#1039 Default security settings made explicit

ontrack-model/src/main/java/net/nemerosa/ontrack/model/settings/SecuritySettings.kt

@@ -15,15 +15,17 @@ import net.nemerosa.ontrack.model.form.YesNo
 data class SecuritySettings(
     @get:JsonProperty("grantProjectViewToAll")
     @APIDescription("Grants project view to all")
-    val isGrantProjectViewToAll: Boolean,
+    val isGrantProjectViewToAll: Boolean = DEFAULT_GRANT_PROJECT_VIEW_TO_ALL,
     @get:JsonProperty("grantProjectParticipationToAll")
     @APIDescription("Grants project participation to all")
-    val isGrantProjectParticipationToAll: Boolean,
+    val isGrantProjectParticipationToAll: Boolean = DEFAULT_GRANT_PROJECT_PARTICIPATION_TO_ALL,
     @APIDescription("Enabling the built-in authentication")
     val builtInAuthenticationEnabled: Boolean = DEFAULT_BUILTIN_AUTHENTICATION_ENABLED,
 ) {
 
     companion object {
+        const val DEFAULT_GRANT_PROJECT_VIEW_TO_ALL = true
+        const val DEFAULT_GRANT_PROJECT_PARTICIPATION_TO_ALL = true
         const val DEFAULT_BUILTIN_AUTHENTICATION_ENABLED = true
     }
 

ontrack-service/src/main/java/net/nemerosa/ontrack/service/settings/SecuritySettingsProvider.kt

@@ -13,8 +13,8 @@ class SecuritySettingsProvider(
      * By default, grants view accesses to everybody.
      */
     override fun getSettings(): SecuritySettings = SecuritySettings(
-            settingsRepository.getBoolean(SecuritySettings::class.java, "grantProjectViewToAll", true),
-            settingsRepository.getBoolean(SecuritySettings::class.java, "grantProjectParticipationToAll", true),
+            settingsRepository.getBoolean(SecuritySettings::class.java, "grantProjectViewToAll", SecuritySettings.DEFAULT_GRANT_PROJECT_VIEW_TO_ALL),
+            settingsRepository.getBoolean(SecuritySettings::class.java, "grantProjectParticipationToAll", SecuritySettings.DEFAULT_GRANT_PROJECT_PARTICIPATION_TO_ALL),
             settingsRepository.getBoolean(SecuritySettings::class.java, SecuritySettings::builtInAuthenticationEnabled.name, SecuritySettings.DEFAULT_BUILTIN_AUTHENTICATION_ENABLED),
     )
 

ontrack-service/src/test/java/net/nemerosa/ontrack/service/BuildLinkIT.kt

@@ -1,6 +1,6 @@
 package net.nemerosa.ontrack.service
 
-import net.nemerosa.ontrack.it.AbstractDSLTestJUnit4Support
+import net.nemerosa.ontrack.it.AbstractDSLTestSupport
 import net.nemerosa.ontrack.model.exceptions.BuildNotFoundException
 import net.nemerosa.ontrack.model.exceptions.ProjectNotFoundException
 import net.nemerosa.ontrack.model.security.BuildConfig
@@ -9,56 +9,66 @@ import net.nemerosa.ontrack.model.security.BuildEdit
 import net.nemerosa.ontrack.model.structure.*
 import net.nemerosa.ontrack.model.structure.NameDescription.Companion.nd
 import net.nemerosa.ontrack.test.TestUtils.uid
-import org.junit.Test
+import org.junit.jupiter.api.Test
 import org.springframework.security.access.AccessDeniedException
 import kotlin.test.assertEquals
+import kotlin.test.assertFailsWith
 import kotlin.test.assertTrue
 
-class BuildLinkIT : AbstractDSLTestJUnit4Support() {
+class BuildLinkIT : AbstractDSLTestSupport() {
 
-    @Test(expected = ProjectNotFoundException::class)
+    @Test
     fun `Edition of links - project not found at all`() {
         val source = doCreateBuild()
         asUser().with(source, BuildConfig::class.java).call {
             // Adds the link using a form
-            structureService.editBuildLinks(
+            assertFailsWith<ProjectNotFoundException> {
+                structureService.editBuildLinks(
                     source,
-                    BuildLinkForm(false,
-                            BuildLinkFormItem(uid("P"), "xxx")
+                    BuildLinkForm(
+                        false,
+                        BuildLinkFormItem(uid("P"), "xxx")
                     )
-            )
+                )
+            }
         }
     }
 
-    @Test(expected = ProjectNotFoundException::class)
+    @Test
     fun `Edition of links - project not authorised`() {
         withNoGrantViewToAll {
             val source = doCreateBuild()
             val target = doCreateBuild()
             asUser().with(source, BuildConfig::class.java).call {
-                // Adds the link using a form
-                structureService.editBuildLinks(
+                assertFailsWith<ProjectNotFoundException> {
+                    // Adds the link using a form
+                    structureService.editBuildLinks(
                         source,
-                        BuildLinkForm(false,
-                                BuildLinkFormItem(target.project.name, target.name)
+                        BuildLinkForm(
+                            false,
+                            BuildLinkFormItem(target.project.name, target.name)
                         )
-                )
+                    )
+                }
             }
         }
     }
 
