diff options
author | Aurelien Poscia <aurelien.poscia@sonarsource.com> | 2023-09-26 09:54:48 +0200 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2023-09-28 20:03:11 +0000 |
commit | 162c2341904ae9b9a675f7287162a02201ec32aa (patch) | |
tree | 0117c6cdf83193cc9db4b64d7fd7205b99ab689e /server | |
parent | 360a4b93d39f94b9fc8aea2aff7dfd37203b5a1b (diff) | |
download | sonarqube-162c2341904ae9b9a675f7287162a02201ec32aa.tar.gz sonarqube-162c2341904ae9b9a675f7287162a02201ec32aa.zip |
SONAR-20532 Add isBaseRole flag in /api/v2/github-permission-mappings
Diffstat (limited to 'server')
6 files changed, 90 insertions, 35 deletions
diff --git a/server/sonar-webserver-common/src/it/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingServiceIT.java b/server/sonar-webserver-common/src/it/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingServiceIT.java index 711683b1055..a2480a3728a 100644 --- a/server/sonar-webserver-common/src/it/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingServiceIT.java +++ b/server/sonar-webserver-common/src/it/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingServiceIT.java @@ -43,7 +43,10 @@ import static org.sonar.server.common.github.permissions.GithubPermissionsMappin public class GithubPermissionsMappingServiceIT { + private static final String CUSTOM_ROLE_NAME = "customRole1"; + private static final SonarqubePermissions NO_SQ_PERMISSIONS = new SonarqubePermissions(false, false, false, false, false, false); + @Rule public DbTester db = DbTester.create(); private final DbSession dbSession = db.getSession(); @@ -60,11 +63,11 @@ public class GithubPermissionsMappingServiceIT { List<GithubPermissionsMapping> actualPermissionsMapping = underTest.getPermissionsMapping(); List<GithubPermissionsMapping> expectedPermissionsMapping = List.of( - new GithubPermissionsMapping(READ_GITHUB_ROLE, NO_SQ_PERMISSIONS), - new GithubPermissionsMapping(TRIAGE_GITHUB_ROLE, NO_SQ_PERMISSIONS), - new GithubPermissionsMapping(WRITE_GITHUB_ROLE, NO_SQ_PERMISSIONS), - new GithubPermissionsMapping(MAINTAIN_GITHUB_ROLE, NO_SQ_PERMISSIONS), - new GithubPermissionsMapping(ADMIN_GITHUB_ROLE, NO_SQ_PERMISSIONS)); + new GithubPermissionsMapping(READ_GITHUB_ROLE, true, NO_SQ_PERMISSIONS), + new GithubPermissionsMapping(TRIAGE_GITHUB_ROLE, true, NO_SQ_PERMISSIONS), + new GithubPermissionsMapping(WRITE_GITHUB_ROLE, true, NO_SQ_PERMISSIONS), + new GithubPermissionsMapping(MAINTAIN_GITHUB_ROLE, true, NO_SQ_PERMISSIONS), + new GithubPermissionsMapping(ADMIN_GITHUB_ROLE, true, NO_SQ_PERMISSIONS)); assertThat(actualPermissionsMapping).containsAll(expectedPermissionsMapping); } @@ -72,6 +75,7 @@ public class GithubPermissionsMappingServiceIT { @Test public void getPermissionsMapping_whenMappingDefined_returnMapping() { Map<String, Set<String>> githubRolesToSqPermissions = Map.of( + CUSTOM_ROLE_NAME, Set.of("user"), READ_GITHUB_ROLE, Set.of("user", "codeviewer"), WRITE_GITHUB_ROLE, Set.of("user", "codeviewer", "issueadmin", "securityhotspotadmin", "admin", "scan")); persistGithubPermissionsMapping(githubRolesToSqPermissions); @@ -79,11 +83,12 @@ public class GithubPermissionsMappingServiceIT { List<GithubPermissionsMapping> actualPermissionsMapping = underTest.getPermissionsMapping(); List<GithubPermissionsMapping> expectedPermissionsMapping = List.of( - new GithubPermissionsMapping(READ_GITHUB_ROLE, new SonarqubePermissions(true, true, false, false, false, false)), - new GithubPermissionsMapping(TRIAGE_GITHUB_ROLE, NO_SQ_PERMISSIONS), - new GithubPermissionsMapping(WRITE_GITHUB_ROLE, new SonarqubePermissions(true, true, true, true, true, true)), - new GithubPermissionsMapping(MAINTAIN_GITHUB_ROLE, NO_SQ_PERMISSIONS), - new GithubPermissionsMapping(ADMIN_GITHUB_ROLE, NO_SQ_PERMISSIONS)); + new GithubPermissionsMapping(CUSTOM_ROLE_NAME, false, new SonarqubePermissions(true, false, false, false, false, false)), + new GithubPermissionsMapping(READ_GITHUB_ROLE, true, new SonarqubePermissions(true, true, false, false, false, false)), + new GithubPermissionsMapping(TRIAGE_GITHUB_ROLE, true, NO_SQ_PERMISSIONS), + new