public static OrganizationPermission fromKey(String key) { for (OrganizationPermission p : values()) { if (p.getKey().equals(key)) { return p; } } throw new IllegalArgumentException("Unsupported permission: " + key); } }
public PermissionServiceImpl(ResourceTypes resourceTypes) { globalPermissions = ImmutableList.copyOf(ALL_GLOBAL_PERMISSIONS.stream() .filter(s -> !s.equals(OrganizationPermission.APPLICATION_CREATOR) || resourceTypes.isQualifierPresent(Qualifiers.APP)) .filter(s -> !s.equals(OrganizationPermission.PORTFOLIO_CREATOR) || resourceTypes.isQualifierPresent(Qualifiers.VIEW)) .collect(toList())); projectPermissions = ImmutableList.copyOf(ALL_PROJECT_PERMISSIONS.stream() .filter(s -> !s.equals(OrganizationPermission.APPLICATION_CREATOR.getKey()) || resourceTypes.isQualifierPresent(Qualifiers.APP)) .filter(s -> !s.equals(OrganizationPermission.PORTFOLIO_CREATOR.getKey()) || resourceTypes.isQualifierPresent(Qualifiers.VIEW)) .collect(toList())); }
private Set<String> searchOrganizationWithProvisionPermission(DbSession dbSession) { Integer userId = userSession.getUserId(); return userId == null ? emptySet() : dbClient.organizationDao().selectByPermission(dbSession, userId, PROVISION_PROJECTS.getKey()).stream().map(OrganizationDto::getUuid).collect(toSet()); }
/** * Used by license notifications */ public List<String> selectGlobalAdministratorLogins(DbSession dbSession) { return mapper(dbSession).selectLoginsWithGlobalPermission(ADMINISTER.getKey()); }
private void insertPermissionForAdministrators(DbSession dbSession, PermissionTemplateDto template) { Optional<GroupDto> admins = dbClient.groupDao().selectByName(dbSession, template.getOrganizationUuid(), DefaultGroups.ADMINISTRATORS); if (admins.isPresent()) { insertGroupPermission(dbSession, template, UserRole.ADMIN, admins.get()); insertGroupPermission(dbSession, template, UserRole.ISSUE_ADMIN, admins.get()); insertGroupPermission(dbSession, template, UserRole.SECURITYHOTSPOT_ADMIN, admins.get()); insertGroupPermission(dbSession, template, OrganizationPermission.APPLICATION_CREATOR.getKey(), admins.get()); insertGroupPermission(dbSession, template, OrganizationPermission.PORTFOLIO_CREATOR.getKey(), admins.get()); } else { LOG.error("Cannot setup default permission for group: " + DefaultGroups.ADMINISTRATORS); } }
private void ensureLastAdminIsNotRemoved(DbSession dbSession, OrganizationDto organizationDto, UserDto user) { int remainingAdmins = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, organizationDto.getUuid(), ADMINISTER.getKey(), user.getId()); checkRequest(remainingAdmins > 0, "The last administrator member cannot be removed"); } }
/** * Ensure that there are still users with admin global permission if user is removed from the group. */ private void ensureLastAdminIsNotRemoved(DbSession dbSession, GroupDto group, UserDto user) { int remainingAdmins = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroupMember(dbSession, group.getOrganizationUuid(), OrganizationPermission.ADMINISTER.getKey(), group.getId(), user.getId()); checkRequest(remainingAdmins > 0, "The last administrator user cannot be removed"); }
@Test public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_exist() { OrganizationDto organization = db.organizations().insert(); UserDto user = insertUser(organization); db.users().insertPermissionOnUser(organization, user, SCAN); int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, 124L, SCAN.getKey()); assertThat(deletedCount).isEqualTo(0); assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getId(), organization.getUuid())).containsOnly(SCAN.getKey()); }
private void addPermissionToGroup(DbSession dbSession, GroupDto group, OrganizationPermission permission) { dbClient.groupPermissionDao().insert( dbSession, new GroupPermissionDto() .setOrganizationUuid(group.getOrganizationUuid()) .setGroupId(group.getId()) .setRole(permission.getKey())); }
@Test public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_have_specified_permission() { OrganizationDto organization = db.organizations().insert(); UserDto user = insertUser(organization); db.users().insertPermissionOnUser(organization, user, SCAN); ComponentDto project = randomPublicOrPrivateProject(organization); db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project); int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project.getId(), "p1"); assertThat(deletedCount).isEqualTo(0); assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getId(), organization.getUuid())).containsOnly(SCAN.getKey()); assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user.getId(), project.getId())).containsOnly(SCAN.getKey()); }
