@Test public void keep_authorized_users_for_role_and_project_for_group() { db.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_group.xml"); assertThat( underTest.keepAuthorizedUsersForRoleAndProject( dbSession, // Only 100 and 101 has 'user' role on project newHashSet(100L, 101L, 102L), "user", PROJECT_ID)) .containsOnly(100L, 101L); assertThat( underTest.keepAuthorizedUsersForRoleAndProject( dbSession, newHashSet(100L), "user", PROJECT_ID)) .containsOnly(100L); // user does not have the role "admin" assertThat( underTest.keepAuthorizedUsersForRoleAndProject( dbSession, newHashSet(100L), "admin", PROJECT_ID)) .isEmpty(); // Empty list assertThat( underTest.keepAuthorizedUsersForRoleAndProject( dbSession, Collections.emptySet(), "user", PROJECT_ID)) .isEmpty(); }
@Test public void should_return_global_permissions_for_anonymous() { setupData("should_return_global_permissions_for_anonymous"); AuthorizationDao authorization = new AuthorizationDao(getMyBatis()); assertThat(authorization.selectGlobalPermissions(null)).containsOnly("user", "admin"); }
@Test public void should_return_global_permissions_for_group_anyone() throws Exception { setupData("should_return_global_permissions_for_group_anyone"); AuthorizationDao authorization = new AuthorizationDao(getMyBatis()); assertThat(authorization.selectGlobalPermissions("anyone_user")) .containsOnly("user", "profileadmin"); }
@Test public void should_return_group_global_permissions() { db.prepareDbUnit(getClass(), "should_return_group_global_permissions.xml"); assertThat(underTest.selectGlobalPermissions("john")).containsOnly("user", "admin"); assertThat(underTest.selectGlobalPermissions("arthur")).containsOnly("user"); assertThat(underTest.selectGlobalPermissions("none")).isEmpty(); }
@Test public void is_authorized_component_key_for_anonymous() { db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_anonymous.xml"); assertThat(underTest.isAuthorizedComponentKey(PROJECT, null, "user")).isTrue(); assertThat(underTest.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, null, "user")).isFalse(); assertThat(underTest.isAuthorizedComponentKey(PROJECT, null, "admin")).isFalse(); }
@Test public void should_return_group_global_permissions() { setupData("should_return_group_global_permissions"); AuthorizationDao authorization = new AuthorizationDao(getMyBatis()); assertThat(authorization.selectGlobalPermissions("john")).containsOnly("user", "admin"); assertThat(authorization.selectGlobalPermissions("arthur")).containsOnly("user"); assertThat(authorization.selectGlobalPermissions("none")).isEmpty(); }
@Test public void is_authorized_component_key_for_group() { db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_group.xml"); assertThat(underTest.isAuthorizedComponentKey(PROJECT, USER, "user")).isTrue(); assertThat(underTest.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, USER, "user")).isFalse(); // user does not have the role "admin" assertThat(underTest.isAuthorizedComponentKey(PROJECT, USER, "admin")).isFalse(); }
@Test public void should_return_root_project_uuids_for_anonymous() { db.prepareDbUnit(getClass(), "should_return_root_project_keys_for_anonymous.xml"); Collection<String> rootProjectUuids = underTest.selectAuthorizedRootProjectsUuids(dbSession, null, "user"); assertThat(rootProjectUuids).containsOnly("ABCD"); // group does not have the role "admin" rootProjectUuids = underTest.selectAuthorizedRootProjectsKeys(dbSession, null, "admin"); assertThat(rootProjectUuids).isEmpty(); }
@Test public void should_return_root_project_keys_for_user() { db.prepareDbUnit(getClass(), "should_return_root_project_keys_for_user.xml"); Collection<String> rootProjectIds = underTest.selectAuthorizedRootProjectsKeys(dbSession, USER, "user"); assertThat(rootProjectIds).containsOnly(PROJECT); // user does not have the role "admin" rootProjectIds = underTest.selectAuthorizedRootProjectsKeys(dbSession, USER, "admin"); assertThat(rootProjectIds).isEmpty(); }
@Test public void should_return_root_project_keys_for_anonymous() { setupData("should_return_root_project_keys_for_anonymous"); AuthorizationDao authorization = new AuthorizationDao(getMyBatis()); Collection<String> rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(null, "user"); assertThat(rootProjectIds).containsOnly(PROJECT); // group does not have the role "admin" rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(null, "admin"); assertThat(rootProjectIds).isEmpty(); }
@Test public void should_return_root_project_keys_for_group() { // but user is not in an authorized group setupData("should_return_root_project_keys_for_group"); AuthorizationDao authorization = new AuthorizationDao(getMyBatis()); Collection<String> rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(USER, "user"); assertThat(rootProjectIds).containsOnly(PROJECT); // user does not have the role "admin" rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(USER, "admin"); assertThat(rootProjectIds).isEmpty(); }
