Esempio n. 1
0
  @Test
  public void count_users_with_one_permission_when_the_last_one_is_in_a_group() {
    DbClient dbClient = db.getDbClient();

    UserDto user = dbClient.userDao().insert(db.getSession(), new UserDto().setActive(true));
    GroupDto group = dbClient.groupDao().insert(db.getSession(), new GroupDto());
    dbClient
        .userGroupDao()
        .insert(
            db.getSession(), new UserGroupDto().setGroupId(group.getId()).setUserId(user.getId()));
    dbClient
        .roleDao()
        .insertGroupRole(
            db.getSession(),
            new GroupRoleDto().setGroupId(group.getId()).setRole(GlobalPermissions.SYSTEM_ADMIN));

    int resultWithoutExcludingGroup =
        underTest.countUserPermissions(db.getSession(), GlobalPermissions.SYSTEM_ADMIN, null);
    int resultWithGroupExclusion =
        underTest.countUserPermissions(
            db.getSession(), GlobalPermissions.SYSTEM_ADMIN, group.getId());

    assertThat(resultWithoutExcludingGroup).isEqualTo(1);
    assertThat(resultWithGroupExclusion).isEqualTo(0);
  }
Esempio n. 2
0
  @Test
  public void count_user_twice_when_user_and_group_permission() {
    DbClient dbClient = db.getDbClient();

    UserDto user = dbClient.userDao().insert(db.getSession(), new UserDto().setActive(true));
    GroupDto group = dbClient.groupDao().insert(db.getSession(), new GroupDto());
    dbClient
        .userGroupDao()
        .insert(
            db.getSession(), new UserGroupDto().setGroupId(group.getId()).setUserId(user.getId()));
    dbClient
        .roleDao()
        .insertGroupRole(
            db.getSession(),
            new GroupRoleDto().setGroupId(group.getId()).setRole(GlobalPermissions.SYSTEM_ADMIN));
    dbClient
        .roleDao()
        .insertUserRole(
            db.getSession(),
            new UserRoleDto().setUserId(user.getId()).setRole(GlobalPermissions.SYSTEM_ADMIN));

    int result =
        underTest.countUserPermissions(db.getSession(), GlobalPermissions.SYSTEM_ADMIN, null);

    assertThat(result).isEqualTo(2);
  }
Esempio n. 3
0
  @Test
  public void count_users_with_one_specific_permission() {
    DbClient dbClient = db.getDbClient();
    UserDto user = dbClient.userDao().insert(db.getSession(), new UserDto().setActive(true));
    dbClient
        .roleDao()
        .insertUserRole(
            db.getSession(),
            new UserRoleDto()
                .setUserId(user.getId())
                .setResourceId(123L)
                .setRole(GlobalPermissions.SYSTEM_ADMIN));
    dbClient
        .roleDao()
        .insertUserRole(
            db.getSession(),
            new UserRoleDto().setUserId(user.getId()).setRole(GlobalPermissions.SYSTEM_ADMIN));
    dbClient
        .roleDao()
        .insertUserRole(
            db.getSession(),
            new UserRoleDto().setUserId(user.getId()).setRole(GlobalPermissions.SCAN_EXECUTION));

    int result =
        underTest.countUserPermissions(db.getSession(), GlobalPermissions.SYSTEM_ADMIN, null);

    assertThat(result).isEqualTo(1);
  }
Esempio n. 4
0
 Long getUserId() {
   UserDto userDto = dbClient.userDao().selectActiveUserByLogin(updatedReference);
   if (userDto == null) {
     throw new BadRequestException("Unknown user: " + updatedReference);
   }
   return userDto.getId();
 }
Esempio n. 5
0
  @Before
  public void setUp() {
    userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);

    DbClient dbClient = mock(DbClient.class);
    when(dbClient.openSession(false)).thenReturn(session);
    when(dbClient.permissionTemplateDao()).thenReturn(permissionTemplateDao);
    when(dbClient.userDao()).thenReturn(userDao);
    when(dbClient.groupDao()).thenReturn(groupDao);
    underTest = new PermissionTemplateService(dbClient, userSessionRule, finder);
  }
Esempio n. 6
0
 private UserDto insertUser(UserDto userDto) {
   return dbClient.userDao().insert(dbSession, userDto.setActive(true));
 }
Esempio n. 7
0
  @Override
  public void handle(Request request, Response response) throws Exception {
    DbSession dbSession = dbClient.openSession(false);
    try {
      Integer userId = userSession.getUserId();
      DashboardDto dashboard =
          dbClient
              .dashboardDao()
              .selectAllowedByKey(
                  dbSession,
                  request.mandatoryParamAsLong(PARAM_KEY),
                  userId != null ? userId.longValue() : null);
      if (dashboard == null) {
        throw new NotFoundException();
      }

      JsonWriter json = response.newJsonWriter();
      json.beginObject();
      json.prop("key", dashboard.getKey());
      json.prop("name", dashboard.getName());
      json.prop("layout", dashboard.getColumnLayout());
      json.prop("desc", dashboard.getDescription());
      json.prop("global", dashboard.getGlobal());
      json.prop("shared", dashboard.getShared());
      if (dashboard.getUserId() != null) {
        UserDto user = dbClient.userDao().selectUserById(dashboard.getUserId());
        if (user != null) {
          json.name("owner").beginObject();
          // TODO to be shared and extracted from here
          json.prop("login", user.getLogin());
          json.prop("name", user.getName());
          json.endObject();
        }
      }
      // load widgets and related properties
      json.name("widgets").beginArray();
      Collection<WidgetDto> widgets =
          dbClient.widgetDao().findByDashboard(dbSession, dashboard.getKey());
      ListMultimap<Long, WidgetPropertyDto> propertiesByWidget =
          WidgetPropertyDto.groupByWidgetId(
              dbClient.widgetPropertyDao().selectByDashboard(dbSession, dashboard.getKey()));
      for (WidgetDto widget : widgets) {
        json.beginObject();
        json.prop("id", widget.getId());
        json.prop("key", widget.getWidgetKey());
        json.prop("name", widget.getName());
        json.prop("desc", widget.getDescription());
        json.prop("col", widget.getColumnIndex());
        json.prop("row", widget.getRowIndex());
        json.prop("configured", widget.getConfigured());
        json.prop("componentId", widget.getResourceId());
        json.name("props").beginArray();
        for (WidgetPropertyDto prop : propertiesByWidget.get(widget.getId())) {
          json.beginObject();
          json.prop("key", prop.getPropertyKey());
          json.prop("val", prop.getTextValue());
          json.endObject();
        }
        json.endArray().endObject();
      }

      json.endArray();
      json.endObject();
      json.close();
    } finally {
      dbSession.close();
    }
  }