Merge pull request #1468 from KoukiHama/admin_role__private_project_a…

…ccess feat(ui) : Strengthen sw360 admin privileges about Read and Write Reviewed by: jaideep.palit@siemens.com Tested by: anupam.ghosh@siemens.com
eclipse-sw360 · Jun 1, 2022 · 62639a9 · 62639a9
2 parents 011762a + e2cb517
commit 62639a9
Show file tree

Hide file tree

Showing 5 changed files with 104 additions and 44 deletions.
diff --git a/.github/workflows/githubactions.yml b/.github/workflows/githubactions.yml
@@ -62,7 +62,15 @@ jobs:
         bash scripts/install-thrift.sh --no-cleanup
 
     - name: Build SW360
-      run: mvn clean package --no-transfer-progress -P deploy -Dhelp-docs=true -Dbase.deploy.dir=. -Dliferay.deploy.dir=/home/runner/work/sw360/sw360/deploy -Dbackend.deploy.dir=/home/runner/work/sw360/sw360/webapps -Drest.deploy.dir=/home/runner/work/sw360/sw360/webapps -DRunComponentVisibilityRestrictionTest=false
+      run: mvn clean package --no-transfer-progress -P deploy -Dhelp-docs=true -Dbase.deploy.dir=. -Dliferay.deploy.dir=/home/runner/work/sw360/sw360/deploy -Dbackend.deploy.dir=/home/runner/work/sw360/sw360/webapps -Drest.deploy.dir=/home/runner/work/sw360/sw360/webapps -DRunComponentVisibilityRestrictionTest=false -DRunPrivateProjectAccessTest=false
+
+    - name: Run PrivateProjectAccessTest
+      run: |
+        cd build-configuration
+        mvn install
+        cd ..
+        cd libraries/lib-datahandler
+        mvn test -Dtest=ProjectPermissionsVisibilityTest -DRunPrivateProjectAccessTest=true
 
     - name: Deploy Backend and Rest Server
       run: |
@@ -77,3 +85,4 @@ jobs:
       run: |
         cd clients
         mvn clean install --no-transfer-progress -DRunRestIntegrationTest=true
+
diff --git a/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ProjectRepository.java b/backend/src-common/src/main/java/org/eclipse/sw360/datahandler/db/ProjectRepository.java
@@ -388,6 +388,7 @@ public Map<PaginationData, List<Project>> getAccessibleProjectsSummary(User user
 
         final Selector buAndModorator_visibility_Selector = eq("visbility", "BUISNESSUNIT_AND_MODERATORS");
         final Selector userBuSelector = eq("businessUnit", userBU);
+        boolean isAdmin = PermissionUtils.isAdmin(user);
         boolean isClearingAdmin = PermissionUtils.isUserAtLeast(UserGroup.CLEARING_ADMIN, user);
         Selector isUserBelongToBuAndModerator = null;
 
@@ -412,12 +413,16 @@ public Map<PaginationData, List<Project>> getAccessibleProjectsSummary(User user
         isUserBelongToBuAndModerator = and(buAndModorator_visibility_Selector, or(buSelectors));
 
         Selector finalSelector = null;
-        if (isClearingAdmin) {
-            finalSelector = and(typeSelector, or(getAllPrivateProjects, everyone_visibility_Selector,
-                    isUserBelongToMeAndModerator, buAndModorator_visibility_Selector));
+        if (PermissionUtils.IS_ADMIN_PRIVATE_ACCESS_ENABLED && isAdmin) {
+                finalSelector = typeSelector;
         } else {
-            finalSelector = and(typeSelector, or(getAllPrivateProjects, everyone_visibility_Selector,
-                    isUserBelongToMeAndModerator, isUserBelongToBuAndModerator));
+            if (isClearingAdmin) {
+                finalSelector = and(typeSelector, or(getAllPrivateProjects, everyone_visibility_Selector,
+                        isUserBelongToMeAndModerator, buAndModorator_visibility_Selector));
+            } else {
+                finalSelector = and(typeSelector, or(getAllPrivateProjects, everyone_visibility_Selector,
+                        isUserBelongToMeAndModerator, isUserBelongToBuAndModerator));
+            }
         }
 
         QueryBuilder qb = new QueryBuilder(finalSelector);
@@ -532,6 +537,7 @@ private Set<Project> getAccessibleProjectSummary(User user, Set<String> searchId
     }
 
     public int getMyAccessibleProjectsCount(User user) {
+        boolean isAdmin = PermissionUtils.isAdmin(user);
         boolean isClearingAdmin = PermissionUtils.isUserAtLeast(UserGroup.CLEARING_ADMIN, user);
         Set<String> BUs = new HashSet<>();
         String primaryOrg = SW360Utils.getBUFromOrganisation(user.getDepartment());
@@ -552,6 +558,9 @@ public int getMyAccessibleProjectsCount(User user) {
         }
         keys[keys.length - 2] = user.getEmail();
         keys[keys.length - 1] = "everyone";
+        if (PermissionUtils.IS_ADMIN_PRIVATE_ACCESS_ENABLED && isAdmin) {
+            return getConnector().getDocumentCount(Project.class);
+        }
         if (isClearingAdmin) {
             String[] keyss = new String[3];
             keyss[keyss.length - 3] = "bu";

