@Override protected List<ComponentDto> doKeepAuthorizedComponents(String permission, Collection<ComponentDto> components) { try (DbSession dbSession = dbClient.openSession(false)) { Set<String> projectUuids = components.stream() .map(c -> defaultIfEmpty(c.getMainBranchProjectUuid(), c.projectUuid())) .collect(MoreCollectors.toSet(components.size())); Set<String> authorizedProjectUuids = dbClient.authorizationDao().keepAuthorizedProjectUuids(dbSession, projectUuids, getUserId(), permission); return components.stream() .filter(c -> authorizedProjectUuids.contains(c.projectUuid()) || authorizedProjectUuids.contains(c.getMainBranchProjectUuid())) .collect(MoreCollectors.toList(components.size())); } }
@Test public void keepAuthorizedProjectUuids_should_be_able_to_handle_lots_of_projects() { List<ComponentDto> projects = IntStream.range(0, 2000).mapToObj(i -> db.components().insertPublicProject(organization)).collect(Collectors.toList()); Collection<String> uuids = projects.stream().map(ComponentDto::uuid).collect(Collectors.toSet()); assertThat(underTest.keepAuthorizedProjectUuids(dbSession, uuids, null, UserRole.USER)) .containsOnly(uuids.toArray(new String[0])); }
@Override public void handle(Request request, Response response) throws Exception { String profileKey = request.mandatoryParam(PARAM_KEY); try (DbSession session = dbClient.openSession(false)) { checkProfileExists(profileKey, session); String selected = request.param(Param.SELECTED); String query = request.param(Param.TEXT_QUERY); int page = request.mandatoryParamAsInt(Param.PAGE); int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); List<ProjectQprofileAssociationDto> projects = loadAllProjects(profileKey, session, selected, query).stream() .sorted(comparing(ProjectQprofileAssociationDto::getProjectName) .thenComparing(ProjectQprofileAssociationDto::getProjectUuid)) .collect(MoreCollectors.toList()); Collection<String> projectUuids = projects.stream() .map(ProjectQprofileAssociationDto::getProjectUuid) .collect(MoreCollectors.toSet()); Set<String> authorizedProjectUuids = dbClient.authorizationDao().keepAuthorizedProjectUuids(session, projectUuids, userSession.getUserId(), UserRole.USER); Paging paging = forPageIndex(page).withPageSize(pageSize).andTotal(authorizedProjectUuids.size()); List<ProjectQprofileAssociationDto> authorizedProjects = projects.stream() .filter(input -> authorizedProjectUuids.contains(input.getProjectUuid())) .skip(paging.offset()) .limit(paging.pageSize()) .collect(MoreCollectors.toList()); writeProjects(response, authorizedProjects, paging); } }
@Test public void keepAuthorizedProjectUuids_returns_empty_list_if_input_is_empty() { ComponentDto publicProject = db.components().insertPublicProject(organization); UserDto user = db.users().insertUser(); assertThat(underTest.keepAuthorizedProjectUuids(dbSession, Collections.emptySet(), user.getId(), UserRole.USER)) .isEmpty(); // projects do not exist assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet("does_not_exist"), user.getId(), UserRole.USER)) .isEmpty(); }
@Test public void keepAuthorizedProjectUuids_returns_public_projects_if_permission_USER_or_CODEVIEWER() { ComponentDto publicProject = db.components().insertPublicProject(organization); UserDto user = db.users().insertUser(); // logged-in user assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(publicProject.uuid()), user.getId(), UserRole.CODEVIEWER)) .containsOnly(publicProject.uuid()); assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(publicProject.uuid()), user.getId(), UserRole.USER)) .containsOnly(publicProject.uuid()); assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(publicProject.uuid()), user.getId(), UserRole.ADMIN)) .isEmpty(); // anonymous assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(publicProject.uuid()), null, UserRole.CODEVIEWER)) .containsOnly(publicProject.uuid()); assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(publicProject.uuid()), null, UserRole.USER)) .containsOnly(publicProject.uuid()); assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(publicProject.uuid()), null, UserRole.ADMIN)) .isEmpty(); }
