diff options
| author | Sébastien Lesaint <sebastien.lesaint@sonarsource.com> | 2017-04-20 15:48:17 +0200 |
|---|---|---|
| committer | Sébastien Lesaint <sebastien.lesaint@sonarsource.com> | 2017-04-27 14:25:54 +0200 |
| commit | 9e32fa79bee373f2180a8ac5ce6d89b5db5e8839 (patch) | |
| tree | 1918b7d9ca5d6d108738ff7fe2b68b7a515c7bc1 | |
| parent | 69966b44e1ae5c881f9970adfaa26763c95b2b47 (diff) | |
| download | sonarqube-9e32fa79bee373f2180a8ac5ce6d89b5db5e8839.tar.gz sonarqube-9e32fa79bee373f2180a8ac5ce6d89b5db5e8839.zip | |
SONAR-9109 support public components in PermissionIndexer
9 files changed, 314 insertions, 324 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java b/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java index 0b87824c029..b1f418c6e86 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java +++ b/server/sonar-server/src/main/java/org/sonar/server/issue/index/IssueIndex.java @@ -212,7 +212,8 @@ public class IssueIndex { } configureStickyFacets(query, options, filters, esQuery, requestBuilder); - return new SearchResult<>(requestBuilder.get(), DOC_CONVERTER); + SearchResponse response = requestBuilder.get(); + return new SearchResult<>(response, DOC_CONVERTER); } /** diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java b/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java index e2125d43539..81c98dc39c8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java @@ -19,6 +19,7 @@ */ package org.sonar.server.permission.index; +import com.google.common.collect.ImmutableList; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; @@ -27,7 +28,6 @@ import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; -import org.apache.commons.dbutils.DbUtils; import org.apache.commons.lang.StringUtils; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -93,11 +93,6 @@ public class PermissionIndexerDao { } } - /** - * Number of "{projectsCondition}" in SQL template - */ - private static final int NB_OF_CONDITION_PLACEHOLDERS = 4; - private enum RowKind { USER, GROUP, ANYONE, NONE } @@ -145,7 +140,7 @@ public class PermissionIndexerDao { " AND group_id IS NOT NULL " + " UNION " + - // Anyone virtual group + // public projects are accessible to any one " SELECT '" + RowKind.ANYONE + "' as kind," + " projects.uuid AS project, " + @@ -154,15 +149,14 @@ public class PermissionIndexerDao { " NULL AS user_id, " + " NULL AS group_id " + " FROM projects " + - " INNER JOIN group_roles ON group_roles.resource_id = projects.id AND group_roles.role='user' " + " WHERE " + " (projects.qualifier = 'TRK' or projects.qualifier = 'VW') " + " AND projects.copy_component_uuid is NULL " + + " AND projects.private = ? " + " {projectsCondition} " + - " AND group_roles.group_id IS NULL " + " UNION " + - // project is returned when no authorization + // private project is returned when no authorization " SELECT '" + RowKind.NONE + "' as kind," + " projects.uuid AS project, " + " projects.authorization_updated_at AS updated_at, " + @@ -173,6 +167,7 @@ public class PermissionIndexerDao { " WHERE " + " (projects.qualifier = 'TRK' or projects.qualifier = 'VW') " + " AND projects.copy_component_uuid is NULL " + + " AND projects.private = ? " + " {projectsCondition} " + " ) project_authorization"; @@ -188,18 +183,12 @@ public class PermissionIndexerDao { private static List<Dto> doSelectByProjects(DbClient dbClient, DbSession session, List<String> projectUuids) { try { Map<String, Dto> dtosByProjectUuid = new HashMap<>(); - PreparedStatement stmt = null; - ResultSet rs = null; - try { - stmt = createStatement(dbClient, session, projectUuids); - rs = stmt.executeQuery(); + try (PreparedStatement stmt = createStatement(dbClient, session, projectUuids); + ResultSet rs = stmt.executeQuery()) { while (rs.next()) { processRow(rs, dtosByProjectUuid); } - return new ArrayList<>(dtosByProjectUuid.values()); - } finally { - DbUtils.closeQuietly(rs); - DbUtils.closeQuietly(stmt); + return ImmutableList.copyOf(dtosByProjectUuid.values()); } } catch (SQLException e) { throw new IllegalStateException("Fail to select authorizations", e); @@ -215,15 +204,35 @@ public class PermissionIndexerDao { } PreparedStatement stmt = dbClient.getMyBatis().newScrollingSelectStatement(session, sql); int index = 1; - for (int i = 1; i <= NB_OF_CONDITION_PLACEHOLDERS; i++) { - for (String projectUuid : projectUuids) { - stmt.setString(index, projectUuid); - index++; - } - } + // query for RowKind.USER + index = populateProjectUuidPlaceholders(stmt, projectUuids, index); + // query for RowKind.GROUP + index = populateProjectUuidPlaceholders(stmt, projectUuids, index); + // query for RowKind.ANYONE + index = setPrivateProjectPlaceHolder(stmt, index, false); + index = populateProjectUuidPlaceholders(stmt, projectUuids, index); + // query for RowKind.NONE + index = setPrivateProjectPlaceHolder(stmt, index, true); + populateProjectUuidPlaceholders(stmt, projectUuids, index); return stmt; } + private static int populateProjectUuidPlaceholders(PreparedStatement stmt, List<String> projectUuids, int index) throws SQLException { + int newIndex = index; + for (String projectUuid : projectUuids) { + stmt.setString(newIndex, projectUuid); + newIndex++; + } + return newIndex; + } + + private static int setPrivateProjectPlaceHolder(PreparedStatement stmt, int index, boolean isPrivate) throws SQLException { + int newIndex = index; + stmt.setBoolean(newIndex, isPrivate); + newIndex++; + return newIndex; + } + private static void processRow(ResultSet rs, Map<String, Dto> dtosByProjectUuid) throws SQLException { RowKind rowKind = RowKind.valueOf(rs.getString(1)); String projectUuid = rs.getString(2); diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java index aca5eac5328..34054c431fe 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/issue/IssueServiceMediumTest.java @@ -26,7 +26,6 @@ import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.sonar.api.issue.Issue; -import org.sonar.api.web.UserRole; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDao; @@ -46,17 +45,14 @@ import org.sonar.server.es.SearchResult; import org.sonar.server.issue.index.IssueDoc; import org.sonar.server.issue.index.IssueIndex; import org.sonar.server.issue.index.IssueIndexer; -import org.sonar.server.permission.GroupPermissionChange; -import org.sonar.server.permission.PermissionChange; -import org.sonar.server.permission.PermissionUpdater; -import org.sonar.server.permission.ProjectId; +import org.sonar.server.permission.index.PermissionIndexer; import org.sonar.server.rule.index.RuleIndexer; import org.sonar.server.tester.ServerTester; import org.sonar.server.tester.UserSessionRule; -import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static com.google.common.collect.Lists.newArrayList; import static java.util.Arrays.asList; +import static java.util.Collections.singletonList; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.entry; @@ -90,7 +86,7 @@ public class IssueServiceMediumTest { @Test public void list_component_tags() { RuleDto rule = newRule(); - ComponentDto project = newProject(); + ComponentDto project = newPublicProject(); ComponentDto file = newFile(project); saveIssue(IssueTesting.newDto(rule, file, project).setTags(ImmutableSet.of("convention", "java8", "bug"))); saveIssue(IssueTesting.newDto(rule, file, project).setTags(ImmutableSet.of("convention", "bug"))); @@ -110,7 +106,7 @@ public class IssueServiceMediumTest { @Test public void test_listAuthors() { RuleDto rule = newRule(); - ComponentDto project = newProject(); + ComponentDto project = newPublicProject(); ComponentDto file = newFile(project); saveIssue(IssueTesting.newDto(rule, file, project).setAuthorLogin("luke.skywalker")); saveIssue(IssueTesting.newDto(rule, file, project).setAuthorLogin("luke@skywalker.name")); @@ -126,7 +122,7 @@ public class IssueServiceMediumTest { @Test public void listAuthors_escapes_regexp_special_characters() { - saveIssue(IssueTesting.newDto(newRule(), newFile(newProject()), newProject()).setAuthorLogin("name++")); + saveIssue(IssueTesting.newDto(newRule(), newFile(newPublicProject()), newPublicProject()).setAuthorLogin("name++")); assertThat(service.listAuthors("invalidRegexp[", 