mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30152 Commits
59 Branches
Tree: 7de02f77f4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7de02f77f4'
${ noResults }
sonarqube/server/sonar-db-dao/src/test/java/org/sonar/db/permission/UserPermissionDaoTest.java

UserPermissionDaoTest.java 33KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2020 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.db.permission;

  21. 

  22. import java.util.ArrayList;

  23. import java.util.Arrays;

  24. import java.util.Collection;

  25. import java.util.List;

  26. import java.util.Random;

  27. import java.util.function.Consumer;

  28. import java.util.stream.IntStream;

  29. import org.assertj.core.groups.Tuple;

  30. import org.junit.Rule;

  31. import org.junit.Test;

  32. import org.sonar.api.utils.System2;

  33. import org.sonar.api.web.UserRole;

  34. import org.sonar.core.util.Uuids;

  35. import org.sonar.db.DbSession;

  36. import org.sonar.db.DbTester;

  37. import org.sonar.db.component.ComponentDto;

  38. import org.sonar.db.organization.OrganizationDto;

  39. import org.sonar.db.user.UserDto;

  40. 

  41. import static java.util.Arrays.asList;

  42. import static java.util.Arrays.stream;

  43. import static java.util.Collections.emptyList;

  44. import static java.util.Collections.singletonList;

  45. import static org.assertj.core.api.Assertions.assertThat;

  46. import static org.assertj.core.api.Assertions.tuple;

  47. import static org.sonar.api.web.UserRole.ADMIN;

  48. import static org.sonar.api.web.UserRole.ISSUE_ADMIN;

  49. import static org.sonar.api.web.UserRole.USER;

  50. import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;

  51. import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;

  52. import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;

  53. import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;

  54. import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;

  55. import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;

  56. import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;

  57. import static org.sonar.db.permission.OrganizationPermission.SCAN;

  58. import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE;

  59. 

  60. public class UserPermissionDaoTest {

  61. 

  62.   @Rule

  63.   public DbTester db = DbTester.create(System2.INSTANCE);

  64. 

  65.   private DbSession dbSession = db.getSession();

  66.   private UserPermissionDao underTest = new UserPermissionDao();

  67. 

  68.   @Test

  69.   public void select_global_permissions() {

  70.     OrganizationDto org2 = db.organizations().insert();

  71.     UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));

  72.     UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));

  73.     UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com"));

  74.     ComponentDto project = db.components().insertPrivateProject();

  75.     UserPermissionDto global1 = addGlobalPermission(SYSTEM_ADMIN, user1);

  76.     UserPermissionDto global2 = addGlobalPermission(SYSTEM_ADMIN, user2);

  77.     UserPermissionDto global3 = addGlobalPermission(PROVISIONING, user2);

  78.     UserPermissionDto project1Perm = addProjectPermission(USER, user3, project);

  79. 

  80.     // global permissions of users who has at least one global permission, ordered by user name then permission

  81.     PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().build();

  82.     expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global3, global1);

  83. 

  84.     // default query returns all users, whatever their permissions nor organizations

  85.     // (that's a non-sense, but still this is required for api/permissions/groups

  86.     // when filtering users by name)

  87.     query = PermissionQuery.builder().build();

  88.     expectPermissions(query, asList(user2.getUuid(), user1.getUuid(), user3.getUuid()), global2, global3, global1, project1Perm);

  89. 

  90.     // global permissions "admin"

  91.     query = PermissionQuery.builder().setPermission(SYSTEM_ADMIN).build();

  92.     expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global1);

  93. 

  94.     // empty if nobody has the specified global permission

  95.     query = PermissionQuery.builder().setPermission("missing").build();

  96.     expectPermissions(query, emptyList());

  97. 

  98.     // search by user name (matches 2 users)

  99.     query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("mari").build();

  100.     expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), global2, global3, global1);

  101. 

  102.     // search by user login

  103.     query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("ogin2").build();

  104.     expectPermissions(query, singletonList(user2.getUuid()), global2, global3);

  105. 

  106.     // search by user email

  107.     query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("mail2").build();

  108.     expectPermissions(query, singletonList(user2.getUuid()), global2, global3);

  109. 

