mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30152 Commits
59 Branches
Tree: 7de02f77f4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7de02f77f4'
${ noResults }
sonarqube/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java

ServerUserSessionTest.java 25KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2020 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.user;

  21. 

  22. import java.util.Arrays;

  23. import javax.annotation.Nullable;

  24. import org.junit.Rule;

  25. import org.junit.Test;

  26. import org.junit.rules.ExpectedException;

  27. import org.sonar.api.utils.System2;

  28. import org.sonar.api.web.UserRole;

  29. import org.sonar.db.DbClient;

  30. import org.sonar.db.DbTester;

  31. import org.sonar.db.component.ComponentDto;

  32. import org.sonar.db.user.GroupDto;

  33. import org.sonar.db.user.UserDto;

  34. import org.sonar.server.exceptions.ForbiddenException;

  35. 

  36. import static com.google.common.base.Preconditions.checkState;

  37. import static java.util.Arrays.asList;

  38. import static org.assertj.core.api.Assertions.assertThat;

  39. import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;

  40. import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;

  41. import static org.sonar.db.component.ComponentTesting.newChildComponent;

  42. import static org.sonar.db.component.ComponentTesting.newFileDto;

  43. import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;

  44. import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;

  45. import static org.sonar.db.permission.OrganizationPermission.SCAN;

  46. 

  47. public class ServerUserSessionTest {

  48. 

  49.   @Rule

  50.   public DbTester db = DbTester.create(System2.INSTANCE);

  51.   @Rule

  52.   public ExpectedException expectedException = ExpectedException.none();

  53.   private DbClient dbClient = db.getDbClient();

  54. 

  55.   @Test

  56.   public void anonymous_is_not_logged_in_and_does_not_have_login() {

  57.     UserSession session = newAnonymousSession();

  58. 

  59.     assertThat(session.getLogin()).isNull();

  60.     assertThat(session.getUuid()).isNull();

  61.     assertThat(session.isLoggedIn()).isFalse();

  62.   }

  63. 

  64.   @Test

  65.   public void getGroups_is_empty_on_anonymous() {

  66.     assertThat(newAnonymousSession().getGroups()).isEmpty();

  67.   }

  68. 

  69.   @Test

  70.   public void getGroups_is_empty_if_user_is_not_member_of_any_group() {

  71.     UserDto user = db.users().insertUser();

  72.     assertThat(newUserSession(user).getGroups()).isEmpty();

  73.   }

  74. 

  75.   @Test

  76.   public void getGroups_returns_the_groups_of_logged_in_user() {

  77.     UserDto user = db.users().insertUser();

  78.     GroupDto group1 = db.users().insertGroup();

  79.     GroupDto group2 = db.users().insertGroup();

  80.     db.users().insertMember(group1, user);

  81.     db.users().insertMember(group2, user);

  82. 

  83.     assertThat(newUserSession(user).getGroups()).extracting(GroupDto::getUuid).containsOnly(group1.getUuid(), group2.getUuid());

  84.   }

  85. 

  86.   @Test

  87.   public void getGroups_keeps_groups_in_cache() {

  88.     UserDto user = db.users().insertUser();

  89.     GroupDto group1 = db.users().insertGroup();

  90.     GroupDto group2 = db.users().insertGroup();

  91.     db.users().insertMember(group1, user);

  92. 

  93.     ServerUserSession session = newUserSession(user);

  94.     assertThat(session.getGroups()).extracting(GroupDto::getUuid).containsOnly(group1.getUuid());

  95. 

  96.     // membership updated but not cache

  97.     db.users().insertMember(group2, user);

  98.     assertThat(session.getGroups()).extracting(GroupDto::getUuid).containsOnly(group1.getUuid());

  99.   }

  100. 

  101.   @Test

  102.   public void isRoot_is_false_is_flag_root_is_false_on_UserDto() {

  103.     UserDto root = db.users().insertUser();

  104.     root = db.users().makeRoot(root);

  105.     assertThat(newUserSession(root).isRoot()).isTrue();

  106. 

  107.     UserDto notRoot = db.users().insertUser();

  108.     assertThat(newUserSession(notRoot).isRoot()).isFalse();

  109.   }

  110. 

