Skip to content

Commit

Permalink
SONAR-8269 organization in WS api/permissions/add_group_to_template
Browse files Browse the repository at this point in the history
  • Loading branch information
Simon Brandhof committed Oct 16, 2016
1 parent 7305fac commit c550a84
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 22 deletions.
2 changes: 1 addition & 1 deletion ...r-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsParametersBuilder.java
View file
Expand Up @@ -73,7 +73,6 @@ public static NewParam createProjectPermissionParameter(NewAction action) {
} }


public static void createGroupNameParameter(NewAction action) { public static void createGroupNameParameter(NewAction action) {
createOrganizationParameter(action);
action.createParam(PARAM_GROUP_NAME) action.createParam(PARAM_GROUP_NAME)
.setDescription("Group name or 'anyone' (case insensitive)") .setDescription("Group name or 'anyone' (case insensitive)")
.setExampleValue("sonar-administrators"); .setExampleValue("sonar-administrators");
Expand Down Expand Up @@ -118,6 +117,7 @@ public static void createUserLoginParameter(NewAction action) {


public static void createTemplateParameters(NewAction action) { public static void createTemplateParameters(NewAction action) {
createTemplateIdParameter(action); createTemplateIdParameter(action);
createOrganizationParameter(action);
createTemplateNameParameter(action); createTemplateNameParameter(action);
} }


Expand Down
10 changes: 5 additions & 5 deletions ...erver/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java
View file
Expand Up @@ -19,10 +19,10 @@
*/ */
package org.sonar.server.permission.ws.template; package org.sonar.server.permission.ws.template;


import java.util.Optional;
import org.sonar.api.server.ws.Request; import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response; import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService; import org.sonar.api.server.ws.WebService;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient; import org.sonar.db.DbClient;
import org.sonar.db.DbSession; import org.sonar.db.DbSession;
import org.sonar.db.permission.template.PermissionTemplateDto; import org.sonar.db.permission.template.PermissionTemplateDto;
Expand All @@ -32,7 +32,8 @@
import org.sonar.server.usergroups.ws.GroupIdOrAnyone; import org.sonar.server.usergroups.ws.GroupIdOrAnyone;


import static java.lang.String.format; import static java.lang.String.format;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter;
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter;
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
Expand Down Expand Up @@ -71,15 +72,14 @@ public void define(WebService.NewController context) {


@Override @Override
public void handle(Request request, Response response) { public void handle(Request request, Response response) {
checkGlobalAdminUser(userSession);

try (DbSession dbSession = dbClient.openSession(false)) { try (DbSession dbSession = dbClient.openSession(false)) {
String permission = request.mandatoryParam(PARAM_PERMISSION); String permission = request.mandatoryParam(PARAM_PERMISSION);
GroupIdOrAnyone groupId = support.findGroup(dbSession, request); GroupIdOrAnyone groupId = support.findGroup(dbSession, request);
checkRequest(!GlobalPermissions.SYSTEM_ADMIN.equals(permission) || !groupId.isAnyone(), checkRequest(!SYSTEM_ADMIN.equals(permission) || !groupId.isAnyone(),
format("It is not possible to add the '%s' permission to the group 'Anyone'.", permission)); format("It is not possible to add the '%s' permission to the group 'Anyone'.", permission));


PermissionTemplateDto template = support.findTemplate(dbSession, fromRequest(request)); PermissionTemplateDto template = support.findTemplate(dbSession, fromRequest(request));
checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty());


if (!groupAlreadyAdded(dbSession, template.getId(), permission, groupId)) { if (!groupAlreadyAdded(dbSession, template.getId(), permission, groupId)) {
dbClient.permissionTemplateDao().insertGroupPermission(dbSession, template.getId(), groupId.getId(), permission); dbClient.permissionTemplateDao().insertGroupPermission(dbSession, template.getId(), groupId.getId(), permission);
Expand Down
42 changes: 26 additions & 16 deletions ...r/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java
View file
Expand Up @@ -31,7 +31,6 @@
import org.sonar.server.exceptions.BadRequestException; import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException; import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException; import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.permission.ws.BasePermissionWsTest; import org.sonar.server.permission.ws.BasePermissionWsTest;
import org.sonar.server.ws.WsTester; import org.sonar.server.ws.WsTester;


