use of jetbrains.buildServer.serverSide.auth.Permissions in project teamcity-rest by JetBrains.
the class UserFinderTest method testSearchByRoles.
@Test
public void testSearchByRoles() throws Throwable {
myFixture.getServerSettings().setPerProjectPermissionsEnabled(true);
final SUser user10 = createUser("user10");
final SUser user20 = createUser("user20");
final SUser user30 = createUser("user30");
final SUser user40 = createUser("user40");
final SUser user50 = createUser("user50");
final SUser user60 = createUser("user60");
final SUser user70 = createUser("user70");
final SUser user100 = createUser("user100");
final SUserGroup group10 = myFixture.createUserGroup("group1", "group 1", "");
final SUserGroup group20 = myFixture.createUserGroup("group1.1", "group 1.1", "");
group10.addSubgroup(group20);
group10.addUser(user60);
group20.addUser(user70);
ProjectEx prj1 = createProject("prj1");
ProjectEx prj1_1 = prj1.createProject("prj1_1", "prj1.1");
ProjectEx prj3 = createProject("prj3");
RoleImpl role10 = new RoleImpl("role10", "custom role", new Permissions(Permission.LABEL_BUILD), null);
myFixture.getRolesManager().addRole(role10);
RoleImpl role20 = new RoleImpl("role20", "custom role", new Permissions(Permission.PIN_UNPIN_BUILD), myFixture.getRolesManager());
role20.addIncludedRole(role10);
myFixture.getRolesManager().addRole(role20);
RoleImpl role30 = new RoleImpl("role30", "custom role", new Permissions(Permission.LABEL_BUILD, Permission.CANCEL_BUILD), myFixture.getRolesManager());
myFixture.getRolesManager().addRole(role30);
user10.addRole(RoleScope.globalScope(), getSysAdminRole());
user20.addRole(RoleScope.globalScope(), getProjectAdminRole());
user30.addRole(RoleScope.projectScope(prj1.getProjectId()), getProjectViewerRole());
user40.addRole(RoleScope.projectScope(prj1_1.getProjectId()), getProjectViewerRole());
user50.addRole(RoleScope.projectScope(prj3.getProjectId()), getProjectViewerRole());
user50.addRole(RoleScope.globalScope(), role30);
group10.addRole(RoleScope.projectScope(prj1.getProjectId()), role20);
group10.addRole(RoleScope.projectScope(getRootProject().getProjectId()), getTestRoles().getProjectViewerRole());
check(null, user10, user20, user30, user40, user50, user60, user70, user100);
check("role:(scope:(project:(" + prj1_1.getExternalId() + ")),role:(id:" + getProjectAdminRole().getId() + "))", user20);
check("role:(scope:(project:(" + prj1_1.getExternalId() + ")),role:(id:role10))", user60, user70);
check("role:(item:(scope:(project:(" + prj1_1.getExternalId() + ")),role:(id:role10)),method:effective)", user60, user70);
check("role:(item:(scope:(project:(" + prj1_1.getExternalId() + ")),role:(id:role10)))", user60, user70);
check("role:(item:(scope:(project:(" + prj1_1.getExternalId() + ")),role:(id:role10)),method:byPermission)", user10, user20, user50, user60, user70);
check("role:(scope:global)", user10, user20, user50);
// todo: error locators
checkExceptionOnItemsSearch(LocatorProcessException.class, "role:(aaa)");
}
use of jetbrains.buildServer.serverSide.auth.Permissions in project teamcity-rest by JetBrains.
the class UserFinderTest method testSearchByPermissions.
