diff options
author | Simon Brandhof <simon.brandhof@sonarsource.com> | 2017-02-08 17:29:21 +0100 |
---|---|---|
committer | Simon Brandhof <simon.brandhof@sonarsource.com> | 2017-02-10 22:49:09 +0100 |
commit | 9fe9e202fe21e5c62378e11992cc46c8122ddf56 (patch) | |
tree | 9196f66c25adb69d260606fd8a3816aa7bb167dd | |
parent | a477248ab4050a0c81cf9a462c3b99fe4fffddc1 (diff) | |
download | sonarqube-9fe9e202fe21e5c62378e11992cc46c8122ddf56.tar.gz sonarqube-9fe9e202fe21e5c62378e11992cc46c8122ddf56.zip |
SONAR-8761 drop sync of root based on user permissions
29 files changed, 22 insertions, 1251 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java index f7841fb52b5..8ddb2154bd5 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java +++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java @@ -114,7 +114,6 @@ public class UserIdentityAuthenticator { .build()); UserDto newUser = dbClient.userDao().selectOrFailByLogin(dbSession, userLogin); syncGroups(dbSession, user, newUser); - updateRootFlag(dbSession, newUser); return newUser; } @@ -125,7 +124,6 @@ public class UserIdentityAuthenticator { .setExternalIdentity(new ExternalIdentity(provider.getKey(), user.getProviderLogin())) .setPassword(null)); syncGroups(dbSession, user, userDto); - updateRootFlag(dbSession, userDto); } private void syncGroups(DbSession dbSession, UserIdentity userIdentity, UserDto userDto) { @@ -165,11 +163,6 @@ public class UserIdentityAuthenticator { }); } - private void updateRootFlag(DbSession dbSession, UserDto userDto) { - dbClient.userDao().updateRootFlagFromPermissions(dbSession, userDto.getId(), defaultOrganizationProvider.get().getUuid()); - dbSession.commit(); - } - private enum GroupDtoToName implements Function<GroupDto, String> { INSTANCE; diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java index 535f8995da9..1a4de6d5c98 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java @@ -25,7 +25,6 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.permission.GroupPermissionDto; import org.sonar.server.exceptions.BadRequestException; -import org.sonar.server.organization.DefaultOrganizationProvider; import static java.lang.String.format; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; @@ -34,11 +33,9 @@ import static org.sonar.server.permission.ws.PermissionRequestValidator.validate public class GroupPermissionChanger { private final DbClient dbClient; - private final DefaultOrganizationProvider defaultOrganizationProvider; - public GroupPermissionChanger(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) { + public GroupPermissionChanger(DbClient dbClient) { this.dbClient = dbClient; - this.defaultOrganizationProvider = defaultOrganizationProvider; } public boolean apply(DbSession dbSession, GroupPermissionChange change) { @@ -64,7 +61,6 @@ public class GroupPermissionChanger { .setGroupId(change.getGroupIdOrAnyone().getId()) .setResourceId(change.getNullableProjectId()); dbClient.groupPermissionDao().insert(dbSession, addedDto); - updateRootFlag(dbSession, change); return true; } @@ -78,16 +74,9 @@ public class GroupPermissionChanger { change.getOrganizationUuid(), change.getGroupIdOrAnyone().getId(), change.getNullableProjectId()); - updateRootFlag(dbSession, change); return true; } - private void updateRootFlag(DbSession dbSession, GroupPermissionChange change) { - if (SYSTEM_ADMIN.equals(change.getPermission()) && !change.getGroupIdOrAnyone().isAnyone() && !change.getProjectId().isPresent()) { - dbClient.groupDao().updateRootFlagOfUsersInGroupFromPermissions(dbSession, change.getGroupIdOrAnyone().getId(), defaultOrganizationProvider.get().getUuid()); - } - } - private List<String> loadExistingPermissions(DbSession dbSession, GroupPermissionChange change) { Optional<ProjectId> projectId = change.getProjectId(); if (projectId.isPresent()) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java b/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java index 8b7c0b56078..ed862bbbab9 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java @@ -25,7 +25,6 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.permission.UserPermissionDto; import org.sonar.server.exceptions.BadRequestException; -import org.sonar.server.organization.DefaultOrganizationProvider; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; @@ -35,11 +34,9 @@ import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; public class UserPermissionChanger { private final DbClient dbClient; - private final DefaultOrganizationProvider defaultOrganizationProvider; - public UserPermissionChanger(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) { + public UserPermissionChanger(DbClient dbClient) { this.dbClient = dbClient; - this.defaultOrganizationProvider = defaultOrganizationProvider; } public boolean apply(DbSession dbSession, UserPermissionChange change) { @@ -59,7 +56,6 @@ public class UserPermissionChanger { } UserPermissionDto dto = new UserPermissionDto(change.getOrganizationUuid(), change.getPermission(), change.getUserId().getId(), change.getNullableProjectId()); dbClient.userPermissionDao().insert(dbSession, dto); - updateRootFlag(dbSession, change); return true; } @@ -74,7 +70,6 @@ public class UserPermissionChanger { } else { dbClient.userPermissionDao().deleteGlobalPermission(dbSession, change.getUserId().getId(), change.getPermission(), change.getOrganizationUuid()); } - updateRootFlag(dbSession, change); return true; } @@ -99,10 +94,4 @@ public class UserPermissionChanger { } } } - - private void updateRootFlag(DbSession dbSession, UserPermissionChange change) { - if (SYSTEM_ADMIN.equals(change.getPermission()) && !change.getProjectId().isPresent()) { - dbClient.userDao().updateRootFlagFromPermissions(dbSession, change.getUserId().getId(), defaultOrganizationProvider.get().getUuid()); - } - } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java index 890be73e8e1..009fee22a68 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java @@ -59,7 +59,8 @@ public interface UserSession { boolean isLoggedIn(); /** - * Whether the user has root privileges. + * Whether the user has root privileges when organizations are enabled. + * Always returns {@code false} when organizations are disabled. */ boolean isRoot(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java index 688636c5fcf..47c6ddf3ced 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java @@ -92,7 +92,6 @@ public class UserUpdater { public UserDto create(NewUser newUser) { try (DbSession dbSession = dbClient.openSession(false)) { UserDto createdUser = create(dbSession, newUser); - dbClient.userDao().updateRootFlagFromPermissions(dbSession, createdUser.getId(), defaultOrganizationProvider.get().getUuid()); dbSession.commit(); return createdUser; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java index 0ef7cbb3caf..ab5f8a6203e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java @@ -28,7 +28,6 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; import org.sonar.db.user.UserGroupDto; -import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.user.UserSession; import static java.lang.String.format; @@ -44,13 +43,11 @@ public class AddUserAction implements UserGroupsWsAction { private final DbClient dbClient; private final UserSession userSession; private final GroupWsSupport support; - private final DefaultOrganizationProvider defaultOrganizationProvider; - public AddUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support, DefaultOrganizationProvider defaultOrganizationProvider) { + public AddUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support) { this.dbClient = dbClient; this.userSession = userSession; this.support = support; - this.defaultOrganizationProvider = defaultOrganizationProvider; } @Override @@ -81,7 +78,6 @@ public class AddUserAction implements UserGroupsWsAction { if (!isMemberOf(dbSession, user, groupId)) { UserGroupDto membershipDto = new UserGroupDto().setGroupId(groupId.getId()).setUserId(user.getId()); dbClient.userGroupDao().insert(dbSession, membershipDto); - dbClient.userDao().updateRootFlagFromPermissions(dbSession, user.getId(), defaultOrganizationProvider.get().getUuid()); dbSession.commit(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java index 35b75f8f453..1a5ab10e85b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java @@ -80,7 +80,6 @@ public class DeleteAction implements UserGroupsWsAction { checkNotTryingToDeleteLastAdminGroup(dbSession, groupId); removeGroupPermissions(dbSession, groupId); removeFromPermissionTemplates(dbSession, groupId); - updateRootFlagOfMembers(dbSession, groupId); removeGroupMembers(dbSession, groupId); dbClient.groupDao().deleteById(dbSession, groupId.getId()); @@ -119,10 +118,6 @@ public class DeleteAction implements UserGroupsWsAction { dbClient.permissionTemplateDao().deleteByGroup(dbSession, groupId.getId()); } - private void updateRootFlagOfMembers(DbSession dbSession, GroupId groupId) { - dbClient.groupDao().updateRootFlagOfUsersInGroupFromPermissions(dbSession, groupId.getId(), defaultOrganizationProvider.get().getUuid()); - } - private void removeGroupMembers(DbSession dbSession, GroupId groupId) { dbClient.userGroupDao().deleteByGroupId(dbSession, groupId.getId()); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java index 5287fc0656e..dc0e2b5da57 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java @@ -27,7 +27,6 