org.sonar.api.resources.Qualifiers;

  28. import org.sonar.api.resources.ResourceTypes;

  29. import org.sonar.api.utils.System2;

  30. import org.sonar.core.util.SequenceUuidFactory;

  31. import org.sonar.db.DbTester;

  32. import org.sonar.db.component.ComponentDto;

  33. import org.sonar.db.component.ResourceTypesRule;

  34. import org.sonar.db.permission.GlobalPermission;

  35. import org.sonar.db.user.GroupDto;

  36. import org.sonar.db.user.UserDto;

  37. import org.sonar.db.user.UserIdDto;

  38. import org.sonar.server.exceptions.BadRequestException;

  39. 

  40. import static org.assertj.core.api.Assertions.assertThat;

  41. import static org.sonar.api.web.UserRole.ADMIN;

  42. import static org.sonar.api.web.UserRole.CODEVIEWER;

  43. import static org.sonar.api.web.UserRole.ISSUE_ADMIN;

  44. import static org.sonar.api.web.UserRole.USER;

  45. import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;

  46. import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;

  47. import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;

  48. import static org.sonar.db.permission.GlobalPermission.ADMINISTER;

  49. import static org.sonar.db.permission.GlobalPermission.ADMINISTER_QUALITY_GATES;

  50. import static org.sonar.db.permission.GlobalPermission.SCAN;

  51. import static org.sonar.server.permission.PermissionChange.Operation.ADD;

  52. import static org.sonar.server.permission.PermissionChange.Operation.REMOVE;

  53. 

  54. public class UserPermissionChangerTest {

  55.   @Rule

  56.   public DbTester db = DbTester.create(System2.INSTANCE);

  57. 

  58.   @Rule

  59.   public ExpectedException expectedException = ExpectedException.none();

  60. 

  61.   private final ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);

  62.   private final PermissionService permissionService = new PermissionServiceImpl(resourceTypes);

  63.   private final UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient(), new SequenceUuidFactory());

  64.   private UserDto user1;

  65.   private UserDto user2;

  66.   private ComponentDto privateProject;

  67.   private ComponentDto publicProject;

  68. 

  69.   @Before

  70.   public void setUp() {

  71.     user1 = db.users().insertUser();

  72.     user2 = db.users().insertUser();

  73.     privateProject = db.components().insertPrivateProject();

  74.     publicProject = db.components().insertPublicProject();

  75.   }

  76. 

  77.   @Test

  78.   public void apply_adds_any_global_permission_to_user() {

  79.     permissionService.getGlobalPermissions()

  80.       .forEach(perm -> {

  81.         UserPermissionChange change = new UserPermissionChange(ADD, perm.getKey(), null, UserIdDto.from(user1), permissionService);

  82. 

  83.         apply(change);

  84. 

  85.         assertThat(db.users().selectPermissionsOfUser(user1)).contains(perm);

  86.       });

  87.   }

  88. 

  89.   @Test

  90.   public void apply_removes_any_global_permission_to_user() {

  91.     // give ADMIN perm to user2 so that user1 is not the only one with this permission and it can be removed from user1

  92.     db.users().insertPermissionOnUser(user2, GlobalPermission.ADMINISTER);

  93.     permissionService.getGlobalPermissions()

  94.       .forEach(perm -> db.users().insertPermissionOnUser(user1, perm));

  95.     assertThat(db.users().selectPermissionsOfUser(user1))

  96.       .containsOnly(permissionService.getGlobalPermissions().toArray(new GlobalPermission[0]));

  97. 

  98.     permissionService.getGlobalPermissions()

  99.       .forEach(perm -> {

  100.         UserPermissionChange change = new UserPermissionChange(REMOVE, perm.getKey(), null, UserIdDto.from(user1), permissionService);

  101. 

  102.         apply(change);

  103. 

  104.         assertThat(db.users().selectPermissionsOfUser(user1)).doesNotContain(perm);

  105.       });

  106.   }

  107. 

  108.   @Test

  109.   public void apply_has_no_effect_when_adding_permission_USER_on_a_public_project() {

  110.     UserPermissionChange change = new UserPermissionChange(ADD, USER, publicProject, UserIdDto.from(user1), permissionService);

  111. 

  112.     apply(change);

  113. 

  114.     assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).doesNotContain(USER);

  115.   }

  116. 

  117.   @Test

  118.   public void apply_has_no_effect_when_adding_permission_CODEVIEWER_on_a_public_project() {

  119.     UserPermissionChange change = new UserPermissionChange(ADD, CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);

  120. 

  121.     apply(change);

  122. 

  123.     assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).doesNotContain(CODEVIEWER);

  124.   }

  125. 

  126.   @Test

  127.   public void apply_adds_permission_ADMIN_on_a_public_project() {

  128.     applyAddsPermissionOnAPublicProject(ADMIN);

  129.   }

  130. 

  131.   @Test

  132.   public void apply_adds_permission_ISSUE_ADMIN_on_a_public_project() {

  133.     applyAddsPermissionOnAPublicProject(ISSUE_ADMIN);

  134.   }

  135. 

