diff options
| author | Klaudio Sinani <klaudio.sinani@sonarsource.com> | 2022-01-12 09:37:17 +0100 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2022-01-20 20:02:43 +0000 |
| commit | 90a5b893f38dba0cea390bb44d18e334c53fa114 (patch) | |
| tree | 6d9f8f196be038d58c9960b9fc29395fda936b7e /server/sonar-webserver-auth/src/test | |
| parent | 909f541126ef96a88208784762e5318019a4406e (diff) | |
| download | sonarqube-90a5b893f38dba0cea390bb44d18e334c53fa114.tar.gz sonarqube-90a5b893f38dba0cea390bb44d18e334c53fa114.zip | |
SONAR-15880 Filter authorized components from `api/measures/component_tree` & `api/components/tree` endpoints.
Diffstat (limited to 'server/sonar-webserver-auth/src/test')
2 files changed, 200 insertions, 2 deletions
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java index 8fdd4ed8d83..7c53df2434d 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ServerUserSessionTest.java @@ -744,6 +744,202 @@ public class ServerUserSessionTest { } @Test + public void filterAuthorizedComponents_returns_empty_list_if_no_permissions_are_granted() { + ComponentDto publicProject = db.components().insertPublicProject(); + ComponentDto privateProject = db.components().insertPrivateProject(); + + UserSession underTest = newAnonymousSession(); + + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty(); + } + + @Test + public void filterAuthorizedComponents_filters_components_with_granted_permissions_for_logged_in_user() { + ComponentDto project1 = db.components().insertPublicProject(); + ComponentDto project2 = db.components().insertPrivateProject(); + ComponentDto project3 = db.components().insertPrivateProject(); + ComponentDto project4 = db.components().insertPrivateProject(); + ComponentDto project5 = db.components().insertPrivateProject(); + ComponentDto project6 = db.components().insertPrivateProject(); + + UserDto user = db.users().insertUser(); + UserSession underTest = newUserSession(user); + + ComponentDto portfolio = db.components().insertPrivatePortfolio(); + db.users().insertProjectPermissionOnUser(user, USER, portfolio); + + ComponentDto subPortfolio = db.components().insertComponent(newSubPortfolio(portfolio)); + db.users().insertProjectPermissionOnUser(user, USER, subPortfolio); + + ComponentDto app = db.components().insertPrivateApplication(); + db.users().insertProjectPermissionOnUser(user, USER, app); + + ComponentDto app2 = db.components().insertPrivateApplication(); + + // Add public project1 to private portfolio + db.components().addPortfolioProject(portfolio, project1); + db.components().insertComponent(newProjectCopy(project1, portfolio)); + + // Add private project2 with USER permissions to private portfolio + db.users().insertProjectPermissionOnUser(user, USER, project2); + db.components().addPortfolioProject(portfolio, project2); + db.components().insertComponent(newProjectCopy(project2, portfolio)); + + // Add private project4 with USER permissions to sub-portfolio + db.users().insertProjectPermissionOnUser(user, USER, project4); + db.components().addPortfolioProject(subPortfolio, project4); + db.components().insertComponent(newProjectCopy(project4, subPortfolio)); + db.components().addPortfolioReference(portfolio, subPortfolio.uuid()); + + // Add private project3 without permissions to private portfolio + db.components().addPortfolioProject(portfolio, project3); + db.components().insertComponent(newProjectCopy(project3, portfolio)); + + // Add private project5 with USER permissions to app + db.users().insertProjectPermissionOnUser(user, USER, project5); + db.components().addApplicationProject(app, project5); + db.components().insertComponent(newProjectCopy(project5, app)); + db.components().addPortfolioReference(portfolio, app.uuid()); + + // Add private project6 to private app2 + db.components().addApplicationProject(app2, project6); + db.components().insertComponent(newProjectCopy(project6, app2)); + db.components().addPortfolioReference(portfolio, app2.uuid()); + + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(portfolio))).isEmpty(); + assertThat(underTest.filterAuthorizedComponents(USER, Arrays.asList(portfolio))).hasSize(1); + assertThat(underTest.filterAuthorizedComponents(USER, Arrays.asList(portfolio))).containsExactly(portfolio); + + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(app, subPortfolio, app2))).isEmpty(); + assertThat(underTest.filterAuthorizedComponents(USER, Arrays.asList(app, subPortfolio, app2))).hasSize(2); + assertThat(underTest.filterAuthorizedComponents(USER, Arrays.asList(app, subPortfolio, app2))).containsExactly(app, subPortfolio); + + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(project1, project2, project3, project4, project5, project6))).isEmpty(); + assertThat(underTest.filterAuthorizedComponents(USER, Arrays.asList(project1, project2, project3, project4, project5, project6))).hasSize(4); + assertThat(underTest.filterAuthorizedComponents(USER, Arrays.asList(project1, project2, project3, project4, project5, project6))).containsExactly(project1, project2, project4, project5); + } + + @Test + public void filterAuthorizedComponents_returns_all_specified_components_if_root() { + UserDto root = db.users().insertUser(); + root = db.users().makeRoot(root); + UserSession underTest = newUserSession(root); + + ComponentDto project1 = db.components().insertPublicProject(); + ComponentDto project2 = db.components().insertPrivateProject(); + ComponentDto project3 = db.components().insertPrivateProject(); + ComponentDto project4 = db.components().insertPrivateProject(); + ComponentDto project5 = db.components().insertPrivateProject(); + ComponentDto project6 = db.components().insertPrivateProject(); + + ComponentDto portfolio = db.components().insertPrivatePortfolio(); + + ComponentDto subPortfolio = db.components().insertComponent(newSubPortfolio(portfolio)); + + ComponentDto app = db.components().insertPrivateApplication(); + + ComponentDto app2 = db.components().insertPrivateApplication(); + + // Add public project1 to private portfolio + db.components().addPortfolioProject(portfolio, project1); + db.components().insertComponent(newProjectCopy(project1, portfolio)); + + // Add private project2 to private portfolio + db.components().addPortfolioProject(portfolio, project2); + db.components().insertComponent(newProjectCopy(project2, portfolio)); + + // Add private project4 to sub-portfolio + db.components().addPortfolioProject(subPortfolio, project4); + db.components().insertComponent(newProjectCopy(project4, subPortfolio)); + db.components().addPortfolioReference(portfolio, subPortfolio.uuid()); + + // Add private project3 without permissions to private portfolio + db.components().addPortfolioProject(portfolio, project3); + db.components().insertComponent(newProjectCopy(project3, portfolio)); + + // Add private project5 to app + db.components().addApplicationProject(app, project5); + db.components().insertComponent(newProjectCopy(project5, app)); + db.components().addPortfolioReference(portfolio, app.uuid()); + + // Add private project6 to private app2 + db.components().addApplicationProject(app2, project6); + db.components().insertComponent(newProjectCopy(project6, app2)); + db.components().addPortfolioReference(portfolio, app2.uuid()); + + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(portfolio))).hasSize(1); + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(portfolio))).containsExactly(portfolio); + + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(app, subPortfolio, app2))).hasSize(3); + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(app, subPortfolio, app2))).containsExactly(app, subPortfolio, app2); + + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(project1, project2, project3, project4, project5, project6))).hasSize(6); + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(project1, project2, project3, project4, project5, project6))).containsExactly(project1, project2, project3, project4, project5, project6); + } + + @Test + public void filterAuthorizedComponents_filters_components_with_granted_permissions_for_anonymous() { + UserSession underTest = newAnonymousSession(); + + ComponentDto project1 = db.components().insertPublicProject(); + ComponentDto project2 = db.components().insertPrivateProject(); + ComponentDto project3 = db.components().insertPrivateProject(); + ComponentDto project4 = db.components().insertPrivateProject(); + ComponentDto project5 = db.components().insertPrivateProject(); + ComponentDto project6 = db.components().insertPrivateProject(); + + ComponentDto portfolio = db.components().insertPublicPortfolio(); + db.users().insertProjectPermissionOnAnyone(ISSUE_ADMIN, portfolio); + + ComponentDto subPortfolio = db.components().insertComponent(newSubPortfolio(portfolio)); + db.users().insertProjectPermissionOnAnyone(ISSUE_ADMIN, subPortfolio); + + ComponentDto app = db.components().insertPrivateApplication(); + + ComponentDto app2 = db.components().insertPublicApplication(); + db.users().insertProjectPermissionOnAnyone(ISSUE_ADMIN, app2); + + // Add public project1 to portfolio + db.components().addPortfolioProject(portfolio, project1); + db.components().insertComponent(newProjectCopy(project1, portfolio)); + db.users().insertProjectPermissionOnAnyone(ISSUE_ADMIN, project1); + + // Add private project2 to portfolio + db.components().addPortfolioProject(portfolio, project2); + db.components().insertComponent(newProjectCopy(project2, portfolio)); + + // Add private project4 to sub-portfolio + db.components().addPortfolioProject(subPortfolio, project4); + db.components().insertComponent(newProjectCopy(project4, subPortfolio)); + db.components().addPortfolioReference(portfolio, subPortfolio.uuid()); + + // Add private project3 to portfolio + db.components().addPortfolioProject(portfolio, project3); + db.components().insertComponent(newProjectCopy(project3, portfolio)); + + // Add private project5 to app + db.components().addApplicationProject(app, project5); + db.components().insertComponent(newProjectCopy(project5, app)); + db.components().addPortfolioReference(portfolio, app.uuid()); + + // Add private project6 to app2 + db.components().addApplicationProject(app2, project6); + db.components().insertComponent(newProjectCopy(project6, app2)); + db.components().addPortfolioReference(portfolio, app2.uuid()); + + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(portfolio))).isEmpty(); + assertThat(underTest.filterAuthorizedComponents(ISSUE_ADMIN, Arrays.asList(portfolio))).hasSize(1); + + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(app, subPortfolio, app2))).isEmpty(); + assertThat(underTest.filterAuthorizedComponents(USER, Arrays.asList(app, subPortfolio, app2))).hasSize(2); + assertThat(underTest.filterAuthorizedComponents(USER, Arrays.asList(app, subPortfolio, app2))).containsExactly(subPortfolio, app2); + + assertThat(underTest.filterAuthorizedComponents(ADMIN, Arrays.asList(project1, project2, project3, project4, project5, project6))).isEmpty(); + assertThat(underTest.filterAuthorizedComponents(USER, Arrays.asList(project1, project2, project3, project4, project5, project6))).hasSize(1); + assertThat(underTest.filterAuthorizedComponents(USER, Arrays.asList(project1, project2, project3, project4, project5, project6))).containsExactly(project1); + } + + @Test public void isSystemAdministrator_returns_true_if_org_feature_is_enabled_and_user_is_root() { UserDto root = db.users().insertUser(); root = db.users().makeRoot(root); diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java index 1ef29694dd6..9fdc9d6ae4e 100644 --- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java +++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/user/ThreadLocalUserSessionTest.java @@ -19,12 +19,12 @@ */ package org.sonar.server.user; +import java.util.Arrays; import org.junit.After; import org.junit.Before; import org.junit.Test; import org.sonar.api.resources.Qualifiers; import org.sonar.db.component.ComponentDto; -import org.sonar.db.portfolio.PortfolioDto; import org.sonar.db.project.ProjectDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.GroupTesting; @@ -75,6 +75,7 @@ public class ThreadLocalUserSessionTest { assertThat(threadLocalUserSession.hasChildProjectsPermission(USER, new ProjectDto())).isFalse(); assertThat(threadLocalUserSession.hasPortfolioChildProjectsPermission(USER, new ComponentDto())).isFalse(); assertThat(threadLocalUserSession.hasProjectPermission(USER, new ProjectDto().getUuid())).isFalse(); + assertThat(threadLocalUserSession.filterAuthorizedComponents(USER, Arrays.asList(new ComponentDto().setPrivate(true)))).isEmpty(); } @Test @@ -100,6 +101,8 @@ public class ThreadLocalUserSessionTest { assertThat(threadLocalUserSession.hasChildProjectsPermission(USER, new ProjectDto())).isTrue(); assertThat(threadLocalUserSession.hasPortfolioChildProjectsPermission(USER, new ComponentDto())).isTrue(); assertThat(threadLocalUserSession.hasProjectPermission(USER, new ProjectDto().getUuid())).isTrue(); + assertThat(threadLocalUserSession.filterAuthorizedComponents(USER, Arrays.asList(new ComponentDto().setPrivate(true)))).hasSize(1); + assertThat(threadLocalUserSession.filterAuthorizedComponents(USER, Arrays.asList(new ComponentDto().setPrivate(true)))).containsExactly(new ComponentDto()); } @Test @@ -160,5 +163,4 @@ public class ThreadLocalUserSessionTest { assertThat(threadLocalUserSession.checkChildProjectsPermission(USER, applicationAsComponentDto)).isEqualTo(threadLocalUserSession); assertThat(threadLocalUserSession.checkChildProjectsPermission(USER, applicationAsProjectDto)).isEqualTo(threadLocalUserSession); } - } |