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; -import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.user.UserSession; import static java.lang.String.format; @@ -44,13 +43,11 @@ public class RemoveUserAction implements UserGroupsWsAction { private final DbClient dbClient; private final UserSession userSession; private final GroupWsSupport support; - private final DefaultOrganizationProvider defaultOrganizationProvider; - public RemoveUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support, DefaultOrganizationProvider defaultOrganizationProvider) { + public RemoveUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support) { this.dbClient = dbClient; this.userSession = userSession; this.support = support; - this.defaultOrganizationProvider = defaultOrganizationProvider; } @Override @@ -82,7 +79,6 @@ public class RemoveUserAction implements UserGroupsWsAction { ensureLastAdminIsNotRemoved(dbSession, group, user); dbClient.userGroupDao().delete(dbSession, group.getId(), user.getId()); - dbClient.userDao().updateRootFlagFromPermissions(dbSession, user.getId(), defaultOrganizationProvider.get().getUuid()); dbSession.commit(); response.noContent(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java index 0f17e592ad8..373b0ce035e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java @@ -105,6 +105,7 @@ public class UserIdentityAuthenticatorTest { assertThat(user.getEmail()).isEqualTo("john@email.com"); assertThat(user.getExternalIdentity()).isEqualTo("johndoo"); assertThat(user.getExternalIdentityProvider()).isEqualTo("github"); + assertThat(user.isRoot()).isFalse(); assertThat(db.users().selectGroupIdsOfUser(user)).containsOnly(defaultGroup.getId()); } @@ -118,6 +119,7 @@ public class UserIdentityAuthenticatorTest { Optional<UserDto> user = db.users().selectUserByLogin(USER_LOGIN); assertThat(user).isPresent(); + assertThat(user.get().isRoot()).isFalse(); assertThat(db.users().selectGroupIdsOfUser(user.get())).containsOnly(group1.getId(), group2.getId()); } @@ -140,6 +142,7 @@ public class UserIdentityAuthenticatorTest { assertThat(userDto.getEmail()).isEqualTo("john@email.com"); assertThat(userDto.getExternalIdentity()).isEqualTo("johndoo"); assertThat(userDto.getExternalIdentityProvider()).isEqualTo("github"); + assertThat(userDto.isRoot()).isFalse(); } @Test @@ -160,6 +163,7 @@ public class UserIdentityAuthenticatorTest { assertThat(userDto.getEmail()).isEqualTo("john@email.com"); assertThat(userDto.getExternalIdentity()).isEqualTo("johndoo"); assertThat(userDto.getExternalIdentityProvider()).isEqualTo("github"); + assertThat(userDto.isRoot()).isFalse(); } @Test @@ -206,133 +210,6 @@ public class UserIdentityAuthenticatorTest { } @Test - public void authenticate_new_user_and_add_it_to_no_group_sets_root_flag_to_false() { - authenticate(USER_LOGIN); - - db.rootFlag().verify(USER_LOGIN, false); - } - - @Test - public void authenticate_new_user_and_add_it_to_admin_group_of_default_organization_sets_root_flag_to_true() { - GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization()); - - authenticate(USER_LOGIN, adminGroup.getName()); - - db.rootFlag().verify(USER_LOGIN, true); - } - - @Test - public void authenticate_new_user_and_add_it_to_admin_group_of_other_organization_does_not_set_root_flag_to_true() { - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto adminGroup = db.users().insertAdminGroup(otherOrganization); - - authenticate(USER_LOGIN, adminGroup.getName()); - - db.rootFlag().verify(USER_LOGIN, false); - } - - @Test - public void authenticate_existing_user_and_add_it_to_no_group_sets_root_flag_to_false() { - UserDto userDto = db.users().insertUser(); - - authenticate(userDto.getLogin()); - - db.rootFlag().verify(userDto, false); - } - - @Test - public void authenticate_existing_user_and_add_it_to_admin_group_of_default_organization_sets_root_flag_to_true() { - GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization()); - UserDto userDto = db.users().insertUser(); - - authenticate(userDto.getLogin(), adminGroup.getName()); - - db.rootFlag().verify(userDto, true); - } - - @Test - public void authenticate_existing_user_and_add_it_to_admin_group_of_other_organization_sets_root_flag_to_false() { - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto adminGroup = db.users().insertAdminGroup(otherOrganization); - UserDto userDto = db.users().insertUser(); - - authenticate(userDto.getLogin(), adminGroup.getName()); - - db.rootFlag().verify(userDto, false); - } - - @Test - public void authenticate_existing_user_and_remove_it_from_admin_group_of_default_organization_sets_root_flag_to_false() { - GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization()); - UserDto userDto = db.users().makeRoot(db.users().insertUser()); - db.users().insertMembers(adminGroup, userDto); - - authenticate(userDto.getLogin()); - - db.rootFlag().verify(userDto, false); - } - - @Test - public void authenticate_existing_user_with_user_permission_admin_on_default_organization_with_no_group_does_not_set_root_flag_to_false() { - UserDto rootUser = db.users().insertRootByUserPermission(); - - authenticate(rootUser.getLogin()); - - db.rootFlag().verify(rootUser, true); - } - - @Test - public void authenticate_existing_user_with_user_permission_admin_on_default_organization_with_non_admin_groups_does_not_set_root_flag_to_false() { - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto defaultOrgGroup = db.users().insertGroup(db.getDefaultOrganization()); - GroupDto otherOrgGroup = db.users().insertGroup(otherOrganization); - UserDto rootUser = db.users().insertRootByUserPermission(); - - authenticate(rootUser.getLogin(), defaultOrgGroup.getName(), otherOrgGroup.getName()); - - db.rootFlag().verify(rootUser, true); - } - - @Test - public void authenticate_user_multiple_times_sets_root_flag_to_true_only_if_at_least_one_group_is_admin() { - GroupDto defaultAdminGroup = db.users().insertAdminGroup(db.getDefaultOrganization(), "admin_of_default"); - GroupDto defaultSomeGroup = db.users().insertGroup(db.getDefaultOrganization(), "some_group_of_default"); - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto otherAdminGroup = db.users().insertAdminGroup(otherOrganization, "admin_of_other"); - GroupDto otherSomeGroup = db.users().insertGroup(otherOrganization, "some_group_of_other"); - - authenticate(USER_LOGIN, defaultAdminGroup.getName(), defaultSomeGroup.getName(), otherAdminGroup.getName(), otherSomeGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, defaultAdminGroup.getName(), defaultSomeGroup.getName(), otherAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, otherAdminGroup.getName(), defaultAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, otherAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, false); - - authenticate(USER_LOGIN, otherAdminGroup.getName(), otherSomeGroup.getName()); - db.rootFlag().verify(USER_LOGIN, false); - - authenticate(USER_LOGIN, otherAdminGroup.getName(), otherSomeGroup.getName()); - db.rootFlag().verify(USER_LOGIN, false); - - authenticate(USER_LOGIN, otherAdminGroup.getName(), defaultAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, defaultSomeGroup.getName(), defaultAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, otherSomeGroup.getName(), defaultAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, otherSomeGroup.getName(), defaultSomeGroup.getName()); - db.rootFlag().verify(USER_LOGIN, false); - } - - @Test public void ignore_groups_on_non_default_organizations() throws Exception { OrganizationDto org = db.organizations().insert(); UserDto user = db.users().insertUser(newUserDto() diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java index 48ff6a9c89c..fac0e312a19 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java @@ -32,7 +32,6 @@ import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; -import org.sonar.server.organization.TestDefaultOrganizationProvider; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static org.assertj.core.api.Assertions.assertThat; @@ -44,7 +43,7 @@ public class GroupPermissionChangerTest { @Rule public ExpectedException expectedException = ExpectedException.none(); - private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient(), TestDefaultOrganizationProvider.from(db)); + private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient()); private OrganizationDto org; private GroupDto group; private ComponentDto project; diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java index dabab36599f..23f27b4aad4 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java @@ -50,8 +50,7 @@ public class UserPermissionChangerTest { @Rule public ExpectedException expectedException = ExpectedException.none(); - private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); - private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient(), defaultOrganizationProvider); + private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient()); private OrganizationDto org1; private OrganizationDto org2; private UserDto user1; diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java index c0cead62f5a..f93bdf80f9f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java @@ -25,7 +25,6 @@ import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; -import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; @@ -312,62 +311,6 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> { assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(ISSUE_ADMIN); } - - @Test - public void set_root_flag_to_true_on_all_users_in_group_when_admin_permission_to_group_of_default_organization_without_org_param() throws Exception { - GroupDto group = db.users().insertGroup(db.getDefaultOrganization()); - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - UserDto notInGroupUser = db.users().insertUser(); - db.users().insertMembers(group, rootByUserPermissionUser, rootByGroupPermissionUser, notRootUser); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(group, SYSTEM_ADMIN); - - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verify(rootByGroupPermissionUser, true); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(notInGroupUser); - } - - @Test - public void set_root_flag_to_true_on_all_users_in_group_when_admin_permission_to_group_of_default_organization_with_org_param() throws Exception { - GroupDto group = db.users().insertGroup(db.getDefaultOrganization()); - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - UserDto notInGroupUser = db.users().insertUser(); - db.users().insertMembers(group, rootByUserPermissionUser, rootByGroupPermissionUser, notRootUser); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(group, db.getDefaultOrganization(), SYSTEM_ADMIN); - - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verify(rootByGroupPermissionUser, true); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(notInGroupUser); - } - - @Test - public void does_not_set_root_flag_to_true_on_all_users_in_group_when_admin_permission_to_group_of_default_organization() throws Exception { - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto group = db.users().insertGroup(otherOrganization); - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - UserDto notInGroupUser = db.users().insertUser(); - db.users().insertMembers(group, rootByUserPermissionUser, rootByGroupPermissionUser, notRootUser); - loginAsAdmin(otherOrganization); - - executeRequest(group, otherOrganization, SYSTEM_ADMIN); - - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verify(rootByGroupPermissionUser, true); - db.rootFlag().verify(notRootUser, false); - db.rootFlag().verifyUnchanged(notInGroupUser); - } - private void executeRequest(GroupDto groupDto, OrganizationDto organizationDto, String permission) throws Exception { newRequest() .setParam(PARAM_GROUP_NAME, groupDto.getName()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java index 44b8917e31a..1ac4b311c56 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java @@ -262,77 +262,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> { assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(ISSUE_ADMIN); } - @Test - public void sets_root_flag_to_true_when_adding_user_admin_permission_without_org_parameter() throws Exception { - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(notRootUser, SYSTEM_ADMIN); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByUserPermissionUser, SYSTEM_ADMIN); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); // because already has specified user permission - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByGroupPermissionUser, SYSTEM_ADMIN); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); - db.rootFlag().verify(rootByGroupPermissionUser, true); - } - - @Test - public void sets_root_flag_to_true_when_adding_user_admin_permission_with_default_organization_uuid() throws Exception { - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(notRootUser, SYSTEM_ADMIN, db.getDefaultOrganization()); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByUserPermissionUser, SYSTEM_ADMIN, db.getDefaultOrganization()); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); // because already has specified user permission - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByGroupPermissionUser, SYSTEM_ADMIN, db.getDefaultOrganization()); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); - db.rootFlag().verify(rootByGroupPermissionUser, true); - } - - @Test - public void does_not_set_root_flag_when_adding_user_admin_permission_with_other_organization_uuid() throws Exception { - OrganizationDto otherOrganization = db.organizations().insert(); - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - loginAsAdmin(otherOrganization); - - executeRequest(notRootUser, SYSTEM_ADMIN, otherOrganization); - db.rootFlag().verify(notRootUser, false); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByUserPermissionUser, SYSTEM_ADMIN, otherOrganization); - db.rootFlag().verify(notRootUser, false); - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByGroupPermissionUser, SYSTEM_ADMIN, otherOrganization); - db.rootFlag().verify(notRootUser, false); - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verify(rootByGroupPermissionUser, true); - } - - @Test +@Test public void organization_parameter_must_not_be_set_on_project_permissions() { ComponentDto project = db.components().insertProject(); loginAsAdmin(db.getDefaultOrganization()); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java index 7ce5ae37492..7cfa45aad6b 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java @@ -78,8 +78,8 @@ public abstract class BasePermissionWsTest<A extends PermissionsWsAction> { protected PermissionUpdater newPermissionUpdater() { return new PermissionUpdater(db.getDbClient(), mock(PermissionIndexer.class), - new UserPermissionChanger(db.getDbClient(), defaultOrganizationProvider), - new GroupPermissionChanger(db.getDbClient(), defaultOrganizationProvider)); + new UserPermissionChanger(db.getDbClient()), + new GroupPermissionChanger(db.getDbClient())); } protected TestRequest newRequest() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java index 51d752e5e6e..569e595e88f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java @@ -25,7 +25,6 @@ import org.sonar.api.web.UserRole; import org.sonar.db.component.ComponentDto; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; -import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; @@ -245,57 +244,6 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio .execute(); } - @Test - public void sets_root_flag_to_false_on_all_users_in_group_when_removing_admin_permission_from_group_of_default_organization_without_org_param() throws Exception { - UserDto lastAdminUser = db.users().insertRootByUserPermission(); - GroupDto adminGroup = db.users().insertAdminGroup(); - UserDto user1 = db.users().insertRootByGroupPermission("user1", adminGroup); - UserDto user2 = db.users().insertRootByGroupPermission("user2", adminGroup); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(adminGroup, SYSTEM_ADMIN); - - db.rootFlag().verify(user1, false); - db.rootFlag().verify(user2, false); - db.rootFlag().verifyUnchanged(lastAdminUser); - } - - @Test - public void sets_root_flag_to_false_on_all_users_in_group_when_removing_admin_permission_from_group_of_default_organization_with_org_param() throws Exception { - UserDto lastAdminUser = db.users().insertRootByUserPermission(); - GroupDto adminGroup = db.users().insertAdminGroup(); - UserDto user1 = db.users().insertRootByGroupPermission("user1", adminGroup); - UserDto user2 = db.users().insertRootByGroupPermission("user2", adminGroup); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(adminGroup, db.getDefaultOrganization(), SYSTEM_ADMIN); - - db.rootFlag().verify(user1, false); - db.rootFlag().verify(user2, false); - db.rootFlag().verifyUnchanged(lastAdminUser); - } - - @Test - public void does_not_set_root_flag_to_false_on_all_users_in_group_when_removing_admin_permission_from_group_of_other_organization() throws Exception { - OrganizationDto otherOrganization = db.organizations().insert(); - UserDto lastAdmin = db.users().insertUser(); - db.users().insertPermissionOnUser(otherOrganization, lastAdmin, SYSTEM_ADMIN); - GroupDto adminGroup = db.users().insertAdminGroup(otherOrganization); - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto inAdminGroupUser = db.users().insertUser(); - UserDto notInGroupUser = db.users().insertUser(); - db.users().insertMembers(adminGroup, rootByUserPermissionUser, rootByGroupPermissionUser, inAdminGroupUser); - loginAsAdmin(otherOrganization); - - executeRequest(adminGroup, otherOrganization, SYSTEM_ADMIN); - - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verify(rootByGroupPermissionUser, true); - db.rootFlag().verify(inAdminGroupUser, false); - db.rootFlag().verifyUnchanged(notInGroupUser); - } - private void executeRequest(GroupDto groupDto, String permission) throws Exception { newRequest() .setParam(PARAM_GROUP_NAME, groupDto.getName()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java index d2b8c971d12..1652263f7a9 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java @@ -23,7 +23,6 @@ import org.junit.Before; import org.junit.Test; import org.sonar.api.web.UserRole; import org.sonar.db.component.ComponentDto; -import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; @@ -40,7 +39,6 @@ import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newFileDto; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.component.ComponentTesting.newView; -import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY; @@ -232,65 +230,6 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction> } @Test - public void sets_root_flag_to_false_when_removing_user_admin_permission_of_default_organization_without_org_parameter() throws