From a7597a01837669bc4c6ba9ffb18640b17cdb0de5 Mon Sep 17 00:00:00 2001 From: Damien Coraboeuf Date: Tue, 1 Nov 2022 11:23:04 +0100 Subject: [PATCH] #1039 Default security settings made explicit --- .../model/settings/SecuritySettings.kt | 6 +- .../settings/SecuritySettingsProvider.kt | 4 +- .../nemerosa/ontrack/service/BuildLinkIT.kt | 72 ++++++++++++------- .../ontrack/graphql/PropertiesGraphQLIT.kt | 4 +- .../graphql/ValidationStampGraphQLIT.kt | 4 +- 5 files changed, 55 insertions(+), 35 deletions(-) diff --git a/ontrack-model/src/main/java/net/nemerosa/ontrack/model/settings/SecuritySettings.kt b/ontrack-model/src/main/java/net/nemerosa/ontrack/model/settings/SecuritySettings.kt index f97d07bf27f..03d4aac50b5 100644 --- a/ontrack-model/src/main/java/net/nemerosa/ontrack/model/settings/SecuritySettings.kt +++ b/ontrack-model/src/main/java/net/nemerosa/ontrack/model/settings/SecuritySettings.kt @@ -15,15 +15,17 @@ import net.nemerosa.ontrack.model.form.YesNo data class SecuritySettings( @get:JsonProperty("grantProjectViewToAll") @APIDescription("Grants project view to all") - val isGrantProjectViewToAll: Boolean, + val isGrantProjectViewToAll: Boolean = DEFAULT_GRANT_PROJECT_VIEW_TO_ALL, @get:JsonProperty("grantProjectParticipationToAll") @APIDescription("Grants project participation to all") - val isGrantProjectParticipationToAll: Boolean, + val isGrantProjectParticipationToAll: Boolean = DEFAULT_GRANT_PROJECT_PARTICIPATION_TO_ALL, @APIDescription("Enabling the built-in authentication") val builtInAuthenticationEnabled: Boolean = DEFAULT_BUILTIN_AUTHENTICATION_ENABLED, ) { companion object { + const val DEFAULT_GRANT_PROJECT_VIEW_TO_ALL = true + const val DEFAULT_GRANT_PROJECT_PARTICIPATION_TO_ALL = true const val DEFAULT_BUILTIN_AUTHENTICATION_ENABLED = true } diff --git a/ontrack-service/src/main/java/net/nemerosa/ontrack/service/settings/SecuritySettingsProvider.kt b/ontrack-service/src/main/java/net/nemerosa/ontrack/service/settings/SecuritySettingsProvider.kt index 18105114173..03813493c74 100644 --- a/ontrack-service/src/main/java/net/nemerosa/ontrack/service/settings/SecuritySettingsProvider.kt +++ b/ontrack-service/src/main/java/net/nemerosa/ontrack/service/settings/SecuritySettingsProvider.kt @@ -13,8 +13,8 @@ class SecuritySettingsProvider( * By default, grants view accesses to everybody. */ override fun getSettings(): SecuritySettings = SecuritySettings( - settingsRepository.getBoolean(SecuritySettings::class.java, "grantProjectViewToAll", true), - settingsRepository.getBoolean(SecuritySettings::class.java, "grantProjectParticipationToAll", true), + settingsRepository.getBoolean(SecuritySettings::class.java, "grantProjectViewToAll", SecuritySettings.DEFAULT_GRANT_PROJECT_VIEW_TO_ALL), + settingsRepository.getBoolean(SecuritySettings::class.java, "grantProjectParticipationToAll", SecuritySettings.DEFAULT_GRANT_PROJECT_PARTICIPATION_TO_ALL), settingsRepository.getBoolean(SecuritySettings::class.java, SecuritySettings::builtInAuthenticationEnabled.name, SecuritySettings.DEFAULT_BUILTIN_AUTHENTICATION_ENABLED), ) diff --git a/ontrack-service/src/test/java/net/nemerosa/ontrack/service/BuildLinkIT.kt b/ontrack-service/src/test/java/net/nemerosa/ontrack/service/BuildLinkIT.kt index 73cc1a5977b..a29c596a82d 100644 --- a/ontrack-service/src/test/java/net/nemerosa/ontrack/service/BuildLinkIT.kt +++ b/ontrack-service/src/test/java/net/nemerosa/ontrack/service/BuildLinkIT.kt @@ -1,6 +1,6 @@ package net.nemerosa.ontrack.service -import net.nemerosa.ontrack.it.AbstractDSLTestJUnit4Support +import net.nemerosa.ontrack.it.AbstractDSLTestSupport import net.nemerosa.ontrack.model.exceptions.BuildNotFoundException import net.nemerosa.ontrack.model.exceptions.ProjectNotFoundException import net.nemerosa.ontrack.model.security.BuildConfig @@ -9,56 +9,66 @@ import net.nemerosa.ontrack.model.security.BuildEdit import net.nemerosa.ontrack.model.structure.