mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-07-04 12:19:53 +02:00
Permission Overview
Adds an overview of the permissions of a user including its groups. To do so, a new cache is introduced that stores the groups of a user, when the user is authenticated. In doing so, SCM-Manager can also list groups assigned by external authentication plugins such as LDAP. On the other hand, the user has to have been logged in at least once to get external groups, and even then the cached groups may be out of date when the overview is created. Internal groups will always be added correctly, nonetheless. Due to the cache, another problem arised: On some logins, the xml dao for the cache failed to be read, because it was read and written at the same time. To fix this, a more thorough synchronization of the stores has been implemented. Committed-by: Konstantin Schaper <konstantin.schaper@cloudogu.com> Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
This commit is contained in:
committed by
SCM-Manager
parent
864ed9072d
commit
e1b107849e
@@ -0,0 +1,166 @@
|
||||
/*
|
||||
* MIT License
|
||||
*
|
||||
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import de.otto.edison.hal.Links;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import sonia.scm.group.Group;
|
||||
import sonia.scm.group.GroupManager;
|
||||
import sonia.scm.repository.Repository;
|
||||
import sonia.scm.user.PermissionOverview;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
import static java.util.Arrays.asList;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.anyString;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class PermissionOverviewToPermissionOverviewDtoMapperTest {
|
||||
|
||||
public static final Repository REPOSITORY_1 = new Repository("1", "git", "hog", "marvin");
|
||||
public static final Repository REPOSITORY_2 = new Repository("1", "git", "vogon", "jeltz");
|
||||
|
||||
public static final PermissionOverview PERMISSION_OVERVIEW = new PermissionOverview(
|
||||
asList(
|
||||
new PermissionOverview.GroupEntry("hitchhiker", true, false),
|
||||
new PermissionOverview.GroupEntry("vogons", false, true)
|
||||
),
|
||||
asList("hog", "earth"),
|
||||
asList(
|
||||
REPOSITORY_1,
|
||||
REPOSITORY_2
|
||||
)
|
||||
);
|
||||
|
||||
@Mock
|
||||
private ResourceLinks resourceLinks;
|
||||
@Mock
|
||||
private NamespaceToNamespaceDtoMapper namespaceToNamespaceDtoMapper;
|
||||
@Mock
|
||||
private RepositoryToRepositoryDtoMapper repositoryToRepositoryDtoMapper;
|
||||
@Mock
|
||||
private GroupManager groupManager;
|
||||
@Mock
|
||||
private GroupToGroupDtoMapper groupToGroupDtoMapper;
|
||||
|
||||
@InjectMocks
|
||||
private PermissionOverviewToPermissionOverviewDtoMapperImpl permissionOverviewToPermissionOverviewDtoMapper;
|
||||
|
||||
@BeforeEach
|
||||
void initResourceLinks() {
|
||||
when(resourceLinks.user())
|
||||
.thenReturn(new ResourceLinks.UserLinks(() -> URI.create("/")));
|
||||
}
|
||||
|
||||
@BeforeEach
|
||||
void initRepositoryMapper() {
|
||||
when(repositoryToRepositoryDtoMapper.map(any()))
|
||||
.thenAnswer(invocation -> {
|
||||
Repository repository = invocation.getArgument(0, Repository.class);
|
||||
RepositoryDto repositoryDto = new RepositoryDto();
|
||||
repositoryDto.setNamespace(repository.getNamespace());
|
||||
repositoryDto.setName(repository.getName());
|
||||
return repositoryDto;
|
||||
});
|
||||
}
|
||||
|
||||
@BeforeEach
|
||||
void initNamespaceMapper() {
|
||||
when(namespaceToNamespaceDtoMapper.map(any()))
|
||||
.thenAnswer(invocation -> new NamespaceDto(invocation.getArgument(0, String.class), Links.emptyLinks()));
|
||||
}
|
||||
|
||||
@BeforeEach
|
||||
void initGroupMapper() {
|
||||
when(groupManager.get(anyString()))
|
||||
.thenAnswer(invocation -> new Group("xml", invocation.getArgument(0, String.class)));
|
||||
when(groupToGroupDtoMapper.map(any()))
|
||||
.thenAnswer(invocation -> {
|
||||
GroupDto groupDto = new GroupDto();
|
||||
groupDto.setName(invocation.getArgument(0, Group.class).getName());
|
||||
return groupDto;
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldMapRepositories() {
|
||||
PermissionOverviewDto dto = permissionOverviewToPermissionOverviewDtoMapper
|
||||
.toDto(PERMISSION_OVERVIEW, "Neo");
|
||||
|
||||
assertThat(dto.getRelevantRepositories())
|
||||
.extracting("namespace")
|
||||
.contains("hog", "vogon");
|
||||
assertThat(dto.getRelevantRepositories())
|
||||
.extracting("name")
|
||||
.contains("marvin", "jeltz");
|
||||
|
||||
assertThat(
|
||||
dto.
