mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27477 Commits
59 Branches
Tree: c1caffa9fb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c1caffa9fb'
${ noResults }
sonarqube/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTe...

PermissionTemplateServiceTest.java 29KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2018 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.permission;

  21. 

  22. import java.util.List;

  23. import javax.annotation.Nullable;

  24. import org.junit.Rule;

  25. import org.junit.Test;

  26. import org.junit.rules.ExpectedException;

  27. import org.sonar.api.resources.Qualifiers;

  28. import org.sonar.api.resources.ResourceTypes;

  29. import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;

  30. import org.sonar.api.web.UserRole;

  31. import org.sonar.core.permission.GlobalPermissions;

  32. import org.sonar.db.DbSession;

  33. import org.sonar.db.DbTester;

  34. import org.sonar.db.component.ComponentDto;

  35. import org.sonar.db.component.ResourceTypesRule;

  36. import org.sonar.db.organization.OrganizationDto;

  37. import org.sonar.db.permission.template.PermissionTemplateDbTester;

  38. import org.sonar.db.permission.template.PermissionTemplateDto;

  39. import org.sonar.db.user.GroupDto;

  40. import org.sonar.db.user.UserDto;

  41. import org.sonar.server.es.ProjectIndexers;

  42. import org.sonar.server.es.TestProjectIndexers;

  43. import org.sonar.server.permission.ws.template.DefaultTemplatesResolverRule;

  44. import org.sonar.server.tester.UserSessionRule;

  45. 

  46. import static java.util.Collections.singletonList;

  47. import static org.assertj.core.api.Assertions.assertThat;

  48. import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;

  49. import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;

  50. import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;

  51. 

  52. public class PermissionTemplateServiceTest {

  53. 

  54.   @Rule

  55.   public ExpectedException throwable = ExpectedException.none();

  56.   @Rule

  57.   public DbTester dbTester = DbTester.create(new AlwaysIncreasingSystem2());

  58.   @Rule

  59.   public DefaultTemplatesResolverRule defaultTemplatesResolver = DefaultTemplatesResolverRule.withGovernance();

  60. 

  61.   private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT);

  62.   private PermissionService permissionService = new PermissionServiceImpl(resourceTypes);

  63. 

  64.   private UserSessionRule userSession = UserSessionRule.standalone();

  65.   private PermissionTemplateDbTester templateDb = dbTester.permissionTemplates();

  66.   private DbSession session = dbTester.getSession();

  67.   private ProjectIndexers projectIndexers = new TestProjectIndexers();

  68. 

  69.   private PermissionTemplateService underTest = new PermissionTemplateService(dbTester.getDbClient(), projectIndexers, userSession, defaultTemplatesResolver);

  70. 

  71.   @Test

  72.   public void apply_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() {

  73.     OrganizationDto organization = dbTester.organizations().insert();

  74.     ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);

  75.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  76.     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");

  77. 

  78.     underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));

  79. 

  80.     assertThat(selectProjectPermissionsOfGroup(organization, null, privateProject)).isEmpty();

  81.   }

  82. 

  83.   @Test

  84.   public void apply_default_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() {

  85.     OrganizationDto organization = dbTester.organizations().insert();

  86.     ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);

  87.     UserDto creator = dbTester.users().insertUser();

  88.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  89.     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");

  90.     dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);

  91. 

  92.     underTest.applyDefault(session, organization.getUuid(), privateProject, creator.getId());

  93. 

  94.     assertThat(selectProjectPermissionsOfGroup(organization, null, privateProject)).isEmpty();

  95.   }

  96. 

  97.   @Test

  98.   public void apply_inserts_permissions_to_group_AnyOne_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {

  99.     OrganizationDto organization = dbTester.organizations().insert();

  100.     ComponentDto publicProject = dbTester.components().insertPublicProject(organization);

  101.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  102.     permissionService.getAllProjectPermissions()

  103.       .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm));

  104.     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");

  105. 

  106.     underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));

  107. 

  108.     assertThat(selectProjectPermissionsOfGroup(organization, null, publicProject))

  109.       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  110.   }

  111. 

