package org.sonar.server.issue.db;
import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.ImmutableList;
import org.apache.ibatis.session.ResultContext;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.utils.System2;
import java.util.Date;
import java.util.HashMap;
-import java.util.List;
import java.util.Map;
-import static com.google.common.collect.Maps.newHashMap;
-
public class IssueAuthorizationDao extends BaseDao<IssueAuthorizationMapper, IssueAuthorizationDto, String> implements DaoComponent {
public static final String PROJECT_KEY = "project";
return finalParams;
}
- @Override
- public List<IssueAuthorizationDto> findAfterDate(DbSession session, Date date) {
-
- Map<String, Object> params = newHashMap();
- params.put("date", date);
- params.put("permission", UserRole.USER);
- params.put("anyone", DefaultGroups.ANYONE);
-
- Map<String, IssueAuthorizationDto> authorizationDtoMap = newHashMap();
-
- List<Map<String, Object>> rows = session.selectList("org.sonar.core.issue.db.IssueAuthorizationMapper.selectAfterDate", params);
- for (Map<String, Object> row : rows) {
- String project = (String) row.get("project");
- String user = (String) row.get("permissionUser");
- String group = (String) row.get("permissionGroup");
- Date updatedAt = (Date) row.get("updatedAt");
- IssueAuthorizationDto issueAuthorizationDto = authorizationDtoMap.get(project);
- if (issueAuthorizationDto == null) {
- issueAuthorizationDto = new IssueAuthorizationDto()
- .setProject(project)
- .setPermission(UserRole.USER);
- issueAuthorizationDto.setUpdatedAt(updatedAt);
- }
- if (group != null) {
- issueAuthorizationDto.addGroup(group);
- }
- if (user != null) {
- issueAuthorizationDto.addUser(user);
- }
- authorizationDtoMap.put(project, issueAuthorizationDto);
- }
-
- return ImmutableList.<IssueAuthorizationDto>copyOf(authorizationDtoMap.values());
- }
-
protected void doDeleteByKey(DbSession session, String key) {
// Nothing to do on db side, only remove the index (done in BaseDao)
}
package org.sonar.server.permission;
+import com.google.common.collect.ImmutableMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonar.api.ServerComponent;
import org.sonar.server.db.DbClient;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.issue.db.IssueAuthorizationDao;
import org.sonar.server.issue.index.IssueAuthorizationIndex;
import org.sonar.server.search.IndexClient;
import org.sonar.server.user.UserSession;
} finally {
session.close();
}
- synchronizePermissions();
+ synchronizePermissions(componentKey);
}
public void applyPermissionTemplate(Map<String, Object> params) {
throw new IllegalStateException("Unable to find component with key " + componentKey);
}
permissionFacade.applyPermissionTemplate(session, query.getTemplateKey(), component.getId());
+ synchronizePermissions(componentKey);
}
-
session.commit();
} finally {
session.close();
}
- synchronizePermissions();
}
private void changePermission(String permissionChange, Map<String, Object> params) {
} finally {
session.close();
}
- if (changed) {
- synchronizePermissions();
+ String project = permissionChangeQuery.component();
+ if (changed && project != null) {
+ synchronizePermissions(project);
}
}
}
}
- private void synchronizePermissions() {
+ private void synchronizePermissions(String projectKey) {
// The synchronisation cannot use an existing session, otherwise it's failing with the error :
// org.apache.ibatis.executor.ExecutorException: Executor was closed
DbSession session = dbClient.openSession(false);
try {
- dbClient.issueAuthorizationDao().synchronizeAfter(session, index.get(IssueAuthorizationIndex.class).getLastSynchronization());
+ dbClient.issueAuthorizationDao().synchronizeAfter(session,
+ index.get(IssueAuthorizationIndex.class).getLastSynchronization(),
+ ImmutableMap.of(IssueAuthorizationDao.PROJECT_KEY, projectKey));
} finally {
session.close();
}
package org.sonar.server.issue.db;
+import com.google.common.collect.ImmutableMap;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.sonar.api.utils.DateUtils;
import org.sonar.api.utils.System2;
-import org.sonar.core.issue.db.IssueAuthorizationDto;
import org.sonar.core.persistence.AbstractDaoTestCase;
import org.sonar.core.persistence.DbSession;
}
@Test(expected = IllegalStateException.class)
- public void get_nullable_by_key_is_not_implemented(){
+ public void get_nullable_by_key_is_not_implemented() {
assertThat(dao.getNullableByKey(session, "sonar"));
}
@Test
- public void find_after_date(){
- setupData("find_after_date");
-
- Iterable<IssueAuthorizationDto> results = dao.findAfterDate(session, new Date(0));
- assertThat(results).hasSize(1);
-
- IssueAuthorizationDto dto = results.iterator().next();
- assertThat(dto.getProject()).isEqualTo("org.struts:struts");
- assertThat(dto.getKey()).isEqualTo("org.struts:struts");
- assertThat(dto.getPermission()).isEqualTo("user");
- assertThat(dto.getGroups()).containsExactly("Anyone", "devs");
- assertThat(dto.getUsers()).containsExactly("user1");
- assertThat(dto.getUpdatedAt()).isEqualTo(DateUtils.parseDate("2014-01-01"));
+ public void synchronize_after_since_beginning() throws Exception {
+ setupData("synchronize_after_since_beginning");
+
+ assertThat(session.getActionCount()).isEqualTo(0);
+
+ dao.synchronizeAfter(session, new Date(0));
+
+ assertThat(session.getActionCount()).isEqualTo(1);
}
@Test
- public void find_after_date_return_dtos_after_given_date(){