|
||||
getEmbedded()
|
||||
.getItemsBy("repositories")
|
||||
).hasSize(2);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldMapNamespaces() {
|
||||
PermissionOverviewDto dto = permissionOverviewToPermissionOverviewDtoMapper
|
||||
.toDto(PERMISSION_OVERVIEW, "Neo");
|
||||
|
||||
assertThat(dto.getRelevantNamespaces())
|
||||
.contains("hog", "earth");
|
||||
|
||||
assertThat(dto.getEmbedded().getItemsBy("relevantNamespaces"))
|
||||
.hasSize(2)
|
||||
.extracting("namespace")
|
||||
.contains("hog", "earth");
|
||||
assertThat(dto.getEmbedded().getItemsBy("otherNamespaces"))
|
||||
.hasSize(1)
|
||||
.extracting("namespace")
|
||||
.contains("vogon");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldMapGroups() {
|
||||
PermissionOverviewDto dto = permissionOverviewToPermissionOverviewDtoMapper
|
||||
.toDto(PERMISSION_OVERVIEW, "Neo");
|
||||
|
||||
assertThat(dto.getRelevantGroups())
|
||||
.extracting("name")
|
||||
.contains("hitchhiker", "vogons");
|
||||
|
||||
assertThat(dto.getEmbedded().getItemsBy("groups"))
|
||||
.hasSize(2)
|
||||
.extracting("name")
|
||||
.contains("hitchhiker", "vogons");
|
||||
}
|
||||
}
|
||||
@@ -41,10 +41,13 @@ import org.mockito.Mock;
|
||||
import sonia.scm.ContextEntry;
|
||||
import sonia.scm.NotFoundException;
|
||||
import sonia.scm.PageResult;
|
||||
import sonia.scm.group.GroupManager;
|
||||
import sonia.scm.security.ApiKeyService;
|
||||
import sonia.scm.security.PermissionAssigner;
|
||||
import sonia.scm.security.PermissionDescriptor;
|
||||
import sonia.scm.user.ChangePasswordNotAllowedException;
|
||||
import sonia.scm.user.PermissionOverview;
|
||||
import sonia.scm.user.PermissionOverviewCollector;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserManager;
|
||||
import sonia.scm.web.RestDispatcher;
|
||||
@@ -58,6 +61,8 @@ import java.net.URL;
|
||||
import java.util.Collection;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
import static de.otto.edison.hal.Links.emptyLinks;
|
||||
import static java.util.Collections.emptyList;
|
||||
import static java.util.Collections.singletonList;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
@@ -95,6 +100,16 @@ public class UserRootResourceTest {
|
||||
private ApiKeyService apiKeyService;
|
||||
@Mock
|
||||
private PermissionAssigner permissionAssigner;
|
||||
@Mock
|
||||
private PermissionOverviewCollector permissionOverviewCollector;
|
||||
@Mock
|
||||
private RepositoryToRepositoryDtoMapper repositoryToRepositoryDtoMapper;
|
||||
@Mock
|
||||
private NamespaceToNamespaceDtoMapper namespaceToNamespaceDtoMapper;
|
||||
@Mock
|
||||
private GroupManager groupManager;
|
||||
@Mock
|
||||
private GroupToGroupDtoMapper groupToGroupDtoMapper;
|
||||
@InjectMocks
|
||||
private UserDtoToUserMapperImpl dtoToUserMapper;
|
||||
@InjectMocks
|
||||
@@ -103,6 +118,8 @@ public class UserRootResourceTest {
|
||||
private PermissionCollectionToDtoMapper permissionCollectionToDtoMapper;
|
||||
@InjectMocks
|
||||
private ApiKeyToApiKeyDtoMapperImpl apiKeyMapper;
|
||||
@InjectMocks
|
||||
private PermissionOverviewToPermissionOverviewDtoMapperImpl permissionOverviewMapper;
|
||||
|
||||
@Captor
|
||||
private ArgumentCaptor<User> userCaptor;
|
||||
@@ -110,6 +127,7 @@ public class UserRootResourceTest {
|
||||
private ArgumentCaptor<Predicate<User>> filterCaptor;
|
||||
|
||||
private User originalUser;
|
||||
private MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
@Before
|
||||
public void prepareEnvironment() {
|
||||
@@ -125,7 +143,7 @@ public class UserRootResourceTest {
|
||||
UserCollectionResource userCollectionResource = new UserCollectionResource(userManager, dtoToUserMapper,
|
||||
userCollectionToDtoMapper, resourceLinks, passwordService);
|
||||
UserPermissionResource userPermissionResource = new UserPermissionResource(permissionAssigner, permissionCollectionToDtoMapper);
|
||||
UserResource userResource = new UserResource(dtoToUserMapper, userToDtoMapper, userManager, passwordService, userPermissionResource);
|
||||
UserResource userResource = new UserResource(dtoToUserMapper, userToDtoMapper, permissionOverviewMapper, userManager, passwordService, userPermissionResource, permissionOverviewCollector);