@Test
public void testSearchByPermissions() throws Throwable {
myFixture.getServerSettings().setPerProjectPermissionsEnabled(true);
final SUser user10 = createUser("user10");
final SUser user20 = createUser("user20");
final SUser user30 = createUser("user30");
final SUser user40 = createUser("user40");
final SUser user50 = createUser("user50");
final SUser user60 = createUser("user60");
final SUser user70 = createUser("user70");
final SUser user100 = createUser("user100");
final SUserGroup group10 = myFixture.createUserGroup("group1", "group 1", "");
final SUserGroup group20 = myFixture.createUserGroup("group1.1", "group 1.1", "");
group10.addSubgroup(group20);
group20.addUser(user70);
ProjectEx prj1 = createProject("prj1");
ProjectEx prj1_1 = prj1.createProject("prj1_1", "prj1.1");
ProjectEx prj3 = createProject("prj3");
RoleImpl role10 = new RoleImpl("role10", "custom role", new Permissions(Permission.RUN_BUILD), null);
myFixture.getRolesManager().addRole(role10);
RoleImpl role20 = new RoleImpl("role20", "custom role", new Permissions(Permission.VIEW_PROJECT, Permission.CHANGE_SERVER_SETTINGS), myFixture.getRolesManager());
role20.addIncludedRole(role10);
myFixture.getRolesManager().addRole(role20);
RoleImpl role30 = new RoleImpl("role30", "custom role", new Permissions(Permission.LABEL_BUILD, Permission.CANCEL_BUILD), myFixture.getRolesManager());
myFixture.getRolesManager().addRole(role30);
user10.addRole(RoleScope.globalScope(), getSysAdminRole());
user30.addRole(RoleScope.projectScope(prj3.getProjectId()), role10);
group10.addRole(RoleScope.projectScope(prj1.getProjectId()), role20);
check(null, user10, user20, user30, user40, user50, user60, user70, user100);
check("permission:(permission:run_build,project:(id:" + prj1_1.getExternalId() + "))", user10, user70);
checkExceptionOnItemsSearch(LocatorProcessException.class, "permission:(permission:run_build,permission:label_build,project:(id:" + prj1_1.getExternalId() + "))");
checkExceptionOnItemsSearch(LocatorProcessException.class, "permission:(permission:run_build,project:(id:a),project:(id:b))");
assertContains(checkException(LocatorProcessException.class, () -> getFinder().getItems("permission:(project:(id:a))"), null).getMessage(), "Nothing found");
// global permission check
check("permission:(permission:run_build)", user10);
check("permission:(permission:run_build,project:(item:" + prj3.getExternalId() + "))", user10, user30);
check("permission:(permission:run_build,project:(item:" + prj1_1.getExternalId() + ",item:" + prj3.getExternalId() + "))", user10, user30, // permission in one of the projects
user70);
// permission in any project of the first 100
check("permission:(permission:run_build,project:(count:100))", user10, user30, user70);
}
use of jetbrains.buildServer.serverSide.auth.Permissions in project teamcity-rest by JetBrains.
the class BuildTypeFinderTest method testUserSelectedDimension.
@Test
public void testUserSelectedDimension() throws Throwable {
myFixture.getServerSettings().setPerProjectPermissionsEnabled(true);
myBuildType.remove();
final SProject project10 = createProject("p10", "project 10");
final SProject project20 = createProject("p20", "project 20");
final SProject project10_10 = project10.createProject("p10_10", "p10 child1");
final SProject project10_20 = project10.createProject("p10_20", "p10 child2");
final SProject project10_30 = project10.createProject("p10_30", "p10 child3");
final SProject project30 = createProject(project10.getProjectId(), "project 30");
final SProject project40 = createProject("p40", "project 40");
final SBuildType p10_bt10 = project10.createBuildType("p10_bt10", "10-10");
final SBuildType p10_bt20 = project10.createBuildType("p10_bt20", "10-02");
final SBuildType p10_bt30 = project10.createBuildType("p10_bt30", "10-30");
final SBuildType p10_10_bt10 = project10_10.createBuildType("p10_10_bt10", "10_10-10");
final SBuildType p10_10_bt20 = project10_10.createBuildType("p10_10_bt20", "10_10-20");
final SBuildType p10_10_bt30 = project10_10.createBuildType("p10_10_bt30", "10_10-30");
