diff options
| author | Julien Lancelot <julien.lancelot@gmail.com> | 2013-09-19 19:46:19 +0200 |
|---|---|---|
| committer | Julien Lancelot <julien.lancelot@gmail.com> | 2013-09-19 19:46:19 +0200 |
| commit | 27d59f400e79c0a834b2e665719d0411af35cb5d (patch) | |
| tree | 8a2f20f0372652e8a5ab93195e7dd88c15cd592d | |
| parent | 63b40dda0609ffb8fd7a13fcce6b6859e0a75195 (diff) | |
| download | sonarqube-27d59f400e79c0a834b2e665719d0411af35cb5d.tar.gz sonarqube-27d59f400e79c0a834b2e665719d0411af35cb5d.zip | |
SONAR-4694 Allow project permissions management from the permission web service
76 files changed, 926 insertions, 680 deletions
diff --git a/sonar-batch/src/main/java/org/sonar/batch/bootstrap/TaskContainer.java b/sonar-batch/src/main/java/org/sonar/batch/bootstrap/TaskContainer.java index 93c396ebb06..187fe10bd19 100644 --- a/sonar-batch/src/main/java/org/sonar/batch/bootstrap/TaskContainer.java +++ b/sonar-batch/src/main/java/org/sonar/batch/bootstrap/TaskContainer.java @@ -30,7 +30,7 @@ import org.sonar.api.utils.SonarException; import org.sonar.batch.scan.ScanTask; import org.sonar.batch.tasks.ListTask; import org.sonar.batch.tasks.Tasks; -import org.sonar.core.permission.ComponentPermissionFacade; +import org.sonar.core.permission.PermissionFacade; import org.sonar.core.resource.DefaultResourcePermissions; public class TaskContainer extends ComponentContainer { @@ -63,7 +63,7 @@ public class TaskContainer extends ComponentContainer { private void installComponentsUsingTaskExtensions() { add( ResourceTypes.class, - ComponentPermissionFacade.class, + PermissionFacade.class, DefaultResourcePermissions.class, Tasks.class); } diff --git a/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java b/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java deleted file mode 100644 index f681635865a..00000000000 --- a/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java +++ /dev/null @@ -1,158 +0,0 @@ -/* - * SonarQube, open source software quality management tool. - * Copyright (C) 2008-2013 SonarSource - * mailto:contact AT sonarsource DOT com - * - * SonarQube is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * SonarQube is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ - -package org.sonar.core.permission; - -import org.apache.ibatis.session.SqlSession; -import org.sonar.api.ServerComponent; -import org.sonar.api.security.DefaultGroups; -import org.sonar.api.task.TaskComponent; -import org.sonar.core.persistence.MyBatis; -import org.sonar.core.user.*; - -import java.util.List; - -/** - * Internal use only - * @since 3.7 - * - * This facade wraps all the db operations related to component-based permissions - */ -public class ComponentPermissionFacade implements TaskComponent, ServerComponent { - - private final MyBatis myBatis; - private final RoleDao roleDao; - private final UserDao userDao; - private final PermissionDao permissionDao; - - public ComponentPermissionFacade(MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionDao permissionDao) { - this.myBatis = myBatis; - this.roleDao = roleDao; - this.userDao = userDao; - this.permissionDao = permissionDao; - } - - public void setUserPermission(Long resourceId, String userLogin, String permission) { - SqlSession session = myBatis.openSession(); - try { - UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(userLogin); - if (user != null) { - UserRoleDto userRole = new UserRoleDto() - .setRole(permission) - .setUserId(user.getId()) - .setResourceId(Long.valueOf(resourceId)); - roleDao.deleteUserRole(userRole, session); - roleDao.insertUserRole(userRole, session); - session.commit(); - } - } finally { - MyBatis.closeQuietly(session); - } - } - - public void setGroupPermission(Long resourceId, String groupName, String permission) { - SqlSession session = myBatis.openSession(); - try { - GroupRoleDto groupRole = new GroupRoleDto() - .setRole(permission) - .setResourceId(Long.valueOf(resourceId)); - if (DefaultGroups.isAnyone(groupName)) { - roleDao.deleteGroupRole(groupRole, session); - roleDao.insertGroupRole(groupRole, session); - session.commit(); - } else { - GroupDto group = userDao.selectGroupByName(groupName, session); - if (group != null) { - groupRole.setGroupId(group.getId()); - roleDao.deleteGroupRole(groupRole, session); - roleDao.insertGroupRole(groupRole, session); - session.commit(); - } - } - } finally { - MyBatis.closeQuietly(session); - } - } - - public int countPermissions(Long resourceId) { - return roleDao.countGroupRoles(resourceId) + roleDao.countUserRoles(resourceId); - } - - public void removeAllPermissions(Long resourceId, SqlSession session) { - roleDao.deleteGroupRolesByResourceId(resourceId, session); - roleDao.deleteUserRolesByResourceId(resourceId, session); - } - - public void addUserPermission(Long resourceId, String userLogin, String permission, SqlSession session) { - UserDto user = userDao.selectActiveUserByLogin(userLogin, session); - if (user != null) { - UserRoleDto userRoleDto = new UserRoleDto().setRole(permission).setUserId(user.getId()).setResourceId(resourceId); - roleDao.insertUserRole(userRoleDto, session); - } - } - - public void addGroupPermission(Long resourceId, String groupName, String permission, SqlSession session) { - GroupRoleDto groupRole = new GroupRoleDto().setRole(permission).setResourceId(resourceId); - if (DefaultGroups.isAnyone(groupName)) { - roleDao.insertGroupRole(groupRole, session); - } else { - GroupDto group = userDao.selectGroupByName(groupName, session); - if (group != null) { - roleDao.insertGroupRole(groupRole.setGroupId(group.getId()), session); - } - } - } - - public PermissionTemplateDto getPermissionTemplate(String templateKey) { - PermissionTemplateDto permissionTemplateDto = permissionDao.selectTemplateByKey(templateKey); - if(permissionTemplateDto == null) { - throw new IllegalArgumentException("Could not retrieve permission template with key " + templateKey); - } - PermissionTemplateDto templateWithPermissions = permissionDao.selectPermissionTemplate(permissionTemplateDto.getName()); - if(templateWithPermissions == null) { - throw new IllegalArgumentException("Could not retrieve permissions for template with key " + templateKey); - } - return templateWithPermissions; - } - - public void applyPermissionTemplate(String templateKey, Long resourceId) { - SqlSession session = myBatis.openSession(); - try { - removeAllPermissions(resourceId, session); - PermissionTemplateDto permissionTemplate = getPermissionTemplate(templateKey); - List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions(); - if(usersPermissions != null) { - for (PermissionTemplateUserDto userPermission : usersPermissions) { - addUserPermission(resourceId, userPermission.getUserLogin(), userPermission.getPermission(), session); - } - } - List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions(); - if(groupsPermissions != null) { - for (PermissionTemplateGroupDto groupPermission : groupsPermissions) { - String groupName = groupPermission.getGroupName() == null ? DefaultGroups.ANYONE : groupPermission.getGroupName(); - addGroupPermission(resourceId, groupName, groupPermission.getPermission(), session); - } - } - session.commit(); - } finally { - MyBatis.closeQuietly(session); - } - } -} diff --git a/sonar-core/src/main/java/org/sonar/core/permission/Permission.java b/sonar-core/src/main/java/org/sonar/core/permission/GlobalPermission.java index bf8fd3d2e06..9696ed4e4c9 100644 --- a/sonar-core/src/main/java/org/sonar/core/permission/Permission.java +++ b/sonar-core/src/main/java/org/sonar/core/permission/GlobalPermission.java @@ -24,22 +24,22 @@ import java.util.LinkedHashMap; import java.util.Map; /** - * * Holds the constants representing the various global permissions that can be assigned to users & groups * * @since 3.7 */ -public class Permission { +public class GlobalPermission { - public static final Permission SYSTEM_ADMIN = new Permission("admin"); - public static final Permission QUALITY_PROFILE_ADMIN = new Permission("profileadmin"); - public static final Permission DASHBOARD_SHARING = new Permission("shareDashboard"); - public static final Permission SCAN_EXECUTION = new Permission("scan"); - public static final Permission DRY_RUN_EXECUTION = new Permission("dryRunScan"); + public static final GlobalPermission SYSTEM_ADMIN = new GlobalPermission("admin"); + public static final GlobalPermission QUALITY_PROFILE_ADMIN = new GlobalPermission("profileadmin"); + public static final GlobalPermission DASHBOARD_SHARING = new GlobalPermission("shareDashboard"); + public static final GlobalPermission SCAN_EXECUTION = new GlobalPermission("scan"); + public static final GlobalPermission DRY_RUN_EXECUTION = new GlobalPermission("dryRunScan"); private final String key; + // Use linked hash map to preserve order - private static Map<String, Permission> allGlobal = new LinkedHashMap<String, Permission>(); + private static Map<String, GlobalPermission> allGlobal = new LinkedHashMap<String, GlobalPermission>(); static { allGlobal.put(SYSTEM_ADMIN.key, SYSTEM_ADMIN); @@ -49,7 +49,7 @@ public class Permission { allGlobal.put(DRY_RUN_EXECUTION.key, DRY_RUN_EXECUTION); } - private Permission(String key) { + private GlobalPermission(String key) { this.key = key; } @@ -57,11 +57,8 @@ public class Permission { return key; } - public static Map<String, Permission> allGlobal() { + public static Map<String, GlobalPermission> allGlobal() { return allGlobal; } - public static boolean isValid(String permission) { - return allGlobal.containsKey(permission); - } } diff --git a/sonar-core/src/main/java/org/sonar/core/permission/PermissionFacade.java b/sonar-core/src/main/java/org/sonar/core/permission/PermissionFacade.java new file mode 100644 index 00000000000..054970f9c42 --- /dev/null +++ b/sonar-core/src/main/java/org/sonar/core/permission/PermissionFacade.java @@ -0,0 +1,185 @@ +/* + * SonarQube, open source software quality management tool. + * Copyright (C) 2008-2013 SonarSource + * mailto:contact AT sonarsource DOT com + * + * SonarQube is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * SonarQube is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +package org.sonar.core.permission; + +import org.apache.ibatis.session.SqlSession; +import org.sonar.api.ServerComponent; +import org.sonar.api.security.DefaultGroups; +import org.sonar.api.task.TaskComponent; +import org.sonar.core.persistence.MyBatis; +import org.sonar.core.user.*; + +import javax.annotation.Nullable; + +import java.util.List; + +/** + * Internal use only + * + * @since 3.7 + * <p/> + * This facade wraps db operations related to permissions + */ +public class PermissionFacade implements TaskComponent, ServerComponent { + + private final MyBatis myBatis; + private final RoleDao roleDao; + private final UserDao userDao; + private final PermissionTemplateDao permissionTemplateDao; + + public PermissionFacade(MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionTemplateDao permissionTemplateDao) { + this.myBatis = myBatis; + this.roleDao = roleDao; + this.userDao = userDao; + this.permissionTemplateDao = permissionTemplateDao; + } + + public void insertUserPermission(@Nullable Long resourceId, Long userId, String permission, @Nullable SqlSession session) { + UserRoleDto userRoleDto = new UserRoleDto() + .setRole(permission) + .setUserId(userId) + .setResourceId(resourceId); + if (session != null) { + roleDao.insertUserRole(userRoleDto, session); + } else { + roleDao.insertUserRole(userRoleDto); + } + } + + public void insertUserPermission(@Nullable Long resourceId, Long userId, String permission) { + insertUserPermission(resourceId, userId, permission, null); + } + + public void deleteUserPermission(@Nullable Long resourceId, Long userId, String permission, @Nullable SqlSession session) { + UserRoleDto userRoleDto = new UserRoleDto() + .setRole(permission) + .setUserId(userId) + .setResourceId(resourceId); + if (session != null) { + roleDao.deleteUserRole(userRoleDto, session); + } else { + roleDao.deleteUserRole(userRoleDto); + } + } + + public void deleteUserPermission(@Nullable Long resourceId, Long userId, String permission) { + deleteUserPermission(resourceId, userId, permission, null); + } + + public void insertGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, @Nullable SqlSession session) { + GroupRoleDto groupRole = new GroupRoleDto() + .setRole(permission) + .setGroupId(groupId) + .setResourceId(resourceId); + if (session != null) { + roleDao.insertGroupRole(groupRole, session); + } else { + roleDao.insertGroupRole(groupRole); + } + } + + public void insertGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission) { + insertGroupPermission(resourceId, groupId, permission, null); + } + + public void insertGroupPermission(@Nullable Long resourceId, @Nullable String groupName, String permission, @Nullable SqlSession session) { + if (DefaultGroups.isAnyone(groupName)) { + insertGroupPermission(resourceId, (Long) null, permission, session); + } else { + GroupDto group = userDao.selectGroupByName(groupName, session); + if (group != null) { + insertGroupPermission(resourceId, group.getId(), permission, session); + } + } + } + + public void deleteGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, @Nullable SqlSession session) { + GroupRoleDto groupRole = new GroupRoleDto() + .setRole(permission) + .setGroupId(groupId) + .setResourceId(resourceId); + if (session != null) { + roleDao.deleteGroupRole(groupRole, session); + } else { + roleDao.deleteGroupRole(groupRole); + } + } + + public void deleteGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission) { + deleteGroupPermission(resourceId, groupId, permission, null); + } + + public void deleteGroupPermission(@Nullable Long resourceId, @Nullable String groupName, String permission, @Nullable SqlSession session) { + if (DefaultGroups.isAnyone(groupName)) { + deleteGroupPermission(resourceId, (Long) null, permission, session); + } else { + GroupDto group = userDao.selectGroupByName(groupName, session); + if (group != null) { + deleteGroupPermission(resourceId, group.getId(), permission, session); + } + } + } + + public PermissionTemplateDto getPermissionTemplate(String templateKey) { + PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectTemplateByKey(templateKey); + if (permissionTemplateDto == null) { + throw new IllegalArgumentException("Could not retrieve permission template with key " + templateKey); + } + PermissionTemplateDto templateWithPermissions = permissionTemplateDao.selectPermissionTemplate(permissionTemplateDto.getName()); + if (templateWithPermissions == null) { + throw new IllegalArgumentException("Could not retrieve permissions for template with key " + templateKey); + } + return templateWithPermissions; + } + + public void applyPermissionTemplate(String templateKey, Long resourceId) { + SqlSession session = myBatis.openSession(); + try { + removeAllPermissions(resourceId, session); + PermissionTemplateDto permissionTemplate = getPermissionTemplate(templateKey); + List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions(); + if (usersPermissions != null) { + for (PermissionTemplateUserDto userPermission : usersPermissions) { + insertUserPermission(resourceId, userPermission.getUserId(), userPermission.getPermission(), session); + } + } + List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions(); + if (groupsPermissions != null) { + for (PermissionTemplateGroupDto groupPermission : groupsPermissions) { + Long groupId = groupPermission.getGroupId() == null ? null : groupPermission.getGroupId(); + insertGroupPermission(resourceId, groupId, groupPermission.getPermission(), session); + } + } + session.commit(); + } finally { + MyBatis.closeQuietly(session); + } + } + + public int countPermissions(Long resourceId) { + return roleDao.countGroupRoles(resourceId) + roleDao.countUserRoles(resourceId); + } + + public void removeAllPermissions(Long resourceId, SqlSession session) { + roleDao.deleteGroupRolesByResourceId(resourceId, session); + roleDao.deleteUserRolesByResourceId(resourceId, session); + } +} diff --git a/sonar-core/src/main/java/org/sonar/core/permission/PermissionDao.java b/sonar-core/src/main/java/org/sonar/core/permission/PermissionTemplateDao.java index 486f3d552a0..ac6341a3bf0 100644 --- a/sonar-core/src/main/java/org/sonar/core/permission/PermissionDao.java +++ b/sonar-core/src/main/java/org/sonar/core/permission/PermissionTemplateDao.java @@ -30,21 +30,22 @@ import org.sonar.core.persistence.MyBatis; import javax.annotation.CheckForNull; import javax.annotation.Nullable; + import java.text.Normalizer; import java.util.Date; import java.util.List; -public class PermissionDao implements TaskComponent, ServerComponent { +public class PermissionTemplateDao implements TaskComponent, ServerComponent { private final MyBatis myBatis; private final DateProvider dateProvider; - public PermissionDao(MyBatis myBatis, DateProvider dateProvider) { + public PermissionTemplateDao(MyBatis myBatis, DateProvider dateProvider) { this.myBatis = myBatis; this.dateProvider = dateProvider; } - public PermissionDao(MyBatis myBatis) { + public PermissionTemplateDao(MyBatis myBatis) { this(myBatis, new DefaultDateProvider()); } diff --git a/sonar-core/src/main/java/org/sonar/core/persistence/DaoUtils.java b/sonar-core/src/main/java/org/sonar/core/persistence/DaoUtils.java index 9512388b61a..bef01fc36d7 100644 --- a/sonar-core/src/main/java/org/sonar/core/persistence/DaoUtils.java +++ b/sonar-core/src/main/java/org/sonar/core/persistence/DaoUtils.java @@ -19,8 +19,6 @@ */ package org.sonar.core.persistence; -import org.sonar.core.notification.db.NotificationQueueDao; - import com.google.common.collect.ImmutableList; import org.sonar.core.dashboard.ActiveDashboardDao; import org.sonar.core.dashboard.DashboardDao; @@ -28,7 +26,8 @@ import org.sonar.core.duplication.DuplicationDao; import org.sonar.core.graph.jdbc.GraphDao; import org.sonar.core.issue.db.