Exemplo n.º 1
0
  @Test
  public void keep_authorized_users_for_role_and_project_for_group() {
    db.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_group.xml");

    assertThat(
            underTest.keepAuthorizedUsersForRoleAndProject(
                dbSession,
                // Only 100 and 101 has 'user' role on project
                newHashSet(100L, 101L, 102L),
                "user",
                PROJECT_ID))
        .containsOnly(100L, 101L);

    assertThat(
            underTest.keepAuthorizedUsersForRoleAndProject(
                dbSession, newHashSet(100L), "user", PROJECT_ID))
        .containsOnly(100L);

    // user does not have the role "admin"
    assertThat(
            underTest.keepAuthorizedUsersForRoleAndProject(
                dbSession, newHashSet(100L), "admin", PROJECT_ID))
        .isEmpty();

    // Empty list
    assertThat(
            underTest.keepAuthorizedUsersForRoleAndProject(
                dbSession, Collections.emptySet(), "user", PROJECT_ID))
        .isEmpty();
  }
Exemplo n.º 2
0
  @Test
  public void should_return_global_permissions_for_anonymous() {
    setupData("should_return_global_permissions_for_anonymous");

    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
    assertThat(authorization.selectGlobalPermissions(null)).containsOnly("user", "admin");
  }
Exemplo n.º 3
0
  @Test
  public void should_return_global_permissions_for_group_anyone() throws Exception {
    setupData("should_return_global_permissions_for_group_anyone");

    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
    assertThat(authorization.selectGlobalPermissions("anyone_user"))
        .containsOnly("user", "profileadmin");
  }
Exemplo n.º 4
0
  @Test
  public void should_return_group_global_permissions() {
    db.prepareDbUnit(getClass(), "should_return_group_global_permissions.xml");

    assertThat(underTest.selectGlobalPermissions("john")).containsOnly("user", "admin");
    assertThat(underTest.selectGlobalPermissions("arthur")).containsOnly("user");
    assertThat(underTest.selectGlobalPermissions("none")).isEmpty();
  }
Exemplo n.º 5
0
  @Test
  public void is_authorized_component_key_for_anonymous() {
    db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_anonymous.xml");

    assertThat(underTest.isAuthorizedComponentKey(PROJECT, null, "user")).isTrue();
    assertThat(underTest.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, null, "user")).isFalse();
    assertThat(underTest.isAuthorizedComponentKey(PROJECT, null, "admin")).isFalse();
  }
Exemplo n.º 6
0
  @Test
  public void should_return_group_global_permissions() {
    setupData("should_return_group_global_permissions");

    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
    assertThat(authorization.selectGlobalPermissions("john")).containsOnly("user", "admin");
    assertThat(authorization.selectGlobalPermissions("arthur")).containsOnly("user");
    assertThat(authorization.selectGlobalPermissions("none")).isEmpty();
  }
Exemplo n.º 7
0
  @Test
  public void is_authorized_component_key_for_group() {
    db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_group.xml");

    assertThat(underTest.isAuthorizedComponentKey(PROJECT, USER, "user")).isTrue();
    assertThat(underTest.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, USER, "user")).isFalse();

    // user does not have the role "admin"
    assertThat(underTest.isAuthorizedComponentKey(PROJECT, USER, "admin")).isFalse();
  }
Exemplo n.º 8
0
  @Test
  public void should_return_root_project_uuids_for_anonymous() {
    db.prepareDbUnit(getClass(), "should_return_root_project_keys_for_anonymous.xml");

    Collection<String> rootProjectUuids =
        underTest.selectAuthorizedRootProjectsUuids(dbSession, null, "user");

    assertThat(rootProjectUuids).containsOnly("ABCD");

    // group does not have the role "admin"
    rootProjectUuids = underTest.selectAuthorizedRootProjectsKeys(dbSession, null, "admin");
    assertThat(rootProjectUuids).isEmpty();
  }
Exemplo n.º 9
0
  @Test
  public void should_return_root_project_keys_for_user() {
    db.prepareDbUnit(getClass(), "should_return_root_project_keys_for_user.xml");

    Collection<String> rootProjectIds =
        underTest.selectAuthorizedRootProjectsKeys(dbSession, USER, "user");

    assertThat(rootProjectIds).containsOnly(PROJECT);

