diff options
| author | Simon Brandhof <simon.brandhof@sonarsource.com> | 2017-02-08 17:29:21 +0100 |
|---|---|---|
| committer | Simon Brandhof <simon.brandhof@sonarsource.com> | 2017-02-10 22:49:09 +0100 |
| commit | 9fe9e202fe21e5c62378e11992cc46c8122ddf56 (patch) | |
| tree | 9196f66c25adb69d260606fd8a3816aa7bb167dd /server/sonar-server | |
| parent | a477248ab4050a0c81cf9a462c3b99fe4fffddc1 (diff) | |
| download | sonarqube-9fe9e202fe21e5c62378e11992cc46c8122ddf56.tar.gz sonarqube-9fe9e202fe21e5c62378e11992cc46c8122ddf56.zip | |
SONAR-8761 drop sync of root based on user permissions
Diffstat (limited to 'server/sonar-server')
20 files changed, 22 insertions, 700 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java index f7841fb52b5..8ddb2154bd5 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java +++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java @@ -114,7 +114,6 @@ public class UserIdentityAuthenticator { .build()); UserDto newUser = dbClient.userDao().selectOrFailByLogin(dbSession, userLogin); syncGroups(dbSession, user, newUser); - updateRootFlag(dbSession, newUser); return newUser; } @@ -125,7 +124,6 @@ public class UserIdentityAuthenticator { .setExternalIdentity(new ExternalIdentity(provider.getKey(), user.getProviderLogin())) .setPassword(null)); syncGroups(dbSession, user, userDto); - updateRootFlag(dbSession, userDto); } private void syncGroups(DbSession dbSession, UserIdentity userIdentity, UserDto userDto) { @@ -165,11 +163,6 @@ public class UserIdentityAuthenticator { }); } - private void updateRootFlag(DbSession dbSession, UserDto userDto) { - dbClient.userDao().updateRootFlagFromPermissions(dbSession, userDto.getId(), defaultOrganizationProvider.get().getUuid()); - dbSession.commit(); - } - private enum GroupDtoToName implements Function<GroupDto, String> { INSTANCE; diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java index 535f8995da9..1a4de6d5c98 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java @@ -25,7 +25,6 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.permission.GroupPermissionDto; import org.sonar.server.exceptions.BadRequestException; -import org.sonar.server.organization.DefaultOrganizationProvider; import static java.lang.String.format; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; @@ -34,11 +33,9 @@ import static org.sonar.server.permission.ws.PermissionRequestValidator.validate public class GroupPermissionChanger { private final DbClient dbClient; - private final DefaultOrganizationProvider defaultOrganizationProvider; - public GroupPermissionChanger(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) { + public GroupPermissionChanger(DbClient dbClient) { this.dbClient = dbClient; - this.defaultOrganizationProvider = defaultOrganizationProvider; } public boolean apply(DbSession dbSession, GroupPermissionChange change) { @@ -64,7 +61,6 @@ public class GroupPermissionChanger { .setGroupId(change.getGroupIdOrAnyone().getId()) .setResourceId(change.getNullableProjectId()); dbClient.groupPermissionDao().insert(dbSession, addedDto); - updateRootFlag(dbSession, change); return true; } @@ -78,16 +74,9 @@ public class GroupPermissionChanger { change.getOrganizationUuid(), change.getGroupIdOrAnyone().getId(), change.getNullableProjectId()); - updateRootFlag(dbSession, change); return true; } - private void updateRootFlag(DbSession dbSession, GroupPermissionChange change) { - if (SYSTEM_ADMIN.equals(change.getPermission()) && !change.getGroupIdOrAnyone().isAnyone() && !change.getProjectId().isPresent()) { - dbClient.groupDao().updateRootFlagOfUsersInGroupFromPermissions(dbSession, change.getGroupIdOrAnyone().getId(), defaultOrganizationProvider.get().getUuid()); - } - } - private List<String> loadExistingPermissions(DbSession dbSession, GroupPermissionChange change) { Optional<ProjectId> projectId = change.getProjectId(); if (projectId.isPresent()) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java b/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java index 8b7c0b56078..ed862bbbab9 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java @@ -25,7 +25,6 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.permission.UserPermissionDto; import org.sonar.server.exceptions.BadRequestException; -import org.sonar.server.organization.DefaultOrganizationProvider; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; @@ -35,11 +34,9 @@ import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; public class UserPermissionChanger { private final DbClient dbClient; - private final DefaultOrganizationProvider defaultOrganizationProvider; - public UserPermissionChanger(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) { + public UserPermissionChanger(DbClient dbClient) { this.dbClient = dbClient; - this.defaultOrganizationProvider = defaultOrganizationProvider; } public boolean apply(DbSession dbSession, UserPermissionChange change) { @@ -59,7 +56,6 @@ public class UserPermissionChanger { } UserPermissionDto dto = new UserPermissionDto(change.getOrganizationUuid(), change.getPermission(), change.getUserId().getId(), change.getNullableProjectId()); dbClient.userPermissionDao().insert(dbSession, dto); - updateRootFlag(dbSession, change); return true; } @@ -74,7 +70,6 @@ public class UserPermissionChanger { } else { dbClient.userPermissionDao().deleteGlobalPermission(dbSession, change.getUserId().getId(), change.getPermission(), change.getOrganizationUuid()); } - updateRootFlag(dbSession, change); return true; } @@ -99,10 +94,4 @@ public class UserPermissionChanger { } } } - - private void updateRootFlag(DbSession dbSession, UserPermissionChange change) { - if (SYSTEM_ADMIN.equals(change.getPermission()) && !change.getProjectId().isPresent()) { - dbClient.userDao().updateRootFlagFromPermissions(dbSession, change.getUserId().getId(), defaultOrganizationProvider.get().getUuid()); - } - } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java index 890be73e8e1..009fee22a68 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java @@ -59,7 +59,8 @@ public interface