Add IT ScanPermissionTest

2 files changed, 118 insertions, 0 deletions

diff --git a/it/it-tests/src/test/java/it/Category1Suite.java b/it/it-tests/src/test/java/it/Category1Suite.java
index 77c9d9913cd..4608ad5b899 100644
--- a/it/it-tests/src/test/java/it/Category1Suite.java
+++ b/it/it-tests/src/test/java/it/Category1Suite.java
@@ -45,6 +45,7 @@ import it.administration.UsersUITest;
 import it.authorisation.AuthenticationTest;
 import it.authorisation.IssuePermissionTest;
 import it.authorisation.PermissionTest;
+import it.authorisation.ScanPermissionTest;
 import it.i18n.I18nTest;
 import it.measureHistory.DifferentialPeriodsTest;
 import it.measureHistory.HistoryUiTest;
@@ -93,6 +94,7 @@ import static util.ItUtils.xooPlugin;
   AuthenticationTest.class,
   PermissionTest.class,
   IssuePermissionTest.class,
+  ScanPermissionTest.class,
   // measure history
   DifferentialPeriodsTest.class,
   HistoryUiTest.class,
diff --git a/it/it-tests/src/test/java/it/authorisation/ScanPermissionTest.java b/it/it-tests/src/test/java/it/authorisation/ScanPermissionTest.java
new file mode 100644
index 00000000000..141c10eed9c
--- /dev/null
+++ b/it/it-tests/src/test/java/it/authorisation/ScanPermissionTest.java
@@ -0,0 +1,116 @@
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2014 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package it.authorisation;
+
+import com.sonar.orchestrator.Orchestrator;
+import com.sonar.orchestrator.build.BuildFailureException;
+import it.Category1Suite;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.sonar.wsclient.SonarClient;
+import org.sonar.wsclient.user.UserParameters;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.Assert.fail;
+import static util.ItUtils.runProjectAnalysis;
+
+/**
+ * SONAR-4397
+ */
+public class ScanPermissionTest {
+
+  @ClassRule
+  public static Orchestrator orchestrator = Category1Suite.ORCHESTRATOR;
+
+  private final static String USER_LOGIN = "scanperm";
+
+  private static SonarClient adminClient;
+
+  @Before
+  public void setUp() {
+    orchestrator.resetData();
+    adminClient = orchestrator.getServer().adminWsClient();
+    adminClient.userClient().create(UserParameters.create().login(USER_LOGIN).name(USER_LOGIN).password("thewhite").passwordConfirmation("thewhite"));
+  }
+
+  @After
+  public void teraDown() {
+    addPermission("anyone", "scan");
+    addPermission("anyone", "dryRunScan");
+    adminClient.userClient().deactivate(USER_LOGIN);
+  }
+
+  @Test
+  public void should_fail_if_no_scan_permission() throws Exception {
+    runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite");
+
+    removeGroupPermission("anyone", "scan");
+    try {
+      runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite");
+      fail();
+    } catch (BuildFailureException e) {
+      assertThat(e.getResult().getLogs()).contains(
+        "You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. Please contact your SonarQube administrator.");
+    }
+
+    // Remove Anyone from dryrun permission
+    removeGroupPermission("anyone", "dryRunScan");
+    try {
+      runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite");
+      fail();
+    } catch (BuildFailureException e) {
+      assertThat(e.getResult().getLogs()).contains(
+        "You're not authorized to execute any SonarQube analysis. Please contact your SonarQube administrator.");
+    }
+  }
+
+  @Test
+  public void no_need_for_browse_permission_to_scan() throws Exception {
+    // Do a first analysis, no error
+    runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite");
+
+    // Remove browse permission for groups Anyone on the project
+    removeGroupPermission("anyone", "sample", "user");
+
+    // still no error
+    runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", "thewhite");
+  }
+
+  private static void addPermission(String groupName, String permission) {
+    adminClient.post("api/permissions/add_group",
+      "groupName", groupName,
+      "permission", permission);
+  }
+
+  private static void removeGroupPermission(String groupName, String permission) {
+    adminClient.post("api/permissions/remove_group",
+      "groupName", groupName,
+      "permission", permission);
+  }
+
+  private static void removeGroupPermission(String groupName, String projectKey, String permission) {
+    adminClient.post("api/permissions/remove_group",
+      "groupName", groupName,
+      "projectKey", projectKey,
+      "permission", permission);
+  }
+}