@Test public void anonymous_should_be_authorized() { db.prepareDbUnit(getClass(), "anonymous_should_be_authorized.xml"); Collection<Long> componentIds = underTest.keepAuthorizedProjectIds( dbSession, newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), null, "user"); assertThat(componentIds).containsOnly(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT); // group does not have the role "admin" componentIds = underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID), null, "admin"); assertThat(componentIds).isEmpty(); }
@Test public void should_return_global_permissions_for_group_anyone() { db.prepareDbUnit(getClass(), "should_return_global_permissions_for_group_anyone.xml"); assertThat(underTest.selectGlobalPermissions("anyone_user")) .containsOnly("user", "profileadmin"); }
@Test public void keep_authorized_project_ids_for_anonymous() { db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_anonymous.xml"); assertThat( underTest.keepAuthorizedProjectIds( dbSession, newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), null, "user")) .containsOnly(PROJECT_ID); // user does not have the role "admin" assertThat(underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID), null, "admin")) .isEmpty(); // Empty list assertThat(underTest.keepAuthorizedProjectIds(dbSession, Collections.emptySet(), null, "admin")) .isEmpty(); }
@Test public void countUsersWithGlobalPermissionExcludingUser() { // group g1 has the permission p1 and has members user1 and user2 // user3 has the permission UserDto user1 = db.users().insertUser(); UserDto user2 = db.users().insertUser(); UserDto user3 = db.users().insertUser(); OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org, "g1"); db.users().insertPermissionOnGroup(group1, "p1"); db.users().insertPermissionOnGroup(group1, "p2"); db.users().insertMember(group1, user1); db.users().insertMember(group1, user2); db.users().insertPermissionOnUser(org, user3, "p1"); db.users().insertPermissionOnAnyone(org, "p1"); // other organizations are ignored OrganizationDto org2 = db.organizations().insert(); db.users().insertPermissionOnUser(org2, user1, "p1"); // excluding user1 -> remain user2 and user3 assertThat( underTest.countUsersWithGlobalPermissionExcludingUser( db.getSession(), org.getUuid(), "p1", user1.getId())) .isEqualTo(2); // excluding user3 -> remain the members of group g1 assertThat( underTest.countUsersWithGlobalPermissionExcludingUser( db.getSession(), org.getUuid(), "p1", user3.getId())) .isEqualTo(2); // excluding unknown user assertThat( underTest.countUsersWithGlobalPermissionExcludingUser( db.getSession(), org.getUuid(), "p1", -1)) .isEqualTo(3); // nobody has the permission assertThat( underTest.countUsersWithGlobalPermissionExcludingUser( db.getSession(), org.getUuid(), "missingPermission", group1.getId())) .isEqualTo(0); }
@Test public void user_should_be_authorized() { // but user is not in an authorized group db.prepareDbUnit(getClass(), "user_should_be_authorized.xml"); Collection<Long> componentIds = underTest.keepAuthorizedProjectIds( dbSession, newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), USER, "user"); assertThat(componentIds).containsOnly(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT); // user does not have the role "admin" componentIds = underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID), USER, "admin"); assertThat(componentIds).isEmpty(); assertThat(underTest.keepAuthorizedProjectIds(dbSession, Collections.emptySet(), USER, "admin")) .isEmpty(); }
@Test public void anonymous_should_be_authorized() { setupData("anonymous_should_be_authorized"); AuthorizationDao authorization = new AuthorizationDao(getMyBatis()); Set<String> componentIds = authorization.keepAuthorizedComponentKeys( Sets.<String>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT), null, "user"); assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE, EMPTY_PROJECT); // group does not have the role "admin" componentIds = authorization.keepAuthorizedComponentKeys( Sets.<String>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT), null, "admin"); assertThat(componentIds).isEmpty(); }
/** Anonymous user only benefits from the permissions granted to "Anyone" */ @Test public void selectRootComponentPermissions_for_anonymous_user() { ComponentDto project1 = db.components().insertProject(); db.users().insertProjectPermissionOnAnyone("perm1", project1); // ignored permissions db.users().insertPermissionOnAnyone(org, "ignored"); db.users().insertPermissionOnUser(org, user, "ignored"); db.users().insertPermissionOnGroup(group1, "ignored"); ComponentDto project2 = db.components().insertProject(); db.users().insertProjectPermissionOnGroup(group1, "ignored", project2); Set<String> permissions = underTest.selectRootComponentPermissionsOfAnonymous(dbSession, project1.getId()); assertThat(permissions).containsOnly("perm1"); // non granted project permissions = underTest.selectRootComponentPermissionsOfAnonymous(dbSession, project2.getId()); assertThat(permissions).isEmpty(); }
@Test public void keep_authorized_users_returns_empty_list_for_role_and_project_for_anonymous() { db.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_anonymous.xml"); assertThat( underTest.keepAuthorizedUsersForRoleAndProject( dbSession, // Only 100 and 101 has 'user' role on project newHashSet(100L, 101L, 102L), "user", PROJECT_ID)) .isEmpty(); }