    // user does not have the role "admin"
    rootProjectIds = underTest.selectAuthorizedRootProjectsKeys(dbSession, USER, "admin");
    assertThat(rootProjectIds).isEmpty();
  }
Exemplo n.º 10
0
  @Test
  public void should_return_root_project_keys_for_anonymous() {
    setupData("should_return_root_project_keys_for_anonymous");

    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
    Collection<String> rootProjectIds =
        authorization.selectAuthorizedRootProjectsKeys(null, "user");

    assertThat(rootProjectIds).containsOnly(PROJECT);

    // group does not have the role "admin"
    rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(null, "admin");
    assertThat(rootProjectIds).isEmpty();
  }
Exemplo n.º 11
0
  @Test
  public void should_return_root_project_keys_for_group() {
    // but user is not in an authorized group
    setupData("should_return_root_project_keys_for_group");

    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
    Collection<String> rootProjectIds =
        authorization.selectAuthorizedRootProjectsKeys(USER, "user");

    assertThat(rootProjectIds).containsOnly(PROJECT);

    // user does not have the role "admin"
    rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(USER, "admin");
    assertThat(rootProjectIds).isEmpty();
  }
Exemplo n.º 12
0
  @Test
  public void anonymous_should_be_authorized() {
    db.prepareDbUnit(getClass(), "anonymous_should_be_authorized.xml");

    Collection<Long> componentIds =
        underTest.keepAuthorizedProjectIds(
            dbSession, newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), null, "user");

    assertThat(componentIds).containsOnly(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT);

    // group does not have the role "admin"
    componentIds =
        underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID), null, "admin");
    assertThat(componentIds).isEmpty();
  }
Exemplo n.º 13
0
  @Test
  public void should_return_global_permissions_for_group_anyone() {
    db.prepareDbUnit(getClass(), "should_return_global_permissions_for_group_anyone.xml");

    assertThat(underTest.selectGlobalPermissions("anyone_user"))
        .containsOnly("user", "profileadmin");
  }
Exemplo n.º 14
0
  @Test
  public void keep_authorized_project_ids_for_anonymous() {
    db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_anonymous.xml");

    assertThat(
            underTest.keepAuthorizedProjectIds(
                dbSession, newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), null, "user"))
        .containsOnly(PROJECT_ID);

    // user does not have the role "admin"
    assertThat(underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID), null, "admin"))
        .isEmpty();

    // Empty list
    assertThat(underTest.keepAuthorizedProjectIds(dbSession, Collections.emptySet(), null, "admin"))
        .isEmpty();
  }
Exemplo n.º 15
0
  @Test
  public void countUsersWithGlobalPermissionExcludingUser() {
    // group g1 has the permission p1 and has members user1 and user2
    // user3 has the permission
    UserDto user1 = db.users().insertUser();
    UserDto user2 = db.users().insertUser();
    UserDto user3 = db.users().insertUser();

    OrganizationDto org = db.organizations().insert();
    GroupDto group1 = db.users().insertGroup(org, "g1");
    db.users().insertPermissionOnGroup(group1, "p1");
    db.users().insertPermissionOnGroup(group1, "p2");
    db.users().insertMember(group1, user1);
    db.users().insertMember(group1, user2);
    db.users().insertPermissionOnUser(org, user3, "p1");
    db.users().insertPermissionOnAnyone(org, "p1");

    // other organizations are ignored
    OrganizationDto org2 = db.organizations().insert();
    db.users().insertPermissionOnUser(org2, user1, "p1");

    // excluding user1 -> remain user2 and user3
    assertThat(
            underTest.countUsersWithGlobalPermissionExcludingUser(
                db.getSession(), org.getUuid(), "p1", user1.getId()))
        .isEqualTo(2);

    // excluding user3 -> remain the members of group g1
    assertThat(
            underTest.countUsersWithGlobalPermissionExcludingUser(
                db.getSession(), org.getUuid(), "p1", user3.getId()))
        .isEqualTo(2);

    // excluding unknown user
    assertThat(
            underTest.countUsersWithGlobalPermissionExcludingUser(
                db.getSession(), org.getUuid(), "p1", -1))
        .isEqualTo(3);