UserSession { boolean isLoggedIn(); /** - * Whether the user has root privileges. + * Whether the user has root privileges when organizations are enabled. + * Always returns {@code false} when organizations are disabled. */ boolean isRoot(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java index 688636c5fcf..47c6ddf3ced 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java @@ -92,7 +92,6 @@ public class UserUpdater { public UserDto create(NewUser newUser) { try (DbSession dbSession = dbClient.openSession(false)) { UserDto createdUser = create(dbSession, newUser); - dbClient.userDao().updateRootFlagFromPermissions(dbSession, createdUser.getId(), defaultOrganizationProvider.get().getUuid()); dbSession.commit(); return createdUser; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java index 0ef7cbb3caf..ab5f8a6203e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/AddUserAction.java @@ -28,7 +28,6 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; import org.sonar.db.user.UserGroupDto; -import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.user.UserSession; import static java.lang.String.format; @@ -44,13 +43,11 @@ public class AddUserAction implements UserGroupsWsAction { private final DbClient dbClient; private final UserSession userSession; private final GroupWsSupport support; - private final DefaultOrganizationProvider defaultOrganizationProvider; - public AddUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support, DefaultOrganizationProvider defaultOrganizationProvider) { + public AddUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support) { this.dbClient = dbClient; this.userSession = userSession; this.support = support; - this.defaultOrganizationProvider = defaultOrganizationProvider; } @Override @@ -81,7 +78,6 @@ public class AddUserAction implements UserGroupsWsAction { if (!isMemberOf(dbSession, user, groupId)) { UserGroupDto membershipDto = new UserGroupDto().setGroupId(groupId.getId()).setUserId(user.getId()); dbClient.userGroupDao().insert(dbSession, membershipDto); - dbClient.userDao().updateRootFlagFromPermissions(dbSession, user.getId(), defaultOrganizationProvider.get().getUuid()); dbSession.commit(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java index 35b75f8f453..1a5ab10e85b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/DeleteAction.java @@ -80,7 +80,6 @@ public class DeleteAction implements UserGroupsWsAction { checkNotTryingToDeleteLastAdminGroup(dbSession, groupId); removeGroupPermissions(dbSession, groupId); removeFromPermissionTemplates(dbSession, groupId); - updateRootFlagOfMembers(dbSession, groupId); removeGroupMembers(dbSession, groupId); dbClient.groupDao().deleteById(dbSession, groupId.getId()); @@ -119,10 +118,6 @@ public class DeleteAction implements UserGroupsWsAction { dbClient.permissionTemplateDao().deleteByGroup(dbSession, groupId.getId()); } - private void updateRootFlagOfMembers(DbSession dbSession, GroupId groupId) { - dbClient.groupDao().updateRootFlagOfUsersInGroupFromPermissions(dbSession, groupId.getId(), defaultOrganizationProvider.get().getUuid()); - } - private void removeGroupMembers(DbSession dbSession, GroupId groupId) { dbClient.userGroupDao().deleteByGroupId(dbSession, groupId.getId()); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java index 5287fc0656e..dc0e2b5da57 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/RemoveUserAction.java @@ -27,7 +27,6 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; -import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.user.UserSession; import static java.lang.String.format; @@ -44,13 +43,11 @@ public class RemoveUserAction implements UserGroupsWsAction { private final DbClient dbClient; private final UserSession userSession; private final GroupWsSupport support; - private final DefaultOrganizationProvider defaultOrganizationProvider; - public RemoveUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support, DefaultOrganizationProvider defaultOrganizationProvider) { + public RemoveUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport support) { this.dbClient = dbClient; this.userSession = userSession; this.support = support; - this.defaultOrganizationProvider = defaultOrganizationProvider; } @Override @@ -82,7 +79,6 @@ public class RemoveUserAction implements UserGroupsWsAction { ensureLastAdminIsNotRemoved(dbSession, group, user); dbClient.userGroupDao().delete(dbSession, group.getId(), user.getId()); - dbClient.userDao().updateRootFlagFromPermissions(dbSession, user.getId(), defaultOrganizationProvider.get().getUuid()); dbSession.commit(); response.noContent(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java index 0f17e592ad8..373b0ce035e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java @@ -105,6 +105,7 @@ public class UserIdentityAuthenticatorTest { assertThat(user.getEmail()).isEqualTo("john@email.com"); assertThat(user.getExternalIdentity()).isEqualTo("johndoo"); assertThat(user.getExternalIdentityProvider()).isEqualTo("github"); + assertThat(user.isRoot()).isFalse(); assertThat(db.users().selectGroupIdsOfUser(user)).containsOnly(defaultGroup.getId()); } @@ -118,6 +119,7 @@ public class UserIdentityAuthenticatorTest { Optional<UserDto> user = db.users().selectUserByLogin(USER_LOGIN); assertThat(user).isPresent(); + assertThat(user.get().isRoot()).isFalse(); assertThat(db.users().selectGroupIdsOfUser(user.get())).containsOnly(group1.getId(), group2.getId()); } @@ -140,6 +142,7 @@ public class UserIdentityAuthenticatorTest { assertThat(userDto.getEmail()).isEqualTo("john@email.com"); assertThat(userDto.getExternalIdentity()).isEqualTo("johndoo"); assertThat(userDto.getExternalIdentityProvider()).isEqualTo("github"); + assertThat(userDto.isRoot()).isFalse(); } @Test @@ -160,6 +163,7 @@ public class UserIdentityAuthenticatorTest { assertThat(userDto.getEmail()).isEqualTo("john@email.com"); assertThat(userDto.getExternalIdentity()).isEqualTo("johndoo"); assertThat(userDto.getExternalIdentityProvider()).isEqualTo("github"); + assertThat(userDto.isRoot()).isFalse(); } @Test @@ -206,133 +210,6 @@ public class UserIdentityAuthenticatorTest { } @Test - public void authenticate_new_user_and_add_it_to_no_group_sets_root_flag_to_false() { - authenticate(USER_LOGIN); - - db.rootFlag().verify(USER_LOGIN, false); - } - - @Test - public void authenticate_new_user_and_add_it_to_admin_group_of_default_organization_sets_root_flag_to_true() { - GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization()); - - authenticate(USER_LOGIN, adminGroup.getName()); - - db.rootFlag().verify(USER_LOGIN, true); - } - - @Test - public void authenticate_new_user_and_add_it_to_admin_group_of_other_organization_does_not_set_root_flag_to_true() { - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto adminGroup = db.users().insertAdminGroup(otherOrganization); - - authenticate(USER_LOGIN, adminGroup.getName()); - - db.rootFlag().verify(USER_LOGIN, false); - } - - @Test - public void authenticate_existing_user_and_add_it_to_no_group_sets_root_flag_to_false() { - UserDto userDto = db.users().insertUser(); - - authenticate(userDto.getLogin()); - - db.rootFlag().verify(userDto, false); - } - - @Test - public void authenticate_existing_user_and_add_it_to_admin_group_of_default_organization_sets_root_flag_to_true() { - GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization()); - UserDto userDto = db.users().insertUser(); - - authenticate(userDto.getLogin(), adminGroup.getName()); - - db.rootFlag().verify(userDto, true); - } - - @Test - public void authenticate_existing_user_and_add_it_to_admin_group_of_other_organization_sets_root_flag_to_false() { - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto adminGroup = db.users().insertAdminGroup(otherOrganization); - UserDto userDto = db.users().insertUser(); - - authenticate(userDto.getLogin(), adminGroup.getName()); - - db.rootFlag().verify(userDto, false); - } - - @Test - public void authenticate_existing_user_and_remove_it_from_admin_group_of_default_organization_sets_root_flag_to_false() { - GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization()); - UserDto userDto = db.users().makeRoot(db.users().insertUser()); - db.users().insertMembers(adminGroup, userDto); - - authenticate(userDto.getLogin()); - - db.rootFlag().verify(userDto, false); - } - - @Test - public void authenticate_existing_user_with_user_permission_admin_on_default_organization_with_no_group_does_not_set_root_flag_to_false() { - UserDto rootUser = db.users().insertRootByUserPermission(); - - authenticate(rootUser.getLogin()); - - db.rootFlag().verify(rootUser, true); - } - - @Test - public void authenticate_existing_user_with_user_permission_admin_on_default_organization_with_non_admin_groups_does_not_set_root_flag_to_false() { - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto defaultOrgGroup = db.users().insertGroup(db.getDefaultOrganization()); - GroupDto otherOrgGroup = db.users().insertGroup(otherOrganization); - UserDto rootUser = db.users().insertRootByUserPermission(); - - authenticate(rootUser.getLogin(), defaultOrgGroup.getName(), otherOrgGroup.getName()); - - db.rootFlag().verify(rootUser, true); - } - - @Test - public void authenticate_user_multiple_times_sets_root_flag_to_true_only_if_at_least_one_group_is_admin() { - GroupDto defaultAdminGroup = db.users().insertAdminGroup(db.getDefaultOrganization(), "admin_of_default"); - GroupDto defaultSomeGroup = db.users().insertGroup(db.getDefaultOrganization(), "some_group_of_default"); - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto otherAdminGroup = db.users().insertAdminGroup(otherOrganization, "admin_of_other"); - GroupDto otherSomeGroup = db.users().insertGroup(otherOrganization, "some_group_of_other"); - - authenticate(USER_LOGIN, defaultAdminGroup.getName(), defaultSomeGroup.getName(), otherAdminGroup.getName(), otherSomeGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, defaultAdminGroup.getName(), defaultSomeGroup.getName(), otherAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, otherAdminGroup.getName(), defaultAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, otherAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, false); - - authenticate(USER_LOGIN, otherAdminGroup.getName(), otherSomeGroup.getName()); - db.rootFlag().verify(USER_LOGIN, false); - - authenticate(USER_LOGIN, otherAdminGroup.getName(), otherSomeGroup.getName()); - db.rootFlag().verify(USER_LOGIN, false); - - authenticate(USER_LOGIN, otherAdminGroup.getName(), defaultAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, defaultSomeGroup.getName(), defaultAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, otherSomeGroup.getName(), defaultAdminGroup.getName()); - db.rootFlag().verify(USER_LOGIN, true); - - authenticate(USER_LOGIN, otherSomeGroup.getName(), defaultSomeGroup.getName()); - db.rootFlag().verify(USER_LOGIN, false); - } - - @Test public void ignore_groups_on_non_default_organizations() throws Exception { OrganizationDto org = db.organizations().insert(); UserDto user = db.users().insertUser(newUserDto() diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java index 48ff6a9c89c..fac0e312a19 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java @@ -32,7 +32,6 @@ import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; -import org.sonar.server.organization.TestDefaultOrganizationProvider; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static org.assertj.core.api.Assertions.assertThat; @@ -44,7 +43,7 @@ public class GroupPermissionChangerTest { @Rule public ExpectedException expectedException = ExpectedException.none(); - private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient(), TestDefaultOrganizationProvider.from(db)); + private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient()); private OrganizationDto org; private GroupDto group; private ComponentDto project; diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java index dabab36599f..23f27b4aad4 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java @@ -50,8 +50,7 @@ public class UserPermissionChangerTest { @Rule public