scm-webapp/src/test/java/sonia/scm/security/SystemRepositoryPermissionProviderTest.java

/*
 * MIT License
 *
 * Copyright (c) 2020-present Cloudogu GmbH and Contributors
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

package sonia.scm.security;

import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import sonia.scm.plugin.PluginLoader;
import sonia.scm.repository.RepositoryPermissions;
import sonia.scm.repository.RepositoryRole;
import sonia.scm.util.ClassLoaders;

import java.lang.reflect.Field;
import java.util.Arrays;
import java.util.Collection;

import static java.util.Arrays.asList;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.fail;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

class SystemRepositoryPermissionProviderTest {

  private SystemRepositoryPermissionProvider repositoryPermissionProvider;
  private String[] allVerbsFromRepositoryClass;


  @BeforeEach
  void init() {
    PluginLoader pluginLoader = mock(PluginLoader.class);
    when(pluginLoader.getUberClassLoader()).thenReturn(ClassLoaders.getContextClassLoader(DefaultSecuritySystem.class));
    repositoryPermissionProvider = new SystemRepositoryPermissionProvider(pluginLoader);
    allVerbsFromRepositoryClass = Arrays.stream(RepositoryPermissions.class.getDeclaredFields())
      .filter(field -> field.getName().startsWith("ACTION_"))
      .filter(field -> !field.getName().equals("ACTION_HEALTHCHECK"))
      .map(this::getString)
      .filter(verb -> !asList("create", "archive").contains(verb))
      .toArray(String[]::new);
  }

  @Test
  void shouldReadAvailableRoles() {
    assertThat(repositoryPermissionProvider.availableRoles()).isNotEmpty();
    assertThat(repositoryPermissionProvider.availableRoles()).allSatisfy(this::containsOnlyAvailableVerbs);
  }

  private void containsOnlyAvailableVerbs(RepositoryRole role) {
    assertThat(role.getVerbs()).isSubsetOf(repositoryPermissionProvider.availableVerbs());
  }

  @Test
  void shouldReadAvailableVerbsFromRepository() {
    assertThat(repositoryPermissionProvider.availableVerbs()).contains(allVerbsFromRepositoryClass);
  }

  @Test
  void shouldMergeRepositoryRoles() {
    Collection<String> verbsInMergedRole = repositoryPermissionProvider
      .availableRoles()
      .stream()
      .filter(r -> "READ".equals(r.getName()))
      .findFirst()
      .get()
      .getVerbs();
    assertThat(verbsInMergedRole).contains("read", "pull", "test");
  }

  private String getString(Field field) {
    try {
      return (String) field.get(null);
    } catch (IllegalAccessException e) {
      fail(e);
      return null;
    }
  }
}
Changeover to MIT license (#1066) * prepare license-maven-plugin for license migration * added license mapping for tsx files and added some more excludes * Changeover to MIT license * Fix build problems * Delete old remaining licenses * Add more exclude path for license checker * Rename included netbeans license, add exclude .m2/repository/ * Specify .m2 exclude because not only repository/, also wrapper/ must match * Add .cache/ exclude for license check * Modify formatting of license in java classes to comply with convention and IDE * Add IntelliJ documentation for license configuration * Update CHANGELOG.md * Exclude tmp/workspace/ dir for license check * Edit README.md Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com> 2020-03-23 15:35:58 +01:00			`/*`
			`* MIT License`
			`*`
			`* Copyright (c) 2020-present Cloudogu GmbH and Contributors`
			`*`
			`* Permission is hereby granted, free of charge, to any person obtaining a copy`
			`* of this software and associated documentation files (the "Software"), to deal`
			`* in the Software without restriction, including without limitation the rights`
			`* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell`
			`* copies of the Software, and to permit persons to whom the Software is`
			`* furnished to do so, subject to the following conditions:`
			`*`
			`* The above copyright notice and this permission notice shall be included in all`
			`* copies or substantial portions of the Software.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR`
			`* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,`
			`* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE`
			`* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER`
			`* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,`
			`* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
			`* SOFTWARE.`
			`*/`
Archive repository (#1477) This adds a flag "archived" to repositories. Repositories marked with this can no longer be modified in any way. To do this, we switch to a new version of Shiro Static Permissions (sdorra/shiro-static-permissions#4) and specify a permission guard to check for every permission request, whether the repository in question is archived or not. Further we implement checks in stores and other activies so that no writing request may be executed by mistake. Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com> 2020-12-16 10:58:29 +01:00
Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00			`package sonia.scm.security;`

