diff options
| author | Simon Brandhof <simon.brandhof@sonarsource.com> | 2016-10-20 19:58:55 +0200 |
|---|---|---|
| committer | Simon Brandhof <simon.brandhof@sonarsource.com> | 2016-10-21 15:58:39 +0200 |
| commit | c004eacf334304b7a850185fe2cc4d6d521506b0 (patch) | |
| tree | caea7e20c1897e5bdb793b925469b0be12022f44 /server/sonar-server | |
| parent | 4770d7ad2a4b88f08fe68be907b1a0f75c964912 (diff) | |
| download | sonarqube-c004eacf334304b7a850185fe2cc4d6d521506b0.tar.gz sonarqube-c004eacf334304b7a850185fe2cc4d6d521506b0.zip | |
SONAR-8134 merge PermissionRepository into PermissionTemplateService
Diffstat (limited to 'server/sonar-server')
11 files changed, 712 insertions, 28 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java index b8f448b3cac..81003ce173d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/computation/queue/ReportSubmitter.java @@ -21,7 +21,6 @@ package org.sonar.server.computation.queue; import com.google.common.base.Optional; import java.io.InputStream; -import javax.annotation.CheckForNull; import javax.annotation.Nullable; import org.apache.commons.lang.StringUtils; import org.sonar.api.resources.Qualifiers; @@ -70,10 +69,12 @@ public class ReportSubmitter { } } - @CheckForNull private ComponentDto createProject(DbSession dbSession, String projectKey, @Nullable String projectBranch, @Nullable String projectName) { - boolean wouldCurrentUserHaveScanPermission = permissionTemplateService.wouldCurrentUserHavePermissionWithDefaultTemplate(dbSession, SCAN_EXECUTION, projectBranch, projectKey, - Qualifiers.PROJECT); + Integer userId = userSession.getUserId(); + Long projectCreatorUserId = userId == null ? null : userId.longValue(); + + boolean wouldCurrentUserHaveScanPermission = permissionTemplateService.wouldUserHavePermissionWithDefaultTemplate( + dbSession, projectCreatorUserId, SCAN_EXECUTION, projectBranch, projectKey, Qualifiers.PROJECT); if (!wouldCurrentUserHaveScanPermission) { throw insufficientPrivilegesException(); } @@ -84,8 +85,7 @@ public class ReportSubmitter { // "provisioning" permission is check in ComponentService ComponentDto project = componentService.create(dbSession, newProject); - Integer currentUserId = userSession.getUserId(); - permissionTemplateService.applyDefault(dbSession, project, currentUserId != null ? currentUserId.longValue() : null); + permissionTemplateService.applyDefault(dbSession, project, projectCreatorUserId); return project; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java index bcfbeea2a04..5bc1ae77693 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java @@ -19,9 +19,16 @@ */ package org.sonar.server.permission; +import java.text.MessageFormat; +import java.util.ArrayList; import java.util.Collection; +import java.util.Iterator; import java.util.List; +import java.util.Set; +import javax.annotation.CheckForNull; import javax.annotation.Nullable; +import org.apache.commons.lang.StringUtils; +import org.sonar.api.config.Settings; import org.sonar.api.resources.Qualifiers; import org.sonar.api.server.ServerSide; import org.sonar.core.component.ComponentKeys; @@ -31,12 +38,18 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ResourceDto; -import org.sonar.db.permission.PermissionRepository; +import org.sonar.db.permission.GroupPermissionDto; +import org.sonar.db.permission.UserPermissionDto; +import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto; import org.sonar.db.permission.template.PermissionTemplateDto; +import org.sonar.db.permission.template.PermissionTemplateGroupDto; +import org.sonar.db.permission.template.PermissionTemplateUserDto; import org.sonar.server.permission.index.PermissionIndexer; import org.sonar.server.user.UserSession; +import static com.google.common.base.Preconditions.checkArgument; import static java.util.Arrays.asList; +import static org.sonar.api.security.DefaultGroups.isAnyone; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdminUserByComponentKey; import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; @@ -44,13 +57,13 @@ import static org.sonar.server.ws.WsUtils.checkFoundWithOptional; public class PermissionTemplateService { private final DbClient dbClient; - private final PermissionRepository permissionRepository; + private final Settings settings; private final PermissionIndexer permissionIndexer; private final UserSession