SONAR-9327 delete permissions only for root when deleting a project/view

diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeCommands.java b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeCommands.java
index a2abbe531822f50ab74219c9eca663e61fd0d593..38e9e8e61402a5b7a08bd00f168a47341b7df2e1 100644 (file)
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeCommands.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeCommands.java
@@ -60,6 +60,18 @@ class PurgeCommands {
     deleteAnalyses(purgeMapper.selectAnalysisIdsAndUuids(new PurgeSnapshotQuery().setComponentUuid(rootUuid)));
   }
 
+  void deletePermissions(long rootId) {
+    profiler.start("deletePermissions (group_roles)");
+    purgeMapper.deleteComponentGroupRoles(rootId);
+    session.commit();
+    profiler.stop();
+
+    profiler.start("deletePermissions (user_roles)");
+    purgeMapper.deleteComponentUserRoles(rootId);
+    session.commit();
+    profiler.stop();
+  }
+
   void deleteComponents(List<IdUuidPair> componentIdUuids) {
     List<List<Long>> componentIdPartitions = Lists.partition(IdUuidPairs.ids(componentIdUuids), MAX_RESOURCES_PER_QUERY);
     List<List<String>> componentUuidsPartitions = Lists.partition(IdUuidPairs.uuids(componentIdUuids), MAX_RESOURCES_PER_QUERY);
@@ -79,16 +91,6 @@ class PurgeCommands {
     session.commit();
     profiler.stop();
 
-    profiler.start("deleteResourceGroupRoles (group_roles)");
-    componentIdPartitions.forEach(purgeMapper::deleteComponentGroupRoles);
-    session.commit();
-    profiler.stop();
-
-    profiler.start("deleteResourceUserRoles (user_roles)");
-    componentIdPartitions.forEach(purgeMapper::deleteComponentUserRoles);
-    session.commit();
-    profiler.stop();
-
     profiler.start("deleteResourceManualMeasures (manual_measures)");
     componentUuidsPartitions.forEach(purgeMapper::deleteComponentManualMeasures);
     session.commit();

diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeDao.java
index 5ac77a792b72f4e6566d40aa6f97c6d3a04d6743..8c4113682577b1d569aa1b2285cc3c3659242d1d 100644 (file)
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeDao.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeDao.java
@@ -154,6 +154,12 @@ public class PurgeDao implements Dao {
 
   private static void deleteProject(String rootUuid, PurgeMapper mapper, PurgeCommands commands) {
     List<IdUuidPair> childrenIds = mapper.selectComponentsByProjectUuid(rootUuid);
+    long rootId = childrenIds.stream()
+      .filter(pair -> pair.getUuid().equals(rootUuid))
+      .map(IdUuidPair::getId)
+      .findFirst()
+      .orElseThrow(() -> new IllegalStateException("Couldn't find component for root uuid " + rootUuid));
+    commands.deletePermissions(rootId);
     commands.deleteAnalyses(rootUuid);
     commands.deleteComponents(childrenIds);
     commands.deleteFileSources(rootUuid);

diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeMapper.java
index 08ec08c0a16d61f4fd7aa7eb58ca89c0b60723f5..a0e3248320f9bcd7772aa86749e282fc5c273f61 100644 (file)
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeMapper.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/purge/PurgeMapper.java
@@ -56,9 +56,9 @@ public interface PurgeMapper {
 
   void deleteComponents(@Param("componentUuids") List<String> componentUuids);
 
-  void deleteComponentGroupRoles(@Param("componentIds") List<Long> componentIds);
+  void deleteComponentGroupRoles(@Param("rootId") long rootId);
 
-  void deleteComponentUserRoles(@Param("componentIds") List<Long> componentIds);
+  void deleteComponentUserRoles(@Param("rootId") long rootId);
 
   void deleteComponentManualMeasures(@Param("componentUuids") List<String> componentUuids);
 

diff --git a/server/sonar-db-dao/src/main/resources/org/sonar/db/purge/PurgeMapper.xml b/server/sonar-db-dao/src/main/resources/org/sonar/db/purge/PurgeMapper.xml
index 67eec7c0f764875b5ac98025eed0575d28458a91..edec6e6e0e5eb3839ce87673aa4c2bb8226b06ee 100644 (file)
--- a/server/sonar-db-dao/src/main/resources/org/sonar/db/purge/PurgeMapper.xml
+++ b/server/sonar-db-dao/src/main/resources/org/sonar/db/purge/PurgeMapper.xml
@@ -181,19 +181,13 @@
   <delete id="deleteComponentGroupRoles" parameterType="map">
     delete from group_roles
     where
-      resource_id in
-      <foreach collection="componentIds" open="(" close=")" item="componentId" separator=",">
-        #{componentId}
-      </foreach>
+      resource_id = #{rootId,jdbcType=INTEGER}
   </delete>
 
   <delete id="deleteComponentUserRoles" parameterType="map">
     delete from user_roles
     where
-      resource_id in
-      <foreach collection="componentIds" open="(" close=")" item="componentId" separator=",">
-        #{componentId}
-      </foreach>
+      resource_id = #{rootId,jdbcType=INTEGER}
   </delete>
 