5)).isEmpty(); assertThat(service.listAuthors("nam+", 5)).isEmpty(); @@ -149,21 +145,14 @@ public class IssueServiceMediumTest { return rule; } - private ComponentDto newProject() { + private ComponentDto newPublicProject() { OrganizationDto organization = OrganizationTesting.newOrganizationDto(); tester.get(OrganizationDao.class).insert(session, organization); - ComponentDto project = ComponentTesting.newPrivateProjectDto(organization); + ComponentDto project = ComponentTesting.newPublicProjectDto(organization); tester.get(ComponentDao.class).insert(session, project); - - userSessionRule.logIn().addProjectPermission(UserRole.USER, project); session.commit(); - // project can be seen by group "anyone" - // TODO correctly feed default organization. Not a problem as long as issues search does not support "anyone" - // for each organization - GroupPermissionChange permissionChange = new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.USER, new ProjectId(project), - GroupIdOrAnyone.forAnyone(organization.getUuid())); - tester.get(PermissionUpdater.class).apply(session, asList(permissionChange)); + tester.get(PermissionIndexer.class).indexProjectsByUuids(session, singletonList(project.uuid())); userSessionRule.logIn(); return project; diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionComponentsMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionComponentsMediumTest.java index 6ba4c155fdf..21b1856e5b8 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionComponentsMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionComponentsMediumTest.java @@ -20,7 +20,9 @@ package org.sonar.server.issue.ws; import java.io.IOException; +import java.util.Arrays; import java.util.List; +import java.util.stream.Collectors; import org.junit.After; import org.junit.Before; import org.junit.ClassRule; @@ -30,7 +32,6 @@ import org.sonar.api.resources.Qualifiers; import org.sonar.api.rule.RuleStatus; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.DateUtils; -import org.sonar.api.web.UserRole; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -46,13 +47,9 @@ import org.sonar.db.rule.RuleTesting; import org.sonar.server.issue.index.IssueIndexer; import org.sonar.server.organization.DefaultOrganization; import org.sonar.server.organization.DefaultOrganizationProvider; -import org.sonar.server.permission.GroupPermissionChange; -import org.sonar.server.permission.PermissionChange; -import org.sonar.server.permission.PermissionUpdater; -import org.sonar.server.permission.ProjectId; +import org.sonar.server.permission.index.PermissionIndexer; import org.sonar.server.tester.ServerTester; import org.sonar.server.tester.UserSessionRule; -import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import org.sonar.server.view.index.ViewDoc; import org.sonar.server.view.index.ViewIndexer; import org.sonar.server.ws.WsActionTester; @@ -62,7 +59,6 @@ import org.sonarqube.ws.Issues.SearchWsResponse; import org.sonarqube.ws.client.issue.IssuesWsParameters; import static com.google.common.collect.Lists.newArrayList; -import static java.util.Arrays.asList; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.utils.DateUtils.parseDateTime; import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01; @@ -112,8 +108,7 @@ public class SearchActionComponentsMediumTest { @Test public void issues_on_different_projects() throws Exception { RuleDto rule = newRule(); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "P1").setKey("PK1")); ComponentDto file = insertComponent(newFileDto(project, null, "F1").setKey("FK1")); IssueDto issue = IssueTesting.newDto(rule, file, project) .setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2") @@ -123,8 +118,7 @@ public class SearchActionComponentsMediumTest { .setIssueUpdateDate(DateUtils.parseDateTime("2017-12-04T00:00:00+0100")); db.issueDao().insert(session, issue); - ComponentDto project2 = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "P2").setKey("PK2")); - setDefaultProjectPermission(project2); + ComponentDto project2 = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "P2").setKey("PK2")); ComponentDto file2 = insertComponent(newFileDto(project2, null, "F2").setKey("FK2")); IssueDto issue2 = IssueTesting.newDto(rule, file2, project2) .setKee("92fd47d4-b650-4037-80bc-7b112bd4eac2") @@ -135,6 +129,7 @@ public class SearchActionComponentsMediumTest { db.issueDao().insert(session, issue2); session.commit(); indexIssues(); + indexPermissionsOf(project, project2); WsTester.Result result = wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH).execute(); result.assertJson(this.getClass(), "issues_on_different_projects.json"); @@ -142,8 +137,7 @@ public class SearchActionComponentsMediumTest { @Test public void do_not_return_module_key_on_single_module_projects() throws IOException { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "P1").setKey("PK1")); ComponentDto module = insertComponent(newModuleDto("M1", project).setKey("MK1")); ComponentDto file = insertComponent(newFileDto(module, null, "F1").setKey("FK1")); RuleDto newRule = newRule(); @@ -152,6 +146,7 @@ public class SearchActionComponentsMediumTest { db.issueDao().insert(session, issueInModule, issueInRootModule); session.commit(); indexIssues(); + indexPermissionsOf(project); WsActionTester actionTester = new WsActionTester(tester.get(SearchAction.class)); SearchWsResponse searchResponse = actionTester.newRequest().executeProtobuf(SearchWsResponse.class); @@ -169,13 +164,13 @@ public class SearchActionComponentsMediumTest { @Test public void search_by_project_uuid() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "P1").setKey("PK1")); ComponentDto file = insertComponent(newFileDto(project, null, "F1").setKey("FK1")); IssueDto issue = IssueTesting.newDto(newRule(), file, project).setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"); db.issueDao().insert(session, issue); session.commit(); indexIssues(); + indexPermissionsOf(project); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_PROJECT_UUIDS, project.uuid()) @@ -200,8 +195,7 @@ public class SearchActionComponentsMediumTest { @Test public void search_since_leak_period_on_project() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "P1").setKey("PK1")); ComponentDto file = insertComponent(newFileDto(project, null, "F1").setKey("FK1")); db.snapshotDao().insert(session, newAnalysis(project) @@ -218,6 +212,7 @@ public class SearchActionComponentsMediumTest { db.issueDao().insert(session, issueAfterLeak, issueBeforeLeak); session.commit(); indexIssues(); + indexPermissionsOf(project); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_COMPONENT_UUIDS, project.uuid()) @@ -228,8 +223,7 @@ public class SearchActionComponentsMediumTest { @Test public void search_since_leak_period_on_file_in_module_project() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "P1").setKey("PK1")); ComponentDto module = insertComponent(newModuleDto(project)); ComponentDto file = insertComponent(newFileDto(module, null, "F1").setKey("FK1")); db.snapshotDao().insert(session, @@ -246,6 +240,7 @@ public class SearchActionComponentsMediumTest { db.issueDao().insert(session, issueAfterLeak, issueBeforeLeak); session.commit(); indexIssues(); + indexPermissionsOf(project); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_COMPONENT_UUIDS, project.uuid()) @@ -257,12 +252,9 @@ public class SearchActionComponentsMediumTest { @Test public void project_facet_is_sticky() throws Exception { - ComponentDto project1 = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "P1").setKey("PK1")); - ComponentDto project2 = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "P2").setKey("PK2")); - ComponentDto project3 = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "P3").setKey("PK3")); - setDefaultProjectPermission(project1); - setDefaultProjectPermission(project2); - setDefaultProjectPermission(project3); + ComponentDto project1 = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "P1").setKey("PK1")); + ComponentDto project2 = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "P2").setKey("PK2")); + ComponentDto