diff options
| author | Jean-Baptiste Vilain <jean-baptiste.vilain@sonarsource.com> | 2013-06-28 18:41:25 +0200 |
|---|---|---|
| committer | Jean-Baptiste Vilain <jean-baptiste.vilain@sonarsource.com> | 2013-06-28 18:41:25 +0200 |
| commit | 8c982ed1093b00d6a6c5238ed9b644d83052f827 (patch) | |
| tree | 412d24694bdf89720056196f981d237d6d5abed4 /sonar-core | |
| parent | f61b4f4b92e27fbc98f590833245d22d875881e2 (diff) | |
| download | sonarqube-8c982ed1093b00d6a6c5238ed9b644d83052f827.tar.gz sonarqube-8c982ed1093b00d6a6c5238ed9b644d83052f827.zip | |
SONAR-4412 Added support of group 'Anyone' in permission change
Diffstat (limited to 'sonar-core')
8 files changed, 41 insertions, 5 deletions
diff --git a/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml b/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml index 811a813d440..c7871b83291 100644 --- a/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml +++ b/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml @@ -72,13 +72,17 @@ <when test="userLogin != null"> SELECT gr.role FROM group_roles gr - INNER JOIN groups_users gu on gu.group_id=gr.id + INNER JOIN groups_users gu on gu.group_id=gr.group_id INNER JOIN users u on u.id=gu.user_id <where> and u.login=#{userLogin} and gr.resource_id is null </where> UNION + SELECT gr.role + FROM group_roles gr + WHERE gr.group_id IS NULL AND gr.resource_id IS NULL + UNION SELECT ur.role FROM user_roles ur INNER JOIN users u on u.id=ur.user_id diff --git a/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml b/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml index db97a0986b3..1d2c7bf584f 100644 --- a/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml +++ b/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml @@ -17,6 +17,10 @@ INNER JOIN groups g ON g.id = gr.group_id WHERE g.name = #{groupName} AND gr.resource_id IS NULL + UNION + SELECT gr.role + FROM group_roles gr + WHERE gr.group_id IS NULL </select> <insert id="insertGroupRole" parameterType="GroupRole" keyColumn="id" useGeneratedKeys="true" keyProperty="id"> diff --git a/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java b/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java index 572bfacaf0a..860467bbf46 100644 --- a/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java +++ b/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java @@ -178,4 +178,12 @@ public class AuthorizationDaoTest extends AbstractDaoTestCase { AuthorizationDao authorization = new AuthorizationDao(getMyBatis()); assertThat(authorization.selectGlobalPermissions(null)).containsOnly("user", "admin"); } + + @Test + public void should_return_global_permissions_for_group_anyone() throws Exception { + setupData("should_return_global_permissions_for_group_anyone"); + + AuthorizationDao authorization = new AuthorizationDao(getMyBatis()); + assertThat(authorization.selectGlobalPermissions("anyone_user")).containsOnly("user", "profileadmin"); + } } diff --git a/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java b/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java index 1c9b3ee08c7..127ba6ab654 100644 --- a/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java +++ b/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java @@ -21,6 +21,7 @@ package org.sonar.core.user; import org.junit.Test; +import org.sonar.api.security.DefaultGroups; import org.sonar.core.persistence.AbstractDaoTestCase; import static org.fest.assertions.Assertions.assertThat; @@ -44,8 +45,10 @@ public class RoleDaoTest extends AbstractDaoTestCase { RoleDao dao = new RoleDao(getMyBatis()); assertThat(dao.selectGroupPermissions("sonar-administrators")).containsOnly(Permissions.SYSTEM_ADMIN, Permissions.QUALITY_PROFILE_ADMIN, - Permissions.DASHBOARD_SHARING); - assertThat(dao.selectGroupPermissions("sonar-users")).containsOnly(Permissions.DASHBOARD_SHARING); + Permissions.DASHBOARD_SHARING, Permissions.DRY_RUN_EXECUTION, Permissions.SCAN_EXECUTION); + assertThat(dao.selectGroupPermissions("sonar-users")).containsOnly(Permissions.DASHBOARD_SHARING, Permissions.DRY_RUN_EXECUTION, + Permissions.SCAN_EXECUTION); + assertThat(dao.selectGroupPermissions(DefaultGroups.ANYONE)).containsOnly(Permissions.DRY_RUN_EXECUTION, Permissions.SCAN_EXECUTION); } @Test diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/should_return_global_permissions_for_group_anyone.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/should_return_global_permissions_for_group_anyone.xml new file mode 100644 index 00000000000..970dbec08fb --- /dev/null +++ b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/should_return_global_permissions_for_group_anyone.xml @@ -0,0 +1,11 @@ +<dataset> + + <users id="10" login="anyone_user" /> + + <user_roles id="1" user_id="10" resource_id="[null]" role="user"/> + + <groups_users user_id="10" group_id="[null]"/> + + <group_roles id="1" group_id="[null]" resource_id="[null]" role="profileadmin"/> + +</dataset> diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/should_return_group_global_permissions.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/should_return_group_global_permissions.xml index 88727cc53af..424fa45ea82 100644 --- a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/should_return_group_global_permissions.xml +++ b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/should_return_group_global_permissions.xml @@ -12,7 +12,7 @@ <groups_users user_id="10" group_id="201"/> <groups_users user_id="11" group_id="200"/> - <group_roles id="200" group_id="200" resource_id="[null]" role="user"/> - <group_roles id="201" group_id="200" resource_id="[null]" role="admin"/> + <group_roles id="1" group_id="200" resource_id="[null]" role="user"/> + <group_roles id="2" group_id="201" resource_id="[null]" role="admin"/> </dataset> diff --git a/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/groupPermissions-result.xml b/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/groupPermissions-result.xml index 501273acb8f..f1f5f50fc06 100644 --- a/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/groupPermissions-result.xml +++ b/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/groupPermissions-result.xml @@ -6,5 +6,8 @@ <group_roles id="1" group_id="100" role="admin"/> <group_roles id="3" group_id="100" role="sharedashboard"/> <group_roles id="4" group_id="101" role="sharedashboard"/> + <!-- Group 'anyone' has a NULL group_id --> + <group_roles id="5" group_id="[null]" role="scan"/> + <group_roles id="6" group_id="[null]" role="dryrun"/> </dataset>
\ No newline at end of file diff --git a/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/groupPermissions.xml b/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/groupPermissions.xml index d3bb309cabb..832c7f087c5 100644 --- a/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/groupPermissions.xml +++ b/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/groupPermissions.xml @@ -7,5 +7,8 @@ <group_roles id="2" group_id="100" role="profileadmin"/> <group_roles id="3" group_id="100" role="sharedashboard"/> <group_roles id="4" group_id="101" role="sharedashboard"/> + <!-- Group 'anyone' has a NULL group_id --> + <group_roles id="5" group_id="[null]" role="scan"/> + <group_roles id="6" group_id="[null]" role="dryrun"/> </dataset>
\ No newline at end of file |