public GroupPermissionDto insertPermissionOnAnyone(OrganizationDto org, OrganizationPermission permission) { return insertPermissionOnAnyone(org, permission.getKey()); }
@Test public void hasPermission_on_organization_keeps_cache_of_permissions_of_anonymous_user() { OrganizationDto org = db.organizations().insert(); db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS); UserSession session = newAnonymousSession(); // feed the cache assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); // change permissions without updating the cache db.users().insertPermissionOnAnyone(org, SCAN); assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); assertThat(session.hasPermission(SCAN, org.getUuid())).isFalse(); }
@Test public void test_hasPermission_on_organization_for_anonymous_user() { OrganizationDto org = db.organizations().insert(); db.users().insertPermissionOnAnyone(org, PROVISION_PROJECTS); UserSession session = newAnonymousSession(); assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse(); }
private void unsafeGiveAllPermissionsToRootComponent(ComponentDto component, UserDto user, GroupDto group, OrganizationDto organization) { Arrays.stream(OrganizationPermission.values()) .forEach(organizationPermission -> { dbTester.users().insertPermissionOnAnyone(organization, organizationPermission); dbTester.users().insertPermissionOnGroup(group, organizationPermission); dbTester.users().insertPermissionOnUser(organization, user, organizationPermission); }); permissionService.getAllProjectPermissions() .forEach(permission -> { unsafeInsertProjectPermissionOnAnyone(component, permission); unsafeInsertProjectPermissionOnGroup(component, group, permission); unsafeInsertProjectPermissionOnUser(component, user, permission); }); }
@Test public void selectOrganizationUuidsOfUserWithGlobalPermission_ignores_anonymous_permissions() { db.users().insertPermissionOnAnyone(organization, SCAN); db.users().insertPermissionOnUser(organization, user, ADMINISTER_QUALITY_GATES); Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey()); assertThat(orgUuids).isEmpty(); }
@Test public void deleteByRootComponentIdAndPermission_has_no_effect_if_component_does_not_have_specified_permission() { OrganizationDto organization = db.organizations().insert(); GroupDto group = db.users().insertGroup(organization); ComponentDto project = randomPublicOrPrivateProject(organization); db.users().insertPermissionOnAnyone(organization, "p1"); db.users().insertPermissionOnGroup(group, "p1"); assertThat(underTest.deleteByRootComponentIdAndPermission(dbSession, project.getId(), "p1")).isEqualTo(0); }
@Test public void deleteByRootComponentIdAndPermission_has_no_effect_if_component_has_no_group_permission_at_all() { OrganizationDto organization = db.organizations().insert(); GroupDto group = db.users().insertGroup(organization); ComponentDto project = randomPublicOrPrivateProject(organization); db.users().insertPermissionOnAnyone(organization, "p1"); db.users().insertPermissionOnGroup(group, "p1"); assertThat(underTest.deleteByRootComponentIdAndPermission(dbSession, project.getId(), "p1")).isEqualTo(0); assertThat(getGlobalPermissionsForAnyone(organization)).containsOnly("p1"); assertThat(getGlobalPermissionsForGroup(group)).containsOnly("p1"); assertThat(getProjectPermissionsForAnyOne(project)).isEmpty(); assertThat(getProjectPermissionsForGroup(project, group)).isEmpty(); }
/** * Anonymous user only benefits from the permissions granted to * "Anyone" */ @Test public void selectOrganizationPermissions_for_anonymous_user() { db.users().insertPermissionOnAnyone(organization, "perm1"); // ignored permissions db.users().insertPermissionOnUser(organization, user, "ignored"); db.users().insertPermissionOnGroup(group1, "ignored"); Set<String> permissions = underTest.selectOrganizationPermissionsOfAnonymous(dbSession, organization.getUuid()); assertThat(permissions).containsOnly("perm1"); }
@Test public void countGroupsByQuery() { OrganizationDto organizationDto = db.getDefaultOrganization(); GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); db.users().insertGroup(organizationDto, "Group-2"); db.users().insertGroup(organizationDto, "Group-3"); db.users().insertPermissionOnAnyone(organizationDto, SCAN); db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS); assertThat(underTest.countGroupsByQuery(dbSession, newQuery().build())).isEqualTo(4); assertThat(underTest.countGroupsByQuery(dbSession, newQuery().setPermission(PROVISION_PROJECTS.getKey()).build())).isEqualTo(1); assertThat(underTest.countGroupsByQuery(dbSession, newQuery().withAtLeastOnePermission().build())).isEqualTo(2); assertThat(underTest.countGroupsByQuery(dbSession, newQuery().setSearchQuery("Group-").build())).isEqualTo(3); assertThat(underTest.countGroupsByQuery(dbSession, newQuery().setSearchQuery("Any").build())).isEqualTo(1); }