final SBuildType p10_30_bt10 = project10_30.createBuildType("p10_30_bt10", "10_30-10");
final SBuildType p10_30_bt20 = project10_30.createBuildType("p10_30_bt20", "10_30-20");
final SBuildType p10_30_bt30 = project10_30.createBuildType("p10_30_bt30", "10_30-30");
final SBuildType p20_bt10 = project20.createBuildType("p20_bt10", "20-10");
final SBuildType p20_bt20 = project20.createBuildType("p20_bt20", "20-20");
final SBuildType p20_bt30 = project20.createBuildType("p20_bt30", "20-30");
final SBuildType p30_bt10 = project30.createBuildType("p30_bt10", "30-10");
final SBuildType p30_bt20 = project30.createBuildType("p30_bt20", "xxx 30-20");
final SBuildType p30_bt30 = project30.createBuildType("p30_bt30", "30-30");
final SBuildType p40_bt10 = project40.createBuildType("p40_bt10", "40-10");
final SBuildType p40_bt20 = project40.createBuildType("p40_bt20", "40-20");
final SBuildType p40_bt30 = project40.createBuildType("p40_bt30", "40-30");
final SUser user2 = createUser("user2");
user2.addRole(RoleScope.projectScope(project10.getProjectId()), getProjectViewerRole());
// default sorting is hierarchy-based + name-based within the same level
checkBuildTypes("selectedByUser:(username:user2)", p10_bt20, p10_bt10, p10_bt30, p10_10_bt10, p10_10_bt20, p10_10_bt30, p10_30_bt10, p10_30_bt20, p10_30_bt30);
checkBuildTypes("selectedByUser:(user:(username:user2))", p10_bt20, p10_bt10, p10_bt30, p10_10_bt10, p10_10_bt20, p10_10_bt30, p10_30_bt10, p10_30_bt20, p10_30_bt30);
checkBuildTypes("selectedByUser:(user:(username:user2),mode:selected_and_unknown)", p10_bt20, p10_bt10, p10_bt30, p10_10_bt10, p10_10_bt20, p10_10_bt30, p10_30_bt10, p10_30_bt20, p10_30_bt30);
checkBuildTypes("selectedByUser:(user:(username:user2),mode:all_with_order)", p10_bt20, p10_bt10, p10_bt30, p10_10_bt10, p10_10_bt20, p10_10_bt30, p10_30_bt10, p10_30_bt20, p10_30_bt30);
user2.setVisibleProjects(Arrays.asList(project10.getProjectId(), project10_30.getProjectId(), project10_10.getProjectId(), project40.getProjectId(), project30.getProjectId()));
user2.setProjectsOrder(Arrays.asList(project10.getProjectId(), project10_30.getProjectId(), project10_10.getProjectId(), project40.getProjectId(), project30.getProjectId()));
checkBuildTypes("selectedByUser:(username:user2)", p10_bt20, p10_bt10, p10_bt30, p10_30_bt10, p10_30_bt20, p10_30_bt30, p10_10_bt10, p10_10_bt20, p10_10_bt30);
checkBuildTypes("selectedByUser:(user:(username:user2),mode:selected_and_unknown)", p10_bt20, p10_bt10, p10_bt30, p10_30_bt10, p10_30_bt20, p10_30_bt30, p10_10_bt10, p10_10_bt20, p10_10_bt30);
checkBuildTypes("selectedByUser:(user:(username:user2),mode:all_with_order)", p10_bt20, p10_bt10, p10_bt30, p10_30_bt10, p10_30_bt20, p10_30_bt30, p10_10_bt10, p10_10_bt20, p10_10_bt30);
final SUser user1 = createUser("user1");
user1.addRole(RoleScope.projectScope(project10.getProjectId()), getProjectViewerRole());
user1.addRole(RoleScope.projectScope(project20.getProjectId()), getProjectViewerRole());
user1.addRole(RoleScope.projectScope(project30.getProjectId()), getProjectViewerRole());
user1.setVisibleProjects(Arrays.asList(project10.getProjectId(), project10_20.getProjectId(), project10_10.getProjectId(), project40.getProjectId(), project30.getProjectId()));
user1.setProjectsOrder(Arrays.asList(project10.getProjectId(), project10_20.getProjectId(), project10_10.getProjectId(), project40.getProjectId(), project30.getProjectId()));
user1.setBuildTypesOrder(project10, Arrays.asList(p10_bt30, p10_bt10), Arrays.asList(p10_bt20));
// p10_10_bt30 is in "unknown" state
user1.setBuildTypesOrder(project10_10, Arrays.asList(p10_10_bt20), Arrays.asList(p10_10_bt10));
user1.setBuildTypesOrder(project10_30, Arrays.asList(p10_30_bt30, p10_30_bt20, p10_30_bt10), Collections.<SBuildType>emptyList());
user1.setBuildTypesOrder(project20, Arrays.asList(p20_bt10, p20_bt30), Arrays.asList(p20_bt20));
user1.setBuildTypesOrder(project40, Arrays.asList(p40_bt10, p40_bt30), Arrays.asList(p40_bt20));
