SONAR-8134 merge PermissionMapper into AuthorizationDao

diff --git a/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java b/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java
index 444c3ae5d9a6e8f17e1e3c933391b56e5d8888f5..f46233de17873f0db60d592b6c8bf7011d1057bc 100644 (file)
--- a/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java
+++ b/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java
@@ -106,7 +106,7 @@ public class ComputeEngineContainerImplTest {
     assertThat(picoContainer.getParent().getParent().getParent().getComponentAdapters()).hasSize(
       COMPONENTS_IN_LEVEL_1_AT_CONSTRUCTION
         + 24 // level 1
-        + 53 // content of DaoModule
+        + 52 // content of DaoModule
         + 2 // content of EsSearchModule
         + 62 // content of CorePropertyDefinitions
         + 1 // content of CePropertyDefinitions

diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchViewComponentsAction.java b/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchViewComponentsAction.java
index 3fcdc1152fb180f33542f8c474d3bd1ec3f1e4fb..20aef55115f1d6e2f329780221405eea83acd064 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchViewComponentsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/component/ws/SearchViewComponentsAction.java
@@ -100,7 +100,7 @@ public class SearchViewComponentsAction implements RequestHandler {
       userSession.checkComponentUuidPermission(UserRole.USER, componentDto.projectUuid());
 
       Set<Long> projectIds = newLinkedHashSet(dbClient.componentIndexDao().selectProjectIdsFromQueryAndViewOrSubViewUuid(session, query, componentDto.uuid()));
-      Collection<Long> authorizedProjectIds = dbClient.permissionDao().keepAuthorizedProjectIds(session, projectIds, userSession.getUserId(), UserRole.USER);
+      Collection<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(session, projectIds, userSession.getUserId(), UserRole.USER);
 
       SearchOptions options = new SearchOptions();
       options.setPage(request.mandatoryParamAsInt(PAGE), request.mandatoryParamAsInt(PAGE_SIZE));

diff --git a/server/sonar-server/src/main/java/org/sonar/server/issue/filter/IssueFilterService.java b/server/sonar-server/src/main/java/org/sonar/server/issue/filter/IssueFilterService.java
index 8177f984c9514a186959a14959c2ed4c24711410..73ed72de0f804d93cd0cf8b121f9c4c1da679cb5 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/issue/filter/IssueFilterService.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/issue/filter/IssueFilterService.java
@@ -35,7 +35,7 @@ import org.sonar.db.issue.IssueFilterDao;
 import org.sonar.db.issue.IssueFilterDto;
 import org.sonar.db.issue.IssueFilterFavouriteDao;
 import org.sonar.db.issue.IssueFilterFavouriteDto;
-import org.sonar.db.permission.PermissionDao;
+import org.sonar.db.permission.AuthorizationDao;
 import org.sonar.server.es.SearchOptions;
 import org.sonar.server.es.SearchResult;
 import org.sonar.server.exceptions.BadRequestException;
@@ -56,13 +56,13 @@ public class IssueFilterService {
   private final IssueFilterDao filterDao;
   private final IssueFilterFavouriteDao favouriteDao;
   private final IssueIndex issueIndex;
-  private final PermissionDao permissionDao;
+  private final AuthorizationDao authorizationDao;
   private final IssueFilterSerializer serializer;
 
   public IssueFilterService(DbClient dbClient, IssueIndex issueIndex, IssueFilterSerializer serializer) {
     this.filterDao = dbClient.issueFilterDao();
     this.favouriteDao = dbClient.issueFilterFavouriteDao();
-    this.permissionDao = dbClient.permissionDao();
+    this.authorizationDao = dbClient.authorizationDao();
     this.issueIndex = issueIndex;
     this.serializer = serializer;
   }
@@ -303,7 +303,7 @@ public class IssueFilterService {
   }
 
   private boolean isAdmin(String user) {
-    return permissionDao.selectGlobalPermissions(user).contains(GlobalPermissions.SYSTEM_ADMIN);
+    return authorizationDao.selectGlobalPermissions(user).contains(GlobalPermissions.SYSTEM_ADMIN);
   }
 
   private static IssueFilterResult createIssueFilterResult(SearchResult<IssueDoc> issues, SearchOptions options) {

diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QgateProjectFinder.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QgateProjectFinder.java
index 315429874b219a752674d38e09ab7f32914d1bc5..fdd4b53a135faceaeccc92ab2fdf0229d2cc42b7 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QgateProjectFinder.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/QgateProjectFinder.java
@@ -88,7 +88,7 @@ public class QgateProjectFinder {
 
   private List<ProjectQgateAssociationDto> keepAuthorizedProjects(DbSession dbSession, List<ProjectQgateAssociationDto> projects) {
     List<Long> projectIds = from(projects).transform(ToProjectId.INSTANCE).toList();
-    Collection<Long> authorizedProjectIds = dbClient.permissionDao().keepAuthorizedProjectIds(dbSession, projectIds, userSession.getUserId(), UserRole.USER);
+    Collection<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(dbSession, projectIds, userSession.getUserId(), UserRole.USER);
     return from(projects).filter(new MatchProjectId(authorizedProjectIds)).toList();
   }
 

diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ProjectsAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ProjectsAction.java
index 07648b246991d8a84917d63335c6cc30c688d285..5eaf8b8291e98904cd17ab10bb054378dfc48091 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ProjectsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/ProjectsAction.java
@@ -116,7 +116,7 @@ public class ProjectsAction implements QProfileWsAction {
         }
       });
 
-      final Collection<Long> authorizedProjectIds = dbClient.permissionDao().keepAuthorizedProjectIds(session, projectIds, userSession.getUserId(), UserRole.USER);
+      Collection<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(session, projectIds, userSession.getUserId(), UserRole.USER);
       Iterable<ProjectQprofileAssociationDto> authorizedProjects = Iterables.filter(projects, new Predicate<ProjectQprofileAssociationDto>() {
         @Override
         public boolean apply(ProjectQprofileAssociationDto input) {

diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java
index 748d022386fb6c6ec14d56197babad87478ce946..071c8ebc657f7e3453bf2f17cf9f4ca5c79256b2 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/ServerUserSession.java
@@ -38,7 +38,6 @@ import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.component.ResourceDao;
 import org.sonar.db.component.ResourceDto;
-import org.sonar.db.permission.PermissionDao;
 import org.sonar.db.user.GroupDto;
 import org.sonar.db.user.UserDto;
 
@@ -54,7 +53,6 @@ public class ServerUserSession extends AbstractUserSession {
   @CheckForNull
   private final UserDto userDto;
   private final DbClient dbClient;
-  private final PermissionDao permissionDao;
   private final ResourceDao resourceDao;
   private final Set<String> userGroups;
   private List<String> globalPermissions = null;
@@ -68,7 +66,6 @@ public class ServerUserSession extends AbstractUserSession {
   private ServerUserSession(DbClient dbClient, @Nullable UserDto userDto) {
     this.userDto = userDto;
     this.dbClient = dbClient;
-    this.permissionDao = dbClient.permissionDao();
     this.resourceDao = dbClient.resourceDao();
     this.userGroups = loadUserGroups();
   }
@@ -145,7 +142,7 @@ public class ServerUserSession extends AbstractUserSession {
       permissionsByOrganizationUuid.putAll(organizationUuid, permissions);
     }
     return permissions.contains(permission);
-  }
+ }
 
   private Set<String> loadOrganizationPermissions(String organizationUuid) {
     try (DbSession dbSession = dbClient.openSession(false)) {
@@ -159,7 +156,7 @@ public class ServerUserSession extends AbstractUserSession {
   @Override
   public List<String> globalPermissions() {
     if (globalPermissions == null) {
-      List<String> permissionKeys = permissionDao.selectGlobalPermissions(getLogin());
+      List<String> permissionKeys = dbClient.authorizationDao().selectGlobalPermissions(getLogin());
       globalPermissions = ImmutableList.copyOf(permissionKeys);
     }
     return globalPermissions;
@@ -193,7 +190,7 @@ public class ServerUserSession extends AbstractUserSession {
     }
     if (!projectPermissionsCheckedByKey.contains(permission)) {
       try (DbSession dbSession = dbClient.openSession(false)) {
-        Collection<String> projectKeys = permissionDao.selectAuthorizedRootProjectsKeys(dbSession, getUserId(), permission);
+        Collection<String> projectKeys = dbClient.authorizationDao().selectAuthorizedRootProjectsKeys(dbSession, getUserId(), permission);
         for (String key : projectKeys) {
           projectKeyByPermission.put(permission, key);
         }
@@ -229,7 +226,7 @@ public class ServerUserSession extends AbstractUserSession {
   private boolean hasProjectPermissionByUuid(String permission, String projectUuid) {
     if (!projectPermissionsCheckedByUuid.contains(permission)) {
       try (DbSession dbSession = dbClient.openSession(false)) {
-        Collection<String> projectUuids = permissionDao.selectAuthorizedRootProjectsUuids(dbSession, getUserId(), permission);
+        Collection<String> projectUuids = dbClient.authorizationDao().selectAuthorizedRootProjectsUuids(dbSession, getUserId(), permission);
         addProjectPermission(permission, projectUuids);
       }
     }

diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
index 0bfe75549b1c15c5712345f88376eff4191254f4..52acb705f90fc274429abd0682048b527c7da331 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserSession.java
@@ -62,7 +62,7 @@ public interface UserSession {
   UserSession checkLoggedIn();
 
   /**
-   * Ensures that user implies the specified global permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
+   * Ensures that permission is granted to user, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
    */
   UserSession checkPermission(String globalPermission);
 
@@ -73,8 +73,8 @@ public interface UserSession {
   UserSession checkGlobalPermission(String globalPermission);
 
   /**
-   * Ensures that user implies any of the specified global permissions, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException} with
-   * the specified error message.
+   * Ensures that at least one of the global permissions is granted to user. If none are granted,
+   * then throws a {@link org.sonar.server.exceptions.ForbiddenException}.
    */
   UserSession checkAnyPermissions(Collection<String> globalPermissions);
 
@@ -90,7 +90,7 @@ public interface UserSession {
   boolean hasOrganizationPermission(String organizationUuid, String permission);
 
   /**
-   * Ensures that user implies the specified organization permission,
+   * Ensures that the permission is granted to user for the specified organization,
    * otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
    */
   UserSession checkOrganizationPermission(String organizationUuid, String permission);
@@ -104,14 +104,17 @@ public interface UserSession {
   List<String> globalPermissions();
 
   /**
-   * Ensures that user implies the specified permission globally or on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
-   * If the component doesn't exist and the user hasn't the global permission, throws a {@link org.sonar.server.exceptions.ForbiddenException}.
+   * Ensures that permission is granted to user on the specified component, otherwise throws
+   * a {@link org.sonar.server.exceptions.ForbiddenException}.
+   * If the component doesn't exist and the user doesn't have the global permission,
+   * throws a {@link org.sonar.server.exceptions.ForbiddenException}.
    */
   UserSession checkComponentPermission(String projectPermission, String componentKey);
 
   /**
-   * Ensures that user implies the specified component permission globally or on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
-   * If the component doesn't exist and the user hasn't the global permission, throws a {@link org.sonar.server.exceptions.ForbiddenException}.
+   * Ensures that permission is granted to user, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
+   * If the component doesn't exist and the user doesn't have the permission, throws
+   * a {@link org.sonar.server.exceptions.ForbiddenException}.
    */
   UserSession checkComponentUuidPermission(String permission, String componentUuid);
 

diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/filter/IssueFilterServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/filter/IssueFilterServiceTest.java
index f26e51503f7665e33e345cff9504e4af8e2db5cc..0072f9fabd26923d9a0f7d6e7e63c1df43925dc0 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/issue/filter/IssueFilterServiceTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/issue/filter/IssueFilterServiceTest.java
@@ -36,7 +36,7 @@ import org.sonar.db.issue.IssueFilterDao;
 import org.sonar.db.issue.IssueFilterDto;
 import org.sonar.db.issue.IssueFilterFavouriteDao;
 import org.sonar.db.issue.IssueFilterFavouriteDto;
-import org.sonar.db.permission.PermissionDao;
+import org.sonar.db.permission.AuthorizationDao;
 import org.sonar.server.es.SearchOptions;
 import org.sonar.server.es.SearchResult;
 import org.sonar.server.exceptions.BadRequestException;
@@ -68,21 +68,20 @@ import static org.mockito.Mockito.when;
 
 public class IssueFilterServiceTest {
 
-  DbClient dbClient = mock(DbClient.class);
-  IssueFilterDao issueFilterDao = mock(IssueFilterDao.class);
-  IssueFilterFavouriteDao issueFilterFavouriteDao = mock(IssueFilterFavouriteDao.class);
-  PermissionDao permissionDao = mock(PermissionDao.class);
-  IssueIndex issueIndex = mock(IssueIndex.class);
-  IssueFilterSerializer issueFilterSerializer = mock(IssueFilterSerializer.class);
-  UserSession userSession = new MockUserSession("john");
-
-  IssueFilterService underTest;
+  private DbClient dbClient = mock(DbClient.class);
+  private IssueFilterDao issueFilterDao = mock(IssueFilterDao.class);
+  private IssueFilterFavouriteDao issueFilterFavouriteDao = mock(IssueFilterFavouriteDao.class);
+  private AuthorizationDao authorizationDao = mock(AuthorizationDao.class);
+  private IssueIndex issueIndex = mock(IssueIndex.class);
+  private IssueFilterSerializer issueFilterSerializer = mock(IssueFilterSerializer.class);
+  private UserSession userSession = new MockUserSession("john");
+  private IssueFilterService underTest;
 
   @Before
   public void setUp() {
     when(dbClient.issueFilterDao()).thenReturn(issueFilterDao);
     when(dbClient.issueFilterFavouriteDao()).thenReturn(issueFilterFavouriteDao);
-    when(dbClient.permissionDao()).thenReturn(permissionDao);
+    when(dbClient.authorizationDao()).thenReturn(authorizationDao);
 
     underTest = new IssueFilterService(dbClient, issueIndex, issueFilterSerializer);
   }
@@ -255,7 +254,7 @@ public class IssueFilterServiceTest {
   @Test
   public void should_not_update_sharing_if_not_owner() {
     // John is admin and want to change arthur filter sharing
-    when(permissionDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermissions.SYSTEM_ADMIN));
+    when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermissions.SYSTEM_ADMIN));
     when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("Arthur Filter").setShared(true).setUserLogin("arthur"));
 
     try {
@@ -296,7 +295,7 @@ public class IssueFilterServiceTest {
 
   @Test
   public void should_update_other_shared_filter_if_admin() {
-    when(permissionDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermissions.SYSTEM_ADMIN));
+    when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermissions.SYSTEM_ADMIN));
     when(issueFilterDao.selectById(1L))
       .thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setDescription("Old description").setUserLogin("arthur").setShared(true));
 