project3 = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "P3").setKey("PK3")); ComponentDto file1 = insertComponent(newFileDto(project1, null, "F1").setKey("FK1")); ComponentDto file2 = insertComponent(newFileDto(project2, null, "F2").setKey("FK2")); ComponentDto file3 = insertComponent(newFileDto(project3, null, "F3").setKey("FK3")); @@ -273,6 +265,7 @@ public class SearchActionComponentsMediumTest { db.issueDao().insert(session, issue1, issue2, issue3); session.commit(); indexIssues(); + indexPermissionsOf(project1, project2, project3); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_PROJECT_UUIDS, project1.uuid()) @@ -283,13 +276,13 @@ public class SearchActionComponentsMediumTest { @Test public void search_by_file_uuid() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "P1").setKey("PK1")); ComponentDto file = insertComponent(newFileDto(project, null, "F1").setKey("FK1")); IssueDto issue = IssueTesting.newDto(newRule(), file, project).setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"); db.issueDao().insert(session, issue); session.commit(); indexIssues(); + indexPermissionsOf(project); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_FILE_UUIDS, file.uuid()) @@ -314,8 +307,7 @@ public class SearchActionComponentsMediumTest { @Test public void search_by_file_key() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "P1").setKey("PK1")); ComponentDto file = insertComponent(newFileDto(project, null, "F1").setKey("FK1")); ComponentDto unitTest = insertComponent(newFileDto(project, null, "F2").setQualifier(Qualifiers.UNIT_TEST_FILE).setKey("FK2")); RuleDto rule = newRule(); @@ -324,6 +316,7 @@ public class SearchActionComponentsMediumTest { db.issueDao().insert(session, issueOnFile, issueOnTest); session.commit(); indexIssues(); + indexPermissionsOf(project); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_COMPONENTS, file.key()) @@ -338,8 +331,7 @@ public class SearchActionComponentsMediumTest { @Test public void display_file_facet() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "P1").setKey("PK1")); ComponentDto file1 = insertComponent(newFileDto(project, null, "F1").setKey("FK1")); ComponentDto file2 = insertComponent(newFileDto(project, null, "F2").setKey("FK2")); ComponentDto file3 = insertComponent(newFileDto(project, null, "F3").setKey("FK3")); @@ -349,6 +341,7 @@ public class SearchActionComponentsMediumTest { db.issueDao().insert(session, issue1, issue2); session.commit(); indexIssues(); + indexPermissionsOf(project); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_COMPONENT_UUIDS, project.uuid()) @@ -360,14 +353,14 @@ public class SearchActionComponentsMediumTest { @Test public void search_by_directory_path() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "P1").setKey("PK1")); ComponentDto directory = insertComponent(ComponentTesting.newDirectory(project, "D1", "src/main/java/dir")); ComponentDto file = insertComponent(newFileDto(project, null, "F1").setKey("FK1").setPath(directory.path() + "/MyComponent.java")); IssueDto issue = IssueTesting.newDto(newRule(), file, project).setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"); db.issueDao().insert(session, issue); session.commit(); indexIssues(); + indexPermissionsOf(project); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_COMPONENT_UUIDS, directory.uuid()) @@ -392,8 +385,7 @@ public class SearchActionComponentsMediumTest { @Test public void search_by_directory_path_in_different_modules() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "P1").setKey("PK1")); ComponentDto module1 = insertComponent(newModuleDto("M1", project).setKey("MK1")); ComponentDto module2 = insertComponent(newModuleDto("M2", project).setKey("MK2")); ComponentDto directory1 = insertComponent(ComponentTesting.newDirectory(module1, "D1", "src/main/java/dir")); @@ -405,6 +397,7 @@ public class SearchActionComponentsMediumTest { db.issueDao().insert(session, issue1); session.commit(); indexIssues(); + indexPermissionsOf(project); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_COMPONENT_UUIDS, directory1.uuid()) @@ -441,8 +434,7 @@ public class SearchActionComponentsMediumTest { @Test public void display_module_facet() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "P1").setKey("PK1")); ComponentDto module = insertComponent(newModuleDto("M1", project).setKey("MK1")); ComponentDto subModule1 = insertComponent(newModuleDto("SUBM1", module).setKey("SUBMK1")); ComponentDto subModule2 = insertComponent(newModuleDto("SUBM2", module).setKey("SUBMK2")); @@ -455,6 +447,7 @@ public class SearchActionComponentsMediumTest { db.issueDao().insert(session, issue1, issue2); session.commit(); indexIssues(); + indexPermissionsOf(project); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_COMPONENT_UUIDS, module.uuid()) @@ -466,14 +459,14 @@ public class SearchActionComponentsMediumTest { @Test public void display_directory_facet() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "P1").setKey("PK1")); ComponentDto directory = insertComponent(ComponentTesting.newDirectory(project, "D1", "src/main/java/dir")); ComponentDto file = insertComponent(newFileDto(project, directory, "F1").setKey("FK1").setPath(directory.path() + "/MyComponent.java")); IssueDto issue = IssueTesting.newDto(newRule(), file, project).setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"); db.issueDao().insert(session, issue); session.commit(); indexIssues(); + indexPermissionsOf(project); userSessionRule.logIn("john"); WsTester.Result result = wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) @@ -485,58 +478,37 @@ public class SearchActionComponentsMediumTest { @Test public void search_by_view_uuid() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "P1").setKey("PK1")); ComponentDto file = insertComponent(newFileDto(project, null, "F1").setKey("FK1")); - insertIssue(IssueTesting.newDto(newRule(), file, project).setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2")); - - ComponentDto view = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "V1").setQualifier(Qualifiers.VIEW).setKey("MyView")); + ComponentDto view = insertComponent(ComponentTesting.newView(defaultOrganization, "V1").setKey("MyView")); indexView(view.uuid(), newArrayList(project.uuid())); + indexPermissionsOf(project, view); - setAnyoneProjectPermission(view, UserRole.USER); - userSessionRule.logIn("john").addProjectPermission(UserRole.USER, view); - - wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) - .setParam(IssuesWsParameters.PARAM_COMPONENT_UUIDS, view.uuid()) - .execute() - .assertJson(this.getClass(), "search_by_view_uuid.json"); - } - - @Test - public void search_by_view_uuid_return_only_authorized_view() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "P1").setKey("PK1")); - setDefaultProjectPermission(project); - ComponentDto file = insertComponent(newFileDto(project, null, "F1").setKey("FK1")); insertIssue(IssueTesting.newDto(newRule(), file, project).setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2")); - ComponentDto view = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "V1").setQualifier(Qualifiers.VIEW).setKey("MyView")); - indexView(view.uuid(), newArrayList(project.uuid())); - - setAnyoneProjectPermission(view, UserRole.USER); - // User has wrong permission on the view, no issue will be returned - userSessionRule.logIn("john").addProjectPermission(UserRole.CODEVIEWER, view); + userSessionRule.logIn("john") + .registerComponents(project, file, view); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_COMPONENT_UUIDS, view.uuid()) .execute() - .assertJson(this.getClass(), "no_issue.json"); + .assertJson(this.getClass(), "search_by_view_uuid.json"); } @Test public void search_by_sub_view_uuid() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "P1").setKey("PK1")); ComponentDto file = insertComponent(newFileDto(project, null, "F1").setKey("FK1")); insertIssue(IssueTesting.newDto(newRule(), file, project).setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2")); - ComponentDto view = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "V1").setQualifier(Qualifiers.VIEW).setKey("MyView")); + ComponentDto