  110.     // search by user name (matches 2 users) and global permission

  111.     query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(PROVISIONING).build();

  112.     expectPermissions(query, singletonList(user2.getUuid()), global3);

  113. 

  114.     // search by user name (no match)

  115.     query = PermissionQuery.builder().setSearchQuery("Unknown").build();

  116.     expectPermissions(query, emptyList());

  117.   }

  118. 

  119.   @Test

  120.   public void select_project_permissions() {

  121.     UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));

  122.     UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));

  123.     UserDto user3 = insertUser(u -> u.setLogin("zanother").setName("Zoe").setEmail("zanother3@another.com"));

  124.     addGlobalPermission(SYSTEM_ADMIN, user1);

  125.     ComponentDto project1 = db.components().insertPrivateProject();

  126.     ComponentDto project2 = db.components().insertPrivateProject();

  127.     UserPermissionDto perm1 = addProjectPermission(USER, user1, project1);

  128.     UserPermissionDto perm2 = addProjectPermission(ISSUE_ADMIN, user1, project1);

  129.     UserPermissionDto perm3 = addProjectPermission(ISSUE_ADMIN, user2, project1);

  130.     addProjectPermission(ISSUE_ADMIN, user3, project2);

  131. 

  132.     // project permissions of users who has at least one permission on this project

  133.     PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().setComponent(project1).build();

  134.     expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2, perm1);

  135. 

  136.     // empty if nobody has the specified global permission

  137.     query = PermissionQuery.builder().setPermission("missing").setComponent(project1).build();

  138.     expectPermissions(query, emptyList());

  139. 

  140.     // search by user name (matches 2 users), users with at least one permission

  141.     query = PermissionQuery.builder().setSearchQuery("Mari").withAtLeastOnePermission().setComponent(project1).build();

  142.     expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2, perm1);

  143. 

  144.     // search by user name (matches 2 users) and project permission

  145.     query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(ISSUE_ADMIN).setComponent(project1).build();

  146.     expectPermissions(query, asList(user2.getUuid(), user1.getUuid()), perm3, perm2);

  147. 

  148.     // search by user name (no match)

  149.     query = PermissionQuery.builder().setSearchQuery("Unknown").setComponent(project1).build();

  150.     expectPermissions(query, emptyList());

  151. 

  152.     // permissions of unknown project

  153.     query = PermissionQuery.builder().setComponent(newPrivateProjectDto(db.getDefaultOrganization())).withAtLeastOnePermission().build();

  154.     expectPermissions(query, emptyList());

  155.   }

  156. 

  157.   @Test

  158.   public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase() {

  159.     UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com"));

  160.     UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com"));

  161.     UserDto user3 = insertUser(u -> u.setLogin("login3").setName("Z").setEmail("zanother3@another.com"));

  162.     UserDto user4 = insertUser(u -> u.setLogin("login4").setName("A").setEmail("zanother3@another.com"));

  163.     addGlobalPermission(SYSTEM_ADMIN, user1);

  164.     addGlobalPermission(QUALITY_PROFILE_ADMIN, user2);

  165. 

  166.     PermissionQuery query = PermissionQuery.builder().build();

  167. 

  168.     assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query))

  169.       .containsExactly(user2.getUuid(), user1.getUuid(), user4.getUuid(), user3.getUuid());

  170.   }

  171. 

  172.   @Test

  173.   public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase_when_high_number_of_users_for_global_permissions() {

  174.     ComponentDto project = db.components().insertPrivateProject();

  175.     IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> {

  176.       UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i));

  177.       // Add permission on project to be sure projects are excluded

  178.       db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project);

  179.     });

  180.     String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1);

  181.     UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin);

  182.     addGlobalPermission(SYSTEM_ADMIN, lastUser);

  183. 

  184.     PermissionQuery query = PermissionQuery.builder().build();

  185. 

  186.     assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query))

  187.       .hasSize(DEFAULT_PAGE_SIZE)

  188.       .startsWith(lastUser.getUuid());

  189.   }

  190. 

