SONAR-8192 set/unset root flag when creating a user via WS

depending upon whether the default group has the System Adminisiter permission or not
author: Sébastien Lesaint <sebastien.lesaint@sonarsource.com> 2016-10-17 12:36:38 +0200
committer: Sébastien Lesaint <sebastien.lesaint@sonarsource.com> 2016-10-19 14:45:13 +0200
commit: fdbaf904993c5d87249d1fa17c62bfb622ab12c9 (patch)
tree: 587d85a867a8bdbfa1d0baf13d2cafa89f555e55 /server
parent: 0043949d55cbb4da6ac6e52b62d863560b04f970 (diff)
download: sonarqube-fdbaf904993c5d87249d1fa17c62bfb622ab12c9.tar.gz
sonarqube-fdbaf904993c5d87249d1fa17c62bfb622ab12c9.zip
2 files changed, 109 insertions, 17 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java
index 2331a3a9c9e..2c8202800cd 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java
@@ -90,27 +90,47 @@ public class UserUpdater {
   public boolean create(NewUser newUser) {
     DbSession dbSession = dbClient.openSession(false);
     try {
-      return create(dbSession, newUser);
+      CreatedUser createdUser = create(dbSession, newUser);
+      dbClient.userDao().updateRootFlagFromPermissions(dbSession, createdUser.getId(), defaultOrganizationProvider.get().getUuid());
+      dbSession.commit();
+      return createdUser.isReactivated();
     } finally {
       dbClient.closeSession(dbSession);
     }
   }
 
-  public boolean create(DbSession dbSession, NewUser newUser) {
+  public CreatedUser create(DbSession dbSession, NewUser newUser) {
     boolean isUserReactivated = false;
-    UserDto userDto = createNewUserDto(dbSession, newUser);
-    String login = userDto.getLogin();
-    UserDto existingUser = dbClient.userDao().selectByLogin(dbSession, userDto.getLogin());
-    if (existingUser == null) {
-      saveUser(dbSession, userDto);
+    String login = newUser.login();
+    UserDto userDto = dbClient.userDao().selectByLogin(dbSession, newUser.login());
+    if (userDto == null) {
+      userDto = saveUser(dbSession, createNewUserDto(dbSession, newUser));
       addDefaultGroup(dbSession, userDto);
     } else {
-      isUserReactivated = reactivateUser(dbSession, existingUser, login, newUser);
+      isUserReactivated = reactivateUser(dbSession, userDto, login, newUser);
     }
     dbSession.commit();
     notifyNewUser(userDto.getLogin(), userDto.getName(), newUser.email());
     userIndexer.index();
-    return isUserReactivated;
+    return new CreatedUser(userDto.getId(), isUserReactivated);
+  }
+
+  private static final class CreatedUser {
+    private final long id;
+    private final boolean reactivated;
+
+    private CreatedUser(long id, boolean reactivated) {
+      this.id = id;
+      this.reactivated = reactivated;
+    }
+
+    public long getId() {
+      return id;
+    }
+
+    public boolean isReactivated() {
+      return reactivated;
+    }
   }
 
   private boolean reactivateUser(DbSession dbSession, UserDto existingUser, String login, NewUser newUser) {
@@ -362,11 +382,12 @@ public class UserUpdater {
     return null;
   }
 
-  private void saveUser(DbSession dbSession, UserDto userDto) {
+  private UserDto saveUser(DbSession dbSession, UserDto userDto) {
     long now = system2.now();
     userDto.setActive(true).setCreatedAt(now).setUpdatedAt(now);
-    dbClient.userDao().insert(dbSession, userDto);
+    UserDto res = dbClient.userDao().insert(dbSession, userDto);
     addDefaultGroup(dbSession, userDto);
+    return res;
   }
 
   private void updateUser(DbSession dbSession, UserDto userDto) {
diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java
index bbb169d5895..74675dbd27f 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CreateActionTest.java
@@ -24,16 +24,19 @@ import java.util.Optional;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.sonar.api.config.MapSettings;
 import org.sonar.api.config.Settings;
 import org.sonar.api.i18n.I18n;
 import org.sonar.api.utils.System2;
 import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbTester;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.user.GroupDto;
 import org.sonar.db.user.UserDto;
 import org.sonar.server.es.EsTester;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.ServerException;
 import org.sonar.server.organization.DefaultOrganizationProvider;
 import org.sonar.server.organization.TestDefaultOrganizationProvider;
 import org.sonar.server.tester.UserSessionRule;
@@ -57,12 +60,12 @@ public class CreateActionTest {
 
   @Rule
   public DbTester db = DbTester.create(System2.INSTANCE);
-
   @Rule
   public EsTester esTester = new EsTester(new UserIndexDefinition(settings));
-
   @Rule
   public UserSessionRule userSessionRule = UserSessionRule.standalone();
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
 
   private WsTester tester;
   private UserIndex index;
@@ -84,7 +87,7 @@ public class CreateActionTest {
 
