@Test public void return_private_project_with_AllowAnyone_false_and_group_id_but_not_user_id_when_user_is_granted_USER_permission_through_group() { dbTester.users().insertMember(group, user1); dbTester.users().insertProjectPermissionOnGroup(group, USER, privateProject1); List<IndexPermissions> dtos = underTest.selectByUuids(dbClient, dbSession, singletonList(privateProject1.uuid())); Assertions.assertThat(dtos).hasSize(1); IndexPermissions dto = dtos.get(0); assertThat(dto.getGroupIds()).containsOnly(group.getId()); assertThat(dto.getUserIds()).isEmpty(); assertThat(dto.isAllowAnyone()).isFalse(); assertThat(dto.getProjectUuid()).isEqualTo(privateProject1.uuid()); assertThat(dto.getQualifier()).isEqualTo(privateProject1.qualifier()); }
@Test public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_group_permissions() { OrganizationDto organization = db.organizations().insert(); ComponentDto publicProject = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnGroup(db.users().insertGroup(organization), "p1", publicProject); ServerUserSession underTest = newAnonymousSession(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue(); }
@Test public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_project_through_group_membership() { ComponentDto project = db.components().insertPrivateProject(organization); db.users().insertProjectPermissionOnGroup(group1, UserRole.CODEVIEWER, project); db.users().insertProjectPermissionOnGroup(group2, UserRole.ISSUE_ADMIN, project); db.users().insertMember(group1, user); assertThat(underTest.selectProjectPermissions(dbSession, project.uuid(), user.getId())).containsOnly(UserRole.CODEVIEWER); }
@Test public void admin_via_groups() { OrganizationDto org = db.organizations().insert(); ComponentDto jdk7 = insertJdk7(org); ComponentDto cLang = insertClang(org); GroupDto group = db.users().insertGroup(org); db.users().insertMember(group, user); db.users().insertProjectPermissionOnGroup(group, UserRole.ADMIN, jdk7); db.users().insertProjectPermissionOnGroup(group, UserRole.USER, cLang); SearchMyProjectsWsResponse result = callWs(); assertThat(result.getProjectsCount()).isEqualTo(1); assertThat(result.getProjects(0).getId()).isEqualTo(jdk7.uuid()); }
@Test public void hasComponentPermissionByDtoOrUuid_returns_false_for_authenticated_user_for_permissions_USER_and_CODEVIEWER_on_private_projects_with_group_permissions() { UserDto user = db.users().insertUser(); OrganizationDto organization = db.organizations().insert(); ComponentDto privateProject = db.components().insertPrivateProject(organization); db.users().insertProjectPermissionOnGroup(db.users().insertGroup(organization), "p1", privateProject); ServerUserSession underTest = newUserSession(user); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse(); }
@Test public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_public_projects() { OrganizationDto organization = db.organizations().insert(); ComponentDto publicProject = db.components().insertPublicProject(organization); GroupDto group = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group, "p1", publicProject); ServerUserSession underTest = newAnonymousSession(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", publicProject)).isFalse(); }
@Test public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_private_projects() { OrganizationDto organization = db.organizations().insert(); ComponentDto privateProject = db.components().insertPrivateProject(organization); GroupDto group = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group, "p1", privateProject); ServerUserSession underTest = newAnonymousSession(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", privateProject)).isFalse(); }
@Test public void remove_project_permission_from_group() { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertPermissionOnGroup(group, ADMINISTER_QUALITY_GATES); db.users().insertProjectPermissionOnGroup(group, UserRole.ISSUE_ADMIN, privateProject); db.users().insertProjectPermissionOnGroup(group, UserRole.CODEVIEWER, privateProject); apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, UserRole.ISSUE_ADMIN, new ProjectId(privateProject), groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, null)).containsOnly(ADMINISTER_QUALITY_GATES.getKey()); assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(UserRole.CODEVIEWER); }
@Test public void selectGroupIdsWithPermissionOnProjectBut_returns_empty_if_project_does_not_exist() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = randomPublicOrPrivateProject(organization); GroupDto group = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group, "foo", project); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, 1234, UserRole.USER)) .isEmpty(); }
private void applyRemovesPermissionFromGroupOnPrivateProject(String permission) { GroupIdOrAnyone groupId = GroupIdOrAnyone.from(group); db.users().insertProjectPermissionOnGroup(group, permission, privateProject); apply(new GroupPermissionChange(PermissionChange.Operation.ADD, permission, new ProjectId(privateProject), groupId, permissionService)); assertThat(db.users().selectGroupPermissions(group, privateProject)).containsOnly(permission); }