view = insertComponent(ComponentTesting.newView(otherOrganization1, "V1").setKey("MyView")); indexView(view.uuid(), newArrayList(project.uuid())); - ComponentDto subView = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "SV1").setQualifier(Qualifiers.SUBVIEW).setKey("MySubView")); + ComponentDto subView = insertComponent(ComponentTesting.newSubView(view, "SV1", "MySubView")); indexView(subView.uuid(), newArrayList(project.uuid())); + indexPermissionsOf(project, view); - setAnyoneProjectPermission(view, UserRole.USER); - userSessionRule.logIn("john").addProjectPermission(UserRole.USER, view, subView); - + userSessionRule.logIn("john") + .registerComponents(project, file, view, subView); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_COMPONENT_UUIDS, subView.uuid()) .execute() @@ -545,19 +517,18 @@ public class SearchActionComponentsMediumTest { @Test public void search_by_sub_view_uuid_return_only_authorized_view() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "P1").setKey("PK1")); ComponentDto file = insertComponent(newFileDto(project, null, "F1").setKey("FK1")); insertIssue(IssueTesting.newDto(newRule(), file, project).setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2")); - ComponentDto view = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "V1").setQualifier(Qualifiers.VIEW).setKey("MyView")); + ComponentDto view = insertComponent(ComponentTesting.newView(otherOrganization1, "V1").setKey("MyView")); indexView(view.uuid(), newArrayList(project.uuid())); - ComponentDto subView = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "SV1").setQualifier(Qualifiers.SUBVIEW).setKey("MySubView")); + ComponentDto subView = insertComponent(ComponentTesting.newSubView(view, "SV1", "MySubView")); indexView(subView.uuid(), newArrayList(project.uuid())); - setAnyoneProjectPermission(view, UserRole.USER); // User has wrong permission on the view, no issue will be returned - userSessionRule.logIn("john").addProjectPermission(UserRole.CODEVIEWER, view, subView); + userSessionRule.logIn("john") + .registerComponents(project, file, view, subView); wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam(IssuesWsParameters.PARAM_COMPONENT_UUIDS, subView.uuid()) @@ -567,12 +538,12 @@ public class SearchActionComponentsMediumTest { @Test public void search_by_author() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "P1").setKey("PK1")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "P1").setKey("PK1")); ComponentDto file = insertComponent(newFileDto(project, null, "F1").setKey("FK1")); RuleDto newRule = newRule(); IssueDto issue1 = IssueTesting.newDto(newRule, file, project).setAuthorLogin("leia").setKee("2bd4eac2-b650-4037-80bc-7b112bd4eac2"); IssueDto issue2 = IssueTesting.newDto(newRule, file, project).setAuthorLogin("luke@skywalker.name").setKee("82fd47d4-b650-4037-80bc-7b1182fd47d4"); + indexPermissionsOf(project); db.issueDao().insert(session, issue1, issue2); session.commit(); @@ -601,18 +572,8 @@ public class SearchActionComponentsMediumTest { return rule; } - private void setDefaultProjectPermission(ComponentDto project) { - // project can be seen by anyone - setAnyoneProjectPermission(project, UserRole.USER); - } - - private void setAnyoneProjectPermission(ComponentDto project, String permission) { - userSessionRule.logIn().setSystemAdministrator(); - // TODO correctly feed default organization. Not a problem as long as issues search does not support "anyone" - // for each organization - GroupPermissionChange permissionChange = new GroupPermissionChange(PermissionChange.Operation.ADD, permission, new ProjectId(project), - GroupIdOrAnyone.forAnyone(project.getOrganizationUuid())); - tester.get(PermissionUpdater.class).apply(session, asList(permissionChange)); + private void indexPermissionsOf(ComponentDto... rootComponents) { + tester.get(PermissionIndexer.class).indexProjectsByUuids(session, Arrays.stream(rootComponents).map(ComponentDto::uuid).collect(Collectors.toList())); } private IssueDto insertIssue(IssueDto issue) { diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionMediumTest.java index fe37b1f32a7..282b2dcc1dd 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionMediumTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionMediumTest.java @@ -19,7 +19,6 @@ */ package org.sonar.server.issue.ws; -import java.util.Arrays; import org.junit.After; import org.junit.Before; import org.junit.ClassRule; @@ -30,8 +29,6 @@ import org.sonar.api.issue.Issue; import org.sonar.api.rule.RuleStatus; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.DateUtils; -import org.sonar.api.web.UserRole; -import org.sonar.core.util.stream.MoreCollectors; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -44,6 +41,7 @@ import org.sonar.db.issue.IssueTesting; import org.sonar.db.organization.OrganizationDao; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.organization.OrganizationTesting; +import org.sonar.db.permission.GroupPermissionDto; import org.sonar.db.rule.RuleDao; import org.sonar.db.rule.RuleDto; import org.sonar.db.rule.RuleTesting; @@ -53,19 +51,15 @@ import org.sonar.server.issue.IssueQuery; import org.sonar.server.issue.index.IssueIndexer; import org.sonar.server.organization.DefaultOrganization; import org.sonar.server.organization.DefaultOrganizationProvider; -import org.sonar.server.permission.GroupPermissionChange; -import org.sonar.server.permission.PermissionChange; -import org.sonar.server.permission.PermissionUpdater; -import org.sonar.server.permission.ProjectId; +import org.sonar.server.permission.index.PermissionIndexer; import org.sonar.server.tester.ServerTester; import org.sonar.server.tester.UserSessionRule; -import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import org.sonar.server.ws.WsTester; import static java.util.Arrays.asList; +import static java.util.Collections.singletonList; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.web.UserRole.ISSUE_ADMIN; -import static org.sonar.api.web.UserRole.USER; import static org.sonarqube.ws.client.issue.IssuesWsParameters.ACTION_SEARCH; import static org.sonarqube.ws.client.issue.IssuesWsParameters.CONTROLLER_ISSUES; import static org.sonarqube.ws.client.issue.IssuesWsParameters.DEPRECATED_FACET_MODE_DEBT; @@ -129,8 +123,8 @@ public class SearchActionMediumTest { db.userDao().insert(session, new UserDto().setLogin("simon").setName("Simon").setEmail("simon@email.com")); db.userDao().insert(session, new UserDto().setLogin("fabrice").setName("Fabrice").setEmail("fabrice@email.com")); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); IssueDto issue = IssueTesting.newDto(newRule(), file, project) .setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2") @@ -158,8 +152,8 @@ public class SearchActionMediumTest { db.userDao().insert(session, new UserDto().setLogin("john").setName("John")); db.userDao().insert(session, new UserDto().setLogin("fabrice").setName("Fabrice").setEmail("fabrice@email.com")); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); IssueDto issue = IssueTesting.newDto(newRule(), file, project) .setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"); @@ -195,8 +189,8 @@ public class SearchActionMediumTest { db.userDao().insert(session, new UserDto().setLogin("john").setName("John").setEmail("john@email.com")); db.userDao().insert(session, new UserDto().setLogin("fabrice").setName("Fabrice").setEmail("fabrice@email.com")); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); IssueDto issue = IssueTesting.newDto(newRule(), file, project) .setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2"); @@ -230,9 +224,9 @@ public class SearchActionMediumTest { public void load_additional_fields() throws Exception { db.userDao().insert(session, new UserDto().setLogin("simon").setName("Simon").setEmail("simon@email.com")); db.userDao().insert(session, new UserDto().setLogin("fabrice").setName("Fabrice").setEmail("fabrice@email.com")); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY").setLanguage("java")); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY").setLanguage("java")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY").setLanguage("js")); - setProjectPermission(project, USER); IssueDto