SONAR-9813 WS api/projects/update_visibility allows portfolio and application

author: Teryk Bellahsene <teryk.bellahsene@sonarsource.com> 2017-09-12 17:06:21 +0200
committer: Teryk Bellahsene <teryk@users.noreply.github.com> 2017-09-20 09:15:23 +0200
commit: 5687738266da5a855fe33f45f3a2c2f7fd9a8f71 (patch)
tree: 784fb48b192ba52ffeb036648841324496acd2be /server
parent: 3fb59f2b5f1b9d5a04404ebc08c78df95a3377b0 (diff)
download: sonarqube-5687738266da5a855fe33f45f3a2c2f7fd9a8f71.tar.gz
sonarqube-5687738266da5a855fe33f45f3a2c2f7fd9a8f71.zip
2 files changed, 126 insertions, 9 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/UpdateVisibilityAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/UpdateVisibilityAction.java
index a1531c9f032..e35c78a6f32 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/UpdateVisibilityAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/UpdateVisibilityAction.java
@@ -19,6 +19,8 @@
  */
 package org.sonar.server.project.ws;
 
+import com.google.common.collect.ImmutableSet;
+import java.util.Set;
 import org.sonar.api.resources.Qualifiers;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
@@ -48,6 +50,8 @@ import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_PROJECT
 import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_VISIBILITY;
 
 public class UpdateVisibilityAction implements ProjectsWsAction {
+  private static final Set<String> AUTHORIZED_QUALIFIERS = ImmutableSet.of(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP);
+
   private final DbClient dbClient;
   private final ComponentFinder componentFinder;
   private final UserSession userSession;
@@ -55,7 +59,7 @@ public class UpdateVisibilityAction implements ProjectsWsAction {
   private final ProjectsWsSupport projectsWsSupport;
 
   public UpdateVisibilityAction(DbClient dbClient, ComponentFinder componentFinder, UserSession userSession,
-                                ProjectIndexers projectIndexers, ProjectsWsSupport projectsWsSupport) {
+    ProjectIndexers projectIndexers, ProjectsWsSupport projectsWsSupport) {
     this.dbClient = dbClient;
     this.componentFinder = componentFinder;
     this.userSession = userSession;
@@ -91,7 +95,7 @@ public class UpdateVisibilityAction implements ProjectsWsAction {
 
     try (DbSession dbSession = dbClient.openSession(false)) {
       ComponentDto component = componentFinder.getByKey(dbSession, projectKey);
-      checkRequest(component.isRootProject() && Qualifiers.PROJECT.equals(component.qualifier()), "Component must be a project");
+      checkRequest(component.isRootProject() && AUTHORIZED_QUALIFIERS.contains(component.qualifier()), "Component must be a project, a portfolio or an application");
       userSession.checkComponentPermission(UserRole.ADMIN, component);
       checkRequest(noPendingTask(dbSession, component), "Component visibility can't be changed as long as it has background task(s) pending or in progress");
 
@@ -107,6 +111,8 @@ public class UpdateVisibilityAction implements ProjectsWsAction {
         }
         projectIndexers.commitAndIndex(dbSession, singletonList(component), ProjectIndexer.Cause.PERMISSION_CHANGE);
       }
+
+      response.noContent();
     }
   }
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java
index 0931fa75cea..d051d7abd46 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java
@@ -27,6 +27,7 @@ import java.util.stream.Stream;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
+import org.sonar.api.server.ws.WebService;
 import org.sonar.api.utils.System2;
 import org.sonar.api.web.UserRole;
 import org.sonar.core.permission.ProjectPermissions;
@@ -98,11 +99,21 @@ public class UpdateVisibilityActionTest {
 
   private ProjectsWsSupport wsSupport = new ProjectsWsSupport(dbClient, TestDefaultOrganizationProvider.from(dbTester), billingValidations);
   private UpdateVisibilityAction underTest = new UpdateVisibilityAction(dbClient, TestComponentFinder.from(dbTester), userSessionRule, projectIndexers, wsSupport);
-  private WsActionTester actionTester = new WsActionTester(underTest);
+  private WsActionTester ws = new WsActionTester(underTest);
 
   private final Random random = new Random();
   private final String randomVisibility = random.nextBoolean() ? PUBLIC : PRIVATE;
-  private final TestRequest request = actionTester.newRequest();
+  private final TestRequest request = ws.newRequest();
+
+  @Test
+  public void definition() {
+    WebService.Action definition = ws.getDef();
+
+    assertThat(definition.key()).isEqualTo("update_visibility");
+    assertThat(definition.isPost()).isTrue();
+    assertThat(definition.since()).isEqualTo("6.4");
+    assertThat(definition.params()).extracting(WebService.Param::key).containsExactlyInAnyOrder("project", "visibility");
+  }
 
