SONAR-8716 fix check of permissions in api/quality_gates

author: Simon Brandhof <simon.brandhof@sonarsource.com> 2017-02-02 10:11:10 +0100
committer: Simon Brandhof <simon.brandhof@sonarsource.com> 2017-02-07 14:20:10 +0100
commit: 0d6d15e60f0404e39046a1ae1d4f736d4a8ce684 (patch)
tree: e377f02a2bb10e495c4f0386c6f29a90d50f666b
parent: 2059b82a7cf5901feb762228feae95dbb5a3c567 (diff)
download: sonarqube-0d6d15e60f0404e39046a1ae1d4f736d4a8ce684.tar.gz
sonarqube-0d6d15e60f0404e39046a1ae1d4f736d4a8ce684.zip
10 files changed, 110 insertions, 264 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java
index fcaa6e38ae1..2439d41781c 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QualityGates.java
@@ -27,11 +27,9 @@ import org.apache.commons.lang.StringUtils;
 import org.sonar.api.measures.Metric;
 import org.sonar.api.measures.MetricFinder;
 import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.MyBatis;
-import org.sonar.db.component.ComponentDao;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.property.PropertiesDao;
 import org.sonar.db.property.PropertyDto;
@@ -41,12 +39,14 @@ import org.sonar.db.qualitygate.QualityGateDao;
 import org.sonar.db.qualitygate.QualityGateDto;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.Errors;
-import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.Message;
 import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.user.UserSession;
 import org.sonar.server.util.Validation;
 
+import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
+import static org.sonar.server.user.AbstractUserSession.insufficientPrivilegesException;
+
 /**
  * Methods from this class should be moved to {@link QualityGateUpdater} and to new classes QualityGateFinder / QualityGateConditionsUpdater / etc.
  * in order to have classes with clearer responsibilities and more easily testable (without having to use too much mocks)
@@ -60,7 +60,6 @@ public class QualityGates {
   private final QualityGateConditionDao conditionDao;
   private final MetricFinder metricFinder;
   private final PropertiesDao propertiesDao;
-  private final ComponentDao componentDao;
   private final UserSession userSession;
 
   public QualityGates(DbClient dbClient, MetricFinder metricFinder, UserSession userSession) {
@@ -69,7 +68,6 @@ public class QualityGates {
     this.conditionDao = dbClient.gateConditionDao();
     this.metricFinder = metricFinder;
     this.propertiesDao = dbClient.propertiesDao();
-    this.componentDao = dbClient.componentDao();
     this.userSession = userSession;
   }
 
@@ -82,7 +80,7 @@ public class QualityGates {
   }
 
   public QualityGateDto rename(long idToRename, String name) {
-    checkPermission();
+    checkRoot();
     QualityGateDto toRename = getNonNullQgate(idToRename);
     validateQualityGate(idToRename, name);
     toRename.setName(name);
@@ -91,7 +89,7 @@ public class QualityGates {
   }
 
   public QualityGateDto copy(long sourceId, String destinationName) {
-    checkPermission();
+    checkRoot();
     getNonNullQgate(sourceId);
     validateQualityGate(null, destinationName);
     QualityGateDto destinationGate = new QualityGateDto().setName(destinationName);
@@ -116,7 +114,7 @@ public class QualityGates {
   }
 
   public void delete(long idToDelete) {
-    checkPermission();
+    checkRoot();
     QualityGateDto qGate = getNonNullQgate(idToDelete);
     DbSession session = dbClient.openSession(false);
     try {
@@ -132,7 +130,7 @@ public class QualityGates {
   }
 
   public void setDefault(DbSession dbSession, @Nullable Long idToUseAsDefault) {
-    checkPermission();
+    checkRoot();
     if (idToUseAsDefault == null) {
       propertiesDao.deleteGlobalProperty(SONAR_QUALITYGATE_PROPERTY, dbSession);
     } else {
@@ -174,30 +172,15 @@ public class QualityGates {
   }
 
   public void deleteCondition(Long condId) {
-    checkPermission();
+    checkRoot();
     conditionDao.delete(getNonNullCondition(condId));
   }
 
