diff options
87 files changed, 1413 insertions, 498 deletions
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/core/permission/ProjectPermissions.java b/server/sonar-db-dao/src/main/java/org/sonar/core/permission/ProjectPermissions.java index 8382de07fc8..5427fb6a96e 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/core/permission/ProjectPermissions.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/core/permission/ProjectPermissions.java @@ -19,18 +19,16 @@ */ package org.sonar.core.permission; -import com.google.common.collect.ImmutableSet; -import java.util.Set; -import org.sonar.api.web.UserRole; - /** * Holds the constants representing the various component permissions that can be assigned to users & groups */ public final class ProjectPermissions { + /** - * Permissions which are implicitly available for any user, any group and to group "AnyOne" on public components. + * All the component permissions values */ - public static final Set<String> PUBLIC_PERMISSIONS = ImmutableSet.of(UserRole.USER, UserRole.CODEVIEWER); - public static final Set<String> ALL_PERMISSIONS = ImmutableSet.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, - GlobalPermissions.SCAN_EXECUTION, UserRole.USER, UserRole.APPLICATION_CREATOR, UserRole.PORTFOLIO_CREATOR); + + private ProjectPermissions() { + // static constants only + } } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/OrganizationPermission.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/OrganizationPermission.java index 25ec0b357e3..ec421086b55 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/OrganizationPermission.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/OrganizationPermission.java @@ -19,16 +19,19 @@ */ package org.sonar.db.permission; -import java.util.Arrays; -import java.util.stream.Stream; - public enum OrganizationPermission { ADMINISTER("admin"), ADMINISTER_QUALITY_GATES("gateadmin"), ADMINISTER_QUALITY_PROFILES("profileadmin"), PROVISION_PROJECTS("provisioning"), - SCAN("scan"); + SCAN("scan"), + + /** + * @since 7.4 + */ + APPLICATION_CREATOR("applicationcreator"), + PORTFOLIO_CREATOR("portfoliocreator"); private final String key; @@ -53,8 +56,4 @@ public enum OrganizationPermission { } throw new IllegalArgumentException("Unsupported permission: " + key); } - - public static Stream<OrganizationPermission> all() { - return Arrays.stream(values()); - } } diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/component/ResourceTypesRule.java b/server/sonar-db-dao/src/test/java/org/sonar/db/component/ResourceTypesRule.java index 0e90f242421..236ebe65b97 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/component/ResourceTypesRule.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/component/ResourceTypesRule.java @@ -86,6 +86,13 @@ public class ResourceTypesRule extends ResourceTypes { } @Override + public boolean isQualifierPresent(String qualifier) { + // FIXME looks strange to me + return rootResourceTypes.stream() + .anyMatch(resourceType -> qualifier.equals(resourceType.getQualifier())); + } + + @Override public List<String> getLeavesQualifiers(String qualifier) { return this.leavesQualifiers; } diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java index ccc4963362e..3c654bf32df 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java @@ -31,7 +31,6 @@ import org.junit.Rule; import org.junit.Test; import org.sonar.api.utils.System2; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.core.util.stream.MoreCollectors; import org.sonar.db.DbSession; import org.sonar.db.DbTester; @@ -372,7 +371,7 @@ public class AuthorizationDaoTest { @Test public void keepAuthorizedProjectIds_returns_empty_for_user_and_any_permission_on_private_project_without_any_permission_in_DB() { - ProjectPermissions.ALL_PERMISSIONS + PermissionsTestHelper.ALL_PERMISSIONS .forEach(perm -> { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, user.getId(), perm)) .isEmpty(); @@ -383,7 +382,7 @@ public class AuthorizationDaoTest { @Test public void keepAuthorizedProjectIds_returns_empty_for_group_AnyOne_and_any_permission_on_private_project_without_any_permission_in_DB() { - ProjectPermissions.ALL_PERMISSIONS + PermissionsTestHelper.ALL_PERMISSIONS .forEach(perm -> { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, null, perm)) .isEmpty(); @@ -621,7 +620,7 @@ public class AuthorizationDaoTest { public void keepAuthorizedUsersForRoleAndProject_returns_empty_for_any_users_and_any_permission_on_private_project_without_any_permission_in_DB() { ComponentDto project = db.components().insertPrivateProject(organization); - ProjectPermissions.ALL_PERMISSIONS + PermissionsTestHelper.ALL_PERMISSIONS .forEach(perm -> { assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, randomExistingUserIds, perm, project.getId())) .isEmpty(); diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/OrganizationPermissionTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/OrganizationPermissionTest.java index 3f3ab76d290..0e8d1ca1d13 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/OrganizationPermissionTest.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/OrganizationPermissionTest.java @@ -31,12 +31,4 @@ public class OrganizationPermissionTest { assertThat(OrganizationPermission.fromKey(p.getKey())).isEqualTo(p); } } - - @Test - public void all_returns_stream_of_values() { - assertThat(OrganizationPermission.all()).hasSize(OrganizationPermission.values().length); - for (OrganizationPermission permission : OrganizationPermission.values()) { - assertThat(OrganizationPermission.all()).contains(permission); - } - } } diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/PermissionsTestHelper.java b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/PermissionsTestHelper.java new file mode 100644 index 00000000000..66446b22faf --- /dev/null +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/PermissionsTestHelper.java @@ -0,0 +1,35 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +package org.sonar.db.permission; + +import com.google.common.collect.ImmutableSet; +import java.util.Set; +import org.sonar.api.web.UserRole; +import org.sonar.core.permission.GlobalPermissions; + +public class PermissionsTestHelper { + + public static final Set<String> ALL_PERMISSIONS = ImmutableSet.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, + GlobalPermissions.SCAN_EXECUTION, UserRole.USER, OrganizationPermission.APPLICATION_CREATOR.getKey(), OrganizationPermission.PORTFOLIO_CREATOR.getKey()); + + private PermissionsTestHelper() { + } +} diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/PermissionTemplateTesting.java b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/PermissionTemplateTesting.java index 36d47f8ecc8..279e7625f5f 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/PermissionTemplateTesting.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/PermissionTemplateTesting.java @@ -21,8 +21,8 @@ package org.sonar.db.permission.template; import java.util.Date; import org.apache.commons.lang.math.RandomUtils; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.core.util.Uuids; +import org.sonar.db.permission.PermissionsTestHelper; import static org.apache.commons.lang.RandomStringUtils.randomAlphanumeric; import static org.apache.commons.lang.RandomStringUtils.randomAscii; @@ -40,21 +40,21 @@ public class PermissionTemplateTesting { public static PermissionTemplateUserDto newPermissionTemplateUserDto() { return new PermissionTemplateUserDto() - .setPermission(ProjectPermissions.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(ProjectPermissions.ALL_PERMISSIONS.size())]) + .setPermission(PermissionsTestHelper.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(PermissionsTestHelper.ALL_PERMISSIONS.size())]) .setCreatedAt(new Date()) .setUpdatedAt(new Date()); } public static PermissionTemplateGroupDto newPermissionTemplateGroupDto() { return new PermissionTemplateGroupDto() - .setPermission(ProjectPermissions.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(ProjectPermissions.ALL_PERMISSIONS.size())]) + .setPermission(PermissionsTestHelper.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(PermissionsTestHelper.ALL_PERMISSIONS.size())]) .setCreatedAt(new Date()) .setUpdatedAt(new Date()); } public static PermissionTemplateCharacteristicDto newPermissionTemplateCharacteristicDto() { return new PermissionTemplateCharacteristicDto() - .setPermission(ProjectPermissions.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(ProjectPermissions.ALL_PERMISSIONS.size())]) + .setPermission(PermissionsTestHelper.ALL_PERMISSIONS.toArray(new String[0])[RandomUtils.nextInt(PermissionsTestHelper.ALL_PERMISSIONS.size())]) .setWithProjectCreator(RandomUtils.nextBoolean()) .setCreatedAt(System.currentTimeMillis()) .setUpdatedAt(System.currentTimeMillis()); diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java b/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java index 1a9ecabfd31..bc9c2d79378 100644 --- a/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java +++ b/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java @@ -19,13 +19,15 @@ */ package org.sonar.db.user; +import com.google.common.collect.ImmutableSet; import java.util.Arrays; import java.util.List; import java.util.Optional; +import java.util.Set; import java.util.function.Consumer; import javax.annotation.CheckForNull; import javax.annotation.Nullable; -import org.sonar.core.permission.ProjectPermissions; +import org.sonar.api.web.UserRole; import org.sonar.core.util.stream.MoreCollectors; import org.sonar.db.DbClient; import org.sonar.db.DbTester; @@ -45,6 +47,8 @@ import static org.sonar.db.user.UserTesting.newUserDto; import static org.sonar.db.user.UserTokenTesting.newUserToken; public class UserDbTester { + private static final Set<String> PUBLIC_PERMISSIONS = ImmutableSet.of(UserRole.USER, UserRole.CODEVIEWER); // FIXME to check with Simon + private final DbTester db; private final DbClient dbClient; @@ -226,7 +230,7 @@ public class UserDbTester { public GroupPermissionDto insertProjectPermissionOnAnyone(String permission, ComponentDto project) { checkArgument(!project.isPrivate(), "No permission to group AnyOne can be granted on a private project"); - checkArgument(!ProjectPermissions.PUBLIC_PERMISSIONS.contains(permission), + checkArgument(!PUBLIC_PERMISSIONS.contains(permission), "permission %s can't be granted on a public project", permission); checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); GroupPermissionDto dto = new GroupPermissionDto() @@ -246,7 +250,7 @@ public class UserDbTester { public GroupPermissionDto insertProjectPermissionOnGroup(GroupDto group, String permission, ComponentDto project) { checkArgument(group.getOrganizationUuid().equals(project.getOrganizationUuid()), "Different organizations"); - checkArgument(project.isPrivate() || !ProjectPermissions.PUBLIC_PERMISSIONS.contains(permission), + checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission), "%s can't be granted on a public project", permission); checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); GroupPermissionDto dto = new GroupPermissionDto() @@ -319,7 +323,7 @@ public class UserDbTester { * Grant permission on given project */ public UserPermissionDto insertProjectPermissionOnUser(UserDto user, String permission, ComponentDto project) { - checkArgument(project.isPrivate() || !ProjectPermissions.PUBLIC_PERMISSIONS.contains(permission), + checkArgument(project.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission), "%s can't be granted on a public project", permission); checkArgument(project.getMainBranchProjectUuid() == null, "Permissions can't be granted on branches"); UserPermissionDto dto = new UserPermissionDto(project.getOrganizationUuid(), permission, user.getId(), project.getId()); diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v74/CreateApplicationsAndPortfoliosCreatorPermissions.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v74/CreateApplicationsAndPortfoliosCreatorPermissions.java new file mode 100644 index 00000000000..c72291a09ba --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v74/CreateApplicationsAndPortfoliosCreatorPermissions.java @@ -0,0 +1,103 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +package org.sonar.server.platform.db.migration.version.v74; + +import org.sonar.api.security.DefaultGroups; +import org.sonar.api.utils.System2; +import org.sonar.api.utils.log.Logger; +import org.sonar.api.utils.log.Loggers; +import org.sonar.db.Database; +import org.sonar.server.platform.db.migration.SupportsBlueGreen; +import org.sonar.server.platform.db.migration.step.DataChange; + +import java.sql.SQLException; +import java.util.Date; + +@SupportsBlueGreen +public class CreateApplicationsAndPortfoliosCreatorPermissions extends DataChange { + + private static final Logger LOG = Loggers.get(CreateApplicationsAndPortfoliosCreatorPermissions.class); + private static final String DEFAULT_ORGANIZATION_KEY = "default-organization"; + + private final System2 system2; + + public CreateApplicationsAndPortfoliosCreatorPermissions(Database db, System2 system2) { + super(db); + this.system2 = system2; + } + + @Override + protected void execute(Context context) throws SQLException { + Date now = new Date(system2.now()); + Long adminGroupId = context.prepareSelect("SELECT id FROM groups WHERE name=?") + .setString(1, DefaultGroups.ADMINISTRATORS) + .get(row -> row.getLong(1)); + String templateKey = context.prepareSelect("SELECT default_perm_template_view FROM organizations WHERE kee=?") + .setString(1, DEFAULT_ORGANIZATION_KEY) + .get(row -> row.getString(1)); + + if (adminGroupId == null) { + LOG.info("Unable to find {} group. Skipping adding applications and portfolios creator permissions.", DefaultGroups.ADMINISTRATORS); + return; + } + + if (templateKey == null) { + LOG.info("There is no default template for views. Skipping adding applications and portfolios creator permissions."); + } + + Long templateId = context.prepareSelect("SELECT id FROM permission_templates WHERE kee=?") + .setString(1, templateKey) + .get(row -> row.getLong(1)); + + if (templateId == null) { + LOG.info("Unable to find the default template [{}] for views. Skipping adding applications and portfolios creator permissions.", templateKey); + return; + } + + if (isPermissionAbsent(context, adminGroupId, "applicationcreator")) { + insertPermission(context, adminGroupId, templateId, "applicationcreator", now); + } + + if (isPermissionAbsent(context, adminGroupId, "portfoliocreator")) { + insertPermission(context, adminGroupId, templateId, "portfoliocreator", now); + } + } + + private static boolean isPermissionAbsent(Context context, Long groupId, String permission) throws SQLException { + Long count = context.prepareSelect("SELECT count(*) FROM perm_templates_groups WHERE group_id=? AND permission_reference=?") + .setLong(1, groupId) + .setString(2, permission) + .get(row -> (row.getLong(1))); + + return (count == null) || count == 0; + } + + private static void insertPermission(Context context, Long groupId, Long templateId, String permission, Date now) throws SQLException { + context.prepareUpsert("INSERT INTO perm_templates_groups (group_id, template_id, permission_reference, created_at, updated_at) values (?,?,?,?,?)") + .setLong(1, groupId) + .setLong(2, templateId) + .setString(3, permission) + .setDate(4, now) + .setDate(5, now) + .execute() + .commit(); + } +} diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v74/DbVersion74.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v74/DbVersion74.java index 45186436a14..da1f3af2268 100644 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v74/DbVersion74.java +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v74/DbVersion74.java @@ -44,6 +44,7 @@ public class DbVersion74 implements DbVersion { .add(2321, "Increase organization key and name length", IncreaseOrganizationsKeeAndNameLength.class) .add(2322, "Create table CE_TASK_MESSAGE", CreateCeTaskMessage.class) .add(2323, "Clean orphans from deleted branches and PRs in CE_* tables", CleanOrphanRowsInCeTables.class) + .add(2324, "Create new creator permissions for applications and portfolios", CreateApplicationsAndPortfoliosCreatorPermissions.class) ; } } diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v74/CreateApplicationsAndPortfoliosCreatorPermissionsTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v74/CreateApplicationsAndPortfoliosCreatorPermissionsTest.java new file mode 100644 index 00000000000..b9fe947e5ad --- /dev/null +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v74/CreateApplicationsAndPortfoliosCreatorPermissionsTest.java @@ -0,0 +1,213 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v74; + +import java.sql.SQLException; +import java.util.Date; +import java.util.stream.Collectors; +import org.assertj.core.groups.Tuple; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; +import org.sonar.api.utils.System2; +import org.sonar.api.web.UserRole; +import org.sonar.core.util.UuidFactoryFast; +import org.sonar.db.CoreDbTester; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.groups.Tuple.tuple; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +public class CreateApplicationsAndPortfoliosCreatorPermissionsTest { + @Rule + public ExpectedException expectedException = ExpectedException.none(); + + @Rule + public CoreDbTester db = CoreDbTester.createForSchema(CreateApplicationsAndPortfoliosCreatorPermissionsTest.class, "perm_templates_groups.sql"); + + private static final Date PAST = new Date(100_000_000_000L); + private static final Date NOW = new Date(500_000_000_000L); + private static final String DEFAULT_ORGANIZATION_UUID = UuidFactoryFast.getInstance().create(); + private static final String DEFAULT_PERM_TEMPLATE_VIEW = "default_view_template"; + private static final String ANOTHER_PERM_TEMPLATE_VIEW = "another_template"; + + private System2 system2 = mock(System2.class); + private CreateApplicationsAndPortfoliosCreatorPermissions underTest = new CreateApplicationsAndPortfoliosCreatorPermissions(db.database(), system2); + + @Before + public void setupDatabase() { + insertDefaultOrganization(); + insertDefaultGroups(); + insertPermissionTemplate(); + } + + + @Test + public void migration_is_reentrant() throws SQLException { + when(system2.now()).thenReturn(NOW.getTime()); + + underTest.execute(); + underTest.execute(); + + Long idOfDefaultPermissionTemplate = getIdOfPermissionTemplate(DEFAULT_PERM_TEMPLATE_VIEW); + Long idOfAdministratorGroup = getIdOfGroup("sonar-administrators"); + + assertPermTemplateGroupRoles( + tuple(idOfDefaultPermissionTemplate, idOfAdministratorGroup, "applicationcreator", NOW, NOW), + tuple(idOfDefaultPermissionTemplate, idOfAdministratorGroup, "portfoliocreator", NOW, NOW)); + } + + @Test + public void insert_missing_permissions() throws SQLException { + when(system2.now()).thenReturn(NOW.getTime()); + + underTest.execute(); + + Long idOfDefaultPermissionTemplate = getIdOfPermissionTemplate(DEFAULT_PERM_TEMPLATE_VIEW); + Long idOfAdministratorGroup = getIdOfGroup("sonar-administrators"); + + assertPermTemplateGroupRoles( + tuple(idOfDefaultPermissionTemplate, idOfAdministratorGroup, "applicationcreator", NOW, NOW), + tuple(idOfDefaultPermissionTemplate, idOfAdministratorGroup, "portfoliocreator", NOW, NOW)); + } + + @Test + public void does_nothing_if_template_group_has_the_permissions_already() throws SQLException { + Long idOfDefaultPermissionTemplate = getIdOfPermissionTemplate(DEFAULT_PERM_TEMPLATE_VIEW); + Long idOfAdministratorGroup = getIdOfGroup("sonar-administrators"); + + insertPermTemplateGroupRole(1, 2, "noissueadmin"); + insertPermTemplateGroupRole(3, 4, "issueadmin"); + insertPermTemplateGroupRole(3, 4, "another"); + insertPermTemplateGroupRole(5, 6, "securityhotspotadmin"); + insertPermTemplateGroupRole(idOfDefaultPermissionTemplate.intValue(), idOfAdministratorGroup.intValue(), "applicationcreator"); + insertPermTemplateGroupRole(idOfDefaultPermissionTemplate.intValue(), idOfAdministratorGroup.intValue(), "portfoliocreator"); + + when(system2.now()).thenReturn(NOW.getTime()); + underTest.execute(); + + assertPermTemplateGroupRoles( + tuple(1L, 2L, "noissueadmin", PAST, PAST), + tuple(3L, 4L, "issueadmin", PAST, PAST), + tuple(3L, 4L, "another", PAST, PAST), + tuple(5L, 6L, "securityhotspotadmin", PAST, PAST), + tuple(idOfDefaultPermissionTemplate, idOfAdministratorGroup, "applicationcreator", PAST, PAST), + tuple(idOfDefaultPermissionTemplate, idOfAdministratorGroup, "portfoliocreator", PAST, PAST)); + } + + @Test + public void insert_missing_permission_keeping_other_template_group_permissions() throws SQLException { + when(system2.now()).thenReturn(NOW.getTime()); + insertPermTemplateGroupRole(1, 2, "noissueadmin"); + insertPermTemplateGroupRole(3, 4, "issueadmin"); + insertPermTemplateGroupRole(3, 4, "another"); + insertPermTemplateGroupRole(5, 6, "securityhotspotadmin"); + + underTest.execute(); + + Long idOfDefaultPermissionTemplate = getIdOfPermissionTemplate(DEFAULT_PERM_TEMPLATE_VIEW); + Long idOfAdministratorGroup = getIdOfGroup("sonar-administrators"); + + assertPermTemplateGroupRoles( + tuple(1L, 2L, "noissueadmin", PAST, PAST), + tuple(3L, 4L, "issueadmin", PAST, PAST), + tuple(3L, 4L, "another", PAST, PAST), + tuple(5L, 6L, "securityhotspotadmin", PAST, PAST), + tuple(idOfDefaultPermissionTemplate, idOfAdministratorGroup, "applicationcreator", NOW, NOW), + tuple(idOfDefaultPermissionTemplate, idOfAdministratorGroup, "portfoliocreator", NOW, NOW)); + } + + private void insertPermTemplateGroupRole(int templateId, int groupId, String role) { + db.executeInsert( + "PERM_TEMPLATES_GROUPS", + "TEMPLATE_ID", templateId, + "GROUP_ID", groupId, + "PERMISSION_REFERENCE", role, + "CREATED_AT", PAST, + "UPDATED_AT", PAST); + } + + private void insertDefaultGroups() { + db.executeInsert( + "GROUPS", + "NAME", "sonar-administrators", + "CREATED_AT", PAST, + "UPDATED_AT", PAST, + "ORGANIZATION_UUID", DEFAULT_ORGANIZATION_UUID); + db.executeInsert( + "GROUPS", + "NAME", "sonar-users", + "CREATED_AT", PAST, + "UPDATED_AT", PAST, + "ORGANIZATION_UUID", DEFAULT_ORGANIZATION_UUID); + } + + private void insertDefaultOrganization() { + db.executeInsert( + "ORGANIZATIONS", + "UUID", DEFAULT_ORGANIZATION_UUID, + "KEE", "default-organization", + "NAME", "Default Organization", + "GUARDED", true, + "DEFAULT_PERM_TEMPLATE_VIEW", DEFAULT_PERM_TEMPLATE_VIEW, + "DEFAULT_QUALITY_GATE_UUID", UuidFactoryFast.getInstance().create(), + "NEW_PROJECT_PRIVATE", false, + "SUBSCRIPTION", "SONARQUBE", + "CREATED_AT", PAST.getTime(), + "UPDATED_AT", PAST.getTime()); + } + + private void insertPermissionTemplate() { + db.executeInsert( + "PERMISSION_TEMPLATES", + "ORGANIZATION_UUID", DEFAULT_ORGANIZATION_UUID, + "NAME", "Default template for views", + "KEE", DEFAULT_PERM_TEMPLATE_VIEW, + "CREATED_AT", PAST, + "UPDATED_AT", PAST); + db.executeInsert( + "PERMISSION_TEMPLATES", + "ORGANIZATION_UUID", DEFAULT_ORGANIZATION_UUID, + "NAME", ANOTHER_PERM_TEMPLATE_VIEW, + "KEE", ANOTHER_PERM_TEMPLATE_VIEW, + "CREATED_AT", PAST, + "UPDATED_AT", PAST); + } + + private Long getIdOfPermissionTemplate(String key) { + return (Long) db.selectFirst("SELECT id FROM permission_templates WHERE kee='" + key + "'") + .get("ID"); + } + + private Long getIdOfGroup(String key) { + return (Long) db.selectFirst("SELECT id FROM groups WHERE name='" + key + "'") + .get("ID"); + } + + private void assertPermTemplateGroupRoles(Tuple... expectedTuples) { + assertThat(db.select("SELECT TEMPLATE_ID, GROUP_ID, PERMISSION_REFERENCE, CREATED_AT, UPDATED_AT FROM PERM_TEMPLATES_GROUPS") + .stream() + .map(map -> new Tuple(map.get("TEMPLATE_ID"), map.get("GROUP_ID"), map.get("PERMISSION_REFERENCE"), map.get("CREATED_AT"), map.get("UPDATED_AT"))) + .collect(Collectors.toList())) + .containsExactlyInAnyOrder(expectedTuples); + } +} diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v74/DbVersion74Test.