ExpectedException expectedException = ExpectedException.none(); - private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); - private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient(), defaultOrganizationProvider); + private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient()); private OrganizationDto org1; private OrganizationDto org2; private UserDto user1; diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java index c0cead62f5a..f93bdf80f9f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java @@ -25,7 +25,6 @@ import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; -import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; @@ -312,62 +311,6 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> { assertThat(db.users().selectGroupPermissions(group, project)).containsOnly(ISSUE_ADMIN); } - - @Test - public void set_root_flag_to_true_on_all_users_in_group_when_admin_permission_to_group_of_default_organization_without_org_param() throws Exception { - GroupDto group = db.users().insertGroup(db.getDefaultOrganization()); - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - UserDto notInGroupUser = db.users().insertUser(); - db.users().insertMembers(group, rootByUserPermissionUser, rootByGroupPermissionUser, notRootUser); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(group, SYSTEM_ADMIN); - - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verify(rootByGroupPermissionUser, true); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(notInGroupUser); - } - - @Test - public void set_root_flag_to_true_on_all_users_in_group_when_admin_permission_to_group_of_default_organization_with_org_param() throws Exception { - GroupDto group = db.users().insertGroup(db.getDefaultOrganization()); - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - UserDto notInGroupUser = db.users().insertUser(); - db.users().insertMembers(group, rootByUserPermissionUser, rootByGroupPermissionUser, notRootUser); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(group, db.getDefaultOrganization(), SYSTEM_ADMIN); - - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verify(rootByGroupPermissionUser, true); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(notInGroupUser); - } - - @Test - public void does_not_set_root_flag_to_true_on_all_users_in_group_when_admin_permission_to_group_of_default_organization() throws Exception { - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto group = db.users().insertGroup(otherOrganization); - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - UserDto notInGroupUser = db.users().insertUser(); - db.users().insertMembers(group, rootByUserPermissionUser, rootByGroupPermissionUser, notRootUser); - loginAsAdmin(otherOrganization); - - executeRequest(group, otherOrganization, SYSTEM_ADMIN); - - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verify(rootByGroupPermissionUser, true); - db.rootFlag().verify(notRootUser, false); - db.rootFlag().verifyUnchanged(notInGroupUser); - } - private void executeRequest(GroupDto groupDto, OrganizationDto organizationDto, String permission) throws Exception { newRequest() .setParam(PARAM_GROUP_NAME, groupDto.getName()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java index 44b8917e31a..1ac4b311c56 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java @@ -262,77 +262,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> { assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(ISSUE_ADMIN); } - @Test - public void sets_root_flag_to_true_when_adding_user_admin_permission_without_org_parameter() throws Exception { - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(notRootUser, SYSTEM_ADMIN); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByUserPermissionUser, SYSTEM_ADMIN); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); // because already has specified user permission - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByGroupPermissionUser, SYSTEM_ADMIN); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); - db.rootFlag().verify(rootByGroupPermissionUser, true); - } - - @Test - public void sets_root_flag_to_true_when_adding_user_admin_permission_with_default_organization_uuid() throws Exception { - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(notRootUser, SYSTEM_ADMIN, db.getDefaultOrganization()); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByUserPermissionUser, SYSTEM_ADMIN, db.getDefaultOrganization()); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); // because already has specified user permission - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByGroupPermissionUser, SYSTEM_ADMIN, db.getDefaultOrganization()); - db.rootFlag().verify(notRootUser, true); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); - db.rootFlag().verify(rootByGroupPermissionUser, true); - } - - @Test - public void does_not_set_root_flag_when_adding_user_admin_permission_with_other_organization_uuid() throws Exception { - OrganizationDto otherOrganization = db.organizations().insert(); - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto notRootUser = db.users().insertUser(); - loginAsAdmin(otherOrganization); - - executeRequest(notRootUser, SYSTEM_ADMIN, otherOrganization); - db.rootFlag().verify(notRootUser, false); - db.rootFlag().verifyUnchanged(rootByUserPermissionUser); - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByUserPermissionUser, SYSTEM_ADMIN, otherOrganization); - db.rootFlag().verify(notRootUser, false); - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verifyUnchanged(rootByGroupPermissionUser); - - executeRequest(rootByGroupPermissionUser, SYSTEM_ADMIN, otherOrganization); - db.rootFlag().verify(notRootUser, false); - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verify(rootByGroupPermissionUser, true); - } - - @Test +@Test public void organization_parameter_must_not_be_set_on_project_permissions() { ComponentDto project = db.components().insertProject(); loginAsAdmin(db.getDefaultOrganization()); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java index 