-  public void associateProject(Long qGateId, Long projectId) {
-    DbSession session = dbClient.openSession(false);
-    try {
-      getNonNullQgate(qGateId);
-      checkPermission(projectId, session);
-      propertiesDao.saveProperty(new PropertyDto().setKey(SONAR_QUALITYGATE_PROPERTY).setResourceId(projectId).setValue(qGateId.toString()));
-    } finally {
-      MyBatis.closeQuietly(session);
-    }
-  }
-
-  public void dissociateProject(Long qGateId, Long projectId) {
-    DbSession session = dbClient.openSession(false);
-    try {
-      getNonNullQgate(qGateId);
-      checkPermission(projectId, session);
-      propertiesDao.deleteProjectProperty(SONAR_QUALITYGATE_PROPERTY, projectId);
-    } finally {
-      MyBatis.closeQuietly(session);
-    }
+  public void dissociateProject(DbSession dbSession, Long qGateId, ComponentDto project) {
+    getNonNullQgate(qGateId);
+    checkProjectAdmin(project);
+    propertiesDao.deleteProjectProperty(SONAR_QUALITYGATE_PROPERTY, project.getId(), dbSession);
+    dbSession.commit();
   }
 
   private boolean isDefault(QualityGateDto qGate) {
@@ -208,17 +191,13 @@ public class QualityGates {
     PropertyDto defaultQgate = propertiesDao.selectGlobalProperty(SONAR_QUALITYGATE_PROPERTY);
     if (defaultQgate == null || StringUtils.isBlank(defaultQgate.getValue())) {
       return null;
-    } else {
-      return Long.valueOf(defaultQgate.getValue());
     }
+    return Long.valueOf(defaultQgate.getValue());
   }
 
   private QualityGateDto getNonNullQgate(long id) {
-    DbSession dbSession = dbClient.openSession(false);
-    try {
+    try (DbSession dbSession = dbClient.openSession(false)) {
       return getNonNullQgate(dbSession, id);
-    } finally {
-      dbClient.closeSession(dbSession);
     }
   }
 
@@ -264,15 +243,14 @@ public class QualityGates {
     errors.check(isModifyingCurrentQgate || existingQgate == null, Validation.IS_ALREADY_USED_MESSAGE, "Name");
   }
 
-  private void checkPermission() {
-    userSession.checkPermission(GlobalPermissions.QUALITY_GATE_ADMIN);
+  private void checkRoot() {
+    userSession.checkIsRoot();
   }
 
-  private void checkPermission(Long projectId, DbSession session) {
-    ComponentDto project = componentDao.selectOrFailById(session, projectId);
-    if (!userSession.hasPermission(GlobalPermissions.QUALITY_GATE_ADMIN)
+  private void checkProjectAdmin(ComponentDto project) {
+    if (!userSession.hasOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN)
       && !userSession.hasComponentPermission(UserRole.ADMIN, project)) {
-      throw new ForbiddenException("Insufficient privileges");
+      throw insufficientPrivilegesException();
     }
   }
 }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java
index 90dc4c66cfb..262d028bbaf 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/AppAction.java
@@ -27,6 +27,7 @@ import org.sonar.api.server.ws.WebService;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.metric.MetricDto;
+import org.sonar.server.organization.DefaultOrganizationProvider;
 import org.sonar.server.user.UserSession;
 import org.sonarqube.ws.WsQualityGates.AppWsResponse.Metric;
 
@@ -41,10 +42,12 @@ public class AppAction implements QualityGatesWsAction {
 
   private final UserSession userSession;
   private final DbClient dbClient;
+  private final DefaultOrganizationProvider defaultOrganizationProvider;
 
-  public AppAction(UserSession userSession, DbClient dbClient) {
+  public AppAction(UserSession userSession, DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) {
     this.userSession = userSession;
     this.dbClient = dbClient;
+    this.defaultOrganizationProvider = defaultOrganizationProvider;
   }
 
   @Override
@@ -60,7 +63,7 @@ public class AppAction implements QualityGatesWsAction {
   @Override
   public void handle(Request request, Response response) {
     writeProtobuf(AppWsResponse.newBuilder()
-      .setEdit(userSession.hasPermission(QUALITY_GATE_ADMIN))
+      .setEdit(userSession.hasOrganizationPermission(defaultOrganizationProvider.get().getUuid(), QUALITY_GATE_ADMIN))
       .addAllMetrics(loadMetrics()
         .stream()
         .map(AppAction::toMetric)
diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java
index b90315ff228..572217a2da5 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/DeselectAction.java
@@ -73,19 +73,16 @@ public class DeselectAction implements QualityGatesWsAction {
 
