@Test
public void shouldNotContinueWithConfigSaveIfUserIsUnauthorized() {
when(goConfigService.isUserAdmin(currentUser)).thenReturn(false);
when(goConfigService.isGroupAdministrator(currentUser.getUsername())).thenReturn(false);
SCM updatedScm =
new SCM(
"id",
new PluginConfiguration("plugin-id", "1"),
new Configuration(
new ConfigurationProperty(
new ConfigurationKey("key1"), new ConfigurationValue("value1"))));
UpdateSCMConfigCommand command =
new UpdateSCMConfigCommand(
updatedScm,
pluggableScmService,
goConfigService,
currentUser,
result,
"md5",
entityHashingService);
assertThat(command.canContinue(cruiseConfig), is(false));
assertThat(result.toString(), containsString("UNAUTHORIZED_TO_EDIT"));
}
@Test
public void shouldNotContinueWithConfigSaveIfObjectNotFound() {
when(goConfigService.isUserAdmin(currentUser)).thenReturn(true);
when(goConfigService.isGroupAdministrator(currentUser.getUsername())).thenReturn(false);
SCM updatedScm =
new SCM(
"non-existent-id",
new PluginConfiguration("plugin-id", "1"),
new Configuration(
new ConfigurationProperty(
new ConfigurationKey("key1"), new ConfigurationValue("value1"))));
UpdateSCMConfigCommand command =
new UpdateSCMConfigCommand(
updatedScm,
pluggableScmService,
goConfigService,
currentUser,
result,
"md5",
entityHashingService);
thrown.expect(NullPointerException.class);
thrown.expectMessage("The pluggable scm material with id 'non-existent-id' is not found.");
assertThat(command.canContinue(cruiseConfig), is(false));
}
@Test
public void shouldNotContinueWithConfigSaveIfRequestIsNotFresh() {
when(goConfigService.isUserAdmin(currentUser)).thenReturn(true);
when(goConfigService.isGroupAdministrator(currentUser.getUsername())).thenReturn(false);
SCM updatedScm =
new SCM(
"id",
new PluginConfiguration("plugin-id", "1"),
new Configuration(
new ConfigurationProperty(
new ConfigurationKey("key1"), new ConfigurationValue("value1"))));
updatedScm.setName("material");
when(entityHashingService.md5ForEntity(cruiseConfig.getSCMs().find("id"), "material"))
.thenReturn("another-md5");
UpdateSCMConfigCommand command =
new UpdateSCMConfigCommand(
updatedScm,
pluggableScmService,
goConfigService,
currentUser,
result,
"md5",
entityHashingService);
assertThat(command.canContinue(cruiseConfig), is(false));
assertThat(result.toString(), containsString("STALE_RESOURCE_CONFIG"));
assertThat(result.toString(), containsString(updatedScm.getName()));
}
public boolean hasViewPermissionForPipeline(Username username, String pipelineName) {
String groupName =
goConfigService.findGroupNameByPipeline(new CaseInsensitiveString(pipelineName));
if (groupName == null) {
return true;
}
return hasViewPermissionForGroup(CaseInsensitiveString.str(username.getUsername()), groupName);
}
public List<CaseInsensitiveString> viewablePipelinesFor(Username username) {
List<CaseInsensitiveString> pipelines = new ArrayList<CaseInsensitiveString>();
for (String group : goConfigService.allGroups()) {
if (hasViewPermissionForGroup(CaseInsensitiveString.str(username.getUsername()), group)) {
pipelines.addAll(goConfigService.pipelines(group));
}
}
return pipelines;
}
private boolean isAuthorized() {
if (!(goConfigService.isUserAdmin(username)
|| goConfigService.isGroupAdministrator(username.getUsername()))) {
result.unauthorized(
LocalizedMessage.string("UNAUTHORIZED_TO_EDIT"), HealthStateType.unauthorised());
return false;
}
return true;
}
public void addUserIfDoesNotExist(Username userName) {
synchronized (enableUserMutex) {
User user = new User(CaseInsensitiveString.str(userName.getUsername()));
if (!(user.isAnonymous() || userExists(user))) {
assertUnknownUsersAreAllowedToLogin();
userDao.saveOrUpdate(user);
}
}
}
private boolean isAdminOfGroup(
String toGroupName, Username username, HttpLocalizedOperationResult result) {
if (!isUserAdminOfGroup(username.getUsername(), toGroupName)) {