  112.   @Test

  113.   public void applyDefault_inserts_permissions_to_group_AnyOne_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {

  114.     OrganizationDto organization = dbTester.organizations().insert();

  115.     ComponentDto publicProject = dbTester.components().insertPublicProject(organization);

  116.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  117.     permissionService.getAllProjectPermissions()

  118.       .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm));

  119.     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");

  120.     dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);

  121. 

  122.     underTest.applyDefault(session, organization.getUuid(), publicProject, null);

  123. 

  124.     assertThat(selectProjectPermissionsOfGroup(organization, null, publicProject))

  125.       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  126.   }

  127. 

  128.   @Test

  129.   public void apply_inserts_any_permissions_to_group_when_applying_template_on_private_project() {

  130.     OrganizationDto organization = dbTester.organizations().insert();

  131.     ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);

  132.     GroupDto group = dbTester.users().insertGroup(organization);

  133.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  134.     permissionService.getAllProjectPermissions()

  135.       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));

  136.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");

  137. 

  138.     underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));

  139. 

  140.     assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject))

  141.       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  142.   }

  143. 

  144.   @Test

  145.   public void applyDefault_inserts_any_permissions_to_group_when_applying_template_on_private_project() {

  146.     OrganizationDto organization = dbTester.organizations().insert();

  147.     GroupDto group = dbTester.users().insertGroup(organization);

  148.     ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);

  149.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  150.     permissionService.getAllProjectPermissions()

  151.       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));

  152.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");

  153.     dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);

  154. 

  155.     underTest.applyDefault(session, organization.getUuid(), privateProject, null);

  156. 

  157.     assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject))

  158.       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  159.   }

  160. 

  161.   @Test

  162.   public void apply_inserts_permissions_to_group_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {

  163.     OrganizationDto organization = dbTester.organizations().insert();

  164.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  165.     ComponentDto publicProject = dbTester.components().insertPublicProject(organization);

  166.     GroupDto group = dbTester.users().insertGroup(organization);

  167.     permissionService.getAllProjectPermissions()

  168.       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));

  169.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");

  170. 

  171.     underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));

  172. 

  173.     assertThat(selectProjectPermissionsOfGroup(organization, group, publicProject))

  174.       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  175.   }

  176. 

  177.   @Test

  178.   public void applyDefault_inserts_permissions_to_group_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {

  179.     OrganizationDto organization = dbTester.organizations().insert();

  180.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  181.     ComponentDto publicProject = dbTester.components().insertPublicProject(organization);

  182.     GroupDto group = dbTester.users().insertGroup(organization);

  183.     permissionService.getAllProjectPermissions()

  184.       .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));

  185.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");

  186.     dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);

  187. 

  188.     underTest.applyDefault(session, organization.getUuid(), publicProject, null);

  189. 

  190.     assertThat(selectProjectPermissionsOfGroup(organization, group, publicProject))

  191.       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  192.   }

  193. 

  194.   @Test

  195.   public void apply_inserts_permissions_to_user_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {

  196.     OrganizationDto organization = dbTester.organizations().insert();

  197.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  198.     ComponentDto publicProject = dbTester.components().insertPublicProject(organization);

  199.     UserDto user = dbTester.users().insertUser();

  200.     permissionService.getAllProjectPermissions()

  201.       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));

  202.     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");

  203. 

  204.     underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));

  205. 

  206.     assertThat(selectProjectPermissionsOfUser(user, publicProject))

  207.       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  208.   }

  209. 

  210.   @Test

  211.   public void applyDefault_inserts_permissions_to_user_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {

  212.     OrganizationDto organization = dbTester.organizations().insert();

  213.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  214.     ComponentDto publicProject = dbTester.components().insertPublicProject(organization);

  215.     UserDto user = dbTester.users().insertUser();

  216.     permissionService.getAllProjectPermissions()

  217.       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));

  218.     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");

  219.     dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);

  220. 

  221.     underTest.applyDefault(session, organization.getUuid(), publicProject, null);

  222. 

  223.     assertThat(selectProjectPermissionsOfUser(user, publicProject))

  224.       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  225.   }

  226. 

  227.   @Test

  228.   public void apply_inserts_any_permissions_to_user_when_applying_template_on_private_project() {

  229.     OrganizationDto organization = dbTester.organizations().insert();

  230.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  231.     ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);

  232.     UserDto user = dbTester.users().insertUser();

  233.     permissionService.getAllProjectPermissions()

  234.       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));

  235.     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");

  236. 