@@ -310,7 +309,7 @@ public class IssueFilterServiceTest {
 
   @Test
   public void should_not_update_other_shared_filter_if_not_admin() {
-    when(permissionDao.selectGlobalPermissions("arthur")).thenReturn(Collections.emptyList());
+    when(authorizationDao.selectGlobalPermissions("arthur")).thenReturn(Collections.emptyList());
     when(issueFilterDao.selectById(1L))
       .thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setDescription("Old description").setUserLogin("arthur").setShared(true));
 
@@ -338,7 +337,7 @@ public class IssueFilterServiceTest {
 
   @Test
   public void should_not_update_if_shared_and_not_admin() {
-    when(permissionDao.selectGlobalPermissions("john")).thenReturn(newArrayList(UserRole.USER));
+    when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(UserRole.USER));
     when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setUserLogin("arthur").setShared(true));
 
     try {
@@ -383,7 +382,7 @@ public class IssueFilterServiceTest {
     IssueFilterDto sharedFilter = new IssueFilterDto().setId(1L).setName("My filter").setUserLogin("former.owner").setShared(true);
     IssueFilterDto expectedDto = new IssueFilterDto().setName("My filter").setUserLogin("new.owner").setShared(true);
 
-    when(permissionDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermissions.SYSTEM_ADMIN));
+    when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermissions.SYSTEM_ADMIN));
 
     when(issueFilterDao.selectById(1L)).thenReturn(sharedFilter);
     when(issueFilterDao.selectSharedFilters()).thenReturn(Lists.newArrayList(sharedFilter));
@@ -399,7 +398,7 @@ public class IssueFilterServiceTest {
     String currentUser = "dave.loper";
     IssueFilterDto sharedFilter = new IssueFilterDto().setId(1L).setName("My filter").setUserLogin(currentUser).setShared(true);
 
-    when(permissionDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(GlobalPermissions.PROVISIONING));
+    when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(GlobalPermissions.PROVISIONING));
     when(issueFilterDao.selectById(1L)).thenReturn(sharedFilter);
 
     try {
@@ -448,7 +447,7 @@ public class IssueFilterServiceTest {
 
   @Test
   public void should_delete_shared_filter_if_user_is_admin() {
-    when(permissionDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermissions.SYSTEM_ADMIN));
+    when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermissions.SYSTEM_ADMIN));
     when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("arthur").setShared(true));
 
     underTest.delete(1L, userSession);
@@ -458,7 +457,7 @@ public class IssueFilterServiceTest {
 
   @Test
   public void should_not_delete_not_shared_filter_if_user_is_admin() {
-    when(permissionDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermissions.SYSTEM_ADMIN));
+    when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(GlobalPermissions.SYSTEM_ADMIN));
     when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("arthur").setShared(false));
 
     try {
@@ -472,7 +471,7 @@ public class IssueFilterServiceTest {
 
   @Test
   public void should_not_delete_shared_filter_if_not_admin() {
-    when(permissionDao.selectGlobalPermissions("john")).thenReturn(newArrayList(UserRole.USER));
+    when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(UserRole.USER));
     when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("arthur").setShared(true));
 
     try {

diff --git a/sonar-db/src/main/java/org/sonar/db/DaoModule.java b/sonar-db/src/main/java/org/sonar/db/DaoModule.java
index 35b3ec918546ecfac37d4bb690296313941a4031..7a11ad95208f4473316e493381b441305e1b2a1b 100644 (file)
--- a/sonar-db/src/main/java/org/sonar/db/DaoModule.java
+++ b/sonar-db/src/main/java/org/sonar/db/DaoModule.java
@@ -68,7 +68,6 @@ import org.sonar.db.rule.RuleDao;
 import org.sonar.db.rule.RuleRepositoryDao;
 import org.sonar.db.source.FileSourceDao;
 import org.sonar.db.user.AuthorDao;
-import org.sonar.db.permission.PermissionDao;
 import org.sonar.db.user.GroupDao;
 import org.sonar.db.user.GroupMembershipDao;
 import org.sonar.db.user.RoleDao;
@@ -81,7 +80,6 @@ public class DaoModule extends Module {
     ActiveDashboardDao.class,
     AuthorDao.class,
     AuthorizationDao.class,
-    PermissionDao.class,
     CeActivityDao.class,
     CeQueueDao.class,
     CeTaskInputDao.class,

diff --git a/sonar-db/src/main/java/org/sonar/db/DbClient.java b/sonar-db/src/main/java/org/sonar/db/DbClient.java
index ac37cfe50f82f921100c8426eda810db04eee138..16eaa687271b4440083a258e287ef69c6e06567f 100644 (file)
--- a/sonar-db/src/main/java/org/sonar/db/DbClient.java
+++ b/sonar-db/src/main/java/org/sonar/db/DbClient.java
@@ -52,7 +52,6 @@ import org.sonar.db.notification.NotificationQueueDao;
 import org.sonar.db.organization.OrganizationDao;
 import org.sonar.db.permission.AuthorizationDao;
 import org.sonar.db.permission.GroupPermissionDao;
-import org.sonar.db.permission.PermissionDao;
 import org.sonar.db.permission.UserPermissionDao;
 import org.sonar.db.permission.template.PermissionTemplateCharacteristicDao;
 import org.sonar.db.permission.template.PermissionTemplateDao;
@@ -93,7 +92,6 @@ public class DbClient {
   private final MeasureDao measureDao;
   private final MeasureFilterDao measureFilterDao;
   private final MeasureFilterFavouriteDao measureFilterFavouriteDao;
-  private final PermissionDao permissionDao;
   private final UserDao userDao;
   private final UserGroupDao userGroupDao;
   private final UserTokenDao userTokenDao;
@@ -155,7 +153,6 @@ public class DbClient {
     measureDao = getDao(map, MeasureDao.class);
     measureFilterDao = getDao(map, MeasureFilterDao.class);
     measureFilterFavouriteDao = getDao(map, MeasureFilterFavouriteDao.class);
-    permissionDao = getDao(map, PermissionDao.class);
     userDao = getDao(map, UserDao.class);
     userGroupDao = getDao(map, UserGroupDao.class);
     userTokenDao = getDao(map, UserTokenDao.class);
@@ -277,10 +274,6 @@ public class DbClient {
     return measureFilterFavouriteDao;
   }
 
-  public PermissionDao permissionDao() {
-    return permissionDao;
-  }
-
   public UserDao userDao() {
     return userDao;
   }

diff --git a/sonar-db/src/main/java/org/sonar/db/MyBatis.java b/sonar-db/src/main/java/org/sonar/db/MyBatis.java
index a7c75e9b5ca5c03542a8a35732dd07961dc85aeb..cd885f5c3c1758fd29a10cc476e2953f3b609d0b 100644 (file)
--- a/sonar-db/src/main/java/org/sonar/db/MyBatis.java
+++ b/sonar-db/src/main/java/org/sonar/db/MyBatis.java
@@ -87,7 +87,6 @@ import org.sonar.db.organization.OrganizationMapper;
 import org.sonar.db.permission.AuthorizationMapper;
 import org.sonar.db.permission.GroupPermissionDto;
 import org.sonar.db.permission.GroupPermissionMapper;
-import org.sonar.db.permission.PermissionMapper;
 import org.sonar.db.permission.UserPermissionDto;
 import org.sonar.db.permission.UserPermissionMapper;
 import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto;
@@ -261,7 +260,6 @@ public class MyBatis {
       Migration53Mapper.class,
       NotificationQueueMapper.class,
       OrganizationMapper.class,
-      PermissionMapper.class,
       PermissionTemplateCharacteristicMapper.class,
       PermissionTemplateMapper.class,
       ProjectQgateAssociationMapper.class,

diff --git a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java
index 3f2f32da72e845dc14c6b5edfe61fa77cec4e1e8..c8a9c39e71ad9eefb949f9aa47abbffb518e69a8 100644 (file)
--- a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java
@@ -19,9 +19,18 @@
  */
 package org.sonar.db.permission;
 
+import com.google.common.collect.Sets;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 import java.util.Set;
+import javax.annotation.Nullable;
 import org.sonar.db.Dao;
 import org.sonar.db.DbSession;
+import org.sonar.db.MyBatis;
+
+import static org.sonar.db.DatabaseUtils.executeLargeInputs;
 
 /**
  * The SQL requests used to verify authorization (the permissions
@@ -32,6 +41,14 @@ import org.sonar.db.DbSession;
  */
 public class AuthorizationDao implements Dao {
 
+  private static final String USER_ID_PARAM = "userId";
+
+  private final MyBatis mybatis;
+
+  public AuthorizationDao(MyBatis mybatis) {
+    this.mybatis = mybatis;
+  }
+
   /**
    * Loads all the permissions granted to logged-in user for the specified organization
    */
@@ -60,6 +77,75 @@ public class AuthorizationDao implements Dao {
     return mapper(dbSession).selectRootComponentPermissionsOfAnonymous(rootComponentId);
   }
 
+  public Collection<Long> keepAuthorizedProjectIds(DbSession dbSession, Collection<Long> componentIds, @Nullable Integer userId, String role) {
+    return executeLargeInputs(
+      componentIds,
+      partition -> {
+        if (userId == null) {
+          return mapper(dbSession).keepAuthorizedProjectIdsForAnonymous(role, componentIds);
+        }
+        return mapper(dbSession).keepAuthorizedProjectIdsForUser(userId, role, componentIds);
+      });
+  }
+
+  public Collection<String> selectAuthorizedRootProjectsKeys(DbSession dbSession, @Nullable Integer userId, String role) {
+    String sql;
+    Map<String, Object> params = new HashMap<>(2);
+    sql = "selectAuthorizedRootProjectsKeys";
+    params.put(USER_ID_PARAM, userId);
+    params.put("role", role);
+
+    return dbSession.selectList(sql, params);
+  }
+
+  public Collection<String> selectAuthorizedRootProjectsUuids(DbSession dbSession, @Nullable Integer userId, String role) {
+    String sql;
+    Map<String, Object> params = new HashMap<>(2);
+    sql = "selectAuthorizedRootProjectsUuids";
+    params.put(USER_ID_PARAM, userId);
+    params.put("role", role);
+
+    return dbSession.selectList(sql, params);
+  }
+
+  public List<String> selectGlobalPermissions(@Nullable String userLogin) {
+    DbSession session = mybatis.openSession(false);
+    try {
+      Map<String, Object> params = new HashMap<>(1);
+      params.put("userLogin", userLogin);
+      return session.selectList("selectGlobalPermissions", params);
+    } finally {
+      MyBatis.closeQuietly(session);
+    }
+  }
+
+  /**
+   * Keep only authorized user that have the given permission on a given project.
+   * Please Note that if the permission is 'Anyone' is NOT taking into account by thie method.
+   */
+  public Collection<Long> keepAuthorizedUsersForRoleAndProject(DbSession dbSession, Collection<Long> userIds, String role, long projectId) {
+    return executeLargeInputs(
+      userIds,
+      partitionOfIds -> mapper(dbSession).keepAuthorizedUsersForRoleAndProject(role, projectId, partitionOfIds));
+  }
+
+  public boolean isAuthorizedComponentKey(String componentKey, @Nullable Integer userId, String role) {
+    DbSession session = mybatis.openSession(false);
+    try {
+      return keepAuthorizedComponentKeys(session, componentKey, userId, role).size() == 1;
+    } finally {
+      MyBatis.closeQuietly(session);
+    }
+  }
+
+  private static List<String> keepAuthorizedComponentKeys(DbSession dbSession, String componentKey, @Nullable Integer userId, String role) {
+    if (userId == null) {
+      return mapper(dbSession).keepAuthorizedComponentKeysForAnonymous(role, Sets.newHashSet(componentKey));
+    } else {
+      return mapper(dbSession).keepAuthorizedComponentKeysForUser(userId, role, Sets.newHashSet(componentKey));
+    }
+  }
+
   private static AuthorizationMapper mapper(DbSession dbSession) {
     return dbSession.getMapper(AuthorizationMapper.class);
   }

diff --git a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java
index fcf9d1274c742fc3c536a8dcb00608a1d01d199d..cfbcf015e9adbdd7ff8b9152e3c118dfadfee738 100644 (file)
--- a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java
@@ -19,6 +19,8 @@
  */
 package org.sonar.db.permission;
 
+import java.util.Collection;
+import java.util.List;
 import java.util.Set;
 import org.apache.ibatis.annotations.Param;
 
@@ -27,8 +29,7 @@ import org.apache.ibatis.annotations.Param;
  */
 public interface AuthorizationMapper {
 
-  Set<String> selectOrganizationPermissions(@Param("organizationUuid") String organizationUuid,
-    @Param("userId") long userId);
+  Set<String> selectOrganizationPermissions(@Param("organizationUuid") String organizationUuid, @Param("userId") long userId);
 
   Set<String> selectOrganizationPermissionsOfAnonymous(@Param("organizationUuid") String organizationUuid);
 
@@ -36,4 +37,13 @@ public interface AuthorizationMapper {
 
   Set<String> selectRootComponentPermissionsOfAnonymous(@Param("rootComponentId") long rootComponentId);
 
