mirrors
/
sonarqube
огледало од https://github.com/SonarSource/sonarqube.git
Прати 1
Волим 0
Креирај огранак 0
Код Дискусије 0 Издања 237 Вики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35974 Комити
59 Гране
Дрво: aa685bd63b
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from 'aa685bd63b'
${ noResults }
sonarqube/server/sonar-server-common/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java

PermissionIndexerTest.java 14KB
Датотека Blame Историја

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2024 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.permission.index;

  21. 

  22. import java.util.Collection;

  23. import org.junit.Rule;

  24. import org.junit.Test;

  25. import org.sonar.api.utils.System2;

  26. import org.sonar.db.DbSession;

  27. import org.sonar.db.DbTester;

  28. import org.sonar.db.component.ProjectData;

  29. import org.sonar.db.entity.EntityDto;

  30. import org.sonar.db.es.EsQueueDto;

  31. import org.sonar.db.portfolio.PortfolioDto;

  32. import org.sonar.db.project.ProjectDto;

  33. import org.sonar.db.user.GroupDto;

  34. import org.sonar.db.user.UserDto;

  35. import org.sonar.server.es.EsTester;

  36. import org.sonar.server.es.IndexType;

  37. import org.sonar.server.es.IndexType.IndexMainType;

  38. import org.sonar.server.es.Indexers.EntityEvent;

  39. import org.sonar.server.es.IndexingResult;

  40. import org.sonar.server.tester.UserSessionRule;

  41. 

  42. import static java.util.Arrays.asList;

  43. import static java.util.Collections.singletonList;

  44. import static org.assertj.core.api.Assertions.assertThat;

  45. import static org.sonar.api.resources.Qualifiers.PROJECT;

  46. import static org.sonar.api.web.UserRole.ADMIN;

  47. import static org.sonar.api.web.UserRole.USER;

  48. import static org.sonar.server.es.Indexers.EntityEvent.PERMISSION_CHANGE;

  49. import static org.sonar.server.permission.index.IndexAuthorizationConstants.TYPE_AUTHORIZATION;

  50. 

  51. public class PermissionIndexerTest {

  52. 

  53.   private static final IndexMainType INDEX_TYPE_FOO_AUTH = IndexType.main(FooIndexDefinition.DESCRIPTOR, TYPE_AUTHORIZATION);

  54. 

  55.   @Rule

  56.   public DbTester db = DbTester.create(System2.INSTANCE);

  57.   @Rule

  58.   public EsTester es = EsTester.createCustom(new FooIndexDefinition());

  59.   @Rule

  60.   public UserSessionRule userSession = UserSessionRule.standalone();

  61. 

  62.   private FooIndex fooIndex = new FooIndex(es.client(), new WebAuthorizationTypeSupport(userSession));

  63.   private FooIndexer fooIndexer = new FooIndexer(es.client(), db.getDbClient());

  64.   private PermissionIndexer underTest = new PermissionIndexer(db.getDbClient(), es.client(), fooIndexer);

  65. 

  66.   @Test

  67.   public void indexOnStartup_grants_access_to_any_user_and_to_group_Anyone_on_public_projects() {

  68.     ProjectDto project = createAndIndexPublicProject();

  69.     UserDto user1 = db.users().insertUser();

  70.     UserDto user2 = db.users().insertUser();

  71. 

  72.     indexOnStartup();

  73. 

  74.     verifyAnyoneAuthorized(project);

  75.     verifyAuthorized(project, user1);

  76.     verifyAuthorized(project, user2);

  77.   }

  78. 

  79.   @Test

  80.   public void indexAll_grants_access_to_any_user_and_to_group_Anyone_on_public_projects() {

  81.     ProjectDto project = createAndIndexPublicProject();

  82.     UserDto user1 = db.users().insertUser();

  83.     UserDto user2 = db.users().insertUser();

  84. 

  85.     underTest.indexAll(underTest.getIndexTypes());

  86. 

  87.     verifyAnyoneAuthorized(project);

  88.     verifyAuthorized(project, user1);

  89.     verifyAuthorized(project, user2);

  90.   }

  91. 

  92.   @Test

  93.   public void deletion_resilience_will_deindex_projects() {

  94.     ProjectDto project1 = createUnindexedPublicProject();

  95.     ProjectDto project2 = createUnindexedPublicProject();

  96.     // UserDto user1 = db.users().insertUser();

  97.     indexOnStartup();

  98.     assertThat(es.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(2);

  99. 