  191.   @Test

  192.   public void selectUserUuidsByQuery_is_ordering_by_users_having_permissions_first_then_by_name_lowercase_when_high_number_of_users_for_project_permissions() {

  193.     IntStream.rangeClosed(1, DEFAULT_PAGE_SIZE + 1).forEach(i -> {

  194.       UserDto user = insertUser(u -> u.setLogin("login" + i).setName("" + i));

  195.       // Add global permission to be sure they are excluded

  196.       addGlobalPermission(SYSTEM_ADMIN, user);

  197.     });

  198.     String lastLogin = "login" + (DEFAULT_PAGE_SIZE + 1);

  199.     UserDto lastUser = db.getDbClient().userDao().selectByLogin(dbSession, lastLogin);

  200.     ComponentDto project = db.components().insertPrivateProject();

  201.     db.users().insertProjectPermissionOnUser(lastUser, SCAN.getKey(), project);

  202. 

  203.     PermissionQuery query = PermissionQuery.builder()

  204.       .setComponent(project)

  205.       .build();

  206. 

  207.     assertThat(underTest.selectUserUuidsByQueryAndScope(dbSession, query))

  208.       .hasSize(DEFAULT_PAGE_SIZE)

  209.       .startsWith(lastUser.getUuid());

  210.   }

  211. 

  212.   @Test

  213.   public void selectUserUuidsByQuery_is_not_ordering_by_number_of_permissions() {

  214.     UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Z").setEmail("email1@email.com"));

  215.     UserDto user2 = insertUser(u -> u.setLogin("login2").setName("A").setEmail("email2@email.com"));

  216.     addGlobalPermission(SYSTEM_ADMIN, user1);

  217.     ComponentDto project1 = db.components().insertPrivateProject();

  218.     addProjectPermission(USER, user2, project1);

  219.     addProjectPermission(USER, user1, project1);

  220.     addProjectPermission(ADMIN, user1, project1);

  221. 

  222.     PermissionQuery query = PermissionQuery.builder().build();

  223. 

  224.     // Even if user1 has 3 permissions, the name is used to order

  225.     assertThat(underTest.selectUserUuidsByQuery(dbSession, query))

  226.       .containsExactly(user2.getUuid(), user1.getUuid());

  227.   }

  228. 

  229.   @Test

  230.   public void countUsersByProjectPermission() {

  231.     UserDto user1 = insertUser();

  232.     UserDto user2 = insertUser();

  233.     ComponentDto project1 = db.components().insertPrivateProject();

  234.     ComponentDto project2 = db.components().insertPrivateProject();

  235.     addGlobalPermission(SYSTEM_ADMIN, user1);

  236.     addProjectPermission(USER, user1, project1);

  237.     addProjectPermission(ISSUE_ADMIN, user1, project1);

  238.     addProjectPermission(ISSUE_ADMIN, user2, project1);

  239.     addProjectPermission(ISSUE_ADMIN, user2, project2);

  240. 

  241.     // no projects -> return empty list

  242.     assertThat(underTest.countUsersByProjectPermission(dbSession, emptyList())).isEmpty();

  243. 

  244.     // one project

  245.     expectCount(singletonList(project1.uuid()),

  246.       new CountPerProjectPermission(project1.uuid(), USER, 1),

  247.       new CountPerProjectPermission(project1.uuid(), ISSUE_ADMIN, 2));

  248. 

  249.     // multiple projects

  250.     expectCount(asList(project1.uuid(), project2.uuid(), "invalid"),

  251.       new CountPerProjectPermission(project1.uuid(), USER, 1),

  252.       new CountPerProjectPermission(project1.uuid(), ISSUE_ADMIN, 2),

  253.       new CountPerProjectPermission(project2.uuid(), ISSUE_ADMIN, 1));

  254.   }

  255. 

  256.   @Test

  257.   public void selectUserUuidsByQuery() {

  258.     UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));

  259.     UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));

  260.     ComponentDto project1 = db.components().insertPrivateProject();

  261.     ComponentDto project2 = db.components().insertPrivateProject();

  262.     addProjectPermission(USER, user1, project1);

  263.     addProjectPermission(USER, user2, project1);

  264.     addProjectPermission(ISSUE_ADMIN, user2, project1);

  265. 

  266.     // logins are ordered by user name: user2 ("Marie") then user1 ("Marius")

  267.     PermissionQuery query = PermissionQuery.builder().setComponent(project1).withAtLeastOnePermission().build();

  268.     assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user2.getUuid(), user1.getUuid());

  269.     query = PermissionQuery.builder().setComponent(project2).withAtLeastOnePermission().build();

  270.     assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).isEmpty();

  271. 