+  List<Long> keepAuthorizedProjectIdsForAnonymous(@Param("role") String role, @Param("componentIds") Collection<Long> componentIds);
+
+  List<Long> keepAuthorizedProjectIdsForUser(@Param("userId") long userId, @Param("role") String role, @Param("componentIds") Collection<Long> componentIds);
+
+  List<String> keepAuthorizedComponentKeysForAnonymous(@Param("role") String role, @Param("componentKeys") Collection<String> componentKeys);
+
+  List<String> keepAuthorizedComponentKeysForUser(@Param("userId") Integer userId, @Param("role") String role, @Param("componentKeys") Collection<String> componentKeys);
+
+  List<Long> keepAuthorizedUsersForRoleAndProject(@Param("role") String role, @Param("componentId") long componentId, @Param("userIds") List<Long> userIds);
 }

diff --git a/sonar-db/src/main/java/org/sonar/db/permission/PermissionDao.java b/sonar-db/src/main/java/org/sonar/db/permission/PermissionDao.java
deleted file mode 100644 (file)
index 204e30b..0000000
--- a/sonar-db/src/main/java/org/sonar/db/permission/PermissionDao.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * SonarQube
- * Copyright (C) 2009-2016 SonarSource SA
- * mailto:contact AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- */
-package org.sonar.db.permission;
-
-import com.google.common.collect.Sets;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import javax.annotation.Nullable;
-import org.sonar.db.Dao;
-import org.sonar.db.DbSession;
-import org.sonar.db.MyBatis;
-
-import static org.sonar.db.DatabaseUtils.executeLargeInputs;
-
-/**
- * Only the operations involving both user and group permissions.
- *
- * @see GroupPermissionDao
- * @see UserPermissionDao
- */
-public class PermissionDao implements Dao {
-
-  private static final String USER_ID_PARAM = "userId";
-  private final MyBatis mybatis;
-
-  public PermissionDao(MyBatis mybatis) {
-    this.mybatis = mybatis;
-  }
-
-  public Collection<Long> keepAuthorizedProjectIds(DbSession session, Collection<Long> componentIds, @Nullable Integer userId, String role) {
-    return executeLargeInputs(
-      componentIds,
-      partition -> {
-        if (userId == null) {
-          return session.getMapper(PermissionMapper.class).keepAuthorizedProjectIdsForAnonymous(role, componentIds);
-        }
-        return session.getMapper(PermissionMapper.class).keepAuthorizedProjectIdsForUser(userId, role, componentIds);
-      });
-  }
-
-  public Collection<String> selectAuthorizedRootProjectsKeys(DbSession dbSession, @Nullable Integer userId, String role) {
-    String sql;
-    Map<String, Object> params = new HashMap<>(2);
-    sql = "selectAuthorizedRootProjectsKeys";
-    params.put(USER_ID_PARAM, userId);
-    params.put("role", role);
-
-    return dbSession.selectList(sql, params);
-  }
-
-  public Collection<String> selectAuthorizedRootProjectsUuids(DbSession dbSession, @Nullable Integer userId, String role) {
-    String sql;
-    Map<String, Object> params = new HashMap<>(2);
-    sql = "selectAuthorizedRootProjectsUuids";
-    params.put(USER_ID_PARAM, userId);
-    params.put("role", role);
-
-    return dbSession.selectList(sql, params);
-  }
-
-  public List<String> selectGlobalPermissions(@Nullable String userLogin) {
-    DbSession session = mybatis.openSession(false);
-    try {
-      Map<String, Object> params = new HashMap<>(1);
-      params.put("userLogin", userLogin);
-      return session.selectList("selectGlobalPermissions", params);
-    } finally {
-      MyBatis.closeQuietly(session);
-    }
-  }
-
-  /**
-   * Keep only authorized user that have the given permission on a given project.
-   * Please Note that if the permission is 'Anyone' is NOT taking into account by thie method.
-   */
-  public Collection<Long> keepAuthorizedUsersForRoleAndProject(final DbSession session, Collection<Long> userIds, String role, final long projectId) {
-    return executeLargeInputs(
-      userIds,
-      partitionOfIds -> session.getMapper(PermissionMapper.class).keepAuthorizedUsersForRoleAndProject(role, projectId, partitionOfIds));
-  }
-
-  public boolean isAuthorizedComponentKey(String componentKey, @Nullable Integer userId, String role) {
-    DbSession session = mybatis.openSession(false);
-    try {
-      return keepAuthorizedComponentKeys(session, componentKey, userId, role).size() == 1;
-    } finally {
-      MyBatis.closeQuietly(session);
-    }
-  }
-
-  private static List<String> keepAuthorizedComponentKeys(final DbSession session, final String componentKey, @Nullable final Integer userId, final String role) {
-    if (userId == null) {
-      return session.getMapper(PermissionMapper.class).keepAuthorizedComponentKeysForAnonymous(role, Sets.newHashSet(componentKey));
-    } else {
-      return session.getMapper(PermissionMapper.class).keepAuthorizedComponentKeysForUser(userId, role, Sets.newHashSet(componentKey));
-    }
-  }
-
-}

diff --git a/sonar-db/src/main/java/org/sonar/db/permission/PermissionMapper.java b/sonar-db/src/main/java/org/sonar/db/permission/PermissionMapper.java
deleted file mode 100644 (file)
index a24d3e6..0000000
--- a/sonar-db/src/main/java/org/sonar/db/permission/PermissionMapper.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * SonarQube
- * Copyright (C) 2009-2016 SonarSource SA
- * mailto:contact AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- */
-package org.sonar.db.permission;
-
-import java.util.Collection;
-import java.util.List;
-import org.apache.ibatis.annotations.Param;
-
-/**
- * Only the requests involving both user and group permissions.
- *
- * @see GroupPermissionMapper for CRUD of table group_roles
- * @see UserPermissionMapper for CRUD of table user_roles
- */
-public interface PermissionMapper {
-
-  List<Long> keepAuthorizedProjectIdsForAnonymous(@Param("role") String role, @Param("componentIds") Collection<Long> componentIds);
-
-  List<Long> keepAuthorizedProjectIdsForUser(@Param("userId") long userId, @Param("role") String role, @Param("componentIds") Collection<Long> componentIds);
-
-  List<String> keepAuthorizedComponentKeysForAnonymous(@Param("role") String role, @Param("componentKeys") Collection<String> componentKeys);
-
-  List<String> keepAuthorizedComponentKeysForUser(@Param("userId") Integer userId, @Param("role") String role, @Param("componentKeys") Collection<String> componentKeys);
-
-  List<Long> keepAuthorizedUsersForRoleAndProject(@Param("role") String role, @Param("componentId") long componentId, @Param("userIds") List<Long> userIds);
-
-}

diff --git a/sonar-db/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml b/sonar-db/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml
index 6a05e22892d4d22e11d0591f8f9f0d1d15f353cc..0dbb5162cbfa0a5b3007cb457bbe97eef167e2b6 100644 (file)
--- a/sonar-db/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml
+++ b/sonar-db/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml
@@ -49,4 +49,235 @@
     gr.group_id is null
   </select>
 
+  <select id="keepAuthorizedProjectIdsForUser" parameterType="map" resultType="long">
+    SELECT gr.resource_id
+    FROM group_roles gr
+    WHERE
+    gr.role=#{role}
+    and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
+    and
+    <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or ">
+      gr.resource_id=#{element}
+    </foreach>
+    UNION
+    SELECT p.id
+    FROM user_roles ur
+    INNER JOIN projects p on p.id = ur.resource_id
+    WHERE
+    ur.role=#{role}
+    and ur.user_id=#{userId} and
+    <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or ">
+      p.id=#{element}
+    </foreach>
+  </select>
+
+  <select id="keepAuthorizedProjectIdsForAnonymous" parameterType="map" resultType="long">
+    SELECT gr.resource_id
+    FROM group_roles gr
+    WHERE
+    gr.role=#{role}
+    and gr.group_id is null
+    and
+    <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or ">
+      gr.resource_id=#{element}
+    </foreach>
+  </select>
+
+  <select id="selectAuthorizedRootProjectsKeys" parameterType="map" resultType="string">
+    <include refid="selectAuthorizedRootProjectsKeysQuery"/>
+  </select>
+
+  <sql id="selectAuthorizedRootProjectsKeysQuery">
+    <choose>
+      <when test="userId != null">
+        SELECT p.kee as root_project_kee
+        FROM group_roles gr
+        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
+        where
+        gr.role=#{role}
+        and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where
+        gu.user_id=#{userId}))
+        UNION
+        SELECT p.kee as root_project_kee
+        FROM user_roles ur
+        INNER JOIN projects p on p.id = ur.resource_id AND p.module_uuid IS NULL
+        where
+        ur.role=#{role}
+        and ur.user_id = #{userId}
+      </when>
+      <otherwise>
+        SELECT p.kee as root_project_kee
+        FROM group_roles gr
+        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
+        where
+        gr.role=#{role}
+        and gr.group_id is null
+      </otherwise>
+    </choose>
+  </sql>
+
+  <select id="selectAuthorizedRootProjectsUuids" parameterType="map" resultType="string">
+    <choose>
+      <when test="userId != null">
+        SELECT p.uuid as root_project_uuid
+        FROM group_roles gr
+        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
+        where
+        gr.role=#{role}
+        and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where
+        gu.user_id=#{userId}))
+        UNION
+        SELECT p.uuid as root_project_uuid
+        FROM user_roles ur
+        INNER JOIN projects p on p.id = ur.resource_id AND p.module_uuid IS NULL
+        where
+        ur.role=#{role}
+        and ur.user_id = #{userId}
+      </when>
+      <otherwise>
+        SELECT p.uuid as root_project_uuid
+        FROM group_roles gr
+        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
+        where
+        gr.role=#{role}
+        and gr.group_id is null
+      </otherwise>
+    </choose>
+  </select>
+
+  <!-- same as selectAuthorizedRootProjectsKeysQuery but returns ids instead of keys -->
+  <sql id="selectAuthorizedRootProjectIdsQuery">
+    <choose>
+      <when test="userId != null">
+        SELECT p.id as root_project_id
+        FROM group_roles gr
+        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
+        where
+        gr.role=#{role}
+        and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where
+        gu.user_id=#{userId}))
+        UNION
+        SELECT p.id as root_project_id
+        FROM user_roles ur
+        INNER JOIN projects p on p.id = ur.resource_id AND p.module_uuid IS NULL
+        where ur.role=#{role} and ur.user_id = #{userId}
+      </when>
+      <otherwise>
+        SELECT p.id as root_project_id
+        FROM group_roles gr
+        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
+        where gr.role=#{role} and gr.group_id is null
+      </otherwise>
+    </choose>
+  </sql>
+
+  <select id="selectGlobalPermissions" parameterType="map" resultType="String">
+    <choose>
+      <when test="userLogin != null">
+        SELECT gr.role
+        FROM group_roles gr
+        INNER JOIN groups_users gu on gu.group_id=gr.group_id
+        INNER JOIN users u on u.id=gu.user_id
+        where u.login=#{userLogin} and gr.resource_id is null
+        UNION
+        SELECT gr.role
+        FROM group_roles gr
+        WHERE gr.group_id IS NULL AND gr.resource_id IS NULL
+        UNION
+        SELECT ur.role
+        FROM user_roles ur
+        INNER JOIN users u on u.id=ur.user_id
+        where u.login=#{userLogin} and ur.resource_id is null
+      </when>
+      <otherwise>
+        SELECT gr.role
+        FROM group_roles gr
+        where gr.resource_id is null and gr.group_id is null
+      </otherwise>
+    </choose>
+  </select>
+
+  <select id="keepAuthorizedComponentKeysForAnonymous" parameterType="map" resultType="string">
+    SELECT p.kee
+    FROM group_roles gr, projects p
+    WHERE
+    gr.role=#{role}
+    and gr.group_id is null
+    and gr.resource_id = p.id
+    and
+    <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
+      p.kee=#{element}
+    </foreach>
+    UNION
+    SELECT p.kee
+    FROM group_roles gr, projects root, projects p
+    WHERE
+    gr.role=#{role}
+    and gr.group_id is null
+    and gr.resource_id = root.id
+    and p.root_uuid = root.uuid
+    and
+    <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
+      p.kee=#{element}
+    </foreach>
+  </select>
+
+  <select id="keepAuthorizedComponentKeysForUser" parameterType="map" resultType="string">
+    SELECT p.kee
+    FROM group_roles gr, projects p
+    WHERE
+    gr.role=#{role}
+    and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
+    and gr.resource_id = p.id
+    and
+    <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
+      p.kee=#{element}
+    </foreach>
+    UNION
+    SELECT p.kee
+    FROM group_roles gr, projects root, projects p
+    WHERE
+    gr.role=#{role}
+    and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
+    and gr.resource_id = root.id
+    and p.root_uuid = root.uuid
+    and
+    <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
+      p.kee=#{element}
+    </foreach>
+    UNION
+    SELECT p.kee
+    FROM user_roles ur
+    INNER JOIN projects p on p.id = ur.resource_id
+    WHERE
+    ur.role=#{role}
+    and ur.user_id=#{userId}
+    and
+    <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
+      p.kee=#{element}
+    </foreach>
+  </select>
+
+  <select id="keepAuthorizedUsersForRoleAndProject" parameterType="map" resultType="Long">
+    SELECT gu.user_id
+    FROM groups_users gu
+    INNER JOIN group_roles gr ON gr.group_id=gu.group_id
+    WHERE
+    gr.resource_id=#{componentId}
+    AND gr.role=#{role}
+    AND gu.user_id in
+    <foreach collection="userIds" open="(" close=")" item="id" separator=",">
+      #{id}
+    </foreach>
+    UNION
+    SELECT ur.user_id
+    FROM user_roles ur
+    WHERE
+    ur.resource_id=#{componentId}
+    AND ur.role=#{role}
+    AND ur.user_id IN
+    <foreach collection="userIds" open="(" close=")" item="id" separator=",">
+      #{id}
+    </foreach>
+  </select>
 </mapper>