  100.     // Simulate an indexing issue

  101.     db.getDbClient().purgeDao().deleteProject(db.getSession(), project1.getUuid(), PROJECT, project1.getName(), project1.getKey());

  102.     underTest.prepareForRecoveryOnEntityEvent(db.getSession(), asList(project1.getUuid()), EntityEvent.DELETION);

  103.     assertThat(db.countRowsOfTable(db.getSession(), "es_queue")).isOne();

  104.     Collection<EsQueueDto> esQueueDtos = db.getDbClient().esQueueDao().selectForRecovery(db.getSession(), Long.MAX_VALUE, 2);

  105. 

  106.     underTest.index(db.getSession(), esQueueDtos);

  107. 

  108.     assertThat(db.countRowsOfTable(db.getSession(), "es_queue")).isZero();

  109.     assertThat(es.countDocuments(INDEX_TYPE_FOO_AUTH)).isOne();

  110.   }

  111. 

  112.   @Test

  113.   public void indexOnStartup_grants_access_to_user() {

  114.     ProjectDto project = createAndIndexPrivateProject();

  115.     UserDto user1 = db.users().insertUser();

  116.     UserDto user2 = db.users().insertUser();

  117.     db.users().insertProjectPermissionOnUser(user1, USER, project);

  118.     db.users().insertProjectPermissionOnUser(user2, ADMIN, project);

  119. 

  120.     indexOnStartup();

  121. 

  122.     // anonymous

  123.     verifyAnyoneNotAuthorized(project);

  124. 

  125.     // user1 has access

  126.     verifyAuthorized(project, user1);

  127. 

  128.     // user2 has not access (only USER permission is accepted)

  129.     verifyNotAuthorized(project, user2);

  130.   }

  131. 

  132.   @Test

  133.   public void indexOnStartup_grants_access_to_group_on_private_project() {

  134.     ProjectDto project = createAndIndexPrivateProject();

  135.     UserDto user1 = db.users().insertUser();

  136.     UserDto user2 = db.users().insertUser();

  137.     UserDto user3 = db.users().insertUser();

  138.     GroupDto group1 = db.users().insertGroup();

  139.     GroupDto group2 = db.users().insertGroup();

  140.     db.users().insertEntityPermissionOnGroup(group1, USER, project);

  141.     db.users().insertEntityPermissionOnGroup(group2, ADMIN, project);

  142. 

  143.     indexOnStartup();

  144. 

  145.     // anonymous

  146.     verifyAnyoneNotAuthorized(project);

  147. 

  148.     // group1 has access

  149.     verifyAuthorized(project, user1, group1);

  150. 

  151.     // group2 has not access (only USER permission is accepted)

  152.     verifyNotAuthorized(project, user2, group2);

  153. 

  154.     // user3 is not in any group

  155.     verifyNotAuthorized(project, user3);

  156.   }

  157. 

  158.   @Test

  159.   public void indexOnStartup_grants_access_to_user_and_group() {

  160.     ProjectDto project = createAndIndexPrivateProject();

  161.     UserDto user1 = db.users().insertUser();

  162.     UserDto user2 = db.users().insertUser();

  163.     GroupDto group = db.users().insertGroup();

  164.     db.users().insertMember(group, user2);

  165.     db.users().insertProjectPermissionOnUser(user1, USER, project);

  166.     db.users().insertEntityPermissionOnGroup(group, USER, project);

  167. 

  168.     indexOnStartup();

  169. 

  170.     // anonymous

  171.     verifyAnyoneNotAuthorized(project);

  172. 

  173.     // has direct access

  174.     verifyAuthorized(project, user1);

  175. 

  176.     // has access through group

  177.     verifyAuthorized(project, user1, group);

  178. 

  179.     // no access

  180.     verifyNotAuthorized(project, user2);

  181.   }

  182. 

  183.   @Test

  184.   public void indexOnStartup_does_not_grant_access_to_anybody_on_private_project() {

  185.     ProjectDto project = createAndIndexPrivateProject();

  186.     UserDto user = db.users().insertUser();

  187.     GroupDto group = db.users().insertGroup();

  188. 

  189.     indexOnStartup();

  190. 

  191.     verifyAnyoneNotAuthorized(project);

  192.     verifyNotAuthorized(project, user);

  193.     verifyNotAuthorized(project, user, group);

  194.   }

  195. 

  196.   @Test

  197.   public void indexOnStartup_grants_access_to_anybody_on_public_project() {

  198.     ProjectDto project = createAndIndexPublicProject();

  199.     UserDto user = db.users().insertUser();

  200.     GroupDto group = db.users().insertGroup();

  201. 

  202.     indexOnStartup();

  203. 

  204.     verifyAnyoneAuthorized(project);

  205.     verifyAuthorized(project, user);

  206.     verifyAuthorized(project, user, group);

  207.   }

  208. 