  237.     underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));

  238. 

  239.     assertThat(selectProjectPermissionsOfUser(user, privateProject))

  240.       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  241.   }

  242. 

  243.   @Test

  244.   public void applyDefault_inserts_any_permissions_to_user_when_applying_template_on_private_project() {

  245.     OrganizationDto organization = dbTester.organizations().insert();

  246.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  247.     ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);

  248.     UserDto user = dbTester.users().insertUser();

  249.     permissionService.getAllProjectPermissions()

  250.       .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));

  251.     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");

  252.     dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);

  253. 

  254.     underTest.applyDefault(session, organization.getUuid(), privateProject, null);

  255. 

  256.     assertThat(selectProjectPermissionsOfUser(user, privateProject))

  257.       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  258.   }

  259. 

  260.   @Test

  261.   public void applyDefault_inserts_permissions_to_ProjectCreator_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {

  262.     OrganizationDto organization = dbTester.organizations().insert();

  263.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  264.     ComponentDto publicProject = dbTester.components().insertPublicProject(organization);

  265.     UserDto user = dbTester.users().insertUser();

  266.     permissionService.getAllProjectPermissions()

  267.       .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm));

  268.     dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");

  269.     dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);

  270. 

  271.     underTest.applyDefault(session, organization.getUuid(), publicProject, user.getId());

  272. 

  273.     assertThat(selectProjectPermissionsOfUser(user, publicProject))

  274.       .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  275.   }

  276. 

  277.   @Test

  278.   public void applyDefault_inserts_any_permissions_to_ProjectCreator_when_applying_template_on_private_project() {

  279.     OrganizationDto organization = dbTester.organizations().insert();

  280.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  281.     ComponentDto privateProject = dbTester.components().insertPrivateProject(organization);

  282.     UserDto user = dbTester.users().insertUser();

  283.     permissionService.getAllProjectPermissions()

  284.       .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm));

  285.     dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");

  286.     dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);

  287. 

  288.     underTest.applyDefault(session, organization.getUuid(), privateProject, user.getId());

  289. 

  290.     assertThat(selectProjectPermissionsOfUser(user, privateProject))

  291.       .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);

  292.   }

  293. 

  294.   @Test

  295.   public void apply_template_on_view() {

  296.     OrganizationDto organization = dbTester.organizations().insert();

  297.     ComponentDto view = dbTester.components().insertView(organization);

  298.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  299.     GroupDto group = dbTester.users().insertGroup(organization);

  300.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, ADMINISTER.getKey());

  301.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, PROVISION_PROJECTS.getKey());

  302.     dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);

  303. 

  304.     underTest.applyDefault(session, organization.getUuid(), view, null);

  305. 

  306.     assertThat(selectProjectPermissionsOfGroup(organization, group, view))

  307.       .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());

  308.   }

  309. 

  310.   @Test

  311.   public void apply_default_template_on_application() {

  312.     OrganizationDto organization = dbTester.organizations().insert();

  313.     ComponentDto view = dbTester.components().insertPublicApplication(organization);

  314.     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  315.     PermissionTemplateDto appPermissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  316.     GroupDto group = dbTester.users().insertGroup(organization);

  317.     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, ADMINISTER.getKey());

  318.     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, PROVISION_PROJECTS.getKey());

  319.     dbTester.organizations().setDefaultTemplates(organization, projectPermissionTemplate.getUuid(), appPermissionTemplate.getUuid(), null);

  320. 

  321.     underTest.applyDefault(session, organization.getUuid(), view, null);

  322. 

  323.     assertThat(selectProjectPermissionsOfGroup(organization, group, view))

  324.       .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());

  325.   }

  326. 

  327.   @Test

  328.   public void apply_default_template_on_portfolio() {

  329.     OrganizationDto organization = dbTester.organizations().insert();

  330.     ComponentDto view = dbTester.components().insertPublicPortfolio(organization);

  331.     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  332.     PermissionTemplateDto portPermissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  333.     GroupDto group = dbTester.users().insertGroup(organization);

  334.     dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, ADMINISTER.getKey());

  335.     dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, PROVISION_PROJECTS.getKey());

  336.     dbTester.organizations().setDefaultTemplates(organization, projectPermissionTemplate.getUuid(), null, portPermissionTemplate.getUuid());

  337. 