  272.     // on a project without permissions

  273.     query = PermissionQuery.builder().setComponent(newPrivateProjectDto(db.getDefaultOrganization())).withAtLeastOnePermission().build();

  274.     assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).isEmpty();

  275. 

  276.     // search all users whose name matches "mar", whatever the permissions

  277.     query = PermissionQuery.builder().setSearchQuery("mar").build();

  278.     assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user2.getUuid(), user1.getUuid());

  279. 

  280.     // search all users whose name matches "mariu", whatever the permissions

  281.     query = PermissionQuery.builder().setSearchQuery("mariu").build();

  282.     assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user1.getUuid());

  283. 

  284.     // search all users whose name matches "mariu", whatever the permissions

  285.     query = PermissionQuery.builder().setSearchQuery("mariu").setComponent(project1).build();

  286.     assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(user1.getUuid());

  287.   }

  288. 

  289.   @Test

  290.   public void selectUserUuidsByQueryAndScope_with_organization_scope() {

  291.     UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));

  292.     UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));

  293.     ComponentDto project1 = db.components().insertPrivateProject();

  294.     ComponentDto project2 = db.components().insertPrivateProject();

  295.     addProjectPermission(USER, user1, project1);

  296.     addGlobalPermission(PROVISIONING, user1);

  297.     addProjectPermission(ISSUE_ADMIN, user2, project2);

  298.     PermissionQuery query = PermissionQuery.builder().build();

  299. 

  300.     List<String> result = underTest.selectUserUuidsByQueryAndScope(dbSession, query);

  301. 

  302.     // users with any kind of global permissions are first on the list and then sorted by name

  303.     assertThat(result).containsExactly(user1.getUuid(), user2.getUuid());

  304.   }

  305. 

  306.   @Test

  307.   public void selectUserUuidsByQueryAndScope_with_project_scope() {

  308.     UserDto user1 = insertUser(u -> u.setLogin("login1").setName("Marius").setEmail("email1@email.com"));

  309.     UserDto user2 = insertUser(u -> u.setLogin("login2").setName("Marie").setEmail("email2@email.com"));

  310.     ComponentDto project1 = db.components().insertPrivateProject();

  311.     ComponentDto project2 = db.components().insertPrivateProject();

  312.     addProjectPermission(USER, user1, project1);

  313.     addGlobalPermission(PROVISIONING, user1);

  314.     addProjectPermission(ISSUE_ADMIN, user2, project2);

  315.     PermissionQuery query = PermissionQuery.builder()

  316.       .setComponent(project1)

  317.       .build();

  318. 

  319.     List<String> result = underTest.selectUserUuidsByQueryAndScope(dbSession, query);

  320. 

  321.     // users with any this projects permissions are first on the list and then sorted by name

  322.     assertThat(result).containsExactly(user1.getUuid(), user2.getUuid());

  323.   }

  324. 

  325.   @Test

  326.   public void selectUserUuidsByQuery_is_paginated() {

  327.     List<String> userUuids = new ArrayList<>();

  328.     for (int i = 0; i < 10; i++) {

  329.       String name = "user-" + i;

  330.       UserDto user = insertUser(u -> u.setName(name));

  331.       addGlobalPermission(PROVISIONING, user);

  332.       addGlobalPermission(SYSTEM_ADMIN, user);

  333.       userUuids.add(user.getUuid());

  334.     }

  335. 

  336.     assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder()

  337.       .setPageSize(3).setPageIndex(1).build()))

  338.       .containsExactly(userUuids.get(0), userUuids.get(1), userUuids.get(2));

  339.     assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder()

  340.       .setPageSize(2).setPageIndex(3).build()))

  341.       .containsExactly(userUuids.get(4), userUuids.get(5));

  342.     assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder()

  343.       .setPageSize(50).setPageIndex(1).build()))

  344.       .hasSize(10);

  345.   }

  346. 