7ce5ae37492..7cfa45aad6b 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java @@ -78,8 +78,8 @@ public abstract class BasePermissionWsTest<A extends PermissionsWsAction> { protected PermissionUpdater newPermissionUpdater() { return new PermissionUpdater(db.getDbClient(), mock(PermissionIndexer.class), - new UserPermissionChanger(db.getDbClient(), defaultOrganizationProvider), - new GroupPermissionChanger(db.getDbClient(), defaultOrganizationProvider)); + new UserPermissionChanger(db.getDbClient()), + new GroupPermissionChanger(db.getDbClient())); } protected TestRequest newRequest() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java index 51d752e5e6e..569e595e88f 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java @@ -25,7 +25,6 @@ import org.sonar.api.web.UserRole; import org.sonar.db.component.ComponentDto; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; -import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; @@ -245,57 +244,6 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio .execute(); } - @Test - public void sets_root_flag_to_false_on_all_users_in_group_when_removing_admin_permission_from_group_of_default_organization_without_org_param() throws Exception { - UserDto lastAdminUser = db.users().insertRootByUserPermission(); - GroupDto adminGroup = db.users().insertAdminGroup(); - UserDto user1 = db.users().insertRootByGroupPermission("user1", adminGroup); - UserDto user2 = db.users().insertRootByGroupPermission("user2", adminGroup); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(adminGroup, SYSTEM_ADMIN); - - db.rootFlag().verify(user1, false); - db.rootFlag().verify(user2, false); - db.rootFlag().verifyUnchanged(lastAdminUser); - } - - @Test - public void sets_root_flag_to_false_on_all_users_in_group_when_removing_admin_permission_from_group_of_default_organization_with_org_param() throws Exception { - UserDto lastAdminUser = db.users().insertRootByUserPermission(); - GroupDto adminGroup = db.users().insertAdminGroup(); - UserDto user1 = db.users().insertRootByGroupPermission("user1", adminGroup); - UserDto user2 = db.users().insertRootByGroupPermission("user2", adminGroup); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(adminGroup, db.getDefaultOrganization(), SYSTEM_ADMIN); - - db.rootFlag().verify(user1, false); - db.rootFlag().verify(user2, false); - db.rootFlag().verifyUnchanged(lastAdminUser); - } - - @Test - public void does_not_set_root_flag_to_false_on_all_users_in_group_when_removing_admin_permission_from_group_of_other_organization() throws Exception { - OrganizationDto otherOrganization = db.organizations().insert(); - UserDto lastAdmin = db.users().insertUser(); - db.users().insertPermissionOnUser(otherOrganization, lastAdmin, SYSTEM_ADMIN); - GroupDto adminGroup = db.users().insertAdminGroup(otherOrganization); - UserDto rootByUserPermissionUser = db.users().insertRootByUserPermission(); - UserDto rootByGroupPermissionUser = db.users().insertRootByGroupPermission(); - UserDto inAdminGroupUser = db.users().insertUser(); - UserDto notInGroupUser = db.users().insertUser(); - db.users().insertMembers(adminGroup, rootByUserPermissionUser, rootByGroupPermissionUser, inAdminGroupUser); - loginAsAdmin(otherOrganization); - - executeRequest(adminGroup, otherOrganization, SYSTEM_ADMIN); - - db.rootFlag().verify(rootByUserPermissionUser, true); - db.rootFlag().verify(rootByGroupPermissionUser, true); - db.rootFlag().verify(inAdminGroupUser, false); - db.rootFlag().verifyUnchanged(notInGroupUser); - } - private void executeRequest(GroupDto groupDto, String permission) throws Exception { newRequest() .setParam(PARAM_GROUP_NAME, groupDto.getName()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java index d2b8c971d12..1652263f7a9 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java @@ -23,7 +23,6 @@ import org.junit.Before; import org.junit.Test; import org.sonar.api.web.UserRole; import org.sonar.db.component.ComponentDto; -import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; @@ -40,7 +39,6 @@ import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newFileDto; import static org.sonar.db.component.ComponentTesting.newProjectDto; import static org.sonar.db.component.ComponentTesting.newView; -import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY; @@ -232,65 +230,6 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction> } @Test - public void sets_root_flag_to_false_when_removing_user_admin_permission_of_default_organization_without_org_parameter() throws Exception { - UserDto lastAdminUser = db.users().insertRootByUserPermission(); - UserDto adminUser = db.users().insertRootByUserPermission(); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(adminUser, SYSTEM_ADMIN); - - db.rootFlag().verify(adminUser, false); - } - - @Test - public void sets_root_flag_to_false_when_removing_user_admin_permission_of_default_organization_with_org_parameter() throws Exception { - UserDto lastAdminUser = db.users().insertRootByUserPermission(); - UserDto adminUser = db.users().insertRootByUserPermission(); - loginAsAdmin(db.getDefaultOrganization()); - - executeRequest(adminUser, db.getDefaultOrganization(), SYSTEM_ADMIN); - - db.rootFlag().verify(adminUser, false); - } - - @Test - public void does_not_set_root_flag_to_false_when_removing_user_admin_permission_of_other_organization() throws Exception { - UserDto rootUser = db.users().insertRootByUserPermission(); - UserDto notRootUser = db.users().insertUser(); - OrganizationDto otherOrganization = db.organizations().insert(); - db.users().insertPermissionOnUser(otherOrganization, rootUser, SYSTEM_ADMIN); - db.users().insertPermissionOnUser(otherOrganization, notRootUser, SYSTEM_ADMIN); - // another admin is required so that admin permission can be dropped - UserDto anotherAdmin = db.users().insertUser(); - db.users().insertPermissionOnUser(otherOrganization, anotherAdmin, SYSTEM_ADMIN); - - loginAsAdmin(otherOrganization); - - executeRequest(rootUser, otherOrganization, SYSTEM_ADMIN); - db.rootFlag().verify(rootUser, true); - db.rootFlag().verifyUnchanged(notRootUser); - - executeRequest(notRootUser, otherOrganization, SYSTEM_ADMIN); - db.rootFlag().verify(rootUser, true); - db.rootFlag().verify(notRootUser, false); - } - - private