issue = IssueTesting.newDto(newRule(), file, project) .setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2") @@ -243,6 +237,7 @@ public class SearchActionMediumTest { IssueIndexer r = tester.get(IssueIndexer.class); r.indexOnStartup(r.getIndexTypes()); + userSessionRule.logIn("john"); WsTester.Result result = wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam("additionalFields", "_all").execute(); result.assertJson(this.getClass(), "load_additional_fields.json"); @@ -252,9 +247,10 @@ public class SearchActionMediumTest { public void load_additional_fields_with_issue_admin_permission() throws Exception { db.userDao().insert(session, new UserDto().setLogin("simon").setName("Simon").setEmail("simon@email.com")); db.userDao().insert(session, new UserDto().setLogin("fabrice").setName("Fabrice").setEmail("fabrice@email.com")); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY").setLanguage("java")); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY").setLanguage("java")); + grantPermissionToAnyone(project, ISSUE_ADMIN); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY").setLanguage("js")); - setProjectPermission(project, USER, ISSUE_ADMIN); IssueDto issue = IssueTesting.newDto(newRule(), file, project) .setKee("82fd47d4-b650-4037-80bc-7b112bd4eac2") @@ -265,6 +261,8 @@ public class SearchActionMediumTest { IssueIndexer r = tester.get(IssueIndexer.class); r.indexOnStartup(r.getIndexTypes()); + userSessionRule.logIn("john") + .addProjectPermission(ISSUE_ADMIN, project); // granted by Anyone WsTester.Result result = wsTester.newGetRequest(CONTROLLER_ISSUES, ACTION_SEARCH) .setParam("additionalFields", "_all").execute(); result.assertJson(this.getClass(), "load_additional_fields_with_issue_admin_permission.json"); @@ -273,8 +271,8 @@ public class SearchActionMediumTest { @Test public void issue_on_removed_file() throws Exception { RuleDto rule = newRule(); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto removedFile = insertComponent(ComponentTesting.newFileDto(project, null).setUuid("REMOVED_FILE_ID") .setKey("REMOVED_FILE_KEY") .setEnabled(false)); @@ -298,8 +296,8 @@ public class SearchActionMediumTest { @Test public void issue_contains_component_id_for_eclipse() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); IssueDto issue = IssueTesting.newDto(newRule(), file, project); db.issueDao().insert(session, issue); @@ -314,8 +312,8 @@ public class SearchActionMediumTest { @Test public void apply_paging_with_one_component() throws Exception { RuleDto rule = newRule(); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); for (int i = 0; i < SearchOptions.MAX_LIMIT + 1; i++) { IssueDto issue = IssueTesting.newDto(rule, file, project); @@ -331,8 +329,8 @@ public class SearchActionMediumTest { @Test public void components_contains_sub_projects() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "PROJECT_ID").setKey("ProjectHavingModule")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "PROJECT_ID").setKey("ProjectHavingModule")); + indexPermissionsOf(project); ComponentDto module = insertComponent(ComponentTesting.newModuleDto(project).setKey("ModuleHavingFile")); ComponentDto file = insertComponent(ComponentTesting.newFileDto(module, null, "BCDE").setKey("FileLinkedToModule")); IssueDto issue = IssueTesting.newDto(newRule(), file, project); @@ -347,8 +345,8 @@ public class SearchActionMediumTest { @Test public void display_facets() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); IssueDto issue = IssueTesting.newDto(newRule(), file, project) .setIssueCreationDate(DateUtils.parseDate("2014-09-04")) @@ -372,8 +370,8 @@ public class SearchActionMediumTest { @Test public void display_facets_in_effort_mode() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); IssueDto issue = IssueTesting.newDto(newRule(), file, project) .setIssueCreationDate(DateUtils.parseDate("2014-09-04")) @@ -398,8 +396,8 @@ public class SearchActionMediumTest { @Test public void display_zero_valued_facets_for_selected_items() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); IssueDto issue = IssueTesting.newDto(newRule(), file, project) .setIssueCreationDate(DateUtils.parseDate("2014-09-04")) @@ -440,8 +438,8 @@ public class SearchActionMediumTest { public void filter_by_assigned_to_me() throws Exception { db.userDao().insert(session, new UserDto().setLogin("john").setName("John").setEmail("john@email.com")); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); RuleDto rule = newRule(); IssueDto issue1 = IssueTesting.newDto(rule, file, project) @@ -485,8 +483,8 @@ public class SearchActionMediumTest { public void filter_by_assigned_to_me_unauthenticated() throws Exception { userSessionRule.logIn(); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); RuleDto rule = newRule(); IssueDto issue1 = IssueTesting.newDto(rule, file, project) @@ -516,8 +514,8 @@ public class SearchActionMediumTest { public void assigned_to_me_facet_is_sticky_relative_to_assignees() throws Exception { db.userDao().insert(session, new UserDto().setLogin("alice").setName("Alice").setEmail("alice@email.com")); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); RuleDto rule = newRule(); IssueDto issue1 = IssueTesting.newDto(rule, file, project) @@ -560,8 +558,8 @@ public class SearchActionMediumTest { @Test public void sort_by_updated_at() throws Exception { RuleDto rule = newRule(); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); db.issueDao().insert(session, IssueTesting.newDto(rule, file, project) .setKee("82fd47d4-b650-4037-80bc-7b112bd4eac1") @@ -586,8 +584,8 @@ public class SearchActionMediumTest { @Test public void paging() throws Exception { RuleDto rule = newRule(); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); for (int i = 0; i < 12; i++) { IssueDto issue = IssueTesting.newDto(rule, file, project); @@ -608,8 +606,8 @@ public class SearchActionMediumTest { @Test public void paging_with_page_size_to_minus_one() throws Exception { RuleDto rule = newRule(); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization2, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); for (int i = 0; i < 12; i++) { IssueDto issue = IssueTesting.newDto(rule, file, project); @@ -630,8 +628,8 @@ public class SearchActionMediumTest { @Test public void deprecated_paging() throws Exception { RuleDto rule = newRule(); - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(defaultOrganization, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); for (int i = 0; i < 12; i++) { IssueDto issue = IssueTesting.newDto(rule, file, project); @@ -659,8 +657,8 @@ public class SearchActionMediumTest { @Test public void display_deprecated_debt_fields() throws Exception { - ComponentDto project = insertComponent(ComponentTesting.newPrivateProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); - setDefaultProjectPermission(project); + ComponentDto project = insertComponent(ComponentTesting.newPublicProjectDto(otherOrganization1, "PROJECT_ID").setKey("PROJECT_KEY")); + indexPermissionsOf(project); ComponentDto file = insertComponent(ComponentTesting.newFileDto(project, null, "FILE_ID").setKey("FILE_KEY")); IssueDto issue = IssueTesting.newDto(newRule(), file, project) .setIssueCreationDate(DateUtils.parseDate("2014-09-04")) @@ -703,23 +701,19 @@ public class SearchActionMediumTest { return rule; } - private void setDefaultProjectPermission(ComponentDto project) { - // project can be seen by anyone and by code viewer - userSessionRule.logIn().addProjectPermission(UserRole.USER, project); - // TODO correctly feed default organization. Not a problem as long as issues search does not support "anyone" - // for each organization - GroupPermissionChange permissionChange = new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.USER, new ProjectId(project), GroupIdOrAnyone.forAnyone(project.getOrganizationUuid())); - tester.get(PermissionUpdater.class).apply(session, asList(permissionChange)); + private void indexPermissionsOf(ComponentDto project) { + tester.get(PermissionIndexer.class).indexProjectsByUuids(session, singletonList(project.uuid())); } - private