diff options
Diffstat (limited to 'server/sonar-server/src')
5 files changed, 185 insertions, 0 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java b/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java index 3ca3359473c..6d4c1c33b6b 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java @@ -85,6 +85,10 @@ public class AuthorizationTypeSupport { * user has read access. */ public QueryBuilder createQueryFilter() { + if (userSession.isRoot()) { + return QueryBuilders.matchAllQuery(); + } + Integer userId = userSession.getUserId(); BoolQueryBuilder filter = boolQuery(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/index/ComponentIndexLoginTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/index/ComponentIndexLoginTest.java index b294e4ea4e5..c5b30d5db51 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/component/index/ComponentIndexLoginTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/component/index/ComponentIndexLoginTest.java @@ -68,4 +68,14 @@ public class ComponentIndexLoginTest extends ComponentIndexTest { authorizationIndexerTester.allowOnlyGroup(project, group); assertSearchResults("sonarqube", project); } + + @Test + public void do_not_check_permissions_when_logged_in_user_is_root() { + userSession.logIn().setRoot(); + ComponentDto project = newProject("sonarqube", "Quality Product"); + indexer.index(project); + // do not give any permissions to that project + + assertSearchResults("sonarqube", project); + } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexTest.java index a27cf1661be..a0b31e5f8e5 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/issue/index/IssueIndexTest.java @@ -1218,6 +1218,15 @@ public class IssueIndexTest { } @Test + public void root_user_is_authorized_to_access_all_issues() { + ComponentDto project = newProjectDto(newOrganizationDto()); + indexIssue(IssueDocTesting.newDoc("I1", project)); + userSessionRule.logIn().setRoot(); + + assertThat(underTest.search(IssueQuery.builder().build(), new SearchOptions()).getDocs()).hasSize(1); + } + + @Test public void search_issues_for_batch_return_needed_fields() { ComponentDto project = newProjectDto(newOrganizationDto(), "PROJECT"); ComponentDto file = newFileDto(project, null).setPath("src/File.xoo"); diff --git a/server/sonar-server/src/test/java/org/sonar/server/measure/index/ProjectMeasuresIndexTest.java b/server/sonar-server/src/test/java/org/sonar/server/measure/index/ProjectMeasuresIndexTest.java index ecb6a730b17..67d69c11523 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/measure/index/ProjectMeasuresIndexTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/measure/index/ProjectMeasuresIndexTest.java @@ -273,6 +273,15 @@ public class ProjectMeasuresIndexTest { } @Test + public void root_user_can_access_all_projects() { + indexForUser(USER1, newDoc(PROJECT1)); + // connecting with a root but not USER1 + userSession.logIn().setRoot(); + + assertResults(new ProjectMeasuresQuery(), PROJECT1); + } + + @Test public void does_not_return_facet_when_no_facets_in_options() throws Exception { index( newDoc(PROJECT1, NCLOC, 10d, COVERAGE_KEY, 30d, MAINTAINABILITY_RATING, 3d) diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/index/AuthorizationTypeSupportTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/index/AuthorizationTypeSupportTest.java new file mode 100644 index 00000000000..b52f34d96e8 --- /dev/null +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/index/AuthorizationTypeSupportTest.java @@ -0,0 +1,153 @@ +/* + * SonarQube + * Copyright (C) 2009-2017 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.permission.index; + +import org.elasticsearch.index.query.HasParentQueryBuilder; +import org.elasticsearch.index.query.MatchAllQueryBuilder; +import org.elasticsearch.index.query.QueryBuilder; +import org.junit.Rule; +import org.junit.Test; +import org.sonar.db.user.GroupDto; +import org.sonar.db.user.GroupTesting; +import org.sonar.server.tester.UserSessionRule; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.test.JsonAssert.assertJson; + +public class AuthorizationTypeSupportTest { + + @Rule + public UserSessionRule userSession = UserSessionRule.standalone(); + + private AuthorizationTypeSupport underTest = new AuthorizationTypeSupport(userSession); + + @Test + public void createQueryFilter_does_not_include_permission_filters_if_user_is_flagged_as_root() { + userSession.logIn().setRoot(); + + QueryBuilder filter = underTest.createQueryFilter(); + + assertThat(filter).isInstanceOf(MatchAllQueryBuilder.class); + } + + @Test + public void createQueryFilter_sets_filter_on_anyone_group_if_user_is_anonymous() { + userSession.anonymous(); + + HasParentQueryBuilder filter = (HasParentQueryBuilder) underTest.createQueryFilter(); + + assertJson(filter.toString()).isSimilarTo("{" + + " \"has_parent\" : {" + + " \"query\" : {" + + " \"bool\" : {" + + " \"filter\" : {" + + " \"bool\" : {" + + " \"should\" : {" + + " \"term\" : {" + + " \"allowAnyone\" : true" + + " }" + + " }" + + " }" + + " }" + + " }" + + " }," + + " \"parent_type\" : \"authorization\"" + + " }" + + "}"); + } + + @Test + public void createQueryFilter_sets_filter_on_anyone_and_user_id_if_user_is_logged_in_but_has_no_groups() { + userSession.logIn().setUserId(1234); + + HasParentQueryBuilder filter = (HasParentQueryBuilder) underTest.createQueryFilter(); + + assertJson(filter.toString()).isSimilarTo("{" + + " \"has_parent\": {" + + " \"query\": {" + + " \"bool\": {" + + " \"filter\": {" + + " \"bool\": {" + + " \"should\": [" + + " {" + + " \"term\": {" + + " \"allowAnyone\": true" + + " }" + + " }," + + " {" + + " \"term\": {" + + " \"userIds\": 1234" + + " }" + + " }" + + " ]" + + " }" + + " }" + + " }" + + " }," + + " \"parent_type\": \"authorization\"" + + " }" + + "}"); + } + + @Test + public void createQueryFilter_sets_filter_on_anyone_and_user_id_and_group_ids_if_user_is_logged_in_and_has_groups() { + GroupDto group1 = GroupTesting.newGroupDto().setId(10L); + GroupDto group2 = GroupTesting.newGroupDto().setId(11L); + userSession.logIn().setUserId(1234).setGroups(group1, group2); + + HasParentQueryBuilder filter = (HasParentQueryBuilder) underTest.createQueryFilter(); + + assertJson(filter.toString()).isSimilarTo("{" + + " \"has_parent\": {" + + " \"query\": {" + + " \"bool\": {" + + " \"filter\": {" + + " \"bool\": {" + + " \"should\": [" + + " {" + + " \"term\": {" + + " \"allowAnyone\": true" + + " }" + + " }," + + " {" + + " \"term\": {" + + " \"userIds\": 1234" + + " }" + + " }," + + " {" + + " \"term\": {" + + " \"groupIds\": 10" + + " }" + + " }," + + " {" + + " \"term\": {" + + " \"groupIds\": 11" + + " }" + + " }" + + " ]" + + " }" + + " }" + + " }" + + " }," + + " \"parent_type\": \"authorization\"" + + " }" + + "}"); + } +} |