SONAR-8704 new boolean field authorization/allowAnyone

This field drops the need for hardcoded group name "Anyone"

diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java
index 665d6bd565148022b5c7032c0b034f1833e1e7be..526a92361b0cec5ca38b007fc74d9840f28df767 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java
@@ -19,6 +19,7 @@
  */
 package org.sonar.server.component;
 
+import java.util.Collection;
 import java.util.List;
 import org.sonar.api.ce.ComputeEngineSide;
 import org.sonar.api.resources.ResourceType;
@@ -38,9 +39,9 @@ public class ComponentCleanerService {
 
   private final DbClient dbClient;
   private final ResourceTypes resourceTypes;
-  private final List<ProjectIndexer> projectIndexers;
+  private final Collection<ProjectIndexer> projectIndexers;
 
-  public ComponentCleanerService(DbClient dbClient, ResourceTypes resourceTypes, ProjectIndexer[] projectIndexers) {
+  public ComponentCleanerService(DbClient dbClient, ResourceTypes resourceTypes, ProjectIndexer... projectIndexers) {
     this.dbClient = dbClient;
     this.resourceTypes = resourceTypes;
     this.projectIndexers = asList(projectIndexers);

diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java
index be731da5b7180284948240e0d0b7855d523a0101..18f973d2c1c58a89581133d3b30e5012233d2979 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentService.java
@@ -49,7 +49,7 @@ public class ComponentService {
   private final UserSession userSession;
   private final ProjectIndexer[] projectIndexers;
 
-  public ComponentService(DbClient dbClient, UserSession userSession, ProjectIndexer[] projectIndexers) {
+  public ComponentService(DbClient dbClient, UserSession userSession, ProjectIndexer... projectIndexers) {
     this.dbClient = dbClient;
     this.userSession = userSession;
     this.projectIndexers = projectIndexers;

diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentUpdater.java
index d87345898bfba7edf02f9a9a6e17c210fe424ff2..abcbd67309ea55b490b5d45999c81f486dd2024f 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentUpdater.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentUpdater.java
@@ -20,6 +20,7 @@
 
 package org.sonar.server.component;
 
+import java.util.Collection;
 import java.util.Date;
 import java.util.List;
 import java.util.Locale;
@@ -33,10 +34,12 @@ import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.server.es.ProjectIndexer;
+import org.sonar.server.es.ProjectIndexer.Cause;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.favorite.FavoriteUpdater;
 import org.sonar.server.permission.PermissionTemplateService;
 
+import static java.util.Arrays.asList;
 import static org.sonar.api.resources.Qualifiers.PROJECT;
 import static org.sonar.core.component.ComponentKeys.isValidModuleKey;
 import static org.sonar.server.ws.WsUtils.checkRequest;
@@ -48,17 +51,17 @@ public class ComponentUpdater {
   private final System2 system2;
   private final PermissionTemplateService permissionTemplateService;
   private final FavoriteUpdater favoriteUpdater;
-  private final ProjectIndexer[] projectIndexers;
+  private final Collection<ProjectIndexer> projectIndexers;
 
   public ComponentUpdater(DbClient dbClient, I18n i18n, System2 system2,
     PermissionTemplateService permissionTemplateService, FavoriteUpdater favoriteUpdater,
-    ProjectIndexer[] projectIndexers) {
+    ProjectIndexer... projectIndexers) {
     this.dbClient = dbClient;
     this.i18n = i18n;
     this.system2 = system2;
     this.permissionTemplateService = permissionTemplateService;
     this.favoriteUpdater = favoriteUpdater;
-    this.projectIndexers = projectIndexers;
+    this.projectIndexers = asList(projectIndexers);
   }
 
   /**
@@ -142,8 +145,6 @@ public class ComponentUpdater {
   }
 
   private void index(ComponentDto project) {
-    for (ProjectIndexer projectIndexer : projectIndexers) {
-      projectIndexer.indexProject(project.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
-    }
+    projectIndexers.forEach(i -> i.indexProject(project.uuid(), Cause.PROJECT_CREATION));
   }
 }

diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java b/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java
index 1ae73cab55c14305ff778966ec6a06772c777fb7..a33262a47a4746e48b69d6361f7a6aef1449e61b 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/index/AuthorizationTypeSupport.java
@@ -31,7 +31,6 @@ import org.sonar.server.es.NewIndex;
 import org.sonar.server.user.UserSession;
 
 import static org.elasticsearch.index.query.QueryBuilders.boolQuery;
-import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
 import static org.elasticsearch.index.query.QueryBuilders.termQuery;
 