  111.   @Test

  112.   public void checkIsRoot_throws_IPFE_if_flag_root_is_false_on_UserDto() {

  113.     UserDto user = db.users().insertUser();

  114.     UserSession underTest = newUserSession(user);

  115. 

  116.     expectInsufficientPrivilegesForbiddenException();

  117. 

  118.     underTest.checkIsRoot();

  119.   }

  120. 

  121.   @Test

  122.   public void checkIsRoot_does_not_fail_if_flag_root_is_true_on_UserDto() {

  123.     UserDto root = db.users().insertUser();

  124.     root = db.users().makeRoot(root);

  125. 

  126.     UserSession underTest = newUserSession(root);

  127. 

  128.     assertThat(underTest.checkIsRoot()).isSameAs(underTest);

  129.   }

  130. 

  131.   @Test

  132.   public void hasComponentUuidPermission_returns_true_when_flag_root_is_true_on_UserDto_no_matter_if_user_has_project_permission_for_given_uuid() {

  133.     UserDto root = db.users().insertUser();

  134.     root = db.users().makeRoot(root);

  135.     ComponentDto project = db.components().insertPrivateProject();

  136.     ComponentDto file = db.components().insertComponent(newFileDto(project));

  137. 

  138.     UserSession underTest = newUserSession(root);

  139. 

  140.     assertThat(underTest.hasComponentUuidPermission(UserRole.USER, file.uuid())).isTrue();

  141.     assertThat(underTest.hasComponentUuidPermission(UserRole.CODEVIEWER, file.uuid())).isTrue();

  142.     assertThat(underTest.hasComponentUuidPermission(UserRole.ADMIN, file.uuid())).isTrue();

  143.     assertThat(underTest.hasComponentUuidPermission("whatever", "who cares?")).isTrue();

  144.   }

  145. 

  146.   @Test

  147.   public void checkComponentUuidPermission_succeeds_if_user_has_permission_for_specified_uuid_in_db() {

  148.     UserDto root = db.users().insertUser();

  149.     root = db.users().makeRoot(root);

  150.     ComponentDto project = db.components().insertPrivateProject();

  151.     ComponentDto file = db.components().insertComponent(newFileDto(project));

  152. 

  153.     UserSession underTest = newUserSession(root);

  154. 

  155.     assertThat(underTest.checkComponentUuidPermission(UserRole.USER, file.uuid())).isSameAs(underTest);

  156.     assertThat(underTest.checkComponentUuidPermission("whatever", "who cares?")).isSameAs(underTest);

  157.   }

  158. 

  159.   @Test

  160.   public void checkComponentUuidPermission_fails_with_FE_when_user_has_not_permission_for_specified_uuid_in_db() {

  161.     UserDto user = db.users().insertUser();

  162.     ComponentDto project = db.components().insertPrivateProject();

  163.     db.users().insertProjectPermissionOnUser(user, UserRole.USER, project);

  164.     UserSession session = newUserSession(user);

  165. 

  166.     expectInsufficientPrivilegesForbiddenException();

  167. 

  168.     session.checkComponentUuidPermission(UserRole.USER, "another-uuid");

  169.   }

  170. 

  171.   @Test

  172.   public void checkPermission_throws_ForbiddenException_when_user_doesnt_have_the_specified_permission() {

  173.     UserDto user = db.users().insertUser();

  174. 

  175.     expectInsufficientPrivilegesForbiddenException();

  176. 

  177.     newUserSession(user).checkPermission(PROVISION_PROJECTS);

  178.   }

  179. 

  180.   @Test

  181.   public void checkPermission_succeeds_when_user_has_the_specified_permission() {

  182.     UserDto root = db.users().insertUser();

  183.     root = db.users().makeRoot(root);

  184.     db.users().insertPermissionOnUser(root, PROVISIONING);

  185. 

  186.     newUserSession(root).checkPermission(PROVISION_PROJECTS);

  187.   }

  188. 

  189.   @Test

  190.   public void checkPermission_succeeds_when_user_is_root() {

  191.     UserDto root = db.users().insertUser();

  192.     root = db.users().makeRoot(root);

  193. 