diff --git a/sonar-db/src/main/resources/org/sonar/db/permission/PermissionMapper.xml b/sonar-db/src/main/resources/org/sonar/db/permission/PermissionMapper.xml
deleted file mode 100644 (file)
index a3aad31..0000000
--- a/sonar-db/src/main/resources/org/sonar/db/permission/PermissionMapper.xml
+++ /dev/null
@@ -1,238 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-
-<mapper namespace="org.sonar.db.permission.PermissionMapper">
-
-  <select id="keepAuthorizedProjectIdsForUser" parameterType="map" resultType="long">
-    SELECT gr.resource_id
-    FROM group_roles gr
-    WHERE
-    gr.role=#{role}
-    and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
-    and
-    <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or ">
-      gr.resource_id=#{element}
-    </foreach>
-    UNION
-    SELECT p.id
-    FROM user_roles ur
-    INNER JOIN projects p on p.id = ur.resource_id
-    WHERE
-    ur.role=#{role}
-    and ur.user_id=#{userId} and
-    <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or ">
-      p.id=#{element}
-    </foreach>
-  </select>
-
-  <select id="keepAuthorizedProjectIdsForAnonymous" parameterType="map" resultType="long">
-    SELECT gr.resource_id
-    FROM group_roles gr
-    WHERE
-    gr.role=#{role}
-    and gr.group_id is null
-    and
-    <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or ">
-      gr.resource_id=#{element}
-    </foreach>
-  </select>
-
-  <select id="selectAuthorizedRootProjectsKeys" parameterType="map" resultType="string">
-    <include refid="selectAuthorizedRootProjectsKeysQuery"/>
-  </select>
-
-  <sql id="selectAuthorizedRootProjectsKeysQuery">
-    <choose>
-      <when test="userId != null">
-        SELECT p.kee as root_project_kee
-        FROM group_roles gr
-        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
-        where
-          gr.role=#{role}
-          and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where
-          gu.user_id=#{userId}))
-        UNION
-        SELECT p.kee as root_project_kee
-        FROM user_roles ur
-        INNER JOIN projects p on p.id = ur.resource_id AND p.module_uuid IS NULL
-        where
-          ur.role=#{role}
-          and ur.user_id = #{userId}
-      </when>
-      <otherwise>
-        SELECT p.kee as root_project_kee
-        FROM group_roles gr
-        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
-        where
-          gr.role=#{role}
-          and gr.group_id is null
-      </otherwise>
-    </choose>
-  </sql>
-
-  <select id="selectAuthorizedRootProjectsUuids" parameterType="map" resultType="string">
-    <choose>
-      <when test="userId != null">
-        SELECT p.uuid as root_project_uuid
-        FROM group_roles gr
-        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
-        where
-          gr.role=#{role}
-          and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where
-          gu.user_id=#{userId}))
-        UNION
-        SELECT p.uuid as root_project_uuid
-        FROM user_roles ur
-        INNER JOIN projects p on p.id = ur.resource_id AND p.module_uuid IS NULL
-        where
-          ur.role=#{role}
-          and ur.user_id = #{userId}
-      </when>
-      <otherwise>
-        SELECT p.uuid as root_project_uuid
-        FROM group_roles gr
-        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
-        where
-          gr.role=#{role}
-          and gr.group_id is null
-      </otherwise>
-    </choose>
-  </select>
-
-  <!-- same as selectAuthorizedRootProjectsKeysQuery but returns ids instead of keys -->
-  <sql id="selectAuthorizedRootProjectIdsQuery">
-    <choose>
-      <when test="userId != null">
-        SELECT p.id as root_project_id
-        FROM group_roles gr
-        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
-        where
-          gr.role=#{role}
-          and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where
-          gu.user_id=#{userId}))
-        UNION
-        SELECT p.id as root_project_id
-        FROM user_roles ur
-        INNER JOIN projects p on p.id = ur.resource_id AND p.module_uuid IS NULL
-        where ur.role=#{role} and ur.user_id = #{userId}
-      </when>
-      <otherwise>
-        SELECT p.id as root_project_id
-        FROM group_roles gr
-        INNER JOIN projects p on p.id = gr.resource_id AND p.module_uuid IS NULL
-        where gr.role=#{role} and gr.group_id is null
-      </otherwise>
-    </choose>
-  </sql>
-
-  <select id="selectGlobalPermissions" parameterType="map" resultType="String">
-    <choose>
-      <when test="userLogin != null">
-        SELECT gr.role
-        FROM group_roles gr
-        INNER JOIN groups_users gu on gu.group_id=gr.group_id
-        INNER JOIN users u on u.id=gu.user_id
-        where u.login=#{userLogin} and gr.resource_id is null
-        UNION
-        SELECT gr.role
-        FROM group_roles gr
-        WHERE gr.group_id IS NULL AND gr.resource_id IS NULL
-        UNION
-        SELECT ur.role
-        FROM user_roles ur
-        INNER JOIN users u on u.id=ur.user_id
-        where u.login=#{userLogin} and ur.resource_id is null
-      </when>
-      <otherwise>
-        SELECT gr.role
-        FROM group_roles gr
-        where gr.resource_id is null and gr.group_id is null
-      </otherwise>
-    </choose>
-  </select>
-
-  <select id="keepAuthorizedComponentKeysForAnonymous" parameterType="map" resultType="string">
-    SELECT p.kee
-    FROM group_roles gr, projects p
-    WHERE
-    gr.role=#{role}
-    and gr.group_id is null
-    and gr.resource_id = p.id
-    and
-    <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
-      p.kee=#{element}
-    </foreach>
-    UNION
-    SELECT p.kee
-    FROM group_roles gr, projects root, projects p
-    WHERE
-    gr.role=#{role}
-    and gr.group_id is null
-    and gr.resource_id = root.id
-    and p.root_uuid = root.uuid
-    and
-    <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
-      p.kee=#{element}
-    </foreach>
-  </select>
-
-  <select id="keepAuthorizedComponentKeysForUser" parameterType="map" resultType="string">
-    SELECT p.kee
-    FROM group_roles gr, projects p
-    WHERE
-    gr.role=#{role}
-    and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
-    and gr.resource_id = p.id
-    and
-    <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
-      p.kee=#{element}
-    </foreach>
-    UNION
-    SELECT p.kee
-    FROM group_roles gr, projects root, projects p
-    WHERE
-    gr.role=#{role}
-    and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
-    and gr.resource_id = root.id
-    and p.root_uuid = root.uuid
-    and
-    <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
-      p.kee=#{element}
-    </foreach>
-    UNION
-    SELECT p.kee
-    FROM user_roles ur
-    INNER JOIN projects p on p.id = ur.resource_id
-    WHERE
-    ur.role=#{role}
-    and ur.user_id=#{userId}
-    and
-    <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or ">
-      p.kee=#{element}
-    </foreach>
-  </select>
-
-  <select id="keepAuthorizedUsersForRoleAndProject" parameterType="map" resultType="Long">
-    SELECT gu.user_id
-    FROM groups_users gu
-    INNER JOIN group_roles gr ON gr.group_id=gu.group_id
-    WHERE
-    gr.resource_id=#{componentId}
-    AND gr.role=#{role}
-    AND gu.user_id in
-    <foreach collection="userIds" open="(" close=")" item="id" separator=",">
-      #{id}
-    </foreach>
-    UNION
-    SELECT ur.user_id
-    FROM user_roles ur
-    WHERE
-    ur.resource_id=#{componentId}
-    AND ur.role=#{role}
-    AND ur.user_id IN
-    <foreach collection="userIds" open="(" close=")" item="id" separator=",">
-      #{id}
-    </foreach>
-  </select>
-
-</mapper>

diff --git a/sonar-db/src/test/java/org/sonar/db/DaoModuleTest.java b/sonar-db/src/test/java/org/sonar/db/DaoModuleTest.java
index aa47872bb1cb8d1e0e526aa5d216b6d040ecfece..a87ffc547e03d0c6667db4c47b68edd2043edd18 100644 (file)
--- a/sonar-db/src/test/java/org/sonar/db/DaoModuleTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/DaoModuleTest.java
@@ -29,6 +29,6 @@ public class DaoModuleTest {
   public void verify_count_of_added_components() {
     ComponentContainer container = new ComponentContainer();
     new DaoModule().configure(container);
-    assertThat(container.size()).isEqualTo(2 + 53);
+    assertThat(container.size()).isEqualTo(2 + 52);
   }
 }

diff --git a/sonar-db/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java b/sonar-db/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java
index 7599aea951b2a0bf6cfcd1130782bcdf5cfd4c07..68201780ed97824450e873154999efbf48f099ec 100644 (file)
--- a/sonar-db/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java
@@ -19,6 +19,8 @@
  */
 package org.sonar.db.permission;
 
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Set;
 import org.junit.Before;
 import org.junit.Rule;
@@ -32,15 +34,22 @@ import org.sonar.db.organization.OrganizationTesting;
 import org.sonar.db.user.GroupDto;
 import org.sonar.db.user.UserDto;
 
+import static com.google.common.collect.Sets.newHashSet;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.db.organization.OrganizationTesting.newOrganizationDto;
 
 public class AuthorizationDaoTest {
 
+  private static final int USER = 100;
+  private static final Long PROJECT_ID = 300L;
+  private static final Long PROJECT_ID_WITHOUT_SNAPSHOT = 400L;
+  private static final String PROJECT = "pj-w-snapshot";
+  private static final String PROJECT_WIHOUT_SNAPSHOT = "pj-wo-snapshot";
+
   @Rule
   public DbTester db = DbTester.create(System2.INSTANCE);
   private DbSession dbSession = db.getSession();
-  private AuthorizationDao underTest = new AuthorizationDao();
+  private AuthorizationDao underTest = new AuthorizationDao(db.myBatis());
   private OrganizationDto org;
   private UserDto user;
   private GroupDto group1;
@@ -143,4 +152,288 @@ public class AuthorizationDaoTest {
     assertThat(permissions).isEmpty();
   }
 
+  @Test
+  public void user_should_be_authorized() {
+    // but user is not in an authorized group
+    db.prepareDbUnit(getClass(), "user_should_be_authorized.xml");
+
+    Collection<Long> componentIds = underTest.keepAuthorizedProjectIds(dbSession,
+      newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT),
+      USER, "user");
+
+    assertThat(componentIds).containsOnly(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT);
+
+    // user does not have the role "admin"
+    componentIds = underTest.keepAuthorizedProjectIds(dbSession,
+      newHashSet(PROJECT_ID),
+      USER, "admin");
+    assertThat(componentIds).isEmpty();
+
+    assertThat(underTest.keepAuthorizedProjectIds(dbSession,
+      Collections.emptySet(),
+      USER, "admin")).isEmpty();
+  }
+
+  @Test
+  public void keep_authorized_project_ids_for_user() {
+    db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_user.xml");
+
+    assertThat(underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), USER, "user")).containsOnly(PROJECT_ID);
+
+    // user does not have the role "admin"
+    assertThat(underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID), USER, "admin")).isEmpty();
+
+    // Empty list
+    assertThat(underTest.keepAuthorizedProjectIds(dbSession, Collections.emptySet(), USER, "admin")).isEmpty();
+  }
+
+  @Test
+  public void keep_authorized_project_ids_for_group() {
+    db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_group.xml");
+
+    assertThat(underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), USER, "user")).containsOnly(PROJECT_ID);
+
+    // user does not have the role "admin"
+    assertThat(underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID), USER, "admin")).isEmpty();
+
+    // Empty list
+    assertThat(underTest.keepAuthorizedProjectIds(dbSession, Collections.emptySet(), USER, "admin")).isEmpty();
+  }
+
+  @Test
+  public void keep_authorized_project_ids_for_anonymous() {
+    db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_anonymous.xml");
+
+    assertThat(underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), null, "user")).containsOnly(PROJECT_ID);
+
+    // user does not have the role "admin"
+    assertThat(underTest.keepAuthorizedProjectIds(dbSession, newHashSet(PROJECT_ID), null, "admin")).isEmpty();
+
+    // Empty list
+    assertThat(underTest.keepAuthorizedProjectIds(dbSession, Collections.emptySet(), null, "admin")).isEmpty();
+  }
+
+  @Test
+  public void group_should_be_authorized() {
+    // user is in an authorized group
+    db.prepareDbUnit(getClass(), "group_should_be_authorized.xml");
+
+    Collection<Long> componentIds = underTest.keepAuthorizedProjectIds(dbSession,
+      newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT),
+      USER, "user");
+
+    assertThat(componentIds).containsOnly(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT);
+
+    // group does not have the role "admin"
+    componentIds = underTest.keepAuthorizedProjectIds(dbSession,
+      newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT),
+      USER, "admin");
+    assertThat(componentIds).isEmpty();
+  }
+
+  @Test
+  public void anonymous_should_be_authorized() {
+    db.prepareDbUnit(getClass(), "anonymous_should_be_authorized.xml");
+
+    Collection<Long> componentIds = underTest.keepAuthorizedProjectIds(dbSession,
+      newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT),
+      null, "user");
+
+    assertThat(componentIds).containsOnly(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT);
+
+    // group does not have the role "admin"
+    componentIds = underTest.keepAuthorizedProjectIds(dbSession,
+      newHashSet(PROJECT_ID),
+      null, "admin");
+    assertThat(componentIds).isEmpty();
+  }
+
+  @Test
+  public void should_return_root_project_keys_for_user() {
+    db.prepareDbUnit(getClass(), "should_return_root_project_keys_for_user.xml");
+
+    Collection<String> rootProjectIds = underTest.selectAuthorizedRootProjectsKeys(dbSession, USER, "user");
+
+    assertThat(rootProjectIds).containsOnly(PROJECT);
+
+    // user does not have the role "admin"
+    rootProjectIds = underTest.selectAuthorizedRootProjectsKeys(dbSession, USER, "admin");
+    assertThat(rootProjectIds).isEmpty();
+  }
+
+  @Test
+  public void should_return_root_project_keys_for_group() {
+    // but user is not in an authorized group
+    db.prepareDbUnit(getClass(), "should_return_root_project_keys_for_group.xml");
+
+    Collection<String> rootProjectIds = underTest.selectAuthorizedRootProjectsKeys(dbSession, USER, "user");
+
+    assertThat(rootProjectIds).containsOnly(PROJECT);
+
+    // user does not have the role "admin"
+    rootProjectIds = underTest.selectAuthorizedRootProjectsKeys(dbSession, USER, "admin");
+    assertThat(rootProjectIds).isEmpty();
+  }
+
+  @Test
+  public void should_return_root_project_keys_for_anonymous() {
+    db.prepareDbUnit(getClass(), "should_return_root_project_keys_for_anonymous.xml");
+
+    Collection<String> rootProjectIds = underTest.selectAuthorizedRootProjectsKeys(dbSession, null, "user");
+
+    assertThat(rootProjectIds).containsOnly(PROJECT);
+
+    // group does not have the role "admin"
+    rootProjectIds = underTest.selectAuthorizedRootProjectsKeys(dbSession, null, "admin");
+    assertThat(rootProjectIds).isEmpty();
+  }
+
+  @Test
+  public void should_return_root_project_uuids_for_user() {
+    db.prepareDbUnit(getClass(), "should_return_root_project_keys_for_user.xml");
+
+    Collection<String> rootProjectUuids = underTest.selectAuthorizedRootProjectsUuids(dbSession, USER, "user");
+
+    assertThat(rootProjectUuids).containsOnly("ABCD");
+
+    // user does not have the role "admin"
+    rootProjectUuids = underTest.selectAuthorizedRootProjectsKeys(dbSession, USER, "admin");
+    assertThat(rootProjectUuids).isEmpty();
+  }
+
+  @Test
+  public void should_return_root_project_uuids_for_group() {
+    // but user is not in an authorized group
+    db.prepareDbUnit(getClass(), "should_return_root_project_keys_for_group.xml");
+
+    Collection<String> rootProjectUuids = underTest.selectAuthorizedRootProjectsUuids(dbSession, USER, "user");
+
+    assertThat(rootProjectUuids).containsOnly("ABCD");
+
+    // user does not have the role "admin"
+    rootProjectUuids = underTest.selectAuthorizedRootProjectsKeys(dbSession, USER, "admin");
+    assertThat(rootProjectUuids).isEmpty();
+  }
+
+  @Test
+  public void should_return_root_project_uuids_for_anonymous() {
+    db.prepareDbUnit(getClass(), "should_return_root_project_keys_for_anonymous.xml");
+
+    Collection<String> rootProjectUuids = underTest.selectAuthorizedRootProjectsUuids(dbSession, null, "user");
+
+    assertThat(rootProjectUuids).containsOnly("ABCD");
+
+    // group does not have the role "admin"
+    rootProjectUuids = underTest.selectAuthorizedRootProjectsKeys(dbSession, null, "admin");
+    assertThat(rootProjectUuids).isEmpty();
+  }
+
+  @Test
+  public void should_return_user_global_permissions() {
+    db.prepareDbUnit(getClass(), "should_return_user_global_permissions.xml");
+
+    assertThat(underTest.selectGlobalPermissions("john")).containsOnly("user", "admin");
+    assertThat(underTest.selectGlobalPermissions("arthur")).containsOnly("user");
+    assertThat(underTest.selectGlobalPermissions("none")).isEmpty();
+  }
+
+  @Test
+  public void should_return_group_global_permissions() {
+    db.prepareDbUnit(getClass(), "should_return_group_global_permissions.xml");
+
+    assertThat(underTest.selectGlobalPermissions("john")).containsOnly("user", "admin");
+    assertThat(underTest.selectGlobalPermissions("arthur")).containsOnly("user");
+    assertThat(underTest.selectGlobalPermissions("none")).isEmpty();
+  }
+
+  @Test
+  public void should_return_global_permissions_for_anonymous() {
+    db.prepareDbUnit(getClass(), "should_return_global_permissions_for_anonymous.xml");
+
+    assertThat(underTest.selectGlobalPermissions(null)).containsOnly("user", "admin");
+  }
+
+  @Test
+  public void should_return_global_permissions_for_group_anyone() {
+    db.prepareDbUnit(getClass(), "should_return_global_permissions_for_group_anyone.xml");
+
+    assertThat(underTest.selectGlobalPermissions("anyone_user")).containsOnly("user", "profileadmin");
+  }
+
+  @Test
+  public void is_authorized_component_key_for_user() {
+    db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_user.xml");
+
+    assertThat(underTest.isAuthorizedComponentKey(PROJECT, USER, "user")).isTrue();
+    assertThat(underTest.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, USER, "user")).isFalse();
+
+    // user does not have the role "admin"
+    assertThat(underTest.isAuthorizedComponentKey(PROJECT, USER, "admin")).isFalse();
+  }
+
+  @Test
+  public void is_authorized_component_key_for_group() {
+    db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_group.xml");
+
+    assertThat(underTest.isAuthorizedComponentKey(PROJECT, USER, "user")).isTrue();
+    assertThat(underTest.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, USER, "user")).isFalse();
+
+    // user does not have the role "admin"
+    assertThat(underTest.isAuthorizedComponentKey(PROJECT, USER, "admin")).isFalse();
+  }
+
+  @Test
+  public void is_authorized_component_key_for_anonymous() {
+    db.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_anonymous.xml");
+
+    assertThat(underTest.isAuthorizedComponentKey(PROJECT, null, "user")).isTrue();
+    assertThat(underTest.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, null, "user")).isFalse();
+    assertThat(underTest.isAuthorizedComponentKey(PROJECT, null, "admin")).isFalse();
+  }
+
+  @Test
+  public void keep_authorized_users_for_role_and_project_for_user() {
+    db.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_user.xml");
+
+    assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession,
+      // Only 100 and 101 has 'user' role on project
+      newHashSet(100L, 101L, 102L), "user", PROJECT_ID)).containsOnly(100L, 101L);
+
+    assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession,
+      // Only 100 and 101 has 'user' role on project
+      newHashSet(100L), "user", PROJECT_ID)).containsOnly(100L);
+
+    // user does not have the role "admin"
+    assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, newHashSet(100L), "admin", PROJECT_ID)).isEmpty();
+
+    // Empty list
+    assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, Collections.emptySet(), "user", PROJECT_ID)).isEmpty();
+  }
+
+  @Test
+  public void keep_authorized_users_for_role_and_project_for_group() {
+    db.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_group.xml");
+
+    assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession,
+      // Only 100 and 101 has 'user' role on project
+      newHashSet(100L, 101L, 102L), "user", PROJECT_ID)).containsOnly(100L, 101L);
+
+    assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession,
+      newHashSet(100L), "user", PROJECT_ID)).containsOnly(100L);
+
+    // user does not have the role "admin"
+    assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, newHashSet(100L), "admin", PROJECT_ID)).isEmpty();
+
+    // Empty list
+    assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession, Collections.emptySet(), "user", PROJECT_ID)).isEmpty();
+  }
+
+  @Test
+  public void keep_authorized_users_returns_empty_list_for_role_and_project_for_anonymous() {
+    db.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_anonymous.xml");
+
+    assertThat(underTest.keepAuthorizedUsersForRoleAndProject(dbSession,
+      // Only 100 and 101 has 'user' role on project
+      newHashSet(100L, 101L, 102L), "user", PROJECT_ID)).isEmpty();
+  }
 }