void setProjectPermission(ComponentDto project, String... permissions) { - // project can be seen by anyone and by code viewer - userSessionRule.logIn("admin"); - Arrays.stream(permissions).forEach(permission -> userSessionRule.addProjectPermission(permission, project)); - tester.get(PermissionUpdater.class).apply(session, Arrays.stream(permissions) - // TODO correctly feed default organization. Not a problem as long as issues search does not support "anyone" for each organization - .map(permission -> new GroupPermissionChange(PermissionChange.Operation.ADD, permission, new ProjectId(project), GroupIdOrAnyone.forAnyone(project.getOrganizationUuid()))) - .collect(MoreCollectors.toList())); + private void grantPermissionToAnyone(ComponentDto project, String permission) { + db.groupPermissionDao().insert(session, + new GroupPermissionDto() + .setOrganizationUuid(project.getOrganizationUuid()) + .setGroupId(null) + .setResourceId(project.getId()) + .setRole(permission)); + session.commit(); + userSessionRule.logIn().addProjectPermission(permission, project); } private ComponentDto insertComponent(ComponentDto component) { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java index e336195f3b8..002b7c931e0 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java @@ -41,6 +41,7 @@ import org.sonar.db.user.UserDbTester; import org.sonar.db.user.UserDto; import static java.util.Arrays.asList; +import static java.util.Collections.singletonList; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.resources.Qualifiers.PROJECT; import static org.sonar.api.resources.Qualifiers.VIEW; @@ -58,8 +59,9 @@ public class PermissionIndexerDaoTest { private ComponentDbTester componentDbTester = new ComponentDbTester(dbTester); private UserDbTester userDbTester = new UserDbTester(dbTester); - private ComponentDto project1; - private ComponentDto project2; + private ComponentDto publicProject; + private ComponentDto privateProject1; + private ComponentDto privateProject2; private ComponentDto view1; private ComponentDto view2; private UserDto user1; @@ -70,8 +72,9 @@ public class PermissionIndexerDaoTest { @Before public void setUp() throws Exception { - project1 = componentDbTester.insertPublicProject(); - project2 = componentDbTester.insertPublicProject(); + publicProject = componentDbTester.insertPublicProject(); + privateProject1 = componentDbTester.insertPrivateProject(); + privateProject2 = componentDbTester.insertPrivateProject(); view1 = componentDbTester.insertView(); view2 = componentDbTester.insertView(); user1 = userDbTester.insertUser(); @@ -84,82 +87,73 @@ public class PermissionIndexerDaoTest { insertTestDataForProjectsAndViews(); Collection<PermissionIndexerDao.Dto> dtos = underTest.selectAll(dbClient, dbSession); - assertThat(dtos).hasSize(4); + assertThat(dtos).hasSize(5); - PermissionIndexerDao.Dto project1Authorization = getByProjectUuid(project1.uuid(), dtos); - assertThat(project1Authorization.getGroupIds()).containsOnly(group.getId()); - assertThat(project1Authorization.isAllowAnyone()).isTrue(); - assertThat(project1Authorization.getUserIds()).containsOnly(user1.getId()); - assertThat(project1Authorization.getUpdatedAt()).isNotNull(); - assertThat(project1Authorization.getQualifier()).isEqualTo(PROJECT); + PermissionIndexerDao.Dto publicProjectAuthorization = getByProjectUuid(publicProject.uuid(), dtos); + isPublic(publicProjectAuthorization, PROJECT); PermissionIndexerDao.Dto view1Authorization = getByProjectUuid(view1.uuid(), dtos); - assertThat(view1Authorization.getGroupIds()).containsOnly(group.getId()); - assertThat(view1Authorization.isAllowAnyone()).isFalse(); - assertThat(view1Authorization.getUserIds()).containsOnly(user1.getId()); - assertThat(view1Authorization.getUpdatedAt()).isNotNull(); - assertThat(view1Authorization.getQualifier()).isEqualTo(VIEW); + isPublic(view1Authorization, VIEW); + + PermissionIndexerDao.Dto privateProject1Authorization = getByProjectUuid(privateProject1.uuid(), dtos); + assertThat(privateProject1Authorization.getGroupIds()).containsOnly(group.getId()); + assertThat(privateProject1Authorization.isAllowAnyone()).isFalse(); + assertThat(privateProject1Authorization.getUserIds()).containsOnly(user1.getId(), user2.getId()); + assertThat(privateProject1Authorization.getUpdatedAt()).isNotNull(); + assertThat(privateProject1Authorization.getQualifier()).isEqualTo(PROJECT); - PermissionIndexerDao.Dto project2Authorization = getByProjectUuid(project2.uuid(), dtos); - assertThat(project2Authorization.getGroupIds()).isEmpty(); - assertThat(project2Authorization.isAllowAnyone()).isFalse(); - assertThat(project2Authorization.getUserIds()).containsOnly(user1.getId(), user2.getId()); - assertThat(project2Authorization.getUpdatedAt()).isNotNull(); - assertThat(project2Authorization.getQualifier()).isEqualTo(PROJECT); + PermissionIndexerDao.Dto privateProject2Authorization = getByProjectUuid(privateProject2.uuid(), dtos); + assertThat(privateProject2Authorization.getGroupIds()).isEmpty(); + assertThat(privateProject2Authorization.isAllowAnyone()).isFalse(); + assertThat(privateProject2Authorization.getUserIds()).containsOnly(user1.getId()); + assertThat(privateProject2Authorization.getUpdatedAt()).isNotNull(); + assertThat(privateProject2Authorization.getQualifier()).isEqualTo(PROJECT); PermissionIndexerDao.Dto view2Authorization = getByProjectUuid(view2.uuid(), dtos); - assertThat(view2Authorization.getGroupIds()).isEmpty(); - assertThat(view2Authorization.isAllowAnyone()).isFalse(); - assertThat(view2Authorization.getUserIds()).containsOnly(user1.getId(), user2.getId()); - assertThat(view2Authorization.getUpdatedAt()).isNotNull(); - assertThat(view2Authorization.getQualifier()).isEqualTo(VIEW); + isPublic(view2Authorization, VIEW); } @Test public void selectByUuids() throws Exception { insertTestDataForProjectsAndViews(); - Map<String, PermissionIndexerDao.Dto> dtos = underTest.selectByUuids(dbClient, dbSession, asList(project1.uuid(), project2.uuid(), view1.uuid(), view2.uuid())) + Map<String, PermissionIndexerDao.Dto> dtos = underTest + .selectByUuids(dbClient, dbSession, asList(publicProject.uuid(), privateProject1.uuid(), privateProject2.uuid(), view1.uuid(), view2.uuid())) .stream() .collect(MoreCollectors.uniqueIndex(PermissionIndexerDao.Dto::getProjectUuid, Function.identity())); - assertThat(dtos).hasSize(4); + assertThat(dtos).hasSize(5); - PermissionIndexerDao.Dto project1Authorization = dtos.get(project1.uuid()); - assertThat(project1Authorization.getGroupIds()).containsOnly(group.getId()); - assertThat(project1Authorization.isAllowAnyone()).isTrue(); - assertThat(project1Authorization.getUserIds()).containsOnly(user1.getId()); - assertThat(project1Authorization.getUpdatedAt()).isNotNull(); - assertThat(project1Authorization.getQualifier()).isEqualTo(PROJECT); + PermissionIndexerDao.Dto publicProjectAuthorization = dtos.get(publicProject.uuid()); + isPublic(publicProjectAuthorization, PROJECT); PermissionIndexerDao.Dto view1Authorization = dtos.get(view1.uuid()); - assertThat(view1Authorization.getGroupIds()).containsOnly(group.getId()); - assertThat(view1Authorization.isAllowAnyone()).isFalse(); - assertThat(view1Authorization.getUserIds()).containsOnly(user1.getId()); - assertThat(view1Authorization.getUpdatedAt()).isNotNull(); - assertThat(view1Authorization.getQualifier()).isEqualTo(VIEW); + isPublic(view1Authorization, VIEW); - PermissionIndexerDao.Dto project2Authorization = dtos.get(project2.uuid()); - assertThat(project2Authorization.getGroupIds()).isEmpty(); - assertThat(project2Authorization.isAllowAnyone()).isFalse(); - assertThat(project2Authorization.getUserIds()).containsOnly(user1.getId(), user2.getId()); - assertThat(project2Authorization.getUpdatedAt()).isNotNull(); - assertThat(project2Authorization.getQualifier()).isEqualTo(PROJECT); + PermissionIndexerDao.Dto privateProject1Authorization = dtos.get(privateProject1.uuid()); + assertThat(privateProject1Authorization.getGroupIds()).containsOnly(group.getId()); + assertThat(privateProject1Authorization.isAllowAnyone()).isFalse(); + assertThat(privateProject1Authorization.getUserIds()).containsOnly(user1.getId(), user2.getId()); + assertThat(privateProject1Authorization.getUpdatedAt()).isNotNull(); + assertThat(privateProject1Authorization.getQualifier()).isEqualTo(PROJECT); + + PermissionIndexerDao.Dto privateProject2Authorization = dtos.get(privateProject2.uuid()); + assertThat(privateProject2Authorization.getGroupIds()).isEmpty(); + assertThat(privateProject2Authorization.isAllowAnyone()).isFalse(); + assertThat(privateProject2Authorization.getUserIds()).containsOnly(user1.getId()); + assertThat(privateProject2Authorization.getUpdatedAt()).isNotNull(); + assertThat(privateProject2Authorization.getQualifier()).isEqualTo(PROJECT); PermissionIndexerDao.Dto view2Authorization = dtos.get(view2.uuid()); - assertThat(view2Authorization.getGroupIds()).isEmpty(); - assertThat(view2Authorization.isAllowAnyone()).isFalse(); - assertThat(view2Authorization.getUserIds()).containsOnly(user1.getId(), user2.getId()); - assertThat(view2Authorization.getUpdatedAt()).isNotNull(); - assertThat(view2Authorization.getQualifier()).isEqualTo(VIEW); + isPublic(view2Authorization, VIEW); } @Test public void select_by_projects_with_high_number_of_projects() throws Exception { - List<String> projects = new ArrayList<>(); + List<String> projectUuids = new ArrayList<>(); for (int i = 0; i < 350; i++) { ComponentDto project = ComponentTesting.newPrivateProjectDto(dbTester.getDefaultOrganization(), Integer.toString(i)); dbClient.componentDao().insert(dbSession, project); - projects.add(project.uuid()); + projectUuids.add(project.uuid()); GroupPermissionDto dto = new GroupPermissionDto() .setOrganizationUuid(group.getOrganizationUuid()) .setGroupId(group.getId()) @@ -169,15 +163,15 @@ public class PermissionIndexerDaoTest { } dbSession.commit(); - Map<String, PermissionIndexerDao.Dto> dtos = underTest.selectByUuids(dbClient, dbSession, projects) - .stream() - .collect(MoreCollectors.uniqueIndex(PermissionIndexerDao.Dto::getProjectUuid, Function.identity())); - assertThat(dtos).hasSize(350); + assertThat(underTest.selectByUuids(dbClient, dbSession, projectUuids)) + .hasSize(350) + .extracting(PermissionIndexerDao.Dto::getProjectUuid) + .containsAll(projectUuids); } @Test - public void return_project_without_permission_if_no_authorization() { - List<PermissionIndexerDao.Dto> dtos = underTest.selectByUuids(dbClient, dbSession, asList(project1.uuid())); + public void return_private_project_without_any_permission_when_no_permission_in_DB() { + List<PermissionIndexerDao.Dto> dtos = underTest.selectByUuids(dbClient, dbSession, singletonList(privateProject1.uuid())); // no permissions assertThat(dtos).hasSize(1); @@ -185,8 +179,58 @@ public class PermissionIndexerDaoTest { assertThat(dto.getGroupIds()).isEmpty(); assertThat(dto.getUserIds()).isEmpty(); assertThat(dto.isAllowAnyone()).isFalse(); - assertThat(dto.getProjectUuid()).isEqualTo(project1.uuid()); - assertThat(dto.getQualifier()).isEqualTo(project1.qualifier()); + assertThat(dto.getProjectUuid()).isEqualTo(privateProject1.uuid()); + assertThat(dto.getQualifier()).isEqualTo(privateProject1.qualifier()); + } + + @Test + public void return_public_project_with_only_AllowAnyone_true_when_no_permission_in_DB() { + List<PermissionIndexerDao.Dto> dtos = underTest.selectByUuids(dbClient, dbSession, singletonList(publicProject.uuid())); + + assertThat(dtos).hasSize(1); + PermissionIndexerDao.Dto dto = dtos.get(0); + assertThat(dto.getGroupIds()).isEmpty(); + assertThat(dto.getUserIds()).isEmpty(); + assertThat(dto.isAllowAnyone()).isTrue(); + assertThat(dto.getProjectUuid()).isEqualTo(publicProject.uuid()); + assertThat(dto.getQualifier()).isEqualTo(publicProject.qualifier()); + } + + @Test + public void return_private_project_with_AllowAnyone_false_and_user_id_when_user_is_granted_USER_permission_directly() { + dbTester.users().insertProjectPermissionOnUser(user1, USER, privateProject1); + List<PermissionIndexerDao.Dto> dtos = underTest.selectByUuids(dbClient, dbSession, singletonList(privateProject1.uuid())); + + assertThat(dtos).hasSize(1); + PermissionIndexerDao.Dto dto = dtos.get(0); + assertThat(dto.getGroupIds()).isEmpty(); + assertThat(dto.getUserIds()).containsOnly(user1.getId()); + assertThat(dto.isAllowAnyone()).isFalse(); + assertThat(dto.getProjectUuid()).isEqualTo(privateProject1.uuid()); + assertThat(dto.getQualifier()).isEqualTo(privateProject1.qualifier()); + } + + @Test + public void return_private_project_with_AllowAnyone_false_and_group_id_but_not_user_id_when_user_is_granted_USER_permission_through_group() { + dbTester.users().insertMember(group, user1); + dbTester.users().insertProjectPermissionOnGroup(group, USER, privateProject1); + List<PermissionIndexerDao.Dto> dtos = underTest.selectByUuids(dbClient, dbSession, singletonList(privateProject1.uuid())); + + assertThat(dtos).hasSize(1); + PermissionIndexerDao.Dto dto = dtos.get(0); + assertThat(dto.getGroupIds()).containsOnly(group.getId()); + assertThat(dto.getUserIds()).isEmpty(); + assertThat(dto.isAllowAnyone()).isFalse(); + assertThat(dto.getProjectUuid()).isEqualTo(privateProject1.uuid()); + assertThat(dto.getQualifier()).isEqualTo(privateProject1.qualifier()); + } + + private void isPublic(PermissionIndexerDao.Dto view1Authorization, String qualifier) { + assertThat(view1Authorization.getGroupIds()).isEmpty(); + assertThat(view1Authorization.isAllowAnyone()).isTrue(); + assertThat(view1Authorization.getUserIds()).isEmpty(); + assertThat(view1Authorization.getUpdatedAt()).isNotNull(); + assertThat(view1Authorization.getQualifier()).isEqualTo(qualifier); } private static PermissionIndexerDao.Dto getByProjectUuid(String projectUuid, Collection<PermissionIndexerDao.Dto> dtos) { @@ -194,26 +238,19 @@ public class PermissionIndexerDaoTest { } private void insertTestDataForProjectsAndViews() { - // user1 can access both projects - userDbTester.insertProjectPermissionOnUser(user1, USER, project1); - userDbTester.insertProjectPermissionOnUser(user1, ADMIN, project1); - userDbTester.insertProjectPermissionOnUser(user1, USER, project2); - userDbTester.insertProjectPermissionOnUser(user1, USER, view1); + // user1 has USER access on both private projects + userDbTester.insertProjectPermissionOnUser(user1, ADMIN, publicProject); + userDbTester.insertProjectPermissionOnUser(user1, USER, privateProject1); + userDbTester.insertProjectPermissionOnUser(user1, USER, privateProject2); userDbTester.insertProjectPermissionOnUser(user1, ADMIN, view1); - userDbTester.insertProjectPermissionOnUser(user1, USER, view2); - // user2 has user access on project2 only - userDbTester.insertProjectPermissionOnUser(user2, USER, project2); - userDbTester.insertProjectPermissionOnUser(user2, USER, view2); + // user2 has USER access on privateProject1 only + userDbTester.insertProjectPermissionOnUser(user2, USER, privateProject1); + userDbTester.insertProjectPermissionOnUser(user2, ADMIN, privateProject2); - // group1 has user access on project1 only - userDbTester.insertProjectPermissionOnGroup(group, USER, project1); - userDbTester.insertProjectPermissionOnGroup(group, ADMIN, project1); - userDbTester.insertProjectPermissionOnGroup(group, USER, view1); + // group1 has USER access on privateProject1 only + userDbTester.insertProjectPermissionOnGroup(group, USER, privateProject1); + userDbTester.insertProjectPermissionOnGroup(group, ADMIN, privateProject1); userDbTester.insertProjectPermissionOnGroup(group, ADMIN, view1); - - // Anyone group has user access on both projects - userDbTester.insertProjectPermissionOnAnyone(USER, project1); - userDbTester.insertProjectPermissionOnAnyone(ADMIN, project1); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java index 8e0d2c54d87..04091ada770 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java @@ -45,13 +45,10 @@ public class PermissionIndexerTest { @Rule public ExpectedException expectedException = ExpectedException.none(); - @Rule public DbTester dbTester = DbTester.create(System2.INSTANCE); - @Rule public EsTester esTester = new EsTester(new FooIndexDefinition()); - @Rule public UserSessionRule userSession = UserSessionRule.standalone(); @@ -59,12 +56,11 @@ public class PermissionIndexerTest { private UserDbTester userDbTester = new UserDbTester(dbTester); private FooIndex fooIndex = new FooIndex(esTester.client(), new AuthorizationTypeSupport(userSession)); private FooIndexer fooIndexer = new FooIndexer(esTester.client()); - private PermissionIndexer underTest = new PermissionIndexer( - dbTester.getDbClient(), esTester.client(), fooIndexer); + private PermissionIndexer underTest = new PermissionIndexer(dbTester.getDbClient(), esTester.client(), fooIndexer); @Test public void initializeOnStartup_grants_access_to_user() { - ComponentDto project = createAndIndexProject(); + ComponentDto project = createAndIndexPrivateProject(); UserDto user1 = userDbTester.insertUser(); UserDto user2 = userDbTester.insertUser(); userDbTester.insertProjectPermissionOnUser(user1, USER, project); @@ -84,7 +80,7 @@ public class PermissionIndexerTest { @Test public void initializeOnStartup_grants_access_to_group() { - ComponentDto project = createAndIndexProject(); + ComponentDto project = createAndIndexPrivateProject(); UserDto user1 = userDbTester.insertUser(); UserDto user2 = userDbTester.insertUser(); UserDto user3 = userDbTester.insertUser(); @@ -110,7 +106,7 @@ public class PermissionIndexerTest { @Test public void initializeOnStartup_grants_access_to_user_and_group() { - ComponentDto project = createAndIndexProject(); + ComponentDto project = createAndIndexPrivateProject(); UserDto user1 = userDbTester.insertUser(); UserDto user2 = userDbTester.insertUser(); GroupDto group = userDbTester.insertGroup(); @@ -134,8 +130,8 @@ public class PermissionIndexerTest { } @Test - public void initializeOnStartup_does_not_grant_access_to_anybody() { - ComponentDto project = createAndIndexProject(); + public void initializeOnStartup_does_not_grant_access_to_anybody_on_private_project() { + ComponentDto project = createAndIndexPrivateProject(); UserDto user = userDbTester.insertUser(); GroupDto group = userDbTester.insertGroup(); @@ -147,11 +143,23 @@ public class PermissionIndexerTest { } @Test - public void initializeOnStartup_grants_access_to_anyone() { - ComponentDto project = createAndIndexProject(); + public void initializeOnStartup_grants_access_to_anybody_on_public_project() { + ComponentDto project = createAndIndexPublicProject(); + UserDto user = userDbTester.insertUser(); + GroupDto group = userDbTester.insertGroup(); + + indexOnStartup(); + + verifyAnyoneAuthorized(project); + verifyAuthorized(project, user); + verifyAuthorized(project, user, group); + } + + @Test + public void initializeOnStartup_grants_access_to_anybody_on_view() { + ComponentDto project = createAndIndexView(); UserDto user = userDbTester.insertUser(); GroupDto group = userDbTester.insertGroup(); - userDbTester.insertProjectPermissionOnAnyone(USER, project); indexOnStartup(); @@ -166,7 +174,7 @@ public class PermissionIndexerTest { UserDto user2 = userDbTester.insertUser(); ComponentDto project = null; for (int i = 0; i < PermissionIndexer.MAX_BATCH_SIZE + 10; i++) { - project = createAndIndexProject(); + project = createAndIndexPrivateProject(); userDbTester.insertProjectPermissionOnUser(user1, USER, project); } @@ -179,8 +187,8 @@ public class PermissionIndexerTest { @Test public void deleteProject_deletes_the_documents_related_to_the_project() { - ComponentDto project1 = createAndIndexProject(); - ComponentDto project2 = createAndIndexProject(); + ComponentDto project1 = createAndIndexPublicProject(); + ComponentDto project2 = createAndIndexPublicProject(); userDbTester.insertProjectPermissionOnAnyone(USER, project1); userDbTester.insertProjectPermissionOnAnyone(USER, project2); indexOnStartup(); @@ -192,7 +200,7 @@ public class PermissionIndexerTest { @Test public void indexProject_does_nothing_because_authorizations_are_triggered_outside_standard_indexer_lifecycle() { - ComponentDto project = createAndIndexProject(); + ComponentDto project = createAndIndexPublicProject(); userDbTester.insertProjectPermissionOnAnyone(USER, project); underTest.indexProject(project.uuid(), ProjectIndexer.Cause.NEW_ANALYSIS); @@ -203,20 +211,9 @@ public class PermissionIndexerTest { } @Test - public void projects_without_any_permission_are_not_returned() { - ComponentDto project = createAndIndexProject(); - UserDto user1 = userDbTester.insertUser(); - - indexOnStartup(); - - verifyAnyoneNotAuthorized(project); - verifyNotAuthorized(project, user1); - } - - @Test - public void permissions_on_anyone_should_not_conflict_between_organizations() { - ComponentDto projectOnOrg1 = createAndIndexProject(dbTester.organizations().insert()); - ComponentDto projectOnOrg2 = createAndIndexProject(dbTester.organizations().insert()); + public void public_projects_are_visible_to_any_body_which_ever_the_organization() { + ComponentDto projectOnOrg1 = createAndIndexPublicProject(dbTester.organizations().insert()); + ComponentDto projectOnOrg2 = createAndIndexPublicProject(dbTester.organizations().insert()); UserDto user = userDbTester.insertUser(); userDbTester.insertProjectPermissionOnAnyone(USER, projectOnOrg1); userDbTester.insertProjectPermissionOnUser(user, USER, projectOnOrg2); @@ -224,8 +221,8 @@ public class PermissionIndexerTest { indexOnStartup(); verifyAnyoneAuthorized(projectOnOrg1); - verifyAnyoneNotAuthorized(projectOnOrg2); - verifyAuthorized(projectOnOrg1, user);// because anyone + verifyAnyoneAuthorized(projectOnOrg2); + verifyAuthorized(projectOnOrg1, user); verifyAuthorized(projectOnOrg2, user); } @@ -272,13 +269,25 @@ public class PermissionIndexerTest { return userSession; } - private ComponentDto createAndIndexProject() { + private ComponentDto createAndIndexPublicProject() { ComponentDto project = componentDbTester.insertPublicProject(); fooIndexer.indexProject(project.uuid(), ProjectIndexer.Cause.PROJECT_CREATION); return project; } - private ComponentDto createAndIndexProject(OrganizationDto org) { + private ComponentDto createAndIndexPrivateProject() { + ComponentDto project = componentDbTester.insertPrivateProject(); + fooIndexer.indexProject(project.uuid(), ProjectIndexer.Cause.PROJECT_CREATION); + return project; + } + + private ComponentDto createAndIndexView() { + ComponentDto project = componentDbTester.insertView(); + fooIndexer.indexProject(project.uuid(), ProjectIndexer.Cause.PROJECT_CREATION); + return project; + } + + private ComponentDto createAndIndexPublicProject(OrganizationDto org) { ComponentDto project = componentDbTester.insertPublicProject(org); fooIndexer.indexProject(project.uuid(), ProjectIndexer.Cause.PROJECT_CREATION); return project; diff --git a/server/sonar-server/src/test/resources/org/sonar/server/issue/ws/SearchActionMediumTest/load_additional_fields.json b/server/sonar-server/src/test/resources/org/sonar/server/issue/ws/SearchActionMediumTest/load_additional_fields.json index f5510c017e5..9067cf79fde 100644 --- a/server/sonar-server/src/test/resources/org/sonar/server/issue/ws/SearchActionMediumTest/load_additional_fields.json +++ b/server/sonar-server/src/test/resources/org/sonar/server/issue/ws/SearchActionMediumTest/load_additional_fields.json @@ -22,11 +22,6 @@ "name": "Simon", "avatar": "ab0ec6adc38ad44a15105f207394946f", "active": true - }, - { - "login": "admin", - "name": "Administrator", - "active": true } ] } diff --git a/server/sonar-server/src/test/resources/org/sonar/server/issue/ws/SearchActionMediumTest/load_additional_fields_with_issue_admin_permission.json b/server/sonar-server/src/test/resources/org/sonar/server/issue/ws/SearchActionMediumTest/load_additional_fields_with_issue_admin_permission.json index 745ffde8fa5..309f9bf4552 100644 --- a/server/sonar-server/src/test/resources/org/sonar/server/issue/ws/SearchActionMediumTest/load_additional_fields_with_issue_admin_permission.json +++ b/server/sonar-server/src/test/resources/org/sonar/server/issue/ws/SearchActionMediumTest/load_additional_fields_with_issue_admin_permission.json @@ -26,11 +26,6 @@ "name": "Simon", "avatar": "ab0ec6adc38ad44a15105f207394946f", "active": true - }, - { - "login": "admin", - "name": "Administrator", - "active": true } ] } |