 @ServerSide
@@ -43,6 +42,13 @@ public class AuthorizationTypeSupport {
   public static final String FIELD_USER_LOGINS = "users";
   public static final String FIELD_UPDATED_AT = "updatedAt";
 
+  /**
+   * When true, then anybody can access to the project. In that case
+   * it's useless to store granted groups and users. The related
+   * fields are empty.
+   */
+  public static final String FIELD_ALLOW_ANYONE = "allowAnyone";
+
   private final UserSession userSession;
 
   public AuthorizationTypeSupport(UserSession userSession) {
@@ -69,6 +75,7 @@ public class AuthorizationTypeSupport {
     authType.createDateTimeField(FIELD_UPDATED_AT);
     authType.stringFieldBuilder(FIELD_GROUP_NAMES).disableNorms().build();
     authType.stringFieldBuilder(FIELD_USER_LOGINS).disableNorms().build();
+    authType.createBooleanField(FIELD_ALLOW_ANYONE);
     authType.setEnableSource(false);
     return type;
   }
@@ -80,16 +87,21 @@ public class AuthorizationTypeSupport {
   public QueryBuilder createQueryFilter() {
     Integer userLogin = userSession.getUserId();
     Set<String> userGroupNames = userSession.getUserGroups();
-    BoolQueryBuilder groupsAndUser = boolQuery();
+    BoolQueryBuilder filter = boolQuery();
+
+    // anyone
+    filter.should(QueryBuilders.termQuery(FIELD_ALLOW_ANYONE, true));
 
+    // users
     Optional.ofNullable(userLogin)
       .map(Integer::longValue)
-      .ifPresent(userId -> groupsAndUser.should(termQuery(FIELD_USER_LOGINS, userId)));
+      .ifPresent(userId -> filter.should(termQuery(FIELD_USER_LOGINS, userId)));
 
-    userGroupNames
-      .forEach(group -> groupsAndUser.should(termQuery(FIELD_GROUP_NAMES, group)));
+    // groups
+    userGroupNames.forEach(
+      group -> filter.should(termQuery(FIELD_GROUP_NAMES, group)));
 
     return QueryBuilders.hasParentQuery(TYPE_AUTHORIZATION,
-      QueryBuilders.boolQuery().must(matchAllQuery()).filter(groupsAndUser));
+      QueryBuilders.boolQuery().filter(filter));
   }
 }

diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexer.java b/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexer.java
index bb0d717aa0ee847ea2f52b5d1288f7bd057a9009..51461d5584c7a25af5562520445684335376ba22 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexer.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexer.java
@@ -21,11 +21,11 @@ package org.sonar.server.permission.index;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Throwables;
-import com.google.common.collect.ImmutableMap;
 import com.google.common.util.concurrent.Uninterruptibles;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ExecutionException;
@@ -66,7 +66,7 @@ public class PermissionIndexer implements ProjectIndexer, Startable {
   private final ThreadPoolExecutor executor;
   private final DbClient dbClient;
   private final EsClient esClient;
-  private final List<AuthorizationScope> authorizationScopes;
+  private final Collection<AuthorizationScope> authorizationScopes;
 
   public PermissionIndexer(DbClient dbClient, EsClient esClient, NeedAuthorizationIndexer[] needAuthorizationIndexers) {
     this(dbClient, esClient, Arrays.stream(needAuthorizationIndexers)
@@ -75,7 +75,7 @@ public class PermissionIndexer implements ProjectIndexer, Startable {
   }
 