|
||||
ApiKeyCollectionToDtoMapper apiKeyCollectionToDtoMapper = new ApiKeyCollectionToDtoMapper(apiKeyMapper, resourceLinks);
|
||||
UserApiKeyResource userApiKeyResource = new UserApiKeyResource(apiKeyService, apiKeyCollectionToDtoMapper, apiKeyMapper, resourceLinks);
|
||||
UserRootResource userRootResource = new UserRootResource(Providers.of(userCollectionResource),
|
||||
@@ -137,7 +155,6 @@ public class UserRootResourceTest {
|
||||
@Test
|
||||
public void shouldCreateFullResponseForAdmin() throws URISyntaxException, UnsupportedEncodingException {
|
||||
MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2 + "Neo");
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -155,7 +172,6 @@ public class UserRootResourceTest {
|
||||
.post("/" + UserRootResource.USERS_PATH_V2)
|
||||
.contentType(VndMediaType.USER)
|
||||
.content(userJson.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -177,7 +193,6 @@ public class UserRootResourceTest {
|
||||
@SubjectAware(username = "unpriv")
|
||||
public void shouldCreateLimitedResponseForSimpleUser() throws URISyntaxException, UnsupportedEncodingException {
|
||||
MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2 + "Neo");
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -195,7 +210,6 @@ public class UserRootResourceTest {
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
|
||||
.contentType(VndMediaType.PASSWORD_OVERWRITE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
when(passwordService.encryptPassword(newPassword)).thenReturn("encrypted123");
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
@@ -213,7 +227,6 @@ public class UserRootResourceTest {
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
|
||||
.contentType(VndMediaType.PASSWORD_OVERWRITE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
doThrow(new ChangePasswordNotAllowedException(ContextEntry.ContextBuilder.entity("passwordChange", "-"), "xml")).when(userManager).overwritePassword(any(), any());
|
||||
|
||||
@@ -231,7 +244,6 @@ public class UserRootResourceTest {
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
|
||||
.contentType(VndMediaType.PASSWORD_OVERWRITE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
doThrow(new NotFoundException("Test", "x")).when(userManager).overwritePassword(any(), any());
|
||||
|
||||
@@ -249,7 +261,6 @@ public class UserRootResourceTest {
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
|
||||
.contentType(VndMediaType.PASSWORD_OVERWRITE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
when(passwordService.encryptPassword(newPassword)).thenReturn("encrypted123");
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
@@ -267,7 +278,6 @@ public class UserRootResourceTest {
|
||||
.post("/" + UserRootResource.USERS_PATH_V2)
|
||||
.contentType(VndMediaType.USER)
|
||||
.content(userJson);
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
when(passwordService.encryptPassword("pwd123")).thenReturn("encrypted123");
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
@@ -287,7 +297,6 @@ public class UserRootResourceTest {
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo")
|
||||
.contentType(VndMediaType.USER)
|
||||
.content(userJson);
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -303,7 +312,6 @@ public class UserRootResourceTest {
|
||||
.post("/" + UserRootResource.USERS_PATH_V2)
|
||||
.contentType(VndMediaType.USER)
|
||||
.content(new byte[]{});
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
when(passwordService.encryptPassword("pwd123")).thenReturn("encrypted123");
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
@@ -314,7 +322,6 @@ public class UserRootResourceTest {
|
||||
@Test
|
||||
public void shouldGetNotFoundForNotExistentUser() throws URISyntaxException {
|
||||
MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2 + "nosuchuser");
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -324,7 +331,6 @@ public class UserRootResourceTest {
|
||||
@Test
|
||||
public void shouldDeleteUser() throws Exception {
|
||||
MockHttpRequest request = MockHttpRequest.delete("/" + UserRootResource.USERS_PATH_V2 + "Neo");