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v74/DbVersion74Test.java index b67fedaffea..5064842d84d 100644 --- a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v74/DbVersion74Test.java +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v74/DbVersion74Test.java @@ -35,6 +35,6 @@ public class DbVersion74Test { @Test public void verify_migration_count() { - verifyMigrationCount(underTest, 17); + verifyMigrationCount(underTest, 18); } } diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v74/CreateApplicationsAndPortfoliosCreatorPermissionsTest/perm_templates_groups.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v74/CreateApplicationsAndPortfoliosCreatorPermissionsTest/perm_templates_groups.sql new file mode 100644 index 00000000000..0a8c29211f0 --- /dev/null +++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v74/CreateApplicationsAndPortfoliosCreatorPermissionsTest/perm_templates_groups.sql @@ -0,0 +1,49 @@ +CREATE TABLE "GROUPS" ( + "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), + "ORGANIZATION_UUID" VARCHAR(40) NOT NULL, + "NAME" VARCHAR(500), + "DESCRIPTION" VARCHAR(200), + "CREATED_AT" TIMESTAMP, + "UPDATED_AT" TIMESTAMP +); + +CREATE TABLE "PERMISSION_TEMPLATES" ( + "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), + "ORGANIZATION_UUID" VARCHAR(40) NOT NULL, + "NAME" VARCHAR(100) NOT NULL, + "KEE" VARCHAR(100) NOT NULL, + "DESCRIPTION" VARCHAR(4000), + "KEY_PATTERN" VARCHAR(500), + "CREATED_AT" TIMESTAMP, + "UPDATED_AT" TIMESTAMP +); + +CREATE TABLE "PERM_TEMPLATES_GROUPS" ( + "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), + "GROUP_ID" INTEGER, + "TEMPLATE_ID" INTEGER NOT NULL, + "PERMISSION_REFERENCE" VARCHAR(64) NOT NULL, + "CREATED_AT" TIMESTAMP, + "UPDATED_AT" TIMESTAMP +); + +CREATE TABLE "ORGANIZATIONS" ( + "UUID" VARCHAR(40) NOT NULL, + "KEE" VARCHAR(32) NOT NULL, + "NAME" VARCHAR(64) NOT NULL, + "DESCRIPTION" VARCHAR(256), + "URL" VARCHAR(256), + "AVATAR_URL" VARCHAR(256), + "GUARDED" BOOLEAN NOT NULL, + "DEFAULT_PERM_TEMPLATE_PROJECT" VARCHAR(40), + "DEFAULT_PERM_TEMPLATE_VIEW" VARCHAR(40), + "DEFAULT_GROUP_ID" INTEGER, + "DEFAULT_QUALITY_GATE_UUID" VARCHAR(40) NOT NULL, + "NEW_PROJECT_PRIVATE" BOOLEAN NOT NULL, + "SUBSCRIPTION" VARCHAR(40) NOT NULL, + "CREATED_AT" BIGINT NOT NULL, + "UPDATED_AT" BIGINT NOT NULL, + + CONSTRAINT "PK_ORGANIZATIONS" PRIMARY KEY ("UUID") +); +CREATE UNIQUE INDEX "ORGANIZATION_KEY" ON "ORGANIZATIONS" ("KEE"); diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationUpdaterImpl.java b/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationUpdaterImpl.java index 537a496b7ab..cc6b889a0c8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationUpdaterImpl.java +++ b/server/sonar-server/src/main/java/org/sonar/server/organization/OrganizationUpdaterImpl.java @@ -47,6 +47,7 @@ import org.sonar.db.qualityprofile.OrgQProfileDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; import org.sonar.db.user.UserGroupDto; +import org.sonar.server.permission.PermissionService; import org.sonar.server.qualityprofile.BuiltInQProfile; import org.sonar.server.qualityprofile.BuiltInQProfileRepository; import org.sonar.server.qualityprofile.QProfileName; @@ -76,10 +77,11 @@ public class OrganizationUpdaterImpl implements OrganizationUpdater { private final BuiltInQProfileRepository builtInQProfileRepository; private final DefaultGroupCreator defaultGroupCreator; private final UserIndexer userIndexer; + private final PermissionService permissionService; public OrganizationUpdaterImpl(DbClient dbClient, System2 system2, UuidFactory uuidFactory, OrganizationValidation organizationValidation, Configuration config, UserIndexer userIndexer, - BuiltInQProfileRepository builtInQProfileRepository, DefaultGroupCreator defaultGroupCreator) { + BuiltInQProfileRepository builtInQProfileRepository, DefaultGroupCreator defaultGroupCreator, PermissionService permissionService) { this.dbClient = dbClient; this.system2 = system2; this.uuidFactory = uuidFactory; @@ -88,6 +90,7 @@ public class OrganizationUpdaterImpl implements OrganizationUpdater { this.userIndexer = userIndexer; this.builtInQProfileRepository = builtInQProfileRepository; this.defaultGroupCreator = defaultGroupCreator; + this.permissionService = permissionService; } @Override @@ -140,7 +143,7 @@ public class OrganizationUpdaterImpl implements OrganizationUpdater { insertOrganizationMember(dbSession, organization, newUser.getId()); GroupDto defaultGroup = defaultGroupCreator.create(dbSession, organization.getUuid()); dbClient.qualityGateDao().associate(dbSession, uuidFactory.create(), organization, builtInQualityGate); - OrganizationPermission.all() + permissionService.getAllOrganizationPermissions() .forEach(p -> insertUserPermissions(dbSession, newUser, organization, p)); insertPersonalOrgDefaultTemplate(dbSession, organization, defaultGroup); try (DbSession batchDbSession = dbClient.openSession(true)) { @@ -321,7 +324,7 @@ public class OrganizationUpdaterImpl implements OrganizationUpdater { .setOrganizationUuid(organization.getUuid()) .setName(OWNERS_GROUP_NAME) .setDescription(format(OWNERS_GROUP_DESCRIPTION_PATTERN, organization.getName()))); - OrganizationPermission.all().forEach(p -> addPermissionToGroup(dbSession, group, p)); + permissionService.getAllOrganizationPermissions().forEach(p -> addPermissionToGroup(dbSession, group, p)); return group; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChange.java b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChange.java index e9d44b76218..963b2fedf4a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChange.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChange.java @@ -26,9 +26,9 @@ public class GroupPermissionChange extends PermissionChange { private final GroupIdOrAnyone groupId; - public GroupPermissionChange(PermissionsHelper permissionsHelper, Operation operation, String permission, @Nullable ProjectId projectId, - GroupIdOrAnyone groupId) { - super(permissionsHelper, operation, groupId.getOrganizationUuid(), permission, projectId); + public GroupPermissionChange(Operation operation, String permission, @Nullable ProjectId projectId, + GroupIdOrAnyone groupId, PermissionService permissionService) { + super(operation, groupId.getOrganizationUuid(), permission, projectId, permissionService); this.groupId = groupId; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java index f041c763ec8..8f10e7edd75 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/GroupPermissionChanger.java @@ -21,11 +21,9 @@ package org.sonar.server.permission; import java.util.List; import java.util.Optional; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.permission.GroupPermissionDto; -import org.sonar.server.permission.ws.PermissionWsSupport; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.permission.PermissionChange.Operation.ADD; @@ -36,11 +34,11 @@ import static org.sonar.server.ws.WsUtils.checkRequest; public class GroupPermissionChanger { private final DbClient dbClient; - private final PermissionWsSupport wsSupport; + private final PermissionService permissionService; - public GroupPermissionChanger(DbClient dbClient, PermissionWsSupport wsSupport) { + public GroupPermissionChanger(DbClient dbClient, PermissionService permissionService) { this.dbClient = dbClient; - this.wsSupport = wsSupport; + this.permissionService = permissionService; } public boolean apply(DbSession dbSession, GroupPermissionChange change) { @@ -58,21 +56,21 @@ public class GroupPermissionChanger { } } - private static boolean isImplicitlyAlreadyDone(GroupPermissionChange change) { + private boolean isImplicitlyAlreadyDone(GroupPermissionChange change) { return change.getProjectId() .map(projectId -> isImplicitlyAlreadyDone(projectId, change)) .orElse(false); } - private static boolean isImplicitlyAlreadyDone(ProjectId projectId, GroupPermissionChange change) { + private boolean isImplicitlyAlreadyDone(ProjectId projectId, GroupPermissionChange change) { return isAttemptToAddPublicPermissionToPublicComponent(change, projectId) || isAttemptToRemovePermissionFromAnyoneOnPrivateComponent(change, projectId); } - private static boolean isAttemptToAddPublicPermissionToPublicComponent(GroupPermissionChange change, ProjectId projectId) { + private boolean isAttemptToAddPublicPermissionToPublicComponent(GroupPermissionChange change, ProjectId projectId) { return !projectId.isPrivate() && change.getOperation() == ADD - && ProjectPermissions.PUBLIC_PERMISSIONS.contains(change.getPermission()); + && permissionService.getPublicPermissions().contains(change.getPermission()); } private static boolean isAttemptToRemovePermissionFromAnyoneOnPrivateComponent(GroupPermissionChange change, ProjectId projectId) { @@ -81,7 +79,7 @@ public class GroupPermissionChanger { && change.getGroupIdOrAnyone().isAnyone(); } - private static void ensureConsistencyWithVisibility(GroupPermissionChange change) { + private void ensureConsistencyWithVisibility(GroupPermissionChange change) { change.getProjectId() .ifPresent(projectId -> { checkRequest( @@ -99,10 +97,10 @@ public class GroupPermissionChanger { && change.getGroupIdOrAnyone().isAnyone(); } - private static boolean isAttemptToRemovePublicPermissionFromPublicComponent(GroupPermissionChange change, ProjectId projectId) { + private boolean isAttemptToRemovePublicPermissionFromPublicComponent(GroupPermissionChange change, ProjectId projectId) { return !projectId.isPrivate() && change.getOperation() == REMOVE - && ProjectPermissions.PUBLIC_PERMISSIONS.contains(change.getPermission()); + && permissionService.getPublicPermissions().contains(change.getPermission()); } private boolean addPermission(DbSession dbSession, GroupPermissionChange change) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionChange.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionChange.java index 3292d6bec08..ca6d591656f 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionChange.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionChange.java @@ -37,16 +37,19 @@ public abstract class PermissionChange { private final String organizationUuid; private final String permission; private final ProjectId projectId; + protected final PermissionService permissionService; - public PermissionChange(PermissionsHelper permissionsHelper, Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId) { + public PermissionChange(Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId, PermissionService permissionService) { this.operation = requireNonNull(operation); this.organizationUuid = requireNonNull(organizationUuid); this.permission = requireNonNull(permission); this.projectId = projectId; + this.permissionService = permissionService; if (projectId == null) { checkRequest(GlobalPermissions.ALL.contains(permission), "Invalid global permission '%s'. Valid values are %s", permission, GlobalPermissions.ALL); } else { - checkRequest(permissionsHelper.allPermissions().contains(permission), "Invalid project permission '%s'. Valid values are %s", permission, permissionsHelper.allPermissions()); + checkRequest(permissionService.getAllProjectPermissions().contains(permission), "Invalid project permission '%s'. Valid values are %s", permission, + permissionService.getAllProjectPermissions()); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java new file mode 100644 index 00000000000..6c84667e897 --- /dev/null +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java @@ -0,0 +1,31 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +package org.sonar.server.permission; + +import java.util.List; +import org.sonar.db.permission.OrganizationPermission; + +public interface PermissionService { + + List<OrganizationPermission> getAllOrganizationPermissions(); + List<String> getAllProjectPermissions(); + List<String> getPublicPermissions(); +} diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionServiceImpl.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionServiceImpl.java new file mode 100644 index 00000000000..1b5f4786c4a --- /dev/null +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionServiceImpl.java @@ -0,0 +1,85 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +package org.sonar.server.permission; + +import com.google.common.collect.ImmutableList; +import java.util.List; +import javax.annotation.concurrent.Immutable; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; +import org.sonar.api.web.UserRole; +import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.permission.OrganizationPermission; + +import static java.util.stream.Collectors.toList; + +@Immutable +public class PermissionServiceImpl implements PermissionService { + + private static final List<String> ALL_PROJECT_PERMISSIONS = ImmutableList.of( + UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION, UserRole.USER, + OrganizationPermission.APPLICATION_CREATOR.getKey(), OrganizationPermission.PORTFOLIO_CREATOR.getKey()); + + private static final List<OrganizationPermission> ALL_GLOBAL_PERMISSIONS = ImmutableList.copyOf(OrganizationPermission.values()); + + /** + * Permissions which are implicitly available for any user, any group and to group "AnyOne" on public components. + */ + private static final List<String> PUBLIC_PERMISSIONS = ImmutableList.of(UserRole.USER, UserRole.CODEVIEWER); + + private final List<OrganizationPermission> globalPermissions; + private final List<String> projectPermissions; + + public PermissionServiceImpl(ResourceTypes resourceTypes) { + globalPermissions = ImmutableList.copyOf(ALL_GLOBAL_PERMISSIONS.stream() + .filter(s -> !s.equals(OrganizationPermission.APPLICATION_CREATOR) || resourceTypes.isQualifierPresent(Qualifiers.APP)) + .filter(s -> !s.equals(OrganizationPermission.PORTFOLIO_CREATOR) || resourceTypes.isQualifierPresent(Qualifiers.VIEW)) + .collect(toList())); + projectPermissions = ImmutableList.copyOf(ALL_PROJECT_PERMISSIONS.stream() + .filter(s -> !s.equals(OrganizationPermission.APPLICATION_CREATOR.getKey()) || resourceTypes.isQualifierPresent(Qualifiers.APP)) + .filter(s -> !s.equals(OrganizationPermission.PORTFOLIO_CREATOR.getKey()) || resourceTypes.isQualifierPresent(Qualifiers.VIEW)) + .collect(toList())); + } + + /** + * Return an immutable Set of all organization permissions + */ + @Override + public List<OrganizationPermission> getAllOrganizationPermissions() { + return globalPermissions; + } + + /** + * Return an immutable Set of all project permissions + */ + @Override + public List<String> getAllProjectPermissions() { + return projectPermissions; + } + + /** + * Permissions which are implicitly available for any user, any group and to group "AnyOne" on public components. + */ + @Override + public List<String> getPublicPermissions() { + return PUBLIC_PERMISSIONS; + } +} diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java index 88e9d8bdde7..4d77c24060a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionTemplateService.java @@ -30,7 +30,6 @@ import javax.annotation.Nullable; import org.apache.commons.lang.StringUtils; import org.sonar.api.resources.Qualifiers; import org.sonar.api.server.ServerSide; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.component.ComponentDto; @@ -50,7 +49,6 @@ import org.sonar.server.user.UserSession; import static com.google.common.base.Preconditions.checkArgument; import static java.lang.String.format; -import static java.util.Arrays.asList; import static java.util.Collections.singletonList; import static org.sonar.api.security.DefaultGroups.isAnyone; @@ -61,13 +59,15 @@ public class PermissionTemplateService { private final ProjectIndexers projectIndexers; private final UserSession userSession; private final DefaultTemplatesResolver defaultTemplatesResolver; + private final PermissionService permissionService; public PermissionTemplateService(DbClient dbClient, ProjectIndexers projectIndexers, UserSession userSession, - DefaultTemplatesResolver defaultTemplatesResolver) { + DefaultTemplatesResolver defaultTemplatesResolver, PermissionService permissionService) { this.dbClient = dbClient; this.projectIndexers = projectIndexers; this.userSession = userSession; this.defaultTemplatesResolver = defaultTemplatesResolver; + this.permissionService = permissionService; } public boolean wouldUserHaveScanPermissionWithDefaultTemplate(DbSession dbSession, @@ -152,7 +152,7 @@ public class PermissionTemplateService { dbClient.groupPermissionDao().insert(dbSession, dto); }); - List<PermissionTemplateCharacteristicDto> characteristics = dbClient.permissionTemplateCharacteristicDao().selectByTemplateIds(dbSession, asList(template.getId())); + List<PermissionTemplateCharacteristicDto> characteristics = dbClient.permissionTemplateCharacteristicDao().selectByTemplateIds(dbSession, singletonList(template.getId())); if (projectCreatorUserId != null) { Set<String> permissionsForCurrentUserAlreadyInDb = usersPermissions.stream() .filter(userPermission -> projectCreatorUserId.equals(userPermission.getUserId())) @@ -169,8 +169,8 @@ public class PermissionTemplateService { } } - private static boolean permissionValidForProject(ComponentDto project, String permission) { - return project.isPrivate() || !ProjectPermissions.PUBLIC_PERMISSIONS.contains(permission); + private boolean permissionValidForProject(ComponentDto project, String permission) { + return project.isPrivate() || !permissionService.getPublicPermissions().contains(permission); } private static boolean groupNameValidForProject(ComponentDto project, String groupName) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionsHelper.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionsHelper.java deleted file mode 100644 index 4ad0a369d57..00000000000 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionsHelper.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2018 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ - -package org.sonar.server.permission; - -import com.google.common.base.Joiner; -import com.google.common.collect.ImmutableSet; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Set; -import org.sonar.api.resources.Qualifiers; -import org.sonar.api.resources.ResourceTypes; -import org.sonar.api.web.UserRole; -import org.sonar.core.permission.GlobalPermissions; - -public class PermissionsHelper { - - private final Set<String> allPermissions; - private final String allOnOneLine; - - public PermissionsHelper(ResourceTypes resourceTypes) { - ArrayList<String> permissions = new ArrayList<>(Arrays.asList(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, - GlobalPermissions.SCAN_EXECUTION, UserRole.USER)); - if (resourceTypes.isQualifierPresent(Qualifiers.VIEW)) { - permissions.add(UserRole.PORTFOLIO_CREATOR); - } - if (resourceTypes.isQualifierPresent(Qualifiers.APP)) { - permissions.add(UserRole.APPLICATION_CREATOR); - } - allPermissions = ImmutableSet.copyOf(permissions); - allOnOneLine = Joiner.on(", ").join(this.allPermissions); - } - - public Set<String> allPermissions() { - return allPermissions; - } - - public String allOnOneLine() { - return allOnOneLine; - } -} diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChange.java b/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChange.java index 0704b0acb55..58a2f29dfa1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChange.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChange.java @@ -27,9 +27,9 @@ public class UserPermissionChange extends PermissionChange { private final UserId userId; - public UserPermissionChange(PermissionsHelper permissionsHelper, Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId, - UserId userId) { - super(permissionsHelper, operation, organizationUuid, permission, projectId); + public UserPermissionChange(Operation operation, String organizationUuid, String permission, @Nullable ProjectId projectId, + UserId userId, PermissionService permissionService) { + super(operation, organizationUuid, permission, projectId, permissionService); this.userId = requireNonNull(userId); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java b/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java index 3886e4c33ea..0143a3be8cf 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/UserPermissionChanger.java @@ -21,7 +21,6 @@ package org.sonar.server.permission; import java.util.List; import java.util.Optional; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.permission.UserPermissionDto; @@ -37,9 +36,11 @@ import static org.sonar.server.ws.WsUtils.checkRequest; public class UserPermissionChanger { private final DbClient dbClient; + private final PermissionService permissionService; - public UserPermissionChanger(DbClient dbClient) { + public UserPermissionChanger(DbClient dbClient, PermissionService permissionService) { this.dbClient = dbClient; + this.permissionService = permissionService; } public boolean apply(DbSession dbSession, UserPermissionChange change) { @@ -57,33 +58,33 @@ public class UserPermissionChanger { } } - private static boolean isImplicitlyAlreadyDone(UserPermissionChange change) { + private boolean isImplicitlyAlreadyDone(UserPermissionChange change) { return change.getProjectId() .map(projectId -> isImplicitlyAlreadyDone(projectId, change)) .orElse(false); } - private static boolean isImplicitlyAlreadyDone(ProjectId projectId, UserPermissionChange change) { + private boolean isImplicitlyAlreadyDone(ProjectId projectId, UserPermissionChange change) { return isAttemptToAddPublicPermissionToPublicComponent(change, projectId); } - private static boolean isAttemptToAddPublicPermissionToPublicComponent(UserPermissionChange change, ProjectId projectId) { + private boolean isAttemptToAddPublicPermissionToPublicComponent(UserPermissionChange change, ProjectId projectId) { return !projectId.isPrivate() && change.getOperation() == ADD - && ProjectPermissions.PUBLIC_PERMISSIONS.contains(change.getPermission()); + && permissionService.getPublicPermissions().contains(change.getPermission()); } - private static void ensureConsistencyWithVisibility(UserPermissionChange change) { + private void ensureConsistencyWithVisibility(UserPermissionChange change) { change.getProjectId() .ifPresent(projectId -> checkRequest( !isAttemptToRemovePublicPermissionFromPublicComponent(change, projectId), "Permission %s can't be removed from a public component", change.getPermission())); } - private static boolean isAttemptToRemovePublicPermissionFromPublicComponent(UserPermissionChange change, ProjectId projectId) { + private boolean isAttemptToRemovePublicPermissionFromPublicComponent(UserPermissionChange change, ProjectId projectId) { return !projectId.isPrivate() && change.getOperation() == REMOVE - && ProjectPermissions.PUBLIC_PERMISSIONS.contains(change.getPermission()); + && permissionService.getPublicPermissions().contains(change.getPermission()); } private boolean addPermission(DbSession dbSession, UserPermissionChange change) { diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java index 2bef39de729..778ff47b5dc 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddGroupAction.java @@ -19,6 +19,7 @@ */ package org.sonar.server.permission.ws; +import com.google.common.collect.ImmutableList; import java.util.Optional; import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Response; @@ -27,14 +28,17 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.server.permission.GroupPermissionChange; import org.sonar.server.permission.PermissionChange; +import org.sonar.server.permission.PermissionService; import org.sonar.server.permission.PermissionUpdater; -import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ProjectId; import org.sonar.server.user.UserSession; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; -import static java.util.Arrays.asList; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.ws.WsParameters.createGroupIdParameter; +import static org.sonar.server.permission.ws.WsParameters.createGroupNameParameter; +import static org.sonar.server.permission.ws.WsParameters.createOrganizationParameter; +import static org.sonar.server.permission.ws.WsParameters.createProjectParameters; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; public class AddGroupAction implements PermissionsWsAction { @@ -46,16 +50,16 @@ public class AddGroupAction implements PermissionsWsAction { private final PermissionUpdater permissionUpdater; private final PermissionWsSupport wsSupport; private final WsParameters wsParameters; - private final PermissionsHelper permissionsHelper; + private final PermissionService permissionService; public AddGroupAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport, - WsParameters wsParameters, PermissionsHelper permissionsHelper) { + WsParameters wsParameters, PermissionService permissionService) { this.dbClient = dbClient; this.userSession = userSession; this.permissionUpdater = permissionUpdater; this.wsSupport = wsSupport; this.wsParameters = wsParameters; - this.permissionsHelper = permissionsHelper; + this.permissionService = permissionService; } @Override @@ -74,10 +78,10 @@ public class AddGroupAction implements PermissionsWsAction { .setHandler(this); wsParameters.createPermissionParameter(action); - WsParameters.createOrganizationParameter(action).setSince("6.2"); - WsParameters.createGroupNameParameter(action); - WsParameters.createGroupIdParameter(action); - wsParameters.createProjectParameters(action); + createOrganizationParameter(action).setSince("6.2"); + createGroupNameParameter(action); + createGroupIdParameter(action); + createProjectParameters(action); } @Override @@ -89,12 +93,11 @@ public class AddGroupAction implements PermissionsWsAction { checkProjectAdmin(userSession, group.getOrganizationUuid(), projectId); PermissionChange change = new GroupPermissionChange( - permissionsHelper, PermissionChange.Operation.ADD, request.mandatoryParam(PARAM_PERMISSION), projectId.orElse(null), - group); - permissionUpdater.apply(dbSession, asList(change)); + group, permissionService); + permissionUpdater.apply(dbSession, ImmutableList.of(change)); } response.noContent(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java index e17af158c7c..0467bd1d702 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java @@ -29,8 +29,8 @@ import org.sonar.db.component.ComponentDto; import org.sonar.db.organization.OrganizationDto; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.permission.PermissionChange; +import org.sonar.server.permission.PermissionService; import org.sonar.server.permission.PermissionUpdater; -import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ProjectId; import org.sonar.server.permission.UserId; import org.sonar.server.permission.UserPermissionChange; @@ -39,6 +39,10 @@ import org.sonar.server.user.UserSession; import static com.google.common.base.Preconditions.checkArgument; import static java.util.Collections.singletonList; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.ws.WsParameters.createOrganizationParameter; + +import static org.sonar.server.permission.ws.WsParameters.createProjectParameters; +import static org.sonar.server.permission.ws.WsParameters.createUserLoginParameter; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; @@ -54,16 +58,16 @@ public class AddUserAction implements PermissionsWsAction { private final PermissionUpdater permissionUpdater; private final PermissionWsSupport wsSupport; private final WsParameters wsParameters; - private final PermissionsHelper permissionsHelper; + private final PermissionService permissionService; - public AddUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport, WsParameters wsParameters, - PermissionsHelper permissionsHelper) { + public AddUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport, + WsParameters wsParameters, PermissionService permissionService) { this.dbClient = dbClient; this.userSession = userSession; this.permissionUpdater = permissionUpdater; this.wsSupport = wsSupport; this.wsParameters = wsParameters; - this.permissionsHelper = permissionsHelper; + this.permissionService = permissionService; } @Override @@ -81,9 +85,9 @@ public class AddUserAction implements PermissionsWsAction { .setHandler(this); wsParameters.createPermissionParameter(action); - WsParameters.createUserLoginParameter(action); - wsParameters.createProjectParameters(action); - WsParameters.createOrganizationParameter(action) + createUserLoginParameter(action); + createProjectParameters(action); + createOrganizationParameter(action) .setSince("6.2") .setDescription("Key of organization, cannot be used at the same time with %s and %s", PARAM_PROJECT_ID, PARAM_PROJECT_KEY); } @@ -105,12 +109,11 @@ public class AddUserAction implements PermissionsWsAction { checkProjectAdmin(userSession, org.getUuid(), projectId); PermissionChange change = new UserPermissionChange( - permissionsHelper, PermissionChange.Operation.ADD, org.getUuid(), request.mandatoryParam(PARAM_PERMISSION), projectId.orElse(null), - user); + user, permissionService); permissionUpdater.apply(dbSession, singletonList(change)); } response.noContent(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java index 6e63ac677ed..431313672ae 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java @@ -50,6 +50,8 @@ import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.ws.WsParameters.createOrganizationParameter; +import static org.sonar.server.permission.ws.WsParameters.createProjectParameters; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -90,9 +92,9 @@ public class GroupsAction implements PermissionsWsAction { .setDescription("Limit search to group names that contain the supplied string.") .setMinimumLength(SEARCH_QUERY_MIN_LENGTH); - WsParameters.createOrganizationParameter(action).setSince("6.2"); + createOrganizationParameter(action).setSince("6.2"); wsParameters.createPermissionParameter(action).setRequired(false); - wsParameters.createProjectParameters(action); + createProjectParameters(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsModule.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsModule.java index 9f3aec84c24..e57f460c47a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsModule.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsModule.java @@ -20,7 +20,7 @@ package org.sonar.server.permission.ws; import org.sonar.core.platform.Module; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.ws.template.AddGroupToTemplateAction; import org.sonar.server.permission.ws.template.AddProjectCreatorToTemplateAction; import org.sonar.server.permission.ws.template.AddUserToTemplateAction; @@ -68,8 +68,8 @@ public class PermissionsWsModule extends Module { BulkApplyTemplateAction.class, // utility classes PermissionWsSupport.class, - PermissionsHelper.class, - WsParameters.class, - RequestValidator.class); + PermissionServiceImpl.class, + RequestValidator.class, + WsParameters.class); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java index 4b1bb6d8c5f..515fec9e70a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveGroupAction.java @@ -27,14 +27,18 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.server.permission.GroupPermissionChange; import org.sonar.server.permission.PermissionChange; +import org.sonar.server.permission.PermissionService; import org.sonar.server.permission.PermissionUpdater; -import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ProjectId; import org.sonar.server.user.UserSession; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static java.util.Arrays.asList; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.ws.WsParameters.createGroupIdParameter; +import static org.sonar.server.permission.ws.WsParameters.createGroupNameParameter; +import static org.sonar.server.permission.ws.WsParameters.createOrganizationParameter; +import static org.sonar.server.permission.ws.WsParameters.createProjectParameters; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; public class RemoveGroupAction implements PermissionsWsAction { @@ -46,16 +50,16 @@ public class RemoveGroupAction implements PermissionsWsAction { private final PermissionUpdater permissionUpdater; private final PermissionWsSupport wsSupport; private final WsParameters wsParameters; - private final PermissionsHelper permissionsHelper; + private final PermissionService permissionService; public RemoveGroupAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport, - WsParameters wsParameters, PermissionsHelper permissionsHelper) { + WsParameters wsParameters, PermissionService permissionService) { this.dbClient = dbClient; this.userSession = userSession; this.permissionUpdater = permissionUpdater; this.wsSupport = wsSupport; this.wsParameters = wsParameters; - this.permissionsHelper = permissionsHelper; + this.permissionService = permissionService; } @Override @@ -74,10 +78,10 @@ public class RemoveGroupAction implements PermissionsWsAction { .setHandler(this); wsParameters.createPermissionParameter(action); - WsParameters.createOrganizationParameter(action).setSince("6.2"); - WsParameters.createGroupNameParameter(action); - WsParameters.createGroupIdParameter(action); - wsParameters.createProjectParameters(action); + createOrganizationParameter(action).setSince("6.2"); + createGroupNameParameter(action); + createGroupIdParameter(action); + createProjectParameters(action); } @Override @@ -89,11 +93,10 @@ public class RemoveGroupAction implements PermissionsWsAction { checkProjectAdmin(userSession, group.getOrganizationUuid(), projectId); PermissionChange change = new GroupPermissionChange( - permissionsHelper, PermissionChange.Operation.REMOVE, request.mandatoryParam(PARAM_PERMISSION), projectId.orElse(null), - group); + group, permissionService); permissionUpdater.apply(dbSession, asList(change)); } response.noContent(); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java index b5404e17830..ed43f3a09d5 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RemoveUserAction.java @@ -27,8 +27,8 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.organization.OrganizationDto; import org.sonar.server.permission.PermissionChange; +import org.sonar.server.permission.PermissionService; import org.sonar.server.permission.PermissionUpdater; -import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ProjectId; import org.sonar.server.permission.UserId; import org.sonar.server.permission.UserPermissionChange; @@ -36,6 +36,9 @@ import org.sonar.server.user.UserSession; import static java.util.Collections.singletonList; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.ws.WsParameters.createOrganizationParameter; +import static org.sonar.server.permission.ws.WsParameters.createProjectParameters; +import static org.sonar.server.permission.ws.WsParameters.createUserLoginParameter; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_USER_LOGIN; @@ -49,16 +52,16 @@ public class RemoveUserAction implements PermissionsWsAction { private final PermissionUpdater permissionUpdater; private final PermissionWsSupport wsSupport; private final WsParameters wsParameters; - private final PermissionsHelper permissionsHelper; + private final PermissionService permissionService; public RemoveUserAction(DbClient dbClient, UserSession userSession, PermissionUpdater permissionUpdater, PermissionWsSupport wsSupport, - WsParameters wsParameters, PermissionsHelper permissionsHelper) { + WsParameters wsParameters, PermissionService permissionService) { this.dbClient = dbClient; this.userSession = userSession; this.permissionUpdater = permissionUpdater; this.wsSupport = wsSupport; this.wsParameters = wsParameters; - this.permissionsHelper = permissionsHelper; + this.permissionService = permissionService; } @Override @@ -76,9 +79,9 @@ public class RemoveUserAction implements PermissionsWsAction { .setHandler(this); wsParameters.createPermissionParameter(action); - WsParameters.createUserLoginParameter(action); - wsParameters.createProjectParameters(action); - WsParameters.createOrganizationParameter(action).setSince("6.2"); + createUserLoginParameter(action); + createProjectParameters(action); + createOrganizationParameter(action).setSince("6.2"); } @Override @@ -91,12 +94,11 @@ public class RemoveUserAction implements PermissionsWsAction { checkProjectAdmin(userSession, org.getUuid(), projectId); PermissionChange change = new UserPermissionChange( - permissionsHelper, PermissionChange.Operation.REMOVE, org.getUuid(), request.mandatoryParam(PARAM_PERMISSION), projectId.orElse(null), - user); + user, permissionService); permissionUpdater.apply(dbSession, singletonList(change)); response.noContent(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RequestValidator.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RequestValidator.java index ea08ebd8a71..3744e509f5c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RequestValidator.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/RequestValidator.java @@ -20,6 +20,7 @@ package org.sonar.server.permission.ws; +import com.google.common.base.Joiner; import java.util.Set; import java.util.regex.Pattern; import java.util.regex.PatternSyntaxException; @@ -29,7 +30,7 @@ import org.sonar.api.resources.ResourceType; import org.sonar.api.resources.ResourceTypes; import org.sonar.core.permission.GlobalPermissions; import org.sonar.server.exceptions.BadRequestException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import org.sonar.server.ws.WsUtils; @@ -44,17 +45,18 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_Q public class RequestValidator { public static final String MSG_TEMPLATE_WITH_SAME_NAME = "A template with the name '%s' already exists (case insensitive)."; private static final String MSG_TEMPLATE_NAME_NOT_BLANK = "The template name must not be blank"; + private final PermissionService permissionService; + private final String allProjectsPermissionsOnOneLine; - private PermissionsHelper permissionsHelper; - - public RequestValidator(PermissionsHelper permissionsHelper) { - this.permissionsHelper = permissionsHelper; + public RequestValidator(PermissionService permissionService) { + this.permissionService = permissionService; + allProjectsPermissionsOnOneLine = Joiner.on(", ").join(permissionService.getAllProjectPermissions()); } public String validateProjectPermission(String permission) { - WsUtils.checkRequest(permissionsHelper.allPermissions().contains(permission), + WsUtils.checkRequest(permissionService.getAllProjectPermissions().contains(permission), String.format("The '%s' parameter for project permissions must be one of %s. '%s' was passed.", PARAM_PERMISSION, - permissionsHelper.allOnOneLine(), permission)); + allProjectsPermissionsOnOneLine, permission)); return permission; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java index be54259c0a7..777ea21dfc0 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java @@ -29,6 +29,7 @@ import org.sonar.db.DbSession; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.OrganizationPermission; import org.sonar.db.permission.PermissionQuery; +import org.sonar.server.permission.PermissionService; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Permissions.Permission; import org.sonarqube.ws.Permissions.WsSearchGlobalPermissionsResponse; @@ -48,12 +49,14 @@ public class SearchGlobalPermissionsAction implements PermissionsWsAction { private final UserSession userSession; private final I18n i18n; private final PermissionWsSupport wsSupport; + private final PermissionService permissionService; - public SearchGlobalPermissionsAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport wsSupport) { + public SearchGlobalPermissionsAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport wsSupport, PermissionService permissionService) { this.dbClient = dbClient; this.userSession = userSession; this.i18n = i18n; this.wsSupport = wsSupport; + this.permissionService = permissionService; } @Override @@ -84,7 +87,7 @@ public class SearchGlobalPermissionsAction implements PermissionsWsAction { WsSearchGlobalPermissionsResponse.Builder response = WsSearchGlobalPermissionsResponse.newBuilder(); Permission.Builder permission = newBuilder(); - OrganizationPermission.all() + permissionService.getAllOrganizationPermissions().stream() .map(OrganizationPermission::getKey) .forEach(permissionKey -> { PermissionQuery query = permissionQuery(permissionKey, org); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java index bda991702f4..496b915be44 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchProjectPermissionsAction.java @@ -42,7 +42,7 @@ import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentQuery; import org.sonar.db.permission.CountPerProjectPermission; import org.sonar.server.permission.PermissionPrivilegeChecker; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; import org.sonar.server.permission.ProjectId; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Common; @@ -54,6 +54,7 @@ import static java.util.Collections.singletonList; import static org.sonar.api.utils.Paging.forPageIndex; import static org.sonar.server.permission.ws.ProjectWsRef.newOptionalWsProjectRef; import static org.sonar.server.permission.ws.SearchProjectPermissionsData.newBuilder; +import static org.sonar.server.permission.ws.WsParameters.createProjectParameters; import static org.sonar.server.ws.WsParameterBuilder.QualifierParameterContext.newQualifierParameterContext; import static org.sonar.server.ws.WsParameterBuilder.createRootQualifierParameter; import static org.sonar.server.ws.WsUtils.writeProtobuf; @@ -71,19 +72,17 @@ public class SearchProjectPermissionsAction implements PermissionsWsAction { private final ResourceTypes resourceTypes; private final PermissionWsSupport wsSupport; private final String[] rootQualifiers; - private final WsParameters wsParameters; - private final PermissionsHelper permissionsHelper; + private final PermissionService permissionService; public SearchProjectPermissionsAction(DbClient dbClient, UserSession userSession, I18n i18n, ResourceTypes resourceTypes, - PermissionWsSupport wsSupport, WsParameters wsParameters, PermissionsHelper permissionsHelper) { + PermissionWsSupport wsSupport, PermissionService permissionService) { this.dbClient = dbClient; this.userSession = userSession; this.i18n = i18n; this.resourceTypes = resourceTypes; this.wsSupport = wsSupport; this.rootQualifiers = Collections2.transform(resourceTypes.getRoots(), ResourceType::getQualifier).toArray(new String[resourceTypes.getRoots().size()]); - this.wsParameters = wsParameters; - this.permissionsHelper = permissionsHelper; + this.permissionService = permissionService; } @Override @@ -107,7 +106,7 @@ public class SearchProjectPermissionsAction implements PermissionsWsAction { "<li>project keys that are exactly the same as the supplied string</li>" + "</ul>") .setExampleValue("apac"); - wsParameters.createProjectParameters(action); + createProjectParameters(action); createRootQualifierParameter(action, newQualifierParameterContext(i18n, resourceTypes)) .setSince("5.3"); } @@ -170,7 +169,7 @@ public class SearchProjectPermissionsAction implements PermissionsWsAction { response.addProjects(rootComponentBuilder); } - for (String permissionKey : permissionsHelper.allPermissions()) { + for (String permissionKey : permissionService.getAllProjectPermissions()) { response.addPermissions( permissionResponse .clear() diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java index 8decca73a3c..1a5a9b8310d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java @@ -50,6 +50,9 @@ import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; +import static org.sonar.server.permission.ws.RequestValidator.validateGlobalPermission; +import static org.sonar.server.permission.ws.WsParameters.createOrganizationParameter; +import static org.sonar.server.permission.ws.WsParameters.createProjectParameters; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -60,16 +63,17 @@ public class UsersAction implements PermissionsWsAction { private final UserSession userSession; private final PermissionWsSupport wsSupport; private final AvatarResolver avatarResolver; - private final RequestValidator requestValidator; private final WsParameters wsParameters; + private final RequestValidator requestValidator; - public UsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, AvatarResolver avatarResolver, RequestValidator requestValidator, WsParameters wsParameters) { + public UsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, AvatarResolver avatarResolver, WsParameters wsParameters, + RequestValidator requestValidator) { this.dbClient = dbClient; this.userSession = userSession; this.wsSupport = wsSupport; this.avatarResolver = avatarResolver; - this.requestValidator = requestValidator; this.wsParameters = wsParameters; + this.requestValidator = requestValidator; } @Override @@ -96,9 +100,9 @@ public class UsersAction implements PermissionsWsAction { .setDescription("Limit search to user names that contain the supplied string. <br/>") .setExampleValue("eri"); - WsParameters.createOrganizationParameter(action).setSince("6.2"); + createOrganizationParameter(action).setSince("6.2"); wsParameters.createPermissionParameter(action).setRequired(false); - wsParameters.createProjectParameters(action); + createProjectParameters(action); } @Override @@ -132,7 +136,7 @@ public class UsersAction implements PermissionsWsAction { if (project.isPresent()) { requestValidator.validateProjectPermission(permission); } else { - RequestValidator.validateGlobalPermission(permission); + validateGlobalPermission(permission); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/WsParameters.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/WsParameters.java index 8c730622d20..50443684745 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/WsParameters.