   @VisibleForTesting
-  public PermissionIndexer(DbClient dbClient, EsClient esClient, List<AuthorizationScope> authorizationScopes) {
+  public PermissionIndexer(DbClient dbClient, EsClient esClient, Collection<AuthorizationScope> authorizationScopes) {
     this.executor = new ThreadPoolExecutor(0, 1, 0L, TimeUnit.SECONDS, new LinkedBlockingQueue<>());
     this.dbClient = dbClient;
     this.esClient = esClient;
@@ -90,8 +90,9 @@ public class PermissionIndexer implements ProjectIndexer, Startable {
 
     if (isEmpty) {
       Future submit = executor.submit(() -> {
-
-        authorizationScopes.forEach(scope -> truncateAuthorizationType(scope.getIndexName()));
+        authorizationScopes.stream()
+          .map(AuthorizationScope::getIndexName)
+          .forEach(this::truncateAuthorizationType);
 
         try (DbSession dbSession = dbClient.openSession(false)) {
           index(new PermissionIndexerDao().selectAll(dbClient, dbSession));
@@ -173,10 +174,16 @@ public class PermissionIndexer implements ProjectIndexer, Startable {
   }
 
   private static IndexRequest newIndexRequest(PermissionIndexerDao.Dto dto, String indexName) {
-    Map<String, Object> doc = ImmutableMap.of(
-      AuthorizationTypeSupport.FIELD_GROUP_NAMES, dto.getGroups(),
-      AuthorizationTypeSupport.FIELD_USER_LOGINS, dto.getUsers(),
-      AuthorizationTypeSupport.FIELD_UPDATED_AT, new Date(dto.getUpdatedAt()));
+    Map<String, Object> doc = new HashMap<>();
+    doc.put(AuthorizationTypeSupport.FIELD_UPDATED_AT, new Date(dto.getUpdatedAt()));
+    if (dto.isAllowAnyone()) {
+      doc.put(AuthorizationTypeSupport.FIELD_ALLOW_ANYONE, true);
+      // no need to feed users and groups
+    } else {
+      doc.put(AuthorizationTypeSupport.FIELD_ALLOW_ANYONE, false);
+      doc.put(AuthorizationTypeSupport.FIELD_GROUP_NAMES, dto.getGroups());
+      doc.put(AuthorizationTypeSupport.FIELD_USER_LOGINS, dto.getUsers());
+    }
     return new IndexRequest(indexName, TYPE_AUTHORIZATION, dto.getProjectUuid())
       .routing(dto.getProjectUuid())
       .source(doc);

diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java b/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java
index badf3fe3963e384c5e89c5b72643f4246e7cdb76..370293373377be56ec06953db68db13abb8b3daa 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/index/PermissionIndexerDao.java
@@ -47,6 +47,7 @@ public class PermissionIndexerDao {
     private final String qualifier;
     private final List<Long> users = Lists.newArrayList();
     private final List<String> groups = Lists.newArrayList();
+    private boolean allowAnyone = false;
 
     public Dto(String projectUuid, long updatedAt, String qualifier) {
       this.projectUuid = projectUuid;
@@ -83,6 +84,14 @@ public class PermissionIndexerDao {
     public List<String> getGroups() {
       return groups;
     }
+
+    public void allowAnyone() {
+      this.allowAnyone = true;
+    }
+
+    public boolean isAllowAnyone() {
+      return allowAnyone;
+    }
   }
 
   /**
@@ -90,7 +99,12 @@ public class PermissionIndexerDao {
    */
   private static final int NB_OF_CONDITION_PLACEHOLDERS = 3;
 
+  private enum RowKind {
+    USER, GROUP, ANYONE
+  }
+
   private static final String SQL_TEMPLATE = "SELECT " +
+    "  project_authorization.kind as kind, " +
     "  project_authorization.project as project, " +
     "  project_authorization.user_id as user_id, " +
     "  project_authorization.permission_group as permission_group, " +
@@ -100,7 +114,7 @@ public class PermissionIndexerDao {
 
     // users
 
-    "      SELECT " +
+    "      SELECT '" + RowKind.USER + "' as kind," +
     "      projects.uuid AS project, " +
     "      projects.authorization_updated_at AS updated_at, " +
     "      projects.qualifier AS qualifier, " +
@@ -116,7 +130,7 @@ public class PermissionIndexerDao {
 
     // groups
 
-    "      SELECT " +
+    "      SELECT '" + RowKind.GROUP + "' as kind," +
     "      projects.uuid AS project, " +
     "      projects.authorization_updated_at AS updated_at, " +
     "      projects.qualifier AS qualifier, " +
@@ -134,12 +148,12 @@ public class PermissionIndexerDao {
 