result.unauthorized(
LocalizedMessage.string("UNAUTHORIZED_TO_EDIT_GROUP", toGroupName),
HealthStateType.unauthorised());
return false;
}
return true;
}
public List<PipelineConfigs> viewableGroupsFor(Username username) {
ArrayList<PipelineConfigs> list = new ArrayList<PipelineConfigs>();
for (PipelineConfigs pipelineConfigs : goConfigService.getCurrentConfig().getGroups()) {
if (hasViewPermissionForGroup(
CaseInsensitiveString.str(username.getUsername()), pipelineConfigs.getGroup())) {
list.add(pipelineConfigs);
}
}
return list;
}
@Override
public boolean canContinue(CruiseConfig cruiseConfig) {
if (goConfigService.groups().hasGroup(groupName)
&& !goConfigService.isUserAdminOfGroup(currentUser.getUsername(), groupName)) {
result.unauthorized(
LocalizedMessage.string("UNAUTHORIZED_TO_EDIT_GROUP", groupName),
HealthStateType.unauthorised());
return false;
}
return true;
}
@Test
public void shouldContinueWithConfigSaveIfUserIsGroupAdmin() {
when(goConfigService.isUserAdmin(currentUser)).thenReturn(false);
when(goConfigService.isGroupAdministrator(currentUser.getUsername())).thenReturn(true);
CreatePackageRepositoryCommand command =
new CreatePackageRepositoryCommand(
goConfigService, packageRepositoryService, packageRepository, currentUser, result);
assertThat(command.canContinue(cruiseConfig), is(true));
}
public List<String> modifiableGroupsForUser(Username userName) {
if (isUserAdmin(userName)) {
return goConfigService.allGroups();
}
List<String> modifiableGroups = new ArrayList<String>();
for (String group : goConfigService.allGroups()) {
if (isUserAdminOfGroup(userName.getUsername(), group)) {
modifiableGroups.add(group);
}
}
return modifiableGroups;
}
public boolean canEditPipeline(
String pipelineName, Username username, LocalizedOperationResult result, String groupName) {
if (!doesPipelineExist(pipelineName, result)) {
return false;
}
if (!isUserAdminOfGroup(username.getUsername(), groupName)) {
result.unauthorized(
LocalizedMessage.string("UNAUTHORIZED_TO_EDIT_PIPELINE", pipelineName),
HealthStateType.unauthorisedForPipeline(pipelineName));
return false;
}
return true;
}
@Test
public void shouldContinueWithConfigSaveIfUserIsGroupAdmin() {
when(goConfigService.isUserAdmin(currentUser)).thenReturn(false);
when(goConfigService.isGroupAdministrator(currentUser.getUsername())).thenReturn(true);
when(entityHashingService.md5ForEntity(any(PackageRepository.class))).thenReturn("md5");
UpdatePackageRepositoryCommand command =
new UpdatePackageRepositoryCommand(
goConfigService,
packageRepositoryService,
newPackageRepo,
currentUser,
"md5",
entityHashingService,
result,
repoId);
assertThat(command.canContinue(cruiseConfig), is(true));
}
private boolean isUserTemplateAdmin(Username username) {
return getCurrentConfig().getTemplates().canViewAndEditTemplate(username.getUsername());
}
public boolean isUserGroupAdmin(Username username) {
return goConfigService.isGroupAdministrator(username.getUsername());
}
public boolean isAuthorizedToEditTemplate(String templateName, Username username) {
return isUserAdmin(username)
|| getCurrentConfig()
.getTemplates()
.canUserEditTemplate(templateName, username.getUsername());
}
public boolean hasViewOrOperatePermissionForPipeline(Username username, String pipelineName) {
return hasViewPermissionForPipeline(username, pipelineName)
|| hasOperatePermissionForPipeline(username.getUsername(), pipelineName);
}
public boolean isGroupAdministrator(final Username userName) {
return getCurrentConfig().isGroupAdministrator(userName.getUsername());
}
public boolean isUserAdmin(Username username) {
return isAdministrator(CaseInsensitiveString.str(username.getUsername()));
}
public boolean isAuthorizedToViewAndEditTemplates(Username username) {
return getCurrentConfig().getTemplates().canViewAndEditTemplate(username.getUsername());
}