   @Test
   public void execute_fails_if_user_is_not_logged_in() {
@@ -178,19 +189,26 @@ public class UpdateVisibilityActionTest {
   }
 
   @Test
-  public void execute_fails_with_BadRequestException_if_specified_component_is_neither_a_project_nor_a_view() {
+  public void execute_fails_with_BadRequestException_if_specified_component_is_neither_a_project_a_portfolio_nor_an_application() {
     OrganizationDto organization = dbTester.organizations().insert();
     ComponentDto project = randomPublicOrPrivateProject();
     ComponentDto module = ComponentTesting.newModuleDto(project);
     ComponentDto dir = ComponentTesting.newDirectory(project, "path");
     ComponentDto file = ComponentTesting.newFileDto(project);
     dbTester.components().insertComponents(module, dir, file);
-    ComponentDto view = dbTester.components().insertView(organization);
-    ComponentDto subView = ComponentTesting.newSubView(view);
+    ComponentDto application = dbTester.components().insertApplication(organization);
+    ComponentDto portfolio = dbTester.components().insertView(organization);
+    ComponentDto subView = ComponentTesting.newSubView(portfolio);
     ComponentDto projectCopy = newProjectCopy("foo", project, subView);
     dbTester.components().insertComponents(subView, projectCopy);
+    userSessionRule.addProjectPermission(UserRole.ADMIN, project, portfolio, application);
+
+    Stream.of(project, portfolio, application).forEach(c -> request
+      .setParam(PARAM_PROJECT, c.getDbKey())
+      .setParam(PARAM_VISIBILITY, randomVisibility)
+      .execute());
 
-    Stream.of(module, dir, file, view, subView, projectCopy)
+    Stream.of(module, dir, file, subView, projectCopy)
       .forEach(nonRootComponent -> {
         request.setParam(PARAM_PROJECT, nonRootComponent.getDbKey())
           .setParam(PARAM_VISIBILITY, randomVisibility);
@@ -199,7 +217,7 @@ public class UpdateVisibilityActionTest {
           request.execute();
           fail("a BadRequestException should have been raised");
         } catch (BadRequestException e) {
-          assertThat(e.getMessage()).isEqualTo("Component must be a project");
+          assertThat(e.getMessage()).isEqualTo("Component must be a project, a portfolio or an application");
         }
       });
   }
@@ -475,6 +493,99 @@ public class UpdateVisibilityActionTest {
   }
 