diff --git a/sonar-db/src/test/java/org/sonar/db/permission/PermissionDaoTest.java b/sonar-db/src/test/java/org/sonar/db/permission/PermissionDaoTest.java
deleted file mode 100644 (file)
index 64be544..0000000
--- a/sonar-db/src/test/java/org/sonar/db/permission/PermissionDaoTest.java
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- * SonarQube
- * Copyright (C) 2009-2016 SonarSource SA
- * mailto:contact AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- */
-package org.sonar.db.permission;
-
-import java.util.Collection;
-import java.util.Collections;
-import org.junit.Rule;
-import org.junit.Test;
-import org.sonar.api.utils.System2;
-import org.sonar.db.DbTester;
-
-import static com.google.common.collect.Sets.newHashSet;
-import static org.assertj.core.api.Assertions.assertThat;
-
-public class PermissionDaoTest {
-
-  private static final int USER = 100;
-  private static final Long PROJECT_ID = 300L;
-  private static final Long PROJECT_ID_WITHOUT_SNAPSHOT = 400L;
-  private static final String PROJECT = "pj-w-snapshot";
-  private static final String PROJECT_WIHOUT_SNAPSHOT = "pj-wo-snapshot";
-
-  @Rule
-  public DbTester dbTester = DbTester.create(System2.INSTANCE);
-
-  private PermissionDao authorization = dbTester.getDbClient().permissionDao();
-
-  @Test
-  public void user_should_be_authorized() {
-    // but user is not in an authorized group
-    dbTester.prepareDbUnit(getClass(), "user_should_be_authorized.xml");
-
-    Collection<Long> componentIds = authorization.keepAuthorizedProjectIds(dbTester.getSession(),
-      newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT),
-      USER, "user");
-
-    assertThat(componentIds).containsOnly(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT);
-
-    // user does not have the role "admin"
-    componentIds = authorization.keepAuthorizedProjectIds(dbTester.getSession(),
-      newHashSet(PROJECT_ID),
-      USER, "admin");
-    assertThat(componentIds).isEmpty();
-
-    assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(),
-      Collections.emptySet(),
-      USER, "admin")).isEmpty();
-  }
-
-  @Test
-  public void keep_authorized_project_ids_for_user() {
-    dbTester.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_user.xml");
-
-    assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), USER, "user")).containsOnly(PROJECT_ID);
-
-    // user does not have the role "admin"
-    assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), newHashSet(PROJECT_ID), USER, "admin")).isEmpty();
-
-    // Empty list
-    assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), Collections.emptySet(), USER, "admin")).isEmpty();
-  }
-
-  @Test
-  public void keep_authorized_project_ids_for_group() {
-    dbTester.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_group.xml");
-
-    assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), USER, "user")).containsOnly(PROJECT_ID);
-
-    // user does not have the role "admin"
-    assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), newHashSet(PROJECT_ID), USER, "admin")).isEmpty();
-
-    // Empty list
-    assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), Collections.emptySet(), USER, "admin")).isEmpty();
-  }
-
-  @Test
-  public void keep_authorized_project_ids_for_anonymous() {
-    dbTester.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_anonymous.xml");
-
-    assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT), null, "user")).containsOnly(PROJECT_ID);
-
-    // user does not have the role "admin"
-    assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), newHashSet(PROJECT_ID), null, "admin")).isEmpty();
-
-    // Empty list
-    assertThat(authorization.keepAuthorizedProjectIds(dbTester.getSession(), Collections.emptySet(), null, "admin")).isEmpty();
-  }
-
-  @Test
-  public void group_should_be_authorized() {
-    // user is in an authorized group
-    dbTester.prepareDbUnit(getClass(), "group_should_be_authorized.xml");
-
-    Collection<Long> componentIds = authorization.keepAuthorizedProjectIds(dbTester.getSession(),
-      newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT),
-      USER, "user");
-
-    assertThat(componentIds).containsOnly(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT);
-
-    // group does not have the role "admin"
-    componentIds = authorization.keepAuthorizedProjectIds(dbTester.getSession(),
-      newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT),
-      USER, "admin");
-    assertThat(componentIds).isEmpty();
-  }
-
-  @Test
-  public void anonymous_should_be_authorized() {
-    dbTester.prepareDbUnit(getClass(), "anonymous_should_be_authorized.xml");
-
-    Collection<Long> componentIds = authorization.keepAuthorizedProjectIds(dbTester.getSession(),
-      newHashSet(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT),
-      null, "user");
-
-    assertThat(componentIds).containsOnly(PROJECT_ID, PROJECT_ID_WITHOUT_SNAPSHOT);
-
-    // group does not have the role "admin"
-    componentIds = authorization.keepAuthorizedProjectIds(dbTester.getSession(),
-      newHashSet(PROJECT_ID),
-      null, "admin");
-    assertThat(componentIds).isEmpty();
-  }
-
-  @Test
-  public void should_return_root_project_keys_for_user() {
-    dbTester.prepareDbUnit(getClass(), "should_return_root_project_keys_for_user.xml");
-
-    Collection<String> rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(dbTester.getSession(), USER, "user");
-
-    assertThat(rootProjectIds).containsOnly(PROJECT);
-
-    // user does not have the role "admin"
-    rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(dbTester.getSession(), USER, "admin");
-    assertThat(rootProjectIds).isEmpty();
-  }
-
-  @Test
-  public void should_return_root_project_keys_for_group() {
-    // but user is not in an authorized group
-    dbTester.prepareDbUnit(getClass(), "should_return_root_project_keys_for_group.xml");
-
-    Collection<String> rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(dbTester.getSession(), USER, "user");
-
-    assertThat(rootProjectIds).containsOnly(PROJECT);
-
-    // user does not have the role "admin"
-    rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(dbTester.getSession(), USER, "admin");
-    assertThat(rootProjectIds).isEmpty();
-  }
-
-  @Test
-  public void should_return_root_project_keys_for_anonymous() {
-    dbTester.prepareDbUnit(getClass(), "should_return_root_project_keys_for_anonymous.xml");
-
-    Collection<String> rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(dbTester.getSession(), null, "user");
-
-    assertThat(rootProjectIds).containsOnly(PROJECT);
-
-    // group does not have the role "admin"
-    rootProjectIds = authorization.selectAuthorizedRootProjectsKeys(dbTester.getSession(), null, "admin");
-    assertThat(rootProjectIds).isEmpty();
-  }
-
-  @Test
-  public void should_return_root_project_uuids_for_user() {
-    dbTester.prepareDbUnit(getClass(), "should_return_root_project_keys_for_user.xml");
-
-    Collection<String> rootProjectUuids = authorization.selectAuthorizedRootProjectsUuids(dbTester.getSession(), USER, "user");
-
-    assertThat(rootProjectUuids).containsOnly("ABCD");
-
-    // user does not have the role "admin"
-    rootProjectUuids = authorization.selectAuthorizedRootProjectsKeys(dbTester.getSession(), USER, "admin");
-    assertThat(rootProjectUuids).isEmpty();
-  }
-
-  @Test
-  public void should_return_root_project_uuids_for_group() {
-    // but user is not in an authorized group
-    dbTester.prepareDbUnit(getClass(), "should_return_root_project_keys_for_group.xml");
-
-    Collection<String> rootProjectUuids = authorization.selectAuthorizedRootProjectsUuids(dbTester.getSession(), USER, "user");
-
-    assertThat(rootProjectUuids).containsOnly("ABCD");
-
-    // user does not have the role "admin"
-    rootProjectUuids = authorization.selectAuthorizedRootProjectsKeys(dbTester.getSession(), USER, "admin");
-    assertThat(rootProjectUuids).isEmpty();
-  }
-
-  @Test
-  public void should_return_root_project_uuids_for_anonymous() {
-    dbTester.prepareDbUnit(getClass(), "should_return_root_project_keys_for_anonymous.xml");
-
-    Collection<String> rootProjectUuids = authorization.selectAuthorizedRootProjectsUuids(dbTester.getSession(), null, "user");
-
-    assertThat(rootProjectUuids).containsOnly("ABCD");
-
-    // group does not have the role "admin"
-    rootProjectUuids = authorization.selectAuthorizedRootProjectsKeys(dbTester.getSession(), null, "admin");
-    assertThat(rootProjectUuids).isEmpty();
-  }
-
-  @Test
-  public void should_return_user_global_permissions() {
-    dbTester.prepareDbUnit(getClass(), "should_return_user_global_permissions.xml");
-
-    assertThat(authorization.selectGlobalPermissions("john")).containsOnly("user", "admin");
-    assertThat(authorization.selectGlobalPermissions("arthur")).containsOnly("user");
-    assertThat(authorization.selectGlobalPermissions("none")).isEmpty();
-  }
-
-  @Test
-  public void should_return_group_global_permissions() {
-    dbTester.prepareDbUnit(getClass(), "should_return_group_global_permissions.xml");
-
-    assertThat(authorization.selectGlobalPermissions("john")).containsOnly("user", "admin");
-    assertThat(authorization.selectGlobalPermissions("arthur")).containsOnly("user");
-    assertThat(authorization.selectGlobalPermissions("none")).isEmpty();
-  }
-
-  @Test
-  public void should_return_global_permissions_for_anonymous() {
-    dbTester.prepareDbUnit(getClass(), "should_return_global_permissions_for_anonymous.xml");
-
-    assertThat(authorization.selectGlobalPermissions(null)).containsOnly("user", "admin");
-  }
-
-  @Test
-  public void should_return_global_permissions_for_group_anyone() {
-    dbTester.prepareDbUnit(getClass(), "should_return_global_permissions_for_group_anyone.xml");
-
-    assertThat(authorization.selectGlobalPermissions("anyone_user")).containsOnly("user", "profileadmin");
-  }
-
-  @Test
-  public void is_authorized_component_key_for_user() {
-    dbTester.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_user.xml");
-
-    assertThat(authorization.isAuthorizedComponentKey(PROJECT, USER, "user")).isTrue();
-    assertThat(authorization.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, USER, "user")).isFalse();
-
-    // user does not have the role "admin"
-    assertThat(authorization.isAuthorizedComponentKey(PROJECT, USER, "admin")).isFalse();
-  }
-
-  @Test
-  public void is_authorized_component_key_for_group() {
-    dbTester.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_group.xml");
-
-    assertThat(authorization.isAuthorizedComponentKey(PROJECT, USER, "user")).isTrue();
-    assertThat(authorization.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, USER, "user")).isFalse();
-
-    // user does not have the role "admin"
-    assertThat(authorization.isAuthorizedComponentKey(PROJECT, USER, "admin")).isFalse();
-  }
-
-  @Test
-  public void is_authorized_component_key_for_anonymous() {
-    dbTester.prepareDbUnit(getClass(), "keep_authorized_project_ids_for_anonymous.xml");
-
-    assertThat(authorization.isAuthorizedComponentKey(PROJECT, null, "user")).isTrue();
-    assertThat(authorization.isAuthorizedComponentKey(PROJECT_WIHOUT_SNAPSHOT, null, "user")).isFalse();
-    assertThat(authorization.isAuthorizedComponentKey(PROJECT, null, "admin")).isFalse();
-  }
-
-  @Test
-  public void keep_authorized_users_for_role_and_project_for_user() {
-    dbTester.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_user.xml");
-
-    assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(),
-      // Only 100 and 101 has 'user' role on project
-      newHashSet(100L, 101L, 102L), "user", PROJECT_ID)).containsOnly(100L, 101L);
-
-    assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(),
-      // Only 100 and 101 has 'user' role on project
-      newHashSet(100L), "user", PROJECT_ID)).containsOnly(100L);
-
-    // user does not have the role "admin"
-    assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), newHashSet(100L), "admin", PROJECT_ID)).isEmpty();
-
-    // Empty list
-    assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), Collections.emptySet(), "user", PROJECT_ID)).isEmpty();
-  }
-
-  @Test
-  public void keep_authorized_users_for_role_and_project_for_group() {
-    dbTester.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_group.xml");
-
-    assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(),
-      // Only 100 and 101 has 'user' role on project
-      newHashSet(100L, 101L, 102L), "user", PROJECT_ID)).containsOnly(100L, 101L);
-
-    assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(),
-      newHashSet(100L), "user", PROJECT_ID)).containsOnly(100L);
-
-    // user does not have the role "admin"
-    assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), newHashSet(100L), "admin", PROJECT_ID)).isEmpty();
-
-    // Empty list
-    assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), Collections.emptySet(), "user", PROJECT_ID)).isEmpty();
-  }
-
-  @Test
-  public void keep_authorized_users_returns_empty_list_for_role_and_project_for_anonymous() {
-    dbTester.prepareDbUnit(getClass(), "keep_authorized_users_for_role_and_project_for_anonymous.xml");
-
-    assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(),
-      // Only 100 and 101 has 'user' role on project
-      newHashSet(100L, 101L, 102L), "user", PROJECT_ID)).isEmpty();
-  }
-}