   @Override
   public void handle(Request request, Response response) {
-    ComponentDto project = getProject(request.param(PARAM_PROJECT_ID), request.param(PARAM_PROJECT_KEY));
-    qualityGates.dissociateProject(QualityGatesWs.parseId(request, QualityGatesWsParameters.PARAM_GATE_ID), project.getId());
-    response.noContent();
+    try (DbSession dbSession = dbClient.openSession(false)) {
+      ComponentDto project = getProject(dbSession, request.param(PARAM_PROJECT_ID), request.param(PARAM_PROJECT_KEY));
+      qualityGates.dissociateProject(dbSession, QualityGatesWs.parseId(request, QualityGatesWsParameters.PARAM_GATE_ID), project);
+      response.noContent();
+    }
   }
 
-  private ComponentDto getProject(@Nullable String projectId, @Nullable String projectKey) {
-    DbSession dbSession = dbClient.openSession(false);
-    try {
-      return selectProjectById(dbSession, projectId)
+  private ComponentDto getProject(DbSession dbSession, @Nullable String projectId, @Nullable String projectKey) {
+    return selectProjectById(dbSession, projectId)
         .or(() -> componentFinder.getByUuidOrKey(dbSession, projectId, projectKey, ComponentFinder.ParamNames.PROJECT_ID_AND_KEY));
-    } finally {
-      dbClient.closeSession(dbSession);
-    }
   }
 
   private Optional<ComponentDto> selectProjectById(DbSession dbSession, @Nullable String projectId) {
diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java
index b44cdc1f5fb..8f6dea62a8c 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/SelectAction.java
@@ -91,8 +91,7 @@ public class SelectAction implements QualityGatesWsAction {
   }
 
   private void doHandle(SelectWsRequest request) {
-    DbSession dbSession = dbClient.openSession(false);
-    try {
+    try (DbSession dbSession = dbClient.openSession(false)) {
       checkQualityGate(dbClient, request.getGateId());
       ComponentDto project = getProject(dbSession, request.getProjectId(), request.getProjectKey());
 
@@ -102,8 +101,6 @@ public class SelectAction implements QualityGatesWsAction {
         .setValue(String.valueOf(request.getGateId())));
 
       dbSession.commit();
-    } finally {
-      dbClient.closeSession(dbSession);
     }
   }
 
@@ -118,7 +115,7 @@ public class SelectAction implements QualityGatesWsAction {
     ComponentDto project = selectProjectById(dbSession, projectId)
       .or(() -> componentFinder.getByUuidOrKey(dbSession, projectId, projectKey, ParamNames.PROJECT_ID_AND_KEY));
 
-    if (!userSession.hasPermission(GlobalPermissions.QUALITY_GATE_ADMIN) &&
+    if (!userSession.hasOrganizationPermission(project.getOrganizationUuid(), GlobalPermissions.QUALITY_GATE_ADMIN) &&
       !userSession.hasComponentPermission(UserRole.ADMIN, project)) {
       throw insufficientPrivilegesException();
     }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java
index 935f08e73be..e1ca5997e35 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/DoPrivileged.java
@@ -94,7 +94,7 @@ public final class DoPrivileged {
 
       @Override
       public boolean isRoot() {
-        return false;
+        return true;
       }
 
       @Override
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGatesTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGatesTest.java
index c71db28aee4..074b4ed3cd1 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGatesTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGatesTest.java
@@ -24,8 +24,6 @@ import com.google.common.collect.Lists;
 import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
-import org.apache.commons.lang.RandomStringUtils;
-import org.apache.commons.lang.math.RandomUtils;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -38,8 +36,6 @@ import org.sonar.api.measures.CoreMetrics;
 import org.sonar.api.measures.Metric;
 import org.sonar.api.measures.Metric.ValueType;
 import org.sonar.api.measures.MetricFinder;
-import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.core.util.Uuids;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
@@ -53,10 +49,7 @@ import org.sonar.db.qualitygate.QualityGateDao;
 import org.sonar.db.qualitygate.QualityGateDto;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.NotFoundException;
-import org.sonar.server.tester.AnonymousMockUserSession;
-import org.sonar.server.tester.MockUserSession;
 import org.sonar.server.tester.UserSessionRule;
-import org.sonar.server.user.UserSession;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Matchers.any;
@@ -71,31 +64,23 @@ import static org.sonar.db.component.ComponentTesting.newProjectDto;
 @RunWith(MockitoJUnitRunner.class)
 public class QualityGatesTest {
 
-  static final long QUALITY_GATE_ID = 42L;
-  static final int METRIC_ID = 10;
+  private static final long QUALITY_GATE_ID = 42L;
+  private static final String PROJECT_KEY = "SonarQube";
+  private static final String PROJECT_UUID = Uuids.UUID_EXAMPLE_01;
 