*; import org.sonar.core.measure.MeasureFilterDao; -import org.sonar.core.permission.PermissionDao; +import org.sonar.core.notification.db.NotificationQueueDao; +import org.sonar.core.permission.PermissionTemplateDao; import org.sonar.core.properties.PropertiesDao; import org.sonar.core.purge.PurgeDao; import org.sonar.core.resource.ResourceDao; @@ -68,7 +67,7 @@ public final class DaoUtils { LoadedTemplateDao.class, MeasureFilterDao.class, NotificationQueueDao.class, - PermissionDao.class, + PermissionTemplateDao.class, PropertiesDao.class, PurgeDao.class, ResourceIndexerDao.class, diff --git a/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java b/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java index 3e5fb4ec294..7a40a85d08a 100644 --- a/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java +++ b/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java @@ -23,18 +23,20 @@ import org.apache.commons.lang.StringUtils; import org.apache.ibatis.session.SqlSession; import org.sonar.api.config.Settings; import org.sonar.api.resources.Resource; -import org.sonar.api.security.DefaultGroups; import org.sonar.api.security.ResourcePermissions; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.ComponentPermissionFacade; +import org.sonar.core.permission.PermissionFacade; import org.sonar.core.permission.PermissionTemplateDto; import org.sonar.core.permission.PermissionTemplateGroupDto; import org.sonar.core.permission.PermissionTemplateUserDto; import org.sonar.core.persistence.MyBatis; +import org.sonar.core.user.UserDto; +import org.sonar.core.user.UserMapper; -import java.util.ArrayList; import java.util.List; +import static com.google.common.collect.Lists.newArrayList; + /** * @since 3.2 */ @@ -42,9 +44,9 @@ public class DefaultResourcePermissions implements ResourcePermissions { private final Settings settings; private final MyBatis myBatis; - private final ComponentPermissionFacade permissionFacade; + private final PermissionFacade permissionFacade; - public DefaultResourcePermissions(Settings settings, MyBatis myBatis, ComponentPermissionFacade permissionFacade) { + public DefaultResourcePermissions(Settings settings, MyBatis myBatis, PermissionFacade permissionFacade) { this.settings = settings; this.myBatis = myBatis; this.permissionFacade = permissionFacade; @@ -60,13 +62,30 @@ public class DefaultResourcePermissions implements ResourcePermissions { public void grantUserRole(Resource resource, String login, String role) { if (resource.getId() != null) { - permissionFacade.setUserPermission(Long.valueOf(resource.getId()), login, role); + SqlSession session = myBatis.openSession(); + try { + UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(login); + if (user != null) { + permissionFacade.deleteUserPermission(Long.valueOf(resource.getId()), user.getId(), role, session); + permissionFacade.insertUserPermission(Long.valueOf(resource.getId()), user.getId(), role, session); + session.commit(); + } + } finally { + MyBatis.closeQuietly(session); + } } } public void grantGroupRole(Resource resource, String groupName, String role) { if (resource.getId() != null) { - permissionFacade.setGroupPermission(Long.valueOf(resource.getId()), groupName, role); + SqlSession session = myBatis.openSession(); + try { + permissionFacade.deleteGroupPermission(Long.valueOf(resource.getId()), groupName, role, session); + permissionFacade.insertGroupPermission(Long.valueOf(resource.getId()), groupName, role, session); + session.commit(); + } finally { + MyBatis.closeQuietly(session); + } } } @@ -93,40 +112,40 @@ public class DefaultResourcePermissions implements ResourcePermissions { private void grantDefaultRoles(Resource resource, String role, SqlSession session) { PermissionTemplateDto applicablePermissionTemplate = getPermissionTemplate(resource.getQualifier()); - List<String> groupNames = getEligibleGroups(role, applicablePermissionTemplate); - for (String groupName : groupNames) { + List<Long> groupIds = getEligibleGroups(role, applicablePermissionTemplate); + for (Long groupId : groupIds) { Long resourceId = Long.valueOf(resource.getId()); - permissionFacade.addGroupPermission(resourceId, groupName, role, session); + permissionFacade.insertGroupPermission(resourceId, groupId, role, session); } - List<String> logins = getEligibleUsers(role, applicablePermissionTemplate); - for (String login : logins) { + List<Long> userIds = getEligibleUsers(role, applicablePermissionTemplate); + for (Long userId : userIds) { Long resourceId = Long.valueOf(resource.getId()); - permissionFacade.addUserPermission(resourceId, login, role, session); + permissionFacade.insertUserPermission(resourceId, userId, role, session); } } - private List<String> getEligibleGroups(String role, PermissionTemplateDto permissionTemplate) { - List<String> eligibleGroups = new ArrayList<String>(); + private List<Long> getEligibleGroups(String role, PermissionTemplateDto permissionTemplate) { + List<Long> eligibleGroups = newArrayList(); List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions(); - if(groupsPermissions != null) { + if (groupsPermissions != null) { for (PermissionTemplateGroupDto groupPermission : groupsPermissions) { - if(role.equals(groupPermission.getPermission())) { - String groupName = groupPermission.getGroupName() != null ? groupPermission.getGroupName() : DefaultGroups.ANYONE; - eligibleGroups.add(groupName); + if (role.equals(groupPermission.getPermission())) { + Long groupId = groupPermission.getGroupId() != null ? groupPermission.getGroupId() : null; + eligibleGroups.add(groupId); } } } return eligibleGroups; } - private List<String> getEligibleUsers(String role, PermissionTemplateDto permissionTemplate) { - List<String> eligibleUsers = new ArrayList<String>(); + private List<Long> getEligibleUsers(String role, PermissionTemplateDto permissionTemplate) { + List<Long> eligibleUsers = newArrayList(); List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions(); - if(usersPermissions != null) { + if (usersPermissions != null) { for (PermissionTemplateUserDto userPermission : usersPermissions) { - if(role.equals(userPermission.getPermission())) { - eligibleUsers.add(userPermission.getUserLogin()); + if (role.equals(userPermission.getPermission())) { + eligibleUsers.add(userPermission.getUserId()); } } } @@ -135,12 +154,12 @@ public class DefaultResourcePermissions implements ResourcePermissions { private PermissionTemplateDto getPermissionTemplate(String qualifier) { String qualifierTemplateKey = settings.getString("sonar.permission.template." + qualifier + ".default"); - if(!StringUtils.isBlank(qualifierTemplateKey)) { + if (!StringUtils.isBlank(qualifierTemplateKey)) { return permissionFacade.getPermissionTemplate(qualifierTemplateKey); } String defaultTemplateKey = settings.getString("sonar.permission.template.default"); - if(StringUtils.isBlank(defaultTemplateKey)) { + if (StringUtils.isBlank(defaultTemplateKey)) { throw new IllegalStateException("At least one default permission template should be defined"); } return permissionFacade.getPermissionTemplate(defaultTemplateKey); diff --git a/sonar-core/src/main/java/org/sonar/core/user/UserRoleDto.java b/sonar-core/src/main/java/org/sonar/core/user/UserRoleDto.java index 32d55da23f3..f778a852ae1 100644 --- a/sonar-core/src/main/java/org/sonar/core/user/UserRoleDto.java +++ b/sonar-core/src/main/java/org/sonar/core/user/UserRoleDto.java @@ -20,6 +20,8 @@ package org.sonar.core.user; +import javax.annotation.Nullable; + /** * @since 3.2 */ @@ -47,11 +49,12 @@ public class UserRoleDto { return this; } + @Nullable public Long getResourceId() { return resourceId; } - public UserRoleDto setResourceId(Long resourceId) { + public UserRoleDto setResourceId(@Nullable Long resourceId) { this.resourceId = resourceId; return this; } diff --git a/sonar-core/src/main/resources/org/sonar/core/permission/PermissionTemplateMapper.xml b/sonar-core/src/main/resources/org/sonar/core/permission/PermissionTemplateMapper.xml index 5999d29729d..7293920ebe2 100644 --- a/sonar-core/src/main/resources/org/sonar/core/permission/PermissionTemplateMapper.xml +++ b/sonar-core/src/main/resources/org/sonar/core/permission/PermissionTemplateMapper.xml @@ -91,7 +91,7 @@ u.login AS user_login FROM permission_templates pt INNER JOIN perm_templates_users ptu ON ptu.template_id = pt.id - INNER JOIN users u ON u.id = ptu.user_id + INNER JOIN users u ON u.id = ptu.user_id AND u.active = ${_true} WHERE pt.name = #{templateName} </select> diff --git a/sonar-core/src/test/java/org/sonar/core/permission/ComponentPermissionFacadeTest.java b/sonar-core/src/test/java/org/sonar/core/permission/PermissionFacadeTest.java index 3763d3d6043..bb689a099f7 100644 --- a/sonar-core/src/test/java/org/sonar/core/permission/ComponentPermissionFacadeTest.java +++ b/sonar-core/src/test/java/org/sonar/core/permission/PermissionFacadeTest.java @@ -35,22 +35,20 @@ import static org.fest.assertions.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -public class ComponentPermissionFacadeTest extends AbstractDaoTestCase { +public class PermissionFacadeTest extends AbstractDaoTestCase { @Rule public ExpectedException throwable = ExpectedException.none(); - private ComponentPermissionFacade permissionFacade; - private RoleDao roleDao; - private UserDao userDao; - private PermissionDao permissionDao; + private PermissionFacade permissionFacade; + private PermissionTemplateDao permissionTemplateDao; @Before public void setUp() { - roleDao = new RoleDao(getMyBatis()); - userDao = new UserDao(getMyBatis()); - permissionDao = new PermissionDao(getMyBatis()); - permissionFacade = new ComponentPermissionFacade(getMyBatis(), roleDao, userDao, permissionDao); + RoleDao roleDao = new RoleDao(getMyBatis()); + UserDao userDao = new UserDao(getMyBatis()); + permissionTemplateDao = new PermissionTemplateDao(getMyBatis()); + permissionFacade = new PermissionFacade(getMyBatis(), roleDao, userDao, permissionTemplateDao); } @Test @@ -64,69 +62,108 @@ public class ComponentPermissionFacadeTest extends AbstractDaoTestCase { } @Test - public void should_set_user_permission() throws Exception { - setupData("should_set_user_permission"); + public void should_count_component_permissions() throws Exception { + setupData("should_count_component_permissions"); + + assertThat(permissionFacade.countPermissions(123L)).isEqualTo(2); + } - permissionFacade.setUserPermission(123L, "dave.loper", UserRole.ADMIN); + @Test + public void should_add_user_permission() throws Exception { + setupData("should_add_user_permission"); - checkTable("should_set_user_permission", "user_roles", "user_id", "resource_id", "role"); + permissionFacade.insertUserPermission(123L, 200L, UserRole.ADMIN); + + checkTable("should_add_user_permission", "user_roles", "user_id", "resource_id", "role"); } @Test - public void should_set_group_permission() throws Exception { - setupData("should_set_group_permission"); + public void should_delete_user_permission() throws Exception { + setupData("should_delete_user_permission"); - permissionFacade.setGroupPermission(123L, "devs", UserRole.ADMIN); + permissionFacade.deleteUserPermission(123L, 200L, UserRole.ADMIN); - checkTable("should_set_group_permission", "group_roles", "group_id", "resource_id", "role"); + checkTable("should_delete_user_permission", "user_roles", "user_id", "resource_id", "role"); } @Test - public void should_count_component_permissions() throws Exception { - setupData("should_count_component_permissions"); + public void should_insert_group_permission() throws Exception { + setupData("should_insert_group_permission"); - assertThat(permissionFacade.countPermissions(123L)).isEqualTo(2); + SqlSession session = getMyBatis().openSession(); + try { + permissionFacade.insertGroupPermission(123L, 100L, UserRole.USER); + session.commit(); + } finally { + MyBatis.closeQuietly(session); + } + + checkTable("should_insert_group_permission", "group_roles", "group_id", "resource_id", "role"); } @Test - public void should_add_user_permission() throws Exception { - setupData("should_add_user_permission"); + public void should_insert_group_name_permission() throws Exception { + setupData("should_insert_group_permission"); SqlSession session = getMyBatis().openSession(); try { - permissionFacade.addUserPermission(123L, "dave.loper", UserRole.ADMIN, session); + permissionFacade.insertGroupPermission(123L, "devs", UserRole.USER, session); session.commit(); } finally { MyBatis.closeQuietly(session); } - checkTable("should_add_user_permission", "user_roles", "user_id", "resource_id", "role"); + checkTable("should_insert_group_permission", "group_roles", "group_id", "resource_id", "role"); + } + + @Test + public void should_insert_anyone_group_permission() throws Exception { + setupData("should_insert_anyone_group_permission"); + + SqlSession session = getMyBatis().openSession(); + try { + permissionFacade.insertGroupPermission(123L, "Anyone", UserRole.USER, session); + session.commit(); + } finally { + MyBatis.closeQuietly(session); + } + + checkTable("should_insert_anyone_group_permission", "group_roles", "group_id", "resource_id", "role"); + } + + @Test + public void should_delete_group_permission() throws Exception { + setupData("should_delete_group_permission"); + + permissionFacade.deleteGroupPermission(123L, 100L, UserRole.USER); + + checkTable("should_delete_group_permission", "group_roles", "group_id", "resource_id", "role"); } @Test - public void should_add_group_permission() throws Exception { - setupData("should_add_group_permission"); + public void should_delete_group_name_permission() throws Exception { + setupData("should_delete_group_permission"); SqlSession session = getMyBatis().openSession(); try { - permissionFacade.addGroupPermission(123L, "devs", UserRole.USER, session); + permissionFacade.deleteGroupPermission(123L, "devs", UserRole.USER, session); session.commit(); } finally { MyBatis.closeQuietly(session); } - checkTable("should_add_group_permission", "group_roles", "group_id", "resource_id", "role"); + checkTable("should_delete_group_permission", "group_roles", "group_id", "resource_id", "role"); } @Test public void should_retrieve_permission_template() throws Exception { PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto().setName("Test template"); PermissionTemplateDto templateWithPermissions = new PermissionTemplateDto(); - permissionDao = mock(PermissionDao.class); - when(permissionDao.selectTemplateByKey("test_template")).thenReturn(permissionTemplateDto); - when(permissionDao.selectPermissionTemplate("Test template")).thenReturn(templateWithPermissions); + permissionTemplateDao = mock(PermissionTemplateDao.class); + when(permissionTemplateDao.selectTemplateByKey("test_template")).thenReturn(permissionTemplateDto); + when(permissionTemplateDao.selectPermissionTemplate("Test template")).thenReturn(templateWithPermissions); - permissionFacade = new ComponentPermissionFacade(null, null, null, permissionDao); + permissionFacade = new PermissionFacade(null, null, null, permissionTemplateDao); PermissionTemplateDto permissionTemplate = permissionFacade.getPermissionTemplate("test_template"); @@ -137,9 +174,9 @@ public class ComponentPermissionFacadeTest extends AbstractDaoTestCase { public void should_fail_on_unmatched_template() throws Exception { throwable.expect(IllegalArgumentException.class); - permissionDao = mock(PermissionDao.class); + permissionTemplateDao = mock(PermissionTemplateDao.class); - permissionFacade = new ComponentPermissionFacade(null, null, null, permissionDao); + permissionFacade = new PermissionFacade(null, null, null, permissionTemplateDao); permissionFacade.getPermissionTemplate("unmatched"); } diff --git a/sonar-core/src/test/java/org/sonar/core/permission/PermissionDaoTest.java b/sonar-core/src/test/java/org/sonar/core/permission/PermissionTemplateDaoTest.java index 45b8bd1ca77..c98ad095713 100644 --- a/sonar-core/src/test/java/org/sonar/core/permission/PermissionDaoTest.java +++ b/sonar-core/src/test/java/org/sonar/core/permission/PermissionTemplateDaoTest.java @@ -23,7 +23,6 @@ package org.sonar.core.permission; import org.apache.ibatis.session.SqlSession; import org.junit.Before; import org.junit.Test; -import org.sonar.api.utils.DateUtils; import org.sonar.core.date.DateProvider; import org.sonar.core.persistence.AbstractDaoTestCase; import org.sonar.core.persistence.MyBatis; @@ -36,10 +35,10 @@ import java.util.List; import static org.fest.assertions.Assertions.assertThat; import static org.mockito.Mockito.*; -public class PermissionDaoTest extends AbstractDaoTestCase { +public class PermissionTemplateDaoTest extends AbstractDaoTestCase { Date now; - PermissionDao permissionDao; + PermissionTemplateDao permissionTemplateDao; DateProvider dateProvider; @Before @@ -47,13 +46,13 @@ public class PermissionDaoTest extends AbstractDaoTestCase { now = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse("2013-01-02 01:04:05"); dateProvider = mock(DateProvider.class); stub(dateProvider.now()).toReturn(now); - permissionDao = new PermissionDao(getMyBatis(), dateProvider); + permissionTemplateDao = new PermissionTemplateDao(getMyBatis(), dateProvider); } @Test public void should_create_permission_template() throws Exception { setupData("createPermissionTemplate"); - PermissionTemplateDto permissionTemplate = permissionDao.createPermissionTemplate("my template", "my description"); + PermissionTemplateDto permissionTemplate = permissionTemplateDao.createPermissionTemplate("my template", "my description"); assertThat(permissionTemplate).isNotNull(); assertThat(permissionTemplate.getId()).isEqualTo(1L); checkTable("createPermissionTemplate", "permission_templates", "id", "name", "kee", "description"); @@ -62,7 +61,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { @Test public void should_normalize_kee_on_template_creation() throws Exception { setupData("createNonAsciiPermissionTemplate"); - PermissionTemplateDto permissionTemplate = permissionDao.createPermissionTemplate("Môü Gnô Gnèçà ß", "my description"); + PermissionTemplateDto permissionTemplate = permissionTemplateDao.createPermissionTemplate("Môü Gnô Gnèçà ß", "my description"); assertThat(permissionTemplate).isNotNull(); assertThat(permissionTemplate.getId()).isEqualTo(1L); checkTable("createNonAsciiPermissionTemplate", "permission_templates", "id", "name", "kee", "description"); @@ -79,8 +78,8 @@ public class PermissionDaoTest extends AbstractDaoTestCase { MyBatis myBatis = mock(MyBatis.class); when(myBatis.openSession()).thenReturn(session); - permissionDao = new PermissionDao(myBatis, dateProvider); - PermissionTemplateDto permissionTemplate = permissionDao.createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), null); + permissionTemplateDao = new PermissionTemplateDao(myBatis, dateProvider); + PermissionTemplateDto permissionTemplate = permissionTemplateDao.createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), null); verify(mapper).insert(permissionTemplate); verify(session).commit(); @@ -91,7 +90,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { @Test public void should_select_permission_template() throws Exception { setupData("selectPermissionTemplate"); - PermissionTemplateDto permissionTemplate = permissionDao.selectPermissionTemplate("my template"); + PermissionTemplateDto permissionTemplate = permissionTemplateDao.selectPermissionTemplate("my template"); assertThat(permissionTemplate).isNotNull(); assertThat(permissionTemplate.getName()).isEqualTo("my template"); @@ -111,7 +110,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { @Test public void should_select_empty_permission_template() throws Exception { setupData("selectEmptyPermissionTemplate"); - PermissionTemplateDto permissionTemplate = permissionDao.selectPermissionTemplate("my template"); + PermissionTemplateDto permissionTemplate = permissionTemplateDao.selectPermissionTemplate("my template"); assertThat(permissionTemplate).isNotNull(); assertThat(permissionTemplate.getName()).isEqualTo("my template"); @@ -124,7 +123,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { public void should_select_permission_template_by_name() throws Exception { setupData("selectPermissionTemplate"); - PermissionTemplateDto permissionTemplate = permissionDao.selectTemplateByName("my template"); + PermissionTemplateDto permissionTemplate = permissionTemplateDao.selectTemplateByName("my template"); assertThat(permissionTemplate).isNotNull(); assertThat(permissionTemplate.getId()).isEqualTo(1L); @@ -137,7 +136,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { public void should_select_permission_template_by_key() throws Exception { setupData("selectPermissionTemplate"); - PermissionTemplateDto permissionTemplate = permissionDao.selectTemplateByKey("my_template_20130102_030405"); + PermissionTemplateDto permissionTemplate = permissionTemplateDao.selectTemplateByKey("my_template_20130102_030405"); assertThat(permissionTemplate).isNotNull(); assertThat(permissionTemplate.getId()).isEqualTo(1L); @@ -150,7 +149,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { public void should_select_all_permission_templates() throws Exception { setupData("selectAllPermissionTemplates"); - List<PermissionTemplateDto> permissionTemplates = permissionDao.selectAllPermissionTemplates(); + List<PermissionTemplateDto> permissionTemplates = permissionTemplateDao.selectAllPermissionTemplates(); assertThat(permissionTemplates).hasSize(3); assertThat(permissionTemplates).onProperty("id").containsOnly(1L, 2L, 3L); @@ -163,7 +162,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { public void should_update_permission_template() throws Exception { setupData("updatePermissionTemplate"); - permissionDao.updatePermissionTemplate(1L, "new_name", "new_description"); + permissionTemplateDao.updatePermissionTemplate(1L, "new_name", "new_description"); checkTable("updatePermissionTemplate", "permission_templates", "id", "name", "kee", "description"); } @@ -172,7 +171,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { public void should_delete_permission_template() throws Exception { setupData("deletePermissionTemplate"); - permissionDao.deletePermissionTemplate(1L); + permissionTemplateDao.deletePermissionTemplate(1L); checkTable("deletePermissionTemplate", "permission_templates", "id", "name", "description"); checkTable("deletePermissionTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference"); @@ -182,7 +181,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { @Test public void should_add_user_permission_to_template() throws Exception { setupData("addUserPermissionToTemplate"); - permissionDao.addUserPermission(1L, 1L, "new_permission"); + permissionTemplateDao.addUserPermission(1L, 1L, "new_permission"); checkTable("addUserPermissionToTemplate", "permission_templates", "id", "name", "description"); checkTable("addUserPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference"); @@ -192,7 +191,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { @Test public void should_remove_user_permission_from_template() throws Exception { setupData("removeUserPermissionFromTemplate"); - permissionDao.removeUserPermission(1L, 2L, "permission_to_remove"); + permissionTemplateDao.removeUserPermission(1L, 2L, "permission_to_remove"); checkTable("removeUserPermissionFromTemplate", "permission_templates", "id", "name", "description"); checkTable("removeUserPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference"); @@ -202,7 +201,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { @Test public void should_add_group_permission_to_template() throws Exception { setupData("addGroupPermissionToTemplate"); - permissionDao.addGroupPermission(1L, 1L, "new_permission"); + permissionTemplateDao.addGroupPermission(1L, 1L, "new_permission"); checkTable("addGroupPermissionToTemplate", "permission_templates", "id", "name", "description"); checkTable("addGroupPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference"); @@ -212,7 +211,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { @Test public void should_remove_group_permission_from_template() throws Exception { setupData("removeGroupPermissionFromTemplate"); - permissionDao.removeGroupPermission(1L, 2L, "permission_to_remove"); + permissionTemplateDao.removeGroupPermission(1L, 2L, "permission_to_remove"); checkTable("removeGroupPermissionFromTemplate", "permission_templates", "id", "name", "description"); checkTable("removeGroupPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference"); @@ -222,7 +221,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { @Test public void should_add_group_permission_with_null_name() throws Exception { setupData("addNullGroupPermissionToTemplate"); - permissionDao.addGroupPermission(1L, null, "new_permission"); + permissionTemplateDao.addGroupPermission(1L, null, "new_permission"); checkTable("addNullGroupPermissionToTemplate", "permission_templates", "id", "name", "description"); checkTable("addNullGroupPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference"); @@ -232,7 +231,7 @@ public class PermissionDaoTest extends AbstractDaoTestCase { @Test public void should_remove_group_permission_with_null_name() throws Exception { setupData("removeNullGroupPermissionFromTemplate"); - permissionDao.removeGroupPermission(1L, null, "permission_to_remove"); + permissionTemplateDao.removeGroupPermission(1L, null, "permission_to_remove"); checkTable("removeNullGroupPermissionFromTemplate", "permission_templates", "id", "name", "description"); checkTable("removeNullGroupPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference"); diff --git a/sonar-core/src/test/java/org/sonar/core/resource/DefaultResourcePermissionsTest.java b/sonar-core/src/test/java/org/sonar/core/resource/DefaultResourcePermissionsTest.java index b4790dc53a0..6edacf3d163 100644 --- a/sonar-core/src/test/java/org/sonar/core/resource/DefaultResourcePermissionsTest.java +++ b/sonar-core/src/test/java/org/sonar/core/resource/DefaultResourcePermissionsTest.java @@ -27,8 +27,8 @@ import org.sonar.api.config.Settings; import org.sonar.api.resources.Project; import org.sonar.api.resources.Resource; import org.sonar.api.security.DefaultGroups; -import org.sonar.core.permission.ComponentPermissionFacade; -import org.sonar.core.permission.PermissionDao; +import org.sonar.core.permission.PermissionFacade; +import org.sonar.core.permission.PermissionTemplateDao; import org.sonar.core.persistence.AbstractDaoTestCase; import org.sonar.core.user.RoleDao; import org.sonar.core.user.UserDao; @@ -47,8 +47,8 @@ public class DefaultResourcePermissionsTest extends AbstractDaoTestCase { @Before public void initResourcePermissions() { settings = new Settings(); - ComponentPermissionFacade permissionFacade = new ComponentPermissionFacade(getMyBatis(), - new RoleDao(getMyBatis()), new UserDao(getMyBatis()), new PermissionDao(getMyBatis())); + PermissionFacade permissionFacade = new PermissionFacade(getMyBatis(), + new RoleDao(getMyBatis()), new UserDao(getMyBatis()), new PermissionTemplateDao(getMyBatis())); permissions = new DefaultResourcePermissions(settings, getMyBatis(), permissionFacade); } diff --git a/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java b/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java index 6d0c9b0830e..b3d94a203cb 100644 --- a/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java +++ b/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java @@ -22,7 +22,7 @@ package org.sonar.core.user; import org.junit.Test; import org.sonar.api.security.DefaultGroups; -import org.sonar.core.permission.Permission; +import org.sonar.core.permission.GlobalPermission; import org.sonar.core.persistence.AbstractDaoTestCase; import static org.fest.assertions.Assertions.assertThat; @@ -35,8 +35,8 @@ public class RoleDaoTest extends AbstractDaoTestCase { RoleDao dao = new RoleDao(getMyBatis()); - assertThat(dao.selectUserPermissions("admin_user")).containsOnly(Permission.SYSTEM_ADMIN.key(), Permission.QUALITY_PROFILE_ADMIN.key()); - assertThat(dao.selectUserPermissions("profile_admin_user")).containsOnly(Permission.QUALITY_PROFILE_ADMIN.key()); + assertThat(dao.selectUserPermissions("admin_user")).containsOnly(GlobalPermission.SYSTEM_ADMIN.key(), GlobalPermission.QUALITY_PROFILE_ADMIN.key()); + assertThat(dao.selectUserPermissions("profile_admin_user")).containsOnly(GlobalPermission.QUALITY_PROFILE_ADMIN.key()); } @Test @@ -45,18 +45,18 @@ public class RoleDaoTest extends AbstractDaoTestCase { RoleDao dao = new RoleDao(getMyBatis()); - assertThat(dao.selectGroupPermissions("sonar-administrators")).containsOnly(Permission.SYSTEM_ADMIN.key(), Permission.QUALITY_PROFILE_ADMIN.key(), - Permission.DASHBOARD_SHARING.key(), Permission.DRY_RUN_EXECUTION.key(), Permission.SCAN_EXECUTION.key()); - assertThat(dao.selectGroupPermissions("sonar-users")).containsOnly(Permission.DASHBOARD_SHARING.key(), Permission.DRY_RUN_EXECUTION.key(), - Permission.SCAN_EXECUTION.key()); - assertThat(dao.selectGroupPermissions(DefaultGroups.ANYONE)).containsOnly(Permission.DRY_RUN_EXECUTION.key(), Permission.SCAN_EXECUTION.key()); + assertThat(dao.selectGroupPermissions("sonar-administrators")).containsOnly(GlobalPermission.SYSTEM_ADMIN.key(), GlobalPermission.QUALITY_PROFILE_ADMIN.key(), + GlobalPermission.DASHBOARD_SHARING.key(), GlobalPermission.DRY_RUN_EXECUTION.key(), GlobalPermission.SCAN_EXECUTION.key()); + assertThat(dao.selectGroupPermissions("sonar-users")).containsOnly(GlobalPermission.DASHBOARD_SHARING.key(), GlobalPermission.DRY_RUN_EXECUTION.key(), + GlobalPermission.SCAN_EXECUTION.key()); + assertThat(dao.selectGroupPermissions(DefaultGroups.ANYONE)).containsOnly(GlobalPermission.DRY_RUN_EXECUTION.key(), GlobalPermission.SCAN_EXECUTION.key()); } @Test public void should_delete_user_global_permission() throws Exception { setupData("userPermissions"); - UserRoleDto userRoleToDelete = new UserRoleDto().setUserId(200L).setRole(Permission.QUALITY_PROFILE_ADMIN.key()); + UserRoleDto userRoleToDelete = new UserRoleDto().setUserId(200L).setRole(GlobalPermission.QUALITY_PROFILE_ADMIN.key()); RoleDao dao = new RoleDao(getMyBatis()); dao.deleteUserRole(userRoleToDelete); @@ -68,7 +68,7 @@ public class RoleDaoTest extends AbstractDaoTestCase { public void should_delete_group_global_permission() throws Exception { setupData("groupPermissions"); - GroupRoleDto groupRoleToDelete = new GroupRoleDto().setGroupId(100L).setRole(Permission.QUALITY_PROFILE_ADMIN.key()); + GroupRoleDto groupRoleToDelete = new GroupRoleDto().setGroupId(100L).setRole(GlobalPermission.QUALITY_PROFILE_ADMIN.key()); RoleDao dao = new RoleDao(getMyBatis()); dao.deleteGroupRole(groupRoleToDelete); diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_set_group_permission-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_set_group_permission-result.xml deleted file mode 100644 index f79f28fb768..00000000000 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_set_group_permission-result.xml +++ /dev/null @@ -1,8 +0,0 @@ -<dataset> - - <groups id="100" name="devs"/> - - <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/> - <group_roles id="2" group_id="100" resource_id="123" role="admin"/> - -</dataset>
\ No newline at end of file diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_set_group_permission.xml b/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_set_group_permission.xml deleted file mode 100644 index efca2c119a3..00000000000 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_set_group_permission.xml +++ /dev/null @@ -1,7 +0,0 @@ -<dataset> - - <groups id="100" name="devs"/> - - <group_roles id="1" group_id="100" resource_id="123" role="codeviewer"/> - -</dataset>
\ No newline at end of file diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_add_user_permission-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_add_user_permission-result.xml index f3749db4f0c..f3749db4f0c 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_add_user_permission-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_add_user_permission-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_add_user_permission.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_add_user_permission.xml index 000c018550b..000c018550b 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_add_user_permission.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_add_user_permission.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_apply_permission_template-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_apply_permission_template-result.xml index c512d7e3a61..c512d7e3a61 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_apply_permission_template-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_apply_permission_template-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_apply_permission_template.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_apply_permission_template.xml index 2c9dd6309fd..2c9dd6309fd 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_apply_permission_template.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_apply_permission_template.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_count_component_permissions.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_count_component_permissions.xml index aea672478c6..aea672478c6 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_count_component_permissions.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_count_component_permissions.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_add_group_permission.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_delete_group_permission-result.xml index cfce89a776c..cfce89a776c 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_add_group_permission.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_delete_group_permission-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_add_group_permission-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_delete_group_permission.xml index f57c7f9eb5e..f57c7f9eb5e 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_add_group_permission-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_delete_group_permission.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_set_user_permission.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_delete_user_permission-result.xml index 000c018550b..000c018550b 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_set_user_permission.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_delete_user_permission-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_set_user_permission-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_delete_user_permission.xml index f3749db4f0c..f3749db4f0c 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_set_user_permission-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_delete_user_permission.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_anyone_group_permission-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_anyone_group_permission-result.xml new file mode 100644 index 00000000000..a81f3abe68d --- /dev/null +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_anyone_group_permission-result.xml @@ -0,0 +1,8 @@ +<dataset> + + <groups id="100" name="devs"/> + + <group_roles id="1" group_id="100" resource_id="123" role="admin"/> + <group_roles id="2" group_id="[null]" resource_id="123" role="user"/> + +</dataset> diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_anyone_group_permission.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_anyone_group_permission.xml new file mode 100644 index 00000000000..cfce89a776c --- /dev/null +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_anyone_group_permission.xml @@ -0,0 +1,7 @@ +<dataset> + + <groups id="100" name="devs"/> + + <group_roles id="1" group_id="100" resource_id="123" role="admin"/> + +</dataset>
\ No newline at end of file diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_group_permission-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_group_permission-result.xml new file mode 100644 index 00000000000..f57c7f9eb5e --- /dev/null +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_group_permission-result.xml @@ -0,0 +1,8 @@ +<dataset> + + <groups id="100" name="devs"/> + + <group_roles id="1" group_id="100" resource_id="123" role="admin"/> + <group_roles id="2" group_id="100" resource_id="123" role="user"/> + +</dataset>
\ No newline at end of file diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_group_permission.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_group_permission.xml new file mode 100644 index 00000000000..cfce89a776c --- /dev/null +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_insert_group_permission.xml @@ -0,0 +1,7 @@ +<dataset> + + <groups id="100" name="devs"/> + + <group_roles id="1" group_id="100" resource_id="123" role="admin"/> + +</dataset>
\ No newline at end of file diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_remove_all_permissions-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_remove_all_permissions-result.xml index 38def462ed1..38def462ed1 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_remove_all_permissions-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_remove_all_permissions-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_remove_all_permissions.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_remove_all_permissions.xml index aea672478c6..aea672478c6 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/ComponentPermissionFacadeTest/should_remove_all_permissions.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionFacadeTest/should_remove_all_permissions.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addGroupPermissionToTemplate-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addGroupPermissionToTemplate-result.xml index c80216743b1..c80216743b1 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addGroupPermissionToTemplate-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addGroupPermissionToTemplate-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addGroupPermissionToTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addGroupPermissionToTemplate.xml index 6645e851711..6645e851711 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addGroupPermissionToTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addGroupPermissionToTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addNullGroupPermissionToTemplate-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addNullGroupPermissionToTemplate-result.xml index 7d42701d39f..7d42701d39f 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addNullGroupPermissionToTemplate-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addNullGroupPermissionToTemplate-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addNullGroupPermissionToTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addNullGroupPermissionToTemplate.xml index 6645e851711..6645e851711 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addNullGroupPermissionToTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addNullGroupPermissionToTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addUserPermissionToTemplate-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addUserPermissionToTemplate-result.xml index 40bf5d45d4e..40bf5d45d4e 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addUserPermissionToTemplate-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addUserPermissionToTemplate-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addUserPermissionToTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addUserPermissionToTemplate.xml index 6645e851711..6645e851711 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/addUserPermissionToTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/addUserPermissionToTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/createNonAsciiPermissionTemplate-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/createNonAsciiPermissionTemplate-result.xml index d80de102071..d80de102071 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/createNonAsciiPermissionTemplate-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/createNonAsciiPermissionTemplate-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/createNonAsciiPermissionTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/createNonAsciiPermissionTemplate.xml index 5ed00ba028b..5ed00ba028b 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/createNonAsciiPermissionTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/createNonAsciiPermissionTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/createPermissionTemplate-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/createPermissionTemplate-result.xml index 0c2bd559342..0c2bd559342 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/createPermissionTemplate-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/createPermissionTemplate-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/createPermissionTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/createPermissionTemplate.xml index 5ed00ba028b..5ed00ba028b 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/createPermissionTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/createPermissionTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/deletePermissionTemplate-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/deletePermissionTemplate-result.xml index 06f6413de31..06f6413de31 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/deletePermissionTemplate-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/deletePermissionTemplate-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/deletePermissionTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/deletePermissionTemplate.xml index b5a8064cd11..b5a8064cd11 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/deletePermissionTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/deletePermissionTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeGroupPermissionFromTemplate-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeGroupPermissionFromTemplate-result.xml index 140738df7db..140738df7db 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeGroupPermissionFromTemplate-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeGroupPermissionFromTemplate-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeGroupPermissionFromTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeGroupPermissionFromTemplate.xml index 3258dcc22e5..3258dcc22e5 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeGroupPermissionFromTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeGroupPermissionFromTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeNullGroupPermissionFromTemplate-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeNullGroupPermissionFromTemplate-result.xml index cc62050281b..cc62050281b 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeNullGroupPermissionFromTemplate-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeNullGroupPermissionFromTemplate-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeNullGroupPermissionFromTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeNullGroupPermissionFromTemplate.xml index 3e3289534fe..3e3289534fe 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeNullGroupPermissionFromTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeNullGroupPermissionFromTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeUserPermissionFromTemplate-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeUserPermissionFromTemplate-result.xml index 89983781b67..89983781b67 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeUserPermissionFromTemplate-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeUserPermissionFromTemplate-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeUserPermissionFromTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeUserPermissionFromTemplate.xml index 779bd770de8..779bd770de8 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/removeUserPermissionFromTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/removeUserPermissionFromTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/selectAllPermissionTemplates.