  194.     newUserSession(root).checkPermission(PROVISION_PROJECTS);

  195.   }

  196. 

  197.   @Test

  198.   public void test_hasPermission_for_logged_in_user() {

  199.     ComponentDto project = db.components().insertPrivateProject();

  200.     UserDto user = db.users().insertUser();

  201.     db.users().insertPermissionOnUser(user, PROVISION_PROJECTS);

  202.     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project);

  203. 

  204.     UserSession session = newUserSession(user);

  205.     assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();

  206.     assertThat(session.hasPermission(ADMINISTER)).isFalse();

  207.   }

  208. 

  209.   @Test

  210.   public void test_hasPermission_for_anonymous_user() {

  211.     db.users().insertPermissionOnAnyone(PROVISION_PROJECTS);

  212. 

  213.     UserSession session = newAnonymousSession();

  214.     assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();

  215.     assertThat(session.hasPermission(ADMINISTER)).isFalse();

  216.   }

  217. 

  218.   @Test

  219.   public void hasPermission_keeps_cache_of_permissions_of_logged_in_user() {

  220.     UserDto user = db.users().insertUser();

  221.     db.users().insertPermissionOnUser(user, PROVISIONING);

  222. 

  223.     UserSession session = newUserSession(user);

  224. 

  225.     // feed the cache

  226.     assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();

  227. 

  228.     // change permissions without updating the cache

  229.     db.users().deletePermissionFromUser(user, PROVISION_PROJECTS);

  230.     db.users().insertPermissionOnUser(user, SCAN);

  231.     assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();

  232.     assertThat(session.hasPermission(ADMINISTER)).isFalse();

  233.     assertThat(session.hasPermission(SCAN)).isFalse();

  234.   }

  235. 

  236.   @Test

  237.   public void hasPermission_keeps_cache_of_permissions_of_anonymous_user() {

  238.     db.users().insertPermissionOnAnyone(PROVISION_PROJECTS);

  239. 

  240.     UserSession session = newAnonymousSession();

  241. 

  242.     // feed the cache

  243.     assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();

  244. 

  245.     // change permissions without updating the cache

  246.     db.users().insertPermissionOnAnyone(SCAN);

  247.     assertThat(session.hasPermission(PROVISION_PROJECTS)).isTrue();

  248.     assertThat(session.hasPermission(SCAN)).isFalse();

  249.   }

  250. 

  251.   @Test

  252.   public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_without_permissions() {

  253.     ComponentDto publicProject = db.components().insertPublicProject();

  254. 

  255.     ServerUserSession underTest = newAnonymousSession();

  256. 

  257.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();

  258.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();

  259.   }

  260. 

  261.   @Test

  262.   public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_global_permissions() {

  263.     ComponentDto publicProject = db.components().insertPublicProject();

  264.     db.users().insertProjectPermissionOnAnyone("p1", publicProject);

  265. 

  266.     ServerUserSession underTest = newAnonymousSession();

  267. 

  268.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();

  269.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();

  270.   }

  271. 

  272.   @Test

  273.   public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_group_permissions() {

  274.     ComponentDto publicProject = db.components().insertPublicProject();

  275.     db.users().insertProjectPermissionOnGroup(db.users().insertGroup(), "p1", publicProject);

  276. 

  277.     ServerUserSession underTest = newAnonymousSession();

  278. 

  279.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();

  280.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();

  281.   }

  282. 

  283.   @Test

  284.   public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_user_permissions() {

  285.     ComponentDto publicProject = db.components().insertPublicProject();

  286.     db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p1", publicProject);

  287. 

  288.     ServerUserSession underTest = newAnonymousSession();

  289. 

  290.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue();

  291.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue();

  292.   }

  293. 

  294.   @Test

  295.   public void hasComponentPermissionByDtoOrUuid_returns_false_for_authenticated_user_for_permissions_USER_and_CODEVIEWER_on_private_projects_without_permissions() {

  296.     UserDto user = db.users().insertUser();

  297.     ComponentDto privateProject = db.components().insertPrivateProject();

  298. 