   @Rule
   public ExpectedException expectedException = ExpectedException.none();
   @Rule
-  public UserSessionRule userSessionRule = UserSessionRule.standalone();
+  public UserSessionRule userSession = UserSessionRule.standalone();
 
-  DbSession dbSession = mock(DbSession.class);
-  DbClient dbClient = mock(DbClient.class);
-  QualityGateDao dao = mock(QualityGateDao.class);
-  QualityGateConditionDao conditionDao = mock(QualityGateConditionDao.class);
-  PropertiesDao propertiesDao = mock(PropertiesDao.class);
-  ComponentDao componentDao = mock(ComponentDao.class);
-  MetricFinder metricFinder = mock(MetricFinder.class);
-
-  QualityGates underTest;
-
-  static final String PROJECT_KEY = "SonarQube";
-  static final String PROJECT_UUID = Uuids.UUID_EXAMPLE_01;
-
-  UserSession authorizedProfileAdminUserSession = new MockUserSession("gaudol").setName("Olivier").setGlobalPermissions(GlobalPermissions.QUALITY_GATE_ADMIN);
-  UserSession authorizedProjectAdminUserSession = new MockUserSession("gaudol").setName("Olivier").addProjectUuidPermissions(UserRole.ADMIN, PROJECT_UUID);
-  UserSession unauthorizedUserSession = new MockUserSession("polop").setName("Polop");
-  UserSession unauthenticatedUserSession = new AnonymousMockUserSession();
+  private DbSession dbSession = mock(DbSession.class);
+  private DbClient dbClient = mock(DbClient.class);
+  private QualityGateDao dao = mock(QualityGateDao.class);
+  private QualityGateConditionDao conditionDao = mock(QualityGateConditionDao.class);
+  private PropertiesDao propertiesDao = mock(PropertiesDao.class);
+  private ComponentDao componentDao = mock(ComponentDao.class);
+  private MetricFinder metricFinder = mock(MetricFinder.class);
+  private QualityGates underTest;
 
   @Before
   public void initialize() {
@@ -108,9 +93,9 @@ public class QualityGatesTest {
     when(componentDao.selectOrFailById(eq(dbSession), anyLong())).thenReturn(
       newProjectDto(OrganizationTesting.newOrganizationDto(), PROJECT_UUID).setId(1L).setKey(PROJECT_KEY));
 
-    underTest = new QualityGates(dbClient, metricFinder, userSessionRule);
+    underTest = new QualityGates(dbClient, metricFinder, userSession);
 
-    userSessionRule.set(authorizedProfileAdminUserSession);
+    userSession.login().setRoot();
   }
 
   @Test
@@ -315,60 +300,6 @@ public class QualityGatesTest {
   }
 
   @Test
-  public void should_associate_project() {
-    Long qGateId = QUALITY_GATE_ID;
-    Long projectId = 24L;
-    when(dao.selectById(dbSession, qGateId)).thenReturn(new QualityGateDto().setId(qGateId));
-    underTest.associateProject(qGateId, projectId);
-    verify(dao).selectById(dbSession, qGateId);
-    ArgumentCaptor<PropertyDto> propertyCaptor = ArgumentCaptor.forClass(PropertyDto.class);
-    verify(propertiesDao).saveProperty(propertyCaptor.capture());
-    PropertyDto property = propertyCaptor.getValue();
-    assertThat(property.getKey()).isEqualTo("sonar.qualitygate");
-    assertThat(property.getResourceId()).isEqualTo(projectId);
-    assertThat(property.getValue()).isEqualTo("42");
-  }
-
-  @Test
-  public void associate_project_with_project_admin_permission() {
-    userSessionRule.set(authorizedProjectAdminUserSession);
-
-    Long qGateId = QUALITY_GATE_ID;
-    Long projectId = 24L;
-    when(dao.selectById(dbSession, qGateId)).thenReturn(new QualityGateDto().setId(qGateId));
-    underTest.associateProject(qGateId, projectId);
-    verify(dao).selectById(dbSession, qGateId);
-    ArgumentCaptor<PropertyDto> propertyCaptor = ArgumentCaptor.forClass(PropertyDto.class);
-    verify(propertiesDao).saveProperty(propertyCaptor.capture());
-    PropertyDto property = propertyCaptor.getValue();
-    assertThat(property.getKey()).isEqualTo("sonar.qualitygate");
-    assertThat(property.getResourceId()).isEqualTo(projectId);
-    assertThat(property.getValue()).isEqualTo("42");
-  }
-
-  @Test
-  public void should_dissociate_project() {
-    Long qGateId = QUALITY_GATE_ID;
-    Long projectId = 24L;
-    when(dao.selectById(dbSession, qGateId)).thenReturn(new QualityGateDto().setId(qGateId));
-    underTest.dissociateProject(qGateId, projectId);
-    verify(dao).selectById(dbSession, qGateId);
-    verify(propertiesDao).deleteProjectProperty("sonar.qualitygate", projectId);
-  }
-
-  @Test
-  public void dissociate_project_with_project_admin_permission() {
-    userSessionRule.set(authorizedProjectAdminUserSession);
-
-    Long qGateId = QUALITY_GATE_ID;
-    Long projectId = 24L;
-    when(dao.selectById(dbSession, qGateId)).thenReturn(new QualityGateDto().setId(qGateId));
-    underTest.dissociateProject(qGateId, projectId);
-    verify(dao).selectById(dbSession, qGateId);
-    verify(propertiesDao).deleteProjectProperty("sonar.qualitygate", projectId);
-  }
-
-  @Test
   public void should_copy_qgate() {
     String name = "Atlantis";
     long sourceId = QUALITY_GATE_ID;
@@ -410,29 +341,4 @@ public class QualityGatesTest {
       dataMetric, hiddenMetric, nullHiddenMetric, alertMetric, ratingMetric, classicMetric));
   }
 