void executeRequest(UserDto userDto, OrganizationDto organizationDto, String permission) throws Exception { - newRequest() - .setParam(PARAM_USER_LOGIN, userDto.getLogin()) - .setParam(PARAM_PERMISSION, permission) - .setParam(PARAM_ORGANIZATION, organizationDto.getKey()) - .execute(); - } - - private void executeRequest(UserDto userDto, String permission) throws Exception { - newRequest() - .setParam(PARAM_USER_LOGIN, userDto.getLogin()) - .setParam(PARAM_PERMISSION, permission) - .execute(); - } - - @Test public void removing_global_permission_fails_if_not_administrator_of_organization() throws Exception { userSession.logIn(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java index 269ca936220..c5347fc49b9 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java @@ -113,6 +113,7 @@ public class CreateActionTest { // exists in db Optional<UserDto> dbUser = db.users().selectUserByLogin("john"); assertThat(dbUser).isPresent(); + assertThat(dbUser.get().isRoot()).isFalse(); // member of default group in default organization assertThat(db.users().selectGroupIdsOfUser(dbUser.get())).containsOnly(defaultGroupInDefaultOrg.getId()); @@ -130,8 +131,8 @@ public class CreateActionTest { .build()); assertThat(db.users().selectUserByLogin("john").get()) - .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity) - .containsOnly(true, "sonarqube", "john"); + .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity, UserDto::isRoot) + .containsOnly(true, "sonarqube", "john", false); } @Test @@ -145,8 +146,8 @@ public class CreateActionTest { .build()); assertThat(db.users().selectUserByLogin("john").get()) - .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity) - .containsOnly(false, "sonarqube", "john"); + .extracting(UserDto::isLocal, UserDto::getExternalIdentityProvider, UserDto::getExternalIdentity, UserDto::isRoot) + .containsOnly(false, "sonarqube", "john", false); } @Test @@ -213,27 +214,6 @@ public class CreateActionTest { } @Test - public void create_user_with_root_flag_to_false_if_default_group_is_unset() throws Exception { - unsetDefaultGroupProperty(); - logInAsRoot(); - - executeRequest("john"); - - db.rootFlag().verify("john", false); - } - - @Test - public void create_user_with_root_flag_to_false_if_default_group_is_non_admin_on_default_organization() throws Exception { - GroupDto adminGroup = db.users().insertGroup(db.getDefaultOrganization()); - setDefaultGroupProperty(adminGroup); - logInAsRoot(); - - executeRequest("foo"); - - db.rootFlag().verify("foo", false); - } - - @Test public void request_fails_with_ServerException_when_default_group_belongs_to_another_organization() throws Exception { OrganizationDto otherOrganization = db.organizations().insert(); GroupDto group = db.users().insertGroup(otherOrganization); @@ -248,17 +228,6 @@ public class CreateActionTest { } @Test - public void create_user_with_root_flag_to_true_if_default_group_is_admin_on_default_organization() throws Exception { - GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization()); - setDefaultGroupProperty(adminGroup); - logInAsRoot(); - - executeRequest("doh"); - - db.rootFlag().verify("doh", true); - } - - @Test public void fail_when_missing_login() throws Exception { logInAsRoot(); @@ -322,10 +291,6 @@ public class CreateActionTest { executeRequest("john"); } - private void unsetDefaultGroupProperty() { - settings.setProperty("sonar.defaultGroup", (String) null); - } - private void setDefaultGroupProperty(GroupDto adminGroup) { settings.setProperty("sonar.defaultGroup", adminGroup.getName()); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java index 449b56b292c..95bb208352a 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java @@ -58,7 +58,7 @@ public class AddUserActionTest { @Before public void setUp() { - ws = new WsTester(new UserGroupsWs(new AddUserAction(db.getDbClient(), userSession, newGroupWsSupport(), defaultOrganizationProvider))); + ws = new WsTester(new UserGroupsWs(new AddUserAction(db.getDbClient(), userSession, newGroupWsSupport()))); } @Test @@ -197,47 +197,6 @@ public class AddUserActionTest { executeRequest(group, user); } - @Test - public void set_root_flag_to_true_when_adding_user_to_group_of_default_organization_with_admin_permission() throws Exception { - GroupDto group = db.users().insertAdminGroup(); - UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser("falselyRootUser")); - UserDto notRootUser = db.users().insertUser("notRootUser"); - loginAsAdminOnDefaultOrganization(); - - executeRequest(group, falselyRootUser); - verifyUserInGroup(falselyRootUser, group); - db.rootFlag().verify(falselyRootUser, true); - verifyUserNotInGroup(notRootUser, group); - db.rootFlag().verifyUnchanged(notRootUser); - - executeRequest(group, notRootUser); - verifyUserInGroup(falselyRootUser, group); - db.rootFlag().verify(falselyRootUser, true); - verifyUserInGroup(notRootUser, group); - db.rootFlag().verify(notRootUser, true); - } - - @Test - public void does_not_set_root_flag_to_true_when_adding_user_to_group_of_other_organization_with_admin_permission() throws Exception { - OrganizationDto otherOrganization = db.organizations().insert(); - GroupDto group = db.users().insertAdminGroup(otherOrganization); - UserDto falselyRootUser = db.users().makeRoot(db.users().insertUser("falselyRootUser")); - UserDto notRootUser = db.users().insertUser("notRootUser"); - loginAsAdmin(otherOrganization); - - executeRequest(group, falselyRootUser); - verifyUserInGroup(falselyRootUser, group); - db.rootFlag().verify(falselyRootUser, false); - verifyUserNotInGroup(notRootUser, group); - db.rootFlag().verifyUnchanged(notRootUser); - - executeRequest(group, notRootUser); - verifyUserInGroup(falselyRootUser, group); - db.rootFlag().verify(falselyRootUser, false); - verifyUserInGroup(notRootUser, group); - db.rootFlag().verify(notRootUser, false); - } - private