GithubPermissionsMapping(WRITE_GITHUB_ROLE, true, new SonarqubePermissions(true, true, true, true, true, true)), + new GithubPermissionsMapping(MAINTAIN_GITHUB_ROLE, true, NO_SQ_PERMISSIONS), + new GithubPermissionsMapping(ADMIN_GITHUB_ROLE, true, NO_SQ_PERMISSIONS)); assertThat(actualPermissionsMapping).containsAll(expectedPermissionsMapping); } @@ -100,7 +105,7 @@ public class GithubPermissionsMappingServiceIT { } @Test - public void updatePermissionsMappings_shouldAddAndRemovePermissions() { + public void updatePermissionsMappings_onBaseRole_shouldAddAndRemovePermissions() { Map<String, Set<String>> githubRolesToSqPermissions = Map.of(READ_GITHUB_ROLE, Set.of("user", "codeviewer")); persistGithubPermissionsMapping(githubRolesToSqPermissions); @@ -113,7 +118,25 @@ public class GithubPermissionsMappingServiceIT { GithubPermissionsMapping updatedPermissionsMapping = underTest.getPermissionsMappingForGithubRole(READ_GITHUB_ROLE); - GithubPermissionsMapping expectedPermissionsMapping = new GithubPermissionsMapping(READ_GITHUB_ROLE, new SonarqubePermissions(false, false, true, false, false, true)); + SonarqubePermissions expectedSqPermissions = new SonarqubePermissions(false, false, true, false, false, true); + GithubPermissionsMapping expectedPermissionsMapping = new GithubPermissionsMapping(READ_GITHUB_ROLE, true, expectedSqPermissions); + assertThat(updatedPermissionsMapping).isEqualTo(expectedPermissionsMapping); + } + + @Test + public void updatePermissionsMappings_onCustomRole_shouldAddAndRemovePermissions() { + Map<String, Set<String>> githubRolesToSqPermissions = Map.of(CUSTOM_ROLE_NAME, Set.of("user", "codeviewer")); + persistGithubPermissionsMapping(githubRolesToSqPermissions); + + PermissionMappingChange permToAdd1 = new PermissionMappingChange(CUSTOM_ROLE_NAME, "issueadmin", Operation.ADD); + PermissionMappingChange permToRemove1 = new PermissionMappingChange(CUSTOM_ROLE_NAME, "user", Operation.REMOVE); + + underTest.updatePermissionsMappings(Set.of(permToAdd1, permToRemove1)); + + GithubPermissionsMapping updatedPermissionsMapping = underTest.getPermissionsMappingForGithubRole(CUSTOM_ROLE_NAME); + + SonarqubePermissions expectedSqPermissions = new SonarqubePermissions(false, true, true, false, false, false); + GithubPermissionsMapping expectedPermissionsMapping = new GithubPermissionsMapping(CUSTOM_ROLE_NAME, false, expectedSqPermissions); assertThat(updatedPermissionsMapping).isEqualTo(expectedPermissionsMapping); } @@ -125,7 +148,7 @@ public class GithubPermissionsMappingServiceIT { GithubPermissionsMapping updatedPermissionsMapping = underTest.getPermissionsMappingForGithubRole(READ_GITHUB_ROLE); - GithubPermissionsMapping expectedPermissionsMapping = new GithubPermissionsMapping(READ_GITHUB_ROLE, NO_SQ_PERMISSIONS); + GithubPermissionsMapping expectedPermissionsMapping = new GithubPermissionsMapping(READ_GITHUB_ROLE, true, NO_SQ_PERMISSIONS); assertThat(updatedPermissionsMapping).isEqualTo(expectedPermissionsMapping); } @@ -139,7 +162,8 @@ public class GithubPermissionsMappingServiceIT { GithubPermissionsMapping updatedPermissionsMapping = underTest.getPermissionsMappingForGithubRole(READ_GITHUB_ROLE); - GithubPermissionsMapping expectedPermissionsMapping = new GithubPermissionsMapping(READ_GITHUB_ROLE, new SonarqubePermissions(true, true, false, false, false, false)); + SonarqubePermissions expectedSqPermissions = new SonarqubePermissions(true, true, false, false, false, false); + GithubPermissionsMapping expectedPermissionsMapping = new GithubPermissionsMapping(READ_GITHUB_ROLE, true, expectedSqPermissions); assertThat(updatedPermissionsMapping).isEqualTo(expectedPermissionsMapping); } @@ -153,14 +177,14 @@ public class GithubPermissionsMappingServiceIT { SonarqubePermissions userOnlySqPermission = new SonarqubePermissions(true, false, false, false, false, false); GithubPermissionsMapping updatedPermissionsMapping = underTest.getPermissionsMappingForGithubRole(READ_GITHUB_ROLE); - assertThat(updatedPermissionsMapping).isEqualTo(new GithubPermissionsMapping(READ_GITHUB_ROLE, userOnlySqPermission)); + assertThat(updatedPermissionsMapping).isEqualTo(new