use of jetbrains.buildServer.server.rest.model.user.User in project teamcity-rest by JetBrains.
the class UserRequestTest method testPermissionsSecurity.
@Test
public void testPermissionsSecurity() throws Throwable {
myFixture.getServerSettings().setPerProjectPermissionsEnabled(true);
ProjectEx project1 = createProject("project1", "project1");
ProjectEx project2 = createProject("project2", "project2");
SUser user1 = createUser("user1");
SUser user2 = createUser("user2");
user2.addRole(RoleScope.globalScope(), getTestRoles().createRole(Permission.RUN_BUILD, Permission.AUTHORIZE_AGENT));
user2.addRole(RoleScope.projectScope(project2.getProjectId()), getTestRoles().createRole(Permission.VIEW_PROJECT));
user2.addRole(RoleScope.projectScope(project1.getProjectId()), getTestRoles().createRole(Permission.VIEW_PROJECT, Permission.REORDER_BUILD_QUEUE));
myFixture.getSecurityContext().runAs(user1, () -> {
checkException(AuthorizationFailedException.class, () -> myRequest.getPermissions("id:" + user2.getId(), null, null), "getting permissions of another user");
});
SUser user3 = createUser("user3");
user3.addRole(RoleScope.globalScope(), getTestRoles().createRole(Permission.VIEW_USER_PROFILE, Permission.VIEW_ALL_USERS));
user3.addRole(RoleScope.projectScope(project2.getProjectId()), getTestRoles().createRole(Permission.VIEW_PROJECT));
myFixture.getSecurityContext().runAs(user3, () -> {
PermissionAssignments permissions = myRequest.getPermissions("id:" + user2.getId(), null, null);
String message = describe(permissions);
assertTrue(message, permissions.myPermissionAssignments.stream().anyMatch(pa -> Permission.AUTHORIZE_AGENT.name().toLowerCase().toLowerCase().equals(pa.permission.id) && pa.project == null));
assertTrue(message, permissions.myPermissionAssignments.stream().anyMatch(pa -> Permission.REORDER_BUILD_QUEUE.name().toLowerCase().equals(pa.permission.id) && pa.project == null));
assertTrue(message, permissions.myPermissionAssignments.stream().anyMatch(pa -> Permission.RUN_BUILD.name().toLowerCase().equals(pa.permission.id) && pa.project == null));
assertTrue(message, permissions.myPermissionAssignments.stream().anyMatch(pa -> Permission.VIEW_PROJECT.name().toLowerCase().equals(pa.permission.id) && project2.getExternalId().equals(pa.project.id)));
assertTrue(message, permissions.myPermissionAssignments.stream().noneMatch(pa -> Permission.VIEW_PROJECT.name().toLowerCase().equals(pa.permission.id) && project1.getExternalId().equals(pa.project.id)));
});
getUserModelEx().getGuestUser().addRole(RoleScope.projectScope(project2.getProjectId()), getTestRoles().createRole(Permission.RUN_BUILD));
myFixture.getSecurityContext().runAs(getUserModelEx().getGuestUser(), () -> {
PermissionAssignments permissions = myRequest.getPermissions("current", null, null);
assertTrue(describe(permissions), permissions.myPermissionAssignments.stream().anyMatch(pa -> Permission.RUN_BUILD.name().toLowerCase().equals(pa.permission.id) && project2.getExternalId().equals(pa.project.id)));
checkException(AuthorizationFailedException.class, () -> myRequest.getPermissions("id:" + user2.getId(), null, null), "getting permissions of another user");
});
myFixture.getSecurityContext().runAs(getUserModelEx().getSuperUser(), () -> {
PermissionAssignments permissions = myRequest.getPermissions("current", null, null);
assertTrue(describe(permissions), permissions.myPermissionAssignments.stream().anyMatch(pa -> Permission.EDIT_PROJECT.name().toLowerCase().equals(pa.permission.id) && pa.project == null));
permissions = myRequest.getPermissions("id:" + user2.getId(), null, null);
assertTrue(describe(permissions), permissions.myPermissionAssignments.stream().anyMatch(pa -> Permission.VIEW_PROJECT.name().toLowerCase().equals(pa.permission.id) && project1.getExternalId().equals(pa.project.id)));
assertTrue(describe(permissions), permissions.myPermissionAssignments.stream().anyMatch(pa -> Permission.AUTHORIZE_AGENT.name().toLowerCase().equals(pa.permission.id) && pa.project == null));
});
}
use of jetbrains.buildServer.server.rest.model.user.User in project teamcity-rest by JetBrains.
the class UserRequestTest method testUnauthorizedUsersList.