Exception { - UserDto lastAdminUser = db.users().insertRootByUserPermission(); - UserDto adminUser = db.users().insertRootByUserPermission(); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(adminUser, SYSTEM_ADMIN); - - db.rootFlag().verify(adminUser, false); - } - - @Test - public void sets_root_flag_to_false_when_removing_user_admin_permission_of_default_organization_with_org_parameter() throws Exception { - UserDto lastAdminUser = db.users().insertRootByUserPermission(); - UserDto adminUser = db.users().insertRootByUserPermission(); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(adminUser, db.getDefaultOrganization(), SYSTEM_ADMIN); - - db.rootFlag().verify(adminUser, false); - } - - @Test - public void does_not_set_root_flag_to_false_when_removing_user_admin_permission_of_other_organization() throws Exception { - UserDto rootUser = db.users().insertRootByUserPermission(); - UserDto notRootUser = db.users().insertUser(); - OrganizationDto otherOrganization = db.organizations().insert(); - db.users().insertPermissionOnUser(otherOrganization, rootUser, SYSTEM_ADMIN); - db.users().insertPermissionOnUser(otherOrganization, notRootUser, SYSTEM_ADMIN); - // another admin is required so that admin permission can be dropped - UserDto anotherAdmin = db.users().insertUser(); - db.users().insertPermissionOnUser(otherOrganization, anotherAdmin, SYSTEM_ADMIN); - - loginAsAdmin(otherOrganization); - - executeRequest(rootUser, otherOrganization, SYSTEM_ADMIN); - db.rootFlag().verify(rootUser, true); - db.rootFlag().verifyUnchanged(notRootUser); - - executeRequest(notRootUser, otherOrganization, SYSTEM_ADMIN); - db.rootFlag().verify(rootUser, true); - db.rootFlag().verify(notRootUser, false); - } - - private void executeRequest(UserDto userDto, OrganizationDto organizationDto, String permission) throws Exception { - newRequest() - .setParam(PARAM_USER_LOGIN, userDto.getLogin()) - .setParam(PARAM_PERMISSION, permission) - .setParam(PARAM_ORGANIZATION, organizationDto.getKey()) - .execute(); - } - - private void executeRequest(UserDto userDto, String permission) throws Exception { - newRequest() - .setParam(PARAM_USER_LOGIN, userDto.getLogin()) - .setParam(PARAM_PERMISSION, permission) - .execute(); - } - - @Test public void removing_global_permission_fails_if_not_administrator_of_organization() throws Exception { userSession.logIn(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java index 269ca936220..c5347fc49b9 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java @@ -113,6 +113,7 @@ public class CreateActionTest { // exists in db Optional<UserDto> dbUser = db.users().selectUserByLogin("john"); assertThat(dbUser).isPresent(); + assertThat(dbUser.get().isRoot()).isFalse(); // member of default group in default organization assertThat(db.users().selectGroupIdsOfUser(dbUser.get())).containsOnly(defaultGroupInDefaultOrg.getId()); @@ -130,8 +131,8 @@ public class CreateActionTest { .build()); assertThat(db.users().selectUserByLogin("john").get()) - .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity) - .containsOnly(true, "sonarqube", "john"); + .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity, UserDto::isRoot) + .containsOnly(true, "sonarqube", "john", false); } @Test @@ -145,8 +146,8 @@ public class CreateActionTest { .build()); assertThat(db.users().selectUserByLogin("john").get()) - .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity) - .containsOnly(false, "sonarqube", "john"); + .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity, UserDto::isRoot) + .containsOnly(false, "sonarqube", "john", false); } @Test @@ -213,27 +214,6 @@ public class CreateActionTest { } @Test - public void create_user_with_root_flag_to_false_if_default_group_is_unset() throws Exception { - unsetDefaultGroupProperty(); - logInAsRoot(); - - executeRequest("john"); - - db.rootFlag().verify("john", false); - } - - @Test - public void create_user_with_root_flag_to_false_if_default_group_is_non_admin_on_default_organization() throws Exception { - GroupDto adminGroup = db.users().insertGroup(db.getDefaultOrganization()); - setDefaultGroupProperty(adminGroup); - logInAsRoot(); - - executeRequest("foo"); - - db.rootFlag().verify("foo", false); - } - - @Test public void request_fails_with_ServerException_when_default_group_belongs_to_another_organization() throws Exception { OrganizationDto otherOrganization = db.organizations().insert(); GroupDto group = db.users().insertGroup(otherOrganization); @@ -248,17 +228,6 @@ public class CreateActionTest { } @Test - public void create_user_with_root_flag_to_true_if_default_group_is_admin_on_default_organization() throws Exception { - GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization()); - setDefaultGroupProperty(adminGroup); - logInAsRoot(); - - executeRequest("doh"); - - db.rootFlag().verify("doh", true); - } - - @Test public void fail_when_missing_login() throws Exception { logInAsRoot(); @@ -322,10 +291,6 @@ public class CreateActionTest { executeRequest("john"); } - private void unsetDefaultGroupProperty() { - settings.setProperty("sonar.defaultGroup", (String) null); - } - private void setDefaultGroupProperty(GroupDto adminGroup) { settings.setProperty("sonar.defaultGroup", adminGroup.getName()); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java index 449b56b292c..95bb208352a 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java @@ -58,7 +58,7 @@ public class AddUserActionTest { @Before public void setUp() { - ws = new WsTester(new UserGroupsWs(new AddUserAction(db.getDbClient(), userSession, newGroupWsSupport(), defaultOrganizationProvider))); + ws = new WsTester(new UserGroupsWs(new AddUserAction(db.getDbClient(), userSession, newGroupWsSupport()))); } @Test @@ -197,47 +197,6 @@ public class AddUserActionTest { executeRequest(group, user); } - @Test - public void set_root_flag_to_true_when_adding_user_to_group_of_default_organization_with_admin_permission() throws Exception { - GroupDto group = db.users().insertAdminGroup(); - UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser("falselyRootUser")); - UserDto notRootUser = db.users().insertUser("notRootUser"); - loginAsAdminOnDefaultOrganization(); - - executeRequest(group, falselyRootUser); - verifyUserInGroup(falselyRootUser, group); - db.rootFlag().verify(falselyRootUser, true); - verifyUserNotInGroup(notRootUser, group); - db.rootFlag().verifyUnchanged(notRootUser); - - executeRequest(group, notRootUser); - verifyUserInGroup(falselyRootUser, group); - db.rootFlag().verify(falselyRootUser, true); - verifyUserInGroup(notRootUser, group); - db.rootFlag().verify(notRootUser, true); - } - - @Test - public void does_not_set_root_flag_to_true_when_adding_user_to_group_of_other_organization_with_admin_permission() throws Exception { - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto group = db.users().insertAdminGroup(otherOrganization); - UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser("falselyRootUser")); - UserDto notRootUser = db.users().insertUser("notRootUser"); - loginAsAdmin(otherOrganization); - - executeRequest(group, falselyRootUser); - verifyUserInGroup(falselyRootUser, group); - db.rootFlag().verify(falselyRootUser, false); - verifyUserNotInGroup(notRootUser, group); - db.rootFlag().verifyUnchanged(notRootUser); - - executeRequest(group, notRootUser); - verifyUserInGroup(falselyRootUser, group); - db.rootFlag().verify(falselyRootUser, false); - verifyUserInGroup(notRootUser, group); - db.rootFlag().verify(notRootUser, false); - } - private void executeRequest(GroupDto groupDto, UserDto userDto) throws Exception { newRequest() .setParam("id", groupDto.getId().toString()) @@ -278,18 +237,6 @@ public class AddUserActionTest { return new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider); } - private void verifyUserInGroup(UserDto userDto, GroupDto groupDto) { - assertThat(isUserInGroup(userDto, groupDto)) - .as("user '%s' is a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid()) - .isTrue(); - } - - private void verifyUserNotInGroup(UserDto userDto, GroupDto groupDto) { - assertThat(isUserInGroup(userDto, groupDto)) - .as("user '%s' is not a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid()) - .isFalse(); - } - private boolean isUserInGroup(UserDto userDto, GroupDto groupDto) { List<UserMembershipDto> members = db.getDbClient().groupMembershipDao() .selectMembers(db.getSession(), UserMembershipQuery.builder().groupId(groupDto.getId()).membership(UserMembershipQuery.IN).build(), 0, Integer.MAX_VALUE); diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java index 5e97c03b196..6893bd8e510 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java @@ -270,85 +270,6 @@ public class DeleteActionTest { assertThat(db.users().selectGroupPermissions(adminGroup2, null)).hasSize(1); } - @Test - public void deleting_a_group_of_default_organization_with_admin_permissions_updates_root_flag_of_its_members() throws Exception { - UserDto rootByUserPermission1 = db.users().insertRootByUserPermission("root1"); - UserDto rootByUserPermission2 = db.users().insertRootByUserPermission("root2"); - UserDto rootByUserPermission3 = db.users().insertRootByUserPermission("root3"); - GroupDto adminGroup1 = db.users().insertAdminGroup(db.getDefaultOrganization()); - GroupDto adminGroup2 = db.users().insertAdminGroup(db.getDefaultOrganization()); - // member of admin