private List<ProjectQgateAssociationDto> keepAuthorizedProjects(DbSession dbSession, List<ProjectQgateAssociationDto> projects) { if (userSession.isRoot()) { // the method AuthorizationDao#keepAuthorizedProjectIds() should be replaced by // a call to UserSession, which would transparently support roots. // Meanwhile root is explicitly handled. return projects; } List<Long> projectIds = projects.stream().map(ProjectQgateAssociationDto::getId).collect(MoreCollectors.toList()); Collection<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(dbSession, projectIds, userSession.getUserId(), UserRole.USER); return projects.stream().filter(project -> authorizedProjectIds.contains(project.getId())).collect(MoreCollectors.toList()); }
private Map<Long, ComponentDto> searchProjects(DbSession dbSession, List<PropertyDto> properties) { Set<Long> componentIds = properties.stream() .map(PropertyDto::getResourceId) .filter(Objects::nonNull) .collect(MoreCollectors.toSet(properties.size())); Set<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(dbSession, componentIds, userSession.getUserId(), UserRole.USER); return dbClient.componentDao().selectByIds(dbSession, componentIds) .stream() .filter(c -> authorizedProjectIds.contains(c.getId())) .collect(MoreCollectors.uniqueIndex(ComponentDto::getId)); }
@Test public void keepAuthorizedProjectIds_returns_empty_for_group_AnyOne_and_any_permission_on_private_project_without_any_permission_in_DB() { PermissionsTestHelper.ALL_PERMISSIONS .forEach(perm -> { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, null, perm)) .isEmpty(); }); assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, null, randomPermission)) .isEmpty(); }
@Test public void keepAuthorizedProjectIds_returns_empty_for_group_AnyOne_if_project_set_is_empty_on_public_project() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, Collections.emptySet(), null, UserRole.USER)) .isEmpty(); }
@Test public void keepAuthorizedProjectIds_should_be_able_to_handle_lots_of_projects() { List<ComponentDto> projects = IntStream.range(0, 2000).mapToObj(i -> db.components().insertPublicProject(organization)).collect(Collectors.toList()); Collection<Long> ids = projects.stream().map(ComponentDto::getId).collect(Collectors.toSet()); assertThat(underTest.keepAuthorizedProjectIds(dbSession, ids, null, UserRole.USER)) .containsOnly(ids.toArray(new Long[0])); }
@Test public void keepAuthorizedProjectIds_returns_empty_for_other_permission_for_group_AnyOne_on_public_project_without_any_permission_in_DB() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPublicProjectIds, null, randomPermission)) .isEmpty(); }
@Test public void keepAuthorizedProjectIds_returns_any_public_project_for_group_AnyOne_without_any_permission_in_DB_and_permission_CODEVIEWER() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPublicProjectIds, null, UserRole.CODEVIEWER)) .containsAll(randomPublicProjectIds); }
@Test public void keepAuthorizedProjectIds_returns_empty_for_group_AnyOne_on_private_project_without_any_permission_in_DB_and_permission_CODEVIEWER() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, null, UserRole.CODEVIEWER)) .isEmpty(); }
@Test public void keepAuthorizedProjectIds_returns_any_public_project_for_group_AnyOne_without_any_permission_in_DB_and_permission_USER() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPublicProjectIds, null, UserRole.USER)) .containsAll(randomPublicProjectIds); }
@Test public void keepAuthorizedProjectIds_returns_empty_for_group_AnyOne_on_private_project_without_any_permission_in_DB_and_permission_USER() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, null, UserRole.USER)) .isEmpty(); }
@Test public void keepAuthorizedProjectIds_returns_empty_for_user_and_any_permission_on_private_project_without_any_permission_in_DB() { PermissionsTestHelper.ALL_PERMISSIONS .forEach(perm -> { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, user.getId(), perm)) .isEmpty(); }); assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, user.getId(), randomPermission)) .isEmpty(); }