Expand Down Expand Up @@ -59,20 +58,23 @@ protected AddGroupToTemplateAction buildWsAction() {


@Before @Before
public void setUp() { public void setUp() {
loginAsAdmin();
template = insertTemplate(); template = insertTemplate();
group = db.users().insertGroup(defaultOrganizationProvider.getDto(), "group-name"); group = db.users().insertGroup(defaultOrganizationProvider.getDto(), "group-name");
} }


@Test @Test
public void add_group_to_template() throws Exception { public void add_group_to_template() throws Exception {
loginAsAdminOnDefaultOrganization();

newRequest(group.getName(), template.getUuid(), CODEVIEWER); newRequest(group.getName(), template.getUuid(), CODEVIEWER);


assertThat(getGroupNamesInTemplateAndPermission(template.getId(), CODEVIEWER)).containsExactly(group.getName()); assertThat(getGroupNamesInTemplateAndPermission(template.getId(), CODEVIEWER)).containsExactly(group.getName());
} }


@Test @Test
public void add_group_to_template_by_name() throws Exception { public void add_group_to_template_by_name() throws Exception {
loginAsAdminOnDefaultOrganization();

newRequest() newRequest()
.setParam(PARAM_GROUP_NAME, group.getName()) .setParam(PARAM_GROUP_NAME, group.getName())
.setParam(PARAM_PERMISSION, CODEVIEWER) .setParam(PARAM_PERMISSION, CODEVIEWER)
Expand All @@ -84,6 +86,8 @@ public void add_group_to_template_by_name() throws Exception {


@Test @Test
public void add_with_group_id() throws Exception { public void add_with_group_id() throws Exception {
loginAsAdminOnDefaultOrganization();

newRequest() newRequest()
.setParam(PARAM_TEMPLATE_ID, template.getUuid()) .setParam(PARAM_TEMPLATE_ID, template.getUuid())
.setParam(PARAM_PERMISSION, CODEVIEWER) .setParam(PARAM_PERMISSION, CODEVIEWER)
Expand All @@ -95,6 +99,8 @@ public void add_with_group_id() throws Exception {


@Test @Test
public void does_not_add_a_group_twice() throws Exception { public void does_not_add_a_group_twice() throws Exception {
loginAsAdminOnDefaultOrganization();

newRequest(group.getName(), template.getUuid(), ISSUE_ADMIN); newRequest(group.getName(), template.getUuid(), ISSUE_ADMIN);
newRequest(group.getName(), template.getUuid(), ISSUE_ADMIN); newRequest(group.getName(), template.getUuid(), ISSUE_ADMIN);


Expand All @@ -103,13 +109,17 @@ public void does_not_add_a_group_twice() throws Exception {


@Test @Test
public void add_anyone_group_to_template() throws Exception { public void add_anyone_group_to_template() throws Exception {
loginAsAdminOnDefaultOrganization();

newRequest(ANYONE, template.getUuid(), CODEVIEWER); newRequest(ANYONE, template.getUuid(), CODEVIEWER);


assertThat(getGroupNamesInTemplateAndPermission(template.getId(), CODEVIEWER)).containsExactly(ANYONE); assertThat(getGroupNamesInTemplateAndPermission(template.getId(), CODEVIEWER)).containsExactly(ANYONE);
} }


@Test @Test
public void fail_if_add_anyone_group_to_admin_permission() throws Exception { public void fail_if_add_anyone_group_to_admin_permission() throws Exception {
loginAsAdminOnDefaultOrganization();

expectedException.expect(BadRequestException.class); expectedException.expect(BadRequestException.class);
expectedException.expectMessage(String.format("It is not possible to add the '%s' permission to the group 'Anyone'", UserRole.ADMIN)); expectedException.expectMessage(String.format("It is not possible to add the '%s' permission to the group 'Anyone'", UserRole.ADMIN));