-  private Metric addMetric(String metricKey, String metricName) {
-    Metric metric = Mockito.spy(CoreMetrics.COVERAGE);
-    when(metric.getId()).thenReturn(METRIC_ID);
-    when(metric.getName()).thenReturn(metricName);
-    when(metricFinder.findByKey(metricKey)).thenReturn(metric);
-    return metric;
-  }
-
-  private QualityGateConditionDto newCondition(String metricKey, int metricId) {
-    return new QualityGateConditionDto()
-      .setId(RandomUtils.nextLong())
-      .setMetricKey(metricKey)
-      .setMetricId(metricId)
-      .setQualityGateId(QUALITY_GATE_ID)
-      .setOperator("GT")
-      .setWarningThreshold(RandomStringUtils.randomAlphanumeric(15))
-      .setErrorThreshold(RandomStringUtils.randomAlphanumeric(15))
-      .setPeriod(RandomUtils.nextBoolean() ? 1 : null);
-  }
-
-  private QualityGateConditionDto insertQualityGateConditionDto(QualityGateConditionDto conditionDto) {
-    when(conditionDao.selectById(conditionDto.getId())).thenReturn(conditionDto);
-    return conditionDto;
-  }
-
 }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java
index e76e7c6a17f..8ec7b8a4e0f 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/AppActionTest.java
@@ -25,11 +25,12 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.api.utils.System2;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.metric.MetricDto;
+import org.sonar.server.organization.DefaultOrganizationProvider;
+import org.sonar.server.organization.TestDefaultOrganizationProvider;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsActionTester;
 import org.sonarqube.ws.MediaTypes;
@@ -55,11 +56,11 @@ public class AppActionTest {
   @Rule
   public DbTester db = DbTester.create(System2.INSTANCE);
 
-  DbClient dbClient = db.getDbClient();
-  DbSession dbSession = db.getSession();
-
-  AppAction underTest = new AppAction(userSession, dbClient);
-  WsActionTester ws = new WsActionTester(underTest);
+  private DbClient dbClient = db.getDbClient();
+  private DbSession dbSession = db.getSession();
+  private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);
+  private AppAction underTest = new AppAction(userSession, dbClient, defaultOrganizationProvider);
+  private WsActionTester ws = new WsActionTester(underTest);
 
   @Test
   public void return_metrics() throws Exception {
@@ -163,7 +164,7 @@ public class AppActionTest {
 
   @Test
   public void return_edit_to_false_when_not_quality_gate_permission() throws Exception {
-    userSession.logIn("not-admin").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+    userSession.logIn();
 
     AppWsResponse response = executeRequest();
 
@@ -172,7 +173,7 @@ public class AppActionTest {
 
   @Test
   public void return_edit_to_true_when_quality_gate_permission() throws Exception {
-    userSession.logIn("admin").setGlobalPermissions(QUALITY_GATE_ADMIN);
+    userSession.logIn().addOrganizationPermission(db.getDefaultOrganization(), QUALITY_GATE_ADMIN);
 