void executeRequest(GroupDto groupDto, UserDto userDto) throws Exception { newRequest() .setParam("id", groupDto.getId().toString()) @@ -278,18 +237,6 @@ public class AddUserActionTest { return new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider); } - private void verifyUserInGroup(UserDto userDto, GroupDto groupDto) { - assertThat(isUserInGroup(userDto, groupDto)) - .as("user '%s' is a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid()) - .isTrue(); - } - - private void verifyUserNotInGroup(UserDto userDto, GroupDto groupDto) { - assertThat(isUserInGroup(userDto, groupDto)) - .as("user '%s' is not a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid()) - .isFalse(); - } - private boolean isUserInGroup(UserDto userDto, GroupDto groupDto) { List<UserMembershipDto> members = db.getDbClient().groupMembershipDao() .selectMembers(db.getSession(), UserMembershipQuery.builder().groupId(groupDto.getId()).membership(UserMembershipQuery.IN).build(), 0, Integer.MAX_VALUE); diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java index 5e97c03b196..6893bd8e510 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java @@ -270,85 +270,6 @@ public class DeleteActionTest { assertThat(db.users().selectGroupPermissions(adminGroup2, null)).hasSize(1); } - @Test - public void deleting_a_group_of_default_organization_with_admin_permissions_updates_root_flag_of_its_members() throws Exception { - UserDto rootByUserPermission1 = db.users().insertRootByUserPermission("root1"); - UserDto rootByUserPermission2 = db.users().insertRootByUserPermission("root2"); - UserDto rootByUserPermission3 = db.users().insertRootByUserPermission("root3"); - GroupDto adminGroup1 = db.users().insertAdminGroup(db.getDefaultOrganization()); - GroupDto adminGroup2 = db.users().insertAdminGroup(db.getDefaultOrganization()); - // member of admin group 1 - UserDto rootByGroupPermission1 = db.users().insertRootByGroupPermission(adminGroup1); - UserDto rootByGroupPermission2 = db.users().insertRootByGroupPermission(adminGroup1); - db.users().insertMembers(adminGroup1, rootByUserPermission1); - db.users().insertMembers(adminGroup1, rootByUserPermission3); - // members of admin group 2 - UserDto rootByGroupPermission3 = db.users().insertRootByGroupPermission(adminGroup2); - db.users().insertMembers(adminGroup2, rootByUserPermission2); - db.users().insertMembers(adminGroup2, rootByUserPermission3); - db.users().insertMembers(adminGroup2, rootByGroupPermission2); - loginAsAdmin(db.getDefaultOrganization()); - - executeDeleteGroupRequest(adminGroup1); - db.rootFlag().verify(rootByUserPermission1, true); - db.rootFlag().verifyUnchanged(rootByUserPermission2); - db.rootFlag().verify(rootByUserPermission3, true); - db.rootFlag().verify(rootByGroupPermission1, false); - db.rootFlag().verify(rootByGroupPermission2, true); - db.rootFlag().verifyUnchanged(rootByGroupPermission3); - - executeDeleteGroupRequest(adminGroup2); - db.rootFlag().verify(rootByUserPermission1, true); - db.rootFlag().verify(rootByUserPermission2, true); - db.rootFlag().verify(rootByUserPermission3, true); - db.rootFlag().verify(rootByGroupPermission1, false); - db.rootFlag().verify(rootByGroupPermission2, false); - db.rootFlag().verify(rootByGroupPermission3, false); - } - - @Test - public void deleting_a_group_of_other_organization_with_admin_permissions_does_not_update_root_flag_of_its_members() throws Exception { - OrganizationDto otherOrganization = db.organizations().insert(); - UserDto rootByUserPermission1 = db.users().insertRootByUserPermission("root1"); - UserDto rootByUserPermission2 = db.users().insertRootByUserPermission("root2"); - UserDto rootByUserPermission3 = db.users().insertRootByUserPermission("root3"); - db.users().insertPermissionOnUser(otherOrganization, rootByUserPermission1, SYSTEM_ADMIN); - db.users().insertPermissionOnUser(otherOrganization, rootByUserPermission2, SYSTEM_ADMIN); - db.users().insertPermissionOnUser(otherOrganization, rootByUserPermission3, SYSTEM_ADMIN); - GroupDto adminGroup1 = db.users().insertAdminGroup(otherOrganization); - GroupDto adminGroup2 = db.users().insertAdminGroup(otherOrganization); - // member of admin group 1 - UserDto falselyRootByGroupPermission1 = db.users().makeRoot(db.users().insertUser()); - UserDto falselyRootByGroupPermission2 = db.users().makeRoot(db.users().insertUser()); - db.users().insertMembers(adminGroup1, falselyRootByGroupPermission1); - db.users().insertMembers(adminGroup1, falselyRootByGroupPermission2); - db.users().insertMembers(adminGroup1, rootByUserPermission1); - db.users().insertMembers(adminGroup1, rootByUserPermission3); - // members of admin group 2 - UserDto falselyRootByGroupPermission3 = db.users().makeRoot(db.users().insertUser()); - db.users().insertMembers(adminGroup2, falselyRootByGroupPermission3); - db.users().insertMembers(adminGroup2, rootByUserPermission2); - db.users().insertMembers(adminGroup2, rootByUserPermission3); - db.users().insertMembers(adminGroup2, falselyRootByGroupPermission2); - loginAsAdmin(otherOrganization); - - executeDeleteGroupRequest(adminGroup1); - db.rootFlag().verify(rootByUserPermission1, true); - db.rootFlag().verifyUnchanged(rootByUserPermission2); - db.rootFlag().verify(rootByUserPermission3, true); - db.rootFlag().verify(falselyRootByGroupPermission1, false); - db.rootFlag().verify(falselyRootByGroupPermission2, false); - db.rootFlag().verifyUnchanged(falselyRootByGroupPermission3); - - executeDeleteGroupRequest(adminGroup2); - db.rootFlag().verify(rootByUserPermission1, true); - db.rootFlag().verify(rootByUserPermission2, true); - db.rootFlag().verify(rootByUserPermission3, true); - db.rootFlag().verify(falselyRootByGroupPermission1, false); - db.rootFlag().verify(falselyRootByGroupPermission2, false); - db.rootFlag().verify(falselyRootByGroupPermission3, false); - } - private WsTester.Result executeDeleteGroupRequest(GroupDto adminGroup1) throws Exception { return newRequest() .setParam(PARAM_GROUP_ID, adminGroup1.getId().toString()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java