/* * SonarQube * Copyright (C) 2009-2017 SonarSource SA * mailto:info AT sonarsource DOT com * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 3 of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ package org.sonar.db.permission; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.List; import java.util.Random; import java.util.stream.IntStream; import java.util.stream.Stream; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.sonar.api.utils.System2; import org.sonar.api.web.UserRole; import org.sonar.core.util.stream.MoreCollectors; import org.sonar.db.DbSession; import org.sonar.db.DbTester; import org.sonar.db.component.ComponentDto; import org.sonar.db.component.ComponentTesting; import org.sonar.db.organization.OrganizationDto; import org.sonar.db.user.GroupDto; import static java.util.Arrays.asList; import static java.util.Collections.singletonList; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.tuple; import static org.sonar.api.security.DefaultGroups.ANYONE; import static org.sonar.api.web.UserRole.ADMIN; import static org.sonar.api.web.UserRole.ISSUE_ADMIN; import static org.sonar.api.web.UserRole.USER; import static org.sonar.core.permission.GlobalPermissions.PROVISIONING; import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION; import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN; import static org.sonar.db.permission.OrganizationPermission.ADMINISTER; import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS; import static org.sonar.db.permission.OrganizationPermission.SCAN; public class GroupPermissionDaoTest { private static final int ANYONE_ID = 0; private static final int MISSING_ID = -1; @Rule public DbTester db = DbTester.create(System2.INSTANCE); private DbSession dbSession = db.getSession(); private GroupPermissionDao underTest = new GroupPermissionDao(); private String defaultOrganizationUuid; @Before public void setUp() throws Exception { defaultOrganizationUuid = db.getDefaultOrganization().getUuid(); } @Test public void group_count_by_permission_and_component_id_on_private_projects() { GroupDto group1 = db.users().insertGroup(); GroupDto group2 = db.users().insertGroup(); GroupDto group3 = db.users().insertGroup(); ComponentDto project1 = db.components().insertPrivateProject(); ComponentDto project2 = db.components().insertPrivateProject(); ComponentDto project3 = db.components().insertPrivateProject(); db.users().insertProjectPermissionOnGroup(group1, ISSUE_ADMIN, project1); db.users().insertProjectPermissionOnGroup(group1, ADMIN, project2); db.users().insertProjectPermissionOnGroup(group2, ADMIN, project2); db.users().insertProjectPermissionOnGroup(group3, ADMIN, project2); db.users().insertProjectPermissionOnGroup(group1, USER, project2); db.users().insertProjectPermissionOnGroup(group1, USER, project3); final List<CountPerProjectPermission> result = new ArrayList<>(); underTest.groupsCountByComponentIdAndPermission(dbSession, asList(project2.getId(), project3.getId(), 789L), context -> result.add((CountPerProjectPermission) context.getResultObject())); assertThat(result).hasSize(3); assertThat(result).extracting("permission").containsOnly(ADMIN, USER); assertThat(result).extracting("componentId").containsOnly(project2.getId(), project3.getId()); assertThat(result).extracting("count").containsOnly(3, 1); } @Test public void group_count_by_permission_and_component_id_on_public_projects() { GroupDto group1 = db.users().insertGroup(); GroupDto group2 = db.users().insertGroup(); GroupDto group3 = db.users().insertGroup(); ComponentDto project1 = db.components().insertPublicProject(); ComponentDto project2 = db.components().insertPublicProject(); ComponentDto project3 = db.components().insertPublicProject(); db.users().insertProjectPermissionOnGroup(group1, "p1", project1); db.users().insertProjectPermissionOnGroup(group1, "p2", project2); db.users().insertProjectPermissionOnGroup(group2, "p2", project2); db.users().insertProjectPermissionOnGroup(group3, "p2", project2); // anyone group db.users().insertProjectPermissionOnAnyone("p2", project2); db.users().insertProjectPermissionOnGroup(group1, "p3", project2); db.users().insertProjectPermissionOnGroup(group1, "p3", project3); final List<CountPerProjectPermission> result = new ArrayList<>(); underTest.groupsCountByComponentIdAndPermission(dbSession, asList(project2.getId(), project3.getId(), 789L), context -> result.add((CountPerProjectPermission) context.getResultObject())); assertThat(result).hasSize(3); assertThat(result).extracting("permission").containsOnly("p2", "p3"); assertThat(result).extracting("componentId").containsOnly(project2.getId(), project3.getId()); assertThat(result).extracting("count").containsOnly(4, 1); } @Test public void selectGroupNamesByQuery_is_ordered_by_group_names() { OrganizationDto organizationDto = db.organizations().insert(); GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2"); GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3"); GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); db.users().insertPermissionOnAnyone(organizationDto, SCAN); assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().setOrganizationUuid(organizationDto.getUuid()).build())) .containsExactly(ANYONE, group1.getName(), group2.getName(), group3.getName()); } @Test public void countGroupsByQuery() { OrganizationDto organizationDto = db.getDefaultOrganization(); GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); db.users().insertGroup(organizationDto, "Group-2"); db.users().insertGroup(organizationDto, "Group-3"); db.users().insertPermissionOnAnyone(organizationDto, SCAN); db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS); assertThat(underTest.countGroupsByQuery(dbSession, newQuery().build())).isEqualTo(4); assertThat(underTest.countGroupsByQuery(dbSession, newQuery().setPermission(PROVISION_PROJECTS.getKey()).build())).isEqualTo(1); assertThat(underTest.countGroupsByQuery(dbSession, newQuery().withAtLeastOnePermission().build())).isEqualTo(2); assertThat(underTest.countGroupsByQuery(dbSession, newQuery().setSearchQuery("Group-").build())).isEqualTo(3); assertThat(underTest.countGroupsByQuery(dbSession, newQuery().setSearchQuery("Any").build())).isEqualTo(1); } @Test public void selectGroupNamesByQuery_with_global_permission() { OrganizationDto organizationDto = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2"); GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3"); ComponentDto project = db.components().insertComponent(ComponentTesting.newPrivateProjectDto(organizationDto)); db.users().insertPermissionOnAnyone(organizationDto, SCAN); db.users().insertPermissionOnAnyone(organizationDto, PROVISION_PROJECTS); db.users().insertPermissionOnGroup(group1, SCAN); db.users().insertPermissionOnGroup(group3, ADMINISTER); db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project); assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().setOrganizationUuid(organizationDto.getUuid()).setPermission(SCAN.getKey()).build())).containsExactly(ANYONE, group1.getName()); assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().setOrganizationUuid(organizationDto.getUuid()).setPermission(ADMINISTER.getKey()).build())).containsExactly(group3.getName()); assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().setOrganizationUuid(organizationDto.getUuid()).setPermission(PROVISION_PROJECTS.getKey()).build())).containsExactly(ANYONE); } @Test public void select_groups_by_query_with_project_permissions_on_public_projects() { GroupDto group1 = db.users().insertGroup(); GroupDto group2 = db.users().insertGroup(); GroupDto group3 = db.users().insertGroup(); ComponentDto project = db.components().insertPublicProject(); ComponentDto anotherProject = db.components().insertPublicProject(); db.users().insertProjectPermissionOnGroup(group1, "p1", project); db.users().insertProjectPermissionOnGroup(group1, "p2", project); db.users().insertProjectPermissionOnAnyone("p3", project); db.users().insertProjectPermissionOnGroup(group1, "p4", anotherProject); db.users().insertProjectPermissionOnAnyone("p4", anotherProject); db.users().insertProjectPermissionOnGroup(group3, "p1", anotherProject); db.users().insertPermissionOnGroup(group2, "p5"); PermissionQuery.Builder builderOnComponent = newQuery().setComponentUuid(project.uuid()); assertThat(underTest.selectGroupNamesByQuery(dbSession, builderOnComponent.withAtLeastOnePermission().build())).containsOnlyOnce(group1.getName()); assertThat(underTest.selectGroupNamesByQuery(dbSession, builderOnComponent.setPermission("p1").build())).containsOnlyOnce(group1.getName()); assertThat(underTest.selectGroupNamesByQuery(dbSession, builderOnComponent.setPermission("p3").build())).containsOnlyOnce(ANYONE); } @Test public void select_groups_by_query_with_project_permissions_on_private_projects() { GroupDto group1 = db.users().insertGroup(); GroupDto group2 = db.users().insertGroup(); GroupDto group3 = db.users().insertGroup(); ComponentDto project = db.components().insertPrivateProject(); ComponentDto anotherProject = db.components().insertPrivateProject(); db.users().insertProjectPermissionOnGroup(group1, SCAN_EXECUTION, project); db.users().insertProjectPermissionOnGroup(group1, PROVISIONING, project); db.users().insertProjectPermissionOnGroup(group1, SYSTEM_ADMIN, anotherProject); db.users().insertProjectPermissionOnGroup(group3, SCAN_EXECUTION, anotherProject); db.users().insertPermissionOnGroup(group2, SCAN); PermissionQuery.Builder builderOnComponent = newQuery().setComponentUuid(project.uuid()); assertThat(underTest.selectGroupNamesByQuery(dbSession, builderOnComponent.withAtLeastOnePermission().build())).containsOnlyOnce(group1.getName()); assertThat(underTest.selectGroupNamesByQuery(dbSession, builderOnComponent.setPermission(SCAN_EXECUTION).build())).containsOnlyOnce(group1.getName()); assertThat(underTest.selectGroupNamesByQuery(dbSession, builderOnComponent.setPermission(USER).build())).isEmpty(); } @Test public void selectGroupNamesByQuery_is_paginated() { IntStream.rangeClosed(0, 9).forEach(i -> db.users().insertGroup(db.getDefaultOrganization(), i + "-name")); List<String> groupNames = underTest.selectGroupNamesByQuery(dbSession, newQuery().setPageIndex(2).setPageSize(3).build()); assertThat(groupNames).containsExactly("3-name", "4-name", "5-name"); } @Test public void selectGroupNamesByQuery_with_search_query() { GroupDto group = db.users().insertGroup(db.getDefaultOrganization(), "group-anyone"); db.users().insertGroup(db.getDefaultOrganization(), "unknown"); db.users().insertPermissionOnGroup(group, SCAN); assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().setSearchQuery("any").build())).containsOnlyOnce(ANYONE, group.getName()); } @Test