group 1 - UserDto rootByGroupPermission1 = db.users().insertRootByGroupPermission(adminGroup1); - UserDto rootByGroupPermission2 = db.users().insertRootByGroupPermission(adminGroup1); - db.users().insertMembers(adminGroup1, rootByUserPermission1); - db.users().insertMembers(adminGroup1, rootByUserPermission3); - // members of admin group 2 - UserDto rootByGroupPermission3 = db.users().insertRootByGroupPermission(adminGroup2); - db.users().insertMembers(adminGroup2, rootByUserPermission2); - db.users().insertMembers(adminGroup2, rootByUserPermission3); - db.users().insertMembers(adminGroup2, rootByGroupPermission2); - loginAsAdmin(db.getDefaultOrganization()); - - executeDeleteGroupRequest(adminGroup1); - db.rootFlag().verify(rootByUserPermission1, true); - db.rootFlag().verifyUnchanged(rootByUserPermission2); - db.rootFlag().verify(rootByUserPermission3, true); - db.rootFlag().verify(rootByGroupPermission1, false); - db.rootFlag().verify(rootByGroupPermission2, true); - db.rootFlag().verifyUnchanged(rootByGroupPermission3); - - executeDeleteGroupRequest(adminGroup2); - db.rootFlag().verify(rootByUserPermission1, true); - db.rootFlag().verify(rootByUserPermission2, true); - db.rootFlag().verify(rootByUserPermission3, true); - db.rootFlag().verify(rootByGroupPermission1, false); - db.rootFlag().verify(rootByGroupPermission2, false); - db.rootFlag().verify(rootByGroupPermission3, false); - } - - @Test - public void deleting_a_group_of_other_organization_with_admin_permissions_does_not_update_root_flag_of_its_members() throws Exception { - OrganizationDto otherOrganization = db.organizations().insert(); - UserDto rootByUserPermission1 = db.users().insertRootByUserPermission("root1"); - UserDto rootByUserPermission2 = db.users().insertRootByUserPermission("root2"); - UserDto rootByUserPermission3 = db.users().insertRootByUserPermission("root3"); - db.users().insertPermissionOnUser(otherOrganization, rootByUserPermission1, SYSTEM_ADMIN); - db.users().insertPermissionOnUser(otherOrganization, rootByUserPermission2, SYSTEM_ADMIN); - db.users().insertPermissionOnUser(otherOrganization, rootByUserPermission3, SYSTEM_ADMIN); - GroupDto adminGroup1 = db.users().insertAdminGroup(otherOrganization); - GroupDto adminGroup2 = db.users().insertAdminGroup(otherOrganization); - // member of admin group 1 - UserDto falselyRootByGroupPermission1 = db.users().makeRoot(db.users().insertUser()); - UserDto falselyRootByGroupPermission2 = db.users().makeRoot(db.users().insertUser()); - db.users().insertMembers(adminGroup1, falselyRootByGroupPermission1); - db.users().insertMembers(adminGroup1, falselyRootByGroupPermission2); - db.users().insertMembers(adminGroup1, rootByUserPermission1); - db.users().insertMembers(adminGroup1, rootByUserPermission3); - // members of admin group 2 - UserDto falselyRootByGroupPermission3 = db.users().makeRoot(db.users().insertUser()); - db.users().insertMembers(adminGroup2, falselyRootByGroupPermission3); - db.users().insertMembers(adminGroup2, rootByUserPermission2); - db.users().insertMembers(adminGroup2, rootByUserPermission3); - db.users().insertMembers(adminGroup2, falselyRootByGroupPermission2); - loginAsAdmin(otherOrganization); - - executeDeleteGroupRequest(adminGroup1); - db.rootFlag().verify(rootByUserPermission1, true); - db.rootFlag().verifyUnchanged(rootByUserPermission2); - db.rootFlag().verify(rootByUserPermission3, true); - db.rootFlag().verify(falselyRootByGroupPermission1, false); - db.rootFlag().verify(falselyRootByGroupPermission2, false); - db.rootFlag().verifyUnchanged(falselyRootByGroupPermission3); - - executeDeleteGroupRequest(adminGroup2); - db.rootFlag().verify(rootByUserPermission1, true); - db.rootFlag().verify(rootByUserPermission2, true); - db.rootFlag().verify(rootByUserPermission3, true); - db.rootFlag().verify(falselyRootByGroupPermission1, false); - db.rootFlag().verify(falselyRootByGroupPermission2, false); - db.rootFlag().verify(falselyRootByGroupPermission3, false); - } - private WsTester.Result executeDeleteGroupRequest(GroupDto adminGroup1) throws Exception { return newRequest() .setParam(PARAM_GROUP_ID, adminGroup1.getId().toString()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java index 0dc09b99f0d..1bd98d38376 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java @@ -19,7 +19,6 @@ */ package org.sonar.server.usergroups.ws; -import java.util.List; import org.junit.Before; import org.junit.Rule; import org.junit.Test; @@ -30,8 +29,6 @@ import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; -import org.sonar.db.user.UserMembershipDto; -import org.sonar.db.user.UserMembershipQuery; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; @@ -59,7 +56,7 @@ public class RemoveUserActionTest { @Before public void setUp() { GroupWsSupport groupSupport = new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider); - ws = new WsTester(new UserGroupsWs(new RemoveUserAction(db.getDbClient(), userSession, groupSupport, defaultOrganizationProvider))); + ws = new WsTester(new UserGroupsWs(new RemoveUserAction(db.getDbClient(), userSession, groupSupport))); } @Test @@ -185,68 +182,6 @@ public class RemoveUserActionTest { } @Test - public void sets_root_flag_to_false_when_removing_user_from_group_of_default_organization_with_admin_permission() throws Exception { - // keep an administrator - insertAnAdministratorInDefaultOrganization(); - - GroupDto adminGroup = db.users().insertAdminGroup(); - UserDto user1 = db.users().insertRootByGroupPermission("user1", adminGroup); - UserDto user2 = db.users().insertRootByGroupPermission("user2", adminGroup); - loginAsAdminOnDefaultOrganization(); - - executeRequest(adminGroup, user1); - verifyUserNotInGroup(user1, adminGroup); - verifyRootFlagUpdated(user1, false); - verifyUserInGroup(user2, adminGroup); - verifyUnchanged(user2); - - executeRequest(adminGroup, user2); - verifyUserNotInGroup(user1, adminGroup); - verifyRootFlag(user1, false); - verifyUserNotInGroup(user2, adminGroup); - verifyRootFlagUpdated(user2, false); - } - - @Test - public void does_not_set_root_flag_to_false_when_removing_user_from_group_of_default_organization_and_user_is_admin_of_default_organization_another_way() - throws Exception { - GroupDto adminGroup1 = db.users().insertAdminGroup(); - UserDto adminUserByUserPermission = db.users().insertRootByUserPermission("adminUserByUserPermission"); - UserDto adminUserByTwoGroups = db.users().insertRootByGroupPermission("adminUserByTwoGroups", adminGroup1); - UserDto adminUserBySingleGroup = db.users().insertUser("adminUserBySingleGroup"); - GroupDto adminGroup2 = db.users().insertAdminGroup(); - db.users().insertMembers(adminGroup2, adminUserByUserPermission, adminUserByTwoGroups, adminUserBySingleGroup); - loginAsAdminOnDefaultOrganization(); - - executeRequest(adminGroup2, adminUserByUserPermission); - verifyUserNotInGroup(adminUserByUserPermission, adminGroup2); - verifyRootFlagUpdated(adminUserByUserPermission, true); - verifyUserInGroup(adminUserByTwoGroups, adminGroup2); - verifyUserInGroup(adminUserByTwoGroups, adminGroup1); - verifyUnchanged(adminUserByTwoGroups); - verifyUserInGroup(adminUserBySingleGroup, adminGroup2); - verifyUnchanged(adminUserBySingleGroup); - - executeRequest(adminGroup2, adminUserByTwoGroups); - verifyUserNotInGroup(adminUserByUserPermission, adminGroup2); - verifyRootFlag(adminUserByUserPermission, true); - verifyUserNotInGroup(adminUserByTwoGroups, adminGroup2); - verifyUserInGroup(adminUserByTwoGroups, adminGroup1); - verifyRootFlagUpdated(adminUserByTwoGroups, true); - verifyUserInGroup(adminUserBySingleGroup, adminGroup2); - verifyUnchanged(adminUserBySingleGroup); - - executeRequest(adminGroup2, adminUserBySingleGroup); - verifyUserNotInGroup(adminUserByUserPermission, adminGroup2); - verifyRootFlag(adminUserByUserPermission, true); - verifyUserNotInGroup(adminUserByTwoGroups, adminGroup2); - verifyUserInGroup(adminUserByTwoGroups, adminGroup1); - verifyRootFlagUpdated(adminUserByTwoGroups, true); - verifyUserNotInGroup(adminUserBySingleGroup, adminGroup2); - verifyRootFlagUpdated(adminUserBySingleGroup, false); - } - - @Test public void throw_ForbiddenException_if_not_administrator_of_organization() throws Exception { OrganizationDto org = db.organizations().insert(); GroupDto group = db.users().insertGroup(org, "a-group"); @@ -281,13 +216,6 @@ public class RemoveUserActionTest { .execute(); } - private void executeRequest(GroupDto group, UserDto user) throws Exception { - newRequest() - .setParam("id", group.getId().toString()) - .setParam("login", user.getLogin()) - .execute(); - } - private WsTester.TestRequest newRequest() { return ws.newPostRequest("api/user_groups", "remove_user"); } @@ -300,38 +228,6 @@ public class RemoveUserActionTest { userSession.logIn("admin").addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); } - private void verifyUnchanged(UserDto user) { - db.rootFlag().verifyUnchanged(user); - } - - private void verifyRootFlagUpdated(UserDto userDto, boolean root) { - db.rootFlag().verify(userDto, root); - } - - private void verifyRootFlag(UserDto userDto, boolean root) { - db.rootFlag().verify(userDto, root); - } - - private void verifyUserInGroup(UserDto userDto, GroupDto groupDto) { - assertThat(isUserInGroup(userDto, groupDto)) - .as("user '%s' is a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid()) - .isTrue(); - } - - private