@Test public void testAllTypes() { final ProjectPermissionPageTab projectPermissionPage = jira.gotoLoginPage().loginAsSysAdmin(ProjectPermissionPageTab.class, "CHOC"); assertEquals("Choc Full Scheme", projectPermissionPage.getSchemeName()); assertEquals("Choc Full Permission Scheme", projectPermissionPage.getSchemeDescription()); final Permission permission = projectPermissionPage.getPermissionByName("Create Issues"); final List<String> entities = permission.getEntities(); final List<String> expectedEntities = CollectionBuilder.newBuilder( "Reporter", "Group (jira-administrators)", "Group (Anyone)", "Single User (admin)", "Project Lead", "Current Assignee", "Project Role (Administrators)", "User Custom Field Value (User Picker)", "Group Custom Field Value (Group Picker)") .asList(); assertEquals(expectedEntities, entities); final ProjectSharedBy sharedBy = projectPermissionPage.getSharedBy(); assertFalse(sharedBy.isPresent()); }
@Test public void testXSS() { final ProjectPermissionPageTab projectPermissionPage = jira.gotoLoginPage().loginAsSysAdmin(ProjectPermissionPageTab.class, "XSS"); assertEquals("<script>alert(\"wtf\");</script>", projectPermissionPage.getSchemeName()); assertEquals("<script>alert(\"wtf\");</script>", projectPermissionPage.getSchemeDescription()); final Permission permission = projectPermissionPage.getPermissionByName("Administer Projects"); final List<String> entities = permission.getEntities(); final List<String> expectedEntities = CollectionBuilder.newBuilder("User Custom Field Value (<script>alert(\"wtf\");</script>)") .asList(); assertEquals(expectedEntities, entities); final ProjectSharedBy sharedBy = projectPermissionPage.getSharedBy(); assertTrue(sharedBy.isPresent()); assertEquals("2 projects", sharedBy.getTriggerText()); assertEquals( Arrays.asList("<script>alert(\"wtf\");</script>", "Another Shared project"), sharedBy.getProjects()); }