     // Anyone virtual group
 
-    "      SELECT " +
+    "      SELECT '" + RowKind.ANYONE + "' as kind," +
     "      projects.uuid AS project, " +
     "      projects.authorization_updated_at AS updated_at, " +
     "      projects.qualifier AS qualifier, " +
     "      NULL         AS user_id, " +
-    "      'Anyone'     AS permission_group " +
+    "      NULL     AS permission_group " +
     "      FROM projects " +
     "      INNER JOIN group_roles ON group_roles.resource_id = projects.id AND group_roles.role='user' " +
     "      WHERE " +
@@ -180,41 +194,49 @@ public class PermissionIndexerDao {
 
   private static PreparedStatement createStatement(DbClient dbClient, DbSession session, List<String> projectUuids) throws SQLException {
     String sql;
-    if (!projectUuids.isEmpty()) {
-      sql = StringUtils.replace(SQL_TEMPLATE, "{projectsCondition}", " AND (" + repeatCondition("projects.uuid = ?", projectUuids.size(), "OR") + ")");
-    } else {
+    if (projectUuids.isEmpty()) {
       sql = StringUtils.replace(SQL_TEMPLATE, "{projectsCondition}", "");
+    } else {
+      sql = StringUtils.replace(SQL_TEMPLATE, "{projectsCondition}", " AND (" + repeatCondition("projects.uuid = ?", projectUuids.size(), "OR") + ")");
     }
     PreparedStatement stmt = dbClient.getMyBatis().newScrollingSelectStatement(session, sql);
-    if (!projectUuids.isEmpty()) {
-      int index = 1;
-      for (int i = 1; i <= NB_OF_CONDITION_PLACEHOLDERS; i++) {
-        for (int uuidIndex = 0; uuidIndex < projectUuids.size(); uuidIndex++) {
-          stmt.setString(index, projectUuids.get(uuidIndex));
-          index++;
-        }
+    int index = 1;
+    for (int i = 1; i <= NB_OF_CONDITION_PLACEHOLDERS; i++) {
+      for (String projectUuid : projectUuids) {
+        stmt.setString(index, projectUuid);
+        index++;
       }
     }
     return stmt;
   }
 
   private static void processRow(ResultSet rs, Map<String, Dto> dtosByProjectUuid) throws SQLException {
-    String projectUuid = rs.getString(1);
-    String group = rs.getString(3);
+    RowKind rowKind = RowKind.valueOf(rs.getString(1));
+    String projectUuid = rs.getString(2);
 
     Dto dto = dtosByProjectUuid.get(projectUuid);
     if (dto == null) {
-      long updatedAt = rs.getLong(4);
-      String qualifier = rs.getString(5);
+      long updatedAt = rs.getLong(5);
+      String qualifier = rs.getString(6);
       dto = new Dto(projectUuid, updatedAt, qualifier);
       dtosByProjectUuid.put(projectUuid, dto);
     }
-    Long userId = rs.getLong(2);
-    if (!rs.wasNull()) {
-      dto.addUser(userId);
-    }
-    if (StringUtils.isNotBlank(group)) {
-      dto.addGroup(group);
+    switch (rowKind) {
+      case USER:
+        Long userId = rs.getLong(3);
+        if (!rs.wasNull()) {
+          dto.addUser(userId);
+        }
+        break;
+      case GROUP:
+        String group = rs.getString(4);
+        if (!rs.wasNull()) {
+          dto.addGroup(group);
+        }
+        break;
+      case ANYONE:
+        dto.allowAnyone();
+        break;
     }
   }
 }

diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java
index a435e63aa1f466bbac426e870d1b1f57c2b56a6a..a644c7a44b90cb2fe4ae80559b8913d2c565d49b 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java
@@ -64,7 +64,7 @@ public class ComponentCleanerServiceTest {
   private DbSession dbSession = db.getSession();
   private ProjectIndexer projectIndexer = mock(ProjectIndexer.class);
   private ResourceTypes mockResourceTypes = mock(ResourceTypes.class);
-  private ComponentCleanerService underTest = new ComponentCleanerService(dbClient, mockResourceTypes, new ProjectIndexer[] {projectIndexer});
+  private ComponentCleanerService underTest = new ComponentCleanerService(dbClient, mockResourceTypes, projectIndexer);
 