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/WsParameters.java @@ -20,10 +20,11 @@ package org.sonar.server.permission.ws; +import com.google.common.base.Joiner; import org.sonar.api.server.ws.WebService; import org.sonar.core.permission.GlobalPermissions; import org.sonar.core.util.Uuids; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_DESCRIPTION; @@ -40,24 +41,26 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_T import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_USER_LOGIN; public class WsParameters { - private PermissionsHelper permissionsHelper; private final String permissionParamDescription; private final String projectPermissionParamDescription; - public WsParameters(PermissionsHelper permissionsHelper) { - this.permissionsHelper = permissionsHelper; + private final PermissionService permissionService; + + public WsParameters(PermissionService permissionService) { + this.permissionService = permissionService; + String allProjectsPermissionsOnOneLine = Joiner.on(", ").join(permissionService.getAllProjectPermissions()); permissionParamDescription = String.format("Permission" + "<ul>" + "<li>Possible values for global permissions: %s</li>" + "<li>Possible values for project permissions %s</li>" + "</ul>", GlobalPermissions.ALL_ON_ONE_LINE, - permissionsHelper.allOnOneLine()); + allProjectsPermissionsOnOneLine); projectPermissionParamDescription = String.format("Permission" + "<ul>" + "<li>Possible values for project permissions %s</li>" + "</ul>", - permissionsHelper.allOnOneLine()); + allProjectsPermissionsOnOneLine); } public WebService.NewParam createPermissionParameter(WebService.NewAction action) { @@ -69,7 +72,7 @@ public class WsParameters { public WebService.NewParam createProjectPermissionParameter(WebService.NewAction action, boolean required) { return action.createParam(PARAM_PERMISSION) .setDescription(projectPermissionParamDescription) - .setPossibleValues(permissionsHelper.allPermissions()) + .setPossibleValues(permissionService.getAllProjectPermissions()) .setRequired(required); } @@ -96,7 +99,7 @@ public class WsParameters { .setExampleValue("42"); } - public void createProjectParameters(WebService.NewAction action) { + public static void createProjectParameters(WebService.NewAction action) { action.createParam(PARAM_PROJECT_ID) .setDescription("Project id") .setExampleValue("ce4c03d6-430f-40a9-b777-ad877c00aa4d"); diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java index 74b4dc90375..ef676e99298 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java @@ -34,6 +34,9 @@ import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static java.lang.String.format; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; +import static org.sonar.server.permission.ws.WsParameters.createGroupIdParameter; +import static org.sonar.server.permission.ws.WsParameters.createGroupNameParameter; +import static org.sonar.server.permission.ws.WsParameters.createTemplateParameters; import static org.sonar.server.permission.ws.template.WsTemplateRef.fromRequest; import static org.sonar.server.ws.WsUtils.checkRequest; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -62,10 +65,10 @@ public class AddGroupToTemplateAction implements PermissionsWsAction { "Requires the following permission: 'Administer System'.") .setHandler(this); - WsParameters.createTemplateParameters(action); + createTemplateParameters(action); wsParameters.createProjectPermissionParameter(action); - WsParameters.createGroupIdParameter(action); - WsParameters.createGroupNameParameter(action); + createGroupIdParameter(action); + createGroupNameParameter(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java index 59d68421bf1..ddd8aa6a720 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateAction.java @@ -38,6 +38,7 @@ import org.sonar.server.user.UserSession; import static java.util.Objects.requireNonNull; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; +import static org.sonar.server.permission.ws.WsParameters.createTemplateParameters; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; @@ -48,17 +49,17 @@ public class AddProjectCreatorToTemplateAction implements PermissionsWsAction { private final PermissionWsSupport wsSupport; private final UserSession userSession; private final System2 system; - private final RequestValidator requestValidator; private final WsParameters wsParameters; + private final RequestValidator requestValidator; - public AddProjectCreatorToTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system, RequestValidator requestValidator, - WsParameters wsParameters) { + public AddProjectCreatorToTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system, + WsParameters wsParameters, RequestValidator requestValidator) { this.dbClient = dbClient; this.wsSupport = wsSupport; this.userSession = userSession; this.system = system; - this.requestValidator = requestValidator; this.wsParameters = wsParameters; + this.requestValidator = requestValidator; } private AddProjectCreatorToTemplateRequest toWsRequest(Request request) { @@ -81,7 +82,7 @@ public class AddProjectCreatorToTemplateAction implements PermissionsWsAction { .setPost(true) .setHandler(this); - WsParameters.createTemplateParameters(action); + createTemplateParameters(action); wsParameters.createProjectPermissionParameter(action); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java index 56fc8134918..6c6f5c6ff4a 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java @@ -38,6 +38,8 @@ import org.sonar.server.user.UserSession; import static java.util.Objects.requireNonNull; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; +import static org.sonar.server.permission.ws.WsParameters.createTemplateParameters; +import static org.sonar.server.permission.ws.WsParameters.createUserLoginParameter; import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -77,9 +79,9 @@ public class AddUserToTemplateAction implements PermissionsWsAction { "Requires the following permission: 'Administer System'.") .setHandler(this); - WsParameters.createTemplateParameters(action); + createTemplateParameters(action); wsParameters.createProjectPermissionParameter(action); - WsParameters.createUserLoginParameter(action); + createUserLoginParameter(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java index f313eb2eaac..953b2e5fcc8 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/ApplyTemplateAction.java @@ -32,11 +32,12 @@ import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.permission.PermissionTemplateService; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; -import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.user.UserSession; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; import static org.sonar.server.permission.ws.ProjectWsRef.newWsProjectRef; +import static org.sonar.server.permission.ws.WsParameters.createProjectParameters; +import static org.sonar.server.permission.ws.WsParameters.createTemplateParameters; import static org.sonar.server.permission.ws.template.WsTemplateRef.newTemplateRef; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID; @@ -49,15 +50,13 @@ public class ApplyTemplateAction implements PermissionsWsAction { private final UserSession userSession; private final PermissionTemplateService permissionTemplateService; private final PermissionWsSupport wsSupport; - private final WsParameters wsParameters; public ApplyTemplateAction(DbClient dbClient, UserSession userSession, PermissionTemplateService permissionTemplateService, - PermissionWsSupport wsSupport, WsParameters wsParameters) { + PermissionWsSupport wsSupport) { this.dbClient = dbClient; this.userSession = userSession; this.permissionTemplateService = permissionTemplateService; this.wsSupport = wsSupport; - this.wsParameters = wsParameters; } private static ApplyTemplateRequest toApplyTemplateWsRequest(Request request) { @@ -80,8 +79,8 @@ public class ApplyTemplateAction implements PermissionsWsAction { .setSince("5.2") .setHandler(this); - WsParameters.createTemplateParameters(action); - wsParameters.createProjectParameters(action); + createTemplateParameters(action); + createProjectParameters(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java index be83365bfb9..4b4e9a8b95b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateAction.java @@ -33,6 +33,9 @@ import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import static com.google.common.base.Preconditions.checkArgument; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; +import static org.sonar.server.permission.ws.WsParameters.createGroupIdParameter; +import static org.sonar.server.permission.ws.WsParameters.createGroupNameParameter; +import static org.sonar.server.permission.ws.WsParameters.createTemplateParameters; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; public class RemoveGroupFromTemplateAction implements PermissionsWsAction { @@ -59,10 +62,10 @@ public class RemoveGroupFromTemplateAction implements PermissionsWsAction { "Requires the following permission: 'Administer System'.") .setHandler(this); - WsParameters.createTemplateParameters(action); + createTemplateParameters(action); wsParameters.createProjectPermissionParameter(action); - WsParameters.createGroupIdParameter(action); - WsParameters.createGroupNameParameter(action); + createGroupIdParameter(action); + createGroupNameParameter(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java index 630966d414e..b53a64cc9d4 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateAction.java @@ -38,6 +38,7 @@ import org.sonar.server.user.UserSession; import static java.util.Objects.requireNonNull; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; +import static org.sonar.server.permission.ws.WsParameters.createTemplateParameters; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; @@ -48,17 +49,16 @@ public class RemoveProjectCreatorFromTemplateAction implements PermissionsWsActi private final PermissionWsSupport wsSupport; private final UserSession userSession; private final System2 system; - private final RequestValidator requestValidator; private final WsParameters wsParameters; + private final RequestValidator requestValidator; - public RemoveProjectCreatorFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system, - RequestValidator requestValidator, WsParameters wsParameters) { + public RemoveProjectCreatorFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, System2 system, WsParameters wsParameters, RequestValidator requestValidator) { this.dbClient = dbClient; this.wsSupport = wsSupport; this.userSession = userSession; this.system = system; - this.requestValidator = requestValidator; this.wsParameters = wsParameters; + this.requestValidator = requestValidator; } private RemoveProjectCreatorFromTemplateRequest toWsRequest(Request request) { @@ -81,7 +81,7 @@ public class RemoveProjectCreatorFromTemplateAction implements PermissionsWsActi .setPost(true) .setHandler(this); - WsParameters.createTemplateParameters(action); + createTemplateParameters(action); wsParameters.createProjectPermissionParameter(action); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java index 8004f97815a..933d7f1eaaf 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateAction.java @@ -36,6 +36,8 @@ import org.sonar.server.user.UserSession; import static java.util.Objects.requireNonNull; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; +import static org.sonar.server.permission.ws.WsParameters.createTemplateParameters; +import static org.sonar.server.permission.ws.WsParameters.createUserLoginParameter; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID; @@ -46,15 +48,15 @@ public class RemoveUserFromTemplateAction implements PermissionsWsAction { private final DbClient dbClient; private final PermissionWsSupport wsSupport; private final UserSession userSession; - private final RequestValidator requestValidator; private final WsParameters wsParameters; + private final RequestValidator requestValidator; - public RemoveUserFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, RequestValidator requestValidator, WsParameters wsParameters) { + public RemoveUserFromTemplateAction(DbClient dbClient, PermissionWsSupport wsSupport, UserSession userSession, WsParameters wsParameters, RequestValidator requestValidator) { this.dbClient = dbClient; this.wsSupport = wsSupport; this.userSession = userSession; - this.requestValidator = requestValidator; this.wsParameters = wsParameters; + this.requestValidator = requestValidator; } private static RemoveUserFromTemplateRequest toRemoveUserFromTemplateWsRequest(Request request) { @@ -76,9 +78,9 @@ public class RemoveUserFromTemplateAction implements PermissionsWsAction { "Requires the following permission: 'Administer System'.") .setHandler(this); - WsParameters.createTemplateParameters(action); + createTemplateParameters(action); wsParameters.createProjectPermissionParameter(action); - WsParameters.createUserLoginParameter(action); + createUserLoginParameter(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java index a1e0f1e0795..4047fb5a42e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/SearchTemplatesAction.java @@ -39,7 +39,7 @@ import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.template.CountByTemplateAndPermissionDto; import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto; import org.sonar.db.permission.template.PermissionTemplateDto; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.permission.ws.PermissionsWsAction; import org.sonar.server.permission.ws.WsParameters; @@ -67,15 +67,16 @@ public class SearchTemplatesAction implements PermissionsWsAction { private final I18n i18n; private final PermissionWsSupport wsSupport; private final DefaultTemplatesResolver defaultTemplatesResolver; - private final PermissionsHelper permissionsHelper; + private final PermissionService permissionService; - public SearchTemplatesAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport wsSupport, DefaultTemplatesResolver defaultTemplatesResolver, PermissionsHelper permissionsHelper) { + public SearchTemplatesAction(DbClient dbClient, UserSession userSession, I18n i18n, PermissionWsSupport wsSupport, + DefaultTemplatesResolver defaultTemplatesResolver, PermissionService permissionService) { this.dbClient = dbClient; this.userSession = userSession; this.i18n = i18n; this.wsSupport = wsSupport; this.defaultTemplatesResolver = defaultTemplatesResolver; - this.permissionsHelper = permissionsHelper; + this.permissionService = permissionService; } @Override @@ -134,7 +135,7 @@ public class SearchTemplatesAction implements PermissionsWsAction { .setUpdatedAt(formatDateTime(templateDto.getUpdatedAt())); setNullable(templateDto.getKeyPattern(), templateBuilder::setProjectKeyPattern); setNullable(templateDto.getDescription(), templateBuilder::setDescription); - for (String permission : permissionsHelper.allPermissions()) { + for (String permission : permissionService.getAllProjectPermissions()) { templateBuilder.addPermissions( permissionResponse .clear() @@ -159,7 +160,7 @@ public class SearchTemplatesAction implements PermissionsWsAction { private void buildPermissionsResponse(SearchTemplatesWsResponse.Builder response) { Permission.Builder permissionResponse = Permission.newBuilder(); - for (String permissionKey : permissionsHelper.allPermissions()) { + for (String permissionKey : permissionService.getAllProjectPermissions()) { response.addPermissions( permissionResponse .clear() diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java index c2d106faa75..58524490c86 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java @@ -50,6 +50,7 @@ import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; +import static org.sonar.server.permission.ws.WsParameters.createTemplateParameters; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -57,15 +58,15 @@ public class TemplateGroupsAction implements PermissionsWsAction { private final DbClient dbClient; private final UserSession userSession; private final PermissionWsSupport wsSupport; - private final RequestValidator requestValidator; private final WsParameters wsParameters; + private final RequestValidator requestValidator; - public TemplateGroupsAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, RequestValidator requestValidator, WsParameters wsParameters) { + public TemplateGroupsAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, WsParameters wsParameters, RequestValidator requestValidator) { this.dbClient = dbClient; this.userSession = userSession; this.wsSupport = wsSupport; - this.requestValidator = requestValidator; this.wsParameters = wsParameters; + this.requestValidator = requestValidator; } @Override @@ -87,7 +88,7 @@ public class TemplateGroupsAction implements PermissionsWsAction { .setExampleValue("eri"); wsParameters.createProjectPermissionParameter(action, false); - WsParameters.createTemplateParameters(action); + createTemplateParameters(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java index 88544a0fd12..288c1a3243d 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java @@ -53,6 +53,7 @@ import static org.sonar.db.permission.PermissionQuery.DEFAULT_PAGE_SIZE; import static org.sonar.db.permission.PermissionQuery.RESULTS_MAX_SIZE; import static org.sonar.db.permission.PermissionQuery.SEARCH_QUERY_MIN_LENGTH; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin; +import static org.sonar.server.permission.ws.WsParameters.createTemplateParameters; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION; @@ -62,16 +63,17 @@ public class TemplateUsersAction implements PermissionsWsAction { private final UserSession userSession; private final PermissionWsSupport wsSupport; private final AvatarResolver avatarResolver; - private final RequestValidator requestValidator; private final WsParameters wsParameters; + private final RequestValidator requestValidator; - public TemplateUsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, AvatarResolver avatarResolver, RequestValidator requestValidator, WsParameters wsParameters) { + public TemplateUsersAction(DbClient dbClient, UserSession userSession, PermissionWsSupport wsSupport, AvatarResolver avatarResolver, + WsParameters wsParameters, RequestValidator requestValidator) { this.dbClient = dbClient; this.userSession = userSession; this.wsSupport = wsSupport; this.avatarResolver = avatarResolver; - this.requestValidator = requestValidator; this.wsParameters = wsParameters; + this.requestValidator = requestValidator; } @Override @@ -93,7 +95,7 @@ public class TemplateUsersAction implements PermissionsWsAction { "When this parameter is not set, only users having at least one permission are returned.") .setExampleValue("eri"); wsParameters.createProjectPermissionParameter(action).setRequired(false); - WsParameters.createTemplateParameters(action); + createTemplateParameters(action); } @Override diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/UpdateVisibilityAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/UpdateVisibilityAction.java index 8474aef2e05..8103fe582d7 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/UpdateVisibilityAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/UpdateVisibilityAction.java @@ -37,13 +37,13 @@ import org.sonar.db.permission.UserPermissionDto; import org.sonar.server.component.ComponentFinder; import org.sonar.server.es.ProjectIndexer; import org.sonar.server.es.ProjectIndexers; +import org.sonar.server.permission.PermissionService; import org.sonar.server.project.Visibility; import org.sonar.server.user.UserSession; import org.sonarqube.ws.client.project.ProjectsWsParameters; import static java.lang.String.format; import static java.util.Collections.singletonList; -import static org.sonar.core.permission.ProjectPermissions.PUBLIC_PERMISSIONS; import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001; import static org.sonar.server.ws.WsUtils.checkRequest; import static org.sonarqube.ws.client.project.ProjectsWsParameters.PARAM_PROJECT; @@ -57,14 +57,16 @@ public class UpdateVisibilityAction implements ProjectsWsAction { private final UserSession userSession; private final ProjectIndexers projectIndexers; private final ProjectsWsSupport projectsWsSupport; + private final PermissionService permissionService; public UpdateVisibilityAction(DbClient dbClient, ComponentFinder componentFinder, UserSession userSession, - ProjectIndexers projectIndexers, ProjectsWsSupport projectsWsSupport) { + ProjectIndexers projectIndexers, ProjectsWsSupport projectsWsSupport, PermissionService permissionService) { this.dbClient = dbClient; this.componentFinder = componentFinder; this.userSession = userSession; this.projectIndexers = projectIndexers; this.projectsWsSupport = projectsWsSupport; + this.permissionService = permissionService; } public void define(WebService.NewController context) { @@ -134,7 +136,7 @@ public class UpdateVisibilityAction implements ProjectsWsAction { // delete project permissions for group AnyOne dbClient.groupPermissionDao().deleteByRootComponentIdAndGroupId(dbSession, component.getId(), null); // grant UserRole.CODEVIEWER and UserRole.USER to any group or user with at least one permission on project - PUBLIC_PERMISSIONS.forEach(permission -> { + permissionService.getPublicPermissions().forEach(permission -> { dbClient.groupPermissionDao().selectGroupIdsWithPermissionOnProjectBut(dbSession, component.getId(), permission) .forEach(groupId -> insertProjectPermissionOnGroup(dbSession, component, permission, groupId)); dbClient.userPermissionDao().selectUserIdsWithPermissionOnProjectBut(dbSession, component.getId(), permission) @@ -155,7 +157,7 @@ public class UpdateVisibilityAction implements ProjectsWsAction { } private void updatePermissionsToPublic(DbSession dbSession, ComponentDto component) { - PUBLIC_PERMISSIONS.forEach(permission -> { + permissionService.getPublicPermissions().forEach(permission -> { // delete project group permission for UserRole.CODEVIEWER and UserRole.USER dbClient.groupPermissionDao().deleteByRootComponentIdAndPermission(dbSession, component.getId(), permission); // delete project user permission for UserRole.CODEVIEWER and UserRole.USER diff --git a/server/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java b/server/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java index 042720ab282..a563842698c 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java +++ b/server/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java @@ -19,8 +19,6 @@ */ package org.sonar.server.startup; -import java.util.Date; -import java.util.Optional; import org.sonar.api.security.DefaultGroups; import org.sonar.api.utils.log.Logger; import org.sonar.api.utils.log.Loggers; @@ -29,10 +27,14 @@ import org.sonar.api.web.UserRole; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.organization.DefaultTemplates; +import org.sonar.db.permission.OrganizationPermission; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.db.user.GroupDto; import org.sonar.server.organization.DefaultOrganizationProvider; +import java.util.Date; +import java.util.Optional; + import static java.lang.String.format; public class RegisterPermissionTemplates { @@ -95,8 +97,8 @@ public class RegisterPermissionTemplates { insertGroupPermission(dbSession, template, UserRole.ADMIN, admins.get()); insertGroupPermission(dbSession, template, UserRole.ISSUE_ADMIN, admins.get()); insertGroupPermission(dbSession, template, UserRole.SECURITYHOTSPOT_ADMIN, admins.get()); - insertGroupPermission(dbSession, template, UserRole.APPLICATION_CREATOR, admins.get()); - insertGroupPermission(dbSession, template, UserRole.PORTFOLIO_CREATOR, admins.get()); + insertGroupPermission(dbSession, template, OrganizationPermission.APPLICATION_CREATOR.getKey(), admins.get()); + insertGroupPermission(dbSession, template, OrganizationPermission.PORTFOLIO_CREATOR.getKey(), admins.get()); } else { LOG.error("Cannot setup default permission for group: " + DefaultGroups.ADMINISTRATORS); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java index 96bd9974b2f..373851b83f1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/AbstractUserSession.java @@ -19,13 +19,15 @@ */ package org.sonar.server.user; +import com.google.common.collect.ImmutableSet; import java.util.ArrayList; import java.util.Collection; import java.util.List; import java.util.Optional; +import