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/selectAllPermissionTemplates.xml index 65a68bb4b4b..65a68bb4b4b 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/selectAllPermissionTemplates.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/selectAllPermissionTemplates.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/selectEmptyPermissionTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/selectEmptyPermissionTemplate.xml index e8360e44924..e8360e44924 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/selectEmptyPermissionTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/selectEmptyPermissionTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/selectPermissionTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/selectPermissionTemplate.xml index 8cfb9606511..8cfb9606511 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/selectPermissionTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/selectPermissionTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/updatePermissionTemplate-result.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/updatePermissionTemplate-result.xml index 6f25f75defe..6f25f75defe 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/updatePermissionTemplate-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/updatePermissionTemplate-result.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/updatePermissionTemplate.xml b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/updatePermissionTemplate.xml index 2c056af7153..2c056af7153 100644 --- a/sonar-core/src/test/resources/org/sonar/core/permission/PermissionDaoTest/updatePermissionTemplate.xml +++ b/sonar-core/src/test/resources/org/sonar/core/permission/PermissionTemplateDaoTest/updatePermissionTemplate.xml diff --git a/sonar-core/src/test/resources/org/sonar/core/resource/DefaultResourcePermissionsTest/grantDefaultRoles_users-result.xml b/sonar-core/src/test/resources/org/sonar/core/resource/DefaultResourcePermissionsTest/grantDefaultRoles_users-result.xml index ca14596bafe..105e5b86c39 100644 --- a/sonar-core/src/test/resources/org/sonar/core/resource/DefaultResourcePermissionsTest/grantDefaultRoles_users-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/resource/DefaultResourcePermissionsTest/grantDefaultRoles_users-result.xml @@ -18,4 +18,4 @@ <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/> <perm_templates_users id="2" template_id="1" user_id="201" permission_reference="admin"/> -</dataset>
\ No newline at end of file +</dataset> diff --git a/sonar-server/src/main/java/org/sonar/server/issue/IssueFilterService.java b/sonar-server/src/main/java/org/sonar/server/issue/IssueFilterService.java index ccf2e6a4187..0548c2dfe07 100644 --- a/sonar-server/src/main/java/org/sonar/server/issue/IssueFilterService.java +++ b/sonar-server/src/main/java/org/sonar/server/issue/IssueFilterService.java @@ -34,7 +34,7 @@ import org.sonar.core.issue.db.IssueFilterDao; import org.sonar.core.issue.db.IssueFilterDto; import org.sonar.core.issue.db.IssueFilterFavouriteDao; import org.sonar.core.issue.db.IssueFilterFavouriteDto; -import org.sonar.core.permission.Permission; +import org.sonar.core.permission.GlobalPermission; import org.sonar.core.user.AuthorizationDao; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; @@ -331,7 +331,7 @@ public class IssueFilterService implements ServerComponent { } private boolean isAdmin(String user) { - return authorizationDao.selectGlobalPermissions(user).contains(Permission.SYSTEM_ADMIN.key()); + return authorizationDao.selectGlobalPermissions(user).contains(GlobalPermission.SYSTEM_ADMIN.key()); } private IssueFilterResult createIssueFilterResult(IssueQueryResult issueQueryResult, IssueQuery issueQuery) { @@ -339,7 +339,7 @@ public class IssueFilterService implements ServerComponent { } private boolean hasUserSharingPermission(String user){ - return authorizationDao.selectGlobalPermissions(user).contains(Permission.DASHBOARD_SHARING.key()); + return authorizationDao.selectGlobalPermissions(user).contains(GlobalPermission.DASHBOARD_SHARING.key()); } } diff --git a/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java b/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java index 3fdcc998ab8..565b73f7d73 100644 --- a/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java +++ b/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java @@ -24,12 +24,20 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.sonar.api.ServerComponent; import org.sonar.api.security.DefaultGroups; -import org.sonar.core.permission.ComponentPermissionFacade; -import org.sonar.core.permission.Permission; -import org.sonar.core.user.*; +import org.sonar.core.permission.GlobalPermission; +import org.sonar.core.permission.PermissionFacade; +import org.sonar.core.resource.ResourceDao; +import org.sonar.core.resource.ResourceDto; +import org.sonar.core.resource.ResourceQuery; +import org.sonar.core.user.GroupDto; +import org.sonar.core.user.RoleDao; +import org.sonar.core.user.UserDao; +import org.sonar.core.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.user.UserSession; +import javax.annotation.Nullable; + import java.util.List; import java.util.Map; @@ -45,11 +53,13 @@ public class InternalPermissionService implements ServerComponent { private final RoleDao roleDao; private final UserDao userDao; - private final ComponentPermissionFacade permissionFacade; + private final ResourceDao resourceDao; + private final PermissionFacade permissionFacade; - public InternalPermissionService(RoleDao roleDao, UserDao userDao, ComponentPermissionFacade permissionFacade) { + public InternalPermissionService(RoleDao roleDao, UserDao userDao, ResourceDao resourceDao, PermissionFacade permissionFacade) { this.roleDao = roleDao; this.userDao = userDao; + this.resourceDao = resourceDao; this.permissionFacade = permissionFacade; } @@ -63,21 +73,17 @@ public class InternalPermissionService implements ServerComponent { public void applyPermissionTemplate(Map<String, Object> params) { UserSession.get().checkLoggedIn(); - UserSession.get().checkGlobalPermission(Permission.SYSTEM_ADMIN); + UserSession.get().checkGlobalPermission(GlobalPermission.SYSTEM_ADMIN); ApplyPermissionTemplateQuery query = ApplyPermissionTemplateQuery.buildFromParams(params); query.validate(); for (String component : query.getSelectedComponents()) { - applyPermissionTemplate(query.getTemplateKey(), component); + permissionFacade.applyPermissionTemplate(query.getTemplateKey(), Long.parseLong(component)); } } - private void applyPermissionTemplate(String templateKey, String componentId) { - permissionFacade.applyPermissionTemplate(templateKey, Long.parseLong(componentId)); - } - private void changePermission(String permissionChange, Map<String, Object> params) { UserSession.get().checkLoggedIn(); - UserSession.get().checkGlobalPermission(Permission.SYSTEM_ADMIN); + UserSession.get().checkGlobalPermission(GlobalPermission.SYSTEM_ADMIN); PermissionChangeQuery permissionChangeQuery = PermissionChangeQuery.buildFromParams(params); permissionChangeQuery.validate(); applyPermissionChange(permissionChange, permissionChangeQuery); @@ -92,51 +98,50 @@ public class InternalPermissionService implements ServerComponent { } private void applyGroupPermissionChange(String operation, PermissionChangeQuery permissionChangeQuery) { - List<String> existingPermissions = roleDao.selectGroupPermissions(permissionChangeQuery.getGroup()); - if (shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.getRole())) { + List<String> existingPermissions = roleDao.selectGroupPermissions(permissionChangeQuery.group()); + if (shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.permission())) { LOG.info("Skipping permission change '{} {}' for group {} as it matches the current permission scheme", - new String[] {operation, permissionChangeQuery.getRole(), permissionChangeQuery.getGroup()}); + new String[]{operation, permissionChangeQuery.permission(), permissionChangeQuery.group()}); } else { - Long targetedGroup = getTargetedGroup(permissionChangeQuery.getGroup()); - GroupRoleDto groupRole = new GroupRoleDto().setRole(permissionChangeQuery.getRole()).setGroupId(targetedGroup); + Long targetedGroup = getTargetedGroup(permissionChangeQuery.group()); if (ADD.equals(operation)) { - roleDao.insertGroupRole(groupRole); + permissionFacade.insertGroupPermission(getComponentId(permissionChangeQuery.component()), targetedGroup, permissionChangeQuery.permission()); } else { - roleDao.deleteGroupRole(groupRole); + permissionFacade.deleteGroupPermission(getComponentId(permissionChangeQuery.component()), targetedGroup, permissionChangeQuery.permission()); } } } private void applyUserPermissionChange(String operation, PermissionChangeQuery permissionChangeQuery) { - List<String> existingPermissions = roleDao.selectUserPermissions(permissionChangeQuery.getUser()); - if (shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.getRole())) { + List<String> existingPermissions = roleDao.selectUserPermissions(permissionChangeQuery.user()); + if (shouldSkipPermissionChange(operation, existingPermissions, permissionChangeQuery.permission())) { LOG.info("Skipping permission change '{} {}' for user {} as it matches the current permission scheme", - new String[] {operation, permissionChangeQuery.getRole(), permissionChangeQuery.getUser()}); + new String[]{operation, permissionChangeQuery.permission(), permissionChangeQuery.user()}); } else { - Long targetedUser = getTargetedUser(permissionChangeQuery.getUser()); - UserRoleDto userRole = new UserRoleDto().setRole(permissionChangeQuery.getRole()).setUserId(targetedUser); + Long targetedUser = getTargetedUser(permissionChangeQuery.user()); if (ADD.equals(operation)) { - roleDao.insertUserRole(userRole); + permissionFacade.insertUserPermission(getComponentId(permissionChangeQuery.component()), targetedUser, permissionChangeQuery.permission()); } else { - roleDao.deleteUserRole(userRole); + permissionFacade.deleteUserPermission(getComponentId(permissionChangeQuery.component()), targetedUser, permissionChangeQuery.permission()); } } } private Long getTargetedUser(String userLogin) { UserDto user = userDao.selectActiveUserByLogin(userLogin); - if(user == null) { + if (user == null) { throw new BadRequestException("User " + userLogin + " does not exist"); } return user.getId(); } + @Nullable private Long getTargetedGroup(String group) { if (DefaultGroups.isAnyone(group)) { return null; } else { GroupDto groupDto = userDao.selectGroupByName(group); - if(groupDto == null) { + if (groupDto == null) { throw new BadRequestException("Group " + group + " does not exist"); } return groupDto.getId(); @@ -147,4 +152,17 @@ public class InternalPermissionService implements ServerComponent { return (ADD.equals(operation) && existingPermissions.contains(role)) || (REMOVE.equals(operation) && !existingPermissions.contains(role)); } + + @Nullable + private Long getComponentId(String componentKey) { + if (componentKey == null) { + return null; + } else { + ResourceDto resourceDto = resourceDao.getResource(ResourceQuery.create().setKey(componentKey)); + if (resourceDto == null) { + throw new BadRequestException("Component " + componentKey + " does not exists."); + } + return resourceDto.getId(); + } + } } diff --git a/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionTemplateService.java b/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionTemplateService.java index 671380536da..063544a921e 100644 --- a/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionTemplateService.java +++ b/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionTemplateService.java @@ -25,7 +25,7 @@ import org.h2.util.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.sonar.api.ServerComponent; -import org.sonar.core.permission.PermissionDao; +import org.sonar.core.permission.PermissionTemplateDao; import org.sonar.core.permission.PermissionTemplateDto; import org.sonar.core.user.UserDao; import org.sonar.server.exceptions.BadRequestException; @@ -33,6 +33,7 @@ import org.sonar.server.exceptions.ServerErrorException; import javax.annotation.CheckForNull; import javax.annotation.Nullable; + import java.util.List; /** @@ -42,25 +43,25 @@ public class InternalPermissionTemplateService implements ServerComponent { private static final Logger LOG = LoggerFactory.getLogger(InternalPermissionTemplateService.class); - private final PermissionDao permissionDao; + private final PermissionTemplateDao permissionTemplateDao; private final UserDao userDao; - public InternalPermissionTemplateService(PermissionDao permissionDao, UserDao userDao) { - this.permissionDao = permissionDao; + public InternalPermissionTemplateService(PermissionTemplateDao permissionTemplateDao, UserDao userDao) { + this.permissionTemplateDao = permissionTemplateDao; this.userDao = userDao; } @CheckForNull public PermissionTemplate selectPermissionTemplate(String templateName) { PermissionTemplateUpdater.checkUserCredentials(); - PermissionTemplateDto permissionTemplateDto = permissionDao.selectPermissionTemplate(templateName); + PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectPermissionTemplate(templateName); return PermissionTemplate.create(permissionTemplateDto); } public List<PermissionTemplate> selectAllPermissionTemplates() { PermissionTemplateUpdater.checkUserCredentials(); List<PermissionTemplate> permissionTemplates = Lists.newArrayList(); - List<PermissionTemplateDto> permissionTemplateDtos = permissionDao.selectAllPermissionTemplates(); + List<PermissionTemplateDto> permissionTemplateDtos = permissionTemplateDao.selectAllPermissionTemplates(); if(permissionTemplateDtos != null) { for (PermissionTemplateDto permissionTemplateDto : permissionTemplateDtos) { permissionTemplates.add(PermissionTemplate.create(permissionTemplateDto)); @@ -72,7 +73,7 @@ public class InternalPermissionTemplateService implements ServerComponent { public PermissionTemplate createPermissionTemplate(String name, @Nullable String description) { PermissionTemplateUpdater.checkUserCredentials(); validateTemplateName(null, name); - PermissionTemplateDto permissionTemplateDto = permissionDao.createPermissionTemplate(name, description); + PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.createPermissionTemplate(name, description); if(permissionTemplateDto.getId() == null) { String errorMsg = "Template creation failed"; LOG.error(errorMsg); @@ -84,53 +85,53 @@ public class InternalPermissionTemplateService implements ServerComponent { public void updatePermissionTemplate(Long templateId, String newName, @Nullable String newDescription) { PermissionTemplateUpdater.checkUserCredentials(); validateTemplateName(templateId, newName); - permissionDao.updatePermissionTemplate(templateId, newName, newDescription); + permissionTemplateDao.updatePermissionTemplate(templateId, newName, newDescription); } public void deletePermissionTemplate(Long templateId) { PermissionTemplateUpdater.checkUserCredentials(); - permissionDao.deletePermissionTemplate(templateId); + permissionTemplateDao.deletePermissionTemplate(templateId); } public void addUserPermission(String templateName, String permission, String userLogin) { - PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, userLogin, permissionDao, userDao) { + PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, userLogin, permissionTemplateDao, userDao) { @Override protected void doExecute(Long templateId, String permission) { Long userId = getUserId(); - permissionDao.addUserPermission(templateId, userId, permission); + permissionTemplateDao.addUserPermission(templateId, userId, permission); } }; updater.executeUpdate(); } public void removeUserPermission(String templateName, String permission, String userLogin) { - PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, userLogin, permissionDao, userDao) { + PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, userLogin, permissionTemplateDao, userDao) { @Override protected void doExecute(Long templateId, String permission) { Long userId = getUserId(); - permissionDao.removeUserPermission(templateId, userId, permission); + permissionTemplateDao.removeUserPermission(templateId, userId, permission); } }; updater.executeUpdate(); } public void addGroupPermission(String templateName, String permission, String groupName) { - PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, groupName, permissionDao, userDao) { + PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, groupName, permissionTemplateDao, userDao) { @Override protected void doExecute(Long templateId, String permission) { Long groupId = getGroupId(); - permissionDao.addGroupPermission(templateId, groupId, permission); + permissionTemplateDao.addGroupPermission(templateId, groupId, permission); } }; updater.executeUpdate(); } public void removeGroupPermission(String templateName, String permission, String groupName) { - PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, groupName, permissionDao, userDao) { + PermissionTemplateUpdater updater = new PermissionTemplateUpdater(templateName, permission, groupName, permissionTemplateDao, userDao) { @Override protected void doExecute(Long templateId, String permission) { Long groupId = getGroupId(); - permissionDao.removeGroupPermission(templateId, groupId, permission); + permissionTemplateDao.removeGroupPermission(templateId, groupId, permission); } }; updater.executeUpdate(); @@ -141,7 +142,7 @@ public class InternalPermissionTemplateService implements ServerComponent { String errorMsg = "Name can't be blank"; throw new BadRequestException(errorMsg); } - List<PermissionTemplateDto> existingTemplates = permissionDao.selectAllPermissionTemplates(); + List<PermissionTemplateDto> existingTemplates = permissionTemplateDao.selectAllPermissionTemplates(); if(existingTemplates != null) { for (PermissionTemplateDto existingTemplate : existingTemplates) { if((templateId == null || !existingTemplate.getId().equals(templateId)) && (existingTemplate.getName().equals(templateName))) { diff --git a/sonar-server/src/main/java/org/sonar/server/permission/PermissionChangeQuery.java b/sonar-server/src/main/java/org/sonar/server/permission/PermissionChangeQuery.java index 92bee097d59..86286817fee 100644 --- a/sonar-server/src/main/java/org/sonar/server/permission/PermissionChangeQuery.java +++ b/sonar-server/src/main/java/org/sonar/server/permission/PermissionChangeQuery.java @@ -20,30 +20,41 @@ package org.sonar.server.permission; +import com.google.common.base.Strings; +import com.google.common.collect.ImmutableList; import org.apache.commons.lang.StringUtils; -import org.sonar.core.permission.Permission; +import org.sonar.api.web.UserRole; +import org.sonar.core.permission.GlobalPermission; import org.sonar.server.exceptions.BadRequestException; +import javax.annotation.Nullable; + +import java.util.List; import java.util.Map; public class PermissionChangeQuery { private static final String USER_KEY = "user"; private static final String GROUP_KEY = "group"; - private static final String ROLE_KEY = "permission"; + private static final String PERMISSION_KEY = "permission"; + private static final String COMPONENT_KEY = "component"; + + private static final List<String> COMPONENT_PERMISSIONS = ImmutableList.