GithubPermissionsMapping(READ_GITHUB_ROLE, true, userOnlySqPermission)); updatedPermissionsMapping = underTest.getPermissionsMappingForGithubRole(WRITE_GITHUB_ROLE); - assertThat(updatedPermissionsMapping).isEqualTo(new GithubPermissionsMapping(WRITE_GITHUB_ROLE, userOnlySqPermission)); + assertThat(updatedPermissionsMapping).isEqualTo(new GithubPermissionsMapping(WRITE_GITHUB_ROLE, true, userOnlySqPermission)); } @Test - public void getPermissionsMappingForGithubRole_shouldReturnMappingOnlyForRole() { + public void getPermissionsMappingForGithubRole_onBaseRole_shouldReturnMappingOnlyForRole() { Map<String, Set<String>> githubRolesToSqPermissions = Map.of( READ_GITHUB_ROLE, Set.of("user", "codeviewer"), WRITE_GITHUB_ROLE, Set.of("user", "codeviewer", "issueadmin", "securityhotspotadmin", "admin", "scan")); @@ -168,7 +192,23 @@ public class GithubPermissionsMappingServiceIT { GithubPermissionsMapping actualPermissionsMapping = underTest.getPermissionsMappingForGithubRole(READ_GITHUB_ROLE); - GithubPermissionsMapping expectedPermissionsMapping = new GithubPermissionsMapping(READ_GITHUB_ROLE, new SonarqubePermissions(true, true, false, false, false, false)); + SonarqubePermissions expectedSqPermissions = new SonarqubePermissions(true, true, false, false, false, false); + GithubPermissionsMapping expectedPermissionsMapping = new GithubPermissionsMapping(READ_GITHUB_ROLE, true, expectedSqPermissions); + + assertThat(actualPermissionsMapping).isEqualTo(expectedPermissionsMapping); + } + + @Test + public void getPermissionsMappingForGithubRole_onCustomRole_shouldReturnMappingOnlyForRole() { + Map<String, Set<String>> githubRolesToSqPermissions = Map.of( + CUSTOM_ROLE_NAME, Set.of("admin"), + WRITE_GITHUB_ROLE, Set.of("user", "codeviewer", "issueadmin", "securityhotspotadmin", "admin", "scan")); + persistGithubPermissionsMapping(githubRolesToSqPermissions); + + GithubPermissionsMapping actualPermissionsMapping = underTest.getPermissionsMappingForGithubRole(CUSTOM_ROLE_NAME); + + SonarqubePermissions expectedSqPermissions = new SonarqubePermissions(false, false, false, false, true, false); + GithubPermissionsMapping expectedPermissionsMapping = new GithubPermissionsMapping(CUSTOM_ROLE_NAME, false, expectedSqPermissions); assertThat(actualPermissionsMapping).isEqualTo(expectedPermissionsMapping); } diff --git a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMapping.java b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMapping.java index a8e8ac0bee4..449ee3333e4 100644 --- a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMapping.java +++ b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMapping.java @@ -19,5 +19,5 @@ */ package org.sonar.server.common.github.permissions; -public record GithubPermissionsMapping(String roleName, SonarqubePermissions permissions) { +public record GithubPermissionsMapping(String roleName, boolean isBaseRole, SonarqubePermissions permissions) { } diff --git a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingService.java b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingService.java index c5b48cb0f61..ed338fb00dd 100644 --- a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingService.java +++ b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingService.java @@ -19,6 +19,7 @@ */ package org.sonar.server.common.github.permissions; +import com.google.common.collect.Sets; import java.util.List; import java.util.Map; import java.util.Set; @@ -42,7 +43,7 @@ public class GithubPermissionsMappingService { public static final String MAINTAIN_GITHUB_ROLE = "maintain"; public static final String ADMIN_GITHUB_ROLE = "admin"; - private static final Set<String> GITHUB_BASE_ROLE = Set.of( + private static final Set<String> GITHUB_BASE_ROLES = Set.of( READ_GITHUB_ROLE, TRIAGE_GITHUB_ROLE, WRITE_GITHUB_ROLE, @@ -70,7 +71,8 @@ public class GithubPermissionsMappingService { public GithubPermissionsMapping getPermissionsMappingForGithubRole(String githubRole) { try (DbSession dbSession = dbClient.openSession(false)) { - return