  136.   @Test

  137.   public void apply_adds_permission_SCAN_EXECUTION_on_a_public_project() {

  138.     applyAddsPermissionOnAPublicProject(SCAN_EXECUTION);

  139.   }

  140. 

  141.   private void applyAddsPermissionOnAPublicProject(String permission) {

  142.     UserPermissionChange change = new UserPermissionChange(ADD, permission, publicProject, UserIdDto.from(user1), permissionService);

  143. 

  144.     apply(change);

  145. 

  146.     assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).containsOnly(permission);

  147.   }

  148. 

  149.   @Test

  150.   public void apply_fails_with_BadRequestException_when_removing_permission_USER_from_a_public_project() {

  151.     UserPermissionChange change = new UserPermissionChange(REMOVE, USER, publicProject, UserIdDto.from(user1), permissionService);

  152. 

  153.     expectedException.expect(BadRequestException.class);

  154.     expectedException.expectMessage("Permission user can't be removed from a public component");

  155. 

  156.     apply(change);

  157.   }

  158. 

  159.   @Test

  160.   public void apply_fails_with_BadRequestException_when_removing_permission_CODEVIEWER_from_a_public_project() {

  161.     UserPermissionChange change = new UserPermissionChange(REMOVE, CODEVIEWER, publicProject, UserIdDto.from(user1), permissionService);

  162. 

  163.     expectedException.expect(BadRequestException.class);

  164.     expectedException.expectMessage("Permission codeviewer can't be removed from a public component");

  165. 

  166.     apply(change);

  167.   }

  168. 

  169.   @Test

  170.   public void apply_removes_permission_ADMIN_from_a_public_project() {

  171.     applyRemovesPermissionFromPublicProject(ADMIN);

  172.   }

  173. 

  174.   @Test

  175.   public void apply_removes_permission_ISSUE_ADMIN_from_a_public_project() {

  176.     applyRemovesPermissionFromPublicProject(ISSUE_ADMIN);

  177.   }

  178. 

  179.   @Test

  180.   public void apply_removes_permission_SCAN_EXECUTION_from_a_public_project() {

  181.     applyRemovesPermissionFromPublicProject(SCAN_EXECUTION);

  182.   }

  183. 

  184.   private void applyRemovesPermissionFromPublicProject(String permission) {

  185.     db.users().insertProjectPermissionOnUser(user1, permission, publicProject);

  186.     UserPermissionChange change = new UserPermissionChange(REMOVE, permission, publicProject, UserIdDto.from(user1), permissionService);

  187. 

  188.     apply(change);

  189. 

  190.     assertThat(db.users().selectProjectPermissionsOfUser(user1, publicProject)).isEmpty();

  191.   }

  192. 

  193.   @Test

  194.   public void apply_adds_any_permission_to_a_private_project() {

  195.     permissionService.getAllProjectPermissions()

  196.       .forEach(permission -> {

  197.         UserPermissionChange change = new UserPermissionChange(ADD, permission, privateProject, UserIdDto.from(user1), permissionService);

  198. 

  199.         apply(change);

  200. 

  201.         assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).contains(permission);

  202.       });

  203.   }

  204. 

  205.   @Test

  206.   public void apply_removes_any_permission_from_a_private_project() {

  207.     permissionService.getAllProjectPermissions()

  208.       .forEach(permission -> db.users().insertProjectPermissionOnUser(user1, permission, privateProject));

  209. 

  210.     permissionService.getAllProjectPermissions()

  211.       .forEach(permission -> {

  212.         UserPermissionChange change = new UserPermissionChange(REMOVE, permission, privateProject, UserIdDto.from(user1), permissionService);

  213. 

  214.         apply(change);

  215. 

  216.         assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).doesNotContain(permission);

  217.       });

  218.   }

  219. 

  220.   @Test

  221.   public void add_global_permission_to_user() {

  222.     UserPermissionChange change = new UserPermissionChange(ADD, SCAN_EXECUTION, null, UserIdDto.from(user1), permissionService);

  223. 

  224.     apply(change);

  225. 

  226.     assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(SCAN);

  227.     assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).isEmpty();

  228.     assertThat(db.users().selectPermissionsOfUser(user2)).isEmpty();

  229.     assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).isEmpty();

  230.   }

  231. 

  232.   @Test

  233.   public void add_project_permission_to_user() {

  234.     UserPermissionChange change = new UserPermissionChange(ADD, ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);

  235.     apply(change);

  236. 

  237.     assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();

  238.     assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).contains(ISSUE_ADMIN);

  239.     assertThat(db.users().selectPermissionsOfUser(user2)).isEmpty();

  240.     assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).isEmpty();

  241.   }

  242. 

  243.   @Test

  244.   public void do_nothing_when_adding_global_permission_that_already_exists() {

  245.     db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);

  246. 

  247.     UserPermissionChange change = new UserPermissionChange(ADD, QUALITY_GATE_ADMIN, null, UserIdDto.from(user1), permissionService);

  248.     apply(change);

  249. 

