@Test
public void testAllTypes() {
final ProjectPermissionPageTab projectPermissionPage =
jira.gotoLoginPage().loginAsSysAdmin(ProjectPermissionPageTab.class, "CHOC");
assertEquals("Choc Full Scheme", projectPermissionPage.getSchemeName());
assertEquals("Choc Full Permission Scheme", projectPermissionPage.getSchemeDescription());
final Permission permission = projectPermissionPage.getPermissionByName("Create Issues");
final List<String> entities = permission.getEntities();
final List<String> expectedEntities =
CollectionBuilder.newBuilder(
"Reporter",
"Group (jira-administrators)",
"Group (Anyone)",
"Single User (admin)",
"Project Lead",
"Current Assignee",
"Project Role (Administrators)",
"User Custom Field Value (User Picker)",
"Group Custom Field Value (Group Picker)")
.asList();
assertEquals(expectedEntities, entities);
final ProjectSharedBy sharedBy = projectPermissionPage.getSharedBy();
assertFalse(sharedBy.isPresent());
}
@Test
public void testXSS() {
final ProjectPermissionPageTab projectPermissionPage =
jira.gotoLoginPage().loginAsSysAdmin(ProjectPermissionPageTab.class, "XSS");
assertEquals("<script>alert(\"wtf\");</script>", projectPermissionPage.getSchemeName());
assertEquals("<script>alert(\"wtf\");</script>", projectPermissionPage.getSchemeDescription());
final Permission permission = projectPermissionPage.getPermissionByName("Administer Projects");
final List<String> entities = permission.getEntities();
final List<String> expectedEntities =
CollectionBuilder.newBuilder("User Custom Field Value (<script>alert(\"wtf\");</script>)")
.asList();
assertEquals(expectedEntities, entities);
final ProjectSharedBy sharedBy = projectPermissionPage.getSharedBy();
assertTrue(sharedBy.isPresent());
assertEquals("2 projects", sharedBy.getTriggerText());
assertEquals(
Arrays.asList("<script>alert(\"wtf\");</script>", "Another Shared project"),
sharedBy.getProjects());
}