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.USER); private final String user; private final String group; - private final String role; + private final String component; + private final String permission; - private PermissionChangeQuery(String user, String group, String role) { + private PermissionChangeQuery(@Nullable String user, @Nullable String group, @Nullable String component, String permission) { this.user = user; this.group = group; - this.role = role; + this.component = component; + this.permission = permission; } public static PermissionChangeQuery buildFromParams(Map<String, Object> params) { - return new PermissionChangeQuery((String) params.get(USER_KEY), (String) params.get(GROUP_KEY), (String) params.get(ROLE_KEY)); + return new PermissionChangeQuery((String) params.get(USER_KEY), (String) params.get(GROUP_KEY), (String) params.get(COMPONENT_KEY), (String) params.get(PERMISSION_KEY)); } public void validate() { @@ -61,11 +72,17 @@ public class PermissionChangeQuery { } private void validatePermission() { - if (StringUtils.isBlank(role)) { + if (StringUtils.isBlank(permission)) { throw new BadRequestException("Missing permission parameter"); } - if (!Permission.allGlobal().keySet().contains(role)) { - throw new BadRequestException("Invalid permission key " + role); + if (Strings.isNullOrEmpty(component)){ + if (!GlobalPermission.allGlobal().keySet().contains(permission)) { + throw new BadRequestException("Invalid permission key " + permission + ". Valid ones are : "+ GlobalPermission.allGlobal().keySet()); + } + } else { + if (!COMPONENT_PERMISSIONS.contains(permission)) { + throw new BadRequestException("Invalid permission key " + permission +". Valid ones are : "+ COMPONENT_PERMISSIONS); + } } } @@ -73,15 +90,22 @@ public class PermissionChangeQuery { return user != null; } - public String getUser() { + @Nullable + public String user() { return user; } - public String getGroup() { + @Nullable + public String group() { return group; } - public String getRole() { - return role; + @Nullable + public String component() { + return component; + } + + public String permission() { + return permission; } } diff --git a/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUpdater.java b/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUpdater.java index ff0716f1ab2..ad741be2764 100644 --- a/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUpdater.java +++ b/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateUpdater.java @@ -23,8 +23,8 @@ package org.sonar.server.permission; import com.google.common.collect.Lists; import org.sonar.api.security.DefaultGroups; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.Permission; -import org.sonar.core.permission.PermissionDao; +import org.sonar.core.permission.GlobalPermission; +import org.sonar.core.permission.PermissionTemplateDao; import org.sonar.core.permission.PermissionTemplateDto; import org.sonar.core.user.GroupDto; import org.sonar.core.user.UserDao; @@ -39,14 +39,14 @@ abstract class PermissionTemplateUpdater { private final String templateName; private final String permission; private final String updatedReference; - private final PermissionDao permissionDao; + private final PermissionTemplateDao permissionTemplateDao; private final UserDao userDao; - PermissionTemplateUpdater(String templateName, String permission, String updatedReference, PermissionDao permissionDao, UserDao userDao) { + PermissionTemplateUpdater(String templateName, String permission, String updatedReference, PermissionTemplateDao permissionTemplateDao, UserDao userDao) { this.templateName = templateName; this.permission = permission; this.updatedReference = updatedReference; - this.permissionDao = permissionDao; + this.permissionTemplateDao = permissionTemplateDao; this.userDao = userDao; } @@ -81,7 +81,7 @@ abstract class PermissionTemplateUpdater { static void checkUserCredentials() { UserSession currentSession = UserSession.get(); currentSession.checkLoggedIn(); - currentSession.checkGlobalPermission(Permission.SYSTEM_ADMIN); + currentSession.checkGlobalPermission(GlobalPermission.SYSTEM_ADMIN); } private void validatePermission(String permission) { @@ -92,7 +92,7 @@ abstract class PermissionTemplateUpdater { } private Long getTemplateId(String name) { - PermissionTemplateDto permissionTemplateDto = permissionDao.selectTemplateByName(name); + PermissionTemplateDto permissionTemplateDto = permissionTemplateDao.selectTemplateByName(name); if(permissionTemplateDto == null) { throw new BadRequestException("Unknown template: " + name); } diff --git a/sonar-server/src/main/java/org/sonar/server/platform/Platform.java b/sonar-server/src/main/java/org/sonar/server/platform/Platform.java index 55f07767e23..b473ca01d81 100644 --- a/sonar-server/src/main/java/org/sonar/server/platform/Platform.java +++ b/sonar-server/src/main/java/org/sonar/server/platform/Platform.java @@ -51,14 +51,8 @@ import org.sonar.core.measure.MeasureFilterExecutor; import org.sonar.core.measure.MeasureFilterFactory; import org.sonar.core.metric.DefaultMetricFinder; import org.sonar.core.notification.DefaultNotificationManager; -import org.sonar.core.permission.ComponentPermissionFacade; -import org.sonar.core.persistence.DaoUtils; -import org.sonar.core.persistence.DatabaseVersion; -import org.sonar.core.persistence.DefaultDatabase; -import org.sonar.core.persistence.DryRunDatabaseFactory; -import org.sonar.core.persistence.MyBatis; -import org.sonar.core.persistence.SemaphoreUpdater; -import org.sonar.core.persistence.SemaphoresImpl; +import org.sonar.core.permission.PermissionFacade; +import org.sonar.core.persistence.*; import org.sonar.core.purge.PurgeProfiler; import org.sonar.core.qualitymodel.DefaultModelFinder; import org.sonar.core.resource.DefaultResourcePermissions; @@ -83,63 +77,20 @@ import org.sonar.server.configuration.Backup; import org.sonar.server.configuration.ProfilesManager; import org.sonar.server.db.DatabaseMigrator; import org.sonar.server.db.EmbeddedDatabaseFactory; -import org.sonar.server.issue.ActionPlanService; -import org.sonar.server.issue.ActionService; -import org.sonar.server.issue.AssignAction; -import org.sonar.server.issue.CommentAction; -import org.sonar.server.issue.DefaultIssueFinder; -import org.sonar.server.issue.InternalRubyIssueService; -import org.sonar.server.issue.IssueBulkChangeService; -import org.sonar.server.issue.IssueChangelogService; -import org.sonar.server.issue.IssueCommentService; -import org.sonar.server.issue.IssueFilterService; -import org.sonar.server.issue.IssueService; -import org.sonar.server.issue.IssueStatsFinder; -import org.sonar.server.issue.PlanAction; -import org.sonar.server.issue.PublicRubyIssueService; -import org.sonar.server.issue.ServerIssueStorage; -import org.sonar.server.issue.SetSeverityAction; -import org.sonar.server.issue.TransitionAction; +import org.sonar.server.issue.*; import org.sonar.server.notifications.NotificationCenter; import org.sonar.server.notifications.NotificationService; import org.sonar.server.permission.InternalPermissionService; import org.sonar.server.permission.InternalPermissionTemplateService; -import org.sonar.server.plugins.ApplicationDeployer; -import org.sonar.server.plugins.DefaultServerPluginRepository; -import org.sonar.server.plugins.InstalledPluginReferentialFactory; -import org.sonar.server.plugins.PluginDeployer; -import org.sonar.server.plugins.PluginDownloader; -import org.sonar.server.plugins.ServerExtensionInstaller; -import org.sonar.server.plugins.UpdateCenterClient; -import org.sonar.server.plugins.UpdateCenterMatrixFactory; +import org.sonar.server.plugins.*; import org.sonar.server.qualitymodel.DefaultModelManager; import org.sonar.server.rule.RubyRuleService; import org.sonar.server.rules.ProfilesConsole; import org.sonar.server.rules.RulesConsole; -import org.sonar.server.startup.CleanDryRunCache; -import org.sonar.server.startup.DeleteDeprecatedMeasures; -import org.sonar.server.startup.GenerateBootstrapIndex; -import org.sonar.server.startup.GeneratePluginIndex; -import org.sonar.server.startup.GwtPublisher; -import org.sonar.server.startup.JdbcDriverDeployer; -import org.sonar.server.startup.LogServerId; -import org.sonar.server.startup.RegisterMetrics; -import org.sonar.server.startup.RegisterNewDashboards; -import org.sonar.server.startup.RegisterNewMeasureFilters; -import org.sonar.server.startup.RegisterNewProfiles; -import org.sonar.server.startup.RegisterPermissionTemplates; -import org.sonar.server.startup.RegisterQualityModels; -import org.sonar.server.startup.RegisterRules; -import org.sonar.server.startup.RegisterServletFilters; -import org.sonar.server.startup.RenameDeprecatedPropertyKeys; -import org.sonar.server.startup.ServerMetadataPersister; +import org.sonar.server.startup.*; import org.sonar.server.text.MacroInterpreter; import org.sonar.server.text.RubyTextService; -import org.sonar.server.ui.CodeColorizers; -import org.sonar.server.ui.JRubyI18n; -import org.sonar.server.ui.PageDecorations; -import org.sonar.server.ui.SecurityRealmFactory; -import org.sonar.server.ui.Views; +import org.sonar.server.ui.*; import org.sonar.server.user.DefaultUserService; import org.sonar.server.user.NewUserNotifier; @@ -314,7 +265,7 @@ public final class Platform { servicesContainer.addSingleton(NewUserNotifier.class); servicesContainer.addSingleton(DefaultUserFinder.class); servicesContainer.addSingleton(DefaultUserService.class); - servicesContainer.addSingleton(ComponentPermissionFacade.class); + servicesContainer.addSingleton(PermissionFacade.class); servicesContainer.addSingleton(InternalPermissionService.class); servicesContainer.addSingleton(InternalPermissionTemplateService.class); diff --git a/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java b/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java index 22d6d8b6fe4..69ffce39cab 100644 --- a/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java +++ b/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java @@ -25,7 +25,7 @@ import org.slf4j.LoggerFactory; import org.sonar.api.security.DefaultGroups; import org.sonar.api.utils.TimeProfiler; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.PermissionDao; +import org.sonar.core.permission.PermissionTemplateDao; import org.sonar.core.permission.PermissionTemplateDto; import org.sonar.core.template.LoadedTemplateDao; import org.sonar.core.template.LoadedTemplateDto; @@ -41,14 +41,14 @@ public class RegisterPermissionTemplates { private static final Logger LOG = LoggerFactory.getLogger(RegisterPermissionTemplates.class); private final LoadedTemplateDao loadedTemplateDao; - private final PermissionDao permissionDao; + private final PermissionTemplateDao permissionTemplateDao; private final UserDao userDao; private final PersistentSettings settings; - public RegisterPermissionTemplates(LoadedTemplateDao loadedTemplateDao, PermissionDao permissionDao, + public RegisterPermissionTemplates(LoadedTemplateDao loadedTemplateDao, PermissionTemplateDao permissionTemplateDao, UserDao userDao, PersistentSettings settings) { this.loadedTemplateDao = loadedTemplateDao; - this.permissionDao = permissionDao; + this.permissionTemplateDao = permissionTemplateDao; this.userDao = userDao; this.settings = settings; } @@ -78,7 +78,7 @@ public class RegisterPermissionTemplates { } private void insertDefaultTemplate(String templateName) { - PermissionTemplateDto defaultPermissionTemplate = permissionDao + PermissionTemplateDto defaultPermissionTemplate = permissionTemplateDao .createPermissionTemplate(templateName, PermissionTemplateDto.DEFAULT.getDescription()); addGroupPermission(defaultPermissionTemplate, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS); addGroupPermission(defaultPermissionTemplate, UserRole.USER, DefaultGroups.ANYONE); @@ -97,7 +97,7 @@ public class RegisterPermissionTemplates { throw new IllegalArgumentException("Cannot setup default permission for group: " + groupName); } } - permissionDao.addGroupPermission(template.getId(), groupId, permission); + permissionTemplateDao.addGroupPermission(template.getId(), groupId, permission); } private void registerInitialization() { diff --git a/sonar-server/src/main/java/org/sonar/server/user/DefaultUserService.java b/sonar-server/src/main/java/org/sonar/server/user/DefaultUserService.java index 799cf3f2b48..06a9cef79d3 100644 --- a/sonar-server/src/main/java/org/sonar/server/user/DefaultUserService.java +++ b/sonar-server/src/main/java/org/sonar/server/user/DefaultUserService.java @@ -25,12 +25,13 @@ import org.sonar.api.user.RubyUserService; import org.sonar.api.user.User; import org.sonar.api.user.UserFinder; import org.sonar.api.user.UserQuery; -import org.sonar.core.permission.Permission; +import org.sonar.core.permission.GlobalPermission; import org.sonar.core.user.UserDao; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.util.RubyUtils; import javax.annotation.CheckForNull; + import java.util.List; import java.util.Map; @@ -70,7 +71,7 @@ public class DefaultUserService implements RubyUserService { throw new BadRequestException("Login is missing"); } UserSession userSession = UserSession.get(); - userSession.checkGlobalPermission(Permission.SYSTEM_ADMIN); + userSession.checkGlobalPermission(GlobalPermission.SYSTEM_ADMIN); if (Objects.equal(userSession.login(), login)) { throw new BadRequestException("Self-deactivation is not possible"); } diff --git a/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/sonar-server/src/main/java/org/sonar/server/user/UserSession.java index 3ca82006a7d..1de0f833fac 100644 --- a/sonar-server/src/main/java/org/sonar/server/user/UserSession.java +++ b/sonar-server/src/main/java/org/sonar/server/user/UserSession.java @@ -23,7 +23,7 @@ import com.google.common.base.Objects; import com.google.common.base.Strings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.sonar.core.permission.Permission; +import org.sonar.core.permission.GlobalPermission; import org.sonar.core.user.AuthorizationDao; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; @@ -31,6 +31,7 @@ import org.sonar.server.platform.Platform; import javax.annotation.CheckForNull; import javax.annotation.Nullable; + import java.util.ArrayList; import java.util.List; import java.util.Locale; @@ -47,7 +48,7 @@ public class UserSession { private Integer userId; private String login; private Locale locale = Locale.ENGLISH; - List<Permission> permissions = null; + List<GlobalPermission> globalPermissions = null; UserSession() { } @@ -95,8 +96,8 @@ public class UserSession { /** * Ensures that user implies the specified permission. If not a {@link org.sonar.server.exceptions.ForbiddenException} is thrown. */ - public UserSession checkGlobalPermission(Permission permission) { - if (!hasGlobalPermission(permission)) { + public UserSession checkGlobalPermission(GlobalPermission globalPermission) { + if (!hasGlobalPermission(globalPermission)) { throw new ForbiddenException("Insufficient privileges"); } return this; @@ -105,24 +106,24 @@ public class UserSession { /** * Does the user have the given permission ? */ - public boolean hasGlobalPermission(Permission permission) { - return globalPermissions().contains(permission); + public boolean hasGlobalPermission(GlobalPermission globalPermission) { + return globalPermissions().contains(globalPermission); } - List<Permission> globalPermissions() { - if (permissions == null) { + List<GlobalPermission> globalPermissions() { + if (globalPermissions == null) { List<String> permissionKeys = authorizationDao().selectGlobalPermissions(login); - permissions = new ArrayList<Permission>(); + globalPermissions = new ArrayList<GlobalPermission>(); for (String permissionKey : permissionKeys) { - Permission perm = Permission.allGlobal().get(permissionKey); + GlobalPermission perm = GlobalPermission.allGlobal().get(permissionKey); if (perm == null) { LOG.warn("Ignoring unknown permission {} for user {}", permissionKey, login); } else { - permissions.add(perm); + globalPermissions.add(perm); } } } - return permissions; + return globalPermissions; } AuthorizationDao authorizationDao() { diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/permissions_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/permissions_controller.rb index 00f56846093..e109dff82f4 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/permissions_controller.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/permissions_controller.rb @@ -27,11 +27,15 @@ class Api::PermissionsController < Api::ApiController # POST /api/permissions/add # # -- Mandatory parameters - # 'permission' is the key of the permission to add + # 'permission' is the key of the permission to add. For global permissions, available values are : admin, profileadmin, shareDashboard, scan, dryRunScan. + # Component permission values are : user, codeviewer, admin # 'user' is the user identifier (login) # OR # 'group' is the group identifier (group name or 'anyone') # + # -- Optional parameters + # 'component' is the component on which add the permission. If null, the permission should be a global permission. + # # -- Example # curl -X POST -v -u admin:admin 'http://localhost:9000/api/permissions/add?permission=shareDashboard&user=new_user' # @@ -57,11 +61,15 @@ class Api::PermissionsController < Api::ApiController # POST /api/permissions/remove # # -- Mandatory parameters - # 'permission' is the key of the permission to add + # 'permission' is the key of the permission to add. For global permissions, available values are : admin, profileadmin, shareDashboard, scan, dryRunScan. + # Component permission values are : user, codeviewer, admin # 'user' is the user identifier (login) # OR # 'group' is the group identifier (group name or 'anyone') # + # -- Optional parameters + # 'component' is the component on which add the permission. If null, the permission should be a global permission. + # # -- Example # curl -X POST -v -u admin:admin 'http://localhost:9000/api/permissions/remove?permission=shareDashboard&user=new_user' # @@ -82,4 +90,4 @@ class Api::PermissionsController < Api::ApiController end end -end