-    @Test(expected = BuildNotFoundException::class)
+    @Test
     fun `Edition of links - build not found`() {
         val source = doCreateBuild()
         val target = doCreateProject()
         asUser().with(source, BuildConfig::class.java).withView(target).call {
             // Adds the link using a form
-            structureService.editBuildLinks(
+            assertFailsWith<BuildNotFoundException> {
+                structureService.editBuildLinks(
                     source,
-                    BuildLinkForm(false,
-                            BuildLinkFormItem(target.name, "xxx")
+                    BuildLinkForm(
+                        false,
+                        BuildLinkFormItem(target.name, "xxx")
                     )
-            )
+                )
+            }
         }
     }
 
@@ -264,19 +274,21 @@ class BuildLinkIT : AbstractDSLTestJUnit4Support() {
         assertTrue(targets.any { it.name == target.name })
     }
 
-    @Test(expected = AccessDeniedException::class)
+    @Test
     fun `Build config is needed on source build to create a link`() {
         // Creates a build
         val build = doCreateBuild()
         // Creates a second build to link
         val target = doCreateBuild()
         // Build link creation
         asUser().withView(target).call {
-            structureService.addBuildLink(build, target)
+            assertFailsWith<AccessDeniedException> {
+                structureService.addBuildLink(build, target)
+            }
         }
     }
 
-    @Test(expected = AccessDeniedException::class)
+    @Test
     fun `Build view is needed on target build to create a link`() {
         withNoGrantViewToAll {
             // Creates a build
@@ -285,7 +297,9 @@ class BuildLinkIT : AbstractDSLTestJUnit4Support() {
             val target = doCreateBuild()
             // Build link creation
             asUser().with(build, BuildConfig::class.java).call {
-                structureService.addBuildLink(build, target)
+                assertFailsWith<AccessDeniedException> {
+                    structureService.addBuildLink(build, target)
+                }
             }
         }
     }
@@ -355,15 +369,17 @@ class BuildLinkIT : AbstractDSLTestJUnit4Support() {
         assertEquals(listOf(target.name), targets.map { it.name })
     }
 
-    @Test(expected = AccessDeniedException::class)
+    @Test
     fun `Creator role cannot create links`() {
         // Creates a build
         val build = doCreateBuild()
         // Creates a second build to link
         val target = doCreateBuild()
         // Build link creation
         asGlobalRole("CREATOR").call {
-            structureService.addBuildLink(build, target)
+            assertFailsWith<AccessDeniedException> {
+                structureService.addBuildLink(build, target)
+            }
         }
     }
 
@@ -401,15 +417,17 @@ class BuildLinkIT : AbstractDSLTestJUnit4Support() {
         assertEquals(listOf(target.name), targets.map { it.name })
     }
 
-    @Test(expected = AccessDeniedException::class)
+    @Test
     fun `Build create function does not grant access to create links`() {
         // Creates a build
         val build = doCreateBuild()
         // Creates a second build to link
         val target = doCreateBuild()
         // Build link creation
         asUser().with(build, BuildCreate::class.java).withView(target).call {
-            structureService.addBuildLink(build, target)
+            assertFailsWith<AccessDeniedException> {
+                structureService.addBuildLink(build, target)
+            }
         }
     }
 

ontrack-ui-graphql/src/test/java/net/nemerosa/ontrack/graphql/PropertiesGraphQLIT.kt

@@ -4,12 +4,12 @@ import net.nemerosa.ontrack.extension.general.MessageProperty
 import net.nemerosa.ontrack.extension.general.MessagePropertyType
 import net.nemerosa.ontrack.extension.general.MessageType
 import net.nemerosa.ontrack.model.structure.*
-import org.junit.Test
+import org.junit.jupiter.api.Test
 import kotlin.test.assertEquals
 import kotlin.test.assertNotNull
 import kotlin.test.assertNull
 
-class PropertiesGraphQLIT : AbstractQLKTITJUnit4Support() {
+class PropertiesGraphQLIT : AbstractQLKTITSupport() {
 
     @Test
     fun `Getting a property by type for an entity`() {

ontrack-ui-graphql/src/test/java/net/nemerosa/ontrack/graphql/ValidationStampGraphQLIT.kt

@@ -7,7 +7,7 @@ import net.nemerosa.ontrack.extension.general.validation.CHMLValidationDataTypeC
 import net.nemerosa.ontrack.model.structure.config
 import net.nemerosa.ontrack.test.TestUtils.uid
 import net.nemerosa.ontrack.test.assertPresent
-import org.junit.Test
+import org.junit.jupiter.api.Test
 import org.springframework.beans.factory.annotation.Autowired
 import kotlin.test.assertEquals
 import kotlin.test.assertFalse
@@ -16,7 +16,7 @@ import kotlin.test.assertTrue
 /**
  * Integration tests around the `validationStamp` root query.
  */
-class ValidationStampGraphQLIT : AbstractQLKTITJUnit4Support() {
+class ValidationStampGraphQLIT : AbstractQLKTITSupport() {
 
     @Autowired
     private lateinit var chmlValidationDataType: CHMLValidationDataType