void verifyUserNotInGroup(UserDto userDto, GroupDto groupDto) { - assertThat(isUserInGroup(userDto, groupDto)) - .as("user '%s' is not a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid()) - .isFalse(); - } - - private boolean isUserInGroup(UserDto userDto, GroupDto groupDto) { - List<UserMembershipDto> members = db.getDbClient().groupMembershipDao() - .selectMembers(db.getSession(), UserMembershipQuery.builder().groupId(groupDto.getId()).membership(UserMembershipQuery.IN).build(), 0, Integer.MAX_VALUE); - return members - .stream() - .anyMatch(dto -> dto.getLogin().equals(userDto.getLogin())); - } - private UserDto insertAnAdministratorInDefaultOrganization() { return db.users().insertAdminByUserPermission(db.getDefaultOrganization()); } diff --git a/sonar-db/src/main/java/org/sonar/db/user/GroupDao.java b/sonar-db/src/main/java/org/sonar/db/user/GroupDao.java index be74102e5c9..a046383ecb1 100644 --- a/sonar-db/src/main/java/org/sonar/db/user/GroupDao.java +++ b/sonar-db/src/main/java/org/sonar/db/user/GroupDao.java @@ -115,17 +115,6 @@ public class GroupDao implements Dao { return mapper(dbSession).selectByOrganizationUuid(organizationUuid); } - /** - * Ensures all users of the specified group have its root flag set or unset depending on whether each of them have the - * 'admin' permission in the default organization or not. - */ - public void updateRootFlagOfUsersInGroupFromPermissions(DbSession dbSession, long groupId, String defaultOrganizationUuid) { - long now = system.now(); - GroupMapper mapper = mapper(dbSession); - mapper.updateRootUsersOfGroup(groupId, defaultOrganizationUuid, now); - mapper.updateNonRootUsersOfGroup(groupId, defaultOrganizationUuid, now); - } - private static GroupMapper mapper(DbSession session) { return session.getMapper(GroupMapper.class); } diff --git a/sonar-db/src/main/java/org/sonar/db/user/GroupMapper.java b/sonar-db/src/main/java/org/sonar/db/user/GroupMapper.java index eeb2ab8e9b0..f6a7164b5b8 100644 --- a/sonar-db/src/main/java/org/sonar/db/user/GroupMapper.java +++ b/sonar-db/src/main/java/org/sonar/db/user/GroupMapper.java @@ -58,13 +58,5 @@ public interface GroupMapper { List<GroupDto> selectByOrganizationUuid(@Param("organizationUuid") String organizationUuid); - int updateRootUsersOfGroup(@Param("groupId") long groupId, - @Param("defaultOrganizationUuid") String defaultOrganizationUuid, - @Param("now") long now); - - int updateNonRootUsersOfGroup(@Param("groupId") long groupId, - @Param("defaultOrganizationUuid") String defaultOrganizationUuid, - @Param("now") long now); - List<GroupDto> selectByIds(@Param("ids") List<Long> ids); } diff --git a/sonar-db/src/main/java/org/sonar/db/user/UserDao.java b/sonar-db/src/main/java/org/sonar/db/user/UserDao.java index 19c5cde9b28..0a87ffddae5 100644 --- a/sonar-db/src/main/java/org/sonar/db/user/UserDao.java +++ b/sonar-db/src/main/java/org/sonar/db/user/UserDao.java @@ -194,17 +194,6 @@ public class UserDao implements Dao { return mapper(dbSession).countByEmail(email.toLowerCase(Locale.ENGLISH)) > 0; } - /** - * Ensures the specified user has its root flag set or unset depending on whether the user has the 'admin' permission - * in the default organization or not. - */ - public void updateRootFlagFromPermissions(DbSession dbSession, long userId, String defaultOrganizationUuid) { - long now = system2.now(); - UserMapper mapper = mapper(dbSession); - mapper.updateRootUser(userId, defaultOrganizationUuid, now); - mapper.updateNonRootUser(userId, defaultOrganizationUuid, now); - } - protected UserMapper mapper(DbSession session) { return session.getMapper(UserMapper.class); } diff --git a/sonar-db/src/main/java/org/sonar/db/user/UserMapper.java b/sonar-db/src/main/java/org/sonar/db/user/UserMapper.java index 799d73f2414..b7cf25be54e 100644 --- a/sonar-db/src/main/java/org/sonar/db/user/UserMapper.java +++ b/sonar-db/src/main/java/org/sonar/db/user/UserMapper.java @@ -74,8 +74,4 @@ public interface UserMapper { void deactivateUser(@Param("id") long userId, @Param("now") long now); - int updateRootUser(@Param("userId") long userId, @Param("defaultOrganizationUuid") String defaultOrganizationUuid, @Param("now") long now); - - int updateNonRootUser(@Param("userId") long userId, @Param("defaultOrganizationUuid") String defaultOrganizationUuid, @Param("now") long now); - } diff --git a/sonar-db/src/main/resources/org/sonar/db/user/GroupMapper.xml b/sonar-db/src/main/resources/org/sonar/db/user/GroupMapper.xml index 39b0193fc31..4f6928e7b28 100644 --- a/sonar-db/src/main/resources/org/sonar/db/user/GroupMapper.xml +++ b/sonar-db/src/main/resources/org/sonar/db/user/GroupMapper.xml @@ -137,92 +137,4 @@ order by upper(g.name) </select> - <update id="updateRootUsersOfGroup"> - update users u set - is_root = ${_true}, - updated_at = #{now,jdbcType=BIGINT} - where - u.id in (<include refid="userIdsForGroupId"/>) - and exists ( - <include refid="userPermissionAdminInDefaultOrganizationForUser"/> - union - <include refid="groupPermissionAdminInDefaultOrganizationForUser"/> - ) - </update> - - <update id="updateRootUsersOfGroup" databaseId="mssql"> - update u set - is_root = ${_true}, - updated_at = #{now,jdbcType=BIGINT} - from users u - where - u.id in (<include refid="userIdsForGroupId"/>) - and exists ( - <include refid="userPermissionAdminInDefaultOrganizationForUser"/> - union - <include refid="groupPermissionAdminInDefaultOrganizationForUser"/> - ) - </update> - - <update id="updateNonRootUsersOfGroup"> - update users u set - is_root = ${_false}, - updated_at = #{now,jdbcType=BIGINT} - where - u.id in (<include refid="userIdsForGroupId"/>) - and not exists ( - <include refid="userPermissionAdminInDefaultOrganizationForUser"/> - union - <include refid="groupPermissionAdminInDefaultOrganizationForUser"/> - ) - </update> - - <update id="updateNonRootUsersOfGroup" databaseId="mssql"> - update u set - is_root = ${_false}, - updated_at = #{now,jdbcType=BIGINT} - from users u - where - u.id in (<include refid="userIdsForGroupId"/>) - and not exists ( - <include refid="userPermissionAdminInDefaultOrganizationForUser"/> - union - <include refid="groupPermissionAdminInDefaultOrganizationForUser"/> - ) - </update> - - <sql id="userIdsForGroupId"> - select - gu.user_id - from - groups_users gu - where - gu.group_id = #{groupId,jdbcType=BIGINT} - </sql> - - <sql id="userPermissionAdminInDefaultOrganizationForUser"> - select - 1 - from - user_roles ur - where - ur.user_id = u.id - and ur.role = 'admin' - and ur.resource_id is null - and ur.organization_uuid = #{defaultOrganizationUuid,jdbcType=VARCHAR} - </sql> - - <sql id="groupPermissionAdminInDefaultOrganizationForUser"> - select - 1 - from - groups_users gu, - group_roles gr - where - gu.user_id = u.id - and gu.group_id = gr.group_id - and gr.role = 'admin' - and gr.resource_id is null - and gr.organization_uuid = #{defaultOrganizationUuid,jdbcType=VARCHAR} - </sql> </mapper> diff --git a/sonar-db/src/main/resources/org/sonar/db/user/UserMapper.xml b/sonar-db/src/main/resources/org/sonar/db/user/UserMapper.xml index cb65570170f..17818753a6a 100644 --- a/sonar-db/src/main/resources/org/sonar/db/user/UserMapper.xml +++ b/sonar-db/src/main/resources/org/sonar/db/user/UserMapper.xml @@ -210,84 +210,4 @@ login = #{login} </insert> - <update id="updateRootUser"> - update users u set - is_root = ${_true}, - updated_at = #{now,jdbcType=BIGINT} - where - u.id = #{userId,jdbcType=BIGINT} - and exists ( - <include refid="userPermissionAdminInDefaultOrganizationForUser"/> - union - <include refid="groupPermissionAdminInDefaultOrganizationForUser"/> - ) - </update> - - <update id="updateRootUser" databaseId="mssql"> - update u set - is_root = ${_true}, - updated_at = #{now,jdbcType=BIGINT} - from users u - where - u.id = #{userId,jdbcType=BIGINT} - and exists ( - <include refid="userPermissionAdminInDefaultOrganizationForUser"/> - union - <include refid="groupPermissionAdminInDefaultOrganizationForUser"/> - ) - </update> - - <update id="updateNonRootUser"> - update users u set - is_root = ${_false}, - updated_at = #{now,jdbcType=BIGINT} - where - u.id = #{userId,jdbcType=BIGINT} - and not exists ( - <include refid="userPermissionAdminInDefaultOrganizationForUser"/> - union - <include refid="groupPermissionAdminInDefaultOrganizationForUser"/> - ) - </update> - - <update id="updateNonRootUser" databaseId="mssql"> - update u set - is_root = ${_false}, - updated_at = #{now,jdbcType=BIGINT} - from users u - where - u.id = #{userId,jdbcType=BIGINT} - and not exists ( - <include refid="userPermissionAdminInDefaultOrganizationForUser"/> - union - <include refid="groupPermissionAdminInDefaultOrganizationForUser"/> - ) - </update> - - <sql id="userPermissionAdminInDefaultOrganizationForUser"> - select - 1 - from - user_roles ur - where - ur.user_id = u.id - and ur.role = 'admin' - and ur.resource_id is null - and ur.organization_uuid = #{defaultOrganizationUuid,jdbcType=VARCHAR} - </sql> - - <sql id="groupPermissionAdminInDefaultOrganizationForUser"> - select - 1 - from - groups_users gu, - group_roles gr - where - gu.user_id = u.id - and gu.group_id = gr.group_id - and gr.role = 'admin' - and gr.resource_id is null - and gr.organization_uuid = #{defaultOrganizationUuid,jdbcType=VARCHAR} - </sql> - </mapper> diff --git a/sonar-db/src/test/java/org/sonar/db/user/GroupDaoTest.java