checkBuildTypes("selectedByUser:(username:user1)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(username:user1),project:(id:" + project10.getExternalId() + ")", p10_bt30, p10_bt10);
checkBuildTypes("selectedByUser:(username:user1),project:(id:" + project30.getExternalId() + ")", p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:selected_and_unknown)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:selected_and_unknown),project:(id:" + project10.getExternalId() + ")", p10_bt30, p10_bt10);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:selected_and_unknown),project:(id:" + project30.getExternalId() + ")", p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:all_with_order)", p10_bt30, p10_bt10, p10_bt20, p10_10_bt20, p10_10_bt30, p10_10_bt10, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:all_with_order),project:(id:" + project10.getExternalId() + ")", p10_bt30, p10_bt10, p10_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:all_with_order),project:(id:" + project30.getExternalId() + ")", p30_bt10, p30_bt30, p30_bt20);
SecurityContextImpl securityContext = myFixture.getSecurityContext();
securityContext.runAs(user1, new SecurityContextEx.RunAsAction() {
@Override
public void run() throws Throwable {
checkBuildTypes("selectedByUser:(username:user1)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:selected_and_unknown)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:all_with_order)", p10_bt30, p10_bt10, p10_bt20, p10_10_bt20, p10_10_bt30, p10_10_bt10, p30_bt10, p30_bt30, p30_bt20);
}
});
securityContext.runAs(user1, new SecurityContextEx.RunAsAction() {
@Override
public void run() throws Throwable {
checkBuildTypes("selectedByUser:(current)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(current),mode:selected_and_unknown)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(current),mode:all_with_order)", p10_bt30, p10_bt10, p10_bt20, p10_10_bt20, p10_10_bt30, p10_10_bt10, p30_bt10, p30_bt30, p30_bt20);
}
});
securityContext.runAs(user2, () -> {
checkExceptionOnItemsSearch(AuthorizationFailedException.class, "selectedByUser:(user:(username:user1),mode:selected_and_unknown)");
});
securityContext.runAs(user2, () -> {
checkExceptionOnItemsSearch(AuthorizationFailedException.class, "selectedByUser:(user:(username:user1),mode:all_with_order)");
});
RoleImpl role_viewUsers = new RoleImpl("role_viewUsers", "custom role", new Permissions(Permission.VIEW_ALL_USERS, Permission.VIEW_USER_PROFILE), null);
myFixture.getRolesManager().addRole(role_viewUsers);
user2.addRole(RoleScope.globalScope(), role_viewUsers);
securityContext.runAs(user2, new SecurityContextEx.RunAsAction() {
@Override
public void run() throws Throwable {
checkBuildTypes("selectedByUser:(username:user1)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:selected_and_unknown)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:all_with_order)", p10_bt30, p10_bt10, p10_bt20, p10_10_bt20, p10_10_bt30, p10_10_bt10, p30_bt10, p30_bt30, p30_bt20);
}
});
user2.addRole(RoleScope.projectScope(project40.getProjectId()), getProjectViewerRole());
checkBuildTypes("selectedByUser:(username:user2)", p10_bt20, p10_bt10, p10_bt30, p10_30_bt10, p10_30_bt20, p10_30_bt30, p10_10_bt10, p10_10_bt20, p10_10_bt30, p40_bt10, p40_bt20, p40_bt30);
securityContext.runAs(user2, new SecurityContextEx.RunAsAction() {
@Override
public void run() throws Throwable {
checkBuildTypes("selectedByUser:(username:user1)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:selected_and_unknown)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:all_with_order)", p10_bt30, p10_bt10, p10_bt20, p10_10_bt20, p10_10_bt30, p10_10_bt10, p30_bt10, p30_bt30, p30_bt20);
}
});
checkBuildTypes("selectedByUser:(username:user1)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
user1.addRole(RoleScope.projectScope(project40.getProjectId()), getProjectViewerRole());
checkBuildTypes("selectedByUser:(username:user1)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p40_bt10, p40_bt30, p30_bt10, p30_bt30, p30_bt20);
securityContext.runAs(user2, new SecurityContextEx.RunAsAction() {