public void selectGroupNamesByQuery_does_not_return_anyone_when_group_roles_is_empty() { GroupDto group = db.users().insertGroup(); assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().build())) .doesNotContain(ANYONE) .containsExactly(group.getName()); } @Test public void selectByGroupIds_on_global_permissions() { OrganizationDto organizationDto = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1"); db.users().insertPermissionOnGroup(group1, SCAN); GroupDto group2 = db.users().insertGroup(organizationDto, "Group-2"); ComponentDto project = db.components().insertComponent(ComponentTesting.newPrivateProjectDto(organizationDto)); db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project); GroupDto group3 = db.users().insertGroup(organizationDto, "Group-3"); db.users().insertPermissionOnGroup(group3, ADMINISTER); // Anyone db.users().insertPermissionOnAnyone(organizationDto, SCAN); db.users().insertPermissionOnAnyone(organizationDto, PROVISION_PROJECTS); assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(group1.getId()), null)) .extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId) .containsOnly(tuple(group1.getId(), SCAN_EXECUTION, null)); assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(group2.getId()), null)).isEmpty(); assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(group3.getId()), null)) .extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId) .containsOnly(tuple(group3.getId(), SYSTEM_ADMIN, null)); assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(ANYONE_ID), null)) .extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId) .containsOnly( tuple(0, SCAN_EXECUTION, null), tuple(0, PROVISIONING, null)); assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(group1.getId(), group2.getId(), ANYONE_ID), null)).hasSize(3); assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), asList(MISSING_ID), null)).isEmpty(); assertThat(underTest.selectByGroupIds(dbSession, organizationDto.getUuid(), Collections.emptyList(), null)).isEmpty(); } @Test public void selectByGroupIds_on_public_projects() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org, "Group-1"); db.users().insertPermissionOnGroup(group1, "p1"); GroupDto group2 = db.users().insertGroup(org, "Group-2"); ComponentDto project = db.components().insertPublicProject(org); db.users().insertProjectPermissionOnGroup(group2, "p2", project); GroupDto group3 = db.users().insertGroup(org, "Group-3"); db.users().insertProjectPermissionOnGroup(group3, "p2", project); // Anyone group db.users().insertPermissionOnAnyone(org, "p3"); db.users().insertProjectPermissionOnAnyone("p4", project); assertThat(underTest.selectByGroupIds(dbSession, defaultOrganizationUuid, singletonList(group1.getId()), project.getId())).isEmpty(); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(group2.getId()), project.getId())) .extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId) .containsOnly(tuple(group2.getId(), "p2", project.getId())); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(group3.getId()), project.getId())) .extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId) .containsOnly(tuple(group3.getId(), "p2", project.getId())); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(ANYONE_ID), project.getId())) .extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId) .containsOnly(tuple(0, "p4", project.getId())); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), asList(group1.getId(), group2.getId(), ANYONE_ID), project.getId())).hasSize(2); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(MISSING_ID), project.getId())).isEmpty(); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(group1.getId()), 123L)).isEmpty(); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), Collections.emptyList(), project.getId())).isEmpty(); } @Test public void selectByGroupIds_on_private_projects() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org, "Group-1"); db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS); GroupDto group2 = db.users().insertGroup(org, "Group-2"); ComponentDto project = db.components().insertPrivateProject(org); db.users().insertProjectPermissionOnGroup(group2, USER, project); GroupDto group3 = db.users().insertGroup(org, "Group-3"); db.users().insertProjectPermissionOnGroup(group3, USER, project); // Anyone group db.users().insertPermissionOnAnyone(org, SCAN); assertThat(underTest.selectByGroupIds(dbSession, defaultOrganizationUuid, singletonList(group1.getId()), project.getId())).isEmpty(); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(group2.getId()), project.getId())) .extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId) .containsOnly(tuple(group2.getId(), USER, project.getId())); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(group3.getId()), project.getId())) .extracting(GroupPermissionDto::getGroupId, GroupPermissionDto::getRole, GroupPermissionDto::getResourceId) .containsOnly(tuple(group3.getId(), USER, project.getId())); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(ANYONE_ID), project.getId())) .isEmpty(); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), asList(group1.getId(), group2.getId(), ANYONE_ID), project.getId())).hasSize(1); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(MISSING_ID), project.getId())).isEmpty(); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), singletonList(group1.getId()), 