			`import org.junit.jupiter.api.BeforeEach;`
			`import org.junit.jupiter.api.Test;`
			`import sonia.scm.plugin.PluginLoader;`
			`import sonia.scm.repository.RepositoryPermissions;`
Create DAO for repository roles 2019-05-03 14:19:33 +02:00			`import sonia.scm.repository.RepositoryRole;`
Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00			`import sonia.scm.util.ClassLoaders;`

			`import java.lang.reflect.Field;`
			`import java.util.Arrays;`
Merge roles from multiple repository permissions 2019-02-18 10:31:12 +01:00			`import java.util.Collection;`
Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00
Archive repository (#1477) This adds a flag "archived" to repositories. Repositories marked with this can no longer be modified in any way. To do this, we switch to a new version of Shiro Static Permissions (sdorra/shiro-static-permissions#4) and specify a permission guard to check for every permission request, whether the repository in question is archived or not. Further we implement checks in stores and other activies so that no writing request may be executed by mistake. Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com> 2020-12-16 10:58:29 +01:00			`import static java.util.Arrays.asList;`
Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00			`import static org.assertj.core.api.Assertions.assertThat;`
			`import static org.junit.jupiter.api.Assertions.fail;`
			`import static org.mockito.Mockito.mock;`
			`import static org.mockito.Mockito.when;`

Create DAO for repository roles 2019-05-03 14:19:33 +02:00			`class SystemRepositoryPermissionProviderTest {`
Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00
Create DAO for repository roles 2019-05-03 14:19:33 +02:00			`private SystemRepositoryPermissionProvider repositoryPermissionProvider;`
Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00			`private String[] allVerbsFromRepositoryClass;`


			`@BeforeEach`
			`void init() {`
			`PluginLoader pluginLoader = mock(PluginLoader.class);`
			`when(pluginLoader.getUberClassLoader()).thenReturn(ClassLoaders.getContextClassLoader(DefaultSecuritySystem.class));`
Create DAO for repository roles 2019-05-03 14:19:33 +02:00			`repositoryPermissionProvider = new SystemRepositoryPermissionProvider(pluginLoader);`
Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00			`allVerbsFromRepositoryClass = Arrays.stream(RepositoryPermissions.class.getDeclaredFields())`
			`.filter(field -> field.getName().startsWith("ACTION_"))`
Remove health check permission until implemented 2019-02-18 10:17:35 +01:00			`.filter(field -> !field.getName().equals("ACTION_HEALTHCHECK"))`
Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00			`.map(this::getString)`
Archive repository (#1477) This adds a flag "archived" to repositories. Repositories marked with this can no longer be modified in any way. To do this, we switch to a new version of Shiro Static Permissions (sdorra/shiro-static-permissions#4) and specify a permission guard to check for every permission request, whether the repository in question is archived or not. Further we implement checks in stores and other activies so that no writing request may be executed by mistake. Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com> 2020-12-16 10:58:29 +01:00			`.filter(verb -> !asList("create", "archive").contains(verb))`
Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00			`.toArray(String[]::new);`
			`}`

			`@Test`
			`void shouldReadAvailableRoles() {`
			`assertThat(repositoryPermissionProvider.availableRoles()).isNotEmpty();`
Better rest 2019-01-23 12:46:08 +01:00			`assertThat(repositoryPermissionProvider.availableRoles()).allSatisfy(this::containsOnlyAvailableVerbs);`
Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00			`}`

Better rest 2019-01-23 12:46:08 +01:00			`private void containsOnlyAvailableVerbs(RepositoryRole role) {`
			`assertThat(role.getVerbs()).isSubsetOf(repositoryPermissionProvider.availableVerbs());`
Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00			`}`

			`@Test`
			`void shouldReadAvailableVerbsFromRepository() {`
			`assertThat(repositoryPermissionProvider.availableVerbs()).contains(allVerbsFromRepositoryClass);`
			`}`

Merge roles from multiple repository permissions 2019-02-18 10:31:12 +01:00			`@Test`
			`void shouldMergeRepositoryRoles() {`
			`Collection<String> verbsInMergedRole = repositoryPermissionProvider`
			`.availableRoles()`
			`.stream()`
			`.filter(r -> "READ".equals(r.getName()))`
			`.findFirst()`
			`.get()`
			`.getVerbs();`
			`assertThat(verbsInMergedRole).contains("read", "pull", "test");`
			`}`

Fix verbs for repository and rename class 2019-01-23 12:22:06 +01:00			`private String getString(Field field) {`
			`try {`
			`return (String) field.get(null);`
			`} catch (IllegalAccessException e) {`
			`fail(e);`
			`return null;`
			`}`
			`}`
			`}`