index 0dc09b99f0d..1bd98d38376 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/RemoveUserActionTest.java @@ -19,7 +19,6 @@ */ package org.sonar.server.usergroups.ws; -import java.util.List; import org.junit.Before; import org.junit.Rule; import org.junit.Test; @@ -30,8 +29,6 @@ import org.sonar.db.DbTester; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; -import org.sonar.db.user.UserMembershipDto; -import org.sonar.db.user.UserMembershipQuery; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; @@ -59,7 +56,7 @@ public class RemoveUserActionTest { @Before public void setUp() { GroupWsSupport groupSupport = new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider); - ws = new WsTester(new UserGroupsWs(new RemoveUserAction(db.getDbClient(), userSession, groupSupport, defaultOrganizationProvider))); + ws = new WsTester(new UserGroupsWs(new RemoveUserAction(db.getDbClient(), userSession, groupSupport))); } @Test @@ -185,68 +182,6 @@ public class RemoveUserActionTest { } @Test - public void sets_root_flag_to_false_when_removing_user_from_group_of_default_organization_with_admin_permission() throws Exception { - // keep an administrator - insertAnAdministratorInDefaultOrganization(); - - GroupDto adminGroup = db.users().insertAdminGroup(); - UserDto user1 = db.users().insertRootByGroupPermission("user1", adminGroup); - UserDto user2 = db.users().insertRootByGroupPermission("user2", adminGroup); - loginAsAdminOnDefaultOrganization(); - - executeRequest(adminGroup, user1); - verifyUserNotInGroup(user1, adminGroup); - verifyRootFlagUpdated(user1, false); - verifyUserInGroup(user2, adminGroup); - verifyUnchanged(user2); - - executeRequest(adminGroup, user2); - verifyUserNotInGroup(user1, adminGroup); - verifyRootFlag(user1, false); - verifyUserNotInGroup(user2, adminGroup); - verifyRootFlagUpdated(user2, false); - } - - @Test - public void does_not_set_root_flag_to_false_when_removing_user_from_group_of_default_organization_and_user_is_admin_of_default_organization_another_way() - throws Exception { - GroupDto adminGroup1 = db.users().insertAdminGroup(); - UserDto adminUserByUserPermission = db.users().insertRootByUserPermission("adminUserByUserPermission"); - UserDto adminUserByTwoGroups = db.users().insertRootByGroupPermission("adminUserByTwoGroups", adminGroup1); - UserDto adminUserBySingleGroup = db.users().insertUser("adminUserBySingleGroup"); - GroupDto adminGroup2 = db.users().insertAdminGroup(); - db.users().insertMembers(adminGroup2, adminUserByUserPermission, adminUserByTwoGroups, adminUserBySingleGroup); - loginAsAdminOnDefaultOrganization(); - - executeRequest(adminGroup2, adminUserByUserPermission); - verifyUserNotInGroup(adminUserByUserPermission, adminGroup2); - verifyRootFlagUpdated(adminUserByUserPermission, true); - verifyUserInGroup(adminUserByTwoGroups, adminGroup2); - verifyUserInGroup(adminUserByTwoGroups, adminGroup1); - verifyUnchanged(adminUserByTwoGroups); - verifyUserInGroup(adminUserBySingleGroup, adminGroup2); - verifyUnchanged(adminUserBySingleGroup); - - executeRequest(adminGroup2, adminUserByTwoGroups); - verifyUserNotInGroup(adminUserByUserPermission, adminGroup2); - verifyRootFlag(adminUserByUserPermission, true); - verifyUserNotInGroup(adminUserByTwoGroups, adminGroup2); - verifyUserInGroup(adminUserByTwoGroups, adminGroup1); - verifyRootFlagUpdated(adminUserByTwoGroups, true); - verifyUserInGroup(adminUserBySingleGroup, adminGroup2); - verifyUnchanged(adminUserBySingleGroup); - - executeRequest(adminGroup2, adminUserBySingleGroup); - verifyUserNotInGroup(adminUserByUserPermission, adminGroup2); - verifyRootFlag(adminUserByUserPermission, true); - verifyUserNotInGroup(adminUserByTwoGroups, adminGroup2); - verifyUserInGroup(adminUserByTwoGroups, adminGroup1); - verifyRootFlagUpdated(adminUserByTwoGroups, true); - verifyUserNotInGroup(adminUserBySingleGroup, adminGroup2); - verifyRootFlagUpdated(adminUserBySingleGroup, false); - } - - @Test public void throw_ForbiddenException_if_not_administrator_of_organization() throws Exception { OrganizationDto org = db.organizations().insert(); GroupDto group = db.users().insertGroup(org, "a-group"); @@ -281,13 +216,6 @@ public class RemoveUserActionTest { .execute(); } - private void executeRequest(GroupDto group, UserDto user) throws Exception { - newRequest() - .setParam("id", group.getId().toString()) - .setParam("login", user.getLogin()) - .execute(); - } - private WsTester.TestRequest newRequest() { return ws.newPostRequest("api/user_groups", "remove_user"); } @@ -300,38 +228,6 @@ public class RemoveUserActionTest { userSession.logIn("admin").addOrganizationPermission(org.getUuid(), GlobalPermissions.SYSTEM_ADMIN); } - private void verifyUnchanged(UserDto user) { - db.rootFlag().verifyUnchanged(user); - } - - private void verifyRootFlagUpdated(UserDto userDto, boolean root) { - db.rootFlag().verify(userDto, root); - } - - private void verifyRootFlag(UserDto userDto, boolean root) { - db.rootFlag().verify(userDto, root); - } - - private void verifyUserInGroup(UserDto userDto, GroupDto groupDto) { - assertThat(isUserInGroup(userDto, groupDto)) - .as("user '%s' is a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid()) - .isTrue(); - } - - private void verifyUserNotInGroup(UserDto userDto, GroupDto groupDto) { - assertThat(isUserInGroup(userDto, groupDto)) - .as("user '%s' is not a member of group '%s' of organization '%s'", userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid()) - .isFalse(); - } - - private boolean isUserInGroup(UserDto userDto, GroupDto groupDto) { - List<UserMembershipDto> members = db.getDbClient().groupMembershipDao() - .selectMembers(db.getSession(), UserMembershipQuery.builder().groupId(groupDto.getId()).membership(UserMembershipQuery.IN).build(), 0, Integer.MAX_VALUE); - return members - .stream() - .anyMatch(dto -> dto.getLogin().equals(userDto.getLogin())); - } - private UserDto insertAnAdministratorInDefaultOrganization() { return db.users().insertAdminByUserPermission(db.getDefaultOrganization()); } |