   @Test
+  public void update_a_portfolio_to_private() {
+    OrganizationDto organization = dbTester.organizations().insert();
+    ComponentDto portfolio = dbTester.components().insertPublicPortfolio(organization);
+    GroupDto group = dbTester.users().insertGroup(organization);
+    dbTester.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, portfolio);
+    UserDto user = dbTester.users().insertUser();
+    dbTester.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, portfolio);
+    userSessionRule.addProjectPermission(UserRole.ADMIN, portfolio);
+
+    request.setParam(PARAM_PROJECT, portfolio.getDbKey())
+      .setParam(PARAM_VISIBILITY, PRIVATE)
+      .execute();
+
+    assertThat(dbClient.componentDao().selectByUuid(dbSession, portfolio.uuid()).get().isPrivate()).isTrue();
+    assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group.getId(), portfolio.getId()))
+      .containsOnly(UserRole.USER, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN);
+    assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession, user.getId(), portfolio.getId()))
+      .containsOnly(UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN);
+  }
+
+  @Test
+  public void update_a_portfolio_to_public() {
+    OrganizationDto organization = dbTester.organizations().insert();
+    ComponentDto portfolio = dbTester.components().insertPrivatePortfolio(organization);
+    userSessionRule.addProjectPermission(UserRole.ADMIN, portfolio);
+    GroupDto group = dbTester.users().insertGroup(organization);
+    dbTester.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, portfolio);
+    dbTester.users().insertProjectPermissionOnGroup(group, UserRole.USER, portfolio);
+    dbTester.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, portfolio);
+    UserDto user = dbTester.users().insertUser();
+    dbTester.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, portfolio);
+    dbTester.users().insertProjectPermissionOnUser(user, UserRole.USER, portfolio);
+    dbTester.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, portfolio);
+
+    request.setParam(PARAM_PROJECT, portfolio.getDbKey())
+      .setParam(PARAM_VISIBILITY, PUBLIC)
+      .execute();
+
+    assertThat(dbClient.componentDao().selectByUuid(dbSession, portfolio.uuid()).get().isPrivate()).isFalse();
+    assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group.getId(), portfolio.getId()))
+      .containsOnly(UserRole.ISSUE_ADMIN);
+    assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession, user.getId(), portfolio.getId()))
+      .containsOnly(UserRole.ADMIN);
+  }
+
+  @Test
+  public void update_an_application_to_private() {
+    OrganizationDto organization = dbTester.organizations().insert();
+    ComponentDto application = dbTester.components().insertPublicApplication(organization);
+    GroupDto group = dbTester.users().insertGroup(organization);
+    dbTester.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, application);
+    UserDto user = dbTester.users().insertUser();
+    dbTester.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, application);
+    userSessionRule.addProjectPermission(UserRole.ADMIN, application);
+
+    request.setParam(PARAM_PROJECT, application.getDbKey())
+      .setParam(PARAM_VISIBILITY, PRIVATE)
+      .execute();
+
+    assertThat(dbClient.componentDao().selectByUuid(dbSession, application.uuid()).get().isPrivate()).isTrue();
+    assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group.getId(), application.getId()))
+      .containsOnly(UserRole.USER, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN);
+    assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession, user.getId(), application.getId()))
+      .containsOnly(UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN);
+  }
+
+  @Test
+  public void update_an_application_to_public() {
+    OrganizationDto organization = dbTester.organizations().insert();
+    ComponentDto portfolio = dbTester.components().insertPrivateApplication(organization);
+    userSessionRule.addProjectPermission(UserRole.ADMIN, portfolio);
+    GroupDto group = dbTester.users().insertGroup(organization);
+    dbTester.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, portfolio);
+    dbTester.users().insertProjectPermissionOnGroup(group, UserRole.USER, portfolio);
+    dbTester.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, portfolio);
+    UserDto user = dbTester.users().insertUser();
+    dbTester.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, portfolio);
+    dbTester.users().insertProjectPermissionOnUser(user, UserRole.USER, portfolio);
+    dbTester.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, portfolio);
+
+    request.setParam(PARAM_PROJECT, portfolio.getDbKey())
+      .setParam(PARAM_VISIBILITY, PUBLIC)
+      .execute();
+
+    assertThat(dbClient.componentDao().selectByUuid(dbSession, portfolio.uuid()).get().isPrivate()).isFalse();
+    assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group.getId(), portfolio.getId()))
+      .containsOnly(UserRole.ISSUE_ADMIN);
+    assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession, user.getId(), portfolio.getId()))
+      .containsOnly(UserRole.ADMIN);
+  }
+
+
+  @Test
   public void fail_to_update_visibility_to_private_when_organization_is_not_allowed_to_use_private_projects() {
     OrganizationDto organization = dbTester.organizations().insert();
     ComponentDto project = dbTester.components().insertPublicProject(organization);
author	Teryk Bellahsene <teryk.bellahsene@sonarsource.com>	2017-09-12 17:06:21 +0200
committer	Teryk Bellahsene <teryk@users.noreply.github.com>	2017-09-20 09:15:23 +0200
commit	5687738266da5a855fe33f45f3a2c2f7fd9a8f71 (patch)
tree	784fb48b192ba52ffeb036648841324496acd2be /server
parent	3fb59f2b5f1b9d5a04404ebc08c78df95a3377b0 (diff)
download	sonarqube-5687738266da5a855fe33f45f3a2c2f7fd9a8f71.tar.gz sonarqube-5687738266da5a855fe33f45f3a2c2f7fd9a8f71.zip