   @Test
   public void delete_project_from_db_and_index() {

diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceTest.java
index e22fd6d91ca6fdd57b4b82355f23c99868297a48..b024080d096e55965fd1d806976b321440b2d480 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceTest.java
@@ -53,7 +53,7 @@ public class ComponentServiceTest {
   private DbSession dbSession = dbTester.getSession();
   private ProjectIndexer projectIndexer = mock(ProjectIndexer.class);
 
-  private ComponentService underTest = new ComponentService(dbClient, userSession, new ProjectIndexer[] {projectIndexer});
+  private ComponentService underTest = new ComponentService(dbClient, userSession, projectIndexer);
 
   @Test
   public void should_fail_silently_on_components_not_found_if_told_so() {

diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceUpdateKeyTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceUpdateKeyTest.java
index 62e1ee7484afbb0d713b734ca62574c1536cb20e..92500b50f1e5fd49cf0915ca59b93c5969b25cb9 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceUpdateKeyTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentServiceUpdateKeyTest.java
@@ -59,7 +59,7 @@ public class ComponentServiceUpdateKeyTest {
   private DbClient dbClient = db.getDbClient();
   private DbSession dbSession = db.getSession();
   private ProjectIndexer projectIndexer = mock(ProjectIndexer.class);
-  private ComponentService underTest = new ComponentService(dbClient, userSession, new ProjectIndexer[] {projectIndexer});
+  private ComponentService underTest = new ComponentService(dbClient, userSession, projectIndexer);
 
   @Test
   public void update_project_key() {

diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentUpdaterTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentUpdaterTest.java
index 289f8d538d43297dd905ae5be7977ac8e7599ea1..d3ca2eea18f7771cf5a50d85af5de51fc455f177 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentUpdaterTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentUpdaterTest.java
@@ -63,7 +63,7 @@ public class ComponentUpdaterTest {
   private ComponentUpdater underTest = new ComponentUpdater(db.getDbClient(), i18n, system2,
     permissionTemplateService,
     new FavoriteUpdater(db.getDbClient()),
-    new ProjectIndexer[] {projectIndexer});
+    projectIndexer);
 
   @Test
   public void should_persist_and_index_when_creating_project() throws Exception {

diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java
index d18a9a66478dca2430231d18535406d32e47fbaa..ec2f9955097566a490c7ec513dbe061663d6094a 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerDaoTest.java
@@ -44,7 +44,6 @@ import static java.util.Arrays.asList;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.resources.Qualifiers.PROJECT;
 import static org.sonar.api.resources.Qualifiers.VIEW;
-import static org.sonar.api.security.DefaultGroups.ANYONE;
 import static org.sonar.api.web.UserRole.ADMIN;
 import static org.sonar.api.web.UserRole.USER;
 
@@ -88,25 +87,29 @@ public class PermissionIndexerDaoTest {
     assertThat(dtos).hasSize(4);
 
     PermissionIndexerDao.Dto project1Authorization = getByProjectUuid(project1.uuid(), dtos);
-    assertThat(project1Authorization.getGroups()).containsOnly(ANYONE, group.getName());
+    assertThat(project1Authorization.getGroups()).containsOnly(group.getName());
+    assertThat(project1Authorization.isAllowAnyone()).isTrue();
     assertThat(project1Authorization.getUsers()).containsOnly(user1.getId());
     assertThat(project1Authorization.getUpdatedAt()).isNotNull();
     assertThat(project1Authorization.getQualifier()).isEqualTo(PROJECT);
 
     PermissionIndexerDao.Dto view1Authorization = getByProjectUuid(view1.uuid(), dtos);
-    assertThat(view1Authorization.getGroups()).containsOnly(ANYONE, group.getName());
+    assertThat(view1Authorization.getGroups()).containsOnly(group.getName());
+    assertThat(view1Authorization.isAllowAnyone()).isTrue();
     assertThat(view1Authorization.getUsers()).containsOnly(user1.getId());
     assertThat(view1Authorization.getUpdatedAt()).isNotNull();
     assertThat(view1Authorization.getQualifier()).isEqualTo(VIEW);
 
