@Test
public void testDefaultGroups() {
ProjectPermissionPageTab projectPermissionPage =
jira.gotoLoginPage().loginAsSysAdmin(ProjectPermissionPageTab.class, PROJECT_HSP);
assertEquals("Default Permission Scheme", projectPermissionPage.getSchemeName());
assertEquals(
"This is the default Permission Scheme. Any new projects that are created will be assigned this scheme",
projectPermissionPage.getSchemeDescription());
final List<PermissionGroup> permissionGroups = projectPermissionPage.getPermissionGroups();
assertEquals(6, permissionGroups.size());
assertTrue(projectPermissionPage.isSchemeLinked());
final EditPermissionScheme editPermissionScheme = projectPermissionPage.gotoScheme();
projectPermissionPage = editPermissionScheme.back(ProjectPermissionPageTab.class, PROJECT_HSP);
assertEquals("Default Permission Scheme", projectPermissionPage.getSchemeName());
assertEquals(
"This is the default Permission Scheme. Any new projects that are created will be assigned this scheme",
projectPermissionPage.getSchemeDescription());
assertTrue(projectPermissionPage.isSchemeChangeAvailable());
final SelectPermissionScheme selectPermissionScheme = projectPermissionPage.gotoSelectScheme();
selectPermissionScheme.setSchemeByName("Empty Scheme");
selectPermissionScheme.submit();
projectPermissionPage = jira.visit(ProjectPermissionPageTab.class, PROJECT_HSP);
assertEquals("Empty Scheme", projectPermissionPage.getSchemeName());
assertEquals("", projectPermissionPage.getSchemeDescription());
}
@Test
public void testAllTypes() {
final ProjectPermissionPageTab projectPermissionPage =
jira.gotoLoginPage().loginAsSysAdmin(ProjectPermissionPageTab.class, "CHOC");
assertEquals("Choc Full Scheme", projectPermissionPage.getSchemeName());
assertEquals("Choc Full Permission Scheme", projectPermissionPage.getSchemeDescription());
final Permission permission = projectPermissionPage.getPermissionByName("Create Issues");
final List<String> entities = permission.getEntities();
final List<String> expectedEntities =
CollectionBuilder.newBuilder(
"Reporter",
"Group (jira-administrators)",
"Group (Anyone)",
"Single User (admin)",
"Project Lead",
"Current Assignee",
"Project Role (Administrators)",
"User Custom Field Value (User Picker)",
"Group Custom Field Value (Group Picker)")
.asList();
assertEquals(expectedEntities, entities);
final ProjectSharedBy sharedBy = projectPermissionPage.getSharedBy();
assertFalse(sharedBy.isPresent());
}
@Test
public void testProjectAdmin() {
final ProjectPermissionPageTab projectPermissionPage =
jira.gotoLoginPage()
.login("project_admin", "project_admin", ProjectPermissionPageTab.class, PROJECT_HSP);
assertEquals("Default Permission Scheme", projectPermissionPage.getSchemeName());
assertEquals(
"This is the default Permission Scheme. Any new projects that are created will be assigned this scheme",
projectPermissionPage.getSchemeDescription());
final List<PermissionGroup> permissionGroups = projectPermissionPage.getPermissionGroups();
assertEquals(6, permissionGroups.size());
// Assert the cog actions aren't present
assertFalse(projectPermissionPage.isSchemeLinked());
assertFalse(projectPermissionPage.isSchemeChangeAvailable());
final ProjectSharedBy sharedBy = projectPermissionPage.getSharedBy();
assertFalse(sharedBy.isPresent());
}
@Test
public void testNoPermissions() {
final ProjectPermissionPageTab projectPermissionPage =
jira.gotoLoginPage().loginAsSysAdmin(ProjectPermissionPageTab.class, "MKY");
assertEquals("Empty Scheme", projectPermissionPage.getSchemeName());
assertEquals("", projectPermissionPage.getSchemeDescription());
final List<PermissionGroup> permissionGroups = projectPermissionPage.getPermissionGroups();
assertEquals(6, permissionGroups.size());
for (PermissionGroup permissionGroup : permissionGroups) {
final List<Permission> permissions = permissionGroup.getPermissions();
for (Permission permission : permissions) {
assertTrue(permission.getEntities().isEmpty());
}
}
final ProjectSharedBy sharedBy = projectPermissionPage.getSharedBy();
assertFalse(sharedBy.isPresent());
}
@Test
public void testXSS() {
final ProjectPermissionPageTab projectPermissionPage =
jira.gotoLoginPage().loginAsSysAdmin(ProjectPermissionPageTab.class, "XSS");
assertEquals("<script>alert(\"wtf\");</script>", projectPermissionPage.getSchemeName());
assertEquals("<script>alert(\"wtf\");</script>", projectPermissionPage.getSchemeDescription());
final Permission permission = projectPermissionPage.getPermissionByName("Administer Projects");
final List<String> entities = permission.getEntities();
final List<String> expectedEntities =
CollectionBuilder.newBuilder("User Custom Field Value (<script>alert(\"wtf\");</script>)")
.asList();
assertEquals(expectedEntities, entities);
final ProjectSharedBy sharedBy = projectPermissionPage.getSharedBy();
assertTrue(sharedBy.isPresent());
assertEquals("2 projects", sharedBy.getTriggerText());
assertEquals(
Arrays.asList("<script>alert(\"wtf\");</script>", "Another Shared project"),
sharedBy.getProjects());
}