  338.     underTest.applyDefault(session, organization.getUuid(), view, null);

  339. 

  340.     assertThat(selectProjectPermissionsOfGroup(organization, group, view))

  341.       .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());

  342.   }

  343. 

  344.   @Test

  345.   public void apply_project_default_template_on_view_when_no_view_default_template() {

  346.     OrganizationDto organization = dbTester.organizations().insert();

  347.     ComponentDto view = dbTester.components().insertView(organization);

  348.     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  349.     GroupDto group = dbTester.users().insertGroup(organization);

  350.     dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, PROVISION_PROJECTS.getKey());

  351.     dbTester.organizations().setDefaultTemplates(organization, projectPermissionTemplate.getUuid(), null, null);

  352. 

  353.     underTest.applyDefault(session, organization.getUuid(), view, null);

  354. 

  355.     assertThat(selectProjectPermissionsOfGroup(organization, group, view)).containsOnly(PROVISION_PROJECTS.getKey());

  356.   }

  357. 

  358.   @Test

  359.   public void apply_template_on_applications() {

  360.     OrganizationDto organization = dbTester.organizations().insert();

  361.     ComponentDto application = dbTester.components().insertApplication(organization);

  362.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  363.     GroupDto group = dbTester.users().insertGroup(organization);

  364.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, ADMINISTER.getKey());

  365.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, PROVISION_PROJECTS.getKey());

  366.     dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);

  367. 

  368.     underTest.applyDefault(session, organization.getUuid(), application, null);

  369. 

  370.     assertThat(selectProjectPermissionsOfGroup(organization, group, application))

  371.       .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());

  372.   }

  373. 

  374.   @Test

  375.   public void apply_default_view_template_on_application() {

  376.     OrganizationDto organization = dbTester.organizations().insert();

  377.     ComponentDto application = dbTester.components().insertApplication(organization);

  378.     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  379.     PermissionTemplateDto appPermissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  380.     PermissionTemplateDto portPermissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  381.     GroupDto group = dbTester.users().insertGroup(organization);

  382.     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, ADMINISTER.getKey());

  383.     dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, PROVISION_PROJECTS.getKey());

  384.     dbTester.organizations().setDefaultTemplates(organization, projectPermissionTemplate.getUuid(), appPermissionTemplate.getUuid(), portPermissionTemplate.getUuid());

  385. 

  386.     underTest.applyDefault(session, organization.getUuid(), application, null);

  387. 

  388.     assertThat(selectProjectPermissionsOfGroup(organization, group, application))

  389.       .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());

  390.   }

  391. 

  392.   @Test

  393.   public void apply_project_default_template_on_application_when_no_application_default_template() {

  394.     OrganizationDto organization = dbTester.organizations().insert();

  395.     ComponentDto application = dbTester.components().insertApplication(organization);

  396.     PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  397.     GroupDto group = dbTester.users().insertGroup(organization);

  398.     dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, PROVISION_PROJECTS.getKey());

  399.     dbTester.organizations().setDefaultTemplates(organization, projectPermissionTemplate.getUuid(), null, null);

  400. 

  401.     underTest.applyDefault(session, organization.getUuid(), application, null);

  402. 

  403.     assertThat(selectProjectPermissionsOfGroup(organization, group, application)).containsOnly(PROVISION_PROJECTS.getKey());

  404.   }

  405. 

  406.   @Test

  407.   public void apply_permission_template() {

  408.     OrganizationDto organization = dbTester.organizations().insert();

  409.     UserDto user = dbTester.users().insertUser();

  410.     ComponentDto project = dbTester.components().insertPrivateProject(organization);

  411.     GroupDto adminGroup = dbTester.users().insertGroup(organization);

  412.     GroupDto userGroup = dbTester.users().insertGroup(organization);

  413.     dbTester.users().insertPermissionOnGroup(adminGroup, "admin");

  414.     dbTester.users().insertPermissionOnGroup(userGroup, "user");

  415.     dbTester.users().insertPermissionOnUser(organization, user, "admin");

  416.     PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);

  417.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, "admin");

  418.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, adminGroup, "issueadmin");

  419.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, "user");

  420.     dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, userGroup, "codeviewer");

  421.     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "user");

  422.     dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "codeviewer");

  423.     dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "admin");

  424. 

