private void addUserProjectPermissions(UserDto user, ComponentDto project, String... permissions) { for (String permission : permissions) { db.users().insertProjectPermissionOnUser(user, permission, project); userSession.addProjectPermission(permission, project); } }
@Test public void return_private_project_with_AllowAnyone_false_and_user_id_when_user_is_granted_USER_permission_directly() { dbTester.users().insertProjectPermissionOnUser(user1, USER, privateProject1); List<IndexPermissions> dtos = underTest.selectByUuids(dbClient, dbSession, singletonList(privateProject1.uuid())); Assertions.assertThat(dtos).hasSize(1); IndexPermissions dto = dtos.get(0); assertThat(dto.getGroupIds()).isEmpty(); assertThat(dto.getUserIds()).containsOnly(user1.getId()); assertThat(dto.isAllowAnyone()).isFalse(); assertThat(dto.getProjectUuid()).isEqualTo(privateProject1.uuid()); assertThat(dto.getQualifier()).isEqualTo(privateProject1.qualifier()); }
@Test public void return_only_projects_when_user_is_admin() { OrganizationDto organizationDto = db.organizations().insert(); ComponentDto jdk7 = insertJdk7(organizationDto); ComponentDto clang = insertClang(organizationDto); db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, jdk7); db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, clang); SearchMyProjectsWsResponse result = callWs(); assertThat(result.getProjectsCount()).isEqualTo(1); assertThat(result.getProjects(0).getId()).isEqualTo(jdk7.uuid()); }
@Test public void does_not_return_views() { OrganizationDto organizationDto = db.organizations().insert(); ComponentDto jdk7 = insertJdk7(organizationDto); ComponentDto view = insertView(organizationDto); db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, jdk7); db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, view); SearchMyProjectsWsResponse result = callWs(); assertThat(result.getProjectsCount()).isEqualTo(1); assertThat(result.getProjects(0).getId()).isEqualTo(jdk7.uuid()); }
@Test public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_logged_in_user() { UserDto user = db.users().insertUser(); OrganizationDto organization = db.organizations().insert(); ComponentDto publicProject = db.components().insertPublicProject(organization); ComponentDto privateProject = db.components().insertPrivateProject(organization); db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); UserSession underTest = newUserSession(user); assertThat(underTest.keepAuthorizedComponents(UserRole.ISSUE_ADMIN, Arrays.asList(privateProject, publicProject))).isEmpty(); assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, Arrays.asList(privateProject, publicProject))).containsExactly(privateProject); }
@Test public void hasComponentPermissionByDtoOrUuid_returns_false_for_authenticated_user_for_permissions_USER_and_CODEVIEWER_on_private_projects_with_user_permissions() { UserDto user = db.users().insertUser(); ComponentDto privateProject = db.components().insertPrivateProject(); db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p1", privateProject); ServerUserSession underTest = newUserSession(user); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, privateProject)).isFalse(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, privateProject)).isFalse(); }
@Test public void return_only_current_user_projects() { OrganizationDto organizationDto = db.organizations().insert(); ComponentDto jdk7 = insertJdk7(organizationDto); ComponentDto cLang = insertClang(organizationDto); UserDto anotherUser = db.users().insertUser(newUserDto()); db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, jdk7); db.users().insertProjectPermissionOnUser(anotherUser, UserRole.ADMIN, cLang); SearchMyProjectsWsResponse result = callWs(); assertThat(result.getProjectsCount()).isEqualTo(1); assertThat(result.getProjects(0).getId()).isEqualTo(jdk7.uuid()); }
@Test public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_user_permissions() { OrganizationDto organization = db.organizations().insert(); ComponentDto publicProject = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnUser(db.users().insertUser(), "p1", publicProject); ServerUserSession underTest = newAnonymousSession(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.USER, publicProject)).isTrue(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, UserRole.CODEVIEWER, publicProject)).isTrue(); }
@Test public void selectProjectPermissions_returns_permissions_of_logged_in_user_on_specified_project() { ComponentDto project = db.components().insertPrivateProject(organization); db.users().insertProjectPermissionOnUser(user, UserRole.CODEVIEWER, project); db.users().insertProjectPermissionOnUser(db.users().insertUser(), UserRole.ISSUE_ADMIN, project); assertThat(underTest.selectProjectPermissions(dbSession, project.uuid(), user.getId())).containsOnly(UserRole.CODEVIEWER); }
@Test public void test_hasPermission_on_organization_for_logged_in_user() { OrganizationDto org = db.organizations().insert(); ComponentDto project = db.components().insertPrivateProject(org); UserDto user = db.users().insertUser(); db.users().insertPermissionOnUser(org, user, PROVISION_PROJECTS); db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project); UserSession session = newUserSession(user); assertThat(session.hasPermission(PROVISION_PROJECTS, org.getUuid())).isTrue(); assertThat(session.hasPermission(ADMINISTER, org.getUuid())).isFalse(); assertThat(session.hasPermission(PROVISION_PROJECTS, "another-org")).isFalse(); }