userSession; - public PermissionTemplateService(DbClient dbClient, PermissionRepository permissionRepository, PermissionIndexer permissionIndexer, UserSession userSession) { + public PermissionTemplateService(DbClient dbClient, Settings settings, PermissionIndexer permissionIndexer, UserSession userSession) { this.dbClient = dbClient; - this.permissionRepository = permissionRepository; + this.settings = settings; this.permissionIndexer = permissionIndexer; this.userSession = userSession; } @@ -85,20 +98,22 @@ public class PermissionTemplateService { Integer currentUserId = userSession.getUserId(); Long userId = Qualifiers.PROJECT.equals(component.qualifier()) && currentUserId != null ? currentUserId.longValue() : null; - permissionRepository.applyDefaultPermissionTemplate(session, component, userId); - session.commit(); - indexProjectPermissions(session, asList(component.uuid())); + applyDefault(session, component, userId); } - public boolean wouldCurrentUserHavePermissionWithDefaultTemplate(DbSession dbSession, String permission, @Nullable String branch, String projectKey, String qualifier) { + public boolean wouldUserHavePermissionWithDefaultTemplate(DbSession dbSession, @Nullable Long userId, String permission, @Nullable String branch, String projectKey, String qualifier) { if (userSession.hasPermission(permission)) { return true; } String effectiveKey = ComponentKeys.createKey(projectKey, branch); + PermissionTemplateDto template = findDefaultTemplate(dbSession, new ComponentDto().setKey(effectiveKey).setQualifier(qualifier)); + if (template == null) { + return false; + } - Long userId = userSession.getUserId() == null ? null : userSession.getUserId().longValue(); - return permissionRepository.wouldUserHavePermissionWithDefaultTemplate(dbSession, userId, permission, effectiveKey, qualifier); + List<String> potentialPermissions = dbClient.permissionTemplateDao().selectPotentialPermissionsByUserIdAndTemplateId(dbSession, userId, template.getId()); + return potentialPermissions.contains(permission); } /** @@ -112,7 +127,7 @@ public class PermissionTemplateService { } for (ComponentDto project : projects) { - permissionRepository.apply(dbSession, template, project, null); + copyPermissions(dbSession, template, project, null); } dbSession.commit(); indexProjectPermissions(dbSession, projects.stream().map(ComponentDto::uuid).collect(Collectors.toList())); @@ -128,7 +143,9 @@ public class PermissionTemplateService { * benefit from the permissions defined in the template for "project creator". */ public void applyDefault(DbSession dbSession, ComponentDto component, @Nullable Long projectCreatorUserId) { - permissionRepository.applyDefaultPermissionTemplate(dbSession, component, projectCreatorUserId); + PermissionTemplateDto template = findDefaultTemplate(dbSession, component); + checkArgument(template != null, "Can not retrieve default permission template"); + copyPermissions(dbSession, template, component, projectCreatorUserId); dbSession.commit(); indexProjectPermissions(dbSession, asList(component.uuid())); } @@ -136,4 +153,92 @@ public class PermissionTemplateService { private void indexProjectPermissions(DbSession dbSession, List<String> projectUuids) { permissionIndexer.index(dbSession, projectUuids); } + + private void copyPermissions(DbSession dbSession, PermissionTemplateDto template, ComponentDto project, @Nullable Long projectCreatorUserId) { + dbClient.resourceDao().updateAuthorizationDate(project.getId(), dbSession); + dbClient.groupPermissionDao().deleteByRootComponentId(dbSession, project.getId()); + dbClient.userPermissionDao().deleteProjectPermissions(dbSession, project.getId()); + + List<PermissionTemplateUserDto> usersPermissions = dbClient.permissionTemplateDao().selectUserPermissionsByTemplateId(dbSession, template.getId()); + String organizationUuid = template.getOrganizationUuid(); + usersPermissions + .forEach(up -> { + UserPermissionDto dto = new UserPermissionDto(organizationUuid, up.getPermission(), up.getUserId(), project.getId()); + dbClient.userPermissionDao().insert(dbSession, dto); + }); + + List<PermissionTemplateGroupDto> groupsPermissions = dbClient.permissionTemplateDao().selectGroupPermissionsByTemplateId(dbSession, template.getId()); + groupsPermissions.forEach(gp -> { + GroupPermissionDto dto = new