\ No newline at end of file +end diff --git a/sonar-server/src/test/java/org/sonar/server/issue/IssueCommentServiceTest.java b/sonar-server/src/test/java/org/sonar/server/issue/IssueCommentServiceTest.java index 1b2e9e2df56..357e9c8c0e6 100644 --- a/sonar-server/src/test/java/org/sonar/server/issue/IssueCommentServiceTest.java +++ b/sonar-server/src/test/java/org/sonar/server/issue/IssueCommentServiceTest.java @@ -39,7 +39,7 @@ import org.sonar.core.issue.IssueUpdater; import org.sonar.core.issue.db.IssueChangeDao; import org.sonar.core.issue.db.IssueChangeDto; import org.sonar.core.issue.db.IssueStorage; -import org.sonar.core.permission.Permission; +import org.sonar.core.permission.GlobalPermission; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; @@ -65,7 +65,7 @@ public class IssueCommentServiceTest { @Before public void setUpUser() { - MockUserSession.set().setLogin("admin").setPermissions(Permission.SYSTEM_ADMIN); + MockUserSession.set().setLogin("admin").setPermissions(GlobalPermission.SYSTEM_ADMIN); } @Before diff --git a/sonar-server/src/test/java/org/sonar/server/issue/IssueFilterServiceTest.java b/sonar-server/src/test/java/org/sonar/server/issue/IssueFilterServiceTest.java index 101715be0db..65b2682dca6 100644 --- a/sonar-server/src/test/java/org/sonar/server/issue/IssueFilterServiceTest.java +++ b/sonar-server/src/test/java/org/sonar/server/issue/IssueFilterServiceTest.java @@ -36,7 +36,7 @@ import org.sonar.core.issue.db.IssueFilterDao; import org.sonar.core.issue.db.IssueFilterDto; import org.sonar.core.issue.db.IssueFilterFavouriteDao; import org.sonar.core.issue.db.IssueFilterFavouriteDto; -import org.sonar.core.permission.Permission; +import org.sonar.core.permission.GlobalPermission; import org.sonar.core.user.AuthorizationDao; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; @@ -242,7 +242,7 @@ public class IssueFilterServiceTest { @Test public void should_have_permission_to_share_filter() { - when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.DASHBOARD_SHARING.key())); + when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.DASHBOARD_SHARING.key())); when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Filter").setShared(false).setUserLogin("john")); DefaultIssueFilter result = service.update(new DefaultIssueFilter().setId(1L).setName("My Filter").setShared(true).setUser("john"), userSession); @@ -268,7 +268,7 @@ public class IssueFilterServiceTest { @Test public void should_not_update_sharing_if_not_owner() { // John is admin and want to change arthur filter sharing - when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key())); + when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key())); when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("Arthur Filter").setShared(true).setUserLogin("arthur")); try { @@ -309,8 +309,8 @@ public class IssueFilterServiceTest { @Test public void should_update_other_shared_filter_if_admin_and_if_filter_owner_has_sharing_permission() { - when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key())); - when(authorizationDao.selectGlobalPermissions("arthur")).thenReturn(newArrayList(Permission.DASHBOARD_SHARING.key())); + when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key())); + when(authorizationDao.selectGlobalPermissions("arthur")).thenReturn(newArrayList(GlobalPermission.DASHBOARD_SHARING.key())); when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setDescription("Old description").setUserLogin("arthur").setShared(true)); DefaultIssueFilter result = service.update(new DefaultIssueFilter().setId(1L).setName("My New Filter").setDescription("New description").setShared(true).setUser("arthur"), userSession); @@ -322,7 +322,7 @@ public class IssueFilterServiceTest { @Test public void should_not_update_other_shared_filter_if_admin_and_if_filter_owner_has_no_sharing_permission() { - when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key())); + when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key())); when(authorizationDao.selectGlobalPermissions("arthur")).thenReturn(Collections.<String>emptyList()); when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setDescription("Old description").setUserLogin("arthur").setShared(true)); @@ -396,8 +396,8 @@ public class IssueFilterServiceTest { IssueFilterDto expectedDto = new IssueFilterDto().setName("My filter").setUserLogin("new.owner").setShared(true); // New owner should have sharing perm in order to own the filter - when(authorizationDao.selectGlobalPermissions("new.owner")).thenReturn(newArrayList(Permission.DASHBOARD_SHARING.key())); - when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key())); + when(authorizationDao.selectGlobalPermissions("new.owner")).thenReturn(newArrayList(GlobalPermission.DASHBOARD_SHARING.key())); + when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key())); when(issueFilterDao.selectById(1L)).thenReturn(sharedFilter); when(issueFilterDao.selectSharedFilters()).thenReturn(Lists.newArrayList(sharedFilter)); @@ -413,7 +413,7 @@ public class IssueFilterServiceTest { String currentUser = "dave.loper"; IssueFilterDto sharedFilter = new IssueFilterDto().setId(1L).setName("My filter").setUserLogin(currentUser).setShared(true); - when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(Permission.DRY_RUN_EXECUTION.key())); + when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(GlobalPermission.DRY_RUN_EXECUTION.key())); when(issueFilterDao.selectById(1L)).thenReturn(sharedFilter); try { @@ -462,7 +462,7 @@ public class IssueFilterServiceTest { @Test public void should_delete_shared_filter_if_user_is_admin() { - when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key())); + when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key())); when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("arthur").setShared(true)); service.delete(1L, userSession); @@ -472,7 +472,7 @@ public class IssueFilterServiceTest { @Test public void should_not_delete_not_shared_filter_if_user_is_admin() { - when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key())); + when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.SYSTEM_ADMIN.key())); when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("arthur").setShared(false)); try { @@ -654,7 +654,7 @@ public class IssueFilterServiceTest { @Test public void user_can_share_filter_if_logged_and_own_sharing_permission(){ - when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.DASHBOARD_SHARING.key())); + when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermission.DASHBOARD_SHARING.key())); UserSession userSession = MockUserSession.create().setLogin("john"); assertThat(service.canShareFilter(userSession)).isTrue(); diff --git a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java index 6dd2f92fca6..d76ee375a48 100644 --- a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java +++ b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java @@ -22,17 +22,20 @@ package org.sonar.server.permission; import com.google.common.collect.Lists; import com.google.common.collect.Maps; -import org.apache.commons.lang.ObjectUtils; -import org.hamcrest.BaseMatcher; -import org.hamcrest.Description; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.security.DefaultGroups; -import org.sonar.core.permission.ComponentPermissionFacade; -import org.sonar.core.permission.Permission; -import org.sonar.core.user.*; +import org.sonar.core.permission.GlobalPermission; +import org.sonar.core.permission.PermissionFacade; +import org.sonar.core.resource.ResourceDao; +import org.sonar.core.resource.ResourceDto; +import org.sonar.core.resource.ResourceQuery; +import org.sonar.core.user.GroupDto; +import org.sonar.core.user.RoleDao; +import org.sonar.core.user.UserDao; +import org.sonar.core.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.UnauthorizedException; @@ -40,11 +43,8 @@ import org.sonar.server.user.MockUserSession; import java.util.Map; -import static org.mockito.Matchers.any; -import static org.mockito.Matchers.argThat; +import static org.fest.assertions.Assertions.assertThat; import static org.mockito.Mockito.*; -import static org.sonar.server.permission.InternalPermissionServiceTest.MatchesGroupRole.matchesRole; -import static org.sonar.server.permission.InternalPermissionServiceTest.MatchesUserRole.matchesRole; public class InternalPermissionServiceTest { @@ -55,199 +55,257 @@ public class InternalPermissionServiceTest { private InternalPermissionService service; private RoleDao roleDao; private UserDao userDao; - private ComponentPermissionFacade permissionFacade; + private ResourceDao resourceDao; + private PermissionFacade permissionFacade; @Before public void setUpCommonStubbing() { - MockUserSession.set().setLogin("admin").setPermissions(Permission.SYSTEM_ADMIN); - - UserDto targetedUser = new UserDto().setId(2L).setLogin("user").setActive(true); - GroupDto targetedGroup = new GroupDto().setId(2L).setName("group"); + MockUserSession.set().setLogin("admin").setPermissions(GlobalPermission.SYSTEM_ADMIN); roleDao = mock(RoleDao.class); - userDao = mock(UserDao.class); - when(userDao.selectActiveUserByLogin("user")).thenReturn(targetedUser); - when(userDao.selectGroupByName("group")).thenReturn(targetedGroup); + when(userDao.selectActiveUserByLogin("user")).thenReturn(new UserDto().setId(2L).setLogin("user").setActive(true)); + when(userDao.selectGroupByName("group")).thenReturn(new GroupDto().setId(2L).setName("group")); + + resourceDao = mock(ResourceDao.class); - permissionFacade = mock(ComponentPermissionFacade.class); + permissionFacade = mock(PermissionFacade.class); - service = new InternalPermissionService(roleDao, userDao, permissionFacade); + service = new InternalPermissionService(roleDao, userDao, resourceDao, permissionFacade); } @Test - public void should_add_user_permission() throws Exception { - params = buildPermissionChangeParams("user", null, Permission.DASHBOARD_SHARING); - setUpUserPermissions("user", Permission.QUALITY_PROFILE_ADMIN.key()); - UserRoleDto roleToInsert = new UserRoleDto().setUserId(2L).setRole(Permission.DASHBOARD_SHARING.key()); + public void should_add_global_user_permission() throws Exception { + params = buildPermissionChangeParams("user", null, GlobalPermission.DASHBOARD_SHARING); + setUpUserPermissions("user", GlobalPermission.QUALITY_PROFILE_ADMIN.key()); service.addPermission(params); - verify(roleDao).insertUserRole(argThat(matchesRole(roleToInsert))); + verify(permissionFacade).insertUserPermission(eq((Long) null), eq(2L), eq("shareDashboard")); } @Test - public void should_remove_user_permission() throws Exception { - params = buildPermissionChangeParams("user", null, Permission.QUALITY_PROFILE_ADMIN); - setUpUserPermissions("user", Permission.QUALITY_PROFILE_ADMIN.key()); - UserRoleDto roleToRemove = new UserRoleDto().setUserId(2L).setRole(Permission.QUALITY_PROFILE_ADMIN.key()); + public void should_add_component_user_permission() throws Exception { + when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn( + new ResourceDto().setId(10L).setKey("org.sample.Sample")); - service.removePermission(params); + params = buildPermissionChangeParams("user", null, "org.sample.Sample", "user"); + setUpUserPermissions("user", "codeviewer"); + + service.addPermission(params); - verify(roleDao).deleteUserRole(argThat(matchesRole(roleToRemove))); + verify(permissionFacade).insertUserPermission(eq(10L), eq(2L), eq("user")); } @Test - public void should_add_group_permission() throws Exception { - params = buildPermissionChangeParams(null, "group", Permission.DASHBOARD_SHARING); - setUpGroupPermissions("group", Permission.QUALITY_PROFILE_ADMIN.key()); - GroupRoleDto roleToInsert = new GroupRoleDto().setGroupId(2L).setRole(Permission.DASHBOARD_SHARING.key()); + public void should_remove_global_user_permission() throws Exception { + params = buildPermissionChangeParams("user", null, GlobalPermission.QUALITY_PROFILE_ADMIN); + setUpUserPermissions("user", GlobalPermission.QUALITY_PROFILE_ADMIN.key()); - service.addPermission(params); + service.removePermission(params); - verify(roleDao).insertGroupRole(argThat(matchesRole(roleToInsert))); + verify(permissionFacade).deleteUserPermission(eq((Long) null), eq(2L), eq("profileadmin")); } @Test - public void should_remove_group_permission() throws Exception { - params = buildPermissionChangeParams(null, "group", Permission.QUALITY_PROFILE_ADMIN); - setUpGroupPermissions("group", Permission.QUALITY_PROFILE_ADMIN.key()); - GroupRoleDto roleToRemove = new GroupRoleDto().setGroupId(2L).setRole(Permission.QUALITY_PROFILE_ADMIN.key()); + public void should_remove_component_user_permission() throws Exception { + when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn( + new ResourceDto().setId(10L).setKey("org.sample.Sample")); + + params = buildPermissionChangeParams("user", null, "org.sample.Sample", "codeviewer"); + setUpUserPermissions("user", "codeviewer"); service.removePermission(params); - verify(roleDao).deleteGroupRole(argThat(matchesRole(roleToRemove))); + verify(permissionFacade).deleteUserPermission(eq(10L), eq(2L), eq("codeviewer")); } @Test - public void should_skip_redundant_permission_change() throws Exception { - params = buildPermissionChangeParams("user", null, Permission.QUALITY_PROFILE_ADMIN); - setUpUserPermissions("user", Permission.QUALITY_PROFILE_ADMIN.key()); + public void should_add_global_group_permission() throws Exception { + params = buildPermissionChangeParams(null, "group", GlobalPermission.DASHBOARD_SHARING); + setUpGroupPermissions("group", GlobalPermission.QUALITY_PROFILE_ADMIN.key()); service.addPermission(params); - verify(roleDao, never()).insertUserRole(any(UserRoleDto.class)); + verify(permissionFacade).insertGroupPermission(eq((Long) null), eq(2L), eq("shareDashboard")); } @Test - public void should_fail_on_invalid_request() throws Exception { - throwable.expect(BadRequestException.class); - params = buildPermissionChangeParams("user", "group", Permission.QUALITY_PROFILE_ADMIN); + public void should_add_component_group_permission() throws Exception { + when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn( + new ResourceDto().setId(10L).setKey("org.sample.Sample")); + + params = buildPermissionChangeParams(null, "group", "org.sample.Sample", "user"); + setUpGroupPermissions("group", "codeviewer"); service.addPermission(params); + + verify(permissionFacade).insertGroupPermission(eq(10L), eq(2L), eq("user")); } @Test - public void should_fail_on_insufficient_rights() throws Exception { - throwable.expect(ForbiddenException.class); - params = buildPermissionChangeParams("user", null, Permission.QUALITY_PROFILE_ADMIN); - - MockUserSession.set().setLogin("unauthorized").setPermissions(Permission.QUALITY_PROFILE_ADMIN); + public void should_add_global_permission_to_anyone_group() throws Exception { + params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, GlobalPermission.QUALITY_PROFILE_ADMIN); service.addPermission(params); + + verify(permissionFacade).insertGroupPermission(eq((Long) null), eq((Long) null), eq("profileadmin")); } @Test - public void should_fail_on_anonymous_access() throws Exception { - throwable.expect(UnauthorizedException.class); - params = buildPermissionChangeParams("user", null, Permission.QUALITY_PROFILE_ADMIN); + public void should_add_component_permission_to_anyone_group() throws Exception { + when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn( + new ResourceDto().setId(10L).setKey("org.sample.Sample")); - MockUserSession.set(); + params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, "org.sample.Sample", "user"); service.addPermission(params); + + verify(permissionFacade).insertGroupPermission(eq(10L), eq((Long) null), eq("user")); } @Test - public void should_add_permission_to_anyone_group() throws Exception { - params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, Permission.QUALITY_PROFILE_ADMIN); - GroupRoleDto roleToInsert = new GroupRoleDto().setRole(Permission.QUALITY_PROFILE_ADMIN.key()); + public void should_remove_global_group_permission() throws Exception { + params = buildPermissionChangeParams(null, "group", GlobalPermission.QUALITY_PROFILE_ADMIN); + setUpGroupPermissions("group", GlobalPermission.QUALITY_PROFILE_ADMIN.key()); - service.addPermission(params); + service.removePermission(params); - verify(roleDao).insertGroupRole(argThat(matchesRole(roleToInsert))); + verify(permissionFacade).deleteGroupPermission(eq((Long) null), eq(2L), eq("profileadmin")); } @Test - public void should_remove_permission_from_anyone_group() throws Exception { - params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, Permission.QUALITY_PROFILE_ADMIN); - setUpGroupPermissions(DefaultGroups.ANYONE, Permission.QUALITY_PROFILE_ADMIN.key()); - GroupRoleDto roleToDelete = new GroupRoleDto().setRole(Permission.QUALITY_PROFILE_ADMIN.key()); + public void should_remove_component_group_permission() throws Exception { + when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn( + new ResourceDto().setId(10L).setKey("org.sample.Sample")); + + params = buildPermissionChangeParams(null, "group", "org.sample.Sample", "codeviewer"); + setUpGroupPermissions("group", "codeviewer"); service.removePermission(params); - verify(roleDao).deleteGroupRole(argThat(matchesRole(roleToDelete))); + verify(permissionFacade).deleteGroupPermission(eq(10L), eq(2L), eq("codeviewer")); } @Test - public void should_apply_permission_template() throws Exception { - params = Maps.newHashMap(); - params.put("template_key", "my_template_key"); - params.put("components", "1,2,3"); + public void should_remove_global_permission_from_anyone_group() throws Exception { + params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, GlobalPermission.QUALITY_PROFILE_ADMIN); + setUpGroupPermissions(DefaultGroups.ANYONE, GlobalPermission.QUALITY_PROFILE_ADMIN.key()); - service.applyPermissionTemplate(params); + service.removePermission(params); - verify(permissionFacade).applyPermissionTemplate("my_template_key", 1L); - verify(permissionFacade).applyPermissionTemplate("my_template_key", 2L); - verify(permissionFacade).applyPermissionTemplate("my_template_key", 3L); + verify(permissionFacade).deleteGroupPermission(eq((Long) null), eq((Long) null), eq("profileadmin")); } - protected static class MatchesUserRole extends BaseMatcher<UserRoleDto> { + @Test + public void should_remove_component_permission_from_anyone_group() throws Exception { + when(resourceDao.getResource(any(ResourceQuery.class))).thenReturn( + new ResourceDto().setId(10L).setKey("org.sample.Sample")); - private final UserRoleDto referenceDto; + params = buildPermissionChangeParams(null, DefaultGroups.ANYONE, "org.sample.Sample", "codeviewer"); + setUpGroupPermissions(DefaultGroups.ANYONE, "codeviewer"); - private MatchesUserRole(UserRoleDto referenceDto) { - this.referenceDto = referenceDto; - } + service.removePermission(params); - public static MatchesUserRole matchesRole(UserRoleDto referenceDto) { - return new MatchesUserRole(referenceDto); - } + verify(permissionFacade).deleteGroupPermission(eq(10L), eq((Long) null), eq("codeviewer")); + } - @Override - public boolean matches(Object o) { - if (o != null && o instanceof UserRoleDto) { - UserRoleDto otherDto = (UserRoleDto) o; - return ObjectUtils.equals(referenceDto.getResourceId(), otherDto.getResourceId()) && - ObjectUtils.equals(referenceDto.getRole(), otherDto.getRole()) && - ObjectUtils.equals(referenceDto.getUserId(), otherDto.getUserId()); - } - return false; - } + @Test + public void should_skip_redundant_add_user_permission_change() throws Exception { + params = buildPermissionChangeParams("user", null, GlobalPermission.QUALITY_PROFILE_ADMIN); + setUpUserPermissions("user", GlobalPermission.QUALITY_PROFILE_ADMIN.key()); - @Override - public void describeTo(Description description) { - } + service.addPermission(params); + + verify(permissionFacade, never()).insertUserPermission(anyLong(), anyLong(), anyString()); } - protected static class MatchesGroupRole extends BaseMatcher<GroupRoleDto> { + @Test + public void should_skip_redundant_add_group_permission_change() throws Exception { + params = buildPermissionChangeParams(null, "group", GlobalPermission.QUALITY_PROFILE_ADMIN); + setUpGroupPermissions("group", GlobalPermission.QUALITY_PROFILE_ADMIN.key()); + + service.addPermission(params); - private final GroupRoleDto referenceDto; + verify(permissionFacade, never()).insertGroupPermission(anyLong(), anyLong(), anyString()); + } - private MatchesGroupRole(GroupRoleDto referenceDto) { - this.referenceDto = referenceDto; + @Test + public void should_fail_when_user_and_group_are_provided() throws Exception { + try { + params = buildPermissionChangeParams("user", "group", GlobalPermission.QUALITY_PROFILE_ADMIN); + service.addPermission(params); + } catch (Exception e) { + assertThat(e).isInstanceOf(BadRequestException.class).hasMessage("Only one of user or group parameter should be provided"); } + } - public static MatchesGroupRole matchesRole(GroupRoleDto referenceDto) { - return new MatchesGroupRole(referenceDto); + @Test + public void should_fail_when_user_is_not_found() throws Exception { + try { + when(userDao.selectActiveUserByLogin("user")).thenReturn(null); + params = buildPermissionChangeParams("unknown", null, GlobalPermission.QUALITY_PROFILE_ADMIN); + service.addPermission(params); + } catch (Exception e) { + assertThat(e).isInstanceOf(BadRequestException.class).hasMessage("User unknown does not exist"); } + } - @Override - public boolean matches(Object o) { - if (o != null && o instanceof GroupRoleDto) { - GroupRoleDto otherDto = (GroupRoleDto) o; - return ObjectUtils.equals(referenceDto.getResourceId(), otherDto.getResourceId()) && - ObjectUtils.equals(referenceDto.getRole(), otherDto.getRole()) && - ObjectUtils.equals(referenceDto.getGroupId(), otherDto.getGroupId()); - } - return false; + @Test + public void should_fail_when_group_is_not_found() throws Exception { + try { + params = buildPermissionChangeParams(null, "unknown", GlobalPermission.QUALITY_PROFILE_ADMIN); + service.addPermission(params); + } catch (Exception e) { + assertThat(e).isInstanceOf(BadRequestException.class).hasMessage("Group unknown does not exist"); } + } - @Override - public void describeTo(Description description) { + @Test + public void should_fail_when_component_is_not_found() throws Exception { + try { + params = buildPermissionChangeParams(null, "group", "unknown", "user"); + service.addPermission(params); + } catch (Exception e) { + assertThat(e).isInstanceOf(BadRequestException.class).hasMessage("Component unknown does not exists."); } } - private Map<String, Object> buildPermissionChangeParams(String login, String group, Permission perm) { + @Test + public void should_fail_on_insufficient_rights() throws Exception { + try { + params = buildPermissionChangeParams("user", null, GlobalPermission.QUALITY_PROFILE_ADMIN); + MockUserSession.set().setLogin("unauthorized").setPermissions(GlobalPermission.QUALITY_PROFILE_ADMIN); + service.addPermission(params); + } catch (Exception e) { + assertThat(e).isInstanceOf(ForbiddenException.class).hasMessage("Insufficient privileges"); + } + } + + @Test + public void should_fail_on_anonymous_access() throws Exception { + throwable.expect(UnauthorizedException.class); + params = buildPermissionChangeParams("user", null, GlobalPermission.QUALITY_PROFILE_ADMIN); + + MockUserSession.set(); + + service.addPermission(params); + } + + @Test + public void should_apply_permission_template() throws Exception { + params = Maps.newHashMap(); + params.put("template_key", "my_template_key"); + params.put("components", "1,2,3"); + + service.applyPermissionTemplate(params); + + verify(permissionFacade).applyPermissionTemplate("my_template_key", 1L); + verify(permissionFacade).applyPermissionTemplate("my_template_key", 2L); + verify(permissionFacade).applyPermissionTemplate("my_template_key", 3L); + } + + private Map<String, Object> buildPermissionChangeParams(String login, String group, GlobalPermission perm) { Map<String, Object> params = Maps.newHashMap(); params.put("user", login); params.put("group", group); @@ -255,6 +313,15 @@ public class InternalPermissionServiceTest { return params; } + private Map<String, Object> buildPermissionChangeParams(String login, String group, String component, String perm) { + Map<String, Object> params = Maps.newHashMap(); + params.put("user", login); + params.put("group", group); + params.put("component", component); + params.put("permission", perm); + return params; + } + private void setUpUserPermissions(String login, String... permissions) { when(roleDao.selectUserPermissions(login)).thenReturn(Lists.newArrayList(permissions)); } diff --git a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionTemplateServiceTest.java b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionTemplateServiceTest.java index 9ddc5e31f09..96a831b1259 100644 --- a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionTemplateServiceTest.java +++ b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionTemplateServiceTest.java @@ -46,7 +46,7 @@ public class InternalPermissionTemplateServiceTest { private static final PermissionTemplateDto DEFAULT_TEMPLATE = new PermissionTemplateDto().setId(1L).setName(DEFAULT_NAME).setDescription(DEFAULT_DESC); - private PermissionDao permissionDao; + private PermissionTemplateDao permissionTemplateDao; private UserDao userDao; private InternalPermissionTemplateService permissionTemplateService; @@ -55,15 +55,15 @@ public class InternalPermissionTemplateServiceTest { @Before public void setUp() { - MockUserSession.set().setLogin("admin").setPermissions(Permission.SYSTEM_ADMIN); - permissionDao = mock(PermissionDao.class); + MockUserSession.set().setLogin("admin").setPermissions(GlobalPermission.SYSTEM_ADMIN); + permissionTemplateDao = mock(PermissionTemplateDao.class); userDao = mock(UserDao.class); - permissionTemplateService = new InternalPermissionTemplateService(permissionDao, userDao); + permissionTemplateService = new InternalPermissionTemplateService(permissionTemplateDao, userDao); } @Test public void should_create_permission_template() throws Exception { - when(permissionDao.createPermissionTemplate(DEFAULT_NAME, DEFAULT_DESC)).thenReturn(DEFAULT_TEMPLATE); + when(permissionTemplateDao.createPermissionTemplate(DEFAULT_NAME, DEFAULT_DESC)).thenReturn(DEFAULT_TEMPLATE); PermissionTemplate permissionTemplate = permissionTemplateService.createPermissionTemplate(DEFAULT_NAME, DEFAULT_DESC); @@ -77,7 +77,7 @@ public class InternalPermissionTemplateServiceTest { expected.expect(BadRequestException.class); expected.expectMessage("A template with that name already exists"); - when(permissionDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(DEFAULT_TEMPLATE)); + when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(DEFAULT_TEMPLATE)); permissionTemplateService.createPermissionTemplate(DEFAULT_NAME, DEFAULT_DESC); } @@ -92,27 +92,27 @@ public class InternalPermissionTemplateServiceTest { @Test public void should_delete_permission_template() throws Exception { - when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); + when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); permissionTemplateService.deletePermissionTemplate(1L); - verify(permissionDao, times(1)).deletePermissionTemplate(1L); + verify(permissionTemplateDao, times(1)).deletePermissionTemplate(1L); } @Test public void should_retrieve_permission_template() throws Exception { List<PermissionTemplateUserDto> usersPermissions = Lists.newArrayList( - buildUserPermission("user_scan", Permission.SCAN_EXECUTION.key()), - buildUserPermission("user_dry_run", Permission.DRY_RUN_EXECUTION.key()), - buildUserPermission("user_scan_and_dry_run", Permission.SCAN_EXECUTION.key()), - buildUserPermission("user_scan_and_dry_run", Permission.DRY_RUN_EXECUTION.key()) + buildUserPermission("user_scan", GlobalPermission.SCAN_EXECUTION.key()), + buildUserPermission("user_dry_run", GlobalPermission.DRY_RUN_EXECUTION.key()), + buildUserPermission("user_scan_and_dry_run", GlobalPermission.SCAN_EXECUTION.key()), + buildUserPermission("user_scan_and_dry_run", GlobalPermission.DRY_RUN_EXECUTION.key()) ); List<PermissionTemplateGroupDto> groupsPermissions = Lists.newArrayList( - buildGroupPermission("admin_group", Permission.SYSTEM_ADMIN.key()), - buildGroupPermission("scan_group", Permission.SCAN_EXECUTION.key()), - buildGroupPermission(null, Permission.DRY_RUN_EXECUTION.key()) + buildGroupPermission("admin_group", GlobalPermission.SYSTEM_ADMIN.key()), + buildGroupPermission("scan_group", GlobalPermission.SCAN_EXECUTION.key()), + buildGroupPermission(null, GlobalPermission.DRY_RUN_EXECUTION.key()) ); PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto() @@ -122,16 +122,16 @@ public class InternalPermissionTemplateServiceTest { .setUsersPermissions(usersPermissions) .setGroupsByPermission(groupsPermissions); - when(permissionDao.selectPermissionTemplate("my template")).thenReturn(permissionTemplateDto); + when(permissionTemplateDao.selectPermissionTemplate("my template")).thenReturn(permissionTemplateDto); PermissionTemplate permissionTemplate = permissionTemplateService.selectPermissionTemplate("my template"); - assertThat(permissionTemplate.getUsersForPermission(Permission.DASHBOARD_SHARING.key())).isEmpty(); - assertThat(permissionTemplate.getUsersForPermission(Permission.SCAN_EXECUTION.key())).onProperty("userName").containsOnly("user_scan", "user_scan_and_dry_run"); - assertThat(permissionTemplate.getUsersForPermission(Permission.DRY_RUN_EXECUTION.key())).onProperty("userName").containsOnly("user_dry_run", "user_scan_and_dry_run"); - assertThat(permissionTemplate.getGroupsForPermission(Permission.DASHBOARD_SHARING.key())).isEmpty(); - assertThat(permissionTemplate.getGroupsForPermission(Permission.SCAN_EXECUTION.key())).onProperty("groupName").containsOnly("scan_group"); - assertThat(permissionTemplate.getGroupsForPermission(Permission.SYSTEM_ADMIN.key())).onProperty("groupName").containsOnly("admin_group"); + assertThat(permissionTemplate.getUsersForPermission(GlobalPermission.DASHBOARD_SHARING.key())).isEmpty(); + assertThat(permissionTemplate.getUsersForPermission(GlobalPermission.SCAN_EXECUTION.key())).onProperty("userName").containsOnly("user_scan", "user_scan_and_dry_run"); + assertThat(permissionTemplate.getUsersForPermission(GlobalPermission.DRY_RUN_EXECUTION.key())).onProperty("userName").containsOnly("user_dry_run", "user_scan_and_dry_run"); + assertThat(permissionTemplate.getGroupsForPermission(GlobalPermission.DASHBOARD_SHARING.key())).isEmpty(); + assertThat(permissionTemplate.getGroupsForPermission(GlobalPermission.SCAN_EXECUTION.key())).onProperty("groupName").containsOnly("scan_group"); + assertThat(permissionTemplate.getGroupsForPermission(GlobalPermission.SYSTEM_ADMIN.key())).onProperty("groupName").containsOnly("admin_group"); } @Test @@ -140,7 +140,7 @@ public class InternalPermissionTemplateServiceTest { new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1"); PermissionTemplateDto template2 = new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2"); - when(permissionDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2)); + when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2)); List<PermissionTemplate> templates = permissionTemplateService.selectAllPermissionTemplates(); @@ -155,7 +155,7 @@ public class InternalPermissionTemplateServiceTest { permissionTemplateService.updatePermissionTemplate(1L, "new_name", "new_description"); - verify(permissionDao).updatePermissionTemplate(1L, "new_name", "new_description"); + verify(permissionTemplateDao).updatePermissionTemplate(1L, "new_name", "new_description"); } @Test @@ -167,7 +167,7 @@ public class InternalPermissionTemplateServiceTest { new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1"); PermissionTemplateDto template2 = new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2"); - when(permissionDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2)); + when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2)); permissionTemplateService.updatePermissionTemplate(1L, "template2", "template1"); } @@ -178,22 +178,22 @@ public class InternalPermissionTemplateServiceTest { new PermissionTemplateDto().setId(1L).setName("template1").setDescription("template1"); PermissionTemplateDto template2 = new PermissionTemplateDto().setId(2L).setName("template2").setDescription("template2"); - when(permissionDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2)); + when(permissionTemplateDao.selectAllPermissionTemplates()).thenReturn(Lists.newArrayList(template1, template2)); permissionTemplateService.updatePermissionTemplate(1L, "template1", "new_description"); - verify(permissionDao).updatePermissionTemplate(1L, "template1", "new_description"); + verify(permissionTemplateDao).updatePermissionTemplate(1L, "template1", "new_description"); } @Test public void should_add_user_permission() throws Exception { UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user"); when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto); - when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); + when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); permissionTemplateService.addUserPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "user"); - verify(permissionDao, times(1)).addUserPermission(1L, 1L, DEFAULT_PERMISSION); + verify(permissionTemplateDao, times(1)).addUserPermission(1L, 1L, DEFAULT_PERMISSION); } @Test @@ -201,7 +201,7 @@ public class InternalPermissionTemplateServiceTest { expected.expect(BadRequestException.class); expected.expectMessage("Unknown user:"); - when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); + when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); when(userDao.selectActiveUserByLogin("unknown")).thenReturn(null); permissionTemplateService.addUserPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "unknown"); @@ -211,22 +211,22 @@ public class InternalPermissionTemplateServiceTest { public void should_remove_user_permission() throws Exception { UserDto userDto = new UserDto().setId(1L).setLogin("user").setName("user"); when(userDao.selectActiveUserByLogin("user")).thenReturn(userDto); - when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); + when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); permissionTemplateService.removeUserPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "user"); - verify(permissionDao, times(1)).removeUserPermission(1L, 1L, DEFAULT_PERMISSION); + verify(permissionTemplateDao, times(1)).removeUserPermission(1L, 1L, DEFAULT_PERMISSION); } @Test public void should_add_group_permission() throws Exception { GroupDto groupDto = new GroupDto().setId(1L).setName("group"); when(userDao.selectGroupByName("group")).thenReturn(groupDto); - when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); + when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); permissionTemplateService.addGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "group"); - verify(permissionDao, times(1)).addGroupPermission(1L, 1L, DEFAULT_PERMISSION); + verify(permissionTemplateDao, times(1)).addGroupPermission(1L, 1L, DEFAULT_PERMISSION); } @Test @@ -234,7 +234,7 @@ public class InternalPermissionTemplateServiceTest { expected.expect(BadRequestException.class); expected.expectMessage("Unknown group:"); - when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); + when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); when(userDao.selectGroupByName("unknown")).thenReturn(null); permissionTemplateService.addGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "unknown"); @@ -244,30 +244,30 @@ public class InternalPermissionTemplateServiceTest { public void should_remove_group_permission() throws Exception { GroupDto groupDto = new GroupDto().setId(1L).setName("group"); when(userDao.selectGroupByName("group")).thenReturn(groupDto); - when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); + when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); permissionTemplateService.removeGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "group"); - verify(permissionDao, times(1)).removeGroupPermission(1L, 1L, DEFAULT_PERMISSION); + verify(permissionTemplateDao, times(1)).removeGroupPermission(1L, 1L, DEFAULT_PERMISSION); } @Test public void should_add_permission_to_anyone_group() throws Exception { - when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); + when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); permissionTemplateService.addGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "Anyone"); - verify(permissionDao).addGroupPermission(1L, null, DEFAULT_PERMISSION); + verify(permissionTemplateDao).addGroupPermission(1L, null, DEFAULT_PERMISSION); verifyZeroInteractions(userDao); } @Test public void should_remove_permission_from_anyone_group() throws Exception { - when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); + when(permissionTemplateDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE); permissionTemplateService.removeGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "Anyone"); - verify(permissionDao).removeGroupPermission(1L, null, DEFAULT_PERMISSION); + verify(permissionTemplateDao).removeGroupPermission(1L, null, DEFAULT_PERMISSION); verifyZeroInteractions(userDao); } diff --git a/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java b/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java index 02f98978fc4..409a9148477 100644 --- a/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java +++ b/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeQueryTest.java @@ -24,7 +24,7 @@ import com.google.common.collect.Maps; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; -import org.sonar.core.permission.Permission; +import org.sonar.core.permission.GlobalPermission; import org.sonar.server.exceptions.BadRequestException; import java.util.Map; @@ -37,49 +37,47 @@ public class PermissionChangeQueryTest { public ExpectedException thrown = ExpectedException.none(); @Test - public void should_populate_from_params() throws Exception { - + public void populate_from_params() throws Exception { Map<String, Object> params = Maps.newHashMap(); params.put("user", "my_login"); params.put("group", "my_group"); - params.put("permission", Permission.SYSTEM_ADMIN.key()); + params.put("component", "org.sample.Sample"); + params.put("permission", GlobalPermission.SYSTEM_ADMIN.key()); PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(params); - assertThat(query.getUser()).isEqualTo("my_login"); - assertThat(query.getGroup()).isEqualTo("my_group"); - assertThat(query.getRole()).isEqualTo(Permission.SYSTEM_ADMIN.key()); + assertThat(query.user()).isEqualTo("my_login"); + assertThat(query.group()).isEqualTo("my_group"); + assertThat(query.component()).isEqualTo("org.sample.Sample"); + assertThat(query.permission()).isEqualTo(GlobalPermission.SYSTEM_ADMIN.key()); } @Test - public void should_validate_user_query() throws Exception { - + public void validate_user_query() throws Exception { Map<String, Object> validUserParams = Maps.newHashMap(); validUserParams.put("user", "my_login"); - validUserParams.put("permission", Permission.SYSTEM_ADMIN.key()); + validUserParams.put("permission", GlobalPermission.SYSTEM_ADMIN.key()); PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(validUserParams); query.validate(); } @Test - public void should_validate_group_query() throws Exception { - + public void validate_group_query() throws Exception { Map<String, Object> validGroupParams = Maps.newHashMap(); validGroupParams.put("group", "my_group"); - validGroupParams.put("permission", Permission.SYSTEM_ADMIN.key()); + validGroupParams.put("permission", GlobalPermission.SYSTEM_ADMIN.key()); PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(validGroupParams); query.validate(); } @Test - public void should_reject_inconsistent_query() throws Exception { - + public void reject_inconsistent_query() throws Exception { Map<String, Object> inconsistentParams = Maps.newHashMap(); inconsistentParams.put("user", "my_login"); inconsistentParams.put("group", "my_group"); - inconsistentParams.put("permission", Permission.SYSTEM_ADMIN.key()); + inconsistentParams.put("permission", GlobalPermission.SYSTEM_ADMIN.key()); PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(inconsistentParams); @@ -89,7 +87,7 @@ public class PermissionChangeQueryTest { } @Test - public void should_detect_missing_user_or_group() throws Exception { + public void detect_missing_user_or_group() throws Exception { Map<String, Object> inconsistentParams = Maps.newHashMap(); inconsistentParams.put("permission", "admin"); @@ -101,7 +99,7 @@ public class PermissionChangeQueryTest { } @Test - public void should_detect_missing_permission() throws