    // nobody has the permission
    assertThat(
            underTest.countUsersWithGlobalPermissionExcludingUser(
                db.getSession(), org.getUuid(), "missingPermission", group1.getId()))
        .isEqualTo(0);
  }
Exemplo n.º 16
0
  @Test
  public void user_should_be_authorized() {
    // but user is not in an authorized group
    db.prepareDbUnit(getClass(), "user_should_be_authorized.xml");

    Collection<Long> componentIds =
        underTest.keepAuthorizedProjectIds(
            dbSession, newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), USER, "user");

    assertThat(componentIds).containsOnly(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT);

    // user does not have the role "admin"
    componentIds =
        underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID), USER, "admin");
    assertThat(componentIds).isEmpty();

    assertThat(underTest.keepAuthorizedProjectIds(dbSession, Collections.emptySet(), USER, "admin"))
        .isEmpty();
  }
Exemplo n.º 17
0
  @Test
  public void anonymous_should_be_authorized() {
    setupData("anonymous_should_be_authorized");

    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
    Set<String> componentIds =
        authorization.keepAuthorizedComponentKeys(
            Sets.<String>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
            null,
            "user");

    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE, EMPTY_PROJECT);

    // group does not have the role "admin"
    componentIds =
        authorization.keepAuthorizedComponentKeys(
            Sets.<String>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT), null, "admin");
    assertThat(componentIds).isEmpty();
  }
Exemplo n.º 18
0
  /** Anonymous user only benefits from the permissions granted to "Anyone" */
  @Test
  public void selectRootComponentPermissions_for_anonymous_user() {
    ComponentDto project1 = db.components().insertProject();
    db.users().insertProjectPermissionOnAnyone("perm1", project1);

    // ignored permissions
    db.users().insertPermissionOnAnyone(org, "ignored");
    db.users().insertPermissionOnUser(org, user, "ignored");
    db.users().insertPermissionOnGroup(group1, "ignored");
    ComponentDto project2 = db.components().insertProject();
    db.users().insertProjectPermissionOnGroup(group1, "ignored", project2);

    Set<String> permissions =
        underTest.selectRootComponentPermissionsOfAnonymous(dbSession, project1.getId());
    assertThat(permissions).containsOnly("perm1");

    // non granted project
    permissions = underTest.selectRootComponentPermissionsOfAnonymous(dbSession, project2.getId());
    assertThat(permissions).isEmpty();
  }
Exemplo n.º 19
0
  @Test
  public void keep_authorized_users_returns_empty_list_for_role_and_project_for_anonymous() {
    db.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_anonymous.xml");

    assertThat(
            underTest.keepAuthorizedUsersForRoleAndProject(
                dbSession,
                // Only 100 and 101 has 'user' role on project
                newHashSet(100L, 101L, 102L),
                "user",
                PROJECT_ID))
        .isEmpty();
  }
Exemplo n.º 20
0
  @Test
  public void group_should_have_global_authorization() {
    // user is in a group that has authorized access to all projects
    setupData("group_should_have_global_authorization");

    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
    Set<String> componentIds =
        authorization.keepAuthorizedComponentKeys(
            Sets.<String>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
            USER,
            "user");

    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE, EMPTY_PROJECT);

    // group does not have the role "admin"
    componentIds =
        authorization.keepAuthorizedComponentKeys(
            Sets.<String>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
            USER,
            "admin");
    assertThat(componentIds).isEmpty();
  }
Exemplo n.º 21
0
  /** Anonymous user only benefits from the permissions granted to "Anyone" */
  @Test
  public void selectOrganizationPermissions_for_anonymous_user() {
    db.users().insertPermissionOnAnyone(org, "perm1");

    // ignored permissions
    db.users().insertPermissionOnUser(org, user, "ignored");
    db.users().insertPermissionOnGroup(group1, "ignored");

    Set<String> permissions =
        underTest.selectOrganizationPermissionsOfAnonymous(dbSession, org.getUuid());

    assertThat(permissions).containsOnly("perm1");
  }
Exemplo n.º 22
0
  /** Union of the permissions granted to: - the user - the groups which user is member - anyone */
  @Test
  public void selectRootComponentPermissions_for_logged_in_user() {
    db.users().insertMember(group1, user);
    ComponentDto project1 = db.components().insertProject();
    db.users().insertProjectPermissionOnAnyone("perm1", project1);
    db.users().insertProjectPermissionOnGroup(group1, "perm2", project1);
    db.users().insertProjectPermissionOnUser(user, "perm3", project1);