toGithubPermissionsMapping(getPermissionsMappingForGithubRole(dbSession, githubRole), githubRole); + Set<GithubPermissionsMappingDto> permissionsMappingForGithubRole = getPermissionsMappingForGithubRole(dbSession, githubRole); + return toGithubPermissionsMapping(permissionsMappingForGithubRole, githubRole); } } @@ -80,18 +82,22 @@ public class GithubPermissionsMappingService { } } - private static GithubPermissionsMapping toGithubPermissionsMapping(Set<GithubPermissionsMappingDto> githubPermissionsMappingDtos, String githubRole) { - return new GithubPermissionsMapping(githubRole, getSonarqubePermissions(githubPermissionsMappingDtos)); - } - private static List<GithubPermissionsMapping> toGithubPermissionsMappings(Set<GithubPermissionsMappingDto> githubPermissionsMappingDtos) { Map<String, Set<GithubPermissionsMappingDto>> githubRoleToGithubPermissionsMappingDto = githubPermissionsMappingDtos.stream() .collect(groupingBy(GithubPermissionsMappingDto::githubRole, toSet())); - return GITHUB_BASE_ROLE.stream() + + Set<String> allRoles = Sets.union(GITHUB_BASE_ROLES, githubRoleToGithubPermissionsMappingDto.keySet()); + return allRoles.stream() .map(githubRole -> toGithubPermissionsMapping(githubRoleToGithubPermissionsMappingDto.getOrDefault(githubRole, Set.of()), githubRole)) .toList(); } + private static GithubPermissionsMapping toGithubPermissionsMapping(Set<GithubPermissionsMappingDto> githubPermissionsMappingDtos, String githubRole) { + boolean isBaseRole = GITHUB_BASE_ROLES.contains(githubRole); + SonarqubePermissions sonarqubePermissions = getSonarqubePermissions(githubPermissionsMappingDtos); + return new GithubPermissionsMapping(githubRole, isBaseRole, sonarqubePermissions); + } + public void updatePermissionsMappings(Set<PermissionMappingChange> permissionChanges) { try (DbSession dbSession = dbClient.openSession(false)) { Map<String, List<PermissionMappingChange>> githubRolesToChanges = permissionChanges.stream() diff --git a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/github/permissions/controller/DefaultGithubPermissionsController.java b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/github/permissions/controller/DefaultGithubPermissionsController.java index 207987c6ea4..72ebab94a8c 100644 --- a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/github/permissions/controller/DefaultGithubPermissionsController.java +++ b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/github/permissions/controller/DefaultGithubPermissionsController.java @@ -44,8 +44,8 @@ import static org.sonar.api.web.UserRole.USER; public class DefaultGithubPermissionsController implements GithubPermissionsController { - private UserSession userSession; - private GithubPermissionsMappingService githubPermissionsMappingService; + private final UserSession userSession; + private final GithubPermissionsMappingService githubPermissionsMappingService; public DefaultGithubPermissionsController(UserSession userSession, GithubPermissionsMappingService githubPermissionsMappingService) { this.userSession = userSession; @@ -89,7 +89,12 @@ public class DefaultGithubPermissionsController implements GithubPermissionsCont } private static RestGithubPermissionsMapping toRestGithubPermissionMapping(GithubPermissionsMapping githubPermissionsMapping) { - return new RestGithubPermissionsMapping(githubPermissionsMapping.roleName(), githubPermissionsMapping.roleName(), githubPermissionsMapping.permissions()); + return new RestGithubPermissionsMapping( + githubPermissionsMapping.roleName(), + githubPermissionsMapping.roleName(), + githubPermissionsMapping.isBaseRole(), + githubPermissionsMapping.permissions() + ); } } diff --git a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/github/permissions/model/RestGithubPermissionsMapping.java b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/github/permissions/model/RestGithubPermissionsMapping.java index 2fb04d2c31f..89a028d2e82 100644 --- a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/github/permissions/model/RestGithubPermissionsMapping.java +++ b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/github/permissions/model/RestGithubPermissionsMapping.java @@ -21,5 +21,5 @@ package org.sonar.server.v2.api.github.permissions.model; import org.sonar.server.common.github.permissions.SonarqubePermissions; -public record RestGithubPermissionsMapping(String id, String roleName, SonarqubePermissions permissions) { +public record RestGithubPermissionsMapping(String id, String roleName, boolean isBaseRole, SonarqubePermissions permissions) { } diff --git a/server/sonar-webserver-webapi-v2/src/test/java/org/sonar/server/v2/api/github/permissions/controller/DefaultGithubPermissionsControllerTest.java b/server/sonar-webserver-webapi-v2/src/test/java/org/sonar/server/v2/api/github/permissions/controller/DefaultGithubPermissionsControllerTest.java index 3ed8b3346c6..7bc542a0489 100644 --- a/server/sonar-webserver-webapi-v2/src/test/java/org/sonar/server/v2/api/github/permissions/controller/DefaultGithubPermissionsControllerTest.java +++ b/server/sonar-webserver-webapi-v2/src/test/java/org/sonar/server/v2/api/github/permissions/controller/DefaultGithubPermissionsControllerTest.java @@ -74,8 +74,8 @@ public class DefaultGithubPermissionsControllerTest { userSession.logIn().setSystemAdministrator(); List<GithubPermissionsMapping> mapping = List.of( - new GithubPermissionsMapping(GITHUB_ROLE, new SonarqubePermissions(true, false, true, false, true, false)), - new GithubPermissionsMapping("role2", new SonarqubePermissions(false, true, false, true, false, true))); + new GithubPermissionsMapping(GITHUB_ROLE, false, new SonarqubePermissions(true, false, true, false, true, false)), + new GithubPermissionsMapping("role2", true, new SonarqubePermissions(false, true, false, true, false, true))); when(githubPermissionsMappingService.getPermissionsMapping()).thenReturn(mapping); MvcResult mvcResult = mockMvc.perform(get(GITHUB_PERMISSIONS_ENDPOINT)) @@ -88,10 +88,14 @@ public class DefaultGithubPermissionsControllerTest { private static List<RestGithubPermissionsMapping> toRestResources(List<GithubPermissionsMapping> permissionsMapping) { return permissionsMapping.stream() - .map(e -> new RestGithubPermissionsMapping(e.roleName(), e.roleName(), e.permissions())) + .map(DefaultGithubPermissionsControllerTest::toRestGithubPermissionMapping) .toList(); } + private static RestGithubPermissionsMapping toRestGithubPermissionMapping(GithubPermissionsMapping permissionMapping) { + return new RestGithubPermissionsMapping(permissionMapping.roleName(), permissionMapping.roleName(), permissionMapping.isBaseRole(), permissionMapping.permissions()); + } + @Test public void updateMapping_whenUserIsNotAdministrator_shouldReturnForbidden() throws Exception { userSession.logIn().setNonSystemAdministrator(); @@ -114,7 +118,7 @@ public class DefaultGithubPermissionsControllerTest { @Test public void updateMapping_shouldUpdateMapping() throws Exception { userSession.logIn().setSystemAdministrator(); - GithubPermissionsMapping updatedRolePermissions = new GithubPermissionsMapping(GITHUB_ROLE, new SonarqubePermissions(true, false, false, true, true, false)); + GithubPermissionsMapping updatedRolePermissions = new GithubPermissionsMapping(GITHUB_ROLE, false, new SonarqubePermissions(true, false, false, true, true, false)); when(githubPermissionsMappingService.getPermissionsMappingForGithubRole(GITHUB_ROLE)).thenReturn(updatedRolePermissions); @@ -135,7 +139,7 @@ public class DefaultGithubPermissionsControllerTest { RestGithubPermissionsMapping response = gson.fromJson(mvcResult.getResponse().getContentAsString(), RestGithubPermissionsMapping.class); - RestGithubPermissionsMapping expectedResponse = new RestGithubPermissionsMapping(GITHUB_ROLE, GITHUB_ROLE, new SonarqubePermissions(true, false, false, true, true, false)); + RestGithubPermissionsMapping expectedResponse = new RestGithubPermissionsMapping(GITHUB_ROLE, GITHUB_ROLE, false, new SonarqubePermissions(true, false, false, true, true, false)); assertThat(response).isEqualTo(expectedResponse); ArgumentCaptor<Set<PermissionMappingChange>> permissionMappingChangesCaptor = ArgumentCaptor.forClass(Set.class); |