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -342,7 +348,6 @@ public class UserRootResourceTest {
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Other")
|
||||
.contentType(VndMediaType.USER)
|
||||
.content(userJson);
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -360,7 +365,6 @@ public class UserRootResourceTest {
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo")
|
||||
.contentType(VndMediaType.USER)
|
||||
.content(userJson);
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -373,7 +377,6 @@ public class UserRootResourceTest {
|
||||
PageResult<User> singletonPageResult = createSingletonPageResult(1);
|
||||
when(userManager.getPage(any(), any(), eq(0), eq(10))).thenReturn(singletonPageResult);
|
||||
MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2);
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -389,7 +392,6 @@ public class UserRootResourceTest {
|
||||
PageResult<User> singletonPageResult = createSingletonPageResult(3);
|
||||
when(userManager.getPage(any(), any(), eq(1), eq(1))).thenReturn(singletonPageResult);
|
||||
MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2 + "?page=1&pageSize=1");
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -407,7 +409,6 @@ public class UserRootResourceTest {
|
||||
PageResult<User> singletonPageResult = createSingletonPageResult(1);
|
||||
when(userManager.getPage(filterCaptor.capture(), any(), eq(0), eq(10))).thenReturn(singletonPageResult);
|
||||
MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2 + "?q=One");
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -427,7 +428,6 @@ public class UserRootResourceTest {
|
||||
@Test
|
||||
public void shouldGetPermissionLink() throws URISyntaxException, UnsupportedEncodingException {
|
||||
MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2 + "Neo");
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -440,7 +440,6 @@ public class UserRootResourceTest {
|
||||
public void shouldGetPermissions() throws URISyntaxException, UnsupportedEncodingException {
|
||||
when(permissionAssigner.readPermissionsForUser("Neo")).thenReturn(singletonList(new PermissionDescriptor("something:*")));
|
||||
MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2 + "Neo/permissions");
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -455,7 +454,6 @@ public class UserRootResourceTest {
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/permissions")
|
||||
.contentType(VndMediaType.PERMISSION_COLLECTION)
|
||||
.content("{\"permissions\":[\"other:*\"]}".getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
ArgumentCaptor<Collection<PermissionDescriptor>> captor = ArgumentCaptor.forClass(Collection.class);
|
||||
doNothing().when(permissionAssigner).setPermissionsForUser(eq("Neo"), captor.capture());
|
||||
|
||||
@@ -466,6 +464,19 @@ public class UserRootResourceTest {
|
||||
assertEquals("other:*", captor.getValue().iterator().next().getValue());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldGetPermissionsOverviewWithNamespaces() throws URISyntaxException, UnsupportedEncodingException {
|
||||
when(permissionOverviewCollector.create("Neo")).thenReturn(new PermissionOverview(emptyList(), singletonList("hog"), emptyList()));
|
||||
when(namespaceToNamespaceDtoMapper.map("hog")).thenReturn(new NamespaceDto("hog", emptyLinks()));
|
||||
MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2 + "Neo/permissionOverview");
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
|
||||
assertThat(response.getContentAsString()).contains("hog");
|
||||
assertThat(response.getContentAsString()).contains("\"self\":{\"href\":\"/v2/users/Neo/permissionOverview\"}");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldConvertUserToInternalAndSetNewPassword() throws URISyntaxException {
|
||||
when(passwordService.encryptPassword(anyString())).thenReturn("abc");
|
||||
@@ -474,7 +485,6 @@ public class UserRootResourceTest {
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/convert-to-internal")
|
||||
.contentType(VndMediaType.USER)
|
||||
.content("{\"newPassword\":\"trillian\"}".getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -492,7 +502,6 @@ public class UserRootResourceTest {