@Test
@TestFor(issues = { "TW-44842" })
void testUnauthorizedUsersList() throws Throwable {
final SUser user1 = createUser("user1");
final SUser user2 = createUser("user2");
SecurityContextImpl securityContext = myFixture.getSecurityContext();
user2.addRole(RoleScope.globalScope(), getProjectAdminRole());
securityContext.runAs(user2, new SecurityContextEx.RunAsAction() {
@Override
public void run() throws Throwable {
User result = myRequest.serveUser("id:" + user1.getId(), "$long,groups(group(users(user)))");
assertNotNull(result);
assertNotNull(result.getGroups());
assertNotNull(result.getGroups().groups);
assertEquals(1, result.getGroups().groups.size());
assertNotNull(result.getGroups().groups.get(0).users);
assertNotNull(result.getGroups().groups.get(0).users.users);
}
});
securityContext.runAs(user1, new SecurityContextEx.RunAsAction() {
@Override
public void run() throws Throwable {
User result = myRequest.serveUser("username:user1", "$long,groups(group)");
assertNotNull(result);
assertNotNull(result.getGroups());
assertNotNull(result.getGroups().groups);
assertEquals(1, result.getGroups().groups.size());
}
});
securityContext.runAs(user1, new SecurityContextEx.RunAsAction() {
@Override
public void run() throws Throwable {
User result = myRequest.serveUser("username:user1", "$long,groups(group(users(user)))");
assertNotNull(result);
assertNotNull(result.getGroups());
assertNotNull(result.getGroups().groups);
assertEquals(1, result.getGroups().groups.size());
// on getting users, AuthorizationFailedException is thrown so users are not included
assertNull(result.getGroups().groups.get(0).users);
}
});
}
use of jetbrains.buildServer.server.rest.model.user.User in project teamcity-rest by JetBrains.
the class InvestigationRequestTest method testAssignInvestigation.
@Test
void testAssignInvestigation() throws Throwable {
final SUser user2 = createUser("user2");
Investigation investigation = new Investigation();
investigation.state = "taken";
investigation.assignee = new User();
investigation.assignee.setId(user2.getId());
investigation.assignment = new Comment();
investigation.assignment.text = "comment here";
investigation.scope = new ProblemScope();
investigation.scope.project = new Project();
investigation.scope.project.id = myProject.getExternalId();
investigation.target = new ProblemTarget();
investigation.target.tests = new Tests();
jetbrains.buildServer.server.rest.model.problem.Test test = new jetbrains.buildServer.server.rest.model.problem.Test();
test.name = "testname";
investigation.target.tests.items = Collections.singletonList(test);
investigation.resolution = new Resolution();
investigation.resolution.type = Resolution.ResolutionType.manually;
investigation.resolution.time = "20900512T163700";
assertEmpty(myInvestigationFinder.getItems(null).myEntries);
createBuildWithFailedTest("testname");
Investigation result = myRequest.createInstance(investigation, "$long");
assertEquals("testname", result.target.tests.items.get(0).name);
List<InvestigationWrapper> currentInvestigations = myInvestigationFinder.getItems(null).myEntries;
assertEquals(1, currentInvestigations.size());
InvestigationWrapper investigationWrapper = currentInvestigations.get(0);
assertEquals(ResponsibilityEntry.State.TAKEN, investigationWrapper.getState());
assertEquals(user2.getId(), investigationWrapper.getResponsibleUser().getId());
assertEquals("comment here", investigationWrapper.getComment());
assertEquals(null, investigationWrapper.getProblemRE());
assertEquals(myProject.getProjectId(), investigationWrapper.getTestRE().getProjectId());
assertEquals("testname", investigationWrapper.getTestRE().getTestName().getAsString());
assertEquals(myProject.getProjectId(), investigationWrapper.getAssignmentProject().getProjectId());
myRequest.deleteInstance(investigationWrapper.getId());
assertEmpty(myInvestigationFinder.getItems(null).myEntries);
}
use of jetbrains.buildServer.server.rest.model.user.User in project teamcity-rest by JetBrains.
the class UserRequestTest method testUserEnityExposure.