123L)).isEmpty(); assertThat(underTest.selectByGroupIds(dbSession, org.getUuid(), Collections.emptyList(), project.getId())).isEmpty(); } @Test public void selectGlobalPermissionsOfGroup() { OrganizationDto org1 = db.organizations().insert(); OrganizationDto org2 = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org1, "group1"); GroupDto group2 = db.users().insertGroup(org2, "group2"); ComponentDto project = db.components().insertPublicProject(org1); db.users().insertPermissionOnAnyone(org1, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertPermissionOnGroup(group1, "perm3"); db.users().insertPermissionOnGroup(group2, "perm4"); db.users().insertProjectPermissionOnGroup(group1, "perm5", project); db.users().insertProjectPermissionOnAnyone("perm6", project); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, org1.getUuid(), group1.getId())).containsOnly("perm2", "perm3"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, org2.getUuid(), group2.getId())).containsOnly("perm4"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, org1.getUuid(), null)).containsOnly("perm1"); // group1 is not in org2 assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, org2.getUuid(), group1.getId())).isEmpty(); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, org2.getUuid(), null)).isEmpty(); } @Test public void selectProjectPermissionsOfGroup_on_public_project() { OrganizationDto org1 = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org1, "group1"); ComponentDto project1 = db.components().insertPublicProject(org1); ComponentDto project2 = db.components().insertPublicProject(org1); db.users().insertPermissionOnAnyone(org1, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnGroup(group1, "perm4", project1); db.users().insertProjectPermissionOnGroup(group1, "perm5", project2); db.users().insertProjectPermissionOnAnyone("perm6", project1); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), group1.getId(), project1.getId())) .containsOnly("perm3", "perm4"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), group1.getId(), project2.getId())) .containsOnly("perm5"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), null, project1.getId())) .containsOnly("perm6"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), null, project2.getId())) .isEmpty(); } @Test public void selectProjectPermissionsOfGroup_on_private_project() { OrganizationDto org1 = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org1, "group1"); ComponentDto project1 = db.components().insertPrivateProject(org1); ComponentDto project2 = db.components().insertPrivateProject(org1); db.users().insertPermissionOnAnyone(org1, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnGroup(group1, "perm4", project1); db.users().insertProjectPermissionOnGroup(group1, "perm5", project2); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), group1.getId(), project1.getId())) .containsOnly("perm3", "perm4"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), group1.getId(), project2.getId())) .containsOnly("perm5"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), null, project1.getId())) .isEmpty(); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, org1.getUuid(), null, project2.getId())) .isEmpty(); } @Test public void selectAllPermissionsByGroupId_on_public_project() throws Exception { OrganizationDto org1 = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org1, "group1"); ComponentDto project1 = db.components().insertPublicProject(org1); ComponentDto project2 = db.components().insertPublicProject(org1); db.users().insertPermissionOnAnyone(org1, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnGroup(group1, "perm4", project1); db.users().insertProjectPermissionOnGroup(group1, "perm5", project2); db.users().insertProjectPermissionOnAnyone("perm6", project1); List<GroupPermissionDto> result = new ArrayList<>(); underTest.selectAllPermissionsByGroupId(dbSession, org1.getUuid(), group1.getId(), context -> result.add((GroupPermissionDto) context.getResultObject())); assertThat(result).extracting(GroupPermissionDto::getResourceId, GroupPermissionDto::getRole).containsOnly( tuple(null, "perm2"), tuple(project1.getId(), "perm3"), tuple(project1.getId(), "perm4"), tuple(project2.getId(), "perm5")); } @Test public void selectAllPermissionsByGroupId_on_private_project() throws Exception { OrganizationDto org1 = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org1, "group1"); ComponentDto project1 = db.components().insertPrivateProject(org1); ComponentDto project2 = db.components().insertPrivateProject(org1); db.users().insertPermissionOnAnyone(org1, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnGroup(group1, "perm4", project1); db.users().insertProjectPermissionOnGroup(group1, "perm5", project2); List<GroupPermissionDto> result = new ArrayList<>(); underTest.selectAllPermissionsByGroupId(dbSession, org1.getUuid(), group1.getId(), context -> result.add((GroupPermissionDto) context.getResultObject())); assertThat(result).extracting(GroupPermissionDto::getResourceId, GroupPermissionDto::getRole).containsOnly( tuple(null, "perm2"), tuple(project1.getId(), "perm3"), tuple(project1.getId(), "perm4"), tuple(project2.getId(), "perm5")); } @Test public void selectGroupIdsWithPermissionOnProjectBut_returns_empty_if_project_does_not_exist() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = randomPublicOrPrivateProject(organization); GroupDto group = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group, "foo", project); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, 1234, UserRole.USER)) .isEmpty(); } @Test public void selectGroupIdsWithPermissionOnProjectBut_returns_only_groups_of_project_which_do_not_have_permission() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = randomPublicOrPrivateProject(organization); GroupDto group1 = db.users().insertGroup(organization); GroupDto group2 = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group1, "p1", project); db.users().insertProjectPermissionOnGroup(group2, "p2", project); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p2")) .containsOnly(group1.getId()); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p1")) .containsOnly(group2.getId()); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p3")) .containsOnly(group1.getId(), group2.getId()); } @Test public void selectGroupIdsWithPermissionOnProjectBut_does_not_returns_group_AnyOne_of_project_when_it_does_not_have_permission() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = db.components().insertPublicProject(organization); GroupDto group1 = db.users().insertGroup(organization); GroupDto group2 = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group1, "p1", project); db.users().insertProjectPermissionOnGroup(group2, "p2", project); db.users().insertProjectPermissionOnAnyone("p2", project); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p2")) .containsOnly(group1.getId()); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p1")) .containsOnly(group2.getId()); } @Test public void selectGroupIdsWithPermissionOnProjectBut_does_not_return_groups_which_have_no_permission_at_all_on_specified_project() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = randomPublicOrPrivateProject(organization); GroupDto group1 = db.users().insertGroup(organization); GroupDto group2 = db.users().insertGroup(organization); GroupDto group3 = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group1, "p1", project); db.users().insertProjectPermissionOnGroup(group2, "p2", project); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p2")) .containsOnly(group1.getId()); assertThat(underTest.selectGroupIdsWithPermissionOnProjectBut(dbSession, project.getId(), "p1")) .containsOnly(group2.getId()); } @Test public void deleteByRootComponentId_on_private_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); GroupDto group2 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPrivateProject(org); ComponentDto project2 = db.components().insertPrivateProject(org); db.users().insertPermissionOnGroup(group1, "perm1"); db.users().insertProjectPermissionOnGroup(group1, "perm2", project1); db.users().insertProjectPermissionOnGroup(group2, "perm3", project2); underTest.deleteByRootComponentId(dbSession, project1.getId()); dbSession.commit(); assertThat(db.countSql("select count(id) from group_roles where resource_id=" + project1.getId())).isEqualTo(0); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(2); } @Test public void deleteByRootComponentId_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); GroupDto group2 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); ComponentDto project2 = db.components().insertPublicProject(org); db.users().insertPermissionOnGroup(group1, "perm1"); db.users().insertProjectPermissionOnGroup(group1, "perm2", project1); db.users().insertProjectPermissionOnGroup(group2, "perm3", project2); db.users().insertProjectPermissionOnAnyone("perm4", project1); db.users().insertProjectPermissionOnAnyone("perm5", project2); underTest.deleteByRootComponentId(dbSession, project1.getId()); dbSession.commit(); assertThat(db.countSql("select count(id) from group_roles where resource_id=" + project1.getId())).isEqualTo(0); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); } @Test public void delete_global_permission_from_group_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm2", group1.getOrganizationUuid(), group1.getId(), null); dbSession.commit(); assertThatNoPermission("perm2"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); } @Test public void delete_global_permission_from_group_on_private_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPrivateProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); underTest.delete(dbSession, "perm2", group1.getOrganizationUuid(), group1.getId(), null); dbSession.commit(); assertThatNoPermission("perm2"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(2); } @Test public void delete_global_permission_from_anyone_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm1", group1.getOrganizationUuid(), null, null); dbSession.commit(); assertThatNoPermission("perm1"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); } @Test public void delete_project_permission_from_group_on_private_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPrivateProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); underTest.delete(dbSession, "perm3", group1.getOrganizationUuid(), group1.getId(), project1.getId()); dbSession.commit(); assertThatNoPermission("perm3"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(2); } @Test public void