     AppWsResponse response = executeRequest();
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java
index 0147a42704d..f430aea4eb9 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java
@@ -30,7 +30,6 @@ import org.sonar.api.web.UserRole;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
-import org.sonar.db.component.ComponentDbTester;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.property.PropertyDto;
 import org.sonar.db.qualitygate.QualityGateDto;
@@ -43,10 +42,8 @@ import org.sonar.server.ws.WsActionTester;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
 import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
 import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
-import static org.sonar.db.component.ComponentTesting.newProjectDto;
 import static org.sonar.server.qualitygate.QualityGates.SONAR_QUALITYGATE_PROPERTY;
 
 public class DeselectActionTest {
@@ -59,15 +56,14 @@ public class DeselectActionTest {
 
   @Rule
   public DbTester db = DbTester.create(System2.INSTANCE);
-  DbClient dbClient = db.getDbClient();
-  DbSession dbSession = db.getSession();
-  ComponentDbTester componentDb = new ComponentDbTester(db);
 
-  QualityGates qualityGates = new QualityGates(dbClient, mock(MetricFinder.class), userSession);
-
-  WsActionTester ws;
-
-  DeselectAction underTest;
+  private DbClient dbClient = db.getDbClient();
+  private DbSession dbSession = db.getSession();
+  private QualityGates qualityGates = new QualityGates(dbClient, mock(MetricFinder.class), userSession);
+  private WsActionTester ws;
+  private ComponentDto project;
+  private QualityGateDto gate;
+  private DeselectAction underTest;
 
   @Before
   public void setUp() {
@@ -75,14 +71,15 @@ public class DeselectActionTest {
     underTest = new DeselectAction(qualityGates, dbClient, componentFinder);
     ws = new WsActionTester(underTest);
 
-    userSession.logIn("login").setGlobalPermissions(QUALITY_GATE_ADMIN);
+    project = db.components().insertProject();
+    gate = insertQualityGate();
   }
 
   @Test
   public void deselect_by_id() throws Exception {
-    ComponentDto project = insertProject();
-    ComponentDto anotherProject = componentDb.insertProject();
-    QualityGateDto gate = insertQualityGate();
+    userSession.logIn().setRoot();
+
+    ComponentDto anotherProject = db.components().insertProject();
     String gateId = String.valueOf(gate.getId());
     associateProjectToQualityGate(project.getId(), gateId);
     associateProjectToQualityGate(anotherProject.getId(), gateId);
@@ -95,8 +92,8 @@ public class DeselectActionTest {
 
   @Test
   public void deselect_by_uuid() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
+    userSession.logIn().setRoot();
+
     String gateId = String.valueOf(gate.getId());
     associateProjectToQualityGate(project.getId(), gateId);
 
@@ -107,8 +104,8 @@ public class DeselectActionTest {
 
   @Test
   public void deselect_by_key() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
+    userSession.logIn().setRoot();
+
     String gateId = String.valueOf(gate.getId());
     associateProjectToQualityGate(project.getId(), gateId);
 
@@ -119,12 +116,10 @@ public class DeselectActionTest {
 
   @Test
   public void project_admin() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
     associateProjectToQualityGate(project.getId(), gateId);
 
-    userSession.logIn("login").addProjectUuidPermissions(UserRole.ADMIN, project.uuid());
+    userSession.logIn().addProjectUuidPermissions(UserRole.ADMIN, project.uuid());
 
     callByKey(gateId, project.getKey());
 
@@ -133,12 +128,10 @@ public class DeselectActionTest {
 
   @Test
   public void system_admin() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
     associateProjectToQualityGate(project.getId(), gateId);
 
-    userSession.logIn("login").setGlobalPermissions(SYSTEM_ADMIN);
+    userSession.logIn().setGlobalPermissions(SYSTEM_ADMIN);
 
     callByKey(gateId, project.getKey());
 
@@ -147,16 +140,13 @@ public class DeselectActionTest {
 
   @Test
   public void fail_when_no_quality_gate() throws Exception {
-    ComponentDto project = insertProject();
-
     expectedException.expect(NotFoundException.class);
 
-    callByKey("1", project.getKey());
+    callByKey("-1", project.getKey());
   }
 
   @Test
   public void fail_when_no_project_id() throws Exception {
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
 
     expectedException.expect(NotFoundException.class);
@@ -166,7 +156,6 @@ public class DeselectActionTest {
 
