use of com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator in project sechub by mercedes-benz.
the class ProjectChangeAccessLevelScenario3IntTest method get_job_report__existing_job_read_access_level_changing_test_different_access_levels.
/* @formatter:on */
/* @formatter:off */
@Test
public void get_job_report__existing_job_read_access_level_changing_test_different_access_levels() throws Exception {
/* prepare + test preconditions */
TestProject project = PROJECT_1;
// we start a job by USER1 - at this moment, this is possible, because project access level is "FULL"
IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
assertReportUnordered(result).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
UUID jobUUID = result.getSechubJobUUID();
/* execute */
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.READ_ONLY);
/* test 1 */
as(USER_1).getJobReport(project, jobUUID);
/* execute */
// we reuse the test, so we have not to create another job etc (reduce time cost)
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.NONE);
/* test 2 */
expectHttpFailure(() -> {
as(USER_1).getJobReport(project, jobUUID);
}, HttpStatus.FORBIDDEN);
// even as an administrator, using same rest api
// the report cannot be fetched
expectHttpFailure(() -> {
as(SUPER_ADMIN).getJobReport(project, jobUUID);
}, new JSonMessageHttpStatusExceptionTestValidator(HttpStatus.FORBIDDEN, "Project " + project.getProjectId() + " does currently not allow read access."));
/* execute */
// we reuse the test, so we have not to create another job etc (reduce time cost)
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.FULL);
/* test 1 */
as(USER_1).getJobReport(project, jobUUID);
}
use of com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator in project sechub by mercedes-benz.
the class ProjectChangeAccessLevelScenario3IntTest method get_job_status__existing_job_read_access_level_changing_test_different_access_levels.
/* @formatter:on */
/* @formatter:off */
@Test
public void get_job_status__existing_job_read_access_level_changing_test_different_access_levels() throws Exception {
/* prepare + test preconditions */
TestProject project = PROJECT_1;
// we start a job by USER1 - at this moment, this is possible, because project access level is "FULL"
UUID jobUUID = as(USER_1).createCodeScan(project, IntegrationTestMockMode.CODE_SCAN__CHECKMARX__GREEN__ZERO_WAIT);
/* execute */
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.READ_ONLY);
/* test 1 */
as(USER_1).getJobStatus(project, jobUUID);
/* execute */
// we reuse the test, so we have not to create another job etc (reduce time cost)
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.NONE);
/* test 2 */
expectHttpFailure(() -> {
as(USER_1).getJobStatus(project, jobUUID);
}, new JSonMessageHttpStatusExceptionTestValidator(HttpStatus.FORBIDDEN, "Project " + project.getProjectId() + " does currently not allow read access."));
/* execute */
// we reuse the test, so we have not to create another job etc (reduce time cost)
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.FULL);
/* test 1 */
as(USER_1).getJobStatus(project, jobUUID);
}
Aggregations