@Test public void deleteByRootComponentIdAndPermission_has_no_effect_if_component_does_not_exist() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = db.components().insertPublicProject(organization); GroupDto group = db.users().insertGroup(organization); db.users().insertPermissionOnAnyone(organization, "p1"); db.users().insertPermissionOnGroup(group, "p1"); db.users().insertProjectPermissionOnGroup(group, "p1", project); db.users().insertProjectPermissionOnAnyone("p1", project); assertThat(underTest.deleteByRootComponentIdAndPermission(dbSession, 1324, "p1")).isEqualTo(0); assertThat(getGlobalPermissionsForAnyone(organization)).containsOnly("p1"); assertThat(getGlobalPermissionsForGroup(group)).containsOnly("p1"); assertThat(getProjectPermissionsForAnyOne(project)).containsOnly("p1"); assertThat(getProjectPermissionsForGroup(project, group)).containsOnly("p1"); }
private void addPermissions(OrganizationDto organization, ComponentDto root) { if (!root.isPrivate()) { dbTester.users().insertProjectPermissionOnAnyone("foo1", root); dbTester.users().insertPermissionOnAnyone(organization, "not project level"); } GroupDto group = dbTester.users().insertGroup(organization); dbTester.users().insertProjectPermissionOnGroup(group, "bar", root); dbTester.users().insertPermissionOnGroup(group, "not project level"); UserDto user = dbTester.users().insertUser(); dbTester.users().insertProjectPermissionOnUser(user, "doh", root); dbTester.users().insertPermissionOnUser(user, OrganizationPermission.SCAN); assertThat(dbTester.countRowsOfTable("group_roles")).isEqualTo(root.isPrivate() ? 2 : 4); assertThat(dbTester.countRowsOfTable("user_roles")).isEqualTo(2); }
@Test public void delete_global_permission_from_group_on_private_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPrivateProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); underTest.delete(dbSession, "perm2", group1.getOrganizationUuid(), group1.getId(), null); dbSession.commit(); assertThatNoPermission("perm2"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(2); }
@Test public void delete_project_permission_from_group_on_private_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPrivateProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); underTest.delete(dbSession, "perm3", group1.getOrganizationUuid(), group1.getId(), project1.getId()); dbSession.commit(); assertThatNoPermission("perm3"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(2); }
@Test public void selectGroupNamesByQuery_is_ordered_by_permissions_then_by_group_names() { OrganizationDto organizationDto = db.organizations().insert(); GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2"); GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3"); GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); db.users().insertPermissionOnAnyone(organizationDto, SCAN); db.users().insertPermissionOnGroup(group3, SCAN); assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().setOrganizationUuid(organizationDto.getUuid()).build())) .containsExactly(ANYONE, group3.getName(), group1.getName(), group2.getName()); }
@Test public void delete_global_permission_from_anyone_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm1", group1.getOrganizationUuid(), null, null); dbSession.commit(); assertThatNoPermission("perm1"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); }
@Test public void delete_project_permission_from_group_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm3", group1.getOrganizationUuid(), group1.getId(), project1.getId()); dbSession.commit(); assertThatNoPermission("perm3"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); }
@Test public void delete_global_permission_from_group_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm2", group1.getOrganizationUuid(), group1.getId(), null); dbSession.commit(); assertThatNoPermission("perm2"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); }
@Test public void delete_project_permission_from_anybody_on_private_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm4", group1.getOrganizationUuid(), null, project1.getId()); dbSession.commit(); assertThatNoPermission("perm4"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); }
@Test public void selectAllPermissionsByGroupId_on_private_project() { OrganizationDto org1 = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org1, "group1"); ComponentDto project1 = db.components().insertPrivateProject(org1); ComponentDto project2 = db.components().insertPrivateProject(org1); db.users().insertPermissionOnAnyone(org1, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnGroup(group1, "perm4", project1); db.users().insertProjectPermissionOnGroup(group1, "perm5", project2); List<GroupPermissionDto> result = new ArrayList<>(); underTest.selectAllPermissionsByGroupId(dbSession, org1.getUuid(), group1.getId(), context -> result.add((GroupPermissionDto) context.getResultObject())); assertThat(result).extracting(GroupPermissionDto::getResourceId, GroupPermissionDto::getRole).containsOnly( tuple(null, "perm2"), tuple(project1.getId(), "perm3"), tuple(project1.getId(), "perm4"), tuple(project2.getId(), "perm5")); }
@Before public void setUp() { OrganizationDto defOrg = db.getDefaultOrganization(); group1 = db.users().insertGroup(defOrg, "group-1-name"); group2 = db.users().insertGroup(defOrg, "group-2-name"); group3 = db.users().insertGroup(defOrg, "group-3-name"); db.users().insertPermissionOnGroup(group1, SCAN); db.users().insertPermissionOnGroup(group2, SCAN); db.users().insertPermissionOnGroup(group3, ADMINISTER); db.users().insertPermissionOnAnyone(defOrg, SCAN); db.commit(); }