diff options
| author | klaudio-sinani-sonarsource <92299827+klaudio-sinani-sonarsource@users.noreply.github.com> | 2022-01-11 12:49:37 +0100 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2022-01-20 20:02:43 +0000 |
| commit | 110208dd8037b2cbf63df1ae17fb523c057d2046 (patch) | |
| tree | b1503539eb1e3cbdf51cf729f29dabcc77be7163 /server/sonar-webserver-auth/src/test | |
| parent | 5dd324c60877c4445460bde30ab3e3cc25fc7a7f (diff) | |
| download | sonarqube-110208dd8037b2cbf63df1ae17fb523c057d2046.tar.gz sonarqube-110208dd8037b2cbf63df1ae17fb523c057d2046.zip | |
SONAR-15877 Flag portfolios that contain inaccessible components (#5239)
Diffstat (limited to 'server/sonar-webserver-auth/src/test')
4 files changed, 107 insertions, 0 deletions
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java index 23ea9457b94..80b2055f1d9 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/SafeModeUserSessionTest.java @@ -47,5 +47,6 @@ public class SafeModeUserSessionTest { assertThat(underTest.hasPermissionImpl(GlobalPermission.ADMINISTER)).isFalse(); assertThat(underTest.hasProjectUuidPermission(UserRole.USER, "foo")).isFalse(); assertThat(underTest.hasChildProjectsPermission(UserRole.USER, "foo")).isFalse(); + assertThat(underTest.hasPortfolioChildProjectsPermission(UserRole.USER, "foo")).isFalse(); } } diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java index 17dcd97dddb..6faaecd5fb1 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/DoPrivilegedTest.java @@ -52,6 +52,7 @@ public class DoPrivilegedTest { assertThat(catcher.userSession.isSystemAdministrator()).isTrue(); assertThat(catcher.userSession.shouldResetPassword()).isFalse(); assertThat(catcher.userSession.hasChildProjectsPermission(USER, new ComponentDto())).isTrue(); + assertThat(catcher.userSession.hasPortfolioChildProjectsPermission(USER, new ComponentDto())).isTrue(); // verify session in place after task is done assertThat(threadLocalUserSession.get()).isSameAs(session); diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java index ddebf91b08d..8fdd4ed8d83 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java @@ -45,6 +45,7 @@ import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.component.ComponentTesting.newChildComponent; import static org.sonar.db.component.ComponentTesting.newFileDto; import static org.sonar.db.component.ComponentTesting.newProjectCopy; +import static org.sonar.db.component.ComponentTesting.newSubPortfolio; import static org.sonar.db.permission.GlobalPermission.ADMINISTER; import static org.sonar.db.permission.GlobalPermission.PROVISION_PROJECTS; import static org.sonar.db.permission.GlobalPermission.SCAN; @@ -396,6 +397,107 @@ public class ServerUserSessionTest { } @Test + public void test_hasPortfolioChildProjectsPermission_for_logged_in_user() { + ComponentDto project1 = db.components().insertPublicProject(); + ComponentDto project2 = db.components().insertPrivateProject(); + ComponentDto project3 = db.components().insertPrivateProject(); + ComponentDto project4 = db.components().insertPrivateProject(); + + UserDto user = db.users().insertUser(); + UserSession session = newUserSession(user); + + ComponentDto portfolio = db.components().insertPrivatePortfolio(); + ComponentDto subPortfolio = db.components().insertComponent(newSubPortfolio(portfolio)); + + // Add public project1 to private portfolio + db.components().addPortfolioProject(portfolio, project1); + db.components().insertComponent(newProjectCopy(project1, portfolio)); + + assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue(); + + // Add private project2 with USER permissions to private portfolio + db.users().insertProjectPermissionOnUser(user, USER, project2); + db.components().addPortfolioProject(portfolio, project2); + db.components().insertComponent(newProjectCopy(project2, portfolio)); + + assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue(); + + // Add private project4 with USER permissions to sub-portfolio + db.users().insertProjectPermissionOnUser(user, USER, project4); + db.components().addPortfolioProject(subPortfolio, project4); + db.components().insertComponent(newProjectCopy(project4, subPortfolio)); + db.components().addPortfolioReference(portfolio, subPortfolio.uuid()); + + assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue(); + + // Add private