GroupPermissionDto() + .setOrganizationUuid(organizationUuid) + .setGroupId(isAnyone(gp.getGroupName()) ? null : gp.getGroupId()) + .setRole(gp.getPermission()) + .setResourceId(project.getId()); + dbClient.groupPermissionDao().insert(dbSession, dto); + }); + + List<PermissionTemplateCharacteristicDto> characteristics = dbClient.permissionTemplateCharacteristicDao().selectByTemplateIds(dbSession, asList(template.getId())); + if (projectCreatorUserId != null) { + Set<String> permissionsForCurrentUserAlreadyInDb = usersPermissions.stream() + .filter(userPermission -> projectCreatorUserId.equals(userPermission.getUserId())) + .map(PermissionTemplateUserDto::getPermission) + .collect(java.util.stream.Collectors.toSet()); + characteristics.stream() + .filter(PermissionTemplateCharacteristicDto::getWithProjectCreator) + .filter(characteristic -> !permissionsForCurrentUserAlreadyInDb.contains(characteristic.getPermission())) + .forEach(c -> { + UserPermissionDto dto = new UserPermissionDto(organizationUuid, c.getPermission(), projectCreatorUserId, project.getId()); + dbClient.userPermissionDao().insert(dbSession, dto); + }); + } + } + + /** + * Return the permission template for the given component. If no template key pattern match then consider default + * template for the component qualifier. + */ + @CheckForNull + private PermissionTemplateDto findDefaultTemplate(DbSession dbSession, ComponentDto component) { + // FIXME performance issue here, we should not load all templates + List<PermissionTemplateDto> allPermissionTemplates = dbClient.permissionTemplateDao().selectAll(dbSession); + List<PermissionTemplateDto> matchingTemplates = new ArrayList<>(); + for (PermissionTemplateDto permissionTemplateDto : allPermissionTemplates) { + String keyPattern = permissionTemplateDto.getKeyPattern(); + if (StringUtils.isNotBlank(keyPattern) && component.getKey().matches(keyPattern)) { + matchingTemplates.add(permissionTemplateDto); + } + } + checkAtMostOneMatchForComponentKey(component.getKey(), matchingTemplates); + if (matchingTemplates.size() == 1) { + return matchingTemplates.get(0); + } + String qualifierTemplateKey = settings.getString("sonar.permission.template." + component.qualifier() + ".default"); + if (!StringUtils.isBlank(qualifierTemplateKey)) { + return dbClient.permissionTemplateDao().selectByUuid(dbSession, qualifierTemplateKey); + } + + String defaultTemplateKey = settings.getString("sonar.permission.template.default"); + if (StringUtils.isBlank(defaultTemplateKey)) { + throw new IllegalStateException("At least one default permission template should be defined"); + } + return dbClient.permissionTemplateDao().selectByUuid(dbSession, defaultTemplateKey); + } + + private static void checkAtMostOneMatchForComponentKey(String componentKey, List<PermissionTemplateDto> matchingTemplates) { + if (matchingTemplates.size() > 1) { + StringBuilder templatesNames = new StringBuilder(); + for (Iterator<PermissionTemplateDto> it = matchingTemplates.iterator(); it.hasNext();) { + templatesNames.append("\"").append(it.next().getName()).append("\""); + if (it.hasNext()) { + templatesNames.append(", "); + } + } + throw new IllegalStateException(MessageFormat.format( + "The \"{0}\" key matches multiple permission templates: {1}." + + " A system administrator must update these templates so that only one of them matches the key.", + componentKey, + templatesNames.toString())); + } + } + } diff --git a/server/sonar-server/src/main/java/org/sonar/server/platform/platformlevel/PlatformLevel4.java b/server/sonar-server/src/main/java/org/sonar/server/platform/platformlevel/PlatformLevel4.java index 0de4247ce5f..2847f719297 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/platform/platformlevel/PlatformLevel4.java +++ b/server/sonar-server/src/main/java/org/sonar/server/platform/platformlevel/PlatformLevel4.java @@ -33,7 +33,6 @@ import org.sonar.ce.CeModule; import org.sonar.ce.settings.ProjectSettingsFactory; import org.sonar.core.component.DefaultResourceTypes; import org.sonar.core.timemachine.Periods; -import org.sonar.db.permission.PermissionRepository; import org.sonar.server.authentication.AuthenticationModule; import org.sonar.server.batch.BatchWsModule; import org.sonar.server.ce.ws.CeWsModule; @@ -431,7 +430,6 @@ public class PlatformLevel4 extends PlatformLevel { // permissions