b/sonar-db/src/test/java/org/sonar/db/user/GroupDaoTest.java index b5c641f54f7..ca641b39463 100644 --- a/sonar-db/src/test/java/org/sonar/db/user/GroupDaoTest.java +++ b/sonar-db/src/test/java/org/sonar/db/user/GroupDaoTest.java @@ -32,11 +32,9 @@ import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; import static java.util.Arrays.asList; -import static java.util.Arrays.stream; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.user.GroupTesting.newGroupDto; public class GroupDaoTest { @@ -47,8 +45,6 @@ public class GroupDaoTest { .setKey("an-org") .setName("An Org") .setUuid("abcde"); - private static final long DATE_1 = 8_776_543L; - private static final long DATE_2 = 4_776_898L; private System2 system2 = mock(System2.class); @@ -223,192 +219,6 @@ public class GroupDaoTest { } @Test - public void updateRootFlagOfUsersInGroupFromPermissions_sets_root_flag_to_false_if_users_have_no_permission_at_all() { - UserDto[] usersInGroup1 = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - UserDto[] usersInGroup2 = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - UserDto[] usersNotInGroup = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - GroupDto group1 = db.users().insertGroup(); - stream(usersInGroup1).forEach(user -> db.users().insertMember(group1, user)); - GroupDto group2 = db.users().insertGroup(); - stream(usersInGroup2).forEach(user -> db.users().insertMember(group2, user)); - - call_updateRootFlagFromPermissions(group1, DATE_1); - stream(usersInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1)); - stream(usersInGroup2).forEach(db.rootFlag()::verifyUnchanged); - stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged); - - call_updateRootFlagFromPermissions(group2, DATE_2); - stream(usersInGroup2).forEach(user -> db.rootFlag().verify(user, false, DATE_2)); - stream(usersInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1)); - stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged); - } - - @Test - public void updateRootFlagOfUsersInGroupFromPermissions_sets_root_flag_to_true_if_users_has_admin_user_permission_on_default_organization() { - UserDto[] usersWithAdminInGroup1 = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser(), - }; - UserDto[] usersWithoutAdminInGroup1 = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser(), - }; - UserDto[] usersWithAdminInGroup2 = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - UserDto[] usersWithoutAdminInGroup2 = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - UserDto[] usersNotInGroup = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - GroupDto group1 = db.users().insertGroup(); - stream(usersWithAdminInGroup1).forEach(user -> db.users().insertMember(group1, user)); - stream(usersWithoutAdminInGroup1).forEach(user -> db.users().insertMember(group1, user)); - stream(usersWithAdminInGroup1).forEach(user -> db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SYSTEM_ADMIN)); - GroupDto group2 = db.users().insertGroup(); - stream(usersWithAdminInGroup2).forEach(user -> db.users().insertMember(group2, user)); - stream(usersWithoutAdminInGroup2).forEach(user -> db.users().insertMember(group2, user)); - stream(usersWithAdminInGroup2).forEach(user -> db.users().insertPermissionOnUser(db.getDefaultOrganization(), user, SYSTEM_ADMIN)); - - call_updateRootFlagFromPermissions(group1, DATE_1); - stream(usersWithAdminInGroup1).forEach(user -> db.rootFlag().verify(user, true, DATE_1)); - stream(usersWithoutAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1)); - stream(usersWithAdminInGroup2).forEach(db.rootFlag()::verifyUnchanged); - stream(usersWithoutAdminInGroup2).forEach(db.rootFlag()::verifyUnchanged); - stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged); - - call_updateRootFlagFromPermissions(group2, DATE_2); - stream(usersWithAdminInGroup1).forEach(user -> db.rootFlag().verify(user, true, DATE_1)); - stream(usersWithoutAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1)); - stream(usersWithAdminInGroup2).forEach(user -> db.rootFlag().verify(user, true, DATE_2)); - stream(usersWithoutAdminInGroup2).forEach(user -> db.rootFlag().verify(user, false, DATE_2)); - stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged); - } - - @Test - public void updateRootFlagOfUsersInGroupFromPermissions_ignores_permissions_on_anyone_on_default_organization() { - UserDto[] usersWithAdminInGroup1 = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser(), - }; - UserDto[] usersWithoutAdminInGroup1 = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser(), - }; - UserDto[] usersWithAdminInGroup2 = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - UserDto[] usersWithoutAdminInGroup2 = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - UserDto[] usersNotInGroup = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - GroupDto group1 = db.users().insertGroup(); - stream(usersWithAdminInGroup1).forEach(user -> db.users().insertMember(group1, user)); - stream(usersWithoutAdminInGroup1).forEach(user -> db.users().insertMember(group1, user)); - GroupDto group2 = db.users().insertGroup(); - stream(usersWithAdminInGroup2).forEach(user -> db.users().insertMember(group2, user)); - stream(usersWithoutAdminInGroup2).forEach(user -> db.users().insertMember(group2, user)); - db.users().insertPermissionOnAnyone(db.getDefaultOrganization(), SYSTEM_ADMIN); - - call_updateRootFlagFromPermissions(group1, DATE_1); - stream(usersWithAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1)); - stream(usersWithoutAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1)); - stream(usersWithAdminInGroup2).forEach(db.rootFlag()::verifyUnchanged); - stream(usersWithoutAdminInGroup2).forEach(db.rootFlag()::verifyUnchanged); - stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged); - - call_updateRootFlagFromPermissions(group2, DATE_2); - stream(usersWithAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1)); - stream(usersWithoutAdminInGroup1).forEach(user -> db.rootFlag().verify(user, false, DATE_1)); - stream(usersWithAdminInGroup2).forEach(user -> db.rootFlag().verify(user, false, DATE_2)); - stream(usersWithoutAdminInGroup2).forEach(user -> db.rootFlag().verify(user, false, DATE_2)); - stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged); - } - - @Test - public void updateRootFlagOfUsersInGroupFromPermissions_ignores_permissions_on_anyone_on_other_organization() { - UserDto[] usersInGroup = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser(), - }; - UserDto[] usersInOtherGroup = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - UserDto[] usersNotInGroup = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - GroupDto group = db.users().insertGroup(); - stream(usersInGroup).forEach(user -> db.users().insertMember(group, user)); - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto otherGroup = db.users().insertGroup(otherOrganization); - stream(usersInOtherGroup).forEach(user -> db.users().insertMember(otherGroup, user)); - db.users().insertPermissionOnAnyone(otherOrganization, SYSTEM_ADMIN); - - call_updateRootFlagFromPermissions(group, DATE_1); - stream(usersInGroup).forEach(user -> db.rootFlag().verify(user, false, DATE_1)); - stream(usersInOtherGroup).forEach(db.rootFlag()::verifyUnchanged); - stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged); - - call_updateRootFlagFromPermissions(otherGroup, DATE_2); - stream(usersInGroup).forEach(user -> db.rootFlag().verify(user, false, DATE_1)); - stream(usersInOtherGroup).forEach(user -> db.rootFlag().verify(user, false, DATE_2)); - stream(usersNotInGroup).forEach(db.rootFlag()::verifyUnchanged); - } - - @Test - public void updateRootFlagOfUsersInGroupFromPermissions_set_root_flag_to_false_on_users_of_group_of_non_default_organization() { - UserDto[] nonAdminUsers = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() - }; - UserDto[] adminPerUserPermissionUsers = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() // incorrectly not root - }; - UserDto[] adminPerGroupPermissionUsers = { - db.users().makeRoot(db.users().insertUser()), - db.users().insertUser() // incorrectly not root - }; - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto nonAdminGroup = db.users().insertGroup(otherOrganization); - db.users().insertMembers(nonAdminGroup, nonAdminUsers); - db.users().insertMembers(nonAdminGroup, adminPerUserPermissionUsers); - stream(adminPerUserPermissionUsers).forEach(user -> db.users().insertPermissionOnUser(otherOrganization, user, SYSTEM_ADMIN)); - GroupDto adminGroup = db.users().insertAdminGroup(otherOrganization); - db.users().insertMembers(adminGroup, adminPerGroupPermissionUsers); - - call_updateRootFlagFromPermissions(nonAdminGroup, DATE_2); - stream(nonAdminUsers).forEach(user -> db.rootFlag().verify(user, false, DATE_2)); - stream(adminPerUserPermissionUsers).forEach(user -> db.rootFlag().verify(user, false, DATE_2)); - stream(adminPerGroupPermissionUsers).forEach(db.rootFlag()::verifyUnchanged); - - call_updateRootFlagFromPermissions(adminGroup, DATE_1); - stream(nonAdminUsers).forEach(user -> db.rootFlag().verify(user, false, DATE_2)); - stream(adminPerUserPermissionUsers).forEach(user -> db.rootFlag().verify(user, false, DATE_2)); - stream(adminPerGroupPermissionUsers).forEach(user -> db.rootFlag().verify(user, false, DATE_1)); - } - - @Test public void deleteByOrganization_does_not_fail_when_table_is_empty() { underTest.deleteByOrganization(dbSession, "some