     PermissionIndexerDao.Dto project2Authorization = getByProjectUuid(project2.uuid(), dtos);
-    assertThat(project2Authorization.getGroups()).containsOnly(ANYONE);
+    assertThat(project2Authorization.getGroups()).isEmpty();
+    assertThat(project2Authorization.isAllowAnyone()).isTrue();
     assertThat(project2Authorization.getUsers()).containsOnly(user1.getId(), user2.getId());
     assertThat(project2Authorization.getUpdatedAt()).isNotNull();
     assertThat(project2Authorization.getQualifier()).isEqualTo(PROJECT);
 
     PermissionIndexerDao.Dto view2Authorization = getByProjectUuid(view2.uuid(), dtos);
-    assertThat(view2Authorization.getGroups()).containsOnly(ANYONE);
+    assertThat(view2Authorization.getGroups()).isEmpty();
+    assertThat(view2Authorization.isAllowAnyone()).isTrue();
     assertThat(view2Authorization.getUsers()).containsOnly(user1.getId(), user2.getId());
     assertThat(view2Authorization.getUpdatedAt()).isNotNull();
     assertThat(view2Authorization.getQualifier()).isEqualTo(VIEW);
@@ -122,25 +125,29 @@ public class PermissionIndexerDaoTest {
     assertThat(dtos).hasSize(4);
 
     PermissionIndexerDao.Dto project1Authorization = dtos.get(project1.uuid());
-    assertThat(project1Authorization.getGroups()).containsOnly(ANYONE, group.getName());
+    assertThat(project1Authorization.getGroups()).containsOnly(group.getName());
+    assertThat(project1Authorization.isAllowAnyone()).isTrue();
     assertThat(project1Authorization.getUsers()).containsOnly(user1.getId());
     assertThat(project1Authorization.getUpdatedAt()).isNotNull();
     assertThat(project1Authorization.getQualifier()).isEqualTo(PROJECT);
 
     PermissionIndexerDao.Dto view1Authorization = dtos.get(view1.uuid());
-    assertThat(view1Authorization.getGroups()).containsOnly(ANYONE, group.getName());
+    assertThat(view1Authorization.getGroups()).containsOnly(group.getName());
+    assertThat(view1Authorization.isAllowAnyone()).isTrue();
     assertThat(view1Authorization.getUsers()).containsOnly(user1.getId());
     assertThat(view1Authorization.getUpdatedAt()).isNotNull();
     assertThat(view1Authorization.getQualifier()).isEqualTo(VIEW);
 
     PermissionIndexerDao.Dto project2Authorization = dtos.get(project2.uuid());
-    assertThat(project2Authorization.getGroups()).containsOnly(ANYONE);
+    assertThat(project2Authorization.getGroups()).isEmpty();
+    assertThat(project2Authorization.isAllowAnyone()).isTrue();
     assertThat(project2Authorization.getUsers()).containsOnly(user1.getId(), user2.getId());
     assertThat(project2Authorization.getUpdatedAt()).isNotNull();
     assertThat(project2Authorization.getQualifier()).isEqualTo(PROJECT);
 
     PermissionIndexerDao.Dto view2Authorization = dtos.get(view2.uuid());
-    assertThat(view2Authorization.getGroups()).containsOnly(ANYONE);
+    assertThat(view2Authorization.getGroups()).isEmpty();
+    assertThat(view2Authorization.isAllowAnyone()).isTrue();
     assertThat(view2Authorization.getUsers()).containsOnly(user1.getId(), user2.getId());
     assertThat(view2Authorization.getUpdatedAt()).isNotNull();
     assertThat(view2Authorization.getQualifier()).isEqualTo(VIEW);

diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java
index 7b82ad35145c04d9f74ab08f31a546263ca03d86..60bb699a576cfd3c657ed33c460831f2734783bc 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/index/PermissionIndexerTest.java
@@ -28,6 +28,7 @@ import org.sonar.api.utils.System2;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDbTester;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.user.GroupDto;
 import org.sonar.db.user.UserDbTester;
 import org.sonar.db.user.UserDto;
@@ -90,7 +91,7 @@ public class PermissionIndexerTest {
     underTest.indexAllIfEmpty();
 