PermissionsWsModule.class, - PermissionRepository.class, PermissionTemplateService.class, PermissionUpdater.class, UserPermissionChanger.class, diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java index 645e8928c50..7367d0d2d21 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java @@ -107,7 +107,7 @@ public class ReportSubmitterTest { when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); ComponentDto createdProject = new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY); when(componentService.create(any(DbSession.class), any(NewComponent.class))).thenReturn(createdProject); - when(permissionTemplateService.wouldCurrentUserHavePermissionWithDefaultTemplate(any(DbSession.class), eq(SCAN_EXECUTION), anyString(), eq(PROJECT_KEY), eq(Qualifiers.PROJECT))) + when(permissionTemplateService.wouldUserHavePermissionWithDefaultTemplate(any(DbSession.class), anyLong(), eq(SCAN_EXECUTION), anyString(), eq(PROJECT_KEY), eq(Qualifiers.PROJECT))) .thenReturn(true); underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}")); @@ -134,7 +134,7 @@ public class ReportSubmitterTest { when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID)); when(componentService.create(any(DbSession.class), any(NewComponent.class))).thenReturn(new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY)); - when(permissionTemplateService.wouldCurrentUserHavePermissionWithDefaultTemplate(any(DbSession.class), eq(SCAN_EXECUTION), anyString(), eq(PROJECT_KEY), eq(Qualifiers.PROJECT))) + when(permissionTemplateService.wouldUserHavePermissionWithDefaultTemplate(any(DbSession.class), anyLong(), eq(SCAN_EXECUTION), anyString(), eq(PROJECT_KEY), eq(Qualifiers.PROJECT))) .thenReturn(true); underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}")); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java new file mode 100644 index 00000000000..acadfff16e4 --- /dev/null +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java @@ -0,0 +1,175 @@ +/* + * SonarQube + * Copyright (C) 2009-2016 SonarSource SA + * mailto:contact AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.permission; + +import java.util.List; +import javax.annotation.Nullable; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; +import org.sonar.api.config.MapSettings; +import org.sonar.api.config.Settings; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.utils.System2; +import org.sonar.api.web.UserRole; +import org.sonar.db.DbSession; +import org.sonar.db.DbTester; +import org.sonar.db.component.ComponentDto; +import org.sonar.db.permission.template.PermissionTemplateDbTester; +import org.sonar.db.permission.template.PermissionTemplateDto; +import org.sonar.db.user.GroupDto; +import org.sonar.db.user.UserDto; +import org.sonar.server.permission.index.PermissionIndexer; +import org.sonar.server.tester.UserSessionRule; + +import static java.util.Collections.singletonList; +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; +import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; +import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; +import static org.sonar.db.component.ComponentTesting.newProjectDto; +import static org.sonar.db.user.GroupTesting.newGroupDto; + + +public class PermissionTemplateServiceTest { + + private static final String DEFAULT_TEMPLATE = "default_20130101_010203"; + private static final ComponentDto PROJECT = newProjectDto().setId(123L).setUuid("THE_PROJECT_UUID"); + private static final long NOW = 123456789L; + + @Rule + public ExpectedException throwable = ExpectedException.none(); + + private System2 system2 = mock(System2.class); + + @Rule + public DbTester dbTester = DbTester.create(system2); + + private UserSessionRule userSession = UserSessionRule.standalone(); + private PermissionTemplateDbTester templateDb = dbTester.permissionTemplates(); + private DbSession session = dbTester.getSession(); + private Settings settings = new MapSettings(); + private PermissionIndexer permissionIndexer = mock(PermissionIndexer.class); + private PermissionTemplateService underTest = new PermissionTemplateService(dbTester.getDbClient(), settings, permissionIndexer, userSession); + + @Before + public void setUp() { + when(system2.now()).thenReturn(NOW); + } + + @Test + public void apply_permission_template() { + dbTester.prepareDbUnit(getClass(), "should_apply_permission_template.xml"); + + assertThat(selectProjectPermissionsOfGroup("org1", 