@Test public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_user_on_public_projects() { UserDto user = db.users().insertUser(); OrganizationDto organization = db.organizations().insert(); ComponentDto publicProject = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnUser(user, "p1", publicProject); ServerUserSession underTest = newAnonymousSession(); assertThat(hasComponentPermissionByDtoOrUuid(underTest, "p1", publicProject)).isFalse(); }
@Test public void selectGroupIdsWithPermissionOnProjectBut_returns_empty_if_project_does_not_exist() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = randomPublicOrPrivateProject(organization); UserDto user = insertUser(organization); db.users().insertProjectPermissionOnUser(user, "foo", project); assertThat(underTest.selectUserIdsWithPermissionOnProjectBut(dbSession, 1234, UserRole.USER)) .isEmpty(); }
@Test public void selectGroupIdsWithPermissionOnProjectBut_does_not_return_groups_which_have_no_permission_at_all_on_specified_project() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = randomPublicOrPrivateProject(organization); UserDto user1 = insertUser(organization); UserDto user2 = insertUser(organization); db.users().insertProjectPermissionOnUser(user1, "p1", project); db.users().insertProjectPermissionOnUser(user2, "p2", project); assertThat(underTest.selectUserIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p2")) .containsOnly(user1.getId()); assertThat(underTest.selectUserIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p1")) .containsOnly(user2.getId()); }
@Test public void keepAuthorizedComponents_on_branches() { UserDto user = db.users().insertUser(); ComponentDto privateProject = db.components().insertPrivateProject(); db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); ComponentDto privateBranchProject = db.components().insertProjectBranch(privateProject); UserSession underTest = newUserSession(user); assertThat(underTest.keepAuthorizedComponents(UserRole.ADMIN, asList(privateProject, privateBranchProject))) .containsExactlyInAnyOrder(privateProject, privateBranchProject); }
@Test public void keepAuthorizedProjectUuids_filters_projects_authorized_to_logged_in_user_by_direct_permission() { ComponentDto privateProject = db.components().insertPrivateProject(organization); ComponentDto publicProject = db.components().insertPublicProject(organization); UserDto user = db.users().insertUser(); db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, privateProject); assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(privateProject.uuid(), publicProject.uuid()), user.getId(), UserRole.ADMIN)) .containsOnly(privateProject.uuid()); // user does not have the permission "issueadmin" assertThat(underTest.keepAuthorizedProjectUuids(dbSession, newHashSet(privateProject.uuid(), publicProject.uuid()), user.getId(), UserRole.ISSUE_ADMIN)) .isEmpty(); }
@Test public void does_not_return_branches() { ComponentDto project = db.components().insertMainBranch(); ComponentDto branch = db.components().insertProjectBranch(project); db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project); SearchMyProjectsWsResponse result = callWs(); assertThat(result.getProjectsList()) .extracting(Project::getKey) .containsExactlyInAnyOrder(project.getDbKey()); }
@Test public void deleteProjectPermissionOfAnyUser_has_no_effect_if_specified_component_does_not_have_specified_permission() { OrganizationDto organization = db.organizations().insert(); UserDto user = insertUser(organization); db.users().insertPermissionOnUser(organization, user, SCAN); ComponentDto project = randomPublicOrPrivateProject(organization); db.users().insertProjectPermissionOnUser(user, SCAN.getKey(), project); int deletedCount = underTest.deleteProjectPermissionOfAnyUser(dbSession, project.getId(), "p1"); assertThat(deletedCount).isEqualTo(0); assertThat(underTest.selectGlobalPermissionsOfUser(dbSession, user.getId(), organization.getUuid())).containsOnly(SCAN.getKey()); assertThat(underTest.selectProjectPermissionsOfUser(dbSession, user.getId(), project.getId())).containsOnly(SCAN.getKey()); }
@Test public void index_permissions_on_project_creation() { ComponentDto project = createAndIndexPrivateProject(); UserDto user = db.users().insertUser(); db.users().insertProjectPermissionOnUser(user, USER, project); indexPermissions(project, ProjectIndexer.Cause.PROJECT_CREATION); assertThatAuthIndexHasSize(1); verifyAuthorized(project, user); }
@Test public void checkComponentUuidPermission_fails_with_FE_when_user_has_not_permission_for_specified_uuid_in_db() { UserDto user = db.users().insertUser(); ComponentDto project = db.components().insertPrivateProject(); db.users().insertProjectPermissionOnUser(user, UserRole.USER, project); UserSession session = newUserSession(user); expectInsufficientPrivilegesForbiddenException(); session.checkComponentUuidPermission(UserRole.USER, "another-uuid"); }
@Test public void delete_permissions_on_project_deletion() { ComponentDto project = createAndIndexPrivateProject(); UserDto user = db.users().insertUser(); db.users().insertProjectPermissionOnUser(user, USER, project); indexPermissions(project, ProjectIndexer.Cause.PROJECT_CREATION); verifyAuthorized(project, user); db.getDbClient().componentDao().delete(db.getSession(), project.getId()); indexPermissions(project, ProjectIndexer.Cause.PROJECT_DELETION); verifyNotAuthorized(project, user); assertThatAuthIndexHasSize(0); }