delete_project_permission_from_group_on_public_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm3", group1.getOrganizationUuid(), group1.getId(), project1.getId()); dbSession.commit(); assertThatNoPermission("perm3"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); } @Test public void delete_project_permission_from_anybody_on_private_project() { OrganizationDto org = db.organizations().insert(); GroupDto group1 = db.users().insertGroup(org); ComponentDto project1 = db.components().insertPublicProject(org); db.users().insertPermissionOnAnyone(org, "perm1"); db.users().insertPermissionOnGroup(group1, "perm2"); db.users().insertProjectPermissionOnGroup(group1, "perm3", project1); db.users().insertProjectPermissionOnAnyone("perm4", project1); underTest.delete(dbSession, "perm4", group1.getOrganizationUuid(), null, project1.getId()); dbSession.commit(); assertThatNoPermission("perm4"); assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3); } @Test public void deleteByOrganization_does_not_fail_on_empty_db() { underTest.deleteByOrganization(dbSession, "some uuid"); dbSession.commit(); } @Test public void deleteByOrganization_does_not_fail_if_organization_has_no_group() { OrganizationDto organization = db.organizations().insert(); underTest.deleteByOrganization(dbSession, organization.getUuid()); dbSession.commit(); } @Test public void deleteByOrganization_deletes_all_groups_of_organization() { OrganizationDto organization1 = db.organizations().insert(); OrganizationDto organization2 = db.organizations().insert(); OrganizationDto organization3 = db.organizations().insert(); insertGroupWithPermissions(organization1); insertGroupWithPermissions(organization2); insertGroupWithPermissions(organization3); insertGroupWithPermissions(organization3); insertGroupWithPermissions(organization2); db.users().insertPermissionOnAnyone(organization1, "pop"); db.users().insertPermissionOnAnyone(organization2, "pop"); db.users().insertPermissionOnAnyone(organization3, "pop"); underTest.deleteByOrganization(dbSession, organization2.getUuid()); dbSession.commit(); verifyOrganizationUuidsInTable(organization1.getUuid(), organization3.getUuid()); underTest.deleteByOrganization(dbSession, organization1.getUuid()); dbSession.commit(); verifyOrganizationUuidsInTable(organization3.getUuid()); underTest.deleteByOrganization(dbSession, organization3.getUuid()); dbSession.commit(); verifyOrganizationUuidsInTable(); } @Test public void deleteByRootComponentIdAndGroupId_deletes_all_permissions_of_group_AnyOne_of_specified_component_if_groupId_is_null() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = db.components().insertPublicProject(organization); GroupDto group = db.users().insertGroup(organization); db.users().insertProjectPermissionOnAnyone("p1", project); db.users().insertProjectPermissionOnGroup(group, "p2", project); db.users().insertPermissionOnAnyone(organization, "p3"); db.users().insertPermissionOnGroup(group, "p4"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), null, project.getId())) .containsOnly("p1"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group.getId(), project.getId())) .containsOnly("p2"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), null)) .containsOnly("p3"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), group.getId())) .containsOnly("p4"); int deletedCount = underTest.deleteByRootComponentIdAndGroupId(dbSession, project.getId(), null); assertThat(deletedCount).isEqualTo(1); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), null, project.getId())) .isEmpty(); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group.getId(), project.getId())) .containsOnly("p2"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), null)) .containsOnly("p3"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), group.getId())) .containsOnly("p4"); } @Test public void deleteByRootComponentIdAndGroupId_deletes_all_permissions_of_specified_group_of_specified_component_if_groupId_is_non_null() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = db.components().insertPublicProject(organization); GroupDto group1 = db.users().insertGroup(organization); GroupDto group2 = db.users().insertGroup(organization); db.users().insertProjectPermissionOnAnyone("p1", project); db.users().insertProjectPermissionOnGroup(group1, "p2", project); db.users().insertProjectPermissionOnGroup(group2, "p3", project); db.users().insertProjectPermissionOnGroup(group2, "p4", project); db.users().insertPermissionOnAnyone(organization, "p5"); db.users().insertPermissionOnGroup(group1, "p6"); db.users().insertPermissionOnGroup(group2, "p7"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), null, project.getId())) .containsOnly("p1"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group1.getId(), project.getId())) .containsOnly("p2"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group2.getId(), project.getId())) .containsOnly("p3", "p4"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), null)) .containsOnly("p5"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), group1.getId())) .containsOnly("p6"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), group2.getId())) .containsOnly("p7"); int deletedCount = underTest.deleteByRootComponentIdAndGroupId(dbSession, project.getId(), group1.getId()); assertThat(deletedCount).isEqualTo(1); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), null, project.getId())) .containsOnly("p1"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group1.getId(), project.getId())) .isEmpty(); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group2.getId(), project.getId())) .containsOnly("p3", "p4"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), group1.getId())) .containsOnly("p6"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), group2.getId())) .containsOnly("p7"); deletedCount = underTest.deleteByRootComponentIdAndGroupId(dbSession, project.getId(), group2.getId()); assertThat(deletedCount).isEqualTo(2); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), null, project.getId())) .containsOnly("p1"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group1.getId(), project.getId())) .isEmpty(); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group2.getId(), project.getId())) .isEmpty(); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), group1.getId())) .containsOnly("p6"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), group2.getId())) .containsOnly("p7"); } @Test public void deleteByRootComponentIdAndGroupId_has_no_effect_if_component_does_not_exist() { OrganizationDto organization = db.organizations().insert(); GroupDto group = db.users().insertGroup(organization); assertThat(underTest.deleteByRootComponentIdAndGroupId(dbSession, 1234L, null)).isEqualTo(0); assertThat(underTest.deleteByRootComponentIdAndGroupId(dbSession, 1234L, group.getId())).isEqualTo(0); } @Test public void deleteByRootComponentIdAndGroupId_has_no_effect_if_component_has_no_group_permission_at_all() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = randomPublicOrPrivateProject(organization); GroupDto group = db.users().insertGroup(organization); assertThat(underTest.deleteByRootComponentIdAndGroupId(dbSession, project.getId(), null)).isEqualTo(0); assertThat(underTest.deleteByRootComponentIdAndGroupId(dbSession, project.getId(), group.getId())).isEqualTo(0); } @Test public void deleteByRootComponentIdAndGroupId_has_no_effect_if_group_does_not_exist() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = randomPublicOrPrivateProject(organization); assertThat(underTest.deleteByRootComponentIdAndGroupId(dbSession, project.getId(), 5678)).isEqualTo(0); } @Test public void deleteByRootComponentIdAndGroupId_has_no_effect_if_component_has_no_group_permission_for_group_AnyOne() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = db.components().insertPrivateProject(organization); GroupDto group1 = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group1, "p1", project); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), null, project.getId())) .isEmpty(); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group1.getId(), project.getId())) .containsOnly("p1"); db.users().insertPermissionOnAnyone(organization, "p2"); db.users().insertPermissionOnGroup(group1, "p3"); int deletedCount = underTest.deleteByRootComponentIdAndGroupId(dbSession, project.getId(), null); assertThat(deletedCount).isEqualTo(0); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), null, project.getId())) .isEmpty(); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group1.getId(), project.getId())) .containsOnly("p1"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), null)) .containsOnly("p2"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), group1.getId())) .containsOnly("p3"); } @Test public void deleteByRootComponentIdAndGroupId_has_no_effect_if_component_has_no_group_permission_for_specified_group() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = db.components().insertPrivateProject(organization); GroupDto group1 = db.users().insertGroup(organization); GroupDto group2 = db.users().insertGroup(organization); db.users().insertProjectPermissionOnGroup(group1, "p1", project); db.users().insertPermissionOnAnyone(organization, "p2"); db.users().insertPermissionOnGroup(group1, "p3"); int deletedCount = underTest.deleteByRootComponentIdAndGroupId(dbSession, project.getId(), group2.getId()); assertThat(deletedCount).isEqualTo(0); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group1.getId(), project.getId())) .containsOnly("p1"); assertThat(underTest.selectProjectPermissionsOfGroup(dbSession, organization.getUuid(), group2.getId(), project.getId())) .isEmpty(); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), null)) .containsOnly("p2"); assertThat(underTest.selectGlobalPermissionsOfGroup(dbSession, organization.getUuid(), group1.getId())) .containsOnly("p3"); } @Test public void deleteByRootComponentIdAndPermission_deletes_all_rows_for_specified_role_of_specified_component() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = db.components().insertPublicProject(organization); GroupDto group = db.users().insertGroup(organization); Stream.of("p1", "p2").forEach(permission -> { db.users().insertPermissionOnAnyone(organization, permission); db.users().insertPermissionOnGroup(group, permission); db.users().insertProjectPermissionOnGroup(group, permission, project); db.users().insertProjectPermissionOnAnyone(permission, project); }); assertThat(getGlobalPermissionsForAnyone(organization)).containsOnly("p1", "p2"); assertThat(getGlobalPermissionsForGroup(group)).containsOnly("p1", "p2"); assertThat(getProjectPermissionsForAnyOne(project)).containsOnly("p1", "p2"); assertThat(getProjectPermissionsForGroup(project, group)).containsOnly("p1", "p2"); int deletedRows = underTest.deleteByRootComponentIdAndPermission(dbSession, project.getId(), "p1"); assertThat(deletedRows).isEqualTo(2); assertThat(getGlobalPermissionsForAnyone(organization)).containsOnly("p1", "p2"); assertThat(getGlobalPermissionsForGroup(group)).containsOnly("p1", "p2"); assertThat(getProjectPermissionsForAnyOne(project)).containsOnly("p2"); assertThat(getProjectPermissionsForGroup(project, group)).containsOnly("p2"); deletedRows = underTest.deleteByRootComponentIdAndPermission(dbSession, project.getId(), "p2"); assertThat(deletedRows).isEqualTo(2); assertThat(getGlobalPermissionsForAnyone(organization)).containsOnly("p1", "p2"); assertThat(getGlobalPermissionsForGroup(group)).containsOnly("p1", "p2"); assertThat(getProjectPermissionsForAnyOne(project)).isEmpty(); assertThat(getProjectPermissionsForGroup(project, group)).isEmpty(); } @Test public void deleteByRootComponentIdAndPermission_has_no_effect_if_component_has_no_group_permission_at_all() { OrganizationDto organization = db.organizations().insert(); GroupDto group = db.users().insertGroup(organization); ComponentDto project = randomPublicOrPrivateProject(organization); db.users().insertPermissionOnAnyone(organization, "p1"); db.users().insertPermissionOnGroup(group, "p1"); assertThat(underTest.deleteByRootComponentIdAndPermission(dbSession, project.getId(), "p1")).isEqualTo(0); assertThat(getGlobalPermissionsForAnyone(organization)).containsOnly("p1"); assertThat(getGlobalPermissionsForGroup(group)).containsOnly("p1"); assertThat(getProjectPermissionsForAnyOne(project)).isEmpty(); assertThat(getProjectPermissionsForGroup(project, group)).isEmpty(); } @Test public void deleteByRootComponentIdAndPermission_has_no_effect_if_component_does_not_exist() { OrganizationDto organization = db.organizations().insert(); ComponentDto project = db.components().insertPublicProject(organization); GroupDto group = db.users().insertGroup(organization); db.users().insertPermissionOnAnyone(organization, "p1"); db.users().insertPermissionOnGroup(group, "p1"); db.users().insertProjectPermissionOnGroup(group, "p1", project); db.users().insertProjectPermissionOnAnyone("p1", project); assertThat(underTest.deleteByRootComponentIdAndPermission(dbSession, 1324, "p1")).isEqualTo(0); assertThat(getGlobalPermissionsForAnyone(organization)).containsOnly("p1"); assertThat(getGlobalPermissionsForGroup(group)).containsOnly("p1"); assertThat(getProjectPermissionsForAnyOne(project)).containsOnly("p1"); assertThat(getProjectPermissionsForGroup(project, group)).containsOnly("p1"); } @Test public void deleteByRootComponentIdAndPermission_has_no_effect_if_component_does_not_have_specified_permission() { OrganizationDto organization = db.organizations().insert(); GroupDto group = db.users().insertGroup(organization); ComponentDto project = randomPublicOrPrivateProject(organization); db.users().insertPermissionOnAnyone(organization, "p1"); db.users().insertPermissionOnGroup(group, "p1"); assertThat(underTest.deleteByRootComponentIdAndPermission(dbSession, project.getId(), "p1")).isEqualTo(0); } private Collection<String> getGlobalPermissionsForAnyone(OrganizationDto organization) { return getPermissions("organization_uuid = '" + organization.getUuid() + "' and group_id is null and resource_id is null"); } private Collection<String> getGlobalPermissionsForGroup(GroupDto groupDto) { return getPermissions("organization_uuid = '" + groupDto.getOrganizationUuid() + "' and group_id = " + groupDto.getId() + " and resource_id is null"); } private Collection<String> getProjectPermissionsForAnyOne(ComponentDto project) { return getPermissions("organization_uuid = '" + project.getOrganizationUuid() + "' and group_id is null and resource_id = " + project.getId()); } private Collection<String> getProjectPermissionsForGroup(ComponentDto project, GroupDto group) { return getPermissions("organization_uuid = '" + project.getOrganizationUuid() + "' and group_id = " + group.getId() + " and resource_id = " + project.getId()); } private Collection<String> getPermissions(String whereClauses) { return db .select(dbSession, "select role from group_roles where " + whereClauses) .stream() .flatMap(map -> map.entrySet().stream()) .map(entry -> (String) entry.getValue()) .collect(MoreCollectors.toList()); } private ComponentDto randomPublicOrPrivateProject(OrganizationDto organization) { return new Random().nextBoolean() ? db.components().insertPublicProject(organization) : db.components().insertPrivateProject(organization); } private PermissionQuery.Builder newQuery() { return PermissionQuery.builder().setOrganizationUuid(db.getDefaultOrganization().getUuid()); } private void verifyOrganizationUuidsInTable(String... organizationUuids) { assertThat(db.select("select distinct organization_uuid as \"organizationUuid\" from group_roles")) .extracting((row) -> (String) row.get("organizationUuid")) .containsOnly(organizationUuids); } private int insertGroupWithPermissions(OrganizationDto organization1) { GroupDto group = db.users().insertGroup(organization1); db.users().insertPermissionOnGroup(group, "foo"); db.users().insertPermissionOnGroup(group, "bar"); db.users().insertPermissionOnGroup(group, "doh"); return group.getId(); } private void assertThatNoPermission(String permission) { assertThat(db.countSql("select count(id) from group_roles where role='" + permission + "'")).isEqualTo(0); } }