100L, PROJECT)).isEmpty(); + assertThat(selectProjectPermissionsOfGroup("org1", 101L, PROJECT)).isEmpty(); + assertThat(selectProjectPermissionsOfGroup("org1", null, PROJECT)).isEmpty(); + assertThat(selectProjectPermissionsOfUser(200L, PROJECT)).isEmpty(); + + PermissionTemplateDto template = dbTester.getDbClient().permissionTemplateDao().selectByUuid(session, "default_20130101_010203"); + underTest.apply(session, template, singletonList(PROJECT)); + + assertThat(selectProjectPermissionsOfGroup("org1", 100L, PROJECT)).containsOnly("admin", "issueadmin"); + assertThat(selectProjectPermissionsOfGroup("org1", 101L, PROJECT)).containsOnly("user", "codeviewer"); + assertThat(selectProjectPermissionsOfGroup("org1", null, PROJECT)).containsOnly("user", "codeviewer"); + assertThat(selectProjectPermissionsOfUser(200L, PROJECT)).containsOnly("admin"); + + checkAuthorizationUpdatedAtIsUpdated(); + } + + private List<String> selectProjectPermissionsOfGroup(String organizationUuid, @Nullable Long groupId, ComponentDto project) { + return dbTester.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(session, + organizationUuid, groupId != null ? groupId : null, project.getId()); + } + + private List<String> selectProjectPermissionsOfUser(long userId, ComponentDto project) { + return dbTester.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(session, + userId, project.getId()); + } + + @Test + public void applyDefaultPermissionTemplate_from_component_key() { + dbTester.prepareDbUnit(getClass(), "apply_default_permission_template_by_component_id.xml"); + userSession.setGlobalPermissions(PROVISIONING); + settings.setProperty("sonar.permission.template.default", DEFAULT_TEMPLATE); + + underTest.applyDefaultPermissionTemplate("org.struts:struts"); + session.commit(); + + dbTester.assertDbUnitTable(getClass(), "apply_default_permission_template_by_component_id-result.xml", "user_roles", "user_id", "resource_id", "role"); + } + + @Test + public void would_user_have_permission_with_default_permission_template() { + UserDto user = dbTester.users().insertUser(); + GroupDto group = dbTester.users().insertGroup(newGroupDto()); + dbTester.users().insertMember(group, user); + PermissionTemplateDto template = templateDb.insertTemplate(); + setDefaultTemplateUuid(template.getUuid()); + templateDb.addProjectCreatorToTemplate(template.getId(), SCAN_EXECUTION); + templateDb.addUserToTemplate(template.getId(), user.getId(), UserRole.USER); + templateDb.addGroupToTemplate(template.getId(), group.getId(), UserRole.CODEVIEWER); + templateDb.addGroupToTemplate(template.getId(), null, UserRole.ISSUE_ADMIN); + + // authenticated user + checkWouldUserHavePermission(user.getId(), UserRole.ADMIN, false); + checkWouldUserHavePermission(user.getId(), SCAN_EXECUTION, true); + checkWouldUserHavePermission(user.getId(), UserRole.USER, true); + checkWouldUserHavePermission(user.getId(), UserRole.CODEVIEWER, true); + checkWouldUserHavePermission(user.getId(), UserRole.ISSUE_ADMIN, true); + + // anonymous user + checkWouldUserHavePermission(null, UserRole.ADMIN, false); + checkWouldUserHavePermission(null, SCAN_EXECUTION, false); + checkWouldUserHavePermission(null, UserRole.USER, false); + checkWouldUserHavePermission(null, UserRole.CODEVIEWER, false); + checkWouldUserHavePermission(null, UserRole.ISSUE_ADMIN, true); + } + + @Test + public void would_user_have_permission_with_unknown_default_permission_template() { + setDefaultTemplateUuid("UNKNOWN_TEMPLATE_UUID"); + + checkWouldUserHavePermission(null, UserRole.ADMIN, false); + } + + @Test + public void would_user_have_permission_with_empty_template() { + PermissionTemplateDto template = templateDb.insertTemplate(); + setDefaultTemplateUuid(template.getUuid()); + + checkWouldUserHavePermission(null, UserRole.ADMIN, false); + } + + private void checkWouldUserHavePermission(@Nullable Long userId, String permission, boolean expectedResult) { + assertThat(underTest.wouldUserHavePermissionWithDefaultTemplate(session, userId, permission, null, "PROJECT_KEY", Qualifiers.PROJECT)).isEqualTo(expectedResult); + } + + private void checkAuthorizationUpdatedAtIsUpdated() { + assertThat(dbTester.getDbClient().resourceDao().selectResource(PROJECT.getId(), session).getAuthorizationUpdatedAt()).isEqualTo(NOW); + } + + private void setDefaultTemplateUuid(String