  347.   @Test

  348.   public void selectUserUuidsByQuery_is_sorted_by_insensitive_name() {

  349.     UserDto user1 = insertUser(u -> u.setName("user1"));

  350.     addGlobalPermission(PROVISIONING, user1);

  351.     UserDto user3 = insertUser(u -> u.setName("user3"));

  352.     addGlobalPermission(SYSTEM_ADMIN, user3);

  353.     UserDto user2 = insertUser(u -> u.setName("User2"));

  354.     addGlobalPermission(PROVISIONING, user2);

  355. 

  356.     assertThat(underTest.selectUserUuidsByQuery(dbSession, PermissionQuery.builder().build()))

  357.       .containsExactly(user1.getUuid(), user2.getUuid(), user3.getUuid());

  358.   }

  359. 

  360.   @Test

  361.   public void deleteGlobalPermission() {

  362.     UserDto user1 = insertUser();

  363.     UserDto user2 = insertUser();

  364.     ComponentDto project1 = db.components().insertPrivateProject();

  365.     ComponentDto project2 = db.components().insertPrivateProject();

  366.     addGlobalPermission("perm1", user1);

  367.     addGlobalPermission("perm2", user1);

  368.     addProjectPermission("perm1", user1, project1);

  369.     addProjectPermission("perm3", user2, project1);

  370.     addProjectPermission("perm4", user2, project2);

  371. 

  372.     // user2 does not have global permissions -> do nothing

  373.     underTest.deleteGlobalPermission(dbSession, user2.getUuid(), "perm1");

  374.     assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5);

  375. 

  376.     // global permission is not granted -> do nothing

  377.     underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "notGranted");

  378.     assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5);

  379. 

  380.     // permission is on project -> do nothing

  381.     underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "perm3");

  382.     assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(5);

  383. 

  384.     // global permission exists -> delete it, but not the project permission with the same name !

  385.     underTest.deleteGlobalPermission(dbSession, user1.getUuid(), "perm1");

  386.     assertThat(db.countSql(dbSession, "select count(uuid) from user_roles where role='perm1' and component_uuid is null")).isEqualTo(0);

  387.     assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(4);

  388.   }

  389. 

  390.   @Test

  391.   public void deleteProjectPermission() {

  392.     UserDto user1 = insertUser();

  393.     UserDto user2 = insertUser();

  394.     ComponentDto project1 = db.components().insertPrivateProject();

  395.     ComponentDto project2 = db.components().insertPrivateProject();

  396.     addGlobalPermission("perm", user1);

  397.     addProjectPermission("perm", user1, project1);

  398.     addProjectPermission("perm", user1, project2);

  399.     addProjectPermission("perm", user2, project1);

  400. 

  401.     // no such provision -> ignore

  402.     underTest.deleteProjectPermission(dbSession, user1.getUuid(), "anotherPerm", project1.uuid());

  403.     assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(4);

  404. 

  405.     underTest.deleteProjectPermission(dbSession, user1.getUuid(), "perm", project1.uuid());

  406.     assertThatProjectPermissionDoesNotExist(user1, "perm", project1);

  407.     assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(3);

  408.   }

  409. 

  410.   @Test

  411.   public void deleteProjectPermissions() {

  412.     UserDto user1 = insertUser();

  413.     UserDto user2 = insertUser();

  414.     ComponentDto project1 = db.components().insertPrivateProject();

  415.     ComponentDto project2 = db.components().insertPrivateProject();

  416.     addGlobalPermission("perm", user1);

  417.     addProjectPermission("perm", user1, project1);

  418.     addProjectPermission("perm", user2, project1);

  419.     addProjectPermission("perm", user1, project2);

  420. 

  421.     underTest.deleteProjectPermissions(dbSession, project1.uuid());

  422.     assertThat(db.countRowsOfTable(dbSession, "user_roles")).isEqualTo(2);

  423.     assertThatProjectHasNoPermissions(project1);

  424.   }

  425. 

  426.   @Test

  427.   public void selectGlobalPermissionsOfUser() {

  428.     UserDto user1 = insertUser();

  429.     UserDto user2 = insertUser();

  430.     UserDto user3 = insertUser();

  431.     ComponentDto project = db.components().insertPrivateProject();

  432.     addGlobalPermission("perm1", user1);

  433.     addGlobalPermission("perm2", user2);

  434.     addGlobalPermission("perm3", user1);

  435.     addProjectPermission("perm4", user1, project);

  436.     addProjectPermission("perm5", user2, project);

  437. 