  425.     assertThat(selectProjectPermissionsOfGroup(organization, adminGroup, project)).isEmpty();

  426.     assertThat(selectProjectPermissionsOfGroup(organization, userGroup, project)).isEmpty();

  427.     assertThat(selectProjectPermissionsOfGroup(organization, null, project)).isEmpty();

  428.     assertThat(selectProjectPermissionsOfUser(user, project)).isEmpty();

  429. 

  430.     underTest.applyAndCommit(session, permissionTemplate, singletonList(project));

  431. 

  432.     assertThat(selectProjectPermissionsOfGroup(organization, adminGroup, project)).containsOnly("admin", "issueadmin");

  433.     assertThat(selectProjectPermissionsOfGroup(organization, userGroup, project)).containsOnly("user", "codeviewer");

  434.     assertThat(selectProjectPermissionsOfGroup(organization, null, project)).isEmpty();

  435.     assertThat(selectProjectPermissionsOfUser(user, project)).containsOnly("admin");

  436.   }

  437. 

  438.   private List<String> selectProjectPermissionsOfGroup(OrganizationDto organizationDto, @Nullable GroupDto groupDto, ComponentDto project) {

  439.     return dbTester.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(session,

  440.       organizationDto.getUuid(), groupDto != null ? groupDto.getId() : null, project.getId());

  441.   }

  442. 

  443.   private List<String> selectProjectPermissionsOfUser(UserDto userDto, ComponentDto project) {

  444.     return dbTester.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(session,

  445.       userDto.getId(), project.getId());

  446.   }

  447. 

  448.   @Test

  449.   public void would_user_have_scan_permission_with_default_permission_template() {

  450.     OrganizationDto organization = dbTester.organizations().insert();

  451.     GroupDto group = dbTester.users().insertGroup(organization);

  452.     UserDto user = dbTester.users().insertUser();

  453.     dbTester.users().insertMember(group, user);

  454.     PermissionTemplateDto template = templateDb.insertTemplate(organization);

  455.     dbTester.organizations().setDefaultTemplates(template, null, null);

  456.     templateDb.addProjectCreatorToTemplate(template.getId(), SCAN_EXECUTION);

  457.     templateDb.addUserToTemplate(template.getId(), user.getId(), UserRole.USER);

  458.     templateDb.addGroupToTemplate(template.getId(), group.getId(), UserRole.CODEVIEWER);

  459.     templateDb.addGroupToTemplate(template.getId(), null, UserRole.ISSUE_ADMIN);

  460. 

  461.     // authenticated user

  462.     checkWouldUserHaveScanPermission(organization, user.getId(), true);

  463. 

  464.     // anonymous user

  465.     checkWouldUserHaveScanPermission(organization, null, false);

  466.   }

  467. 

  468.   @Test

  469.   public void would_user_have_scan_permission_with_unknown_default_permission_template() {

  470.     dbTester.organizations().setDefaultTemplates(dbTester.getDefaultOrganization(), "UNKNOWN_TEMPLATE_UUID", null, null);

  471. 

  472.     checkWouldUserHaveScanPermission(dbTester.getDefaultOrganization(), null, false);

  473.   }

  474. 

  475.   @Test

  476.   public void would_user_have_scan_permission_with_empty_template() {

  477.     PermissionTemplateDto template = templateDb.insertTemplate(dbTester.getDefaultOrganization());

  478.     dbTester.organizations().setDefaultTemplates(template, null, null);

  479. 

  480.     checkWouldUserHaveScanPermission(dbTester.getDefaultOrganization(), null, false);

  481.   }

  482. 

  483.   private void checkWouldUserHaveScanPermission(OrganizationDto organization, @Nullable Integer userId, boolean expectedResult) {

  484.     assertThat(underTest.wouldUserHaveScanPermissionWithDefaultTemplate(session, organization.getUuid(), userId, "PROJECT_KEY", Qualifiers.PROJECT))

  485.       .isEqualTo(expectedResult);

  486.   }

  487. 

  488. }