     // anonymous
-    verifyAnonymousNotAuthorized(project);
+    verifyAnyoneNotAuthorized(project);
 
     // user1 has access
     verifyAuthorized(project, user1);
@@ -113,7 +114,7 @@ public class PermissionIndexerTest {
     underTest.indexAllIfEmpty();
 
     // anonymous
-    verifyAnonymousNotAuthorized(project);
+    verifyAnyoneNotAuthorized(project);
 
     // group1 has access
     verifyAuthorized(project, user1, group1);
@@ -138,7 +139,7 @@ public class PermissionIndexerTest {
     underTest.indexAllIfEmpty();
 
     // anonymous
-    verifyAnonymousNotAuthorized(project);
+    verifyAnyoneNotAuthorized(project);
 
     // has direct access
     verifyAuthorized(project, user1);
@@ -158,7 +159,7 @@ public class PermissionIndexerTest {
 
     underTest.indexAllIfEmpty();
 
-    verifyAnonymousNotAuthorized(project);
+    verifyAnyoneNotAuthorized(project);
     verifyNotAuthorized(project, user);
     verifyNotAuthorized(project, user, group);
   }
@@ -172,7 +173,7 @@ public class PermissionIndexerTest {
 
     underTest.indexAllIfEmpty();
 
-    verifyAnonymousAuthorized(project);
+    verifyAnyoneAuthorized(project);
     verifyAuthorized(project, user);
     verifyAuthorized(project, user, group);
   }
@@ -189,7 +190,7 @@ public class PermissionIndexerTest {
 
     underTest.indexAllIfEmpty();
 
-    verifyAnonymousNotAuthorized(project);
+    verifyAnyoneNotAuthorized(project);
     verifyAuthorized(project, user1);
     verifyNotAuthorized(project, user2);
   }
@@ -226,10 +227,26 @@ public class PermissionIndexerTest {
 
     underTest.indexAllIfEmpty();
 
-    verifyAnonymousNotAuthorized(project);
+    verifyAnyoneNotAuthorized(project);
     verifyNotAuthorized(project, user1);
   }
 
+  @Test
+  public void permissions_on_anyone_should_not_conflict_between_organizations() {
+    ComponentDto projectOnOrg1 = createAndIndexProject(dbTester.organizations().insert());
+    ComponentDto projectOnOrg2 = createAndIndexProject(dbTester.organizations().insert());
+    UserDto user = userDbTester.insertUser();
+    userDbTester.insertProjectPermissionOnAnyone(USER, projectOnOrg1);
+    userDbTester.insertProjectPermissionOnUser(user, USER, projectOnOrg2);
+
+    underTest.indexAllIfEmpty();
+
+    verifyAnyoneAuthorized(projectOnOrg1);
+    verifyAnyoneNotAuthorized(projectOnOrg2);
+    verifyAuthorized(projectOnOrg1, user);// because anyone
+    verifyAuthorized(projectOnOrg2, user);
+  }
+
   private void verifyAuthorized(ComponentDto project, UserDto user) {
     logIn(user);
     verifyAuthorized(project, true);
@@ -250,12 +267,12 @@ public class PermissionIndexerTest {
     verifyAuthorized(project, false);
   }
 
-  private void verifyAnonymousAuthorized(ComponentDto project) {
+  private void verifyAnyoneAuthorized(ComponentDto project) {
     userSession.anonymous();
     verifyAuthorized(project, true);
   }
 
-  private void verifyAnonymousNotAuthorized(ComponentDto project) {
+  private void verifyAnyoneNotAuthorized(ComponentDto project) {
     userSession.anonymous();
     verifyAuthorized(project, false);
   }
@@ -274,4 +291,10 @@ public class PermissionIndexerTest {
     fooIndexer.indexProject(project.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
     return project;
   }
+
+  private ComponentDto createAndIndexProject(OrganizationDto org) {
+    ComponentDto project = componentDbTester.insertProject(org);
+    fooIndexer.indexProject(project.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
+    return project;
+  }
 }