  438.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly("perm1", "perm3");

  439.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly("perm2");

  440.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user3.getUuid())).isEmpty();

  441.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, "unknown")).isEmpty();

  442.   }

  443. 

  444.   @Test

  445.   public void selectProjectPermissionsOfUser() {

  446.     UserDto user1 = insertUser();

  447.     UserDto user2 = insertUser();

  448.     ComponentDto project1 = db.components().insertPrivateProject();

  449.     ComponentDto project2 = db.components().insertPrivateProject();

  450.     ComponentDto project3 = db.components().insertPrivateProject();

  451.     addGlobalPermission("perm1", user1);

  452.     addProjectPermission("perm2", user1, project1);

  453.     addProjectPermission("perm3", user1, project1);

  454.     addProjectPermission("perm4", user1, project2);

  455.     addProjectPermission("perm5", user2, project1);

  456. 

  457.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).containsOnly("perm2", "perm3");

  458.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly("perm4");

  459.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project3.uuid())).isEmpty();

  460.   }

  461. 

  462.   @Test

  463.   public void selectGroupUuidsWithPermissionOnProjectBut_returns_empty_if_project_does_not_exist() {

  464.     ComponentDto project = randomPublicOrPrivateProject();

  465.     UserDto user = insertUser();

  466.     db.users().insertProjectPermissionOnUser(user, "foo", project);

  467. 

  468.     assertThat(underTest.selectUserUuidsWithPermissionOnProjectBut(dbSession, "1234", UserRole.USER))

  469.       .isEmpty();

  470.   }

  471. 

  472.   @Test

  473.   public void selectGroupUuidsWithPermissionOnProjectBut_returns_only_users_of_projects_which_do_not_have_permission() {

  474.     ComponentDto project = randomPublicOrPrivateProject();

  475.     UserDto user1 = insertUser();

  476.     UserDto user2 = insertUser();

  477.     db.users().insertProjectPermissionOnUser(user1, "p1", project);

  478.     db.users().insertProjectPermissionOnUser(user2, "p2", project);

  479. 

  480.     assertThat(underTest.selectUserUuidsWithPermissionOnProjectBut(dbSession, project.uuid(), "p2"))

  481.       .containsOnly(user1.getUuid());

  482.     assertThat(underTest.selectUserUuidsWithPermissionOnProjectBut(dbSession, project.uuid(), "p1"))

  483.       .containsOnly(user2.getUuid());

  484.     assertThat(underTest.selectUserUuidsWithPermissionOnProjectBut(dbSession, project.uuid(), "p3"))

  485.       .containsOnly(user1.getUuid(), user2.getUuid());

  486.   }

  487. 

  488.   @Test

  489.   public void selectGroupUuidsWithPermissionOnProjectBut_does_not_return_groups_which_have_no_permission_at_all_on_specified_project() {

  490.     ComponentDto project = randomPublicOrPrivateProject();

  491.     UserDto user1 = insertUser();

  492.     UserDto user2 = insertUser();

  493.     db.users().insertProjectPermissionOnUser(user1, "p1", project);

  494.     db.users().insertProjectPermissionOnUser(user2, "p2", project);

  495. 

  496.     assertThat(underTest.selectUserUuidsWithPermissionOnProjectBut(dbSession, project.uuid(), "p2"))

  497.       .containsOnly(user1.getUuid());

  498.     assertThat(underTest.selectUserUuidsWithPermissionOnProjectBut(dbSession, project.uuid(), "p1"))

  499.       .containsOnly(user2.getUuid());

  500.   }

  501. 

  502.   @Test

  503.   public void deleteByUserId() {

  504.     UserDto user1 = insertUser();

  505.     UserDto user2 = insertUser();

  506.     ComponentDto project = db.components().insertPrivateProject();

  507.     db.users().insertPermissionOnUser(user1, SCAN);

  508.     db.users().insertPermissionOnUser(user1, ADMINISTER);

  509.     db.users().insertProjectPermissionOnUser(user1, ADMINISTER_QUALITY_GATES.getKey(), project);

  510.     db.users().insertPermissionOnUser(user2, SCAN);

  511.     db.users().insertProjectPermissionOnUser(user2, ADMINISTER_QUALITY_GATES.getKey(), project);

  512. 