Expand All @@ -118,51 +128,53 @@ public void fail_if_add_anyone_group_to_admin_permission() throws Exception {


@Test @Test
public void fail_if_not_a_project_permission() throws Exception { public void fail_if_not_a_project_permission() throws Exception {
loginAsAdminOnDefaultOrganization();

expectedException.expect(IllegalArgumentException.class); expectedException.expect(IllegalArgumentException.class);


newRequest(group.getName(), template.getUuid(), GlobalPermissions.PROVISIONING); newRequest(group.getName(), template.getUuid(), GlobalPermissions.PROVISIONING);
} }


@Test @Test
public void fail_if_insufficient_privileges() throws Exception { public void fail_if_not_admin_of_default_organization() throws Exception {
userSession.setGlobalPermissions(GlobalPermissions.QUALITY_PROFILE_ADMIN); userSession.login();


expectedException.expect(ForbiddenException.class); expectedException.expect(ForbiddenException.class);


newRequest(group.getName(), template.getUuid(), CODEVIEWER); newRequest(group.getName(), template.getUuid(), CODEVIEWER);
} }


@Test
public void fail_if_not_logged_in() throws Exception {
expectedException.expect(UnauthorizedException.class);
userSession.anonymous();

newRequest(group.getName(), template.getUuid(), CODEVIEWER);
}

@Test @Test
public void fail_if_group_params_missing() throws Exception { public void fail_if_group_params_missing() throws Exception {
loginAsAdminOnDefaultOrganization();

expectedException.expect(BadRequestException.class); expectedException.expect(BadRequestException.class);


newRequest(null, template.getUuid(), CODEVIEWER); newRequest(null, template.getUuid(), CODEVIEWER);
} }


@Test @Test
public void fail_if_permission_missing() throws Exception { public void fail_if_permission_missing() throws Exception {
loginAsAdminOnDefaultOrganization();

expectedException.expect(IllegalArgumentException.class); expectedException.expect(IllegalArgumentException.class);


newRequest(group.getName(), template.getUuid(), null); newRequest(group.getName(), template.getUuid(), null);
} }


@Test @Test
public void fail_if_template_uuid_and_name_missing() throws Exception { public void fail_if_template_uuid_and_name_missing() throws Exception {
loginAsAdminOnDefaultOrganization();

expectedException.expect(BadRequestException.class); expectedException.expect(BadRequestException.class);


newRequest(group.getName(), null, CODEVIEWER); newRequest(group.getName(), null, CODEVIEWER);
} }


@Test @Test
public void fail_if_group_does_not_exist() throws Exception { public void fail_if_group_does_not_exist() throws Exception {
loginAsAdminOnDefaultOrganization();

expectedException.expect(NotFoundException.class); expectedException.expect(NotFoundException.class);
expectedException.expectMessage("No group with name 'unknown-group-name'"); expectedException.expectMessage("No group with name 'unknown-group-name'");


Expand All @@ -171,6 +183,8 @@ public void fail_if_group_does_not_exist() throws Exception {


@Test @Test
public void fail_if_template_key_does_not_exist() throws Exception { public void fail_if_template_key_does_not_exist() throws Exception {
loginAsAdminOnDefaultOrganization();

expectedException.expect(NotFoundException.class); expectedException.expect(NotFoundException.class);
expectedException.expectMessage("Permission template with id 'unknown-key' is not found"); expectedException.expectMessage("Permission template with id 'unknown-key' is not found");


Expand Down Expand Up @@ -201,8 +215,4 @@ private List<String> getGroupNamesInTemplateAndPermission(long templateId, Strin
private WsTester.TestRequest newRequest() { private WsTester.TestRequest newRequest() {
return wsTester.newPostRequest(CONTROLLER, "add_group_to_template"); return wsTester.newPostRequest(CONTROLLER, "add_group_to_template");
} }

private void loginAsAdmin() {
userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
}
} }

0 comments on commit c550a84

Please sign in to comment.