mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24321 Commits
59 Branches
Tree: f8176cf53c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f8176cf53c'
${ noResults }
sonarqube/tests/src/test/java/org/sonarqube/tests/authorisation/PermissionTemplateTest.java

PermissionTemplateTest.java 9.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2017 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonarqube.tests.authorisation;

  21. 

  22. import com.sonar.orchestrator.Orchestrator;

  23. import java.util.Arrays;

  24. import java.util.Optional;

  25. import org.junit.After;

  26. import org.junit.ClassRule;

  27. import org.junit.Rule;

  28. import org.junit.Test;

  29. import org.junit.rules.DisableOnDebug;

  30. import org.junit.rules.TestRule;

  31. import org.junit.rules.Timeout;

  32. import org.sonarqube.tests.Category6Suite;

  33. import org.sonarqube.tests.Tester;

  34. import org.sonarqube.ws.Organizations.Organization;

  35. import org.sonarqube.ws.WsPermissions;

  36. import org.sonarqube.ws.WsPermissions.CreateTemplateWsResponse;

  37. import org.sonarqube.ws.WsProjects.CreateWsResponse.Project;

  38. import org.sonarqube.ws.WsUsers.CreateWsResponse;

  39. import org.sonarqube.ws.client.WsClient;

  40. import org.sonarqube.ws.client.component.SearchProjectsRequest;

  41. import org.sonarqube.ws.client.permission.AddUserToTemplateWsRequest;

  42. import org.sonarqube.ws.client.permission.ApplyTemplateWsRequest;

  43. import org.sonarqube.ws.client.permission.BulkApplyTemplateWsRequest;

  44. import org.sonarqube.ws.client.permission.CreateTemplateWsRequest;

  45. import org.sonarqube.ws.client.permission.PermissionsService;

  46. import org.sonarqube.ws.client.permission.UsersWsRequest;

  47. 

  48. import static org.apache.commons.lang.RandomStringUtils.randomAlphabetic;

  49. import static org.assertj.core.api.Assertions.assertThat;

  50. 

  51. public class PermissionTemplateTest {

  52.   @ClassRule

  53.   public static final Orchestrator orchestrator = Category6Suite.ORCHESTRATOR;

  54. 

  55.   @Rule

  56.   public TestRule safeguard = new DisableOnDebug(Timeout.seconds(300));

  57.   @Rule

  58.   public Tester tester = new Tester(orchestrator)

  59.     .setElasticsearchHttpPort(Category6Suite.SEARCH_HTTP_PORT);

  60. 

  61.   @After

  62.   public void tearDown() throws Exception {

  63.     unlockWritesOnProjectIndices();

  64.   }

  65. 

  66.   @Test

  67.   public void apply_permission_template_on_project() {

  68.     Organization organization = tester.organizations().generate();

  69.     Project project = createPrivateProject(organization);

  70.     CreateWsResponse.User user = tester.users().generateMember(organization);

  71.     CreateWsResponse.User anotherUser = tester.users().generateMember(organization);

  72. 

  73.     assertThatUserDoesNotHavePermission(user, organization, project);

  74.     assertThatUserDoesNotHavePermission(anotherUser, organization, project);

  75.     assertThat(userHasAccessToIndexedProject(user, organization, project)).isTrue();

  76.     assertThat(userHasAccessToIndexedProject(anotherUser, organization, project)).isTrue();

  77. 

  78.     // create permission template that gives read permission to "user"

  79.     createAndApplyTemplate(organization, project, user);

  80. 

  81.     assertThatUserHasPermission(user, organization, project);

  82.     assertThatUserDoesNotHavePermission(anotherUser, organization, project);

  83.     assertThat(userHasAccessToIndexedProject(user, organization, project)).isTrue();

  84.     assertThat(userHasAccessToIndexedProject(anotherUser, organization, project)).isFalse();

  85.   }

  86. 

  87.   @Test

  88.   public void bulk_apply_template_on_projects() {

  89.     Organization organization = tester.organizations().generate();

  90.     CreateWsResponse.User user = tester.users().generateMember(organization);

  91.     CreateWsResponse.User anotherUser = tester.users().generateMember(organization);

  92.     WsPermissions.PermissionTemplate template = createTemplate(organization).getPermissionTemplate();

  93.     tester.wsClient().permissions().addUserToTemplate(new AddUserToTemplateWsRequest()

  94.       .setOrganization(organization.getKey())

  95.       .setTemplateId(template.getId())

  96.       .setLogin(user.getLogin())

  97.       .setPermission("user"));

  98.     Project project1 = createPrivateProject(organization);

  99.     Project project2 = createPrivateProject(organization);

  100.     Project untouchedProject = createPrivateProject(organization);

  101. 

  102.     tester.wsClient().permissions().bulkApplyTemplate(new BulkApplyTemplateWsRequest()

  103.       .setOrganization(organization.getKey())

  104.       .setTemplateId(template.getId())

  105.       .setProjects(Arrays.asList(project1.getKey(), project2.getKey())));

  106. 