java.util.Set; import javax.annotation.CheckForNull; import javax.annotation.Nullable; -import org.sonar.core.permission.ProjectPermissions; +import org.sonar.api.web.UserRole; import org.sonar.core.util.stream.MoreCollectors; import org.sonar.db.component.ComponentDto; import org.sonar.db.organization.OrganizationDto; @@ -38,6 +40,7 @@ import static java.lang.String.format; import static org.apache.commons.lang.StringUtils.defaultString; public abstract class AbstractUserSession implements UserSession { + private static final Set<String> PUBLIC_PERMISSIONS = ImmutableSet.of(UserRole.USER, UserRole.CODEVIEWER); // FIXME to check with Simon private static final String INSUFFICIENT_PRIVILEGES_MESSAGE = "Insufficient privileges"; private static final String AUTHENTICATION_IS_REQUIRED_MESSAGE = "Authentication is required"; @@ -138,7 +141,7 @@ public abstract class AbstractUserSession implements UserSession { * Naive implementation, to be overridden if needed */ protected List<ComponentDto> doKeepAuthorizedComponents(String permission, Collection<ComponentDto> components) { - boolean allowPublicComponent = ProjectPermissions.PUBLIC_PERMISSIONS.contains(permission); + boolean allowPublicComponent = PUBLIC_PERMISSIONS.contains(permission); return components.stream() .filter(c -> (allowPublicComponent && !c.isPrivate()) || hasComponentPermission(permission, c)) .collect(MoreCollectors.toList()); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java index 693d4fe353c..563042db0ed 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java @@ -32,7 +32,6 @@ import java.util.Optional; import java.util.Set; import javax.annotation.CheckForNull; import javax.annotation.Nullable; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.core.util.stream.MoreCollectors; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -44,6 +43,7 @@ import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.organization.OrganizationFlags; +import org.sonar.server.permission.PermissionService; import static java.util.Objects.requireNonNull; import static java.util.Optional.of; @@ -62,16 +62,18 @@ public class ServerUserSession extends AbstractUserSession { private final Supplier<Collection<GroupDto>> groups = Suppliers.memoize(this::loadGroups); private final Supplier<Boolean> isSystemAdministratorSupplier = Suppliers.memoize(this::loadIsSystemAdministrator); private final Map<String, String> projectUuidByComponentUuid = new HashMap<>(); + private final PermissionService permissionService; private Map<String, Set<OrganizationPermission>> permissionsByOrganizationUuid; private Map<String, Set<String>> permissionsByProjectUuid; private Set<String> organizationMembership = new HashSet<>(); ServerUserSession(DbClient dbClient, OrganizationFlags organizationFlags, - DefaultOrganizationProvider defaultOrganizationProvider, @Nullable UserDto userDto) { + DefaultOrganizationProvider defaultOrganizationProvider, @Nullable UserDto userDto, PermissionService permissionService) { this.dbClient = dbClient; this.organizationFlags = organizationFlags; this.defaultOrganizationProvider = defaultOrganizationProvider; this.userDto = userDto; + this.permissionService = permissionService; } private Collection<GroupDto> loadGroups() { @@ -198,7 +200,7 @@ public class ServerUserSession extends AbstractUserSession { return loadDbPermissions(dbSession, projectUuid); } ImmutableSet.Builder<String> builder = ImmutableSet.builder(); - builder.addAll(ProjectPermissions.PUBLIC_PERMISSIONS); + builder.addAll(permissionService.getPublicPermissions()); builder.addAll(loadDbPermissions(dbSession, projectUuid)); return builder.build(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSessionFactoryImpl.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSessionFactoryImpl.java index e50a32dde9b..dac7bd4a5c3 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSessionFactoryImpl.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSessionFactoryImpl.java @@ -24,6 +24,7 @@ import org.sonar.db.DbClient; import org.sonar.db.user.UserDto; import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.organization.OrganizationFlags; +import org.sonar.server.permission.PermissionService; import static java.util.Objects.requireNonNull; @@ -33,22 +34,24 @@ public class UserSessionFactoryImpl implements UserSessionFactory { private final DbClient dbClient; private final DefaultOrganizationProvider defaultOrganizationProvider; private final OrganizationFlags organizationFlags; + private final PermissionService permissionService; public UserSessionFactoryImpl(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider, - OrganizationFlags organizationFlags) { + OrganizationFlags organizationFlags, PermissionService permissionService) { this.dbClient = dbClient; this.defaultOrganizationProvider = defaultOrganizationProvider; this.organizationFlags = organizationFlags; + this.permissionService = permissionService; } @Override public ServerUserSession create(UserDto user) { requireNonNull(user, "UserDto must not be null"); - return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, user); + return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, user, permissionService); } @Override public ServerUserSession createAnonymous() { - return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, null); + return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, null, permissionService); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java index 796195825f8..9ba876f3538 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CurrentAction.java @@ -35,6 +35,7 @@ import org.sonar.db.permission.OrganizationPermission; import org.sonar.db.user.UserDto; import org.sonar.server.issue.ws.AvatarResolver; import org.sonar.server.organization.DefaultOrganizationProvider; +import org.sonar.server.permission.PermissionService; import org.sonar.server.user.UserSession; import org.sonarqube.ws.Users.CurrentWsResponse; @@ -67,15 +68,17 @@ public class CurrentAction implements UsersWsAction { private final AvatarResolver avatarResolver; private final HomepageTypes homepageTypes; private final PluginRepository pluginRepository; + private final PermissionService permissionService; public CurrentAction(UserSession userSession, DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider, - AvatarResolver avatarResolver, HomepageTypes homepageTypes, PluginRepository pluginRepository) { + AvatarResolver avatarResolver, HomepageTypes homepageTypes, PluginRepository pluginRepository, PermissionService permissionService) { this.userSession = userSession; this.dbClient = dbClient; this.defaultOrganizationProvider = defaultOrganizationProvider; this.avatarResolver = avatarResolver; this.homepageTypes = homepageTypes; this.pluginRepository = pluginRepository; + this.permissionService = permissionService; } @Override @@ -130,7 +133,7 @@ public class CurrentAction implements UsersWsAction { private List<String> getGlobalPermissions() { String defaultOrganizationUuid = defaultOrganizationProvider.get().getUuid(); - return OrganizationPermission.all() + return permissionService.getAllOrganizationPermissions().stream() .filter(permission -> userSession.hasPermission(permission, defaultOrganizationUuid)) .map(OrganizationPermission::getKey) .collect(toList()); diff --git a/server/sonar-server/src/main/resources/org/sonar/server/permission/ws/template/search_templates-example-with-views.json b/server/sonar-server/src/main/resources/org/sonar/server/permission/ws/template/search_templates-example-with-views.json new file mode 100644 index 00000000000..5b7fe843d82 --- /dev/null +++ b/server/sonar-server/src/main/resources/org/sonar/server/permission/ws/template/search_templates-example-with-views.json @@ -0,0 +1,129 @@ +{ + "permissionTemplates": [ + { + "id": "AU-Tpxb--iU5OvuD2FLy", + "name": "Default template for Projects", + "description": "Template for new projects", + "createdAt": "2001-09-09T03:46:40+0200", + "updatedAt": "2001-09-09T03:46:40+0200", + "permissions": [ + { + "key": "admin", + "usersCount": 0, + "groupsCount": 1, + "withProjectCreator": true + }, + { + "key": "codeviewer", + "usersCount": 1, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "issueadmin", + "usersCount": 3, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "securityhotspotadmin", + "usersCount": 0, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "scan", + "usersCount": 0, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "user", + "usersCount": 0, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "applicationcreator", + "usersCount": 0, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "portfoliocreator", + "usersCount": 0, + "groupsCount": 0, + "withProjectCreator": false + } + ] + }, + { + "id": "AU-TpxcA-iU5OvuD2FLz", + "name": "Default template for Views", + "description": "Template for new views", + "projectKeyPattern": ".*sonar.views.*", + "createdAt": "2001-09-09T03:46:40+0200", + "updatedAt": "2004-11-09T12:33:20+0100", + "permissions": [ + { + "key": "admin", + "usersCount": 0, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "codeviewer", + "usersCount": 0, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "issueadmin", + "usersCount": 0, + "groupsCount": 3, + "withProjectCreator": false + }, + { + "key": "securityhotspotadmin", + "usersCount": 0, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "scan", + "usersCount": 0, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "user", + "usersCount": 2, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "applicationcreator", + "usersCount": 0, + "groupsCount": 0, + "withProjectCreator": false + }, + { + "key": "portfoliocreator", + "usersCount": 0, + "groupsCount": 0, + "withProjectCreator": false + } + ] + } + ], + "defaultTemplates": [ + { + "templateId": "AU-Tpxb--iU5OvuD2FLy", + "qualifier": "TRK" + }, + { + "templateId": "AU-TpxcA-iU5OvuD2FLz", + "qualifier": "VW" + } + ] +} diff --git a/server/sonar-server/src/main/resources/org/sonar/server/permission/ws/template/search_templates-example.json b/server/sonar-server/src/main/resources/org/sonar/server/permission/ws/template/search_templates-example-without-views.json index b5f0d50a8e1..079d13f806d 100644 --- a/server/sonar-server/src/main/resources/org/sonar/server/permission/ws/template/search_templates-example.json +++ b/server/sonar-server/src/main/resources/org/sonar/server/permission/ws/template/search_templates-example-without-views.json @@ -96,10 +96,6 @@ { "templateId": "AU-Tpxb--iU5OvuD2FLy", "qualifier": "TRK" - }, - { - "templateId": "AU-TpxcA-iU5OvuD2FLz", - "qualifier": "VW" } ] } diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorImplTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorImplTest.java index bee36526a43..3593f9f1bef 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorImplTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorImplTest.java @@ -25,12 +25,15 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.config.internal.MapSettings; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.server.authentication.UserIdentity; import org.sonar.api.utils.System2; import org.sonar.api.utils.internal.AlwaysIncreasingSystem2; import org.sonar.core.util.UuidFactoryFast; import org.sonar.core.util.stream.MoreCollectors; import org.sonar.db.DbTester; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; @@ -47,6 +50,8 @@ import org.sonar.server.organization.OrganizationUpdaterImpl; import org.sonar.server.organization.OrganizationValidationImpl; import org.sonar.server.organization.TestDefaultOrganizationProvider; import org.sonar.server.organization.TestOrganizationFlags; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.user.NewUserNotifier; import org.sonar.server.user.UserUpdater; import org.sonar.server.user.index.UserIndexer; @@ -104,9 +109,12 @@ public class UserIdentityAuthenticatorImplTest { settings.asConfig(), localAuthentication); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private UserIdentityAuthenticatorImpl underTest = new UserIdentityAuthenticatorImpl(db.getDbClient(), userUpdater, defaultOrganizationProvider, organizationFlags, new OrganizationUpdaterImpl(db.getDbClient(), mock(System2.class), UuidFactoryFast.getInstance(), - new OrganizationValidationImpl(), settings.asConfig(), null, null, null), + new OrganizationValidationImpl(), settings.asConfig(), null, null, null, permissionService), new DefaultGroupFinder(db.getDbClient())); @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/OrganizationUpdaterImplTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/OrganizationUpdaterImplTest.java index b33a585b6c3..b9d51fbedf7 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/OrganizationUpdaterImplTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/OrganizationUpdaterImplTest.java @@ -27,6 +27,8 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.config.internal.MapSettings; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.utils.System2; import org.sonar.api.utils.internal.TestSystem2; import org.sonar.api.web.UserRole; @@ -37,6 +39,7 @@ import org.sonar.core.util.UuidFactory; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.DefaultTemplates; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.organization.OrganizationDto.Subscription; @@ -52,6 +55,8 @@ import org.sonar.db.user.UserMembershipDto; import org.sonar.db.user.UserMembershipQuery; import org.sonar.server.es.EsTester; import org.sonar.server.es.SearchOptions; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.qualityprofile.BuiltInQProfile; import org.sonar.server.qualityprofile.BuiltInQProfileRepositoryRule; import org.sonar.server.qualityprofile.QProfileName; @@ -104,8 +109,12 @@ public class OrganizationUpdaterImplTest { private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); private UserIndex userIndex = new UserIndex(es.client(), system2); private DefaultGroupCreator defaultGroupCreator = new DefaultGroupCreatorImpl(dbClient); + + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private OrganizationUpdaterImpl underTest = new OrganizationUpdaterImpl(dbClient, system2, uuidFactory, organizationValidation, settings.asConfig(), userIndexer, - builtInQProfileRepositoryRule, defaultGroupCreator); + builtInQProfileRepositoryRule, defaultGroupCreator, permissionService); @Test public void create_creates_unguarded_organization_with_properties_from_NewOrganization_arg() throws OrganizationUpdater.KeyConflictException { diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/CreateActionTest.java index 8516115fb36..53c07542151 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/CreateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/CreateActionTest.java @@ -27,6 +27,8 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.config.internal.MapSettings; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; import org.sonar.api.utils.internal.TestSystem2; @@ -36,6 +38,7 @@ import org.sonar.core.util.UuidFactoryFast; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.DefaultTemplates; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.template.PermissionTemplateDto; @@ -52,6 +55,8 @@ import org.sonar.server.organization.OrganizationUpdaterImpl; import org.sonar.server.organization.OrganizationValidation; import org.sonar.server.organization.OrganizationValidationImpl; import org.sonar.server.organization.TestOrganizationFlags; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.qualityprofile.BuiltInQProfileRepository; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.user.index.UserIndexDefinition; @@ -96,9 +101,11 @@ public class CreateActionTest { private MapSettings settings = new MapSettings().setProperty(ORGANIZATIONS_ANYONE_CAN_CREATE, false); private OrganizationValidation organizationValidation = new OrganizationValidationImpl(); private UserIndexer userIndexer = new UserIndexer(dbClient, es.client()); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); private OrganizationUpdater organizationUpdater = new OrganizationUpdaterImpl(dbClient, system2, UuidFactoryFast.getInstance(), organizationValidation, settings.asConfig(), userIndexer, - mock(BuiltInQProfileRepository.class), new DefaultGroupCreatorImpl(dbClient)); + mock(BuiltInQProfileRepository.class), new DefaultGroupCreatorImpl(dbClient), permissionService); private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone().setEnabled(true); private WsActionTester wsTester = new WsActionTester( diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java index 022d7bbae66..a37952746c8 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/GroupPermissionChangerTest.java @@ -19,7 +19,6 @@ */ package org.sonar.server.permission; -import java.util.StringJoiner; import org.apache.commons.lang.StringUtils; import org.junit.Before; import org.junit.Rule; @@ -63,9 +62,8 @@ public class GroupPermissionChangerTest { private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); private GroupWsSupport groupWsSupport = new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider, new DefaultGroupFinder(db.getDbClient())); private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); - private PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes); - private PermissionWsSupport wsSupport = new PermissionWsSupport(db.getDbClient(), new ComponentFinder(db.getDbClient(), resourceTypes), groupWsSupport); - private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient(), wsSupport); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private GroupPermissionChanger underTest = new GroupPermissionChanger(db.getDbClient(), permissionService); private OrganizationDto org; private GroupDto group; private ComponentDto privateProject; @@ -83,7 +81,7 @@ public class GroupPermissionChangerTest { public void apply_adds_organization_permission_to_group() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN); } @@ -92,7 +90,7 @@ public class GroupPermissionChangerTest { public void apply_adds_organization_permission_to_group_AnyOne() { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId, permissionService)); assertThat(db.users().selectAnyonePermissions(org, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN); } @@ -100,10 +98,10 @@ public class GroupPermissionChangerTest { @Test public void apply_fails_with_BadRequestException_when_adding_any_permission_to_group_AnyOne_on_private_project() { GroupIdOrAnyone anyOneGroupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> { try { - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), anyOneGroupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), anyOneGroupId, permissionService)); fail("a BadRequestException should have been thrown"); } catch (BadRequestException e) { assertThat(e).hasMessage("No permission can be granted to Anyone on a private component"); @@ -113,13 +111,13 @@ public class GroupPermissionChangerTest { @Test public void apply_has_no_effect_when_removing_any_permission_to_group_AnyOne_on_private_project() { - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(this::unsafeInsertProjectPermissionOnAnyone); GroupIdOrAnyone anyOneGroupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> { - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, perm, new ProjectId(privateProject), anyOneGroupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, perm, new ProjectId(privateProject), anyOneGroupId, permissionService)); assertThat(db.users().selectAnyonePermissions(org, privateProject)).contains(perm); }); @@ -153,7 +151,7 @@ public class GroupPermissionChangerTest { private void applyAddsPermissionToGroupOnPrivateProject(String permission) { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).isEmpty(); assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(permission); @@ -188,7 +186,7 @@ public class GroupPermissionChangerTest { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertProjectPermissionOnGroup(group, permission, privateProject); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(permission); } @@ -197,7 +195,7 @@ public class GroupPermissionChangerTest { public void apply_has_no_effect_when_adding_USER_permission_to_group_AnyOne_on_a_public_project() { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.USER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.USER, new ProjectId(publicProject), groupId, permissionService)); assertThat(db.users().selectAnyonePermissions(org, publicProject)).isEmpty(); } @@ -206,7 +204,7 @@ public class GroupPermissionChangerTest { public void apply_has_no_effect_when_adding_CODEVIEWER_permission_to_group_AnyOne_on_a_public_project() { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId, permissionService)); assertThat(db.users().selectAnyonePermissions(org, publicProject)).isEmpty(); } @@ -218,14 +216,14 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("It is not possible to add the 'admin' permission to group 'Anyone'"); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.ADMIN, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.ADMIN, new ProjectId(publicProject), groupId, permissionService)); } @Test public void apply_adds_permission_ISSUE_ADMIN_to_group_AnyOne_on_a_public_project() { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, UserRole.ISSUE_ADMIN, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, UserRole.ISSUE_ADMIN, new ProjectId(publicProject), groupId, permissionService)); assertThat(db.users().selectAnyonePermissions(org, publicProject)).containsOnly(UserRole.ISSUE_ADMIN); } @@ -234,7 +232,7 @@ public class GroupPermissionChangerTest { public void apply_adds_permission_SCAN_EXECUTION_to_group_AnyOne_on_a_public_project() { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.SCAN_EXECUTION, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.SCAN_EXECUTION, new ProjectId(publicProject), groupId, permissionService)); assertThat(db.users().selectAnyonePermissions(org, publicProject)).containsOnly(GlobalPermissions.SCAN_EXECUTION); } @@ -246,7 +244,7 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission user can't be removed from a public component"); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId, permissionService)); } @Test @@ -256,7 +254,7 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission codeviewer can't be removed from a public component"); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId, permissionService)); } @Test @@ -278,7 +276,7 @@ public class GroupPermissionChangerTest { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); db.users().insertProjectPermissionOnAnyone(permission, publicProject); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, permission, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, permission, new ProjectId(publicProject), groupId, permissionService)); assertThat(db.users().selectAnyonePermissions(org, publicProject)).isEmpty(); } @@ -290,7 +288,7 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission user can't be removed from a public component"); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.USER, new ProjectId(publicProject), groupId, permissionService)); } @Test @@ -300,7 +298,7 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission codeviewer can't be removed from a public component"); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.CODEVIEWER, new ProjectId(publicProject), groupId, permissionService)); } @Test @@ -308,7 +306,7 @@ public class GroupPermissionChangerTest { OrganizationDto defaultOrganization = db.getDefaultOrganization(); GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(defaultOrganization.getUuid()); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, GlobalPermissions.QUALITY_GATE_ADMIN, null, groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).isEmpty(); assertThat(db.users().selectAnyonePermissions(defaultOrganization, null)).containsOnly(GlobalPermissions.QUALITY_GATE_ADMIN); @@ -319,7 +317,7 @@ public class GroupPermissionChangerTest { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey()); } @@ -328,16 +326,16 @@ public class GroupPermissionChangerTest { public void fail_to_add_global_permission_but_SCAN_and_ADMIN_on_private_project() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); - OrganizationPermission.all() + permissionService.getAllOrganizationPermissions().stream() .map(OrganizationPermission::getKey) .filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm)) .forEach(perm -> { try { - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), groupId, permissionService)); fail("a BadRequestException should have been thrown for permission " + perm); } catch (BadRequestException e) { assertThat(e).hasMessage("Invalid project permission '" + perm + - "'. Valid values are [" + StringUtils.join(permissionsHelper.allPermissions(), ", ") + "]"); + "'. Valid values are [" + StringUtils.join(permissionService.getAllProjectPermissions(), ", ") + "]"); } }); } @@ -346,16 +344,16 @@ public class GroupPermissionChangerTest { public void fail_to_add_global_permission_but_SCAN_and_ADMIN_on_public_project() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); - OrganizationPermission.all() + permissionService.getAllOrganizationPermissions().stream() .map(OrganizationPermission::getKey) .filter(perm -> !UserRole.ADMIN.equals(perm) && !GlobalPermissions.SCAN_EXECUTION.equals(perm)) .forEach(perm -> { try { - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, perm, new ProjectId(publicProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, perm, new ProjectId(publicProject), groupId, permissionService)); fail("a BadRequestException should have been thrown for permission " + perm); } catch (BadRequestException e) { assertThat(e).hasMessage("Invalid project permission '" + perm + - "'. Valid values are [" + StringUtils.join(permissionsHelper.allPermissions(), ", ") + "]"); + "'. Valid values are [" + StringUtils.join(permissionService.getAllProjectPermissions(), ", ") + "]"); } }); } @@ -364,12 +362,12 @@ public class GroupPermissionChangerTest { public void fail_to_add_project_permission_but_SCAN_and_ADMIN_on_global_group() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .stream() .filter(perm -> !GlobalPermissions.SCAN_EXECUTION.equals(perm) && !OrganizationPermission.ADMINISTER.getKey().equals(perm)) .forEach(permission -> { try { - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.ADD, permission, null, groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, null, groupId, permissionService)); fail("a BadRequestException should have been thrown for permission " + permission); } catch (BadRequestException e) { assertThat(e).hasMessage("Invalid global permission '" + permission + "'. Valid values are [admin, profileadmin, gateadmin, scan, provisioning]"); @@ -383,7 +381,7 @@ public class GroupPermissionChangerTest { db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); db.users().insertPermissionOnGroup(group, PROVISION_PROJECTS); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(PROVISION_PROJECTS.getKey()); } @@ -395,7 +393,7 @@ public class GroupPermissionChangerTest { db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, privateProject); db.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, privateProject); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey()); assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(UserRole.CODEVIEWER); @@ -405,7 +403,7 @@ public class GroupPermissionChangerTest { public void do_not_fail_if_removing_a_permission_that_does_not_exist() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).isEmpty(); assertThat(db.users().selectGroupPermissions(group, privateProject)).isEmpty(); @@ -419,7 +417,7 @@ public class GroupPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed."); - underTest.apply(db.getSession(), new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId)); + underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId, permissionService)); } @Test @@ -429,7 +427,7 @@ public class GroupPermissionChangerTest { UserDto admin = db.users().insertUser(); db.users().insertPermissionOnUser(org, admin, ADMINISTER); - apply(new GroupPermissionChange(permissionsHelper, PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId)); + apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).isEmpty(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionServiceImplTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionServiceImplTest.java new file mode 100644 index 00000000000..b1556ee7e88 --- /dev/null +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionServiceImplTest.java @@ -0,0 +1,52 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.permission; + +import org.junit.Test; +import org.sonar.db.component.ResourceTypesRule; +import org.sonar.db.permission.OrganizationPermission; + +import static org.assertj.core.api.Assertions.assertThat; + + +public class PermissionServiceImplTest { + + private ResourceTypesRule resourceTypesRule = new ResourceTypesRule().setRootQualifiers("APP", "VW"); + private PermissionServiceImpl underTest = new PermissionServiceImpl(resourceTypesRule); + + @Test + public void organizationPermissions_must_be_ordered() { + assertThat(underTest.getAllOrganizationPermissions()) + .extracting(OrganizationPermission::getKey) + .containsExactly("admin", "gateadmin", "profileadmin", "provisioning", "scan", "applicationcreator", "portfoliocreator"); + } + + @Test + public void publicPermissions_must_be_ordered() { + assertThat(underTest.getPublicPermissions()) + .containsExactly("user", "codeviewer"); + } + + @Test + public void projectPermissions_must_be_ordered() { + assertThat(underTest.getAllProjectPermissions()) + .containsExactly("admin", "codeviewer", "issueadmin", "securityhotspotadmin", "scan", "user", "applicationcreator", "portfoliocreator"); + } +} diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java index 7f97e0393b2..48a26b3f561 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionTemplateServiceTest.java @@ -60,13 +60,14 @@ public class PermissionTemplateServiceTest { public DefaultTemplatesResolverRule defaultTemplatesResolver = DefaultTemplatesResolverRule.withGovernance(); private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); - private PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private UserSessionRule userSession = UserSessionRule.standalone(); private PermissionTemplateDbTester templateDb = dbTester.permissionTemplates(); private DbSession session = dbTester.getSession(); private ProjectIndexers projectIndexers = new TestProjectIndexers(); - private PermissionTemplateService underTest = new PermissionTemplateService(dbTester.getDbClient(), projectIndexers, userSession, defaultTemplatesResolver); + private PermissionTemplateService underTest = new PermissionTemplateService(dbTester.getDbClient(), projectIndexers, userSession, defaultTemplatesResolver, permissionService); @Test public void apply_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() { @@ -99,7 +100,7 @@ public class PermissionTemplateServiceTest { OrganizationDto organization = dbTester.organizations().insert(); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm)); dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1"); @@ -114,7 +115,7 @@ public class PermissionTemplateServiceTest { OrganizationDto organization = dbTester.organizations().insert(); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm)); dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -131,7 +132,7 @@ public class PermissionTemplateServiceTest { ComponentDto privateProject = dbTester.components().insertPrivateProject(organization); GroupDto group = dbTester.users().insertGroup(organization); PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm)); dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1"); @@ -147,7 +148,7 @@ public class PermissionTemplateServiceTest { GroupDto group = dbTester.users().insertGroup(organization); ComponentDto privateProject = dbTester.components().insertPrivateProject(organization); PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm)); dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -164,7 +165,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); GroupDto group = dbTester.users().insertGroup(organization); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm)); dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1"); @@ -180,7 +181,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); GroupDto group = dbTester.users().insertGroup(organization); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm)); dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -197,7 +198,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); UserDto user = dbTester.users().insertUser(); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm)); dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1"); @@ -213,7 +214,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); UserDto user = dbTester.users().insertUser(); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm)); dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -230,7 +231,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto privateProject = dbTester.components().insertPrivateProject(organization); UserDto user = dbTester.users().insertUser(); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm)); dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1"); @@ -246,7 +247,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto privateProject = dbTester.components().insertPrivateProject(organization); UserDto user = dbTester.users().insertUser(); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm)); dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -263,7 +264,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto publicProject = dbTester.components().insertPublicProject(organization); UserDto user = dbTester.users().insertUser(); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm)); dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); @@ -280,7 +281,7 @@ public class PermissionTemplateServiceTest { PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); ComponentDto privateProject = dbTester.components().insertPrivateProject(organization); UserDto user = dbTester.users().insertUser(); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm)); dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1"); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java index 7b086f94c62..45f1f67fd84 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/UserPermissionChangerTest.java @@ -45,6 +45,7 @@ import static org.sonar.api.web.UserRole.USER; import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; +import static org.sonar.core.util.stream.MoreCollectors.toSet; import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES; import static org.sonar.db.permission.OrganizationPermission.SCAN; @@ -58,9 +59,10 @@ public class UserPermissionChangerTest { @Rule public ExpectedException expectedException = ExpectedException.none(); - private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP); - private PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes); - private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient()); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + + private UserPermissionChanger underTest = new UserPermissionChanger(db.getDbClient(), permissionService); private OrganizationDto org1; private OrganizationDto org2; private UserDto user1; @@ -80,9 +82,9 @@ public class UserPermissionChangerTest { @Test public void apply_adds_any_organization_permission_to_user() { - OrganizationPermission.all() + permissionService.getAllOrganizationPermissions().stream() .forEach(perm -> { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), perm.getKey(), null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), perm.getKey(), null, UserId.from(user1), permissionService); apply(change); @@ -94,13 +96,14 @@ public class UserPermissionChangerTest { public void apply_removes_any_organization_permission_to_user() { // give ADMIN perm to user2 so that user1 is not the only one with this permission and it can be removed from user1 db.users().insertPermissionOnUser(org1, user2, OrganizationPermission.ADMINISTER); - OrganizationPermission.all() + permissionService.getAllOrganizationPermissions().stream() .forEach(perm -> db.users().insertPermissionOnUser(org1, user1, perm)); - assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(OrganizationPermission.values()); + assertThat(db.users().selectPermissionsOfUser(user1, org1)) + .containsOnly(permissionService.getAllOrganizationPermissions().toArray(new OrganizationPermission[0])); - OrganizationPermission.all() + permissionService.getAllOrganizationPermissions().stream() .forEach(perm -> { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), perm.getKey(), null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), perm.getKey(), null, UserId.from(user1), permissionService); apply(change); @@ -110,7 +113,7 @@ public class UserPermissionChangerTest { @Test public void apply_has_no_effect_when_adding_permission_USER_on_a_public_project() { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1), permissionService); apply(change); @@ -119,7 +122,7 @@ public class UserPermissionChangerTest { @Test public void apply_has_no_effect_when_adding_permission_CODEVIEWER_on_a_public_project() { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1), permissionService); apply(change); @@ -142,7 +145,7 @@ public class UserPermissionChangerTest { } private void applyAddsPermissionOnAPublicProject(String permission) { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1), permissionService); apply(change); @@ -151,7 +154,7 @@ public class UserPermissionChangerTest { @Test public void apply_fails_with_BadRequestException_when_removing_permission_USER_from_a_public_project() { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), USER, new ProjectId(publicProject), UserId.from(user1), permissionService); expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission user can't be removed from a public component"); @@ -161,7 +164,7 @@ public class UserPermissionChangerTest { @Test public void apply_fails_with_BadRequestException_when_removing_permission_CODEVIEWER_from_a_public_project() { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), CODEVIEWER, new ProjectId(publicProject), UserId.from(user1), permissionService); expectedException.expect(BadRequestException.class); expectedException.expectMessage("Permission codeviewer can't be removed from a public component"); @@ -186,7 +189,7 @@ public class UserPermissionChangerTest { private void applyRemovesPermissionFromPublicProject(String permission) { db.users().insertProjectPermissionOnUser(user1, permission, publicProject); - UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), permission, new ProjectId(publicProject), UserId.from(user1), permissionService); apply(change); @@ -195,9 +198,9 @@ public class UserPermissionChangerTest { @Test public void apply_adds_any_permission_to_a_private_project() { - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(permission -> { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1), permissionService); apply(change); @@ -207,12 +210,12 @@ public class UserPermissionChangerTest { @Test public void apply_removes_any_permission_from_a_private_project() { - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(permission -> db.users().insertProjectPermissionOnUser(user1, permission, privateProject)); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(permission -> { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), permission, new ProjectId(privateProject), UserId.from(user1), permissionService); apply(change); @@ -222,7 +225,7 @@ public class UserPermissionChangerTest { @Test public void add_global_permission_to_user() { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), SCAN_EXECUTION, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), SCAN_EXECUTION, null, UserId.from(user1), permissionService); apply(change); @@ -235,7 +238,7 @@ public class UserPermissionChangerTest { @Test public void add_project_permission_to_user() { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); @@ -248,7 +251,7 @@ public class UserPermissionChangerTest { public void do_nothing_when_adding_global_permission_that_already_exists() { db.users().insertPermissionOnUser(org1, user1, ADMINISTER_QUALITY_GATES); - UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(ADMINISTER_QUALITY_GATES); @@ -257,9 +260,9 @@ public class UserPermissionChangerTest { @Test public void fail_to_add_global_permission_on_project() { expectedException.expect(BadRequestException.class); - expectedException.expectMessage("Invalid project permission 'gateadmin'. Valid values are [" + StringUtils.join(permissionsHelper.allPermissions(), ", ") + "]"); + expectedException.expectMessage("Invalid project permission 'gateadmin'. Valid values are [" + StringUtils.join(permissionService.getAllProjectPermissions(), ", ") + "]"); - UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), QUALITY_GATE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, new ProjectId(privateProject), UserId.from(user1), permissionService); apply(change); } @@ -268,7 +271,7 @@ public class UserPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Invalid global permission 'issueadmin'. Valid values are [admin, profileadmin, gateadmin, scan, provisioning]"); - UserPermissionChange change = new UserPermissionChange(permissionsHelper, ADD, org1.getUuid(), ISSUE_ADMIN, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), ISSUE_ADMIN, null, UserId.from(user1), permissionService); apply(change); } @@ -280,7 +283,7 @@ public class UserPermissionChangerTest { db.users().insertPermissionOnUser(org1, user2, QUALITY_GATE_ADMIN); db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, privateProject); - UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN); @@ -298,7 +301,7 @@ public class UserPermissionChangerTest { db.users().insertProjectPermissionOnUser(user2, ISSUE_ADMIN, privateProject); db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, project2); - UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(USER); @@ -308,7 +311,7 @@ public class UserPermissionChangerTest { @Test public void do_not_fail_if_removing_a_global_permission_that_does_not_exist() { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); @@ -316,7 +319,7 @@ public class UserPermissionChangerTest { @Test public void do_not_fail_if_removing_a_project_permission_that_does_not_exist() { - UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).isEmpty(); @@ -329,7 +332,7 @@ public class UserPermissionChangerTest { expectedException.expect(BadRequestException.class); expectedException.expectMessage("Last user with permission 'admin'. Permission cannot be removed."); - UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), SYSTEM_ADMIN, null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), SYSTEM_ADMIN, null, UserId.from(user1), permissionService); underTest.apply(db.getSession(), change); } @@ -340,7 +343,7 @@ public class UserPermissionChangerTest { db.users().insertMember(admins, user2); db.users().insertPermissionOnGroup(admins, ADMINISTER); - UserPermissionChange change = new UserPermissionChange(permissionsHelper, REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1)); + UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1), permissionService); underTest.apply(db.getSession(), change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java index b0963b6c77c..f183ff71fde 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java @@ -20,16 +20,21 @@ package org.sonar.server.permission.ws; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.web.UserRole; +import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.ServerException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; @@ -58,12 +63,13 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> { private static final String A_PROJECT_UUID = "project-uuid"; private static final String A_PROJECT_KEY = "project-key"; - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); @Override protected AddGroupAction buildWsAction() { - return new AddGroupAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionsHelper); + return new AddGroupAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionService); } @Test @@ -371,7 +377,7 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> { ComponentDto project = db.components().insertPrivateProject(); userSession.logIn().addProjectPermission(UserRole.ADMIN, project); - newPermissionsHelper().allPermissions() + permissionService.getAllProjectPermissions() .forEach(permission -> { try { newRequest() diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java index 4bb128a930f..c45cfbebb87 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java @@ -21,16 +21,20 @@ package org.sonar.server.permission.ws; import org.junit.Before; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.web.UserRole; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.ServerException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; @@ -54,9 +58,9 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_U public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> { private UserDto user; - - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); @Before public void setUp() { @@ -66,7 +70,7 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> { @Override protected AddUserAction buildWsAction() { - return new AddUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionsHelper); + return new AddUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionService); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java index b8e5fccdcef..40ff8b09ca9 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/BasePermissionWsTest.java @@ -23,6 +23,7 @@ import org.junit.Before; import org.junit.Rule; import org.junit.rules.ExpectedException; import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.utils.internal.AlwaysIncreasingSystem2; import org.sonar.db.DbClient; import org.sonar.db.DbTester; @@ -34,8 +35,9 @@ import org.sonar.server.es.EsTester; import org.sonar.server.es.ProjectIndexersImpl; import org.sonar.server.organization.TestDefaultOrganizationProvider; import org.sonar.server.permission.GroupPermissionChanger; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.PermissionUpdater; -import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.UserPermissionChanger; import org.sonar.server.permission.index.FooIndexDefinition; import org.sonar.server.permission.index.PermissionIndexer; @@ -59,6 +61,9 @@ public abstract class BasePermissionWsTest<A extends PermissionsWsAction> { @Rule public ExpectedException expectedException = ExpectedException.none(); + protected ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + protected PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); protected UserSessionRule userSession = UserSessionRule.standalone(); protected WsActionTester wsTester; @@ -83,15 +88,11 @@ public abstract class BasePermissionWsTest<A extends