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/anonymous_should_be_authorized.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/anonymous_should_be_authorized.xml
new file mode 100644 (file)
index 0000000..ff279ac
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/anonymous_should_be_authorized.xml
@@ -0,0 +1,52 @@
+<dataset>
+
+  <user_roles id="1"
+              user_id="100"
+              resource_id="999"
+              role="user"
+              organization_uuid="org1"/>
+  <groups_users user_id="100"
+                group_id="200"/>
+  <group_roles id="1"
+               group_id="[null]"
+               resource_id="300"
+               role="user"
+               organization_uuid="org1"/>
+  <group_roles id="2"
+               group_id="[null]"
+               resource_id="400"
+               role="user"
+               organization_uuid="org1"/>
+
+  <projects id="301"
+            kee="pj-w-snapshot:package"
+            root_uuid="EDFG"
+            uuid="ABCD"
+            uuid_path="NOT_USED"
+            module_uuid="EDFG"/>
+  <projects id="302"
+            kee="pj-w-snapshot:file"
+            root_uuid="EDFG"
+            uuid="BCDE"
+            uuid_path="NOT_USED"
+            module_uuid="EDFG"/>
+  <projects id="303"
+            kee="pj-w-snapshot:other"
+            root_uuid="EDFG"
+            uuid="CDEF"
+            uuid_path="NOT_USED"
+            module_uuid="EDFG"/>
+  <projects id="300"
+            kee="pj-w-snapshot"
+            uuid="EDFG"
+            uuid_path="NOT_USED"
+            root_uuid="EDFG"
+            module_uuid="[null]"/>
+  <projects id="400"
+            kee="pj-wo-snapshot"
+            uuid="FGHI"
+            uuid_path="NOT_USED"
+            root_uuid="FGHI"
+            project_uuid="FGHI"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/group_should_be_authorized.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/group_should_be_authorized.xml
new file mode 100644 (file)
index 0000000..3069348
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/group_should_be_authorized.xml
@@ -0,0 +1,54 @@
+<dataset>
+
+  <!-- user 100 has no direct grant access, but is in the group 200 that has the role "user"
+  on the project 300  -->
+  <user_roles id="1"
+              user_id="100"
+              resource_id="999"
+              role="user"
+              organization_uuid="org1"/>
+  <groups_users user_id="100"
+                group_id="200"/>
+  <group_roles id="1"
+               group_id="200"
+               resource_id="300"
+               role="user"
+               organization_uuid="org1"/>
+  <group_roles id="2"
+               group_id="200"
+               resource_id="400"
+               role="user"
+               organization_uuid="org1"/>
+
+  <projects id="301"
+            kee="pj-w-snapshot:package"
+            root_uuid="DEFG"
+            uuid="ABCD"
+            uuid_path="NOT_USED"
+            module_uuid="DEFG"/>
+  <projects id="302"
+            kee="pj-w-snapshot:file"
+            root_uuid="DEFG"
+            uuid="BCDE"
+            uuid_path="NOT_USED"
+            module_uuid="DEFG"/>
+  <projects id="303"
+            kee="pj-w-snapshot:other"
+            root_uuid="DEFG"
+            uuid="CDEF"
+            uuid_path="NOT_USED"
+            module_uuid="DEFG"/>
+  <projects id="300"
+            kee="pj-w-snapshot"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            root_uuid="DEFG"
+            module_uuid="[null]"/>
+  <projects id="400"
+            kee="pj-wo-snapshot"
+            uuid="EFGH"
+            uuid_path="NOT_USED"
+            root_uuid="EFGH"
+            module_uuid="[null]"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/is_authorized_component_key_for_global_permission.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/is_authorized_component_key_for_global_permission.xml
new file mode 100644 (file)
index 0000000..f0cd313
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/is_authorized_component_key_for_global_permission.xml
@@ -0,0 +1,47 @@
+<dataset>
+
+  <!-- user 100 has no direct grant access, but is in the group 200 that has the role "user"
+  on the all the projects  -->
+  <user_roles id="1"
+              user_id="100"
+              resource_id="999"
+              role="user"
+              organization_uuid="org1"/>
+  <groups_users user_id="100"
+                group_id="200"/>
+  <group_roles id="1"
+               group_id="200"
+               resource_id="[null]"
+               role="user"
+               organization_uuid="org1"/>
+
+  <projects id="301"
+            kee="pj-w-snapshot:package"
+            root_id="300"
+            uuid="ABCD"
+            uuid_path="NOT_USED"
+            module_uuid="DEFG"/>
+  <projects id="302"
+            kee="pj-w-snapshot:file"
+            root_id="300"
+            uuid="BCDE"
+            uuid_path="NOT_USED"
+            module_uuid="DEFG"/>
+  <projects id="303"
+            kee="pj-w-snapshot:other"
+            root_id="300"
+            uuid="CDEF"
+            uuid_path="NOT_USED"
+            module_uuid="DEFG"/>
+  <projects id="300"
+            kee="pj-w-snapshot"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            module_uuid="[null]"/>
+  <projects id="400"
+            kee="pj-wo-snapshot"
+            uuid="EFGH"
+            uuid_path="NOT_USED"
+            module_uuid="[null]"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_project_ids_for_anonymous.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_project_ids_for_anonymous.xml
new file mode 100644 (file)
index 0000000..ede3166
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_project_ids_for_anonymous.xml
@@ -0,0 +1,31 @@
+<dataset>
+
+  <groups_users user_id="100"
+                group_id="200"/>
+  <group_roles id="1"
+               group_id="[null]"
+               resource_id="300"
+               role="user"
+               organization_uuid="org1"/>
+  <group_roles id="2"
+               group_id="200"
+               resource_id="400"
+               role="codeviewer"
+               organization_uuid="org1"/>
+
+  <projects id="300"
+            kee="pj-w-snapshot"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            root_uuid="DEFG"
+            module_uuid="[null]"
+            enabled="[true]"/>
+  <projects id="400"
+            kee="pj-wo-snapshot"
+            uuid="EFGH"
+            uuid_path="NOT_USED"
+            root_uuid="EFGH"
+            module_uuid="[null]"
+            enabled="[true]"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_project_ids_for_group.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_project_ids_for_group.xml
new file mode 100644 (file)
index 0000000..c21e237
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_project_ids_for_group.xml
@@ -0,0 +1,31 @@
+<dataset>
+
+  <groups_users user_id="100"
+                group_id="200"/>
+  <group_roles id="1"
+               group_id="200"
+               resource_id="300"
+               role="user"
+               organization_uuid="org1"/>
+  <group_roles id="2"
+               group_id="200"
+               resource_id="400"
+               role="codeviewer"
+               organization_uuid="org1"/>
+
+  <projects id="300"
+            kee="pj-w-snapshot"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            root_uuid="DEFG"
+            module_uuid="[null]"
+            enabled="[true]"/>
+  <projects id="400"
+            kee="pj-wo-snapshot"
+            uuid="EFGH"
+            uuid_path="NOT_USED"
+            root_uuid="EFGH"
+            module_uuid="[null]"
+            enabled="[true]"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_project_ids_for_user.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_project_ids_for_user.xml
new file mode 100644 (file)
index 0000000..b9e7913
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_project_ids_for_user.xml
@@ -0,0 +1,30 @@
+<dataset>
+
+  <!-- user 100 has the role "user" on the project 300 -->
+  <user_roles id="1"
+              user_id="100"
+              resource_id="300"
+              role="user"
+              organization_uuid="org1"/>
+  <user_roles id="2"
+              user_id="100"
+              resource_id="400"
+              role="codeviewer"
+              organization_uuid="org1"/>
+
+  <projects id="300"
+            kee="pj-w-snapshot"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            root_uuid="DEFG"
+            module_uuid="[null]"
+            enabled="[true]"/>
+  <projects id="400"
+            kee="pj-wo-snapshot"
+            uuid="EFGH"
+            uuid_path="NOT_USED"
+            root_uuid="EFGH"
+            module_uuid="[null]"
+            enabled="[true]"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_users_for_role_and_project_for_anonymous.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_users_for_role_and_project_for_anonymous.xml
new file mode 100644 (file)
index 0000000..74eb60b
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_users_for_role_and_project_for_anonymous.xml
@@ -0,0 +1,51 @@
+<dataset>
+
+  <!-- users 100 and 101 have no direct grant access, but are in the group 200 that has the role "user" on the project 300  -->
+  <user_roles id="1"
+              user_id="100"
+              resource_id="999"
+              role="user"
+              organization_uuid="org1"/>
+  <user_roles id="2"
+              user_id="101"
+              resource_id="999"
+              role="user"
+              organization_uuid="org1"/>
+  <user_roles id="3"
+              user_id="102"
+              resource_id="999"
+              role="user"
+              organization_uuid="org1"/>
+
+  <groups_users user_id="100"
+                group_id="200"/>
+  <groups_users user_id="101"
+                group_id="200"/>
+  <groups_users user_id="102"
+                group_id="201"/>
+
+  <group_roles id="1"
+               group_id="[null]"
+               resource_id="300"
+               role="user"
+               organization_uuid="org1"/>
+  <group_roles id="2"
+               group_id="201"
+               resource_id="400"
+               role="user"
+               organization_uuid="org1"/>
+
+  <projects id="300"
+            kee="pj-w-snapshot"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            root_uuid="DEFG"
+            module_uuid="[null]"/>
+  <projects id="400"
+            kee="pj-wo-snapshot"
+            uuid="EFGH"
+            uuid_path="NOT_USED"
+            root_uuid="EFGH"
+            module_uuid="[null]"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_users_for_role_and_project_for_group.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_users_for_role_and_project_for_group.xml
new file mode 100644 (file)
index 0000000..90dc8f4
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_users_for_role_and_project_for_group.xml
@@ -0,0 +1,51 @@
+<dataset>
+
+  <!-- users 100 and 101 have no direct grant access, but are in the group 200 that has the role "user" on the project 300  -->
+  <user_roles id="1"
+              user_id="100"
+              resource_id="999"
+              role="user"
+              organization_uuid="org1"/>
+  <user_roles id="2"
+              user_id="101"
+              resource_id="999"
+              role="user"
+              organization_uuid="org1"/>
+  <user_roles id="3"
+              user_id="102"
+              resource_id="999"
+              role="user"
+              organization_uuid="org1"/>
+
+  <groups_users user_id="100"
+                group_id="200"/>
+  <groups_users user_id="101"
+                group_id="200"/>
+  <groups_users user_id="102"
+                group_id="201"/>
+
+  <group_roles id="1"
+               group_id="200"
+               resource_id="300"
+               role="user"
+               organization_uuid="org1"/>
+  <group_roles id="2"
+               group_id="201"
+               resource_id="400"
+               role="user"
+               organization_uuid="org1"/>
+
+  <projects id="300"
+            kee="pj-w-snapshot"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            root_uuid="DEFG"
+            module_uuid="[null]"/>
+  <projects id="400"
+            kee="pj-wo-snapshot"
+            uuid="EFGH"
+            uuid_path="NOT_USED"
+            root_uuid="EFGH"
+            module_uuid="[null]"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_users_for_role_and_project_for_user.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_users_for_role_and_project_for_user.xml
new file mode 100644 (file)
index 0000000..543cac8
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/keep_authorized_users_for_role_and_project_for_user.xml
@@ -0,0 +1,46 @@
+<dataset>
+
+  <!-- Users 100 and 101 are 'user' on project 300 -->
+  <user_roles id="1"
+              user_id="100"
+              resource_id="300"
+              role="user"
+              organization_uuid="org1"/>
+  <user_roles id="2"
+              user_id="101"
+              resource_id="300"
+              role="user"
+              organization_uuid="org1"/>
+  <user_roles id="3"
+              user_id="102"
+              resource_id="300"
+              role="admin"
+              organization_uuid="org1"/>
+  <user_roles id="4"
+              user_id="100"
+              resource_id="400"
+              role="user"
+              organization_uuid="org1"/>
+
+  <groups_users user_id="100"
+                group_id="200"/>
+  <group_roles id="1"
+               group_id="200"
+               resource_id="400"
+               role="user"
+               organization_uuid="org1"/>
+
+  <projects id="300"
+            kee="pj-w-snapshot"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            root_uuid="DEFG"
+            module_uuid="[null]"/>
+  <projects id="400"
+            kee="pj-wo-snapshot"
+            uuid="EFGH"
+            uuid_path="NOT_USED"
+            root_uuid="EFGH"
+            module_uuid="[null]"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_global_permissions_for_anonymous.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_global_permissions_for_anonymous.xml
new file mode 100644 (file)
index 0000000..67341bb
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_global_permissions_for_anonymous.xml
@@ -0,0 +1,25 @@
+<dataset>
+
+  <user_roles id="1"
+              user_id="100"
+              resource_id="[null]"
+              role="user"
+              organization_uuid="org1"/>
+
+  <groups_users user_id="1"
+                group_id="200"/>
+  <groups_users user_id="1"
+                group_id="201"/>
+
+  <group_roles id="200"
+               group_id="[null]"
+               resource_id="[null]"
+               role="user"
+               organization_uuid="org1"/>
+  <group_roles id="201"
+               group_id="[null]"
+               resource_id="[null]"
+               role="admin"
+               organization_uuid="org1"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_global_permissions_for_group_anyone.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_global_permissions_for_group_anyone.xml
new file mode 100644 (file)
index 0000000..7378f89
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_global_permissions_for_group_anyone.xml
@@ -0,0 +1,22 @@
+<dataset>
+
+  <users id="10"
+         login="anyone_user"
+         is_root="[false]"/>
+
+  <user_roles id="1"
+              user_id="10"
+              resource_id="[null]"
+              role="user"
+              organization_uuid="org1"/>
+
+  <groups_users user_id="10"
+                group_id="[null]"/>
+
+  <group_roles id="1"
+               group_id="[null]"
+               resource_id="[null]"
+               role="profileadmin"
+               organization_uuid="org1"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_group_global_permissions.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_group_global_permissions.xml
new file mode 100644 (file)
index 0000000..3b395a2
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_group_global_permissions.xml
@@ -0,0 +1,41 @@
+<dataset>
+
+  <!-- user 10 has no direct grant access, but is in the 'user' group 200 and in the 'admin' group 201 -->
+  <users id="10"
+         login="john"
+         is_root="[false]"/>
+  <!-- user 11 has no direct grant access, but is in the 'user' group 200 -->
+  <users id="11"
+         login="arthur"
+         is_root="[false]"/>
+
+  <user_roles id="1"
+              user_id="999"
+              resource_id="[null]"
+              role="user"
+              organization_uuid="org1"/>
+  <user_roles id="2"
+              user_id="999"
+              resource_id="[null]"
+              role="user"
+              organization_uuid="org1"/>
+
+  <groups_users user_id="10"
+                group_id="200"/>
+  <groups_users user_id="10"
+                group_id="201"/>
+  <groups_users user_id="11"