  299.     ServerUserSession underTest = newUserSession(user);

  300. 

  301.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse();

  302.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse();

  303.   }

  304. 

  305.   @Test

  306.   public void hasComponentPermissionByDtoOrUuid_returns_false_for_authenticated_user_for_permissions_USER_and_CODEVIEWER_on_private_projects_with_group_permissions() {

  307.     UserDto user = db.users().insertUser();

  308.     ComponentDto privateProject = db.components().insertPrivateProject();

  309.     db.users().insertProjectPermissionOnGroup(db.users().insertGroup(), "p1", privateProject);

  310. 

  311.     ServerUserSession underTest = newUserSession(user);

  312. 

  313.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse();

  314.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse();

  315.   }

  316. 

  317.   @Test

  318.   public void hasComponentPermissionByDtoOrUuid_returns_false_for_authenticated_user_for_permissions_USER_and_CODEVIEWER_on_private_projects_with_user_permissions() {

  319.     UserDto user = db.users().insertUser();

  320.     ComponentDto privateProject = db.components().insertPrivateProject();

  321.     db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p1", privateProject);

  322. 

  323.     ServerUserSession underTest = newUserSession(user);

  324. 

  325.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse();

  326.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse();

  327.   }

  328. 

  329.   @Test

  330.   public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_inserted_permissions_on_group_AnyOne_on_public_projects() {

  331.     ComponentDto publicProject = db.components().insertPublicProject();

  332.     db.users().insertProjectPermissionOnAnyone("p1", publicProject);

  333. 

  334.     ServerUserSession underTest = newAnonymousSession();

  335. 

  336.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", publicProject)).isTrue();

  337.   }

  338. 

  339.   @Test

  340.   public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_public_projects() {

  341.     ComponentDto publicProject = db.components().insertPublicProject();

  342.     GroupDto group = db.users().insertGroup();

  343.     db.users().insertProjectPermissionOnGroup(group, "p1", publicProject);

  344. 

  345.     ServerUserSession underTest = newAnonymousSession();

  346. 

  347.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", publicProject)).isFalse();

  348.   }

  349. 

  350.   @Test

  351.   public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_private_projects() {

  352.     ComponentDto privateProject = db.components().insertPrivateProject();

  353.     GroupDto group = db.users().insertGroup();

  354.     db.users().insertProjectPermissionOnGroup(group, "p1", privateProject);

  355. 

  356.     ServerUserSession underTest = newAnonymousSession();

  357. 

  358.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", privateProject)).isFalse();

  359.   }

  360. 

  361.   @Test

  362.   public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_user_on_public_projects() {

  363.     UserDto user = db.users().insertUser();

  364.     ComponentDto publicProject = db.components().insertPublicProject();

  365.     db.users().insertProjectPermissionOnUser(user, "p1", publicProject);

  366. 

  367.     ServerUserSession underTest = newAnonymousSession();

  368. 

  369.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", publicProject)).isFalse();

  370.   }

  371. 

  372.   @Test

  373.   public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_user_on_private_projects() {

  374.     UserDto user = db.users().insertUser();

  375.     ComponentDto project = db.components().insertPrivateProject();

  376.     db.users().insertProjectPermissionOnUser(user, "p1", project);

  377. 

  378.     ServerUserSession underTest = newAnonymousSession();

  379. 

  380.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", project)).isFalse();

  381.   }

  382. 

  383.   @Test

  384.   public void hasComponentPermissionByDtoOrUuid_returns_true_for_any_project_or_permission_for_root_user() {

  385.     UserDto root = db.users().insertUser();

  386.     root = db.users().makeRoot(root);

  387.     ComponentDto publicProject = db.components().insertPublicProject();

  388. 

  389.     ServerUserSession underTest = newUserSession(root);

  390. 

  391.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, "does not matter", publicProject)).isTrue();

  392.   }

  393. 

  394.   @Test

  395.   public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_logged_in_user() {

  396.     UserDto user = db.users().insertUser();

  397.     ComponentDto publicProject = db.components().insertPublicProject();

  398.     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, publicProject);

  399. 

  400.     UserSession underTest = newUserSession(user);

  401. 