@Test public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_has_no_permission_at_all() { OrganizationDto organization = db.organizations().insert(); UserDto user = insertUser(organization); db.users().insertPermissionOnUser(organization, user, SCAN); ComponentDto project = randomPublicOrPrivateProject(organization); int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project.getId(), SCAN.getKey()); assertThat(deletedCount).isEqualTo(0); assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getId(), organization.getUuid())).containsOnly(SCAN.getKey()); }
@Test public void apply_template_on_view() { OrganizationDto organization = dbTester.organizations().insert(); ComponentDto view = dbTester.components().insertView(organization); PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); GroupDto group = dbTester.users().insertGroup(organization); dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, ADMINISTER.getKey()); dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, PROVISION_PROJECTS.getKey()); dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null); underTest.applyDefault(session, organization.getUuid(), view, null); assertThat(selectProjectPermissionsOfGroup(organization, group, view)) .containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey()); }
@Test public void fail_if_not_logged_in() { expectedException.expect(UnauthorizedException.class); userSession.anonymous(); newRequest() .setParam(PARAM_PERMISSION, SCAN.getKey()) .execute(); }
@Test public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_have_permission_at_all() { db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); // user is not part of this group db.users().insertPermissionOnGroup(group1, SCAN); Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey()); assertThat(orgUuids).isEmpty(); }
@Test public void selectOrganizationUuidsOfUserWithGlobalPermission_ignores_anonymous_permissions() { db.users().insertPermissionOnAnyone(organization, SCAN); db.users().insertPermissionOnUser(organization, user, ADMINISTER_QUALITY_GATES); Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey()); assertThat(orgUuids).isEmpty(); }
@Test public void search_groups_with_pagination() { loginAsAdmin(db.getDefaultOrganization()); String result = newRequest() .setParam(PARAM_PERMISSION, SCAN.getKey()) .setParam(PAGE_SIZE, "1") .setParam(PAGE, "3") .execute() .getInput(); assertThat(result).contains("group-2") .doesNotContain("group-1") .doesNotContain("group-3"); }
@Test public void apply_project_default_template_on_view_when_no_view_default_template() { OrganizationDto organization = dbTester.organizations().insert(); ComponentDto view = dbTester.components().insertView(organization); PermissionTemplateDto projectPermissionTemplate = dbTester.permissionTemplates().insertTemplate(organization); GroupDto group = dbTester.users().insertGroup(organization); dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, PROVISION_PROJECTS.getKey()); dbTester.organizations().setDefaultTemplates(organization, projectPermissionTemplate.getUuid(), null, null); underTest.applyDefault(session, organization.getUuid(), view, null); assertThat(selectProjectPermissionsOfGroup(organization, group, view)).containsOnly(PROVISION_PROJECTS.getKey()); }
@Test public void fail_to_remove_admin_permission_if_no_more_admins() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertPermissionOnGroup(group, ADMINISTER); expectedException.expect(BadRequestException.class); expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed."); underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId, permissionService)); }
@Test public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_organizations_on_which_user_has_permission() { db.users().insertPermissionOnGroup(group1, SCAN); db.users().insertPermissionOnGroup(group2, QUALITY_GATE_ADMIN); db.users().insertMember(group1, user); db.users().insertMember(group2, user); Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey()); assertThat(orgUuids).containsExactly(group1.getOrganizationUuid()); }
@Test public void fail_when_project_does_not_exist() { loginAsAdmin(db.getDefaultOrganization()); expectedException.expect(NotFoundException.class); expectedException.expectMessage("Project id 'unknown-project-uuid' not found"); newRequest() .setParam(PARAM_GROUP_NAME, aGroup.getName()) .setParam(PARAM_PROJECT_ID, "unknown-project-uuid") .setParam(PARAM_PERMISSION, ADMINISTER.getKey()) .execute(); }