  107.     assertThatUserDoesNotHavePermission(anotherUser, organization, untouchedProject);

  108.     assertThatUserDoesNotHavePermission(anotherUser, organization, project1);

  109.     assertThatUserDoesNotHavePermission(anotherUser, organization, project2);

  110.     assertThatUserHasPermission(user, organization, project1);

  111.     assertThatUserHasPermission(user, organization, project2);

  112.     assertThatUserDoesNotHavePermission(user, organization, untouchedProject);

  113.   }

  114. 

  115.   @Test

  116.   public void indexing_errors_are_recovered_when_applying_permission_template_on_project() throws Exception {

  117.     Organization organization = tester.organizations().generate();

  118.     Project project = createPrivateProject(organization);

  119.     CreateWsResponse.User user = tester.users().generateMember(organization);

  120.     CreateWsResponse.User anotherUser = tester.users().generateMember(organization);

  121. 

  122.     lockWritesOnProjectIndices();

  123. 

  124.     createAndApplyTemplate(organization, project, user);

  125. 

  126.     assertThatUserHasPermission(user, organization, project);

  127.     assertThatUserDoesNotHavePermission(anotherUser, organization, project);

  128.     assertThat(userHasAccessToIndexedProject(user, organization, project)).isTrue();

  129.     // inconsistent, should be false. Waiting for ES to be updated.

  130.     assertThat(userHasAccessToIndexedProject(user, organization, project)).isTrue();

  131. 

  132.     unlockWritesOnProjectIndices();

  133. 

  134.     boolean recovered = false;

  135.     while (!recovered) {

  136.       Thread.sleep(1_000L);

  137.       recovered = !userHasAccessToIndexedProject(anotherUser, organization, project);

  138.     }

  139.   }

  140. 

  141.   private void lockWritesOnProjectIndices() throws Exception {

  142.     tester.elasticsearch().lockWrites("issues");

  143.     tester.elasticsearch().lockWrites("projectmeasures");

  144.     tester.elasticsearch().lockWrites("components");

  145.   }

  146. 

  147.   private void unlockWritesOnProjectIndices() throws Exception {

  148.     tester.elasticsearch().unlockWrites("issues");

  149.     tester.elasticsearch().unlockWrites("projectmeasures");

  150.     tester.elasticsearch().unlockWrites("components");

  151.   }

  152. 

  153.   /**

  154.    * Gives the read access only to the specified user. All other users and groups

  155.    * loose their ability to see the project.

  156.    */

  157.   private void createAndApplyTemplate(Organization organization, Project project, CreateWsResponse.User user) {

  158.     String templateName = "For user";

  159.     PermissionsService service = tester.wsClient().permissions();

  160.     service.createTemplate(new CreateTemplateWsRequest()

  161.       .setOrganization(organization.getKey())

  162.       .setName(templateName)

  163.       .setDescription("Give admin permissions to single user"));

  164.     service.addUserToTemplate(new AddUserToTemplateWsRequest()

  165.       .setOrganization(organization.getKey())

  166.       .setLogin(user.getLogin())

  167.       .setPermission("user")

  168.       .setTemplateName(templateName));

  169.     service.applyTemplate(new ApplyTemplateWsRequest()

  170.       .setOrganization(organization.getKey())

  171.       .setProjectKey(project.getKey())

  172.       .setTemplateName(templateName));

  173.   }

  174. 

  175.   private CreateTemplateWsResponse createTemplate(Organization organization) {

  176.     return tester.wsClient().permissions().createTemplate(new CreateTemplateWsRequest()

  177.       .setOrganization(organization.getKey())

  178.       .setName(randomAlphabetic(20)));

  179.   }

  180. 

  181.   private Project createPrivateProject(Organization organization) {

  182.     return tester.projects().generate(organization, p -> p.setVisibility("private"));

  183.   }

  184. 

  185.   private void assertThatUserHasPermission(CreateWsResponse.User user, Organization organization, Project project) {

  186.     assertThat(hasBrowsePermission(user, organization, project)).isTrue();

  187.   }

  188. 

  189.   private void assertThatUserDoesNotHavePermission(CreateWsResponse.User user, Organization organization, Project project) {

  190.     assertThat(hasBrowsePermission(user, organization, project)).isFalse();

  191.   }

  192. 

  193.   private boolean userHasAccessToIndexedProject(CreateWsResponse.User user, Organization organization, Project project) {

  194.     SearchProjectsRequest request = SearchProjectsRequest.builder().setOrganization(organization.getKey()).build();

  195.     WsClient userSession = tester.as(user.getLogin()).wsClient();

  196.     return userSession.components().searchProjects(request)

  197.       .getComponentsList().stream()

  198.       .anyMatch(c -> c.getKey().equals(project.getKey()));

  199.   }

  200. 

  201.   private boolean hasBrowsePermission(CreateWsResponse.User user, Organization organization, Project project) {

  202.     UsersWsRequest request = new UsersWsRequest()

  203.       .setOrganization(organization.getKey())

  204.       .setProjectKey(project.getKey())

  205.       .setPermission("user");

  206.     WsPermissions.UsersWsResponse response = tester.wsClient().permissions().users(request);

  207.     Optional<WsPermissions.User> found = response.getUsersList().stream()

  208.       .filter(u -> user.getLogin().equals(u.getLogin()))

  209.       .findFirst();

  210.     return found.isPresent();

  211.   }

  212. }