  402.     // feed the cache

  403.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();

  404. 

  405.     // change permissions without updating the cache

  406.     db.users().deletePermissionFromUser(publicProject, user, UserRole.ADMIN);

  407.     db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, publicProject);

  408.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();

  409.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ISSUE_ADMIN, publicProject)).isFalse();

  410.   }

  411. 

  412.   @Test

  413.   public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_anonymous_user() {

  414.     ComponentDto publicProject = db.components().insertPublicProject();

  415.     db.users().insertProjectPermissionOnAnyone(UserRole.ADMIN, publicProject);

  416. 

  417.     UserSession underTest = newAnonymousSession();

  418. 

  419.     // feed the cache

  420.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();

  421. 

  422.     // change permissions without updating the cache

  423.     db.users().deleteProjectPermissionFromAnyone(publicProject, UserRole.ADMIN);

  424.     db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject);

  425.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue();

  426.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ISSUE_ADMIN, publicProject)).isFalse();

  427.   }

  428. 

  429.   private boolean hasComponentPermissionByDtoOrUuid(UserSession underTest, String permission, ComponentDto component) {

  430.     boolean b1 = underTest.hasComponentPermission(permission, component);

  431.     boolean b2 = underTest.hasComponentUuidPermission(permission, component.uuid());

  432.     checkState(b1 == b2, "Different behaviors");

  433.     return b1;

  434.   }

  435. 

  436.   @Test

  437.   public void keepAuthorizedComponents_returns_empty_list_if_no_permissions_are_granted() {

  438.     ComponentDto publicProject = db.components().insertPublicProject();

  439.     ComponentDto privateProject = db.components().insertPrivateProject();

  440. 

  441.     UserSession underTest = newAnonymousSession();

  442. 

  443.     assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty();

  444.   }

  445. 

  446.   @Test

  447.   public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_logged_in_user() {

  448.     UserDto user = db.users().insertUser();

  449.     ComponentDto publicProject = db.components().insertPublicProject();

  450.     ComponentDto privateProject = db.components().insertPrivateProject();

  451.     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject);

  452. 

  453.     UserSession underTest = newUserSession(user);

  454. 

  455.     assertThat(underTest.keepAuthorizedComponents(UserRole.ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty();

  456.     assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(privateProject);

  457.   }

  458. 

  459.   @Test

  460.   public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_anonymous() {

  461.     ComponentDto publicProject = db.components().insertPublicProject();

  462.     ComponentDto privateProject = db.components().insertPrivateProject();

  463.     db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject);

  464. 

  465.     UserSession underTest = newAnonymousSession();

  466. 

  467.     assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty();

  468.     assertThat(underTest.keepAuthorizedComponents(UserRole.ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(publicProject);

  469.   }

  470. 

  471.   @Test

  472.   public void keepAuthorizedComponents_returns_all_specified_components_if_root() {

  473.     UserDto root = db.users().insertUser();

  474.     root = db.users().makeRoot(root);

  475.     ComponentDto publicProject = db.components().insertPublicProject();

  476.     ComponentDto privateProject = db.components().insertPrivateProject();

  477. 

  478.     UserSession underTest = newUserSession(root);

  479. 

  480.     assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject)))

  481.       .containsExactly(privateProject, publicProject);

  482.   }

  483. 

  484.   @Test

  485.   public void keepAuthorizedComponents_on_branches() {

  486.     UserDto user = db.users().insertUser();

  487.     ComponentDto privateProject = db.components().insertPrivateProject();

  488.     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject);

  489.     ComponentDto privateBranchProject = db.components().insertProjectBranch(privateProject);

  490. 

  491.     UserSession underTest = newUserSession(user);

  492. 

  493.     assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, asList(privateProject, privateBranchProject)))

  494.       .containsExactlyInAnyOrder(privateProject, privateBranchProject);

  495.   }

  496. 

  497.   @Test

  498.   public void isSystemAdministrator_returns_true_if_org_feature_is_enabled_and_user_is_root() {

  499.     UserDto root = db.users().insertUser();

  500.     root = db.users().makeRoot(root);

  501. 