@Test public void group_should_have_global_authorization() { // user is in a group that has authorized access to all projects setupData("group_should_have_global_authorization"); AuthorizationDao authorization = new AuthorizationDao(getMyBatis()); Set<String> componentIds = authorization.keepAuthorizedComponentKeys( Sets.<String>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT), USER, "user"); assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE, EMPTY_PROJECT); // group does not have the role "admin" componentIds = authorization.keepAuthorizedComponentKeys( Sets.<String>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT), USER, "admin"); assertThat(componentIds).isEmpty(); }
/** Anonymous user only benefits from the permissions granted to "Anyone" */ @Test public void selectOrganizationPermissions_for_anonymous_user() { db.users().insertPermissionOnAnyone(org, "perm1"); // ignored permissions db.users().insertPermissionOnUser(org, user, "ignored"); db.users().insertPermissionOnGroup(group1, "ignored"); Set<String> permissions = underTest.selectOrganizationPermissionsOfAnonymous(dbSession, org.getUuid()); assertThat(permissions).containsOnly("perm1"); }
/** Union of the permissions granted to: - the user - the groups which user is member - anyone */ @Test public void selectRootComponentPermissions_for_logged_in_user() { db.users().insertMember(group1, user); ComponentDto project1 = db.components().insertProject(); db.users().insertProjectPermissionOnAnyone("perm1", project1); db.users().insertProjectPermissionOnGroup(group1, "perm2", project1); db.users().insertProjectPermissionOnUser(user, "perm3", project1); // ignored permissions db.users().insertPermissionOnAnyone(org, "ignored"); db.users().insertPermissionOnGroup(group2, "ignored"); ComponentDto project2 = db.components().insertProject(); Set<String> permissions = underTest.selectRootComponentPermissions(dbSession, project1.getId(), user.getId()); assertThat(permissions).containsOnly("perm1", "perm2", "perm3"); // non granted project permissions = underTest.selectRootComponentPermissions(dbSession, project2.getId(), user.getId()); assertThat(permissions).isEmpty(); }
/** Union of the permissions granted to: - the user - the groups which user is member - anyone */ @Test public void selectOrganizationPermissions_for_logged_in_user() { db.users().insertMember(group1, user); db.users().insertPermissionOnUser(org, user, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertPermissionOnAnyone(org, "perm3"); // ignored permissions, user is not member of this group db.users().insertPermissionOnGroup(group2, "ignored"); Set<String> permissions = underTest.selectOrganizationPermissions(dbSession, org.getUuid(), user.getId()); assertThat(permissions).containsOnly("perm1", "perm2", "perm3"); }
@Test public void countUsersWithGlobalPermissionExcludingGroup() { // users with global permission "perm1" : // - "u1" and "u2" through group "g1" // - "u1" and "u3" through group "g2" // - "u4" UserDto user1 = db.users().insertUser(); UserDto user2 = db.users().insertUser(); UserDto user3 = db.users().insertUser(); UserDto user4 = db.users().insertUser(); UserDto user5 = db.users().insertUser(); OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org, "g1"); db.users().insertPermissionOnGroup(group1, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertMember(group1, user1); db.users().insertMember(group1, user2); GroupDto group2 = db.users().insertGroup(org, "g2"); db.users().insertPermissionOnGroup(group2, "perm1"); db.users().insertPermissionOnGroup(group2, "perm2"); db.users().insertMember(group2, user1); db.users().insertMember(group2, user3); // group3 has the permission "perm1" but has no users GroupDto group3 = db.users().insertGroup(org, "g2"); db.users().insertPermissionOnGroup(group3, "perm1"); db.users().insertPermissionOnUser(org, user4, "perm1"); db.users().insertPermissionOnUser(org, user4, "perm2"); db.users().insertPermissionOnAnyone(org, "perm1"); // other organizations are ignored OrganizationDto org2 = db.organizations().insert(); db.users().insertPermissionOnUser(org2, user1, "perm1"); // excluding group "g1" -> remain u1, u3 and u4 assertThat( underTest.countUsersWithGlobalPermissionExcludingGroup( db.getSession(), org.getUuid(), "perm1", group1.getId())) .isEqualTo(3); // excluding group "g2" -> remain u1, u2 and u4 assertThat( underTest.countUsersWithGlobalPermissionExcludingGroup( db.getSession(), org.getUuid(), "perm1", group2.getId())) .isEqualTo(3); // excluding group "g3" -> remain u1, u2, u3 and u4 assertThat( underTest.countUsersWithGlobalPermissionExcludingGroup( db.getSession(), org.getUuid(), "perm1", group3.getId())) .isEqualTo(4); // nobody has the permission assertThat( underTest.countUsersWithGlobalPermissionExcludingGroup( db.getSession(), org.getUuid(), "missingPermission", group1.getId())) .isEqualTo(0); }
@Test public void should_return_global_permissions_for_anonymous() { db.prepareDbUnit(getClass(), "should_return_global_permissions_for_anonymous.xml"); assertThat(underTest.selectGlobalPermissions(null)).containsOnly("user", "admin"); }