@Override
public void run() throws Throwable {
checkBuildTypes("selectedByUser:(username:user1)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p40_bt10, p40_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:selected_and_unknown)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p40_bt10, p40_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:all_with_order)", p10_bt30, p10_bt10, p10_bt20, p10_10_bt20, p10_10_bt30, p10_10_bt10, p40_bt10, p40_bt30, p40_bt20, p30_bt10, p30_bt30, p30_bt20);
}
});
user2.removeRole(RoleScope.projectScope(project40.getProjectId()), getProjectViewerRole());
assertEmpty(user2.getPermissionsGrantedForProject(project40.getProjectId()).toList());
/* this fails as ProjectManager is not secure in this test
securityContext.runAs(user2, new SecurityContextEx.RunAsAction() {
@Override
public void run() throws Throwable {
checkBuildTypes("selectedByUser:(username:user1)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:selected_and_unknown)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:all_with_order)", p10_bt30, p10_bt10, p10_bt20, p10_10_bt20, p10_10_bt30, p10_10_bt10, p30_bt10, p30_bt30, p30_bt20);
}
});
*/
user1.removeRole(RoleScope.projectScope(project40.getProjectId()), getProjectViewerRole());
user2.addRole(RoleScope.globalScope(), getProjectAdminRole());
securityContext.runAs(user2, new SecurityContextEx.RunAsAction() {
@Override
public void run() throws Throwable {
checkBuildTypes("selectedByUser:(username:user1)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:selected_and_unknown)", p10_bt30, p10_bt10, p10_10_bt20, p10_10_bt30, p30_bt10, p30_bt30, p30_bt20);
checkBuildTypes("selectedByUser:(user:(username:user1),mode:all_with_order)", p10_bt30, p10_bt10, p10_bt20, p10_10_bt20, p10_10_bt30, p10_10_bt10, p30_bt10, p30_bt30, p30_bt20);
}
});
checkExceptionOnItemsSearch(BadRequestException.class, "selectedByUser:(user:(username:user2),mode:selected)");
// add checks after ProjectEx.setOwnProjectsOrder / setOwnBuildTypesOrder
}
use of jetbrains.buildServer.serverSide.auth.Permissions in project teamcity-rest by JetBrains.
the class AbstractAgentPoolResolverTest method basicProjectsConnection.
public void basicProjectsConnection() throws Throwable {
jetbrains.buildServer.serverSide.agentPools.AgentPool realPool = myFixture.getAgentPoolManager().createNewAgentPool("testAgentPool");
Set<String> allProjectIds = new HashSet<>();
Set<String> visibleProjectNames = new HashSet<>();
MockAuthorityHolder mockUser = new MockAuthorityHolder();
Permissions viewProjectPermissions = new Permissions(Permission.VIEW_PROJECT);
for (int i = 0; i < 5; i++) {
ProjectEx project = createProject("visibleProject" + i);
mockUser.projectPerms.put(project.getProjectId(), viewProjectPermissions);
allProjectIds.add(project.getProjectId());
visibleProjectNames.add(project.getName());
}
List<ProjectEx> invisibleProjects = new ArrayList<>();
for (int i = 0; i < 3; i++) {
ProjectEx project = createProject("invisibleProject" + i);
allProjectIds.add(project.getProjectId());
invisibleProjects.add(project);
}
myFixture.getAgentPoolManager().associateProjectsWithPool(realPool.getAgentPoolId(), allProjectIds);
Mock fieldSelectionSetMock = mock(DataFetchingFieldSelectionSet.class);
fieldSelectionSetMock.stubs().method("contains").with(eq("excludedCount")).will(returnValue(true));
myDataFetchingEnvironment.setSelectionSet((DataFetchingFieldSelectionSet) fieldSelectionSetMock.proxy());
AgentPoolProjectsConnection connection = myFixture.getSecurityContext().runAs(mockUser, () -> myResolver.projects(new AgentPool(realPool), new ProjectsFilter(), myDataFetchingEnvironment));
connection.getEdges().getData().forEach(edge -> {
String name = edge.getNode().getData().getName();
assertTrue("Project '" + name + "' is visible, but shouldn't be.", visibleProjectNames.contains(name));
});
assertEquals(visibleProjectNames.size(), connection.getCount());
assertEquals(new Integer(invisibleProjects.size()), connection.getExcludedCount());
}
Aggregations