private int insertGroupWithPermissions(OrganizationDto organization1) { GroupDto group = db.users().insertGroup(organization1); db.users().insertPermissionOnGroup(group, "foo"); db.users().insertPermissionOnGroup(group, "bar"); db.users().insertPermissionOnGroup(group, "doh"); return group.getId(); }
@Test public void fail_to_remove_last_admin_permission() throws Exception { db.users().insertPermissionOnGroup(aGroup, ADMINISTER); db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS); loginAsAdmin(db.getDefaultOrganization()); expectedException.expect(BadRequestException.class); expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed."); executeRequest(aGroup, SYSTEM_ADMIN); }
@Before public void setUp() { OrganizationDto defOrg = db.getDefaultOrganization(); group1 = db.users().insertGroup(defOrg, "group-1-name"); group2 = db.users().insertGroup(defOrg, "group-2-name"); group3 = db.users().insertGroup(defOrg, "group-3-name"); db.users().insertPermissionOnGroup(group1, SCAN); db.users().insertPermissionOnGroup(group2, SCAN); db.users().insertPermissionOnGroup(group3, ADMINISTER); db.users().insertPermissionOnAnyone(defOrg, SCAN); db.commit(); }
@Test public void remove_permission_from_group() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); db.users().insertPermissionOnGroup(group, PROVISION_PROJECTS); apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER_QUALITY_GATES.getKey(), null, groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(PROVISION_PROJECTS.getKey()); }
@Test public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_organizations_on_which_user_has_permission() { db.users().insertPermissionOnGroup(group1, SCAN); db.users().insertPermissionOnGroup(group2, QUALITY_GATE_ADMIN); db.users().insertMember(group1, user); db.users().insertMember(group2, user); Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey()); assertThat(orgUuids).containsExactly(group1.getOrganizationUuid()); }
@Test public void remove_permission_using_group_id() { db.users().insertPermissionOnGroup(aGroup, ADMINISTER); db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS); loginAsAdmin(db.getDefaultOrganization()); newRequest() .setParam(PARAM_GROUP_ID, aGroup.getId().toString()) .setParam(PARAM_PERMISSION, PROVISION_PROJECTS.getKey()) .execute(); assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey()); }
@Test public void selectOrganizationUuidsOfUserWithGlobalPermission_returns_empty_set_if_user_does_not_have_permission_at_all() { db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); // user is not part of this group db.users().insertPermissionOnGroup(group1, SCAN); Set<String> orgUuids = underTest.selectOrganizationUuidsOfUserWithGlobalPermission(dbSession, user.getId(), SCAN.getKey()); assertThat(orgUuids).isEmpty(); }
@Test public void remove_permission_using_group_name() { db.users().insertPermissionOnGroup(aGroup, ADMINISTER); db.users().insertPermissionOnGroup(aGroup, PROVISION_PROJECTS); loginAsAdmin(db.getDefaultOrganization()); newRequest() .setParam(PARAM_GROUP_NAME, aGroup.getName()) .setParam(PARAM_PERMISSION, PROVISIONING) .execute(); assertThat(db.users().selectGroupPermissions(aGroup, null)).containsOnly(ADMINISTER.getKey()); }
@Test public void deleteByRootComponentIdAndPermission_has_no_effect_if_component_does_not_have_specified_permission() { OrganizationDto organization = db.organizations().insert(); GroupDto group = db.users().insertGroup(organization); ComponentDto project = randomPublicOrPrivateProject(organization); db.users().insertPermissionOnAnyone(organization, "p1"); db.users().insertPermissionOnGroup(group, "p1"); assertThat(underTest.deleteByRootComponentIdAndPermission(dbSession, project.getId(), "p1")).isEqualTo(0); }
@Test public void remove_admin_group_if_still_other_admins() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertPermissionOnGroup(group, ADMINISTER); UserDto admin = db.users().insertUser(); db.users().insertPermissionOnUser(org, admin, ADMINISTER); apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).isEmpty(); }