templateUuid) { + settings.setProperty("sonar.permission.template.default", templateUuid); + } + +} diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java index 8a7fff304a3..27cb72abf97 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java @@ -31,7 +31,6 @@ import org.sonar.core.permission.GlobalPermissions; import org.sonar.db.component.ComponentDto; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.PermissionQuery; -import org.sonar.db.permission.PermissionRepository; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; @@ -76,8 +75,7 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA @Override protected ApplyTemplateAction buildWsAction() { - PermissionRepository repository = new PermissionRepository(db.getDbClient(), new MapSettings()); - PermissionTemplateService permissionTemplateService = new PermissionTemplateService(db.getDbClient(), repository, permissionIndexer, userSession); + PermissionTemplateService permissionTemplateService = new PermissionTemplateService(db.getDbClient(), new MapSettings(), permissionIndexer, userSession); return new ApplyTemplateAction(db.getDbClient(), userSession, permissionTemplateService, newPermissionWsSupport()); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java index f6acc7fb450..4629c3ff422 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java @@ -28,7 +28,6 @@ import org.sonar.api.web.UserRole; import org.sonar.db.component.ComponentDto; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.PermissionQuery; -import org.sonar.db.permission.PermissionRepository; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; @@ -60,8 +59,7 @@ public class BulkApplyTemplateActionTest extends BasePermissionWsTest<BulkApplyT @Override protected BulkApplyTemplateAction buildWsAction() { - PermissionRepository repository = new PermissionRepository(db.getDbClient(), new MapSettings()); - PermissionTemplateService permissionTemplateService = new PermissionTemplateService(db.getDbClient(), repository, issuePermissionIndexer, userSession); + PermissionTemplateService permissionTemplateService = new PermissionTemplateService(db.getDbClient(), new MapSettings(), issuePermissionIndexer, userSession); return new BulkApplyTemplateAction(db.getDbClient(), userSession, permissionTemplateService, newPermissionWsSupport(), new I18nRule(), newRootResourceTypes()); } diff --git a/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/apply_default_permission_template_by_component_id-result.xml b/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/apply_default_permission_template_by_component_id-result.xml new file mode 100644 index 00000000000..c0a3eef5b84 --- /dev/null +++ b/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/apply_default_permission_template_by_component_id-result.xml @@ -0,0 +1,115 @@ +<dataset> + + <groups id="100" + name="sonar-administrators" + organization_uuid="org1"/> + <groups id="101" + name="sonar-users" + organization_uuid="org1"/> + + <users id="200" + login="marius" + name="Marius" + email="[null]" + active="[true]" + is_root="[false]"/> + <users id="201" + login="janette" + name="Janette" + email="[null]" + active="[true]" + is_root="[false]"/> + + <!-- on other resources --> + <group_roles id="1" + group_id="100" + resource_id="1" + role="admin" + organization_uuid="org1"/> + <group_roles id="2" + group_id="101" + resource_id="1" + role="user" + organization_uuid="org1"/> + <user_roles id="1" + user_id="200" + resource_id="1" + role="admin" + organization_uuid="org1"/> + + <!-- new groups permissions : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer) --> + <group_roles id="3" + group_id="100" + resource_id="123" + role="admin" + organization_uuid="org1"/> + <group_roles id="4" + group_id="101" + resource_id="123" + role="user" + organization_uuid="org1"/> + <group_roles id="5" + group_id="[null]" + resource_id="123" + role="user" + organization_uuid="org1"/> + <group_roles id="6" + group_id="101" + resource_id="123" + role="codeviewer" + organization_uuid="org1"/> + <group_roles id="7" + group_id="[null]" + resource_id="123" + role="codeviewer" + organization_uuid="org1"/> + <group_roles id="8" + group_id="100" + resource_id="123" + role="issueadmin" + organization_uuid="org1"/> + + <!-- new user permission : marius (admin) & janette (user) --> + <user_roles id="2" + user_id="200" + resource_id="123" + role="admin" + organization_uuid="org1"/> + + <!