uuid"); dbSession.commit(); @@ -452,10 +262,4 @@ public class GroupDaoTest { .extracting(row -> (String) row.get("organizationUuid")) .containsOnly(organizationUuids); } - - private void call_updateRootFlagFromPermissions(GroupDto groupDto, long now) { - when(system2.now()).thenReturn(now); - underTest.updateRootFlagOfUsersInGroupFromPermissions(db.getSession(), groupDto.getId(), db.getDefaultOrganization().getUuid()); - db.commit(); - } } diff --git a/sonar-db/src/test/java/org/sonar/db/user/UserDaoTest.java b/sonar-db/src/test/java/org/sonar/db/user/UserDaoTest.java index f9628b6d7fb..cbd7af7558b 100644 --- a/sonar-db/src/test/java/org/sonar/db/user/UserDaoTest.java +++ b/sonar-db/src/test/java/org/sonar/db/user/UserDaoTest.java @@ -33,7 +33,6 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; import org.sonar.db.RowNotFoundException; -import org.sonar.db.organization.OrganizationDto; import org.sonar.db.property.PropertyDto; import org.sonar.db.property.PropertyQuery; @@ -43,7 +42,6 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.fail; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.user.GroupMembershipQuery.IN; import static org.sonar.db.user.GroupMembershipQuery.builder; import static org.sonar.db.user.GroupTesting.newGroupDto; @@ -51,8 +49,6 @@ import static org.sonar.db.user.UserTesting.newUserDto; public class UserDaoTest { private static final long NOW = 1_500_000_000_000L; - private static final long DATE_1 = 1_222_001L; - private static final long DATE_2 = 4_333_555L; private System2 system2 = mock(System2.class); @@ -596,116 +592,6 @@ public class UserDaoTest { assertThat(underTest.selectByLogin(session, inactiveRootUser.getLogin()).isRoot()).isTrue(); } - @Test - public void updateRootFlagFromPermissions_sets_root_flag_to_false_if_user_has_no_permission_at_all() { - UserDto rootUser = db.users().makeRoot(db.users().insertUser()); - UserDto notRootUser = db.users().insertUser(); - - call_updateRootFlagFromPermissions(rootUser, DATE_1); - db.rootFlag().verify(rootUser, false, DATE_1); - db.rootFlag().verify(notRootUser, false, notRootUser.getUpdatedAt()); - - call_updateRootFlagFromPermissions(notRootUser, DATE_2); - db.rootFlag().verify(rootUser, false, DATE_1); - db.rootFlag().verify(notRootUser, false, DATE_2); - } - - @Test - public void updateRootFlagFromPermissions_sets_root_flag_to_true_if_user_has_admin_user_permission_on_default_organization() { - UserDto rootUser = db.users().insertRootByUserPermission(); - UserDto incorrectlyNotRootUser = db.users().insertUser(); - db.users().insertPermissionOnUser(db.getDefaultOrganization(), incorrectlyNotRootUser, SYSTEM_ADMIN); - - call_updateRootFlagFromPermissions(rootUser, DATE_1); - db.rootFlag().verify(rootUser, true, DATE_1); - db.rootFlag().verify(incorrectlyNotRootUser, false, incorrectlyNotRootUser.getUpdatedAt()); - - call_updateRootFlagFromPermissions(incorrectlyNotRootUser, DATE_2); - db.rootFlag().verify(rootUser, true, DATE_1); - db.rootFlag().verify(incorrectlyNotRootUser, true, DATE_2); - } - - @Test - public void updateRootFlagFromPermissions_ignores_permissions_on_anyone_on_default_organization() { - UserDto rootUser = db.users().makeRoot(db.users().insertUser()); - UserDto incorrectlyNotRootUser = db.users().insertUser(); - db.users().insertPermissionOnAnyone(db.getDefaultOrganization(), SYSTEM_ADMIN); - - call_updateRootFlagFromPermissions(rootUser, DATE_1); - db.rootFlag().verify(rootUser, false, DATE_1); - db.rootFlag().verify(incorrectlyNotRootUser, false, incorrectlyNotRootUser.getUpdatedAt()); - - call_updateRootFlagFromPermissions(incorrectlyNotRootUser, DATE_2); - db.rootFlag().verify(rootUser, false, DATE_1); - db.rootFlag().verify(incorrectlyNotRootUser, false, DATE_2); - } - - @Test - public void updateRootFlagFromPermissions_ignores_permissions_on_anyone_on_other_organization() { - UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser()); - UserDto notRootUser = db.users().insertUser(); - OrganizationDto otherOrganization = db.organizations().insert(); - db.users().insertPermissionOnAnyone(otherOrganization, SYSTEM_ADMIN); - - call_updateRootFlagFromPermissions(falselyRootUser, DATE_2); - db.rootFlag().verify(falselyRootUser, false, DATE_2); - db.rootFlag().verify(notRootUser, false, notRootUser.getUpdatedAt()); - - call_updateRootFlagFromPermissions(notRootUser, DATE_1); - db.rootFlag().verify(falselyRootUser, false, DATE_2); - db.rootFlag().verify(notRootUser, false, DATE_1); - } - - @Test - public void updateRootFlagFromPermissions_sets_root_flag_to_false_if_user_has_admin_user_permission_on_other_organization() { - UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser()); - UserDto notRootUser = db.users().insertUser(); - OrganizationDto otherOrganization = db.organizations().insert(); - db.users().insertPermissionOnUser(otherOrganization, falselyRootUser, SYSTEM_ADMIN); - db.users().insertPermissionOnUser(otherOrganization, notRootUser, SYSTEM_ADMIN); - - call_updateRootFlagFromPermissions(falselyRootUser, DATE_1); - db.rootFlag().verify(falselyRootUser, false, DATE_1); - db.rootFlag().verify(notRootUser, false, notRootUser.getUpdatedAt()); - - call_updateRootFlagFromPermissions(notRootUser, DATE_2); - db.rootFlag().verify(falselyRootUser, false, DATE_1); - db.rootFlag().verify(notRootUser, false, DATE_2); - } - - @Test - public void updateRootFlagFromPermissions_sets_root_flag_to_true_if_user_has_admin_group_permission_on_default_organization() { - UserDto rootUser = db.users().makeRoot(db.users().insertUser()); - UserDto incorrectlyNotRootUser = db.users().insertUser(); - GroupDto groupDto = db.users().insertAdminGroup(db.getDefaultOrganization()); - db.users().insertMembers(groupDto, rootUser, incorrectlyNotRootUser); - - call_updateRootFlagFromPermissions(rootUser, DATE_1); - db.rootFlag().verify(rootUser, true, DATE_1); - db.rootFlag().verify(incorrectlyNotRootUser, false, incorrectlyNotRootUser.getUpdatedAt()); - - call_updateRootFlagFromPermissions(incorrectlyNotRootUser, DATE_2); - db.rootFlag().verify(rootUser, true, DATE_1); - db.rootFlag().verify(incorrectlyNotRootUser, true, DATE_2); - } - - @Test - public void updateRootFlagFromPermissions_sets_root_flag_to_false_if_user_has_admin_group_permission_on_other_organization() { - UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser()); - UserDto notRootUser = db.users().insertUser(); - GroupDto otherOrganizationGroupDto = db.users().insertGroup(db.organizations().insert()); - db.users().insertPermissionOnGroup(otherOrganizationGroupDto, SYSTEM_ADMIN); - db.users().insertMembers(otherOrganizationGroupDto, falselyRootUser, notRootUser); - - call_updateRootFlagFromPermissions(falselyRootUser, DATE_2); - db.rootFlag().verify(falselyRootUser, false, DATE_2); - db.rootFlag().verify(notRootUser, false, notRootUser.getUpdatedAt()); - - call_updateRootFlagFromPermissions(notRootUser, DATE_1); - db.rootFlag().verify(falselyRootUser, false, DATE_2); - db.rootFlag().verify(notRootUser, false, DATE_1); - } - private void commit(Runnable runnable) { runnable.run(); session.commit(); @@ -741,11 +627,4 @@ public class UserDaoTest { dbClient.userGroupDao().insert(session, dto); return dto; } - - private void call_updateRootFlagFromPermissions(UserDto userDto, long now) { - when(system2.now()).thenReturn(now); - underTest.updateRootFlagFromPermissions(db.getSession(), userDto.getId(), db.getDefaultOrganization().getUuid()); - db.commit(); - } - } diff --git a/sonar-db/src/test/java/org/sonar/db/user/UserDbTester.java b/sonar-db/src/test/java/org/sonar/db/user/UserDbTester.java index e1de83d0d24..10e539f2c80 100644 --- a/sonar-db/src/test/java/org/sonar/db/user/UserDbTester.java +++ b/sonar-db/src/test/java/org/sonar/db/user/UserDbTester.java @@ -80,45 +80,13 @@ public class UserDbTester { return insertRootByUserPermissionImpl(requireNonNull(login)); } - public UserDto insertRootByUserPermission() { - return insertRootByUserPermissionImpl(null); - } - private UserDto insertRootByUserPermissionImpl(@Nullable String login) { UserDto rootByUserPermissionUser = makeRoot(login == null ? insertUser() : insertUser(login)); insertPermissionOnUser(db.getDefaultOrganization(), rootByUserPermissionUser, SYSTEM_ADMIN); return rootByUserPermissionUser; } - public UserDto insertRootByGroupPermission(String login) { - return insertRootByGroupPermissionImpl(requireNonNull(login), null); - } - - /** - * @see #insertAdminGroup() - */ - public UserDto insertRootByGroupPermission(String login, GroupDto adminGroupDto) { - return insertRootByGroupPermissionImpl(requireNonNull(login), adminGroupDto); - } - - /** - * @see #insertAdminGroup() - */ - public UserDto insertRootByGroupPermission(GroupDto adminGroupDto) { - return insertRootByGroupPermissionImpl(null, adminGroupDto); - } - - public UserDto insertRootByGroupPermission() { - return insertRootByGroupPermissionImpl(null, null); - } - - public UserDto insertRootByGroupPermissionImpl(@Nullable String login, @Nullable GroupDto groupDto) { - UserDto rootByGroupPermissionUser = db.users().makeRoot(login == null ? insertUser() : insertUser(login)); - GroupDto adminGroup = createOrCheckAdminGroup(groupDto); - insertMember(adminGroup, rootByGroupPermissionUser); - return rootByGroupPermissionUser; - } public UserDto insertAdminByUserPermission(OrganizationDto org) { UserDto user = db.users().insertUser(); |