   @Test
   public void fail_when_no_project_key() throws Exception {
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
 
     expectedException.expect(NotFoundException.class);
@@ -176,8 +165,6 @@ public class DeselectActionTest {
 
   @Test
   public void fail_when_anonymous() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
     userSession.anonymous();
 
@@ -187,11 +174,9 @@ public class DeselectActionTest {
 
   @Test
   public void fail_when_not_project_admin() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
 
-    userSession.logIn("login").addProjectUuidPermissions(UserRole.ISSUE_ADMIN, project.uuid());
+    userSession.logIn().addProjectUuidPermissions(UserRole.ISSUE_ADMIN, project.uuid());
 
     expectedException.expect(ForbiddenException.class);
 
@@ -200,21 +185,15 @@ public class DeselectActionTest {
 
   @Test
   public void fail_when_not_quality_gates_admin() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
 
-    userSession.logIn("login").setGlobalPermissions(QUALITY_PROFILE_ADMIN);
+    userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), QUALITY_PROFILE_ADMIN);
 
     expectedException.expect(ForbiddenException.class);
 
     callByKey(gateId, project.getKey());
   }
 
-  private ComponentDto insertProject() {
-    return componentDb.insertComponent(newProjectDto(db.organizations().insert()));
-  }
-
   private QualityGateDto insertQualityGate() {
     QualityGateDto gate = new QualityGateDto().setName("Custom");
     dbClient.qualityGateDao().insert(dbSession, gate);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/QualityGatesWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/QualityGatesWsTest.java
index bfdbee6307e..57adc7d6519 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/QualityGatesWsTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/QualityGatesWsTest.java
@@ -69,11 +69,19 @@ public class QualityGatesWsTest {
     SelectAction selectAction = new SelectAction(mock(DbClient.class), mock(UserSessionRule.class), mock(ComponentFinder.class));
 
     tester = new WsTester(new QualityGatesWs(
-      new ListAction(qGates), new ShowAction(qGates), new SearchAction(projectFinder),
-      new CreateAction(null, null, null), new CopyAction(qGates), new DestroyAction(qGates), new RenameAction(qGates),
+      new ListAction(qGates),
+      new ShowAction(qGates),
+      new SearchAction(projectFinder),
+      new CreateAction(null, null, null),
+      new CopyAction(qGates),
+      new DestroyAction(qGates), new RenameAction(qGates),
       new SetAsDefaultAction(qGates), new UnsetDefaultAction(qGates),
-      new CreateConditionAction(null, null, null), new UpdateConditionAction(null, null, null), new DeleteConditionAction(qGates),
-      selectAction, new DeselectAction(qGates, mock(DbClient.class), mock(ComponentFinder.class)), new AppAction(null, null)));
+      new CreateConditionAction(null, null, null),
+      new UpdateConditionAction(null, null, null),
+      new DeleteConditionAction(qGates),
+      selectAction,
+      new DeselectAction(qGates, mock(DbClient.class), mock(ComponentFinder.class)),
+      new AppAction(null, null, null)));
   }
 
   @Test
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java
index c8b0e9daace..03d32fd8712 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java
@@ -28,7 +28,6 @@ import org.sonar.api.web.UserRole;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
-import org.sonar.db.component.ComponentDbTester;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.qualitygate.QualityGateDto;
 import org.sonar.server.component.ComponentFinder;
@@ -40,7 +39,6 @@ import org.sonar.server.ws.WsActionTester;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
 import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
-import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 import static org.sonar.server.qualitygate.QualityGates.SONAR_QUALITYGATE_PROPERTY;
 
 public class SelectActionTest {
@@ -53,27 +51,26 @@ public class SelectActionTest {
 
   @Rule
   public DbTester db = DbTester.create(System2.INSTANCE);
-  DbClient dbClient = db.getDbClient();
-  DbSession dbSession = db.getSession();
-  ComponentDbTester componentDb = new ComponentDbTester(db);
 
-  WsActionTester ws;
-
-  SelectAction underTest;
+  private DbClient dbClient = db.getDbClient();
+  private DbSession dbSession = db.getSession();
+  private WsActionTester ws;
+  private ComponentDto project;
+  private QualityGateDto gate;
+  private SelectAction underTest;
 
   @Before
   public void setUp() {
     ComponentFinder componentFinder = new ComponentFinder(dbClient);
     underTest = new SelectAction(dbClient, userSession, componentFinder);
     ws = new WsActionTester(underTest);
-
-    userSession.logIn("login").setGlobalPermissions(QUALITY_GATE_ADMIN);
+    project = db.components().insertProject();
+    gate = insertQualityGate();
   }
 