@Test
void testUserEnityExposure() throws Throwable {
myFixture.getServerSettings().setPerProjectPermissionsEnabled(true);
final SUser user1 = createUser("user1");
final SUser user2 = createUser("user2");
// filling all user fields
user1.updateUserAccount("user1", "Display Name1", "email1@domain.com");
user2.updateUserAccount("user2", "Display Name2", "email2@domain.com");
SUserGroup group1 = myFixture.createUserGroup("key1", "name1", "description");
group1.addUser(user1);
group1.addUser(user2);
user1.addRole(RoleScope.globalScope(), getProjectViewerRole());
user2.addRole(RoleScope.globalScope(), getProjectViewerRole());
user1.setLastLoginTimestamp(new Date());
user2.setLastLoginTimestamp(new Date());
user1.setPassword("secret");
user2.setPassword("secret");
myFixture.getUserAvatarsManager().saveAvatar(user1, new BufferedImage(1, 1, 1));
myFixture.getUserAvatarsManager().saveAvatar(user2, new BufferedImage(1, 1, 1));
enable2FA(user1);
enable2FA(user2);
SecurityContextImpl securityContext = myFixture.getSecurityContext();
user2.addRole(RoleScope.globalScope(), getProjectAdminRole());
SFinishedBuild build10 = build().in(myBuildType).by(user1).finish();
SFinishedBuild build20 = build().in(myBuildType).by(user2).finish();
BuildRequest buildRequest = new BuildRequest();
buildRequest.initForTests(BaseFinderTest.getBeanContext(myFixture));
// if changed, the checks below should be changed
assertEquals(15, getSubEntitiesNames(User.class).size());
final String fields = "triggered(user($long,hasPassword))";
{
Build build = buildRequest.serveBuild("id:" + build10.getBuildId(), fields, new FakeHttpServletRequest());
// check that all is present
User user = build.getTriggered().user;
assertNotNull(user.getUsername());
assertNotNull(user.getName());
assertNotNull(user.getId());
assertNotNull(user.getEmail());
assertNotNull(user.getLastLogin());
assertNotNull(user.getHref());
assertNotNull(user.getProperties());
assertNotNull(user.getRoles());
assertNotNull(user.getGroups());
assertNotNull(user.getHasPassword());
assertNotNull(user.getAvatars());
assertNotNull(user.getEnabled2FA());
// not included in response
assertNull(user.getPassword());
// submit-only
assertNull(user.getLocator());
// obsolete
assertNull(user.getRealm());
}
{
Build build = buildRequest.serveBuild("id:" + build20.getBuildId(), fields, new FakeHttpServletRequest());
// check that all is present
User user = build.getTriggered().user;
assertNotNull(user.getUsername());
assertNotNull(user.getName());
assertNotNull(user.getId());
assertNotNull(user.getEmail());
assertNotNull(user.getLastLogin());
assertNotNull(user.getHref());
assertNotNull(user.getProperties());
assertNotNull(user.getRoles());
assertNotNull(user.getGroups());
assertNotNull(user.getHasPassword());
assertNotNull(user.getAvatars());
assertNotNull(user.getEnabled2FA());
// not included in response
assertNull(user.getPassword());
// submit-only
assertNull(user.getLocator());
// obsolete
assertNull(user.getRealm());
}
securityContext.runAs(user1, () -> {
Build build = buildRequest.serveBuild("id:" + build10.getBuildId(), fields, new FakeHttpServletRequest());
// check that all is present
User user = build.getTriggered().user;
assertNotNull(user.getUsername());
assertNotNull(user.getName());
assertNotNull(user.getId());
assertNotNull(user.getEmail());
assertNotNull(user.getLastLogin());
assertNotNull(user.getHref());
assertNotNull(user.getProperties());
assertNotNull(user.getRoles());
assertNotNull(user.getGroups());
assertNotNull(user.getHasPassword());
assertNotNull(user.getAvatars());
assertNotNull(user.getEnabled2FA());
assertNull(user.getPassword());
});
securityContext.runAs(user2, () -> {
Build build = buildRequest.serveBuild("id:" + build10.getBuildId(), fields, new FakeHttpServletRequest());
// check that all is present
User user = build.getTriggered().user;
assertNotNull(user.getUsername());
assertNotNull(user.getName());
assertNotNull(user.getId());
assertNotNull(user.getEmail());
assertNotNull(user.getLastLogin());
assertNotNull(user.getHref());
assertNotNull(user.getProperties());
assertNotNull(user.getRoles());
assertNotNull(user.getGroups());
assertNotNull(user.getHasPassword());
assertNotNull(user.getAvatars());
assertNotNull(user.getEnabled2FA());
assertNull(user.getPassword());
});
securityContext.runAs(user1, () -> {
Build build = buildRequest.serveBuild("id:" + build20.getBuildId(), fields, new FakeHttpServletRequest());
// check that all is present
User user = build.getTriggered().user;
assertNotNull(user.getUsername());
assertNotNull(user.getName());
assertNotNull(user.getId());
assertNull(user.getEmail());
assertNull(user.getLastLogin());
assertNotNull(user.getHref());
assertNull(user.getProperties());
assertNull(user.getRoles());
assertNull(user.getGroups());
assertNull(user.getHasPassword());
assertNull(user.getPassword());
assertNotNull(user.getAvatars());
assertNull(user.getEnabled2FA());
});
}
Aggregations