3 * Copyright (C) 2009-2023 SonarSource SA
4 * mailto:info AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.server.permission.ws.template;
22 import org.sonar.api.server.ws.Change;
23 import org.sonar.api.server.ws.Request;
24 import org.sonar.api.server.ws.Response;
25 import org.sonar.api.server.ws.WebService;
26 import org.sonar.db.DbClient;
27 import org.sonar.db.DbSession;
28 import org.sonar.db.permission.template.PermissionTemplateDto;
29 import org.sonar.server.permission.GroupUuidOrAnyone;
30 import org.sonar.server.permission.ws.PermissionWsSupport;
31 import org.sonar.server.permission.ws.PermissionsWsAction;
32 import org.sonar.server.permission.ws.WsParameters;
33 import org.sonar.server.user.UserSession;
35 import static java.lang.String.format;
36 import static org.sonar.db.permission.GlobalPermission.ADMINISTER;
37 import static org.sonar.server.exceptions.BadRequestException.checkRequest;
38 import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdmin;
39 import static org.sonar.server.permission.ws.WsParameters.createGroupNameParameter;
40 import static org.sonar.server.permission.ws.WsParameters.createTemplateParameters;
41 import static org.sonar.server.permission.ws.template.WsTemplateRef.fromRequest;
42 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
43 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
45 public class AddGroupToTemplateAction implements PermissionsWsAction {
46 private final DbClient dbClient;
47 private final PermissionWsSupport support;
48 private final UserSession userSession;
49 private final WsParameters wsParameters;
51 public AddGroupToTemplateAction(DbClient dbClient, PermissionWsSupport support, UserSession userSession, WsParameters wsParameters) {
52 this.dbClient = dbClient;
53 this.support = support;
54 this.userSession = userSession;
55 this.wsParameters = wsParameters;
59 public void define(WebService.NewController context) {
60 WebService.NewAction action = context
61 .createAction("add_group_to_template")
64 .setDescription("Add a group to a permission template.<br /> " +
65 "The group name must be provided. <br />" +
66 "Requires the following permission: 'Administer System'.")
68 new Change("10.0", "Parameter 'groupId' is removed. Use 'groupName' instead."),
69 new Change("8.4", "Parameter 'groupId' is deprecated. Format changes from integer to string. Use 'groupName' instead."))
72 createTemplateParameters(action);
73 wsParameters.createProjectPermissionParameter(action);
74 createGroupNameParameter(action);
78 public void handle(Request request, Response response) {
79 try (DbSession dbSession = dbClient.openSession(false)) {
80 String permission = request.mandatoryParam(PARAM_PERMISSION);
81 GroupUuidOrAnyone group = support.findGroup(dbSession, request);
82 checkRequest(!ADMINISTER.getKey().equals(permission) || !group.isAnyone(),
83 format("It is not possible to add the '%s' permission to the group 'Anyone'.", permission));
85 PermissionTemplateDto template = support.findTemplate(dbSession, fromRequest(request));
86 checkGlobalAdmin(userSession);
88 if (!groupAlreadyAdded(dbSession, template.getUuid(), permission, group)) {
89 dbClient.permissionTemplateDao().insertGroupPermission(dbSession, template.getUuid(), group.getUuid(), permission,
90 template.getName(), request.param(PARAM_GROUP_NAME));
97 private boolean groupAlreadyAdded(DbSession dbSession, String templateUuid, String permission, GroupUuidOrAnyone group) {
98 return dbClient.permissionTemplateDao().hasGroupsWithPermission(dbSession, templateUuid, permission, group.getUuid());