  209.   @Test

  210.   public void indexOnStartup_grants_access_to_anybody_on_view() {

  211.     PortfolioDto view = createAndIndexPortfolio();

  212.     UserDto user = db.users().insertUser();

  213.     GroupDto group = db.users().insertGroup();

  214. 

  215.     indexOnStartup();

  216. 

  217.     verifyAnyoneAuthorized(view);

  218.     verifyAuthorized(view, user);

  219.     verifyAuthorized(view, user, group);

  220.   }

  221. 

  222.   @Test

  223.   public void indexOnStartup_grants_access_on_many_projects() {

  224.     UserDto user1 = db.users().insertUser();

  225.     UserDto user2 = db.users().insertUser();

  226.     ProjectDto project = null;

  227.     for (int i = 0; i < 10; i++) {

  228.       project = createAndIndexPrivateProject();

  229.       db.users().insertProjectPermissionOnUser(user1, USER, project);

  230.     }

  231. 

  232.     indexOnStartup();

  233. 

  234.     verifyAnyoneNotAuthorized(project);

  235.     verifyAuthorized(project, user1);

  236.     verifyNotAuthorized(project, user2);

  237.   }

  238. 

  239.   @Test

  240.   public void public_projects_are_visible_to_anybody() {

  241.     ProjectDto projectOnOrg1 = createAndIndexPublicProject();

  242.     UserDto user = db.users().insertUser();

  243. 

  244.     indexOnStartup();

  245. 

  246.     verifyAnyoneAuthorized(projectOnOrg1);

  247.     verifyAuthorized(projectOnOrg1, user);

  248.   }

  249. 

  250.   @Test

  251.   public void permissions_are_not_updated_on_project_tags_update() {

  252.     ProjectDto project = createAndIndexPublicProject();

  253. 

  254.     indexPermissions(project, EntityEvent.PROJECT_TAGS_UPDATE);

  255. 

  256.     assertThatAuthIndexHasSize(0);

  257.     verifyAnyoneNotAuthorized(project);

  258.   }

  259. 

  260.   @Test

  261.   public void permissions_are_not_updated_on_project_key_update() {

  262.     ProjectDto project = createAndIndexPublicProject();

  263. 

  264.     indexPermissions(project, EntityEvent.PROJECT_TAGS_UPDATE);

  265. 

  266.     assertThatAuthIndexHasSize(0);

  267.     verifyAnyoneNotAuthorized(project);

  268.   }

  269. 

  270.   @Test

  271.   public void index_permissions_on_project_creation() {

  272.     ProjectDto project = createAndIndexPrivateProject();

  273.     UserDto user = db.users().insertUser();

  274.     db.users().insertProjectPermissionOnUser(user, USER, project);

  275. 

  276.     indexPermissions(project, EntityEvent.CREATION);

  277. 

  278.     assertThatAuthIndexHasSize(1);

  279.     verifyAuthorized(project, user);

  280.   }

  281. 

  282.   @Test

  283.   public void index_permissions_on_permission_change() {

  284.     ProjectDto project = createAndIndexPrivateProject();

  285.     UserDto user1 = db.users().insertUser();

  286.     UserDto user2 = db.users().insertUser();

  287.     db.users().insertProjectPermissionOnUser(user1, USER, project);

  288.     indexPermissions(project, EntityEvent.CREATION);

  289.     verifyAuthorized(project, user1);

  290.     verifyNotAuthorized(project, user2);

  291. 

  292.     db.users().insertProjectPermissionOnUser(user2, USER, project);

  293.     indexPermissions(project, PERMISSION_CHANGE);

  294. 

  295.     verifyAuthorized(project, user1);

  296.     verifyAuthorized(project, user1);

  297.   }

  298. 

  299.   @Test

  300.   public void delete_permissions_on_project_deletion() {

  301.     ProjectDto project = createAndIndexPrivateProject();

  302.     UserDto user = db.users().insertUser();

  303.     db.users().insertProjectPermissionOnUser(user, USER, project);

  304.     indexPermissions(project, EntityEvent.CREATION);

  305.     verifyAuthorized(project, user);

  306. 

  307.     db.getDbClient().purgeDao().deleteProject(db.getSession(), project.getUuid(), PROJECT, project.getUuid(), project.getKey());

  308.     indexPermissions(project, EntityEvent.DELETION);

  309. 

  310.     verifyNotAuthorized(project, user);

  311.     assertThatAuthIndexHasSize(0);

  312.   }

  313. 

  314.   @Test

  315.   public void errors_during_indexing_are_recovered() {

  316.     ProjectDto project = createAndIndexPublicProject();

  317.     es.lockWrites(INDEX_TYPE_FOO_AUTH);

  318. 

