@Test public void add_global_permission_to_user() { UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), SCAN_EXECUTION, null, UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN); assertThat(db.users().selectPermissionsOfUser(user1, org2)).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).isEmpty(); assertThat(db.users().selectPermissionsOfUser(user2, org1)).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).isEmpty(); }
@Test public void add_project_permission_to_user() { UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), ISSUE_ADMIN, new ProjectId(privateProject), UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).contains(ISSUE_ADMIN); assertThat(db.users().selectPermissionsOfUser(user2, org1)).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user2, privateProject)).isEmpty(); }
@Test public void do_not_fail_if_removing_a_global_permission_that_does_not_exist() { UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); }
@Test public void apply_removes_any_organization_permission_to_user() { // give ADMIN perm to user2 so that user1 is not the only one with this permission and it can be removed from user1 db.users().insertPermissionOnUser(org1, user2, OrganizationPermission.ADMINISTER); permissionService.getAllOrganizationPermissions().stream() .forEach(perm -> db.users().insertPermissionOnUser(org1, user1, perm)); assertThat(db.users().selectPermissionsOfUser(user1, org1)) .containsOnly(permissionService.getAllOrganizationPermissions().toArray(new OrganizationPermission[0])); permissionService.getAllOrganizationPermissions().stream() .forEach(perm -> { UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), perm.getKey(), null, UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).doesNotContain(perm); }); }
@Test public void apply_adds_any_organization_permission_to_user() { permissionService.getAllOrganizationPermissions().stream() .forEach(perm -> { UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), perm.getKey(), null, UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).contains(perm); }); }
@Test public void remove_global_permission_from_user() { db.users().insertPermissionOnUser(org1, user1, QUALITY_GATE_ADMIN); db.users().insertPermissionOnUser(org1, user1, SCAN_EXECUTION); db.users().insertPermissionOnUser(org2, user1, QUALITY_GATE_ADMIN); db.users().insertPermissionOnUser(org1, user2, QUALITY_GATE_ADMIN); db.users().insertProjectPermissionOnUser(user1, ISSUE_ADMIN, privateProject); UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(SCAN); assertThat(db.users().selectPermissionsOfUser(user1, org2)).containsOnly(ADMINISTER_QUALITY_GATES); assertThat(db.users().selectPermissionsOfUser(user2, org1)).containsOnly(ADMINISTER_QUALITY_GATES); assertThat(db.users().selectProjectPermissionsOfUser(user1, privateProject)).containsOnly(ISSUE_ADMIN); }
@Test public void do_nothing_when_adding_global_permission_that_already_exists() { db.users().insertPermissionOnUser(org1, user1, ADMINISTER_QUALITY_GATES); UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, null, UserId.from(user1), permissionService); apply(change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).containsOnly(ADMINISTER_QUALITY_GATES); }
@Test public void add_permission_to_project_referenced_by_its_key() { ComponentDto project = db.components().insertPrivateProject(); loginAsAdmin(db.getDefaultOrganization()); newRequest() .setParam(PARAM_USER_LOGIN, user.getLogin()) .setParam(PARAM_PROJECT_KEY, project.getDbKey()) .setParam(PARAM_PERMISSION, SYSTEM_ADMIN) .execute(); assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN); }
@Test public void add_permission_to_user_on_default_organization_if_organization_is_not_specified() { loginAsAdmin(db.getDefaultOrganization()); newRequest() .setParam(PARAM_USER_LOGIN, user.getLogin()) .setParam(PARAM_PERMISSION, SYSTEM_ADMIN) .execute(); assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(ADMINISTER); }
@Test public void add_permission_to_project_referenced_by_its_id() { OrganizationDto organization = db.organizations().insert(); addUserAsMemberOfOrganization(organization); ComponentDto project = db.components().insertPrivateProject(organization); loginAsAdmin(organization); newRequest() .setParam(PARAM_USER_LOGIN, user.getLogin()) .setParam(PARAM_PROJECT_ID, project.uuid()) .setParam(PARAM_PERMISSION, SYSTEM_ADMIN) .execute(); assertThat(db.users().selectPermissionsOfUser(user, organization)).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user, project)).containsOnly(SYSTEM_ADMIN); }
@Test public void add_permission_to_view() { ComponentDto view = db.components().insertComponent(newView(db.getDefaultOrganization(), "view-uuid").setDbKey("view-key")); loginAsAdmin(db.getDefaultOrganization()); newRequest() .setParam(PARAM_USER_LOGIN, user.getLogin()) .setParam(PARAM_PROJECT_ID, view.uuid()) .setParam(PARAM_PERMISSION, SYSTEM_ADMIN) .execute(); assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).isEmpty(); assertThat(db.users().selectProjectPermissionsOfUser(user, view)).containsOnly(SYSTEM_ADMIN); }
@Test public void remove_admin_user_if_still_other_admins() { db.users().insertPermissionOnUser(org1, user1, ADMINISTER); GroupDto admins = db.users().insertGroup(org1, "admins"); db.users().insertMember(admins, user2); db.users().insertPermissionOnGroup(admins, ADMINISTER); UserPermissionChange change = new UserPermissionChange(REMOVE, org1.getUuid(), ADMINISTER.getKey(), null, UserId.from(user1), permissionService); underTest.apply(db.getSession(), change); assertThat(db.users().selectPermissionsOfUser(user1, org1)).isEmpty(); }
@Test public void add_permission_to_user_on_specified_organization() { OrganizationDto organization = db.organizations().insert(); addUserAsMemberOfOrganization(organization); loginAsAdmin(organization); newRequest() .setParam(PARAM_ORGANIZATION, organization.getKey()) .setParam(PARAM_USER_LOGIN, user.getLogin()) .setParam(PARAM_PERMISSION, SYSTEM_ADMIN) .execute(); assertThat(db.users().selectPermissionsOfUser(user, organization)).containsOnly(ADMINISTER); }
@Test public void remove_permission_from_user() { db.users().insertPermissionOnUser(user, PROVISION_PROJECTS); db.users().insertPermissionOnUser(user, ADMINISTER_QUALITY_GATES); loginAsAdmin(db.getDefaultOrganization()); newRequest() .setParam(PARAM_USER_LOGIN, user.getLogin()) .setParam(PARAM_PERMISSION, QUALITY_GATE_ADMIN) .execute(); assertThat(db.users().selectPermissionsOfUser(user, db.getDefaultOrganization())).containsOnly(PROVISION_PROJECTS); }