  513.     underTest.deleteByUserUuid(dbSession, user1.getUuid());

  514.     dbSession.commit();

  515. 

  516.     assertThat(db.select("select user_uuid as \"userUuid\", component_uuid as \"projectUuid\", role as \"permission\" from user_roles"))

  517.       .extracting((row) -> row.get("userUuid"), (row) -> row.get("projectUuid"), (row) -> row.get("permission"))

  518.       .containsOnly(tuple(user2.getUuid(), null, SCAN.getKey()), tuple(user2.getUuid(), project.uuid(), ADMINISTER_QUALITY_GATES.getKey()));

  519.   }

  520. 

  521.   @Test

  522.   public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_exist() {

  523.     UserDto user = insertUser();

  524.     db.users().insertPermissionOnUser(user, SCAN);

  525. 

  526.     int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, "124", SCAN.getKey());

  527. 

  528.     assertThat(deletedCount).isEqualTo(0);

  529.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey());

  530.   }

  531. 

  532.   @Test

  533.   public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_has_no_permission_at_all() {

  534.     UserDto user = insertUser();

  535.     db.users().insertPermissionOnUser(user, SCAN);

  536.     ComponentDto project = randomPublicOrPrivateProject();

  537. 

  538.     int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project.uuid(), SCAN.getKey());

  539. 

  540.     assertThat(deletedCount).isEqualTo(0);

  541.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey());

  542.   }

  543. 

  544.   @Test

  545.   public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_have_specified_permission() {

  546.     UserDto user = insertUser();

  547.     db.users().insertPermissionOnUser(user, SCAN);

  548.     ComponentDto project = randomPublicOrPrivateProject();

  549.     db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project);

  550. 

  551.     int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project.uuid(), "p1");

  552. 

  553.     assertThat(deletedCount).isEqualTo(0);

  554.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid())).containsOnly(SCAN.getKey());

  555.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user.getUuid(), project.uuid())).containsOnly(SCAN.getKey());

  556.   }

  557. 

  558.   @Test

  559.   public void deleteProjectPermissionOfAnyUser_deletes_specified_permission_for_any_user_on_the_specified_component() {

  560.     UserDto user1 = insertUser();

  561.     UserDto user2 = insertUser();

  562.     db.users().insertPermissionOnUser(user1, SCAN);

  563.     db.users().insertPermissionOnUser(user2, SCAN);

  564.     ComponentDto project1 = randomPublicOrPrivateProject();

  565.     ComponentDto project2 = randomPublicOrPrivateProject();

  566.     db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project1);

  567.     db.users().insertProjectPermissionOnUser(user2, SCAN.getKey(), project1);

  568.     db.users().insertProjectPermissionOnUser(user1, SCAN.getKey(), project2);

  569.     db.users().insertProjectPermissionOnUser(user2, SCAN.getKey(), project2);

  570.     db.users().insertProjectPermissionOnUser(user2, PROVISION_PROJECTS.getKey(), project2);

  571. 

  572.     int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project1.uuid(), SCAN.getKey());

  573. 

  574.     assertThat(deletedCount).isEqualTo(2);

  575.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(SCAN.getKey());

  576.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(SCAN.getKey());

  577.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty();

  578.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty();

  579.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly(SCAN.getKey());

  580.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(SCAN.getKey(), PROVISION_PROJECTS.getKey());

  581. 

  582.     deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project2.uuid(), SCAN.getKey());

  583. 

  584.     assertThat(deletedCount).isEqualTo(2);

  585.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user1.getUuid())).containsOnly(SCAN.getKey());

  586.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user2.getUuid())).containsOnly(SCAN.getKey());

  587.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project1.uuid())).isEmpty();

  588.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project1.uuid())).isEmpty();

  589.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user1.getUuid(), project2.uuid())).containsOnly();

  590.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user2.getUuid(), project2.uuid())).containsOnly(PROVISION_PROJECTS.getKey());

  591.   }

  592. 

  593.   private ComponentDto randomPublicOrPrivateProject() {

  594.     return new Random().nextBoolean() ? db.components().insertPrivateProject() : db.components().insertPublicProject();

  595.   }

  596. 

