Search in sources :

Example 1 with JSonMessageHttpStatusExceptionTestValidator

use of com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator in project sechub by mercedes-benz.

the class ProjectChangeAccessLevelScenario3IntTest method get_job_report__existing_job_read_access_level_changing_test_different_access_levels.

/* @formatter:on */
/* @formatter:off */
@Test
public void get_job_report__existing_job_read_access_level_changing_test_different_access_levels() throws Exception {
    /* prepare + test preconditions */
    TestProject project = PROJECT_1;
    // we start a job by USER1 - at this moment, this is possible, because project access level is "FULL"
    IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
    UUID jobUUID = result.getSechubJobUUID();
    /* execute */
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.READ_ONLY);
    /* test 1 */
    as(USER_1).getJobReport(project, jobUUID);
    /* execute */
    // we reuse the test, so we have not to create another job etc (reduce time cost)
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.NONE);
    /* test 2 */
    expectHttpFailure(() -> {
        as(USER_1).getJobReport(project, jobUUID);
    }, HttpStatus.FORBIDDEN);
    // even as an administrator, using same rest api
    // the report cannot be fetched
    expectHttpFailure(() -> {
        as(SUPER_ADMIN).getJobReport(project, jobUUID);
    }, new JSonMessageHttpStatusExceptionTestValidator(HttpStatus.FORBIDDEN, "Project " + project.getProjectId() + " does currently not allow read access."));
    /* execute */
    // we reuse the test, so we have not to create another job etc (reduce time cost)
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.FULL);
    /* test 1 */
    as(USER_1).getJobReport(project, jobUUID);
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) UUID(java.util.UUID) JSonMessageHttpStatusExceptionTestValidator(com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator) Test(org.junit.Test)

Example 2 with JSonMessageHttpStatusExceptionTestValidator

use of com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator in project sechub by mercedes-benz.

the class ProjectChangeAccessLevelScenario3IntTest method get_job_status__existing_job_read_access_level_changing_test_different_access_levels.

/* @formatter:on */
/* @formatter:off */
@Test
public void get_job_status__existing_job_read_access_level_changing_test_different_access_levels() throws Exception {
    /* prepare + test preconditions */
    TestProject project = PROJECT_1;
    // we start a job by USER1 - at this moment, this is possible, because project access level is "FULL"
    UUID jobUUID = as(USER_1).createCodeScan(project, IntegrationTestMockMode.CODE_SCAN__CHECKMARX__GREEN__ZERO_WAIT);
    /* execute */
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.READ_ONLY);
    /* test 1 */
    as(USER_1).getJobStatus(project, jobUUID);
    /* execute */
    // we reuse the test, so we have not to create another job etc (reduce time cost)
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.NONE);
    /* test 2 */
    expectHttpFailure(() -> {
        as(USER_1).getJobStatus(project, jobUUID);
    }, new JSonMessageHttpStatusExceptionTestValidator(HttpStatus.FORBIDDEN, "Project " + project.getProjectId() + " does currently not allow read access."));
    /* execute */
    // we reuse the test, so we have not to create another job etc (reduce time cost)
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.FULL);
    /* test 1 */
    as(USER_1).getJobStatus(project, jobUUID);
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) UUID(java.util.UUID) JSonMessageHttpStatusExceptionTestValidator(com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator) Test(org.junit.Test)

Aggregations

JSonMessageHttpStatusExceptionTestValidator (com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator)2 TestProject (com.mercedesbenz.sechub.integrationtest.api.TestProject)2 UUID (java.util.UUID)2 Test (org.junit.Test)2 IntegrationTestJSONLocation (com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation)1 ExecutionResult (com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult)1