|
||||
MockHttpRequest request = MockHttpRequest
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/convert-to-external")
|
||||
.contentType(VndMediaType.USER);
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import org.apache.shiro.subject.Subject;
|
||||
@@ -43,7 +43,6 @@ import java.time.Instant;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.mockito.MockitoAnnotations.initMocks;
|
||||
@@ -177,4 +176,16 @@ public class UserToUserDtoMapperTest {
|
||||
|
||||
assertEquals("http://trillian", userDto.getLinks().getLinkBy("sample").get().getHref());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldMapLinks_forPermissionOverview() {
|
||||
User user = createDefaultUser();
|
||||
when(subject.isPermitted("permission:read")).thenReturn(true);
|
||||
when(subject.isPermitted("group:list")).thenReturn(true);
|
||||
|
||||
UserDto userDto = mapper.map(user);
|
||||
|
||||
assertEquals("expected permissions link", expectedBaseUri.resolve("abc/permissions").toString(), userDto.getLinks().getLinkBy("permissions").get().getHref());
|
||||
assertEquals("expected permission overview link", expectedBaseUri.resolve("abc/permissionOverview").toString(), userDto.getLinks().getLinkBy("permissionOverview").get().getHref());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -30,17 +30,21 @@ import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.Answers;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import sonia.scm.HandlerEventType;
|
||||
import sonia.scm.cache.MapCache;
|
||||
import sonia.scm.cache.MapCacheManager;
|
||||
import sonia.scm.security.LogoutEvent;
|
||||
import sonia.scm.store.ConfigurationStore;
|
||||
import sonia.scm.store.ConfigurationStoreFactory;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserEvent;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
@@ -59,6 +63,11 @@ class DefaultGroupCollectorTest {
|
||||
@Mock
|
||||
private GroupResolver groupResolver;
|
||||
|
||||
@Mock(answer = Answers.RETURNS_DEEP_STUBS)
|
||||
private ConfigurationStoreFactory configurationStoreFactory;
|
||||
@Mock(answer = Answers.RETURNS_DEEP_STUBS)
|
||||
private ConfigurationStore configurationStore;
|
||||
|
||||
private MapCacheManager mapCacheManager;
|
||||
|
||||
private Set<GroupResolver> groupResolvers;
|
||||
@@ -69,7 +78,14 @@ class DefaultGroupCollectorTest {
|
||||
void initCollector() {
|
||||
groupResolvers = new HashSet<>();
|
||||
mapCacheManager = new MapCacheManager();
|
||||
collector = new DefaultGroupCollector(groupDAO, mapCacheManager, groupResolvers);
|
||||
collector = new DefaultGroupCollector(groupDAO, mapCacheManager, groupResolvers, configurationStoreFactory);
|
||||
}
|
||||
|
||||
@BeforeEach
|
||||
void initStore() {
|
||||
when(configurationStoreFactory.withType(UserGroupCache.class).withName("user-group-cache").build())
|
||||
.thenReturn(configurationStore);
|
||||
when(configurationStore.getOptional()).thenReturn(Optional.empty());
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -141,7 +157,16 @@ class DefaultGroupCollectorTest {
|
||||
verify(groupDAO, never()).getAll();
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldGetCachedGroupsFromLastLogin() {
|
||||
UserGroupCache cache = new UserGroupCache();
|
||||
cache.put("trillian", Set.of("hog"));
|
||||
when(configurationStore.getOptional()).thenReturn(Optional.of(cache));
|
||||
|
||||
Set<String> cachedGroups = collector.fromLastLoginPlusInternal("trillian");
|
||||
|
||||
assertThat(cachedGroups).contains("hog");
|
||||
}
|
||||
|
||||
@Nested
|
||||
class WithGroupsFromDao {
|
||||
@@ -169,5 +194,23 @@ class DefaultGroupCollectorTest {
|
||||
Iterable<String> groupNames = collector.collect("trillian");
|
||||
assertThat(groupNames).containsOnly("_authenticated", "heartOfGold", "fjordsOfAfrican", "awesome", "incredible");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldGetScmGroupsForLastLoginWhenNothingCached() {
|
||||
Set<String> cachedGroups = collector.fromLastLoginPlusInternal("trillian");
|
||||
|
||||