-- default permission template for all qualifiers --> + <permission_templates id="1" + name="default" + kee="default_20130101_010203" + organization_uuid="org1"/> + + <perm_templates_groups id="1" + template_id="1" + group_id="100" + permission_reference="admin"/> + <perm_templates_groups id="2" + template_id="1" + group_id="101" + permission_reference="user"/> + <perm_templates_groups id="3" + template_id="1" + group_id="[null]" + permission_reference="user"/> + <perm_templates_groups id="4" + template_id="1" + group_id="101" + permission_reference="codeviewer"/> + <perm_templates_groups id="5" + template_id="1" + group_id="[null]" + permission_reference="codeviewer"/> + <perm_templates_groups id="6" + template_id="1" + group_id="100" + permission_reference="issueadmin"/> + + <perm_templates_users id="1" + template_id="1" + user_id="200" + permission_reference="admin"/> + +</dataset> diff --git a/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/apply_default_permission_template_by_component_id.xml b/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/apply_default_permission_template_by_component_id.xml new file mode 100644 index 00000000000..ee44229b86f --- /dev/null +++ b/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/apply_default_permission_template_by_component_id.xml @@ -0,0 +1,98 @@ +<dataset> + <projects uuid="A" + uuid_path="NOT_USED" + root_uuid="A" + scope="PRJ" + qualifier="TRK" + kee="org.struts:struts" + name="Struts" + description="the description" + long_name="Apache Struts" + enabled="[true]" + language="java" + copy_component_uuid="[null]" + developer_uuid="[null]" + path="[null]" + authorization_updated_at="123456789" + id="123"/> + + <groups id="100" + name="sonar-administrators" + organization_uuid="org1"/> + <groups id="101" + name="sonar-users" + organization_uuid="org1"/> + + <users id="200" + login="marius" + name="Marius" + email="[null]" + active="[true]" + is_root="[false]"/> + + <!-- on other resources --> + <group_roles id="1" + group_id="100" + resource_id="1" + role="admin" + organization_uuid="org1"/> + <group_roles id="2" + group_id="101" + resource_id="1" + role="user" + organization_uuid="org1"/> + <user_roles id="1" + user_id="200" + resource_id="1" + role="admin" + organization_uuid="org1"/> + + <!-- default permission template for all qualifiers --> + <permission_templates id="1" + name="default" + kee="default_20130101_010203" + organization_uuid="org1"/> + + <perm_templates_groups id="1" + template_id="1" + group_id="100" + permission_reference="admin"/> + <perm_templates_groups id="2" + template_id="1" + group_id="101" + permission_reference="user"/> + <perm_templates_groups id="3" + template_id="1" + group_id="[null]" + permission_reference="user"/> + <perm_templates_groups id="4" + template_id="1" + group_id="101" + permission_reference="codeviewer"/> + <perm_templates_groups id="5" + template_id="1" + group_id="[null]" + permission_reference="codeviewer"/> + <perm_templates_groups id="6" + template_id="1" + group_id="100" + permission_reference="issueadmin"/> + + <perm_templates_users id="1" + template_id="1" + user_id="200" + permission_reference="admin"/> + + <perm_tpl_characteristics id="1" + template_id="1" + permission_key="user" + with_project_creator="[true]" + created_at="1234567890" + updated_at="123457890"/> + <perm_tpl_characteristics id="2" + template_id="2" + permission_key="user" + with_project_creator="[false]" + created_at="1234567890" + updated_at="1234567890"/> +</dataset> diff --git a/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/should_apply_permission_template-result.xml b/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/should_apply_permission_template-result.xml new file mode 100644 index 00000000000..7667cf5e407 --- /dev/null +++ b/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/should_apply_permission_template-result.xml @@ -0,0 +1,109 @@ +<dataset> + + <groups id="100" + name="sonar-administrators" + organization_uuid="org1"/> + <groups id="101" + name="sonar-users" + organization_uuid="org1"/> + + <users id="200" + login="marius" + name="Marius" + email="[null]" + active="[true]" + is_root="[false]"/> + + <!