Exception { + public void detect_missing_permission() throws Exception { Map<String, Object> inconsistentParams = Maps.newHashMap(); inconsistentParams.put("user", "my_login"); @@ -113,15 +111,29 @@ public class PermissionChangeQueryTest { } @Test - public void should_validate_permission_reference() throws Exception { + public void validate_global_permission_reference() throws Exception { + Map<String, Object> inconsistentParams = Maps.newHashMap(); + inconsistentParams.put("user", "my_login"); + inconsistentParams.put("permission", "invalid"); + + PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(inconsistentParams); + + thrown.expect(BadRequestException.class); + thrown.expectMessage("Invalid permission key invalid. Valid ones are : [admin, profileadmin, shareDashboard, scan, dryRunScan]"); + query.validate(); + } + + @Test + public void validate_component_permission_reference() throws Exception { Map<String, Object> inconsistentParams = Maps.newHashMap(); inconsistentParams.put("user", "my_login"); - inconsistentParams.put("permission", "invalid_role"); + inconsistentParams.put("component", "org.sample.Sample"); + inconsistentParams.put("permission", "invalid"); PermissionChangeQuery query = PermissionChangeQuery.buildFromParams(inconsistentParams); thrown.expect(BadRequestException.class); - thrown.expectMessage("Invalid permission key invalid_role"); + thrown.expectMessage("Invalid permission key invalid. Valid ones are : [admin, codeviewer, user]"); query.validate(); } } diff --git a/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateUpdaterTest.java b/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateUpdaterTest.java index 8a70b2f8c27..d0598375385 100644 --- a/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateUpdaterTest.java +++ b/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateUpdaterTest.java @@ -25,8 +25,8 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.Permission; -import org.sonar.core.permission.PermissionDao; +import org.sonar.core.permission.GlobalPermission; +import org.sonar.core.permission.PermissionTemplateDao; import org.sonar.core.permission.PermissionTemplateDto; import org.sonar.core.user.GroupDto; import org.sonar.core.user.UserDao; @@ -50,7 +50,7 @@ public class PermissionTemplateUpdaterTest { @Before public void setUpCommonMocks() { - MockUserSession.set().setLogin("admin").setPermissions(Permission.SYSTEM_ADMIN); + MockUserSession.set().setLogin("admin").setPermissions(GlobalPermission.SYSTEM_ADMIN); userDao = mock(UserDao.class); stub(userDao.selectActiveUserByLogin("user")).toReturn(DEFAULT_USER); stub(userDao.selectGroupByName("group")).toReturn(DEFAULT_GROUP); @@ -59,19 +59,19 @@ public class PermissionTemplateUpdaterTest { @Test public void should_execute_on_valid_parameters() throws Exception { - final PermissionDao permissionDao = mock(PermissionDao.class); - when(permissionDao.selectTemplateByName("my template")).thenReturn(new PermissionTemplateDto().setId(1L)); + final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class); + when(permissionTemplateDao.selectTemplateByName("my template")).thenReturn(new PermissionTemplateDto().setId(1L)); PermissionTemplateUpdater updater = - new PermissionTemplateUpdater("my template", UserRole.USER, "user", permissionDao, userDao) { + new PermissionTemplateUpdater("my template", UserRole.USER, "user", permissionTemplateDao, userDao) { @Override void doExecute(Long templateId, String permission) { - permissionDao.addUserPermission(1L, 1L, UserRole.USER); + permissionTemplateDao.addUserPermission(1L, 1L, UserRole.USER); } }; updater.executeUpdate(); - verify(permissionDao, times(1)).addUserPermission(1L, 1L, UserRole.USER); + verify(permissionTemplateDao, times(1)).addUserPermission(1L, 1L, UserRole.USER); } @Test @@ -79,11 +79,11 @@ public class PermissionTemplateUpdaterTest { expected.expect(BadRequestException.class); expected.expectMessage("Unknown template:"); - final PermissionDao permissionDao = mock(PermissionDao.class); - when(permissionDao.selectTemplateByName("my template")).thenReturn(null); + final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class); + when(permissionTemplateDao.selectTemplateByName("my template")).thenReturn(null); PermissionTemplateUpdater updater = - new PermissionTemplateUpdater("my template", UserRole.USER, "user", permissionDao, userDao) { + new PermissionTemplateUpdater("my template", UserRole.USER, "user", permissionTemplateDao, userDao) { @Override void doExecute(Long templateId, String permission) { } @@ -96,11 +96,11 @@ public class PermissionTemplateUpdaterTest { expected.expect(BadRequestException.class); expected.expectMessage("Invalid permission:"); - final PermissionDao permissionDao = mock(PermissionDao.class); - when(permissionDao.selectTemplateByName("my template")).thenReturn(new PermissionTemplateDto().setId(1L)); + final PermissionTemplateDao permissionTemplateDao = mock(PermissionTemplateDao.class); + when(permissionTemplateDao.selectTemplateByName("my template")).thenReturn(new PermissionTemplateDto().setId(1L)); PermissionTemplateUpdater updater = - new PermissionTemplateUpdater("my template", "invalid", "user", permissionDao, userDao) { + new PermissionTemplateUpdater("my template", "invalid", "user", permissionTemplateDao, userDao) { @Override void doExecute(Long templateId, String permission) { } @@ -128,7 +128,7 @@ public class PermissionTemplateUpdaterTest { expected.expect(ForbiddenException.class); expected.expectMessage("Insufficient privileges"); - MockUserSession.set().setLogin("user").setPermissions(Permission.SCAN_EXECUTION); + MockUserSession.set().setLogin("user").setPermissions(GlobalPermission.SCAN_EXECUTION); PermissionTemplateUpdater updater = new PermissionTemplateUpdater(null, null, null, null, null) { @Override diff --git a/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java b/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java index 3e23d2731ae..8a70eaa162b 100644 --- a/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java +++ b/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java @@ -26,7 +26,7 @@ import org.junit.Before; import org.junit.Test; import org.sonar.api.security.DefaultGroups; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.PermissionDao; +import org.sonar.core.permission.PermissionTemplateDao; import org.sonar.core.permission.PermissionTemplateDto; import org.sonar.core.template.LoadedTemplateDao; import org.sonar.core.template.LoadedTemplateDto; @@ -41,14 +41,14 @@ public class RegisterPermissionTemplatesTest { private PersistentSettings settings; private LoadedTemplateDao loadedTemplateDao; - private PermissionDao permissionDao; + private PermissionTemplateDao permissionTemplateDao; private UserDao userDao; @Before public void setUp() { settings = mock(PersistentSettings.class); loadedTemplateDao = mock(LoadedTemplateDao.class); - permissionDao = mock(PermissionDao.class); + permissionTemplateDao = mock(PermissionTemplateDao.class); userDao = mock(UserDao.class); } @@ -60,20 +60,20 @@ public class RegisterPermissionTemplatesTest { when(loadedTemplateDao.countByTypeAndKey(LoadedTemplateDto.PERMISSION_TEMPLATE_TYPE, PermissionTemplateDto.DEFAULT.getKee())) .thenReturn(0); - when(permissionDao.createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), PermissionTemplateDto.DEFAULT.getDescription())) + when(permissionTemplateDao.createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), PermissionTemplateDto.DEFAULT.getDescription())) .thenReturn(permissionTemplate); when(userDao.selectGroupByName(DefaultGroups.ADMINISTRATORS)).thenReturn(new GroupDto().setId(1L)); when(userDao.selectGroupByName(DefaultGroups.USERS)).thenReturn(new GroupDto().setId(2L)); - RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionDao, userDao, settings); + RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionTemplateDao, userDao, settings); initializer.start(); verify(loadedTemplateDao).insert(argThat(Matches.template(expectedTemplate))); - verify(permissionDao).createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), PermissionTemplateDto.DEFAULT.getDescription()); - verify(permissionDao).addGroupPermission(1L, 1L, UserRole.ADMIN); - verify(permissionDao).addGroupPermission(1L, null, UserRole.USER); - verify(permissionDao).addGroupPermission(1L, null, UserRole.CODEVIEWER); - verifyNoMoreInteractions(permissionDao); + verify(permissionTemplateDao).createPermissionTemplate(PermissionTemplateDto.DEFAULT.getName(), PermissionTemplateDto.DEFAULT.getDescription()); + verify(permissionTemplateDao).addGroupPermission(1L, 1L, UserRole.ADMIN); + verify(permissionTemplateDao).addGroupPermission(1L, null, UserRole.USER); + verify(permissionTemplateDao).addGroupPermission(1L, null, UserRole.CODEVIEWER); + verifyNoMoreInteractions(permissionTemplateDao); verify(settings).saveProperty(RegisterPermissionTemplates.DEFAULT_TEMPLATE_PROPERTY, PermissionTemplateDto.DEFAULT.getKee()); } @@ -82,10 +82,10 @@ public class RegisterPermissionTemplatesTest { when(loadedTemplateDao.countByTypeAndKey(LoadedTemplateDto.PERMISSION_TEMPLATE_TYPE, PermissionTemplateDto.DEFAULT.getKee())) .thenReturn(1); - RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionDao, userDao, settings); + RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionTemplateDao, userDao, settings); initializer.start(); - verifyZeroInteractions(permissionDao, settings); + verifyZeroInteractions(permissionTemplateDao, settings); verify(loadedTemplateDao, never()).insert(any(LoadedTemplateDto.class)); } @@ -96,12 +96,12 @@ public class RegisterPermissionTemplatesTest { LoadedTemplateDto expectedTemplate = new LoadedTemplateDto().setKey(PermissionTemplateDto.DEFAULT.getKee()) .setType(LoadedTemplateDto.PERMISSION_TEMPLATE_TYPE); - RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionDao, userDao, settings); + RegisterPermissionTemplates initializer = new RegisterPermissionTemplates(loadedTemplateDao, permissionTemplateDao, userDao, settings); initializer.start(); verify(loadedTemplateDao).insert(argThat(Matches.template(expectedTemplate))); verify(settings).saveProperty(RegisterPermissionTemplates.DEFAULT_TEMPLATE_PROPERTY, "my_projects_template"); - verifyZeroInteractions(permissionDao); + verifyZeroInteractions(permissionTemplateDao); } private static class Matches extends BaseMatcher<LoadedTemplateDto> { diff --git a/sonar-server/src/test/java/org/sonar/server/user/DefaultUserServiceTest.java b/sonar-server/src/test/java/org/sonar/server/user/DefaultUserServiceTest.java index df0e60b63cd..ec6054c43e6 100644 --- a/sonar-server/src/test/java/org/sonar/server/user/DefaultUserServiceTest.java +++ b/sonar-server/src/test/java/org/sonar/server/user/DefaultUserServiceTest.java @@ -27,7 +27,7 @@ import org.junit.rules.ExpectedException; import org.mockito.ArgumentMatcher; import org.sonar.api.user.UserFinder; import org.sonar.api.user.UserQuery; -import org.sonar.core.permission.Permission; +import org.sonar.core.permission.GlobalPermission; import org.sonar.core.user.UserDao; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; @@ -81,7 +81,7 @@ public class DefaultUserServiceTest { @Test public void self_deactivation_is_not_possible() throws Exception { try { - MockUserSession.set().setLogin("simon").setPermissions(Permission.SYSTEM_ADMIN); + MockUserSession.set().setLogin("simon").setPermissions(GlobalPermission.SYSTEM_ADMIN); service.deactivate("simon"); fail(); } catch (BadRequestException e) { @@ -93,7 +93,7 @@ public class DefaultUserServiceTest { @Test public void user_deactivation_requires_admin_permission() throws Exception { try { - MockUserSession.set().setLogin("simon").setPermissions(Permission.QUALITY_PROFILE_ADMIN); + MockUserSession.set().setLogin("simon").setPermissions(GlobalPermission.QUALITY_PROFILE_ADMIN); service.deactivate("julien"); fail(); } catch (ForbiddenException e) { @@ -103,14 +103,14 @@ public class DefaultUserServiceTest { @Test public void deactivate_user() throws Exception { - MockUserSession.set().setLogin("simon").setPermissions(Permission.SYSTEM_ADMIN); + MockUserSession.set().setLogin("simon").setPermissions(GlobalPermission.SYSTEM_ADMIN); service.deactivate("julien"); verify(dao).deactivateUserByLogin("julien"); } @Test public void fail_to_deactivate_when_blank_login() throws Exception { - MockUserSession.set().setLogin("simon").setPermissions(Permission.SYSTEM_ADMIN); + MockUserSession.set().setLogin("simon").setPermissions(GlobalPermission.SYSTEM_ADMIN); try { service.deactivate(""); fail(); diff --git a/sonar-server/src/test/java/org/sonar/server/user/MockUserSession.java b/sonar-server/src/test/java/org/sonar/server/user/MockUserSession.java index 7e38dfe808c..8f9878ac200 100644 --- a/sonar-server/src/test/java/org/sonar/server/user/MockUserSession.java +++ b/sonar-server/src/test/java/org/sonar/server/user/MockUserSession.java @@ -19,9 +19,10 @@ */ package org.sonar.server.user; -import org.sonar.core.permission.Permission; +import org.sonar.core.permission.GlobalPermission; import javax.annotation.Nullable; + import java.util.Arrays; import java.util.Collections; import java.util.Locale; @@ -29,7 +30,7 @@ import java.util.Locale; public class MockUserSession extends UserSession { private MockUserSession() { - permissions = Collections.emptyList(); + globalPermissions = Collections.emptyList(); } public static MockUserSession set() { @@ -57,8 +58,8 @@ public class MockUserSession extends UserSession { return this; } - public MockUserSession setPermissions(Permission... perm) { - permissions = Arrays.asList(perm); + public MockUserSession setPermissions(GlobalPermission... perm) { + globalPermissions = Arrays.asList(perm); return this; } } diff --git a/sonar-server/src/test/java/org/sonar/server/user/UserSessionTest.java b/sonar-server/src/test/java/org/sonar/server/user/UserSessionTest.java index dcbfe23735a..9900f112e02 100644 --- a/sonar-server/src/test/java/org/sonar/server/user/UserSessionTest.java +++ b/sonar-server/src/test/java/org/sonar/server/user/UserSessionTest.java @@ -20,7 +20,7 @@ package org.sonar.server.user; import org.junit.Test; -import org.sonar.core.permission.Permission; +import org.sonar.core.permission.GlobalPermission; import org.sonar.core.user.AuthorizationDao; import org.sonar.server.exceptions.ForbiddenException; @@ -65,9 +65,9 @@ public class UserSessionTest { when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); - assertThat(session.hasGlobalPermission(Permission.QUALITY_PROFILE_ADMIN)).isTrue(); - assertThat(session.hasGlobalPermission(Permission.SYSTEM_ADMIN)).isTrue(); - assertThat(session.hasGlobalPermission(Permission.DASHBOARD_SHARING)).isFalse(); + assertThat(session.hasGlobalPermission(GlobalPermission.QUALITY_PROFILE_ADMIN)).isTrue(); + assertThat(session.hasGlobalPermission(GlobalPermission.SYSTEM_ADMIN)).isTrue(); + assertThat(session.hasGlobalPermission(GlobalPermission.DASHBOARD_SHARING)).isFalse(); } @Test @@ -84,7 +84,7 @@ public class UserSessionTest { when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); - session.checkGlobalPermission(Permission.QUALITY_PROFILE_ADMIN); + session.checkGlobalPermission(GlobalPermission.QUALITY_PROFILE_ADMIN); } @Test(expected = ForbiddenException.class) @@ -94,7 +94,7 @@ public class UserSessionTest { when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin")); - session.checkGlobalPermission(Permission.DASHBOARD_SHARING); + session.checkGlobalPermission(GlobalPermission.DASHBOARD_SHARING); } static class SpyUserSession extends UserSession { diff --git a/sonar-ws-client/src/main/java/org/sonar/wsclient/permissions/PermissionParameters.java b/sonar-ws-client/src/main/java/org/sonar/wsclient/permissions/PermissionParameters.java index 1cdd4dc4240..422235e8545 100644 --- a/sonar-ws-client/src/main/java/org/sonar/wsclient/permissions/PermissionParameters.java +++ b/sonar-ws-client/src/main/java/org/sonar/wsclient/permissions/PermissionParameters.java @@ -45,6 +45,11 @@ public class PermissionParameters { return this; } + public PermissionParameters component(String component) { + params.put("component", component); + return this; + } + public PermissionParameters permission(String permission) { params.put("permission", permission); return this; diff --git a/sonar-ws-client/src/test/java/org/sonar/wsclient/permissions/DefaultPermissionClientTest.java b/sonar-ws-client/src/test/java/org/sonar/wsclient/permissions/DefaultPermissionClientTest.java index cfff8516dde..83d429e8b73 100644 --- a/sonar-ws-client/src/test/java/org/sonar/wsclient/permissions/DefaultPermissionClientTest.java +++ b/sonar-ws-client/src/test/java/org/sonar/wsclient/permissions/DefaultPermissionClientTest.java @@ -45,7 +45,7 @@ public class DefaultPermissionClientTest { } @Test - public void should_add_user_permission() { + public void should_add_global_user_permission() { httpServer.stubStatusCode(200); PermissionParameters params = PermissionParameters.create().user("daveloper").permission("admin"); @@ -59,7 +59,22 @@ public class DefaultPermissionClientTest { } @Test - public void should_add_group_permission() { + public void should_add_component_user_permission() { + httpServer.stubStatusCode(200); + + PermissionParameters params = PermissionParameters.create().user("daveloper").component("org.sample.Sample").permission("admin"); + client.addPermission(params); + + assertThat(httpServer.requestedPath()).isEqualTo("/api/permissions/add"); + assertThat(httpServer.requestParams()).includes( + entry("user", "daveloper"), + entry("component", "org.sample.Sample"), + entry("permission", "admin") + ); + } + + @Test + public void should_add_global_group_permission() { httpServer.stubStatusCode(200); PermissionParameters params = PermissionParameters.create().group("my_group").permission("admin"); @@ -73,7 +88,22 @@ public class DefaultPermissionClientTest { } @Test - public void should_remove_user_permission() { + public void should_add_component_group_permission() { + httpServer.stubStatusCode(200); + + PermissionParameters params = PermissionParameters.create().group("my_group").component("org.sample.Sample").permission("admin"); + client.addPermission(params); + + assertThat(httpServer.requestedPath()).isEqualTo("/api/permissions/add"); + assertThat(httpServer.requestParams()).includes( + entry("group", "my_group"), + entry("component", "org.sample.Sample"), + entry("permission", "admin") + ); + } + + @Test + public void should_remove_global_user_permission() { httpServer.stubStatusCode(200); PermissionParameters params = PermissionParameters.create().user("daveloper").permission("admin"); @@ -87,7 +117,22 @@ public class DefaultPermissionClientTest { } @Test - public void should_remove_group_permission() { + public void should_remove_component_user_permission() { + httpServer.stubStatusCode(200); + + PermissionParameters params = PermissionParameters.create().user("daveloper").component("org.sample.Sample").permission("admin"); + client.removePermission(params); + + assertThat(httpServer.requestedPath()).isEqualTo("/api/permissions/remove"); + assertThat(httpServer.requestParams()).includes( + entry("user", "daveloper"), + entry("component", "org.sample.Sample"), + entry("permission", "admin") + ); + } + + @Test + public void should_remove_global_group_permission() { httpServer.stubStatusCode(200); PermissionParameters params = PermissionParameters.create().group("my_group").permission("admin"); @@ -99,4 +144,19 @@ public class DefaultPermissionClientTest { entry("permission", "admin") ); } + + @Test + public void should_remove_component_group_permission() { + httpServer.stubStatusCode(200); + + PermissionParameters params = PermissionParameters.create().group("my_group").component("org.sample.Sample").permission("admin"); + client.removePermission(params); + + assertThat(httpServer.requestedPath()).isEqualTo("/api/permissions/remove"); + assertThat(httpServer.requestParams()).includes( + entry("group", "my_group"), + entry("component", "org.sample.Sample"), + entry("permission", "admin") + ); + } } |