  597.   private UserDto insertUser(Consumer<UserDto> populateUserDto) {

  598.     UserDto user = db.users().insertUser(populateUserDto);

  599.     return user;

  600.   }

  601. 

  602.   private UserDto insertUser() {

  603.     UserDto user = db.users().insertUser();

  604.     return user;

  605.   }

  606. 

  607.   private void expectCount(List<String> projectUuids, CountPerProjectPermission... expected) {

  608.     List<CountPerProjectPermission> got = underTest.countUsersByProjectPermission(dbSession, projectUuids);

  609.     assertThat(got).hasSize(expected.length);

  610. 

  611.     for (CountPerProjectPermission expect : expected) {

  612.       boolean found = got.stream().anyMatch(b -> b.getPermission().equals(expect.getPermission()) &&

  613.         b.getCount() == expect.getCount() &&

  614.         b.getComponentUuid().equals(expect.getComponentUuid()));

  615.       assertThat(found).isTrue();

  616.     }

  617.   }

  618. 

  619.   private void expectPermissions(PermissionQuery query, Collection<String> expectedUserUuids, UserPermissionDto... expectedPermissions) {

  620.     assertThat(underTest.selectUserUuidsByQuery(dbSession, query)).containsExactly(expectedUserUuids.toArray(new String[0]));

  621.     List<UserPermissionDto> currentPermissions = underTest.selectUserPermissionsByQuery(dbSession, query, expectedUserUuids);

  622.     assertThat(currentPermissions).hasSize(expectedPermissions.length);

  623.     Tuple[] expectedPermissionsAsTuple = Arrays.stream(expectedPermissions)

  624.       .map(expectedPermission -> tuple(expectedPermission.getUserUuid(), expectedPermission.getPermission(), expectedPermission.getComponentUuid()))

  625.       .toArray(Tuple[]::new);

  626.     assertThat(currentPermissions)

  627.       .extracting(UserPermissionDto::getUserUuid, UserPermissionDto::getPermission, UserPermissionDto::getComponentUuid)

  628.       .containsOnly(expectedPermissionsAsTuple);

  629. 

  630.     // test method "countUsers()"

  631.     long distinctUsers = stream(expectedPermissions).map(UserPermissionDto::getUserUuid).distinct().count();

  632.     assertThat((long) underTest.countUsersByQuery(dbSession, query)).isEqualTo(distinctUsers);

  633.   }

  634. 

  635.   private UserPermissionDto addGlobalPermission(String permission, UserDto user) {

  636.     UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), null);

  637.     underTest.insert(dbSession, dto, db.getDefaultOrganization().getUuid());

  638.     db.commit();

  639.     return dto;

  640.   }

  641. 

  642.   private UserPermissionDto addProjectPermission(String permission, UserDto user, ComponentDto project) {

  643.     UserPermissionDto dto = new UserPermissionDto(Uuids.create(), permission, user.getUuid(), project.uuid());

  644.     underTest.insert(dbSession, dto, db.getDefaultOrganization().getUuid());

  645.     db.commit();

  646.     return dto;

  647.   }

  648. 

  649.   private void assertThatProjectPermissionDoesNotExist(UserDto user, String permission, ComponentDto project) {

  650.     assertThat(db.countSql(dbSession, "select count(uuid) from user_roles where role='" + permission + "' and user_uuid='" + user.getUuid()

  651.       + "' and component_uuid='" + project.uuid() + "'"))

  652.       .isEqualTo(0);

  653.   }

  654. 

  655.   private void assertThatProjectHasNoPermissions(ComponentDto project) {

  656.     assertThat(db.countSql(dbSession, "select count(uuid) from user_roles where component_uuid='" + project.uuid() + "'")).isEqualTo(0);

  657.   }

  658. 

  659.   private void assertGlobalPermissionsOfUser(UserDto user, OrganizationPermission... permissions) {

  660.     assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getUuid()).stream()

  661.       .map(OrganizationPermission::fromKey))

  662.       .containsOnly(permissions);

  663.   }

  664. 

  665.   private void assertProjectPermissionsOfUser(UserDto user, ComponentDto project, String... permissions) {

  666.     assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user.getUuid(), project.uuid())).containsOnly(permissions);

  667.   }

  668. }