|
23 | 23 | import alpine.server.filters.ApiFilter;
|
24 | 24 | import alpine.server.filters.AuthenticationFilter;
|
25 | 25 | import org.dependencytrack.ResourceTest;
|
| 26 | +import org.dependencytrack.model.ConfigPropertyConstants; |
26 | 27 | import org.dependencytrack.model.Project;
|
27 | 28 | import org.dependencytrack.model.Tag;
|
28 | 29 | import org.glassfish.jersey.client.HttpUrlConnectorProvider;
|
|
40 | 41 | import javax.ws.rs.client.Entity;
|
41 | 42 | import javax.ws.rs.core.MediaType;
|
42 | 43 | import javax.ws.rs.core.Response;
|
43 |
| - |
44 | 44 | import java.util.ArrayList;
|
45 | 45 | import java.util.List;
|
46 | 46 | import java.util.UUID;
|
@@ -81,6 +81,38 @@ public void getProjectsDefaultRequestTest() {
|
81 | 81 | Assert.assertEquals("999", json.getJsonObject(0).getString("version"));
|
82 | 82 | }
|
83 | 83 |
|
| 84 | + @Test // https://github.com/DependencyTrack/dependency-track/issues/2583 |
| 85 | + public void getProjectsWithAclEnabledTest() { |
| 86 | + // Enable portfolio access control. |
| 87 | + qm.createConfigProperty( |
| 88 | + ConfigPropertyConstants.ACCESS_MANAGEMENT_ACL_ENABLED.getGroupName(), |
| 89 | + ConfigPropertyConstants.ACCESS_MANAGEMENT_ACL_ENABLED.getPropertyName(), |
| 90 | + "true", |
| 91 | + ConfigPropertyConstants.ACCESS_MANAGEMENT_ACL_ENABLED.getPropertyType(), |
| 92 | + null |
| 93 | + ); |
| 94 | + |
| 95 | + // Create project and give access to current principal's team. |
| 96 | + final Project accessProject = qm.createProject("acme-app-a", null, "1.0.0", null, null, null, true, false); |
| 97 | + accessProject.setAccessTeams(List.of(team)); |
| 98 | + qm.persist(accessProject); |
| 99 | + |
| 100 | + // Create a second project that the current principal has no access to. |
| 101 | + qm.createProject("acme-app-b", null, "2.0.0", null, null, null, true, false); |
| 102 | + |
| 103 | + final Response response = target(V1_PROJECT) |
| 104 | + .request() |
| 105 | + .header(X_API_KEY, apiKey) |
| 106 | + .get(Response.class); |
| 107 | + Assert.assertEquals(200, response.getStatus(), 0); |
| 108 | + Assert.assertEquals("1", response.getHeaderString(TOTAL_COUNT_HEADER)); |
| 109 | + JsonArray json = parseJsonArray(response); |
| 110 | + Assert.assertNotNull(json); |
| 111 | + Assert.assertEquals(1, json.size()); |
| 112 | + Assert.assertEquals("acme-app-a", json.getJsonObject(0).getString("name")); |
| 113 | + Assert.assertEquals("1.0.0", json.getJsonObject(0).getString("version")); |
| 114 | + } |
| 115 | + |
84 | 116 | @Test
|
85 | 117 | public void getProjectsByNameRequestTest() {
|
86 | 118 | for (int i=0; i<1000; i++) {
|
|
0 commit comments