+                group_id="200"/>
+
+  <group_roles id="1"
+               group_id="200"
+               resource_id="[null]"
+               role="user"
+               organization_uuid="org1"/>
+  <group_roles id="2"
+               group_id="201"
+               resource_id="[null]"
+               role="admin"
+               organization_uuid="org1"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_root_project_keys_for_anonymous.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_root_project_keys_for_anonymous.xml
new file mode 100644 (file)
index 0000000..2addb79
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_root_project_keys_for_anonymous.xml
@@ -0,0 +1,54 @@
+<dataset>
+
+  <user_roles id="1"
+              user_id="100"
+              resource_id="999"
+              role="user"
+              organization_uuid="org1"/>
+  <groups_users user_id="100"
+                group_id="200"/>
+  <group_roles id="1"
+               group_id="[null]"
+               resource_id="300"
+               role="user"
+               organization_uuid="org1"/>
+
+  <projects id="300"
+            uuid="ABCD"
+            uuid_path="NOT_USED"
+            root_uuid="ABCD"
+            module_uuid="[null]"
+            kee="pj-w-snapshot"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+  <projects id="301"
+            uuid="BCDE"
+            uuid_path="NOT_USED"
+            root_uuid="BCDE"
+            module_uuid="[null]"
+            kee="pj-w-snapshot1"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+  <projects id="302"
+            uuid="CDEF"
+            uuid_path="NOT_USED"
+            root_uuid="CDEF"
+            module_uuid="[null]"
+            kee="pj-w-snapshot2"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+
+  <projects id="303"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            root_uuid="DEFG"
+            module_uuid="[null]"
+            kee="pj-w-snapshot3"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_root_project_keys_for_group.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_root_project_keys_for_group.xml
new file mode 100644 (file)
index 0000000..f77c4c9
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_root_project_keys_for_group.xml
@@ -0,0 +1,56 @@
+<dataset>
+
+  <!-- user 100 has no direct grant access, but is in the group 200 that has the role "user"
+  on the project 300  -->
+  <user_roles id="1"
+              user_id="100"
+              resource_id="999"
+              role="user"
+              organization_uuid="org1"/>
+  <groups_users user_id="100"
+                group_id="200"/>
+  <group_roles id="1"
+               group_id="200"
+               resource_id="300"
+               role="user"
+               organization_uuid="org1"/>
+
+  <projects id="300"
+            uuid="ABCD"
+            uuid_path="NOT_USED"
+            root_uuid="ABCD"
+            module_uuid="[null]"
+            kee="pj-w-snapshot"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+  <projects id="301"
+            uuid="BCDE"
+            uuid_path="NOT_USED"
+            root_uuid="BCDE"
+            module_uuid="[null]"
+            kee="pj-w-snapshot1"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+  <projects id="302"
+            uuid="CDEF"
+            uuid_path="NOT_USED"
+            root_uuid="CDEF"
+            module_uuid="[null]"
+            kee="pj-w-snapshot2"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+
+  <projects id="303"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            root_uuid="DEFG"
+            module_uuid="[null]"
+            kee="pj-w-snapshot3"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_root_project_keys_for_user.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_root_project_keys_for_user.xml
new file mode 100644 (file)
index 0000000..113aad3
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_root_project_keys_for_user.xml
@@ -0,0 +1,55 @@
+<dataset>
+
+  <!-- user 100 has the role "user" on the project 300 and in group 200 -->
+  <user_roles id="1"
+              user_id="100"
+              resource_id="300"
+              role="user"
+              organization_uuid="org1"/>
+  <groups_users user_id="100"
+                group_id="200"/>
+  <group_roles id="1"
+               group_id="200"
+               resource_id="999"
+               role="user"
+               organization_uuid="org1"/>
+
+  <projects id="300"
+            uuid="ABCD"
+            uuid_path="NOT_USED"
+            root_uuid="ABCD"
+            module_uuid="[null]"
+            kee="pj-w-snapshot"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+  <projects id="301"
+            uuid="BCDE"
+            uuid_path="NOT_USED"
+            root_uuid="BCDE"
+            module_uuid="[null]"
+            kee="pj-w-snapshot1"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+  <projects id="302"
+            uuid="CDEF"
+            uuid_path="NOT_USED"
+            root_uuid="CDEF"
+            module_uuid="[null]"
+            kee="pj-w-snapshot2"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+
+  <projects id="303"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            root_uuid="DEFG"
+            module_uuid="[null]"
+            kee="pj-w-snapshot3"
+            scope="PRJ"
+            qualifier="TRK"
+            enabled="[true]"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_user_global_permissions.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_user_global_permissions.xml
new file mode 100644 (file)
index 0000000..c8a6d9e
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/should_return_user_global_permissions.xml
@@ -0,0 +1,44 @@
+<dataset>
+
+  <!-- user 10 has no group, but has direct role 'user' and 'admin' -->
+  <users id="10"
+         login="john"
+         is_root="[false]"/>
+  <!-- user 11 has no group, but has direct role 'user' -->
+  <users id="11"
+         login="arthur"
+         is_root="[false]"/>
+
+  <user_roles id="1"
+              user_id="10"
+              resource_id="[null]"
+              role="user"
+              organization_uuid="org1"/>
+  <user_roles id="2"
+              user_id="10"
+              resource_id="[null]"
+              role="admin"
+              organization_uuid="org1"/>
+  <user_roles id="3"
+              user_id="11"
+              resource_id="[null]"
+              role="user"
+              organization_uuid="org1"/>
+
+  <groups_users user_id="999"
+                group_id="200"/>
+  <groups_users user_id="999"
+                group_id="201"/>
+
+  <group_roles id="200"
+               group_id="200"
+               resource_id="[null]"
+               role="user"
+               organization_uuid="org1"/>
+  <group_roles id="201"
+               group_id="200"
+               resource_id="[null]"
+               role="admin"
+               organization_uuid="org1"/>
+
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/user_should_be_authorized.xml b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/user_should_be_authorized.xml
new file mode 100644 (file)
index 0000000..a2f7b6a
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/AuthorizationDaoTest/user_should_be_authorized.xml
@@ -0,0 +1,34 @@
+<dataset>
+
+  <!-- user 100 has the role "user" on the project 300 and in group 200 -->
+  <user_roles id="1"
+              user_id="100"
+              resource_id="300"
+              role="user"
+              organization_uuid="org1"/>
+  <user_roles id="2"
+              user_id="100"
+              resource_id="400"
+              role="user"
+              organization_uuid="org1"/>
+  <groups_users user_id="100"
+                group_id="200"/>
+  <group_roles id="1"
+               group_id="200"
+               resource_id="999"
+               role="user"
+               organization_uuid="org1"/>
+
+  <projects id="300"
+            kee="pj-w-snapshot"
+            uuid="DEFG"
+            uuid_path="NOT_USED"
+            root_uuid="DEFG"
+            module_uuid="[null]"/>
+  <projects id="400"
+            kee="pj-wo-snapshot"
+            uuid="EFGH"
+            uuid_path="NOT_USED"
+            root_uuid="EFGH"
+            module_uuid="[null]"/>
+</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/anonymous_should_be_authorized.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/anonymous_should_be_authorized.xml
deleted file mode 100644 (file)
index ff279ac..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/anonymous_should_be_authorized.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<dataset>
-
-  <user_roles id="1"
-              user_id="100"
-              resource_id="999"
-              role="user"
-              organization_uuid="org1"/>
-  <groups_users user_id="100"
-                group_id="200"/>
-  <group_roles id="1"
-               group_id="[null]"
-               resource_id="300"
-               role="user"
-               organization_uuid="org1"/>
-  <group_roles id="2"
-               group_id="[null]"
-               resource_id="400"
-               role="user"
-               organization_uuid="org1"/>
-
-  <projects id="301"
-            kee="pj-w-snapshot:package"
-            root_uuid="EDFG"
-            uuid="ABCD"
-            uuid_path="NOT_USED"
-            module_uuid="EDFG"/>
-  <projects id="302"
-            kee="pj-w-snapshot:file"
-            root_uuid="EDFG"
-            uuid="BCDE"
-            uuid_path="NOT_USED"
-            module_uuid="EDFG"/>
-  <projects id="303"
-            kee="pj-w-snapshot:other"
-            root_uuid="EDFG"
-            uuid="CDEF"
-            uuid_path="NOT_USED"
-            module_uuid="EDFG"/>
-  <projects id="300"
-            kee="pj-w-snapshot"
-            uuid="EDFG"
-            uuid_path="NOT_USED"
-            root_uuid="EDFG"
-            module_uuid="[null]"/>
-  <projects id="400"
-            kee="pj-wo-snapshot"
-            uuid="FGHI"
-            uuid_path="NOT_USED"
-            root_uuid="FGHI"
-            project_uuid="FGHI"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/group_should_be_authorized.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/group_should_be_authorized.xml
deleted file mode 100644 (file)
index 3069348..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/group_should_be_authorized.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<dataset>
-
-  <!-- user 100 has no direct grant access, but is in the group 200 that has the role "user"
-  on the project 300  -->
-  <user_roles id="1"
-              user_id="100"
-              resource_id="999"
-              role="user"
-              organization_uuid="org1"/>
-  <groups_users user_id="100"
-                group_id="200"/>
-  <group_roles id="1"
-               group_id="200"
-               resource_id="300"
-               role="user"
-               organization_uuid="org1"/>
-  <group_roles id="2"
-               group_id="200"
-               resource_id="400"
-               role="user"
-               organization_uuid="org1"/>
-
-  <projects id="301"
-            kee="pj-w-snapshot:package"
-            root_uuid="DEFG"
-            uuid="ABCD"
-            uuid_path="NOT_USED"
-            module_uuid="DEFG"/>
-  <projects id="302"
-            kee="pj-w-snapshot:file"
-            root_uuid="DEFG"
-            uuid="BCDE"
-            uuid_path="NOT_USED"
-            module_uuid="DEFG"/>
-  <projects id="303"
-            kee="pj-w-snapshot:other"
-            root_uuid="DEFG"
-            uuid="CDEF"
-            uuid_path="NOT_USED"
-            module_uuid="DEFG"/>
-  <projects id="300"
-            kee="pj-w-snapshot"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            root_uuid="DEFG"
-            module_uuid="[null]"/>
-  <projects id="400"
-            kee="pj-wo-snapshot"
-            uuid="EFGH"
-            uuid_path="NOT_USED"
-            root_uuid="EFGH"
-            module_uuid="[null]"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/is_authorized_component_key_for_global_permission.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/is_authorized_component_key_for_global_permission.xml
deleted file mode 100644 (file)
index f0cd313..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/is_authorized_component_key_for_global_permission.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<dataset>
-
-  <!-- user 100 has no direct grant access, but is in the group 200 that has the role "user"
-  on the all the projects  -->
-  <user_roles id="1"
-              user_id="100"
-              resource_id="999"
-              role="user"
-              organization_uuid="org1"/>
-  <groups_users user_id="100"
-                group_id="200"/>
-  <group_roles id="1"
-               group_id="200"
-               resource_id="[null]"
-               role="user"
-               organization_uuid="org1"/>
-
-  <projects id="301"
-            kee="pj-w-snapshot:package"
-            root_id="300"
-            uuid="ABCD"
-            uuid_path="NOT_USED"
-            module_uuid="DEFG"/>
-  <projects id="302"
-            kee="pj-w-snapshot:file"
-            root_id="300"
-            uuid="BCDE"
-            uuid_path="NOT_USED"
-            module_uuid="DEFG"/>
-  <projects id="303"
-            kee="pj-w-snapshot:other"
-            root_id="300"
-            uuid="CDEF"
-            uuid_path="NOT_USED"
-            module_uuid="DEFG"/>
-  <projects id="300"
-            kee="pj-w-snapshot"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            module_uuid="[null]"/>
-  <projects id="400"
-            kee="pj-wo-snapshot"
-            uuid="EFGH"
-            uuid_path="NOT_USED"
-            module_uuid="[null]"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_project_ids_for_anonymous.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_project_ids_for_anonymous.xml
deleted file mode 100644 (file)
index ede3166..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_project_ids_for_anonymous.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<dataset>
-
-  <groups_users user_id="100"
-                group_id="200"/>
-  <group_roles id="1"
-               group_id="[null]"
-               resource_id="300"
-               role="user"
-               organization_uuid="org1"/>
-  <group_roles id="2"
-               group_id="200"
-               resource_id="400"
-               role="codeviewer"
-               organization_uuid="org1"/>
-
-  <projects id="300"
-            kee="pj-w-snapshot"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            root_uuid="DEFG"
-            module_uuid="[null]"
-            enabled="[true]"/>
-  <projects id="400"
-            kee="pj-wo-snapshot"
-            uuid="EFGH"
-            uuid_path="NOT_USED"
-            root_uuid="EFGH"
-            module_uuid="[null]"
-            enabled="[true]"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_project_ids_for_group.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_project_ids_for_group.xml
deleted file mode 100644 (file)
index c21e237..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_project_ids_for_group.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<dataset>
-
-  <groups_users user_id="100"
-                group_id="200"/>
-  <group_roles id="1"
-               group_id="200"
-               resource_id="300"
-               role="user"
-               organization_uuid="org1"/>
-  <group_roles id="2"
-               group_id="200"
-               resource_id="400"
-               role="codeviewer"
-               organization_uuid="org1"/>
-
-  <projects id="300"
-            kee="pj-w-snapshot"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            root_uuid="DEFG"
-            module_uuid="[null]"
-            enabled="[true]"/>
-  <projects id="400"
-            kee="pj-wo-snapshot"
-            uuid="EFGH"
-            uuid_path="NOT_USED"
-            root_uuid="EFGH"
-            module_uuid="[null]"
-            enabled="[true]"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_project_ids_for_user.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_project_ids_for_user.xml
deleted file mode 100644 (file)
index b9e7913..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_project_ids_for_user.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<dataset>
-
-  <!-- user 100 has the role "user" on the project 300 -->
-  <user_roles id="1"
-              user_id="100"
-              resource_id="300"
-              role="user"
-              organization_uuid="org1"/>
-  <user_roles id="2"
-              user_id="100"
-              resource_id="400"
-              role="codeviewer"
-              organization_uuid="org1"/>
-
-  <projects id="300"
-            kee="pj-w-snapshot"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            root_uuid="DEFG"
-            module_uuid="[null]"
-            enabled="[true]"/>