  502.     UserSession session = newUserSession(root);

  503. 

  504.     assertThat(session.isSystemAdministrator()).isTrue();

  505.   }

  506. 

  507.   @Test

  508.   public void isSystemAdministrator_returns_false_if_org_feature_is_enabled_and_user_is_not_root() {

  509.     UserDto user = db.users().insertUser();

  510. 

  511.     UserSession session = newUserSession(user);

  512. 

  513.     assertThat(session.isSystemAdministrator()).isFalse();

  514.   }

  515. 

  516.   @Test

  517.   public void isSystemAdministrator_returns_true_if_user_is_administrator() {

  518.     UserDto user = db.users().insertUser();

  519.     db.users().insertPermissionOnUser(user, SYSTEM_ADMIN);

  520. 

  521.     UserSession session = newUserSession(user);

  522. 

  523.     assertThat(session.isSystemAdministrator()).isTrue();

  524.   }

  525. 

  526.   @Test

  527.   public void isSystemAdministrator_returns_false_if_user_is_not_administrator() {

  528.     UserDto user = db.users().insertUser();

  529.     db.users().insertPermissionOnUser(user, PROVISIONING);

  530. 

  531.     UserSession session = newUserSession(user);

  532. 

  533.     assertThat(session.isSystemAdministrator()).isFalse();

  534.   }

  535. 

  536.   @Test

  537.   public void keep_isSystemAdministrator_flag_in_cache() {

  538.     UserDto user = db.users().insertUser();

  539.     db.users().insertPermissionOnUser(user, SYSTEM_ADMIN);

  540. 

  541.     UserSession session = newUserSession(user);

  542. 

  543.     session.checkIsSystemAdministrator();

  544. 

  545.     db.getDbClient().userDao().deactivateUser(db.getSession(), user);

  546.     db.commit();

  547. 

  548.     // should fail but succeeds because flag is kept in cache

  549.     session.checkIsSystemAdministrator();

  550.   }

  551. 

  552.   @Test

  553.   public void checkIsSystemAdministrator_succeeds_if_system_administrator() {

  554.     UserDto root = db.users().insertUser();

  555.     root = db.users().makeRoot(root);

  556. 

  557.     UserSession session = newUserSession(root);

  558. 

  559.     session.checkIsSystemAdministrator();

  560.   }

  561. 

  562.   @Test

  563.   public void checkIsSystemAdministrator_throws_ForbiddenException_if_not_system_administrator() {

  564.     UserDto user = db.users().insertUser();

  565. 

  566.     UserSession session = newUserSession(user);

  567. 

  568.     expectedException.expect(ForbiddenException.class);

  569.     expectedException.expectMessage("Insufficient privileges");

  570. 

  571.     session.checkIsSystemAdministrator();

  572.   }

  573. 

  574.   @Test

  575.   public void hasComponentPermission_on_branch_checks_permissions_of_its_project() {

  576.     UserDto user = db.users().insertUser();

  577.     ComponentDto privateProject = db.components().insertPrivateProject();

  578.     ComponentDto branch = db.components().insertProjectBranch(privateProject, b -> b.setKey("feature/foo"));

  579.     ComponentDto fileInBranch = db.components().insertComponent(newChildComponent("fileUuid", branch, branch));

  580. 

  581.     // permissions are defined on the project, not on the branch

  582.     db.users().insertProjectPermissionOnUser(user, "p1", privateProject);

  583. 

  584.     UserSession underTest = newUserSession(user);

  585. 

  586.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", privateProject)).isTrue();

  587.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", branch)).isTrue();

  588.     assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", fileInBranch)).isTrue();

  589.   }

  590. 

  591.   private ServerUserSession newUserSession(@Nullable UserDto userDto) {

  592.     return new ServerUserSession(dbClient, userDto);

  593.   }

  594. 

  595.   private ServerUserSession newAnonymousSession() {

  596.     return newUserSession(null);

  597.   }

  598. 

  599.   private void expectInsufficientPrivilegesForbiddenException() {

  600.     expectedException.expect(ForbiddenException.class);

  601.     expectedException.expectMessage("Insufficient privileges");

  602.   }

  603. 

  604. }