    // ignored permissions
    db.users().insertPermissionOnAnyone(org, "ignored");
    db.users().insertPermissionOnGroup(group2, "ignored");
    ComponentDto project2 = db.components().insertProject();

    Set<String> permissions =
        underTest.selectRootComponentPermissions(dbSession, project1.getId(), user.getId());
    assertThat(permissions).containsOnly("perm1", "perm2", "perm3");

    // non granted project
    permissions =
        underTest.selectRootComponentPermissions(dbSession, project2.getId(), user.getId());
    assertThat(permissions).isEmpty();
  }
Exemplo n.º 23
0
  /** Union of the permissions granted to: - the user - the groups which user is member - anyone */
  @Test
  public void selectOrganizationPermissions_for_logged_in_user() {
    db.users().insertMember(group1, user);
    db.users().insertPermissionOnUser(org, user, "perm1");
    db.users().insertPermissionOnGroup(group1, "perm2");
    db.users().insertPermissionOnAnyone(org, "perm3");

    // ignored permissions, user is not member of this group
    db.users().insertPermissionOnGroup(group2, "ignored");

    Set<String> permissions =
        underTest.selectOrganizationPermissions(dbSession, org.getUuid(), user.getId());

    assertThat(permissions).containsOnly("perm1", "perm2", "perm3");
  }
Exemplo n.º 24
0
  @Test
  public void countUsersWithGlobalPermissionExcludingGroup() {
    // users with global permission "perm1" :
    // - "u1" and "u2" through group "g1"
    // - "u1" and "u3" through group "g2"
    // - "u4"

    UserDto user1 = db.users().insertUser();
    UserDto user2 = db.users().insertUser();
    UserDto user3 = db.users().insertUser();
    UserDto user4 = db.users().insertUser();
    UserDto user5 = db.users().insertUser();

    OrganizationDto org = db.organizations().insert();
    GroupDto group1 = db.users().insertGroup(org, "g1");
    db.users().insertPermissionOnGroup(group1, "perm1");
    db.users().insertPermissionOnGroup(group1, "perm2");
    db.users().insertMember(group1, user1);
    db.users().insertMember(group1, user2);

    GroupDto group2 = db.users().insertGroup(org, "g2");
    db.users().insertPermissionOnGroup(group2, "perm1");
    db.users().insertPermissionOnGroup(group2, "perm2");
    db.users().insertMember(group2, user1);
    db.users().insertMember(group2, user3);

    // group3 has the permission "perm1" but has no users
    GroupDto group3 = db.users().insertGroup(org, "g2");
    db.users().insertPermissionOnGroup(group3, "perm1");

    db.users().insertPermissionOnUser(org, user4, "perm1");
    db.users().insertPermissionOnUser(org, user4, "perm2");
    db.users().insertPermissionOnAnyone(org, "perm1");

    // other organizations are ignored
    OrganizationDto org2 = db.organizations().insert();
    db.users().insertPermissionOnUser(org2, user1, "perm1");

    // excluding group "g1" -> remain u1, u3 and u4
    assertThat(
            underTest.countUsersWithGlobalPermissionExcludingGroup(
                db.getSession(), org.getUuid(), "perm1", group1.getId()))
        .isEqualTo(3);

    // excluding group "g2" -> remain u1, u2 and u4
    assertThat(
            underTest.countUsersWithGlobalPermissionExcludingGroup(
                db.getSession(), org.getUuid(), "perm1", group2.getId()))
        .isEqualTo(3);

    // excluding group "g3" -> remain u1, u2, u3 and u4
    assertThat(
            underTest.countUsersWithGlobalPermissionExcludingGroup(
                db.getSession(), org.getUuid(), "perm1", group3.getId()))
        .isEqualTo(4);

    // nobody has the permission
    assertThat(
            underTest.countUsersWithGlobalPermissionExcludingGroup(
                db.getSession(), org.getUuid(), "missingPermission", group1.getId()))
        .isEqualTo(0);
  }
Exemplo n.º 25
0
  @Test
  public void should_return_global_permissions_for_anonymous() {
    db.prepareDbUnit(getClass(), "should_return_global_permissions_for_anonymous.xml");

    assertThat(underTest.selectGlobalPermissions(null)).containsOnly("user", "admin");
  }