@Test public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_anonymous() { OrganizationDto organization = db.organizations().insert(); ComponentDto publicProject = db.components().insertPublicProject(organization); ComponentDto privateProject = db.components().insertPrivateProject(organization); db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject); UserSession underTest = newAnonymousSession(); assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty(); assertThat(underTest.keepAuthorizedComponents(UserRole.ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(publicProject); }
@Test public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_anonymous_user() { OrganizationDto organization = db.organizations().insert(); ComponentDto publicProject = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnAnyone(UserRole.ADMIN, publicProject); UserSession underTest = newAnonymousSession(); // feed the cache assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue(); // change permissions without updating the cache db.users().deleteProjectPermissionFromAnyone(publicProject, UserRole.ADMIN); db.users().insertProjectPermissionOnAnyone(UserRole.ISSUE_ADMIN, publicProject); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ADMIN, publicProject)).isTrue(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.ISSUE_ADMIN, publicProject)).isFalse(); }
@Test public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_global_permissions() { OrganizationDto organization = db.organizations().insert(); ComponentDto publicProject = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnAnyone("p1", publicProject); ServerUserSession underTest = newAnonymousSession(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue(); }
@Test public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_public_project_through_anonymous_permissions() { ComponentDto project = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnAnyone("p1", project); db.users().insertProjectPermissionOnAnyone("p2", project); assertThat(underTest.selectProjectPermissions(dbSession, project.uuid(), user.getId())).containsOnly("p1", "p2"); }
@Test public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_inserted_permissions_on_group_AnyOne_on_public_projects() { OrganizationDto organization = db.organizations().insert(); ComponentDto publicProject = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnAnyone("p1", publicProject); ServerUserSession underTest = newAnonymousSession(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", publicProject)).isTrue(); }
@Test public void keepAuthorizedProjectIds_returns_public_project_if_group_AnyOne_is_granted_project_permission_directly() { ComponentDto project = db.components().insertPublicProject(organization); ComponentDto otherProject = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnAnyone(randomPermission, project); assertThat(underTest.keepAuthorizedProjectIds(dbSession, singleton(project.getId()), null, randomPermission)) .containsOnly(project.getId()); assertThat(underTest.keepAuthorizedProjectIds(dbSession, singleton(project.getId()), null, "another perm")) .isEmpty(); assertThat(underTest.keepAuthorizedProjectIds(dbSession, singleton(otherProject.getId()), null, randomPermission)) .isEmpty(); }
private void applyRemovesPermissionFromGroupAnyOneOnAPublicProject(String permission) { GroupIdOrAnyone groupId = GroupIdOrAnyone.forAnyone(org.getUuid()); db.users().insertProjectPermissionOnAnyone(permission, publicProject); apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, permission, new ProjectId(publicProject), groupId, permissionService)); assertThat(db.users().selectAnyonePermissions(org, publicProject)).isEmpty(); }
@Test public void selectProjectPermissionsOfAnonymous_returns_permissions_of_anonymous_user_on_specified_public_project() { ComponentDto project = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnAnyone("p1", project); db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p2", project); ComponentDto otherProject = db.components().insertPublicProject(); db.users().insertProjectPermissionOnAnyone("p3", otherProject); assertThat(underTest.selectProjectPermissionsOfAnonymous(dbSession, project.uuid())).containsOnly("p1"); }
@Test public void keepAuthorizedUsersForRoleAndProject_does_not_return_user_if_granted_project_permission_by_AnyOne_on_public_project() { ComponentDto project = db.components().insertPublicProject(organization); ComponentDto otherProject = db.components().insertPublicProject(organization); UserDto otherUser = db.users().insertUser(); db.users().insertProjectPermissionOnAnyone(randomPermission, project); assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, singleton(user.getId()), randomPermission, project.getId())) .isEmpty(); assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, singleton(user.getId()), "another perm", project.getId())) .isEmpty(); assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, singleton(user.getId()), randomPermission, otherProject.getId())) .isEmpty(); assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, singleton(otherUser.getId()), randomPermission, project.getId())) .isEmpty(); }
@Test public void deleteByRootComponentIdAndPermission_has_no_effect_if_component_does_not_exist() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = db.components().insertPublicProject(organization); GroupDto group = db.users().insertGroup(organization); db.users().insertPermissionOnAnyone(organization, "p1"); db.users().insertPermissionOnGroup(group, "p1"); db.users().insertProjectPermissionOnGroup(group, "p1", project); db.users().insertProjectPermissionOnAnyone("p1", project); assertThat(underTest.deleteByRootComponentIdAndPermission(dbSession, 1324, "p1")).isEqualTo(0); assertThat(getGlobalPermissionsForAnyone(organization)).containsOnly("p1"); assertThat(getGlobalPermissionsForGroup(group)).containsOnly("p1"); assertThat(getProjectPermissionsForAnyOne(project)).containsOnly("p1"); assertThat(getProjectPermissionsForGroup(project, group)).containsOnly("p1"); }