   @Test
   public void create_user() throws Exception {
-    userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+    authenticateAsAdmin();
 
     tester.newPostRequest("api/users", "create")
       .setParam("login", "john")
@@ -110,7 +113,7 @@ public class CreateActionTest {
 
   @Test
   public void create_user_with_comma_in_scm_account() throws Exception {
-    userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+    authenticateAsAdmin();
 
     tester.newPostRequest("api/users", "create")
       .setParam("login", "john")
@@ -125,7 +128,7 @@ public class CreateActionTest {
 
   @Test
   public void create_user_with_deprecated_scmAccounts_parameter() throws Exception {
-    userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+    authenticateAsAdmin();
 
     tester.newPostRequest("api/users", "create")
       .setParam("login", "john")
@@ -141,7 +144,7 @@ public class CreateActionTest {
 
   @Test
   public void create_user_with_deprecated_scm_accounts_parameter() throws Exception {
-    userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+    authenticateAsAdmin();
 
     tester.newPostRequest("api/users", "create")
       .setParam("login", "john")
@@ -176,6 +179,60 @@ public class CreateActionTest {
     assertThat(index.getNullableByLogin("john").active()).isTrue();
   }
 
+  @Test
+  public void create_user_with_root_flag_to_false_if_default_group_is_unset() throws Exception {
+    unsetDefaultGroupProperty();
+    authenticateAsAdmin();
+
+    executeRequest("john");
+
+    db.rootFlag().verify("john", false);
+  }
+
+  @Test
+  public void create_user_with_root_flag_to_false_if_default_group_is_non_admin_on_default_organization() throws Exception {
+    GroupDto adminGroup = db.users().insertGroup(db.getDefaultOrganization());
+    setDefaultGroupProperty(adminGroup);
+    authenticateAsAdmin();
+
+    executeRequest("foo");
+
+    db.rootFlag().verify("foo", false);
+  }
+
+  @Test
+  public void request_fails_with_ServerException_when_default_group_belongs_to_another_organization() throws Exception {
+    OrganizationDto otherOrganization = db.organizations().insert();
+    GroupDto group = db.users().insertGroup(otherOrganization);
+    setDefaultGroupProperty(group);
+    authenticateAsAdmin();
+
+    expectedException.expect(ServerException.class);
+    expectedException.expectMessage("The default group '" + group.getName() + "' for new users does not exist. " +
+      "Please update the general security settings to fix this issue");
+
+    executeRequest("bar");
+  }
+
+  @Test
+  public void create_user_with_root_flag_to_true_if_default_group_is_admin_on_default_organization() throws Exception {
+    GroupDto adminGroup = db.users().insertAdminGroup(db.getDefaultOrganization());
+    setDefaultGroupProperty(adminGroup);
+    authenticateAsAdmin();
+
+    executeRequest("doh");
+
+    db.rootFlag().verify("doh", true);
+  }
+
+  private void unsetDefaultGroupProperty() {
+    settings.setProperty("sonar.defaultGroup", (String) null);
+  }
+
+  private void setDefaultGroupProperty(GroupDto adminGroup) {
+    settings.setProperty("sonar.defaultGroup", adminGroup.getName());
+  }
+
   @Test(expected = ForbiddenException.class)
   public void fail_on_missing_permission() throws Exception {
     userSessionRule.login("not_admin");
@@ -187,4 +244,18 @@ public class CreateActionTest {
       .setParam("scm_accounts", "jn")
       .setParam("password", "1234").execute();
   }
+
+  private void authenticateAsAdmin() {
+    userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+  }
+
+  private void executeRequest(String login) throws Exception {
+    tester.newPostRequest("api/users", "create")
+      .setParam("login", login)
+      .setParam("name", "name of " + login)
+      .setParam("email", login + "@email.com")
+      .setParam("scm_accounts", login.substring(0, 2))
+      .setParam("password", "pwd_" + login)
+      .execute();
+  }
 }
author	Sébastien Lesaint <sebastien.lesaint@sonarsource.com>	2016-10-17 12:36:38 +0200
committer	Sébastien Lesaint <sebastien.lesaint@sonarsource.com>	2016-10-19 14:45:13 +0200
commit	fdbaf904993c5d87249d1fa17c62bfb622ab12c9 (patch)
tree	587d85a867a8bdbfa1d0baf13d2cafa89f555e55 /server
parent	0043949d55cbb4da6ac6e52b62d863560b04f970 (diff)
download	sonarqube-fdbaf904993c5d87249d1fa17c62bfb622ab12c9.tar.gz sonarqube-fdbaf904993c5d87249d1fa17c62bfb622ab12c9.zip