* import net.nemerosa.ontrack.model.structure.NameDescription.Companion.nd import net.nemerosa.ontrack.test.TestUtils.uid -import org.junit.Test +import org.junit.jupiter.api.Test import org.springframework.security.access.AccessDeniedException import kotlin.test.assertEquals +import kotlin.test.assertFailsWith import kotlin.test.assertTrue -class BuildLinkIT : AbstractDSLTestJUnit4Support() { +class BuildLinkIT : AbstractDSLTestSupport() { - @Test(expected = ProjectNotFoundException::class) + @Test fun `Edition of links - project not found at all`() { val source = doCreateBuild() asUser().with(source, BuildConfig::class.java).call { // Adds the link using a form - structureService.editBuildLinks( + assertFailsWith { + structureService.editBuildLinks( source, - BuildLinkForm(false, - BuildLinkFormItem(uid("P"), "xxx") + BuildLinkForm( + false, + BuildLinkFormItem(uid("P"), "xxx") ) - ) + ) + } } } - @Test(expected = ProjectNotFoundException::class) + @Test fun `Edition of links - project not authorised`() { withNoGrantViewToAll { val source = doCreateBuild() val target = doCreateBuild() asUser().with(source, BuildConfig::class.java).call { - // Adds the link using a form - structureService.editBuildLinks( + assertFailsWith { + // Adds the link using a form + structureService.editBuildLinks( source, - BuildLinkForm(false, - BuildLinkFormItem(target.project.name, target.name) + BuildLinkForm( + false, + BuildLinkFormItem(target.project.name, target.name) ) - ) + ) + } } } } - @Test(expected = BuildNotFoundException::class) + @Test fun `Edition of links - build not found`() { val source = doCreateBuild() val target = doCreateProject() asUser().with(source, BuildConfig::class.java).withView(target).call { // Adds the link using a form - structureService.editBuildLinks( + assertFailsWith { + structureService.editBuildLinks( source, - BuildLinkForm(false, - BuildLinkFormItem(target.name, "xxx") + BuildLinkForm( + false, + BuildLinkFormItem(target.name, "xxx") ) - ) + ) + } } } @@ -264,7 +274,7 @@ class BuildLinkIT : AbstractDSLTestJUnit4Support() { assertTrue(targets.any { it.name == target.name }) } - @Test(expected = AccessDeniedException::class) + @Test fun `Build config is needed on source build to create a link`() { // Creates a build val build = doCreateBuild() @@ -272,11 +282,13 @@ class BuildLinkIT : AbstractDSLTestJUnit4Support() { val target = doCreateBuild() // Build link creation asUser().withView(target).call { - structureService.addBuildLink(build, target) + assertFailsWith { + structureService.addBuildLink(build, target) + } } } - @Test(expected = AccessDeniedException::class) + @Test fun `Build view is needed on target build to create a link`() { withNoGrantViewToAll { // Creates a build @@ -285,7 +297,9 @@ class BuildLinkIT : AbstractDSLTestJUnit4Support() { val target = doCreateBuild() // Build link creation asUser().with(build, BuildConfig::class.java).call { - structureService.addBuildLink(build, target) + assertFailsWith { + structureService.addBuildLink(build, target) + } } } } @@ -355,7 +369,7 @@ class BuildLinkIT : AbstractDSLTestJUnit4Support() { assertEquals(listOf(target.name), targets.map { it.name }) } - @Test(expected = AccessDeniedException::class) + @Test fun `Creator role cannot create links`() { // Creates a build val build = doCreateBuild() @@ -363,7 +377,9 @@ class BuildLinkIT : AbstractDSLTestJUnit4Support() { val target = doCreateBuild() // Build link creation asGlobalRole("CREATOR").call { - structureService.addBuildLink(build, target) + assertFailsWith { + structureService.addBuildLink(build, target) + } } } @@ -401,7 +417,7 @@ class BuildLinkIT : AbstractDSLTestJUnit4Support() { assertEquals(listOf(target.name), targets.map { it.name }) } - @Test(expected = AccessDeniedException::class) + @Test fun `Build create function does not grant access to create links`() { // Creates a build val build = doCreateBuild() @@ -409,7 +425,9 @@ class BuildLinkIT : AbstractDSLTestJUnit4Support() { val target = doCreateBuild() // Build link creation asUser().with(build, BuildCreate::class.java).withView(target).call { - structureService.addBuildLink(build, target) + assertFailsWith { + structureService.addBuildLink(build, target) + } } } diff --git a/ontrack-ui-graphql/src/test/java/net/nemerosa/ontrack/graphql/PropertiesGraphQLIT.kt b/ontrack-ui-graphql/src/test/java/net/nemerosa/ontrack/graphql/PropertiesGraphQLIT.kt index 7807f8b56d9..a13652b73ff 100644 --- a/ontrack-ui-graphql/src/test/java/net/nemerosa/ontrack/graphql/PropertiesGraphQLIT.kt +++ b/ontrack-ui-graphql/src/test/java/net/nemerosa/ontrack/graphql/PropertiesGraphQLIT.kt @@ -4,12 +4,12 @@ import net.nemerosa.ontrack.extension.general.MessageProperty import net.nemerosa.ontrack.extension.general.MessagePropertyType import net.nemerosa.ontrack.extension.general.MessageType import net.nemerosa.ontrack.model.structure.* -import org.junit.Test +import org.junit.jupiter.api.Test import kotlin.test.assertEquals import kotlin.test.assertNotNull import kotlin.test.assertNull -class PropertiesGraphQLIT : AbstractQLKTITJUnit4Support() { +class PropertiesGraphQLIT : AbstractQLKTITSupport() { @Test fun `Getting a property by type for an entity`() { diff --git a/ontrack-ui-graphql/src/test/java/net/nemerosa/ontrack/graphql/ValidationStampGraphQLIT.kt b/ontrack-ui-graphql/src/test/java/net/nemerosa/ontrack/graphql/ValidationStampGraphQLIT.kt index 91ac22002ad..d1340962982 100644 --- a/ontrack-ui-graphql/src/test/java/net/nemerosa/ontrack/graphql/ValidationStampGraphQLIT.kt +++ b/ontrack-ui-graphql/src/test/java/net/nemerosa/ontrack/graphql/ValidationStampGraphQLIT.kt @@ -7,7 +7,7 @@ import net.nemerosa.ontrack.extension.general.validation.CHMLValidationDataTypeC import net.nemerosa.ontrack.model.structure.config import net.nemerosa.ontrack.test.TestUtils.uid import net.nemerosa.ontrack.test.assertPresent -import org.junit.Test +import org.junit.jupiter.api.Test import org.springframework.beans.factory.annotation.Autowired import kotlin.test.assertEquals import kotlin.test.assertFalse @@ -16,7 +16,7 @@ import kotlin.test.assertTrue /** * Integration tests around the `validationStamp` root query. */ -class ValidationStampGraphQLIT : AbstractQLKTITJUnit4Support() { +class ValidationStampGraphQLIT : AbstractQLKTITSupport() { @Autowired private lateinit var chmlValidationDataType: CHMLValidationDataType