diff --git a/...-datahandler/src/main/java/org/eclipse/sw360/datahandler/permissions/PermissionUtils.java b/...-datahandler/src/main/java/org/eclipse/sw360/datahandler/permissions/PermissionUtils.java
@@ -35,13 +35,16 @@ public class PermissionUtils {
 
     public static final String PROPERTIES_FILE_PATH = "/sw360.properties";
     public static final boolean IS_COMPONENT_VISIBILITY_RESTRICTION_ENABLED;
-
+    public static final boolean IS_ADMIN_PRIVATE_ACCESS_ENABLED;
+
     static {
         Properties props = CommonUtils.loadProperties(DatabaseSettings.class, PROPERTIES_FILE_PATH);
         IS_COMPONENT_VISIBILITY_RESTRICTION_ENABLED = Boolean.parseBoolean(
             System.getProperty("RunComponentVisibilityRestrictionTest", props.getProperty("component.visibility.restriction.enabled", "false")));
+        IS_ADMIN_PRIVATE_ACCESS_ENABLED = Boolean.parseBoolean(
+            System.getProperty("RunPrivateProjectAccessTest", props.getProperty("admin.private.project.access.enabled", "false")));
     }
-    
+
     public static boolean isNormalUser(User user) {
         return isInGroup(user, UserGroup.USER);
     }

diff --git a/...tahandler/src/main/java/org/eclipse/sw360/datahandler/permissions/ProjectPermissions.java b/...tahandler/src/main/java/org/eclipse/sw360/datahandler/permissions/ProjectPermissions.java
@@ -89,11 +89,13 @@ public static Predicate<Project> isVisible(final User user) {
                 visibility = Visibility.BUISNESSUNIT_AND_MODERATORS; // the current default
             }
 
+            boolean isPrivateAccessAllowed = PermissionUtils.IS_ADMIN_PRIVATE_ACCESS_ENABLED && isUserAtLeast(ADMIN, user);
+
             switch (visibility) {
                 case PRIVATE:
-                    return user.getEmail().equals(input.getCreatedBy());
+                    return user.getEmail().equals(input.getCreatedBy()) || isPrivateAccessAllowed;
                 case ME_AND_MODERATORS: {
-                    return userIsEquivalentToModeratorInProject(input, user.getEmail());
+                    return userIsEquivalentToModeratorInProject(input, user.getEmail()) || isPrivateAccessAllowed;
                 }
             case BUISNESSUNIT_AND_MODERATORS: {
                 boolean isVisibleBasedOnPrimaryCondition = isUserInBU(input, user.getDepartment())