private void addPermissions(OrganizationDto organization, ComponentDto root) { if (!root.isPrivate()) { dbTester.users().insertProjectPermissionOnAnyone("foo1", root); dbTester.users().insertPermissionOnAnyone(organization, "not project level"); } GroupDto group = dbTester.users().insertGroup(organization); dbTester.users().insertProjectPermissionOnGroup(group, "bar", root); dbTester.users().insertPermissionOnGroup(group, "not project level"); UserDto user = dbTester.users().insertUser(); dbTester.users().insertProjectPermissionOnUser(user, "doh", root); dbTester.users().insertPermissionOnUser(user, OrganizationPermission.SCAN); assertThat(dbTester.countRowsOfTable("group_roles")).isEqualTo(root.isPrivate() ? 2 : 4); assertThat(dbTester.countRowsOfTable("user_roles")).isEqualTo(2); }
@Test public void deleteByRootComponentId_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); GroupDto group2 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); ComponentDto project2 = db.components().insertPublicProject(org); db.users().insertPermissionOnGroup(group1, "perm1"); db.users().insertProjectPermissionOnGroup(group1, "perm2", project1); db.users().insertProjectPermissionOnGroup(group2, "perm3", project2); db.users().insertProjectPermissionOnAnyone("perm4", project1); db.users().insertProjectPermissionOnAnyone("perm5", project2); underTest.deleteByRootComponentId(dbSession, project1.getId()); dbSession.commit(); assertThat(db.countSql("select count(id) from group_roles where resource_id=" + project1.getId())).isEqualTo(0); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); }
@Test public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_public_project_through_all_possible_configurations() { ComponentDto project = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnUser(user, "p1", project); db.users().insertProjectPermissionOnAnyone("p2", project); db.users().insertProjectPermissionOnGroup(group1, "p3", project); db.users().insertMember(group1, user); assertThat(underTest.selectProjectPermissions(dbSession, project.uuid(), user.getId())).containsOnly("p1", "p2", "p3"); }
@Test public void delete_global_permission_from_anyone_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm1", group1.getOrganizationUuid(), null, null); dbSession.commit(); assertThatNoPermission("perm1"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); }
@Test public void delete_project_permission_from_group_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm3", group1.getOrganizationUuid(), group1.getId(), project1.getId()); dbSession.commit(); assertThatNoPermission("perm3"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); }
@Test public void delete_global_permission_from_group_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm2", group1.getOrganizationUuid(), group1.getId(), null); dbSession.commit(); assertThatNoPermission("perm2"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); }
@Test public void delete_project_permission_from_anybody_on_private_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm4", group1.getOrganizationUuid(), null, project1.getId()); dbSession.commit(); assertThatNoPermission("perm4"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); }
@Test public void selectGroupIdsWithPermissionOnProjectBut_does_not_returns_group_AnyOne_of_project_when_it_does_not_have_permission() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = db.components().insertPublicProject(organization); GroupDto group1 = db.users().insertGroup(organization); GroupDto group2 = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group1, "p1", project); db.users().insertProjectPermissionOnGroup(group2, "p2", project); db.users().insertProjectPermissionOnAnyone("p2", project); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p2")) .containsOnly(group1.getId()); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p1")) .containsOnly(group2.getId()); }
@Test public void selectProjectPermissionsOfGroup_on_public_project() { OrganizationDto org1 = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org1, "group1"); ComponentDto project1 = db.components().insertPublicProject(org1); ComponentDto project2 = db.components().insertPublicProject(org1); db.users().insertPermissionOnAnyone(org1, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnGroup(group1, "perm4", project1); db.users().insertProjectPermissionOnGroup(group1, "perm5", project2); db.users().insertProjectPermissionOnAnyone("perm6", project1); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), group1.getId(), project1.getId())) .containsOnly("perm3", "perm4"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), group1.getId(), project2.getId())) .containsOnly("perm5"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), null, project1.getId())) .containsOnly("perm6"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), null, project2.getId())) .isEmpty(); }
@Test public void selectAllPermissionsByGroupId_on_public_project() { OrganizationDto org1 = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org1, "group1"); ComponentDto project1 = db.components().insertPublicProject(org1); ComponentDto project2 = db.components().insertPublicProject(org1); db.users().insertPermissionOnAnyone(org1, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnGroup(group1, "perm4", project1); db.users().insertProjectPermissionOnGroup(group1, "perm5", project2); db.users().insertProjectPermissionOnAnyone("perm6", project1); List<GroupPermissionDto> result = new ArrayList<>(); underTest.selectAllPermissionsByGroupId(dbSession, org1.getUuid(), group1.getId(), context -> result.add((GroupPermissionDto) context.getResultObject())); assertThat(result).extracting(GroupPermissionDto::getResourceId, GroupPermissionDto::getRole).containsOnly( tuple(null, "perm2"), tuple(project1.getId(), "perm3"), tuple(project1.getId(), "perm4"), tuple(project2.getId(), "perm5")); }