assertThat(cachedGroups).contains("heartOfGold", "fjordsOfAfrican");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldGetCachedGroupsFromLastLoginWithInternalGroups() {
|
||||
UserGroupCache cache = new UserGroupCache();
|
||||
cache.put("trillian", Set.of("earth"));
|
||||
when(configurationStore.getOptional()).thenReturn(Optional.of(cache));
|
||||
|
||||
Set<String> cachedGroups = collector.fromLastLoginPlusInternal("trillian");
|
||||
|
||||
assertThat(cachedGroups).contains("earth", "heartOfGold", "fjordsOfAfrican");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,250 @@
|
||||
/*
|
||||
* MIT License
|
||||
*
|
||||
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
package sonia.scm.user;
|
||||
|
||||
import org.apache.shiro.subject.Subject;
|
||||
import org.apache.shiro.util.ThreadContext;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import sonia.scm.group.Group;
|
||||
import sonia.scm.group.GroupCollector;
|
||||
import sonia.scm.group.GroupManager;
|
||||
import sonia.scm.repository.Namespace;
|
||||
import sonia.scm.repository.NamespaceManager;
|
||||
import sonia.scm.repository.Repository;
|
||||
import sonia.scm.repository.RepositoryManager;
|
||||
import sonia.scm.repository.RepositoryPermission;
|
||||
import sonia.scm.repository.RepositoryTestData;
|
||||
import sonia.scm.security.PermissionAssigner;
|
||||
import sonia.scm.security.PermissionDescriptor;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
|
||||
import static java.util.Collections.singleton;
|
||||
import static java.util.Collections.singletonList;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class PermissionOverviewCollectorTest {
|
||||
|
||||
@Mock
|
||||
private GroupCollector groupCollector;
|
||||
@Mock
|
||||
private PermissionAssigner permissionAssigner;
|
||||
@Mock
|
||||
private GroupManager groupManager;
|
||||
@Mock
|
||||
private RepositoryManager repositoryManager;
|
||||
@Mock
|
||||
private NamespaceManager namespaceManager;
|
||||
|
||||
@InjectMocks
|
||||
private PermissionOverviewCollector permissionOverviewCollector;
|
||||
|
||||
private final String unknownGroupName = "hog";
|
||||
private final String knownGroupName = "earth";
|
||||
|
||||
@BeforeEach
|
||||
void mockGroups() {
|
||||
when(groupCollector.fromLastLoginPlusInternal("trillian"))
|
||||
.thenReturn(Set.of(unknownGroupName, knownGroupName));
|
||||
}
|
||||
|
||||
@BeforeEach
|
||||
void mockSubject() {
|
||||
Subject subject = mock(Subject.class);
|
||||
ThreadContext.bind(subject);
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
void clearContext() {
|
||||
ThreadContext.unbindSubject();
|
||||
}
|
||||
|
||||
@Nested
|
||||
class WithGroups {
|
||||
@Test
|
||||
void shouldCollectGroupsFromGroupCollector() {
|
||||
when(groupManager.getAllNames()).thenReturn(singleton(knownGroupName));
|
||||
mockUnknownGroup(unknownGroupName);
|
||||
mockKnownGroup(knownGroupName);
|
||||
|
||||
PermissionOverview permissionOverview = permissionOverviewCollector.create("trillian");
|
||||
|
||||
Collection<PermissionOverview.GroupEntry> relevantGroups = permissionOverview.getRelevantGroups();
|
||||
assertThat(relevantGroups)
|
||||
.extracting("name")
|
||||
.contains(unknownGroupName, knownGroupName);
|
||||
assertThat(relevantGroups)
|
||||
.extracting("permissions")
|
||||
.contains(false, true);
|
||||
assertThat(relevantGroups)
|
||||
.extracting("externalOnly")
|
||||
.contains(false, true);
|
||||
}
|
||||
|
||||
private void mockKnownGroup(String knownGroupName) {
|
||||
when(permissionAssigner.readPermissionsForGroup(knownGroupName))
|
||||
.thenReturn(singleton(new PermissionDescriptor()));
|
||||
}
|
||||
|
||||
private void mockUnknownGroup(String unknownGroupName) {
|
||||
when(permissionAssigner.readPermissionsForGroup(unknownGroupName))
|
||||
.thenReturn(Collections.emptyList());
|
||||
}
|
||||
}
|
||||
|
||||
@Nested
|
||||
class WithNamespaces {
|
||||
|
||||
private Namespace namespace = new Namespace("git");
|
||||
|
||||
@BeforeEach
|
||||
void mockNamespace() {
|
||||
when(namespaceManager.getAll())
|
||||
.thenReturn(singletonList(namespace));
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldFindNamespaces() {
|
||||