-  <projects id="400"
-            kee="pj-wo-snapshot"
-            uuid="EFGH"
-            uuid_path="NOT_USED"
-            root_uuid="EFGH"
-            module_uuid="[null]"
-            enabled="[true]"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_users_for_role_and_project_for_anonymous.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_users_for_role_and_project_for_anonymous.xml
deleted file mode 100644 (file)
index 74eb60b..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_users_for_role_and_project_for_anonymous.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<dataset>
-
-  <!-- users 100 and 101 have no direct grant access, but are in the group 200 that has the role "user" on the project 300  -->
-  <user_roles id="1"
-              user_id="100"
-              resource_id="999"
-              role="user"
-              organization_uuid="org1"/>
-  <user_roles id="2"
-              user_id="101"
-              resource_id="999"
-              role="user"
-              organization_uuid="org1"/>
-  <user_roles id="3"
-              user_id="102"
-              resource_id="999"
-              role="user"
-              organization_uuid="org1"/>
-
-  <groups_users user_id="100"
-                group_id="200"/>
-  <groups_users user_id="101"
-                group_id="200"/>
-  <groups_users user_id="102"
-                group_id="201"/>
-
-  <group_roles id="1"
-               group_id="[null]"
-               resource_id="300"
-               role="user"
-               organization_uuid="org1"/>
-  <group_roles id="2"
-               group_id="201"
-               resource_id="400"
-               role="user"
-               organization_uuid="org1"/>
-
-  <projects id="300"
-            kee="pj-w-snapshot"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            root_uuid="DEFG"
-            module_uuid="[null]"/>
-  <projects id="400"
-            kee="pj-wo-snapshot"
-            uuid="EFGH"
-            uuid_path="NOT_USED"
-            root_uuid="EFGH"
-            module_uuid="[null]"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_users_for_role_and_project_for_group.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_users_for_role_and_project_for_group.xml
deleted file mode 100644 (file)
index 90dc8f4..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_users_for_role_and_project_for_group.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<dataset>
-
-  <!-- users 100 and 101 have no direct grant access, but are in the group 200 that has the role "user" on the project 300  -->
-  <user_roles id="1"
-              user_id="100"
-              resource_id="999"
-              role="user"
-              organization_uuid="org1"/>
-  <user_roles id="2"
-              user_id="101"
-              resource_id="999"
-              role="user"
-              organization_uuid="org1"/>
-  <user_roles id="3"
-              user_id="102"
-              resource_id="999"
-              role="user"
-              organization_uuid="org1"/>
-
-  <groups_users user_id="100"
-                group_id="200"/>
-  <groups_users user_id="101"
-                group_id="200"/>
-  <groups_users user_id="102"
-                group_id="201"/>
-
-  <group_roles id="1"
-               group_id="200"
-               resource_id="300"
-               role="user"
-               organization_uuid="org1"/>
-  <group_roles id="2"
-               group_id="201"
-               resource_id="400"
-               role="user"
-               organization_uuid="org1"/>
-
-  <projects id="300"
-            kee="pj-w-snapshot"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            root_uuid="DEFG"
-            module_uuid="[null]"/>
-  <projects id="400"
-            kee="pj-wo-snapshot"
-            uuid="EFGH"
-            uuid_path="NOT_USED"
-            root_uuid="EFGH"
-            module_uuid="[null]"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_users_for_role_and_project_for_user.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_users_for_role_and_project_for_user.xml
deleted file mode 100644 (file)
index 543cac8..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/keep_authorized_users_for_role_and_project_for_user.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<dataset>
-
-  <!-- Users 100 and 101 are 'user' on project 300 -->
-  <user_roles id="1"
-              user_id="100"
-              resource_id="300"
-              role="user"
-              organization_uuid="org1"/>
-  <user_roles id="2"
-              user_id="101"
-              resource_id="300"
-              role="user"
-              organization_uuid="org1"/>
-  <user_roles id="3"
-              user_id="102"
-              resource_id="300"
-              role="admin"
-              organization_uuid="org1"/>
-  <user_roles id="4"
-              user_id="100"
-              resource_id="400"
-              role="user"
-              organization_uuid="org1"/>
-
-  <groups_users user_id="100"
-                group_id="200"/>
-  <group_roles id="1"
-               group_id="200"
-               resource_id="400"
-               role="user"
-               organization_uuid="org1"/>
-
-  <projects id="300"
-            kee="pj-w-snapshot"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            root_uuid="DEFG"
-            module_uuid="[null]"/>
-  <projects id="400"
-            kee="pj-wo-snapshot"
-            uuid="EFGH"
-            uuid_path="NOT_USED"
-            root_uuid="EFGH"
-            module_uuid="[null]"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_global_permissions_for_anonymous.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_global_permissions_for_anonymous.xml
deleted file mode 100644 (file)
index 67341bb..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_global_permissions_for_anonymous.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<dataset>
-
-  <user_roles id="1"
-              user_id="100"
-              resource_id="[null]"
-              role="user"
-              organization_uuid="org1"/>
-
-  <groups_users user_id="1"
-                group_id="200"/>
-  <groups_users user_id="1"
-                group_id="201"/>
-
-  <group_roles id="200"
-               group_id="[null]"
-               resource_id="[null]"
-               role="user"
-               organization_uuid="org1"/>
-  <group_roles id="201"
-               group_id="[null]"
-               resource_id="[null]"
-               role="admin"
-               organization_uuid="org1"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_global_permissions_for_group_anyone.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_global_permissions_for_group_anyone.xml
deleted file mode 100644 (file)
index 7378f89..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_global_permissions_for_group_anyone.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<dataset>
-
-  <users id="10"
-         login="anyone_user"
-         is_root="[false]"/>
-
-  <user_roles id="1"
-              user_id="10"
-              resource_id="[null]"
-              role="user"
-              organization_uuid="org1"/>
-
-  <groups_users user_id="10"
-                group_id="[null]"/>
-
-  <group_roles id="1"
-               group_id="[null]"
-               resource_id="[null]"
-               role="profileadmin"
-               organization_uuid="org1"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_group_global_permissions.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_group_global_permissions.xml
deleted file mode 100644 (file)
index 3b395a2..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_group_global_permissions.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<dataset>
-
-  <!-- user 10 has no direct grant access, but is in the 'user' group 200 and in the 'admin' group 201 -->
-  <users id="10"
-         login="john"
-         is_root="[false]"/>
-  <!-- user 11 has no direct grant access, but is in the 'user' group 200 -->
-  <users id="11"
-         login="arthur"
-         is_root="[false]"/>
-
-  <user_roles id="1"
-              user_id="999"
-              resource_id="[null]"
-              role="user"
-              organization_uuid="org1"/>
-  <user_roles id="2"
-              user_id="999"
-              resource_id="[null]"
-              role="user"
-              organization_uuid="org1"/>
-
-  <groups_users user_id="10"
-                group_id="200"/>
-  <groups_users user_id="10"
-                group_id="201"/>
-  <groups_users user_id="11"
-                group_id="200"/>
-
-  <group_roles id="1"
-               group_id="200"
-               resource_id="[null]"
-               role="user"
-               organization_uuid="org1"/>
-  <group_roles id="2"
-               group_id="201"
-               resource_id="[null]"
-               role="admin"
-               organization_uuid="org1"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_root_project_keys_for_anonymous.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_root_project_keys_for_anonymous.xml
deleted file mode 100644 (file)
index 2addb79..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_root_project_keys_for_anonymous.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<dataset>
-
-  <user_roles id="1"
-              user_id="100"
-              resource_id="999"
-              role="user"
-              organization_uuid="org1"/>
-  <groups_users user_id="100"
-                group_id="200"/>
-  <group_roles id="1"
-               group_id="[null]"
-               resource_id="300"
-               role="user"
-               organization_uuid="org1"/>
-
-  <projects id="300"
-            uuid="ABCD"
-            uuid_path="NOT_USED"
-            root_uuid="ABCD"
-            module_uuid="[null]"
-            kee="pj-w-snapshot"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-  <projects id="301"
-            uuid="BCDE"
-            uuid_path="NOT_USED"
-            root_uuid="BCDE"
-            module_uuid="[null]"
-            kee="pj-w-snapshot1"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-  <projects id="302"
-            uuid="CDEF"
-            uuid_path="NOT_USED"
-            root_uuid="CDEF"
-            module_uuid="[null]"
-            kee="pj-w-snapshot2"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-
-  <projects id="303"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            root_uuid="DEFG"
-            module_uuid="[null]"
-            kee="pj-w-snapshot3"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_root_project_keys_for_group.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_root_project_keys_for_group.xml
deleted file mode 100644 (file)
index f77c4c9..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_root_project_keys_for_group.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<dataset>
-
-  <!-- user 100 has no direct grant access, but is in the group 200 that has the role "user"
-  on the project 300  -->
-  <user_roles id="1"
-              user_id="100"
-              resource_id="999"
-              role="user"
-              organization_uuid="org1"/>
-  <groups_users user_id="100"
-                group_id="200"/>
-  <group_roles id="1"
-               group_id="200"
-               resource_id="300"
-               role="user"
-               organization_uuid="org1"/>
-
-  <projects id="300"
-            uuid="ABCD"
-            uuid_path="NOT_USED"
-            root_uuid="ABCD"
-            module_uuid="[null]"
-            kee="pj-w-snapshot"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-  <projects id="301"
-            uuid="BCDE"
-            uuid_path="NOT_USED"
-            root_uuid="BCDE"
-            module_uuid="[null]"
-            kee="pj-w-snapshot1"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-  <projects id="302"
-            uuid="CDEF"
-            uuid_path="NOT_USED"
-            root_uuid="CDEF"
-            module_uuid="[null]"
-            kee="pj-w-snapshot2"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-
-  <projects id="303"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            root_uuid="DEFG"
-            module_uuid="[null]"
-            kee="pj-w-snapshot3"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_root_project_keys_for_user.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_root_project_keys_for_user.xml
deleted file mode 100644 (file)
index 113aad3..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_root_project_keys_for_user.xml
+++ /dev/null
@@ -1,55 +0,0 @@
-<dataset>
-
-  <!-- user 100 has the role "user" on the project 300 and in group 200 -->
-  <user_roles id="1"
-              user_id="100"
-              resource_id="300"
-              role="user"
-              organization_uuid="org1"/>
-  <groups_users user_id="100"
-                group_id="200"/>
-  <group_roles id="1"
-               group_id="200"
-               resource_id="999"
-               role="user"
-               organization_uuid="org1"/>
-
-  <projects id="300"
-            uuid="ABCD"
-            uuid_path="NOT_USED"
-            root_uuid="ABCD"
-            module_uuid="[null]"
-            kee="pj-w-snapshot"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-  <projects id="301"
-            uuid="BCDE"
-            uuid_path="NOT_USED"
-            root_uuid="BCDE"
-            module_uuid="[null]"
-            kee="pj-w-snapshot1"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-  <projects id="302"
-            uuid="CDEF"
-            uuid_path="NOT_USED"
-            root_uuid="CDEF"
-            module_uuid="[null]"
-            kee="pj-w-snapshot2"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-
-  <projects id="303"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            root_uuid="DEFG"
-            module_uuid="[null]"
-            kee="pj-w-snapshot3"
-            scope="PRJ"
-            qualifier="TRK"
-            enabled="[true]"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_user_global_permissions.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_user_global_permissions.xml
deleted file mode 100644 (file)
index c8a6d9e..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/should_return_user_global_permissions.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<dataset>
-
-  <!-- user 10 has no group, but has direct role 'user' and 'admin' -->
-  <users id="10"
-         login="john"
-         is_root="[false]"/>
-  <!-- user 11 has no group, but has direct role 'user' -->
-  <users id="11"
-         login="arthur"
-         is_root="[false]"/>
-
-  <user_roles id="1"
-              user_id="10"
-              resource_id="[null]"
-              role="user"
-              organization_uuid="org1"/>
-  <user_roles id="2"
-              user_id="10"
-              resource_id="[null]"
-              role="admin"
-              organization_uuid="org1"/>
-  <user_roles id="3"
-              user_id="11"
-              resource_id="[null]"
-              role="user"
-              organization_uuid="org1"/>
-
-  <groups_users user_id="999"
-                group_id="200"/>
-  <groups_users user_id="999"
-                group_id="201"/>
-
-  <group_roles id="200"
-               group_id="200"
-               resource_id="[null]"
-               role="user"
-               organization_uuid="org1"/>
-  <group_roles id="201"
-               group_id="200"
-               resource_id="[null]"
-               role="admin"
-               organization_uuid="org1"/>
-
-</dataset>

diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/user_should_be_authorized.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/user_should_be_authorized.xml
deleted file mode 100644 (file)
index a2f7b6a..0000000
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionDaoTest/user_should_be_authorized.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<dataset>
-
-  <!-- user 100 has the role "user" on the project 300 and in group 200 -->
-  <user_roles id="1"
-              user_id="100"
-              resource_id="300"
-              role="user"
-              organization_uuid="org1"/>
-  <user_roles id="2"
-              user_id="100"
-              resource_id="400"
-              role="user"
-              organization_uuid="org1"/>
-  <groups_users user_id="100"
-                group_id="200"/>
-  <group_roles id="1"
-               group_id="200"
-               resource_id="999"
-               role="user"
-               organization_uuid="org1"/>
-
-  <projects id="300"
-            kee="pj-w-snapshot"
-            uuid="DEFG"
-            uuid_path="NOT_USED"
-            root_uuid="DEFG"
-            module_uuid="[null]"/>
-  <projects id="400"
-            kee="pj-wo-snapshot"
-            uuid="EFGH"
-            uuid_path="NOT_USED"
-            root_uuid="EFGH"
-            module_uuid="[null]"/>
-</dataset>