@Test public void keepAuthorizedProjectIds_returns_empty_for_user_if_project_set_is_empty_on_public_project() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, Collections.emptySet(), user.getId(), UserRole.USER)) .isEmpty(); }
@Test public void keepAuthorizedProjectIds_returns_empty_for_user_on_private_project_without_any_permission_in_DB_and_permission_USER() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, user.getId(), UserRole.USER)) .isEmpty(); }
@Test public void keepAuthorizedProjectIds_returns_empty_for_user_on_private_project_without_any_permission_in_DB_and_permission_CODEVIEWER() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPrivateProjectIds, user.getId(), UserRole.CODEVIEWER)) .isEmpty(); }
@Test public void keepAuthorizedProjectIds_returns_any_public_project_for_user_without_any_permission_in_DB_and_permission_USER() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPublicProjectIds, user.getId(), UserRole.USER)) .containsAll(randomPublicProjectIds); }
@Test public void keepAuthorizedProjectIds_returns_empty_for_any_permission_for_user_on_public_project_without_any_permission_in_DB() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPublicProjectIds, user.getId(), randomPermission)) .isEmpty(); }
@Test public void keepAuthorizedProjectIds_returns_any_public_project_for_user_without_any_permission_in_DB_and_permission_CODEVIEWER() { assertThat(underTest.keepAuthorizedProjectIds(dbSession, randomPublicProjectIds, user.getId(), UserRole.CODEVIEWER)) .containsAll(randomPublicProjectIds); }
@Test public void keepAuthorizedProjectIds_returns_public_project_if_group_AnyOne_is_granted_project_permission_directly() { ComponentDto project = db.components().insertPublicProject(organization); ComponentDto otherProject = db.components().insertPublicProject(organization); db.users().insertProjectPermissionOnAnyone(randomPermission, project); assertThat(underTest.keepAuthorizedProjectIds(dbSession, singleton(project.getId()), null, randomPermission)) .containsOnly(project.getId()); assertThat(underTest.keepAuthorizedProjectIds(dbSession, singleton(project.getId()), null, "another perm")) .isEmpty(); assertThat(underTest.keepAuthorizedProjectIds(dbSession, singleton(otherProject.getId()), null, randomPermission)) .isEmpty(); }
@Test public void keepAuthorizedProjectIds_returns_private_project_if_user_is_granted_project_permission_directly() { ComponentDto project = db.components().insertPrivateProject(organization); ComponentDto otherProject = db.components().insertPrivateProject(organization); UserDto otherUser = db.users().insertUser(); db.users().insertProjectPermissionOnUser(user, randomPermission, project); assertThat(underTest.keepAuthorizedProjectIds(dbSession, singleton(project.getId()), user.getId(), randomPermission)) .containsOnly(project.getId()); assertThat(underTest.keepAuthorizedProjectIds(dbSession, singleton(project.getId()), user.getId(), "another perm")) .isEmpty(); assertThat(underTest.keepAuthorizedProjectIds(dbSession, singleton(otherProject.getId()), user.getId(), randomPermission)) .isEmpty(); assertThat(underTest.keepAuthorizedProjectIds(dbSession, singleton(project.getId()), otherUser.getId(), randomPermission)) .isEmpty(); }
@Test public void anonymous_should_be_authorized() { ComponentDto project1 = db.components().insertPublicProject(organization); ComponentDto project2 = db.components().insertPublicProject(organization); UserDto user1 = db.users().insertUser("u1"); GroupDto group = db.users().insertGroup(organization); db.users().insertMembers(group, user1); assertThat(underTest.keepAuthorizedProjectIds(dbSession, newHashSet(project1.getId(), project2.getId()), null, UserRole.USER)) .containsOnly(project1.getId(), project2.getId()); // group does not have the role "admin" assertThat(underTest.keepAuthorizedProjectIds(dbSession, newHashSet(project1.getId()), null, "admin")) .isEmpty(); }