namespace.addPermission(new RepositoryPermission("trillian", "read", false));
|
||||
|
||||
PermissionOverview permissionOverview = permissionOverviewCollector.create("trillian");
|
||||
|
||||
assertThat(permissionOverview.getRelevantNamespaces())
|
||||
.contains("git");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldFindNamespacesWithPermissionForUser() {
|
||||
namespace.addPermission(new RepositoryPermission("trillian", "read", false));
|
||||
|
||||
PermissionOverview permissionOverview = permissionOverviewCollector.create("trillian");
|
||||
|
||||
assertThat(permissionOverview.getRelevantNamespaces())
|
||||
.contains("git");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldFindNamespaceWithPermissionForGroupOfUser() {
|
||||
namespace.addPermission(new RepositoryPermission(knownGroupName, "read", true));
|
||||
when(groupCollector.fromLastLoginPlusInternal("trillian"))
|
||||
.thenReturn(singleton(knownGroupName));
|
||||
|
||||
PermissionOverview permissionOverview = permissionOverviewCollector.create("trillian");
|
||||
|
||||
assertThat(permissionOverview.getRelevantNamespaces())
|
||||
.contains("git");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldIgnoreNamespaceWithPermissionForOtherUser() {
|
||||
namespace.addPermission(new RepositoryPermission("arthur", "read", false));
|
||||
|
||||
PermissionOverview permissionOverview = permissionOverviewCollector.create("trillian");
|
||||
|
||||
assertThat(permissionOverview.getRelevantNamespaces())
|
||||
.doesNotContain("git");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldIgnoreRepositoryWithPermissionForOtherGroups() {
|
||||
namespace.addPermission(new RepositoryPermission("vogons", "read", true));
|
||||
when(groupCollector.fromLastLoginPlusInternal("trillian"))
|
||||
.thenReturn(singleton(knownGroupName));
|
||||
|
||||
PermissionOverview permissionOverview = permissionOverviewCollector.create("trillian");
|
||||
|
||||
assertThat(permissionOverview.getRelevantNamespaces())
|
||||
.doesNotContain("git");
|
||||
}
|
||||
}
|
||||
|
||||
@Nested
|
||||
class WithRepositories {
|
||||
|
||||
private final Repository repository = RepositoryTestData.create42Puzzle();
|
||||
|
||||
@BeforeEach
|
||||
void mockRepository() {
|
||||
when(repositoryManager.getAll())
|
||||
.thenReturn(singletonList(repository));
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldFindRepositoryWithPermissionForUser() {
|
||||
repository.addPermission(new RepositoryPermission("trillian", "read", false));
|
||||
|
||||
PermissionOverview permissionOverview = permissionOverviewCollector.create("trillian");
|
||||
|
||||
assertThat(permissionOverview.getRelevantRepositories())
|
||||
.contains(repository);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldFindRepositoryWithPermissionForGroupOfUser() {
|
||||
repository.addPermission(new RepositoryPermission(knownGroupName, "read", true));
|
||||
when(groupCollector.fromLastLoginPlusInternal("trillian"))
|
||||
.thenReturn(singleton(knownGroupName));
|
||||
|
||||
PermissionOverview permissionOverview = permissionOverviewCollector.create("trillian");
|
||||
|
||||
assertThat(permissionOverview.getRelevantRepositories())
|
||||
.contains(repository);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldIgnoreRepositoryWithPermissionForOtherUser() {
|
||||
repository.addPermission(new RepositoryPermission("arthur", "read", false));
|
||||
|
||||
PermissionOverview permissionOverview = permissionOverviewCollector.create("trillian");
|
||||
|
||||
assertThat(permissionOverview.getRelevantRepositories())
|
||||
.doesNotContain(repository);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldIgnoreRepositoryWithPermissionForOtherGroups() {
|
||||
repository.addPermission(new RepositoryPermission("vogons", "read", true));
|
||||
when(groupCollector.fromLastLoginPlusInternal("trillian"))
|
||||
.thenReturn(singleton(knownGroupName));
|
||||
|
||||
PermissionOverview permissionOverview = permissionOverviewCollector.create("trillian");
|
||||
|
||||
assertThat(permissionOverview.getRelevantRepositories())
|
||||
.doesNotContain(repository);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user