project3 without permissions to private portfolio + db.components().addPortfolioProject(portfolio, project3); + db.components().insertComponent(newProjectCopy(project3, portfolio)); + + assertThat(session.hasChildProjectsPermission(USER, portfolio)).isFalse(); + } + + @Test + public void test_hasPortfolioChildProjectsPermission_for_anonymous_user() { + ComponentDto project = db.components().insertPrivateProject(); + + db.users().insertPermissionOnAnyone(USER); + + ComponentDto portfolio = db.components().insertPrivatePortfolio(); + + db.components().addPortfolioProject(portfolio, project); + // add computed project + db.components().insertComponent(newProjectCopy(project, portfolio)); + + UserSession session = newAnonymousSession(); + assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isFalse(); + } + + @Test + public void hasPortfolioChildProjectsPermission_keeps_cache_of_permissions_of_logged_in_user() { + ComponentDto project = db.components().insertPrivateProject(); + + UserDto user = db.users().insertUser(); + db.users().insertProjectPermissionOnUser(user, USER, project); + + ComponentDto portfolio = db.components().insertPrivatePortfolio(); + db.components().addPortfolioProject(portfolio, project); + // add computed project + db.components().insertComponent(newProjectCopy(project, portfolio)); + + UserSession session = newUserSession(user); + + // feed the cache + assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue(); + + // change permissions without updating the cache + db.users().deletePermissionFromUser(project, user, USER); + assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isTrue(); + + // cache is refreshed when user logs in again + session = newUserSession(user); + assertThat(session.hasPortfolioChildProjectsPermission(USER, portfolio)).isFalse(); + } + + @Test + public void hasPortfolioChildProjectsPermission_keeps_cache_of_permissions_of_anonymous_user() { + db.users().insertPermissionOnAnyone(USER); + + ComponentDto project = db.components().insertPublicProject(); + ComponentDto portfolio = db.components().insertPublicPortfolio(); + db.components().addPortfolioProject(portfolio, project); + + UserSession session = newAnonymousSession(); + + // feed the cache + assertThat(session.hasChildProjectsPermission(USER, portfolio)).isTrue(); + + // change privacy of the project without updating the cache + db.getDbClient().componentDao().setPrivateForRootComponentUuidWithoutAudit(db.getSession(), project.uuid(), true); + assertThat(session.hasChildProjectsPermission(USER, portfolio)).isTrue(); + } + + @Test public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_without_permissions() { ComponentDto publicProject = db.components().insertPublicProject(); diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java index 22dc9cc8745..1ef29694dd6 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java @@ -24,6 +24,7 @@ import org.junit.Before; import org.junit.Test; import org.sonar.api.resources.Qualifiers; import org.sonar.db.component.ComponentDto; +import org.sonar.db.portfolio.PortfolioDto; import org.sonar.db.project.ProjectDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.GroupTesting; @@ -72,6 +73,7 @@ public class ThreadLocalUserSessionTest { assertThat(threadLocalUserSession.getGroups()).extracting(GroupDto::getUuid).containsOnly(group.getUuid()); assertThat(threadLocalUserSession.hasChildProjectsPermission(USER, new ComponentDto())).isFalse(); assertThat(threadLocalUserSession.hasChildProjectsPermission(USER, new ProjectDto())).isFalse(); + assertThat(threadLocalUserSession.hasPortfolioChildProjectsPermission(USER, new ComponentDto())).isFalse(); assertThat(threadLocalUserSession.hasProjectPermission(USER, new ProjectDto().getUuid())).isFalse(); } @@ -96,6 +98,7 @@ public class ThreadLocalUserSessionTest { assertThat(threadLocalUserSession.getGroups()).extracting(GroupDto::getUuid).containsOnly(group.getUuid()); assertThat(threadLocalUserSession.hasChildProjectsPermission(USER, new ComponentDto())).isTrue(); assertThat(threadLocalUserSession.hasChildProjectsPermission(USER, new ProjectDto())).isTrue(); + assertThat(threadLocalUserSession.hasPortfolioChildProjectsPermission(USER, new ComponentDto())).isTrue(); assertThat(threadLocalUserSession.hasProjectPermission(USER, new ProjectDto().getUuid())).isTrue(); } |