PermissionsWsAction> { return new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP); } - protected PermissionsHelper newPermissionsHelper() { - return new PermissionsHelper(newRootResourceTypes()); - } - protected PermissionUpdater newPermissionUpdater() { return new PermissionUpdater( new ProjectIndexersImpl(new PermissionIndexer(db.getDbClient(), es.client())), - new UserPermissionChanger(db.getDbClient()), - new GroupPermissionChanger(db.getDbClient(), newPermissionWsSupport())); + new UserPermissionChanger(db.getDbClient(), permissionService), + new GroupPermissionChanger(db.getDbClient(), permissionService)); } protected TestRequest newRequest() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java index b228dd99fec..7ac9502241a 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java @@ -21,16 +21,20 @@ package org.sonar.server.permission.ws; import org.junit.Before; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.security.DefaultGroups; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; @@ -54,9 +58,9 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> { private GroupDto group1; private GroupDto group2; private GroupDto group3; - - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); @Override protected GroupsAction buildWsAction() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsTest.java index 22db720d301..0ba55decb80 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/PermissionsWsTest.java @@ -28,7 +28,8 @@ import org.sonar.db.component.ResourceTypesRule; import org.sonar.server.component.ComponentFinder; import org.sonar.server.issue.ws.AvatarResolverImpl; import org.sonar.server.organization.TestDefaultOrganizationProvider; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.ws.template.TemplateGroupsAction; import org.sonar.server.permission.ws.template.TemplateUsersAction; import org.sonar.server.tester.UserSessionRule; @@ -48,16 +49,17 @@ public class PermissionsWsTest { private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db); private final ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); - private final PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes); private final GroupWsSupport groupWsSupport = new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider, new DefaultGroupFinder(db.getDbClient())); private final PermissionWsSupport wsSupport = new PermissionWsSupport(db.getDbClient(), new ComponentFinder(db.getDbClient(), resourceTypes), groupWsSupport); - private WsParameters wsParameters = new WsParameters(permissionsHelper); - private RequestValidator requestValidator = new RequestValidator(permissionsHelper); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); + private RequestValidator requestValidator = new RequestValidator(permissionService); + private WsTester underTest = new WsTester(new PermissionsWs( - new TemplateUsersAction(db.getDbClient(), userSession, wsSupport, new AvatarResolverImpl(), requestValidator, wsParameters), - new TemplateGroupsAction(db.getDbClient(), userSession, wsSupport, requestValidator, wsParameters))); + new TemplateUsersAction(db.getDbClient(), userSession, wsSupport, new AvatarResolverImpl(), wsParameters, requestValidator), + new TemplateGroupsAction(db.getDbClient(), userSession, wsSupport, wsParameters, requestValidator))); @Test public void define_controller() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java index 0ee36f8d137..dadcd99bb64 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java @@ -21,16 +21,21 @@ package org.sonar.server.permission.ws; import org.junit.Before; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.web.UserRole; +import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.GroupPermissionDto; import org.sonar.db.user.GroupDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; @@ -56,9 +61,9 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_P public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupAction> { private GroupDto aGroup; - - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); @Before public void setUp() { @@ -67,7 +72,7 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio @Override protected RemoveGroupAction buildWsAction() { - return new RemoveGroupAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionsHelper); + return new RemoveGroupAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionService); } @Test @@ -345,11 +350,11 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio @Test public void no_effect_when_removing_any_permission_from_group_AnyOne_on_a_private_project() { ComponentDto project = db.components().insertPrivateProject(); - newPermissionsHelper().allPermissions() + permissionService.getAllProjectPermissions() .forEach(perm -> unsafeInsertProjectPermissionOnAnyone(perm, project)); userSession.logIn().addProjectPermission(UserRole.ADMIN, project); - newPermissionsHelper().allPermissions() + permissionService.getAllProjectPermissions() .forEach(permission -> { newRequest() .setParam(PARAM_GROUP_NAME, "anyone") diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java index bec9804fd76..2cbbc0893f8 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java @@ -21,16 +21,20 @@ package org.sonar.server.permission.ws; import org.junit.Before; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.web.UserRole; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.ServerException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import static java.lang.String.format; import static org.assertj.core.api.Assertions.assertThat; @@ -63,9 +67,10 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction> private static final String A_LOGIN = "ray.bradbury"; private UserDto user; + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); @Before public void setUp() { @@ -74,7 +79,7 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction> @Override protected RemoveUserAction buildWsAction() { - return new RemoveUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionsHelper); + return new RemoveUserAction(db.getDbClient(), userSession, newPermissionUpdater(), newPermissionWsSupport(), wsParameters, permissionService); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java index 63b64a72f49..4f57795b406 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java @@ -21,7 +21,12 @@ package org.sonar.server.permission.ws; import org.junit.Before; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceType; +import org.sonar.api.resources.ResourceTypeTree; +import org.sonar.api.resources.ResourceTypes; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.GroupTesting; @@ -31,6 +36,8 @@ import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.l18n.I18nRule; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonarqube.ws.Permissions; import static org.assertj.core.api.Assertions.assertThat; @@ -46,10 +53,12 @@ import static org.sonar.test.JsonAssert.assertJson; public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest<SearchGlobalPermissionsAction> { private I18nRule i18n = new I18nRule(); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); @Override protected SearchGlobalPermissionsAction buildWsAction() { - return new SearchGlobalPermissionsAction(db.getDbClient(), userSession, i18n, newPermissionWsSupport()); + return new SearchGlobalPermissionsAction(db.getDbClient(), userSession, i18n, newPermissionWsSupport(), permissionService); } @Before diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java index 8259e7fd312..1f420fb3775 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java @@ -22,6 +22,7 @@ package org.sonar.server.permission.ws; import org.junit.Before; import org.junit.Test; import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.web.UserRole; import org.sonar.db.component.ComponentDbTester; import org.sonar.db.component.ComponentDto; @@ -34,7 +35,8 @@ import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.l18n.I18nRule; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonarqube.ws.Permissions; import static java.lang.String.format; @@ -55,9 +57,8 @@ public class SearchProjectPermissionsActionTest extends BasePermissionWsTest<Sea private ComponentDbTester componentDb = new ComponentDbTester(db); private I18nRule i18n = new I18nRule(); - - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); @Before public void setUp() { @@ -70,7 +71,7 @@ public class SearchProjectPermissionsActionTest extends BasePermissionWsTest<Sea i18n.setProjectPermissions(); ResourceTypesRule rootResourceTypes = newRootResourceTypes(); PermissionWsSupport wsSupport = newPermissionWsSupport(); - return new SearchProjectPermissionsAction(db.getDbClient(), userSession, i18n, rootResourceTypes, wsSupport, wsParameters, permissionsHelper); + return new SearchProjectPermissionsAction(db.getDbClient(), userSession, i18n, rootResourceTypes, wsSupport, permissionService); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java index efa3b3a80ad..7b9ebaba1dd 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java @@ -20,11 +20,14 @@ package org.sonar.server.permission.ws; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.server.ws.WebService.SelectionMode; import org.sonar.api.web.UserRole; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; @@ -32,7 +35,8 @@ import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.issue.ws.AvatarResolverImpl; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import static java.lang.String.format; import static org.apache.commons.lang.StringUtils.countMatches; @@ -58,13 +62,14 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_U public class UsersActionTest extends BasePermissionWsTest<UsersAction> { - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); - private RequestValidator requestValidator = new RequestValidator(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); + private RequestValidator requestValidator = new RequestValidator(permissionService); @Override protected UsersAction buildWsAction() { - return new UsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl(), requestValidator, wsParameters); + return new UsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl(), wsParameters, requestValidator); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java index 5185255230a..4001142cb2c 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java @@ -23,15 +23,19 @@ import java.util.List; import javax.annotation.Nullable; import org.junit.Before; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.web.UserRole; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.permission.PermissionQuery; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.db.user.GroupDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.ws.BasePermissionWsTest; import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.ws.TestRequest; @@ -51,8 +55,9 @@ public class AddGroupToTemplateActionTest extends BasePermissionWsTest<AddGroupT private PermissionTemplateDto template; private GroupDto group; - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); @Override protected AddGroupToTemplateAction buildWsAction() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java index f2fb0b37d6f..d222e169087 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddProjectCreatorToTemplateActionTest.java @@ -22,13 +22,17 @@ package org.sonar.server.permission.ws.template; import java.util.Optional; import org.junit.Before; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.utils.System2; import org.sonar.api.web.UserRole; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.ws.BasePermissionWsTest; import org.sonar.server.permission.ws.RequestValidator; import org.sonar.server.permission.ws.WsParameters; @@ -46,13 +50,14 @@ public class AddProjectCreatorToTemplateActionTest extends BasePermissionWsTest< private System2 system = spy(System2.INSTANCE); private PermissionTemplateDto template; - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); - private RequestValidator requestValidator = new RequestValidator(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); + private RequestValidator requestValidator = new RequestValidator(permissionService); @Override protected AddProjectCreatorToTemplateAction buildWsAction() { - return new AddProjectCreatorToTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, system, requestValidator, wsParameters); + return new AddProjectCreatorToTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, system, wsParameters, requestValidator); } @Before diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java index 6a05264b5b8..c69d563acae 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java @@ -23,7 +23,10 @@ import java.util.List; import javax.annotation.Nullable; import org.junit.Before; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.PermissionQuery; import org.sonar.db.permission.template.PermissionTemplateDto; @@ -31,7 +34,8 @@ import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.ws.BasePermissionWsTest; import org.sonar.server.permission.ws.RequestValidator; import org.sonar.server.permission.ws.WsParameters; @@ -50,8 +54,9 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT private UserDto user; private PermissionTemplateDto permissionTemplate; - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); @Override protected AddUserToTemplateAction buildWsAction() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java index 2e72e17c155..3c8347fad14 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java @@ -24,8 +24,11 @@ import javax.annotation.Nullable; import org.junit.Before; import org.junit.Rule; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.web.UserRole; import org.sonar.db.component.ComponentDto; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.permission.PermissionQuery; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.db.user.GroupDto; @@ -34,11 +37,10 @@ import org.sonar.server.es.TestProjectIndexers; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.PermissionTemplateService; -import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ws.BasePermissionWsTest; -import org.sonar.server.permission.ws.RequestValidator; -import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.ws.TestRequest; import org.sonar.server.ws.TestResponse; @@ -61,15 +63,15 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA private PermissionTemplateDto template1; private PermissionTemplateDto template2; - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); private PermissionTemplateService permissionTemplateService = new PermissionTemplateService(db.getDbClient(), - new TestProjectIndexers(), userSession, defaultTemplatesResolver); + new TestProjectIndexers(), userSession, defaultTemplatesResolver, permissionService); @Override protected ApplyTemplateAction buildWsAction() { - return new ApplyTemplateAction(db.getDbClient(), userSession, permissionTemplateService, newPermissionWsSupport(), wsParameters); + return new ApplyTemplateAction(db.getDbClient(), userSession, permissionTemplateService, newPermissionWsSupport()); } @Before diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java index dd10c248865..09579c8640d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java @@ -25,10 +25,12 @@ import org.apache.commons.lang.StringUtils; import org.junit.Before; import org.junit.Test; import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.web.UserRole; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.PermissionQuery; import org.sonar.db.permission.template.PermissionTemplateDto; @@ -39,11 +41,10 @@ import org.sonar.server.es.TestProjectIndexers; import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.l18n.I18nRule; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.PermissionTemplateService; -import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ws.BasePermissionWsTest; -import org.sonar.server.permission.ws.RequestValidator; -import org.sonar.server.permission.ws.WsParameters; import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.api.utils.DateUtils.parseDate; @@ -64,6 +65,9 @@ public class BulkApplyTemplateActionTest extends BasePermissionWsTest<BulkApplyT @org.junit.Rule public DefaultTemplatesResolverRule defaultTemplatesResolver = DefaultTemplatesResolverRule.withoutGovernance(); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private UserDto user1; private UserDto user2; private GroupDto group1; @@ -76,7 +80,7 @@ public class BulkApplyTemplateActionTest extends BasePermissionWsTest<BulkApplyT @Override protected BulkApplyTemplateAction buildWsAction() { PermissionTemplateService permissionTemplateService = new PermissionTemplateService(db.getDbClient(), - projectIndexers, userSession, defaultTemplatesResolver); + projectIndexers, userSession, defaultTemplatesResolver, permissionService); return new BulkApplyTemplateAction(db.getDbClient(), userSession, permissionTemplateService, newPermissionWsSupport(), new I18nRule(), newRootResourceTypes()); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/DeleteTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/DeleteTemplateActionTest.java index 00be2d1b0de..7f4be252179 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/DeleteTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/DeleteTemplateActionTest.java @@ -44,7 +44,6 @@ import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.organization.TestDefaultOrganizationProvider; -import org.sonar.server.permission.PermissionsHelper; import org.sonar.server.permission.ws.PermissionWsSupport; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.usergroups.DefaultGroupFinder; diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java index b7f7a84f7a5..5324d21a29a 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java @@ -23,7 +23,10 @@ import java.util.List; import javax.annotation.Nullable; import org.junit.Before; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.permission.PermissionQuery; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.db.user.GroupDto; @@ -31,9 +34,9 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.ws.BasePermissionWsTest; -import org.sonar.server.permission.ws.RequestValidator; import org.sonar.server.permission.ws.WsParameters; import org.sonar.server.ws.TestRequest; @@ -53,8 +56,9 @@ public class RemoveGroupFromTemplateActionTest extends BasePermissionWsTest<Remo private GroupDto group; private PermissionTemplateDto template; - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); @Override protected RemoveGroupFromTemplateAction buildWsAction() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateActionTest.java index d42cb79d9b1..cc1408fa211 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveProjectCreatorFromTemplateActionTest.java @@ -22,15 +22,19 @@ package org.sonar.server.permission.ws.template; import java.util.Optional; import org.junit.Before; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.utils.System2; import org.sonar.api.web.UserRole; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.ws.BasePermissionWsTest; import org.sonar.server.permission.ws.RequestValidator; import org.sonar.server.permission.ws.WsParameters; @@ -46,13 +50,14 @@ public class RemoveProjectCreatorFromTemplateActionTest extends BasePermissionWs private System2 system = mock(System2.class); private PermissionTemplateDto template; - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private RequestValidator requestValidator = new RequestValidator(permissionsHelper); - private WsParameters wsParameters = new WsParameters(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); + private RequestValidator requestValidator = new RequestValidator(permissionService); @Override protected RemoveProjectCreatorFromTemplateAction buildWsAction() { - return new RemoveProjectCreatorFromTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, system, requestValidator, wsParameters); + return new RemoveProjectCreatorFromTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, system, wsParameters, requestValidator); } @Before diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java index 2e4c286cb24..55fa9fac4d7 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java @@ -23,7 +23,10 @@ import java.util.List; import javax.annotation.Nullable; import org.junit.Before; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.permission.PermissionQuery; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.db.user.UserDto; @@ -31,7 +34,8 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.ws.BasePermissionWsTest; import org.sonar.server.permission.ws.RequestValidator; import org.sonar.server.permission.ws.WsParameters; @@ -50,13 +54,15 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov private UserDto user; private PermissionTemplateDto template; - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); - private RequestValidator requestValidator = new RequestValidator(permissionsHelper); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); + private RequestValidator requestValidator = new RequestValidator(permissionService); + @Override protected RemoveUserFromTemplateAction buildWsAction() { - return new RemoveUserFromTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, requestValidator, wsParameters); + return new RemoveUserFromTemplateAction(db.getDbClient(), newPermissionWsSupport(), userSession, wsParameters, requestValidator); } @Before diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java index d8494ff10b7..4d7c51e9262 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/SearchTemplatesActionTest.java @@ -35,7 +35,8 @@ import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.l18n.I18nRule; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.ws.BasePermissionWsTest; import org.sonar.server.ws.TestRequest; import org.sonar.server.ws.WsActionTester; @@ -56,27 +57,62 @@ public class SearchTemplatesActionTest extends BasePermissionWsTest<SearchTempla private DbSession dbSession = db.getSession(); private ResourceTypesRule resourceTypesWithViews = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP); private ResourceTypesRule resourceTypesWithoutViews = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); - private PermissionsHelper permissionsHelperWithViews = new PermissionsHelper(resourceTypesWithViews); - private PermissionsHelper permissionsHelperWithoutViews = new PermissionsHelper(resourceTypesWithoutViews); + private PermissionService permissionServiceWithViews = new PermissionServiceImpl(resourceTypesWithViews); + private PermissionService permissionServiceWithoutViews = new PermissionServiceImpl(resourceTypesWithoutViews); private WsActionTester underTestWithoutViews; @Override protected SearchTemplatesAction buildWsAction() { DefaultTemplatesResolver defaultTemplatesResolverWithViews = new DefaultTemplatesResolverImpl(resourceTypesWithViews); - SearchTemplatesAction searchTemplatesAction = new SearchTemplatesAction(dbClient, userSession, i18n, newPermissionWsSupport(), defaultTemplatesResolverWithViews, permissionsHelperWithViews); - return searchTemplatesAction; + return new SearchTemplatesAction(dbClient, userSession, i18n, newPermissionWsSupport(), defaultTemplatesResolverWithViews, permissionServiceWithViews); } @Before public void setUp() { DefaultTemplatesResolver defaultTemplatesResolverWithViews = new DefaultTemplatesResolverImpl(resourceTypesWithoutViews); - underTestWithoutViews = new WsActionTester(new SearchTemplatesAction(dbClient, userSession, i18n, newPermissionWsSupport(), defaultTemplatesResolverWithViews, permissionsHelperWithoutViews)); + underTestWithoutViews = new WsActionTester(new SearchTemplatesAction(dbClient, userSession, i18n, newPermissionWsSupport(), defaultTemplatesResolverWithViews, permissionServiceWithoutViews)); i18n.setProjectPermissions(); userSession.logIn().addPermission(ADMINISTER, db.getDefaultOrganization()); } @Test - public void search_project_permissions() { + public void search_project_permissions_without_views() { + OrganizationDto organization = db.getDefaultOrganization(); + PermissionTemplateDto projectTemplate = insertProjectTemplate(organization); + PermissionTemplateDto viewsTemplate = insertViewsTemplate(organization); + + UserDto user1 = db.users().insertUser(); + UserDto user2 = db.users().insertUser(); + UserDto user3 = db.users().insertUser(); + + GroupDto group1 = db.users().insertGroup(organization); + GroupDto group2 = db.users().insertGroup(organization); + GroupDto group3 = db.users().insertGroup(organization); + + addUserToTemplate(projectTemplate.getId(), user1.getId(), UserRole.ISSUE_ADMIN); + addUserToTemplate(projectTemplate.getId(), user2.getId(), UserRole.ISSUE_ADMIN); + addUserToTemplate(projectTemplate.getId(), user3.getId(), UserRole.ISSUE_ADMIN); + addUserToTemplate(projectTemplate.getId(), user1.getId(), UserRole.CODEVIEWER); + addGroupToTemplate(projectTemplate.getId(), group1.getId(), UserRole.ADMIN); + addPermissionTemplateWithProjectCreator(projectTemplate.getId(), UserRole.ADMIN); + + addUserToTemplate(viewsTemplate.getId(), user1.getId(), UserRole.USER); + addUserToTemplate(viewsTemplate.getId(), user2.getId(), UserRole.USER); + addGroupToTemplate(viewsTemplate.getId(), group1.getId(), UserRole.ISSUE_ADMIN); + addGroupToTemplate(viewsTemplate.getId(), group2.getId(), UserRole.ISSUE_ADMIN); + addGroupToTemplate(viewsTemplate.getId(), group3.getId(), UserRole.ISSUE_ADMIN); + + db.organizations().setDefaultTemplates(projectTemplate, viewsTemplate); + + String result = newRequest(underTestWithoutViews).execute().getInput(); + + assertJson(result) + .withStrictArrayOrder() + .isSimilarTo(getClass().getResource("search_templates-example-without-views.json")); + } + + @Test + public void search_project_permissions_with_views() { OrganizationDto organization = db.getDefaultOrganization(); PermissionTemplateDto projectTemplate = insertProjectTemplate(organization); PermissionTemplateDto viewsTemplate = insertViewsTemplate(organization); @@ -108,11 +144,11 @@ public class SearchTemplatesActionTest extends BasePermissionWsTest<SearchTempla assertJson(result) .withStrictArrayOrder() - .isSimilarTo(getClass().getResource("search_templates-example.json")); + .isSimilarTo(getClass().getResource("search_templates-example-with-views.json")); } @Test - public void empty_result_with_views() { + public void empty_result() { db.organizations().setDefaultTemplates(db.getDefaultOrganization(), "AU-Tpxb--iU5OvuD2FLy", "AU-TpxcA-iU5OvuD2FLz"); String result = newRequest(wsTester).execute().getInput(); @@ -201,7 +237,7 @@ public class SearchTemplatesActionTest extends BasePermissionWsTest<SearchTempla public void display_all_project_permissions() { db.organizations().setDefaultTemplates(db.permissionTemplates().insertTemplate(db.getDefaultOrganization()), null); - String result = newRequest().execute().getInput(); + String result = newRequest(underTestWithoutViews).execute().getInput(); assertJson(result) .withStrictArrayOrder() @@ -245,6 +281,64 @@ public class SearchTemplatesActionTest extends BasePermissionWsTest<SearchTempla "}"); } + @Test + public void display_all_project_permissions_with_views() { + db.organizations().setDefaultTemplates(db.permissionTemplates().insertTemplate(db.getDefaultOrganization()), null); + + String result = newRequest().execute().getInput(); + + assertJson(result) + .withStrictArrayOrder() + .ignoreFields("defaultTemplates", "permissionTemplates") + .isSimilarTo( + "{" + + " \"permissions\": [" + + " {" + + " \"key\": \"admin\"," + + " \"name\": \"Administer\"," + + " \"description\": \"Ability to access project settings and perform administration tasks. (Users will also need \\\"Browse\\\" permission)\"" + + " }," + + " {" + + " \"key\": \"codeviewer\"," + + " \"name\": \"See Source Code\"," + + " \"description\": \"Ability to view the project\\u0027s source code. (Users will also need \\\"Browse\\\" permission)\"" + + " }," + + " {" + + " \"key\": \"issueadmin\"," + + " \"name\": \"Administer Issues\"," + + " \"description\": \"Grants the permission to perform advanced editing on issues: marking an issue False Positive / Won\\u0027t Fix or changing an Issue\\u0027s severity. (Users will also need \\\"Browse\\\" permission)\"" + + + " }," + + " {" + + " \"key\": \"securityhotspotadmin\"," + + " \"name\": \"Administer Security Hotspots\"," + + " \"description\": \"Detect a Vulnerability from a \\\"Security Hotspot\\\". Reject, clear, accept, reopen a \\\"Security Hotspot\\\" (users also need \\\"Browse\\\" permissions).\"" + + " }," + + " {" + + " \"key\": \"scan\"," + + " \"name\": \"Execute Analysis\"," + + " \"description\": \"Ability to execute analyses, and to get all settings required to perform the analysis, even the secured ones like the scm account password, the jira account password, and so on.\"" + + + " }," + + " {" + + " \"key\": \"user\"," + + " \"name\": \"Browse\"," + + " \"description\": \"Ability to access a project, browse its measures, and create/edit issues for it.\"" + + " }," + + " {" + + " \"key\": \"applicationcreator\"," + + " \"name\": \"Create Applications\"," + + " \"description\": \"Allow to create applications for non system administrator.\"" + + " }," + + " {" + + " \"key\": \"portfoliocreator\"," + + " \"name\": \"Create Portfolios\"," + + " \"description\": \"Allow to create portfolios for non system administrator.\"" + + " }" + + " ]" + + "}"); + } + private PermissionTemplateDto insertProjectTemplate(OrganizationDto org) { return insertTemplate(newPermissionTemplateDto() .setOrganizationUuid(org.getUuid()) diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateGroupsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateGroupsActionTest.java index 3319a70d353..ef44052a84a 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateGroupsActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateGroupsActionTest.java @@ -21,7 +21,10 @@ package org.sonar.server.permission.ws.template; import javax.annotation.Nullable; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.db.permission.template.PermissionTemplateGroupDto; @@ -30,7 +33,8 @@ import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.ws.BasePermissionWsTest; import org.sonar.server.permission.ws.RequestValidator; import org.sonar.server.permission.ws.WsParameters; @@ -53,13 +57,15 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_T import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; public class TemplateGroupsActionTest extends BasePermissionWsTest<TemplateGroupsAction> { - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); - private RequestValidator requestValidator = new RequestValidator(permissionsHelper); + + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); + private RequestValidator requestValidator = new RequestValidator(permissionService); @Override protected TemplateGroupsAction buildWsAction() { - return new TemplateGroupsAction(db.getDbClient(), userSession, newPermissionWsSupport(), requestValidator, wsParameters); + return new TemplateGroupsAction(db.getDbClient(), userSession, newPermissionWsSupport(), wsParameters, requestValidator); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java index d125d768dd7..2b3bb796859 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/TemplateUsersActionTest.java @@ -21,8 +21,11 @@ package org.sonar.server.permission.ws.template; import javax.annotation.Nullable; import org.junit.Test; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.server.ws.WebService; import org.sonar.core.permission.GlobalPermissions; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.db.permission.template.PermissionTemplateUserDto; import org.sonar.db.user.UserDto; @@ -31,7 +34,8 @@ import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.issue.ws.AvatarResolverImpl; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.ws.BasePermissionWsTest; import org.sonar.server.permission.ws.RequestValidator; import org.sonar.server.permission.ws.WsParameters; @@ -52,13 +56,15 @@ import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_T import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME; public class TemplateUsersActionTest extends BasePermissionWsTest<TemplateUsersAction> { - private PermissionsHelper permissionsHelper = newPermissionsHelper(); - private WsParameters wsParameters = new WsParameters(permissionsHelper); - private RequestValidator requestValidator = new RequestValidator(permissionsHelper); + + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private WsParameters wsParameters = new WsParameters(permissionService); + private RequestValidator requestValidator = new RequestValidator(permissionService); @Override protected TemplateUsersAction buildWsAction() { - return new TemplateUsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl(), requestValidator, wsParameters); + return new TemplateUsersAction(db.getDbClient(), userSession, newPermissionWsSupport(), new AvatarResolverImpl(), wsParameters, requestValidator); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java index eb9bcd3d92e..b98eec11a20 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java @@ -32,6 +32,7 @@ import org.sonar.api.resources.ResourceTypes; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; import org.sonar.api.web.UserRole; +import org.sonar.core.permission.ProjectPermissions; import org.sonar.core.util.stream.MoreCollectors; import org.sonar.db.DbClient; import org.sonar.db.DbSession; @@ -58,7 +59,8 @@ import org.sonar.server.exceptions.UnauthorizedException; import org.sonar.server.organization.BillingValidations; import org.sonar.server.organization.BillingValidationsProxy; import org.sonar.server.organization.TestDefaultOrganizationProvider; -import org.sonar.server.permission.PermissionsHelper; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.permission.index.FooIndexDefinition; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.TestRequest; @@ -81,14 +83,8 @@ public class UpdateVisibilityActionTest { private static final String PUBLIC = "public"; private static final String PRIVATE = "private"; - private static final ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT, Qualifiers.VIEW, Qualifiers.APP); - private static final PermissionsHelper permissionsHelper = new PermissionsHelper(resourceTypes); - private static final Set<String> ORGANIZATION_PERMISSIONS_NAME_SET = stream(OrganizationPermission.values()).map(OrganizationPermission::getKey) .collect(MoreCollectors.toSet(OrganizationPermission.values().length)); - private static final Set<String> PROJECT_PERMISSIONS_BUT_USER_AND_CODEVIEWER = permissionsHelper.allPermissions().stream() - .filter(perm -> !perm.equals(UserRole.USER) && !perm.equals(UserRole.CODEVIEWER)) - .collect(MoreCollectors.toSet(permissionsHelper.allPermissions().size() - 2)); @Rule public DbTester dbTester = DbTester.create(System2.INSTANCE); @@ -99,13 +95,19 @@ public class UpdateVisibilityActionTest { @Rule public ExpectedException expectedException = ExpectedException.none(); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); + private final Set<String> PROJECT_PERMISSIONS_BUT_USER_AND_CODEVIEWER = permissionService.getAllProjectPermissions().stream() + .filter(perm -> !perm.equals(UserRole.USER) && !perm.equals(UserRole.CODEVIEWER)) + .collect(MoreCollectors.toSet(permissionService.getAllProjectPermissions().size() - 2)); + private DbClient dbClient = dbTester.getDbClient(); private DbSession dbSession = dbTester.getSession(); private TestProjectIndexers projectIndexers = new TestProjectIndexers(); private BillingValidationsProxy billingValidations = mock(BillingValidationsProxy.class); private ProjectsWsSupport wsSupport = new ProjectsWsSupport(dbClient, TestDefaultOrganizationProvider.from(dbTester), billingValidations); - private UpdateVisibilityAction underTest = new UpdateVisibilityAction(dbClient, TestComponentFinder.from(dbTester), userSessionRule, projectIndexers, wsSupport); + private UpdateVisibilityAction underTest = new UpdateVisibilityAction(dbClient, TestComponentFinder.from(dbTester), userSessionRule, projectIndexers, wsSupport, permissionService); private WsActionTester ws = new WsActionTester(underTest); private final Random random = new Random(); @@ -644,7 +646,7 @@ public class UpdateVisibilityActionTest { dbTester.users().insertPermissionOnGroup(group, organizationPermission); dbTester.users().insertPermissionOnUser(organization, user, organizationPermission); }); - permissionsHelper.allPermissions() + permissionService.getAllProjectPermissions() .forEach(permission -> { unsafeInsertProjectPermissionOnAnyone(component, permission); unsafeInsertProjectPermissionOnGroup(component, group, permission); @@ -688,9 +690,9 @@ public class UpdateVisibilityActionTest { assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), null, component.getId())) .isEmpty(); assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), group.getId(), component.getId())) - .containsAll(permissionsHelper.allPermissions()); + .containsAll(permissionService.getAllProjectPermissions()); assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession, user.getId(), component.getId())) - .containsAll(permissionsHelper.allPermissions()); + .containsAll(permissionService.getAllProjectPermissions()); } private void verifyHasAllPermissionsButProjectPermissionsUserAndBrowse(ComponentDto component, UserDto user, GroupDto group) { @@ -722,11 +724,11 @@ public class UpdateVisibilityActionTest { assertThat(dbClient.userPermissionDao().selectGlobalPermissionsOfUser(dbSession, user.getId(), component.getOrganizationUuid())) .containsAll(ORGANIZATION_PERMISSIONS_NAME_SET); assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), null, component.getId())) - .containsAll(permissionsHelper.allPermissions()); + .containsAll(permissionService.getAllProjectPermissions()); assertThat(dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, component.getOrganizationUuid(), group.getId(), component.getId())) - .containsAll(permissionsHelper.allPermissions()); + .containsAll(permissionService.getAllProjectPermissions()); assertThat(dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession, user.getId(), component.getId())) - .containsAll(permissionsHelper.allPermissions()); + .containsAll(permissionService.getAllProjectPermissions()); } private void insertPendingTask(ComponentDto project) { diff --git a/server/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java b/server/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java index b2cdae82140..da9eb3bb95d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java @@ -35,6 +35,7 @@ import org.sonar.api.web.UserRole; import org.sonar.api.web.page.Page; import org.sonar.db.DbTester; import org.sonar.db.organization.DefaultTemplates; +import org.sonar.db.permission.OrganizationPermission; import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.db.permission.template.PermissionTemplateGroupDto; import org.sonar.db.user.GroupDto; @@ -96,8 +97,8 @@ public class RegisterPermissionTemplatesTest { expectGroupPermission(groupPermissions, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS); expectGroupPermission(groupPermissions, UserRole.ISSUE_ADMIN, DefaultGroups.ADMINISTRATORS); expectGroupPermission(groupPermissions, UserRole.SECURITYHOTSPOT_ADMIN, DefaultGroups.ADMINISTRATORS); - expectGroupPermission(groupPermissions, UserRole.APPLICATION_CREATOR, DefaultGroups.ADMINISTRATORS); - expectGroupPermission(groupPermissions, UserRole.PORTFOLIO_CREATOR, DefaultGroups.ADMINISTRATORS); + expectGroupPermission(groupPermissions, OrganizationPermission.APPLICATION_CREATOR.getKey(), DefaultGroups.ADMINISTRATORS); + expectGroupPermission(groupPermissions, OrganizationPermission.PORTFOLIO_CREATOR.getKey(), DefaultGroups.ADMINISTRATORS); expectGroupPermission(groupPermissions, UserRole.CODEVIEWER, defaultGroup.getName()); expectGroupPermission(groupPermissions, UserRole.USER, defaultGroup.getName()); @@ -123,8 +124,8 @@ public class RegisterPermissionTemplatesTest { expectGroupPermission(groupPermissions, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS); expectGroupPermission(groupPermissions, UserRole.ISSUE_ADMIN, DefaultGroups.ADMINISTRATORS); expectGroupPermission(groupPermissions, UserRole.SECURITYHOTSPOT_ADMIN, DefaultGroups.ADMINISTRATORS); - expectGroupPermission(groupPermissions, UserRole.APPLICATION_CREATOR, DefaultGroups.ADMINISTRATORS); - expectGroupPermission(groupPermissions, UserRole.PORTFOLIO_CREATOR, DefaultGroups.ADMINISTRATORS); + expectGroupPermission(groupPermissions, OrganizationPermission.APPLICATION_CREATOR.getKey(), DefaultGroups.ADMINISTRATORS); + expectGroupPermission(groupPermissions, OrganizationPermission.PORTFOLIO_CREATOR.getKey(), DefaultGroups.ADMINISTRATORS); expectGroupPermission(groupPermissions, UserRole.CODEVIEWER, defaultGroup.getName()); expectGroupPermission(groupPermissions, UserRole.USER, defaultGroup.getName()); diff --git a/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java b/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java index 785ad3c8963..d9b10f1efbd 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java +++ b/server/sonar-server/src/test/java/org/sonar/server/tester/AbstractMockUserSession.java @@ -20,13 +20,13 @@ package org.sonar.server.tester; import com.google.common.collect.HashMultimap; +import com.google.common.collect.ImmutableSet; import java.util.Arrays; import java.util.HashSet; import java.util.Map; import java.util.Optional; import java.util.Set; import org.sonar.api.web.UserRole; -import org.sonar.core.permission.ProjectPermissions; import org.sonar.db.component.ComponentDto; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.permission.OrganizationPermission; @@ -36,6 +36,8 @@ import static com.google.common.base.Preconditions.checkArgument; import static com.google.common.collect.Maps.newHashMap; public abstract class AbstractMockUserSession<T extends AbstractMockUserSession> extends AbstractUserSession { + private static final Set<String> PUBLIC_PERMISSIONS = ImmutableSet.of(UserRole.USER, UserRole.CODEVIEWER); // FIXME to check with Simon + private final Class<T> clazz; private HashMultimap<String, String> projectUuidByPermission = HashMultimap.create(); private final HashMultimap<String, OrganizationPermission> permissionsByOrganizationUuid = HashMultimap.create(); @@ -79,7 +81,7 @@ public abstract class AbstractMockUserSession<T extends AbstractMockUserSession> public T addProjectPermission(String permission, ComponentDto... components) { Arrays.stream(components).forEach(component -> { checkArgument( - component.isPrivate() || !ProjectPermissions.PUBLIC_PERMISSIONS.contains(permission), + component.isPrivate() || !PUBLIC_PERMISSIONS.contains(permission), "public component %s can't be granted public permission %s", component.uuid(), permission); }); registerComponents(components); diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java index d1e865d81d4..83caa654df2 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ServerUserSessionTest.java @@ -24,17 +24,22 @@ import javax.annotation.Nullable; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.utils.System2; import org.sonar.api.web.UserRole; import org.sonar.db.DbClient; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; +import org.sonar.db.component.ResourceTypesRule; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDto; import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.organization.TestDefaultOrganizationProvider; import org.sonar.server.organization.TestOrganizationFlags; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import static com.google.common.base.Preconditions.checkState; import static java.util.Arrays.asList; @@ -53,6 +58,8 @@ public class ServerUserSessionTest { public DbTester db = DbTester.create(System2.INSTANCE); @Rule public ExpectedException expectedException = ExpectedException.none(); + private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT); + private PermissionService permissionService = new PermissionServiceImpl(resourceTypes); private DbClient dbClient = db.getDbClient(); private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); @@ -696,7 +703,7 @@ public class ServerUserSessionTest { } private ServerUserSession newUserSession(@Nullable UserDto userDto) { - return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, userDto); + return new ServerUserSession(dbClient, organizationFlags, defaultOrganizationProvider, userDto, permissionService); } private ServerUserSession newAnonymousSession() { diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java index 8dac16ed83c..50b3c606650 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/CurrentActionTest.java @@ -23,6 +23,10 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.sonar.api.config.internal.MapSettings; +import org.sonar.api.resources.Qualifiers; +import org.sonar.api.resources.ResourceType; +import org.sonar.api.resources.ResourceTypeTree; +import org.sonar.api.resources.ResourceTypes; import org.sonar.api.server.ws.WebService; import org.sonar.api.utils.System2; import org.sonar.core.platform.PluginRepository; @@ -36,6 +40,8 @@ import org.sonar.server.issue.ws.AvatarResolverImpl; import org.sonar.server.organization.DefaultOrganizationProvider; import org.sonar.server.organization.TestDefaultOrganizationProvider; import org.sonar.server.organization.TestOrganizationFlags; +import org.sonar.server.permission.PermissionService; +import org.sonar.server.permission.PermissionServiceImpl; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.WsActionTester; import org.sonarqube.ws.Users.CurrentWsResponse; @@ -68,9 +74,10 @@ public class CurrentActionTest { private MapSettings settings = new MapSettings(); private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone(); private HomepageTypesImpl homepageTypes = new HomepageTypesImpl(settings.asConfig(), organizationFlags, db.getDbClient()); - + private PermissionService permissionService = new PermissionServiceImpl(new ResourceTypes(new ResourceTypeTree[] { + ResourceTypeTree.builder().addType(ResourceType.builder(Qualifiers.PROJECT).build()).build()})); private WsActionTester ws = new WsActionTester( - new CurrentAction(userSessionRule, dbClient, defaultOrganizationProvider, new AvatarResolverImpl(), homepageTypes, pluginRepository)); + new CurrentAction(userSessionRule, dbClient, defaultOrganizationProvider, new AvatarResolverImpl(), homepageTypes, pluginRepository, permissionService)); @Test public void return_user_info() { diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/web/UserRole.java b/sonar-plugin-api/src/main/java/org/sonar/api/web/UserRole.java index fe372fa23c3..196218cdc51 100644 --- a/sonar-plugin-api/src/main/java/org/sonar/api/web/UserRole.java +++ b/sonar-plugin-api/src/main/java/org/sonar/api/web/UserRole.java @@ -47,12 +47,6 @@ public @interface UserRole { */ String SECURITYHOTSPOT_ADMIN = "securityhotspotadmin"; - /** - * @since 7.4 - */ - String APPLICATION_CREATOR = "applicationcreator"; - String PORTFOLIO_CREATOR = "portfoliocreator"; - String[] value() default {}; } |