diff --git a/...test/java/org/eclipse/sw360/datahandler/permissions/ProjectPermissionsVisibilityTest.java b/...test/java/org/eclipse/sw360/datahandler/permissions/ProjectPermissionsVisibilityTest.java
@@ -48,40 +48,77 @@ public class ProjectPermissionsVisibilityTest extends ScenarioTest<GivenProject,
     @DataProvider
     public static Object[][] projectVisibilityProvider() {
         // @formatter:off
-        return new Object[][] {
-                //test otherDeparment
-                //test User
-                { PRIVATE, theBu, theOtherDep, USER, false },
-                { ME_AND_MODERATORS, theBu, theOtherDep, USER, false },
-                { BUISNESSUNIT_AND_MODERATORS, theBu, theOtherDep, USER, false },
-                { EVERYONE, theBu, theOtherDep, USER, true },
-                //test Clearing Admin
-                { PRIVATE, theBu, theOtherDep, CLEARING_ADMIN, false },
-                { ME_AND_MODERATORS, theBu, theOtherDep, CLEARING_ADMIN, false },
-                { BUISNESSUNIT_AND_MODERATORS, theBu, theOtherDep, CLEARING_ADMIN, true },
-                { EVERYONE, theBu, theOtherDep, CLEARING_ADMIN, true },
-                //test  Admin
-                { PRIVATE, theBu, theOtherDep, ADMIN, false },
-                { ME_AND_MODERATORS, theBu, theOtherDep, ADMIN, false },
-                { BUISNESSUNIT_AND_MODERATORS, theBu, theOtherDep, ADMIN, true },
-                { EVERYONE, theBu, theOtherDep, ADMIN, true },
-                //test same department
-                //test User
-                { PRIVATE, theBu, theDep, USER, false },
-                { ME_AND_MODERATORS, theBu, theDep, USER, false },
-                { BUISNESSUNIT_AND_MODERATORS, theBu, theDep, USER, true },
-                { EVERYONE, theBu, theDep, USER, true },
-                //test Clearing Admin
-                { PRIVATE, theBu, theDep, CLEARING_ADMIN, false },
-                { ME_AND_MODERATORS, theBu, theDep, CLEARING_ADMIN, false },
-                { BUISNESSUNIT_AND_MODERATORS, theBu, theDep, CLEARING_ADMIN, true },
-                { EVERYONE, theBu, theDep, CLEARING_ADMIN, true },
-                //test  Admin
-                { PRIVATE, theBu, theDep, ADMIN, false },
-                { ME_AND_MODERATORS, theBu, theDep, ADMIN, false },
-                { BUISNESSUNIT_AND_MODERATORS, theBu, theDep, ADMIN, true },
-                { EVERYONE, theBu, theDep, ADMIN, true },
-        };
+        if (PermissionUtils.IS_ADMIN_PRIVATE_ACCESS_ENABLED) {
+            return new Object[][] {
+                    //test otherDeparment
+                    //test User
+                    { PRIVATE, theBu, theOtherDep, USER, false },
+                    { ME_AND_MODERATORS, theBu, theOtherDep, USER, false },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theOtherDep, USER, false },
+                    { EVERYONE, theBu, theOtherDep, USER, true },
+                    //test Clearing Admin
+                    { PRIVATE, theBu, theOtherDep, CLEARING_ADMIN, false },
+                    { ME_AND_MODERATORS, theBu, theOtherDep, CLEARING_ADMIN, false },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theOtherDep, CLEARING_ADMIN, true },
+                    { EVERYONE, theBu, theOtherDep, CLEARING_ADMIN, true },
+                    //test  Admin
+                    { PRIVATE, theBu, theOtherDep, ADMIN, true },
+                    { ME_AND_MODERATORS, theBu, theOtherDep, ADMIN, true },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theOtherDep, ADMIN, true },
+                    { EVERYONE, theBu, theOtherDep, ADMIN, true },
+                    //test same department
+                    //test User
+                    { PRIVATE, theBu, theDep, USER, false },
+                    { ME_AND_MODERATORS, theBu, theDep, USER, false },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theDep, USER, true },
+                    { EVERYONE, theBu, theDep, USER, true },
+                    //test Clearing Admin
+                    { PRIVATE, theBu, theDep, CLEARING_ADMIN, false },
+                    { ME_AND_MODERATORS, theBu, theDep, CLEARING_ADMIN, false },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theDep, CLEARING_ADMIN, true },
+                    { EVERYONE, theBu, theDep, CLEARING_ADMIN, true },
+                    //test  Admin
+                    { PRIVATE, theBu, theDep, ADMIN, true },
+                    { ME_AND_MODERATORS, theBu, theDep, ADMIN, true },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theDep, ADMIN, true },
+                    { EVERYONE, theBu, theDep, ADMIN, true },
+            };
+        } else {
+            return new Object[][] {
+                    //test otherDeparment
+                    //test User
+                    { PRIVATE, theBu, theOtherDep, USER, false },
+                    { ME_AND_MODERATORS, theBu, theOtherDep, USER, false },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theOtherDep, USER, false },
+                    { EVERYONE, theBu, theOtherDep, USER, true },
+                    //test Clearing Admin
+                    { PRIVATE, theBu, theOtherDep, CLEARING_ADMIN, false },
+                    { ME_AND_MODERATORS, theBu, theOtherDep, CLEARING_ADMIN, false },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theOtherDep, CLEARING_ADMIN, true },
+                    { EVERYONE, theBu, theOtherDep, CLEARING_ADMIN, true },
+                    //test  Admin
+                    { PRIVATE, theBu, theOtherDep, ADMIN, false },
+                    { ME_AND_MODERATORS, theBu, theOtherDep, ADMIN, false },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theOtherDep, ADMIN, true },
+                    { EVERYONE, theBu, theOtherDep, ADMIN, true },
+                    //test same department
+                    //test User
+                    { PRIVATE, theBu, theDep, USER, false },
+                    { ME_AND_MODERATORS, theBu, theDep, USER, false },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theDep, USER, true },
+                    { EVERYONE, theBu, theDep, USER, true },
+                    //test Clearing Admin
+                    { PRIVATE, theBu, theDep, CLEARING_ADMIN, false },
+                    { ME_AND_MODERATORS, theBu, theDep, CLEARING_ADMIN, false },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theDep, CLEARING_ADMIN, true },
+                    { EVERYONE, theBu, theDep, CLEARING_ADMIN, true },
+                    //test  Admin
+                    { PRIVATE, theBu, theDep, ADMIN, false },
+                    { ME_AND_MODERATORS, theBu, theDep, ADMIN, false },
+                    { BUISNESSUNIT_AND_MODERATORS, theBu, theDep, ADMIN, true },
+                    { EVERYONE, theBu, theDep, ADMIN, true },
+            };
+        }
         // @formatter:on
     }