  250.     assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(ADMINISTER_QUALITY_GATES);

  251.   }

  252. 

  253.   @Test

  254.   public void fail_to_add_global_permission_on_project() {

  255.     expectedException.expect(BadRequestException.class);

  256.     expectedException.expectMessage("Invalid project permission 'gateadmin'. Valid values are [" + StringUtils.join(permissionService.getAllProjectPermissions(), ", ") + "]");

  257. 

  258.     UserPermissionChange change = new UserPermissionChange(ADD, QUALITY_GATE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);

  259.     apply(change);

  260.   }

  261. 

  262.   @Test

  263.   public void fail_to_add_project_permission() {

  264.     expectedException.expect(BadRequestException.class);

  265.     expectedException.expectMessage("Invalid global permission 'issueadmin'. Valid values are [admin, gateadmin, profileadmin, provisioning, scan]");

  266. 

  267.     UserPermissionChange change = new UserPermissionChange(ADD, ISSUE_ADMIN, null, UserIdDto.from(user1), permissionService);

  268.     apply(change);

  269.   }

  270. 

  271.   @Test

  272.   public void remove_global_permission_from_user() {

  273.     db.users().insertPermissionOnUser(user1, QUALITY_GATE_ADMIN);

  274.     db.users().insertPermissionOnUser(user1, SCAN_EXECUTION);

  275.     db.users().insertPermissionOnUser(user2, QUALITY_GATE_ADMIN);

  276.     db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, privateProject);

  277. 

  278.     UserPermissionChange change = new UserPermissionChange(REMOVE, QUALITY_GATE_ADMIN, null, UserIdDto.from(user1), permissionService);

  279.     apply(change);

  280. 

  281.     assertThat(db.users().selectPermissionsOfUser(user1)).containsOnly(SCAN);

  282.     assertThat(db.users().selectPermissionsOfUser(user2)).containsOnly(ADMINISTER_QUALITY_GATES);

  283.     assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(ISSUE_ADMIN);

  284.   }

  285. 

  286.   @Test

  287.   public void remove_project_permission_from_user() {

  288.     ComponentDto project2 = db.components().insertPrivateProject();

  289.     db.users().insertPermissionOnUser(user1, ADMINISTER_QUALITY_GATES);

  290.     db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, privateProject);

  291.     db.users().insertProjectPermissionOnUser(user1, USER, privateProject);

  292.     db.users().insertProjectPermissionOnUser(user2, ISSUE_ADMIN, privateProject);

  293.     db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, project2);

  294. 

  295.     UserPermissionChange change = new UserPermissionChange(REMOVE, ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);

  296.     apply(change);

  297. 

  298.     assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(USER);

  299.     assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).containsOnly(ISSUE_ADMIN);

  300.     assertThat(db.users().selectProjectPermissionsOfUser(user1, project2)).containsOnly(ISSUE_ADMIN);

  301.   }

  302. 

  303.   @Test

  304.   public void do_not_fail_if_removing_a_global_permission_that_does_not_exist() {

  305.     UserPermissionChange change = new UserPermissionChange(REMOVE, QUALITY_GATE_ADMIN, null, UserIdDto.from(user1), permissionService);

  306.     apply(change);

  307. 

  308.     assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();

  309.   }

  310. 

  311.   @Test

  312.   public void do_not_fail_if_removing_a_project_permission_that_does_not_exist() {

  313.     UserPermissionChange change = new UserPermissionChange(REMOVE, ISSUE_ADMIN, privateProject, UserIdDto.from(user1), permissionService);

  314.     apply(change);

  315. 

  316.     assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).isEmpty();

  317.   }

  318. 

  319.   @Test

  320.   public void fail_to_remove_admin_global_permission_if_no_more_admins() {

  321.     db.users().insertPermissionOnUser(user1, SYSTEM_ADMIN);

  322. 

  323.     expectedException.expect(BadRequestException.class);

  324.     expectedException.expectMessage("Last user with permission 'admin'. Permission cannot be removed.");

  325. 

  326.     UserPermissionChange change = new UserPermissionChange(REMOVE, SYSTEM_ADMIN, null, UserIdDto.from(user1), permissionService);

  327.     underTest.apply(db.getSession(), change);

  328.   }

  329. 

  330.   @Test

  331.   public void remove_admin_user_if_still_other_admins() {

  332.     db.users().insertPermissionOnUser(user1, ADMINISTER);

  333.     GroupDto admins = db.users().insertGroup("admins");

  334.     db.users().insertMember(admins, user2);

  335.     db.users().insertPermissionOnGroup(admins, ADMINISTER);

  336. 

  337.     UserPermissionChange change = new UserPermissionChange(REMOVE, ADMINISTER.getKey(), null, UserIdDto.from(user1), permissionService);

  338.     underTest.apply(db.getSession(), change);

  339. 

  340.     assertThat(db.users().selectPermissionsOfUser(user1)).isEmpty();

  341.   }

  342. 

  343.   private void apply(UserPermissionChange change) {

  344.     underTest.apply(db.getSession(), change);

  345.     db.commit();

  346.   }

  347. }