@Test public void keepAuthorizedProjectUuids_returns_empty_list_if_input_does_not_reference_existing_projects() { ComponentDto publicProject = db.components().insertPublicProject(organization); UserDto user = db.users().insertUser(); assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet("does_not_exist"), user.getId(), UserRole.USER)) .isEmpty(); }
@Test public void keepAuthorizedProjectUuids_filters_projects_authorized_to_logged_in_user_by_direct_permission() { ComponentDto privateProject = db.components().insertPrivateProject(organization); ComponentDto publicProject = db.components().insertPublicProject(organization); UserDto user = db.users().insertUser(); db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(privateProject.uuid(), publicProject.uuid()), user.getId(), UserRole.ADMIN)) .containsOnly(privateProject.uuid()); // user does not have the permission "issueadmin" assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(privateProject.uuid(), publicProject.uuid()), user.getId(), UserRole.ISSUE_ADMIN)) .isEmpty(); }
@Test public void keepAuthorizedProjectUuids_filters_projects_authorized_to_logged_in_user_by_group_permission() { ComponentDto privateProject = db.components().insertPrivateProject(organization); ComponentDto publicProject = db.components().insertPublicProject(organization); UserDto user = db.users().insertUser(); GroupDto group = db.users().insertGroup(organization); db.users().insertMember(group, user); db.users().insertProjectPermissionOnGroup(group, UserRole.ADMIN, privateProject); assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(privateProject.uuid(), publicProject.uuid()), user.getId(), UserRole.ADMIN)) .containsOnly(privateProject.uuid()); // user does not have the permission "issueadmin" assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(privateProject.uuid(), publicProject.uuid()), user.getId(), UserRole.ISSUE_ADMIN)) .isEmpty(); }
@Override protected List<ComponentDto> doKeepAuthorizedComponents(String permission, Collection<ComponentDto> components) { try (DbSession dbSession = dbClient.openSession(false)) { Set<String> projectUuids = components.stream() .map(c -> defaultIfEmpty(c.getMainBranchProjectUuid(), c.projectUuid())) .collect(MoreCollectors.toSet(components.size())); Set<String> authorizedProjectUuids = dbClient.authorizationDao().keepAuthorizedProjectUuids(dbSession, projectUuids, getUserId(), permission); return components.stream() .filter(c -> authorizedProjectUuids.contains(c.projectUuid()) || authorizedProjectUuids.contains(c.getMainBranchProjectUuid())) .collect(MoreCollectors.toList(components.size())); } }
@Override public void handle(Request request, Response response) throws Exception { String profileKey = request.mandatoryParam(PARAM_KEY); try (DbSession session = dbClient.openSession(false)) { checkProfileExists(profileKey, session); String selected = request.param(Param.SELECTED); String query = request.param(Param.TEXT_QUERY); int page = request.mandatoryParamAsInt(Param.PAGE); int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); List<ProjectQprofileAssociationDto> projects = loadAllProjects(profileKey, session, selected, query).stream() .sorted(comparing(ProjectQprofileAssociationDto::getProjectName) .thenComparing(ProjectQprofileAssociationDto::getProjectUuid)) .collect(MoreCollectors.toList()); Collection<String> projectUuids = projects.stream() .map(ProjectQprofileAssociationDto::getProjectUuid) .collect(MoreCollectors.toSet()); Set<String> authorizedProjectUuids = dbClient.authorizationDao().keepAuthorizedProjectUuids(session, projectUuids, userSession.getUserId(), UserRole.USER); Paging paging = forPageIndex(page).withPageSize(pageSize).andTotal(authorizedProjectUuids.size()); List<ProjectQprofileAssociationDto> authorizedProjects = projects.stream() .filter(input -> authorizedProjectUuids.contains(input.getProjectUuid())) .skip(paging.offset()) .limit(paging.pageSize()) .collect(MoreCollectors.toList()); writeProjects(response, authorizedProjects, paging); } }