   <delete id="deleteComponentManualMeasures" parameterType="map">

diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/purge/PurgeCommandsTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/purge/PurgeCommandsTest.java
index 656a69f9cb401478d617ac6c8275908f94216968..c2586d6c7b3657968e9908feff63984a59d19fa7 100644 (file)
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/purge/PurgeCommandsTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/purge/PurgeCommandsTest.java
@@ -24,6 +24,11 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.sonar.api.utils.System2;
 import org.sonar.db.DbTester;
+import org.sonar.db.component.ComponentDto;
+import org.sonar.db.organization.OrganizationDto;
+import org.sonar.db.permission.OrganizationPermission;
+import org.sonar.db.user.GroupDto;
+import org.sonar.db.user.UserDto;
 
 import static com.google.common.collect.Lists.newArrayList;
 import static java.util.Collections.singletonList;
@@ -105,6 +110,63 @@ public class PurgeCommandsTest {
     assertThat(dbTester.countRowsOfTable("issue_changes")).isEqualTo(1);
   }
 
+  @Test
+  public void deletePermissions_deletes_permissions_of_public_project() {
+    OrganizationDto organization = dbTester.organizations().insert();
+    ComponentDto project = dbTester.components().insertPublicProject(organization);
+    addPermissions(organization, project);
+
+    PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler);
+    purgeCommands.deletePermissions(project.getId());
+
+    assertThat(dbTester.countRowsOfTable("group_roles")).isEqualTo(2);
+    assertThat(dbTester.countRowsOfTable("user_roles")).isEqualTo(1);
+  }
+
+  @Test
+  public void deletePermissions_deletes_permissions_of_private_project() {
+    OrganizationDto organization = dbTester.organizations().insert();
+    ComponentDto project = dbTester.components().insertPrivateProject(organization);
+    addPermissions(organization, project);
+
+    PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler);
+    purgeCommands.deletePermissions(project.getId());
+
+    assertThat(dbTester.countRowsOfTable("group_roles")).isEqualTo(1);
+    assertThat(dbTester.countRowsOfTable("user_roles")).isEqualTo(1);
+  }
+
+  @Test
+  public void deletePermissions_deletes_permissions_of_view() {
+    OrganizationDto organization = dbTester.organizations().insert();
+    ComponentDto project = dbTester.components().insertView(organization);
+    addPermissions(organization, project);
+
+    PurgeCommands purgeCommands = new PurgeCommands(dbTester.getSession(), profiler);
+    purgeCommands.deletePermissions(project.getId());
+
+    assertThat(dbTester.countRowsOfTable("group_roles")).isEqualTo(2);
+    assertThat(dbTester.countRowsOfTable("user_roles")).isEqualTo(1);
+  }
+
+  private void addPermissions(OrganizationDto organization, ComponentDto root) {
+    if (!root.isPrivate()) {
+      dbTester.users().insertProjectPermissionOnAnyone("foo1", root);
+      dbTester.users().insertPermissionOnAnyone(organization, "not project level");
+    }
+
+    GroupDto group = dbTester.users().insertGroup(organization);
+    dbTester.users().insertProjectPermissionOnGroup(group, "bar", root);
+    dbTester.users().insertPermissionOnGroup(group, "not project level");
+
+    UserDto user = dbTester.users().insertUser();
+    dbTester.users().insertProjectPermissionOnUser(user, "doh", root);
+    dbTester.users().insertPermissionOnUser(user, OrganizationPermission.SCAN);
+
+    assertThat(dbTester.countRowsOfTable("group_roles")).isEqualTo(root.isPrivate() ? 2 : 4);
+    assertThat(dbTester.countRowsOfTable("user_roles")).isEqualTo(2);
+  }
+
   /**
    * Test that SQL queries execution do not fail with a huge number of parameter
    */

diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/purge/PurgeDaoTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/purge/PurgeDaoTest.java
index 966708909a120dd436265d3a95c83612d5515a49..02ff99161e282d2900888b2b99b50946b53cc757 100644 (file)
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/purge/PurgeDaoTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/purge/PurgeDaoTest.java
@@ -235,10 +235,11 @@ public class PurgeDaoTest {
 
   @Test
   public void deleteProject_deletes_webhook_deliveries() {
-    dbClient.webhookDeliveryDao().insert(dbSession, newWebhookDeliveryDto().setComponentUuid("P1").setUuid("D1"));
+    ComponentDto project = dbTester.components().insertPublicProject();
+    dbClient.webhookDeliveryDao().insert(dbSession, newWebhookDeliveryDto().setComponentUuid(project.uuid()).setUuid("D1"));
     dbClient.webhookDeliveryDao().insert(dbSession, newWebhookDeliveryDto().setComponentUuid("P2").setUuid("D2"));
 
-    underTest.deleteProject(dbSession, "P1");
+    underTest.deleteProject(dbSession, project.uuid());
 
     assertThat(selectAllDeliveryUuids(dbTester, dbSession)).containsOnly("D2");
   }