  319.     IndexingResult result = indexPermissions(project, PERMISSION_CHANGE);

  320.     assertThat(result.getTotal()).isOne();

  321.     assertThat(result.getFailures()).isOne();

  322. 

  323.     // index is still read-only, fail to recover

  324.     result = recover();

  325.     assertThat(result.getTotal()).isOne();

  326.     assertThat(result.getFailures()).isOne();

  327.     assertThatAuthIndexHasSize(0);

  328.     assertThatEsQueueTableHasSize(1);

  329. 

  330.     es.unlockWrites(INDEX_TYPE_FOO_AUTH);

  331. 

  332.     result = recover();

  333.     assertThat(result.getTotal()).isOne();

  334.     assertThat(result.getFailures()).isZero();

  335.     verifyAnyoneAuthorized(project);

  336.     assertThatEsQueueTableHasSize(0);

  337.   }

  338. 

  339.   private void assertThatAuthIndexHasSize(int expectedSize) {

  340.     assertThat(es.countDocuments(FooIndexDefinition.TYPE_AUTHORIZATION)).isEqualTo(expectedSize);

  341.   }

  342. 

  343.   private void indexOnStartup() {

  344.     underTest.indexOnStartup(underTest.getIndexTypes());

  345.   }

  346. 

  347.   private void verifyAuthorized(EntityDto entity, UserDto user) {

  348.     logIn(user);

  349.     verifyAuthorized(entity, true);

  350.   }

  351. 

  352.   private void verifyAuthorized(EntityDto entity, UserDto user, GroupDto group) {

  353.     logIn(user).setGroups(group);

  354.     verifyAuthorized(entity, true);

  355.   }

  356. 

  357.   private void verifyNotAuthorized(EntityDto entity, UserDto user) {

  358.     logIn(user);

  359.     verifyAuthorized(entity, false);

  360.   }

  361. 

  362.   private void verifyNotAuthorized(EntityDto entity, UserDto user, GroupDto group) {

  363.     logIn(user).setGroups(group);

  364.     verifyAuthorized(entity, false);

  365.   }

  366. 

  367.   private void verifyAnyoneAuthorized(EntityDto entity) {

  368.     userSession.anonymous();

  369.     verifyAuthorized(entity, true);

  370.   }

  371. 

  372.   private void verifyAnyoneNotAuthorized(EntityDto entity) {

  373.     userSession.anonymous();

  374.     verifyAuthorized(entity, false);

  375.   }

  376. 

  377.   private void verifyAuthorized(EntityDto entity, boolean expectedAccess) {

  378.     assertThat(fooIndex.hasAccessToProject(entity.getUuid())).isEqualTo(expectedAccess);

  379.   }

  380. 

  381.   private UserSessionRule logIn(UserDto u) {

  382.     userSession.logIn(u);

  383.     return userSession;

  384.   }

  385. 

  386.   private IndexingResult indexPermissions(EntityDto entity, EntityEvent cause) {

  387.     DbSession dbSession = db.getSession();

  388.     Collection<EsQueueDto> items = underTest.prepareForRecoveryOnEntityEvent(dbSession, singletonList(entity.getUuid()), cause);

  389.     dbSession.commit();

  390.     return underTest.index(dbSession, items);

  391.   }

  392. 

  393.   private ProjectDto createUnindexedPublicProject() {

  394.     return db.components().insertPublicProject().getProjectDto();

  395.   }

  396. 

  397.   private ProjectDto createAndIndexPrivateProject() {

  398.     ProjectData project = db.components().insertPrivateProject();

  399.     fooIndexer.indexOnAnalysis(project.getMainBranchDto().getUuid());

  400.     return project.getProjectDto();

  401.   }

  402. 

  403.   private ProjectDto createAndIndexPublicProject() {

  404.     ProjectData project = db.components().insertPublicProject();

  405.     fooIndexer.indexOnAnalysis(project.getMainBranchDto().getUuid());

  406.     return project.getProjectDto();

  407.   }

  408. 

  409.   private PortfolioDto createAndIndexPortfolio() {

  410.     PortfolioDto view = db.components().insertPublicPortfolioDto();

  411.     fooIndexer.indexOnAnalysis(view.getUuid());

  412.     return view;

  413.   }

  414. 

  415.   private IndexingResult recover() {

  416.     Collection<EsQueueDto> items = db.getDbClient().esQueueDao().selectForRecovery(db.getSession(), System.currentTimeMillis() + 1_000L, 10);

  417.     return underTest.index(db.getSession(), items);

  418.   }

  419. 

  420.   private void assertThatEsQueueTableHasSize(int expectedSize) {

  421.     assertThat(db.countRowsOfTable("es_queue")).isEqualTo(expectedSize);

  422.   }

  423. 

  424. }