/** * Anonymous user only benefits from the permissions granted to * "Anyone" */ @Test public void selectOrganizationPermissions_for_anonymous_user() { db.users().insertPermissionOnAnyone(organization, "perm1"); // ignored permissions db.users().insertPermissionOnUser(organization, user, "ignored"); db.users().insertPermissionOnGroup(group1, "ignored"); Set<String> permissions = underTest.selectOrganizationPermissionsOfAnonymous(dbSession, organization.getUuid()); assertThat(permissions).containsOnly("perm1"); }
@Test public void delete_admin_group_succeeds_if_other_groups_have_administrators() throws Exception { OrganizationDto org = db.organizations().insert(); db.users().insertDefaultGroup(org); GroupDto adminGroup1 = db.users().insertGroup(org, "admins"); db.users().insertPermissionOnGroup(adminGroup1, SYSTEM_ADMIN); GroupDto adminGroup2 = db.users().insertGroup(org, "admins"); db.users().insertPermissionOnGroup(adminGroup2, SYSTEM_ADMIN); UserDto bigBoss = db.users().insertUser(); db.users().insertMember(adminGroup2, bigBoss); loginAsAdmin(org); executeDeleteGroupRequest(adminGroup1); assertThat(db.users().selectGroupPermissions(adminGroup2, null)).hasSize(1); }
@Test public void do_nothing_when_adding_permission_that_already_exists() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); apply(new GroupPermissionChange(PermissionChange.Operation.ADD, ADMINISTER_QUALITY_GATES.getKey(), null, groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey()); }
@Test public void remove_admin_user_if_still_other_admins() { db.users().insertPermissionOnUser(org1, user1, ADMINISTER); GroupDto admins = db.users().insertGroup(org1, "admins"); db.users().insertMember(admins, user2); db.users().insertPermissionOnGroup(admins, ADMINISTER); UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1), permissionService); underTest.apply(db.getSession(), change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); }
@Test public void fail_to_remove_admin_permission_if_no_more_admins() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertPermissionOnGroup(group, ADMINISTER); expectedException.expect(BadRequestException.class); expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed."); underTest.apply(db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, ADMINISTER.getKey(), null, groupId, permissionService)); }
@Test public void remove_project_permission_from_group() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, privateProject); db.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, privateProject); apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey()); assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(UserRole.CODEVIEWER); }
@Test public void selectGroupNamesByQuery_with_search_query() { GroupDto group = db.users().insertGroup(db.getDefaultOrganization(), "group-anyone"); db.users().insertGroup(db.getDefaultOrganization(), "unknown"); db.users().insertPermissionOnGroup(group, SCAN); assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().setSearchQuery("any").build())).containsOnlyOnce(ANYONE, group.getName()); }
@Test public void delete_project_permission_from_group_on_private_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPrivateProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); underTest.delete(dbSession, "perm3", group1.getOrganizationUuid(), group1.getId(), project1.getId()); dbSession.commit(); assertThatNoPermission("perm3"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(2); }
@Test public void selectGroupNamesByQuery_is_ordered_by_permissions_then_by_group_names() { OrganizationDto organizationDto = db.organizations().insert(); GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2"); GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3"); GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); db.users().insertPermissionOnAnyone(organizationDto, SCAN); db.users().insertPermissionOnGroup(group3, SCAN); assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().setOrganizationUuid(organizationDto.getUuid()).build())) .containsExactly(ANYONE, group3.getName(), group1.getName(), group2.getName()); }
@Test public void cannot_delete_last_system_admin_group() { insertDefaultGroupOnDefaultOrganization(); GroupDto group = db.users().insertGroup(); db.users().insertPermissionOnGroup(group, SYSTEM_ADMIN); loginAsAdminOnDefaultOrganization(); expectedException.expect(IllegalArgumentException.class); expectedException.expectMessage("The last system admin group cannot be deleted"); newRequest() .setParam(PARAM_GROUP_NAME, group.getName()) .execute(); }