@Test public void delete_permissions() { addAdminToDefaultOrganization(); insertDefaultGroupOnDefaultOrganization(); GroupDto group = db.users().insertGroup(); ComponentDto project = componentTester.insertComponent(ComponentTesting.newPrivateProjectDto(db.getDefaultOrganization())); db.users().insertProjectPermissionOnGroup(group, UserRole.ADMIN, project); loginAsAdminOnDefaultOrganization(); newRequest() .setParam("id", group.getId().toString()) .execute(); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(0); }
@Test public void selectGroupIdsWithPermissionOnProjectBut_does_not_return_groups_which_have_no_permission_at_all_on_specified_project() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = randomPublicOrPrivateProject(organization); GroupDto group1 = db.users().insertGroup(organization); GroupDto group2 = db.users().insertGroup(organization); GroupDto group3 = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group1, "p1", project); db.users().insertProjectPermissionOnGroup(group2, "p2", project); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p2")) .containsOnly(group1.getId()); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p1")) .containsOnly(group2.getId()); }
@Test public void selectGroupIdsWithPermissionOnProjectBut_does_not_returns_group_AnyOne_of_project_when_it_does_not_have_permission() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = db.components().insertPublicProject(organization); GroupDto group1 = db.users().insertGroup(organization); GroupDto group2 = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group1, "p1", project); db.users().insertProjectPermissionOnGroup(group2, "p2", project); db.users().insertProjectPermissionOnAnyone("p2", project); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p2")) .containsOnly(group1.getId()); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p1")) .containsOnly(group2.getId()); }
@Test public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_private_project_through_all_possible_configurations() { ComponentDto project = db.components().insertPrivateProject(organization); db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project); db.users().insertProjectPermissionOnGroup(group1, UserRole.USER, project); db.users().insertMember(group1, user); assertThat(underTest.selectProjectPermissions(dbSession, project.uuid(), user.getId())).containsOnly(UserRole.CODEVIEWER, UserRole.USER); }
@Test public void keepAuthorizedProjectUuids_filters_projects_authorized_to_logged_in_user_by_group_permission() { ComponentDto privateProject = db.components().insertPrivateProject(organization); ComponentDto publicProject = db.components().insertPublicProject(organization); UserDto user = db.users().insertUser(); GroupDto group = db.users().insertGroup(organization); db.users().insertMember(group, user); db.users().insertProjectPermissionOnGroup(group, UserRole.ADMIN, privateProject); assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(privateProject.uuid(), publicProject.uuid()), user.getId(), UserRole.ADMIN)) .containsOnly(privateProject.uuid()); // user does not have the permission "issueadmin" assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(privateProject.uuid(), publicProject.uuid()), user.getId(), UserRole.ISSUE_ADMIN)) .isEmpty(); }
@Test public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_public_project_through_all_possible_configurations() { ComponentDto project = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnUser(user, "p1", project); db.users().insertProjectPermissionOnAnyone("p2", project); db.users().insertProjectPermissionOnGroup(group1, "p3", project); db.users().insertMember(group1, user); assertThat(underTest.selectProjectPermissions(dbSession, project.uuid(), user.getId())).containsOnly("p1", "p2", "p3"); }
@Test public void delete_global_permission_from_group_on_private_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPrivateProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); underTest.delete(dbSession, "perm2", group1.getOrganizationUuid(), group1.getId(), null); dbSession.commit(); assertThatNoPermission("perm2"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(2); }
@Test public void delete_project_permission_from_group_on_private_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPrivateProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); underTest.delete(dbSession, "perm3", group1.getOrganizationUuid(), group1.getId(), project1.getId()); dbSession.commit(); assertThatNoPermission("perm3"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(2); }
@Test public void delete_project_permission_from_group_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm3", group1.getOrganizationUuid(), group1.getId(), project1.getId()); dbSession.commit(); assertThatNoPermission("perm3"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); }
@Test public void fail_when_using_branch_uuid() { ComponentDto project = db.components().insertMainBranch(); ComponentDto branch = db.components().insertProjectBranch(project); GroupDto group = db.users().insertGroup(db.getDefaultOrganization()); db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project); loginAsAdmin(db.getDefaultOrganization()); expectedException.expect(NotFoundException.class); expectedException.expectMessage(format("Project id '%s' not found", branch.uuid())); newRequest() .setParam(PARAM_PERMISSION, ISSUE_ADMIN) .setParam(PARAM_PROJECT_ID, branch.uuid()) .execute(); }