   @Test
   public void select_by_id() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
+    userSession.logIn().setRoot();
     String gateId = String.valueOf(gate.getId());
 
     callById(gateId, project.getId());
@@ -83,8 +80,7 @@ public class SelectActionTest {
 
   @Test
   public void select_by_uuid() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
+    userSession.logIn().setRoot();
     String gateId = String.valueOf(gate.getId());
 
     callByUuid(gateId, project.uuid());
@@ -94,50 +90,42 @@ public class SelectActionTest {
 
   @Test
   public void select_by_key() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
+    userSession.logIn().setRoot();
     String gateId = String.valueOf(gate.getId());
 
     callByKey(gateId, project.getKey());
+
     assertSelected(gateId, project.getId());
   }
 
   @Test
   public void project_admin() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
+    userSession.logIn().addProjectUuidPermissions(UserRole.ADMIN, project.uuid());
     String gateId = String.valueOf(gate.getId());
 
-    userSession.logIn("login").addProjectUuidPermissions(UserRole.ADMIN, project.uuid());
-
     callByKey(gateId, project.getKey());
+
     assertSelected(gateId, project.getId());
   }
 
   @Test
-  public void system_admin() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
+  public void gate_administrator_can_associate_a_gate_to_a_project() throws Exception {
+    userSession.logIn().addOrganizationPermission(project.getOrganizationUuid(), QUALITY_GATE_ADMIN);
     String gateId = String.valueOf(gate.getId());
 
-    userSession.logIn("login").setGlobalPermissions(SYSTEM_ADMIN);
-
     callByKey(gateId, project.getKey());
+
     assertSelected(gateId, project.getId());
-    ;
   }
 
   @Test
   public void fail_when_no_quality_gate() throws Exception {
-    ComponentDto project = insertProject();
-
     expectedException.expect(NotFoundException.class);
     callByKey("1", project.getKey());
   }
 
   @Test
   public void fail_when_no_project_id() throws Exception {
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
 
     expectedException.expect(NotFoundException.class);
@@ -146,7 +134,6 @@ public class SelectActionTest {
 
   @Test
   public void fail_when_no_project_key() throws Exception {
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
 
     expectedException.expect(NotFoundException.class);
@@ -155,8 +142,6 @@ public class SelectActionTest {
 
   @Test
   public void fail_when_anonymous() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
 
     userSession.anonymous();
@@ -167,11 +152,9 @@ public class SelectActionTest {
 
   @Test
   public void fail_when_not_project_admin() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
 
-    userSession.logIn("login").addProjectUuidPermissions(UserRole.ISSUE_ADMIN, project.uuid());
+    userSession.logIn().addProjectUuidPermissions(UserRole.ISSUE_ADMIN, project.uuid());
 
     expectedException.expect(ForbiddenException.class);
     callByKey(gateId, project.getKey());
@@ -179,20 +162,14 @@ public class SelectActionTest {
 
   @Test
   public void fail_when_not_quality_gates_admin() throws Exception {
-    ComponentDto project = insertProject();
-    QualityGateDto gate = insertQualityGate();
     String gateId = String.valueOf(gate.getId());
 
-    userSession.logIn("login").setGlobalPermissions(QUALITY_PROFILE_ADMIN);
+    userSession.logIn().setGlobalPermissions(QUALITY_PROFILE_ADMIN);
 
     expectedException.expect(ForbiddenException.class);
     callByKey(gateId, project.getKey());
   }
 
-  private ComponentDto insertProject() {
-    return componentDb.insertProject(db.organizations().insert());
-  }
-
   private QualityGateDto insertQualityGate() {
     QualityGateDto gate = new QualityGateDto().setName("Custom");
     dbClient.qualityGateDao().insert(dbSession, gate);
author	Simon Brandhof <simon.brandhof@sonarsource.com>	2017-02-02 10:11:10 +0100
committer	Simon Brandhof <simon.brandhof@sonarsource.com>	2017-02-07 14:20:10 +0100
commit	0d6d15e60f0404e39046a1ae1d4f736d4a8ce684 (patch)
tree	e377f02a2bb10e495c4f0386c6f29a90d50f666b
parent	2059b82a7cf5901feb762228feae95dbb5a3c567 (diff)
download	sonarqube-0d6d15e60f0404e39046a1ae1d4f736d4a8ce684.tar.gz sonarqube-0d6d15e60f0404e39046a1ae1d4f736d4a8ce684.zip