-- on other resources --> + <group_roles id="1" + group_id="100" + resource_id="1" + role="admin" + organization_uuid="org1"/> + <group_roles id="2" + group_id="101" + resource_id="1" + role="user" + organization_uuid="org1"/> + <user_roles id="1" + user_id="200" + resource_id="1" + role="admin" + organization_uuid="org1"/> + + <!-- new groups permissions : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer) --> + <group_roles id="3" + group_id="100" + resource_id="123" + role="admin" + organization_uuid="org1"/> + <group_roles id="4" + group_id="101" + resource_id="123" + role="user" + organization_uuid="org1"/> + <group_roles id="5" + group_id="[null]" + resource_id="123" + role="user" + organization_uuid="org1"/> + <group_roles id="6" + group_id="101" + resource_id="123" + role="codeviewer" + organization_uuid="org1"/> + <group_roles id="7" + group_id="[null]" + resource_id="123" + role="codeviewer" + organization_uuid="org1"/> + <group_roles id="8" + group_id="100" + resource_id="123" + role="issueadmin" + organization_uuid="org1"/> + + <!-- new user permission : marius (admin) --> + <user_roles id="2" + user_id="200" + resource_id="123" + role="admin" + organization_uuid="org1"/> + + <!-- default permission template for all qualifiers --> + <permission_templates id="1" + name="default" + kee="default_20130101_010203" + organization_uuid="org1"/> + + <perm_templates_groups id="1" + template_id="1" + group_id="100" + permission_reference="admin"/> + <perm_templates_groups id="2" + template_id="1" + group_id="101" + permission_reference="user"/> + <perm_templates_groups id="3" + template_id="1" + group_id="[null]" + permission_reference="user"/> + <perm_templates_groups id="4" + template_id="1" + group_id="101" + permission_reference="codeviewer"/> + <perm_templates_groups id="5" + template_id="1" + group_id="[null]" + permission_reference="codeviewer"/> + <perm_templates_groups id="6" + template_id="1" + group_id="100" + permission_reference="issueadmin"/> + + <perm_templates_users id="1" + template_id="1" + user_id="200" + permission_reference="admin"/> + +</dataset> diff --git a/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/should_apply_permission_template.xml b/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/should_apply_permission_template.xml new file mode 100644 index 00000000000..ff82df0b5be --- /dev/null +++ b/server/sonar-server/src/test/resources/org/sonar/server/permission/PermissionTemplateServiceTest/should_apply_permission_template.xml @@ -0,0 +1,88 @@ +<dataset> + + <projects uuid="THE_PROJECT_UUID" + uuid_path="NOT_USED" + root_uuid="THE_PROJECT_UUID" + scope="PRJ" + qualifier="TRK" + kee="org.struts:struts" + name="Struts" + description="the description" + long_name="Apache Struts" + enabled="[true]" + language="java" + copy_component_uuid="[null]" + developer_uuid="[null]" + path="[null]" + authorization_updated_at="123456789" + id="123"/> + + <groups id="100" + name="sonar-administrators" + organization_uuid="org1"/> + <groups id="101" + name="sonar-users" + organization_uuid="org1"/> + + <users id="200" + login="marius" + name="Marius" + email="[null]" + active="[true]" + is_root="[false]"/> + + <!-- on other resources --> + <group_roles id="1" + group_id="100" + resource_id="1" + role="admin" + organization_uuid="org1"/> + <group_roles id="2" + group_id="101" + resource_id="1" + role="user" + organization_uuid="org1"/> + <user_roles id="1" + user_id="200" + resource_id="1" + role="admin" + organization_uuid="org1"/> + + + <!-- default permission template for all qualifiers --> + <permission_templates id="1" + name="default" + kee="default_20130101_010203" + organization_uuid="org1"/> + + <perm_templates_groups id="1" + template_id="1" + group_id="100" + permission_reference="admin"/> + <perm_templates_groups id="2" + template_id="1" + group_id="101" + permission_reference="user"/> + <perm_templates_groups id="3" + template_id="1" + group_id="[null]" + permission_reference="user"/> + <perm_templates_groups id="4" + template_id="1" + group_id="101" + permission_reference="codeviewer"/> + <perm_templates_groups id="5" + template_id="1" + group_id="[null]" + permission_reference="codeviewer"/> + <perm_templates_groups id="6" + template_id="1" + group_id="100" + permission_reference="issueadmin"/> + + <perm_templates_users id="1" + template_id="1" + user_id="200" + permission_reference="admin"/> + +</dataset> |