- setupData("find_after_date_return_dtos_after_given_date");
+ public void synchronize_after_since_given_date() {
+ setupData("synchronize_after_since_given_date");
- assertThat(dao.findAfterDate(session, new Date(0))).hasSize(2);
+ dao.synchronizeAfter(session, DateUtils.parseDate("2014-09-01"));
+ assertThat(session.getActionCount()).isEqualTo(1);
+ }
- assertThat(dao.findAfterDate(session, DateUtils.parseDate("2014-09-01"))).hasSize(1);
+ @Test
+ public void synchronize_after_with_project() {
+ setupData("synchronize_after_with_project");
+
+ dao.synchronizeAfter(session, DateUtils.parseDate("2014-01-01"), ImmutableMap.of(IssueAuthorizationDao.PROJECT_KEY, "org.sonar:sample"));
+ assertThat(session.getActionCount()).isEqualTo(1);
}
+
}
service.addPermission(params);
verify(permissionFacade).insertUserPermission(eq((Long) null), eq(2L), eq("shareDashboard"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verifyZeroInteractions(issueAuthorizationDao);
}
@Test
service.addPermission(params);
verify(permissionFacade).insertUserPermission(eq(10L), eq(2L), eq("user"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "org.sample.Sample")));
}
@Test
service.removePermission(params);
verify(permissionFacade).deleteUserPermission(eq((Long) null), eq(2L), eq("profileadmin"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verifyZeroInteractions(issueAuthorizationDao);
}
@Test
service.removePermission(params);
verify(permissionFacade).deleteUserPermission(eq(10L), eq(2L), eq("codeviewer"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "org.sample.Sample")));
}
@Test
service.addPermission(params);
verify(permissionFacade).insertGroupPermission(eq((Long) null), eq(2L), eq("shareDashboard"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verifyZeroInteractions(issueAuthorizationDao);
}
@Test
service.addPermission(params);
verify(permissionFacade).insertGroupPermission(eq(10L), eq(2L), eq("user"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "org.sample.Sample")));
}
@Test
service.addPermission(params);
verify(permissionFacade).insertGroupPermission(eq((Long) null), eq((Long) null), eq("profileadmin"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verifyZeroInteractions(issueAuthorizationDao);
}
@Test
service.addPermission(params);
verify(permissionFacade).insertGroupPermission(eq(10L), eq((Long) null), eq("user"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "org.sample.Sample")));
}
@Test
service.removePermission(params);
verify(permissionFacade).deleteGroupPermission(eq((Long) null), eq(2L), eq("profileadmin"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verifyZeroInteractions(issueAuthorizationDao);
}
@Test
service.removePermission(params);
verify(permissionFacade).deleteGroupPermission(eq(10L), eq(2L), eq("codeviewer"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "org.sample.Sample")));
}
@Test
service.removePermission(params);
verify(permissionFacade).deleteGroupPermission(eq((Long) null), eq((Long) null), eq("profileadmin"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verifyZeroInteractions(issueAuthorizationDao);
}
@Test
service.removePermission(params);
verify(permissionFacade).deleteGroupPermission(eq(10L), eq((Long) null), eq("codeviewer"), eq(session));
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "org.sample.Sample")));
}
@Test
verify(permissionFacade).applyPermissionTemplate(session, "my_template_key", 2L);
verify(permissionFacade).applyPermissionTemplate(session, "my_template_key", 3L);
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "org.sample.Sample1")));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "org.sample.Sample2")));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "org.sample.Sample3")));
}
@Test(expected = ForbiddenException.class)
service.applyPermissionTemplate(params);
verify(permissionFacade).applyPermissionTemplate(session, "my_template_key", 1L);
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "org.sample.Sample")));
}
@Test(expected = ForbiddenException.class)
service.applyDefaultPermissionTemplate(componentKey);
verify(permissionFacade).grantDefaultRoles(session, componentId, qualifier);
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "component")));
}
@Test(expected = ForbiddenException.class)
when(resourceDao.selectProvisionedProject(session, componentKey)).thenReturn(mock(ResourceDto.class));
service.applyDefaultPermissionTemplate(componentKey);
- verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class));
+ verify(issueAuthorizationDao).synchronizeAfter(eq(session), any(Date.class), eq(ImmutableMap.of("project", "component")));
}
private Map<String, Object> buildPermissionChangeParams(String login, String group, String permission) {
+++ /dev/null
-<dataset>
-
- <projects id="1" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="2014-01-01"/>
-
- <groups id="100" name="devs"/>
-
- <users id="10" login="user1" name="User 1" email="user1@company.net" active="[true]"/>
-
- <user_roles id="1" user_id="10" resource_id="1" role="user"/>
- <user_roles id="2" user_id="10" resource_id="1" role="admin"/>
- <user_roles id="3" user_id="10" resource_id="2" role="user"/>
-
- <group_roles id="1" group_id="100" resource_id="1" role="user"/>
- <group_roles id="2" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="3" group_id="100" resource_id="2" role="user"/>
-
- <!-- Anyone group -->
-
- <group_roles id="4" group_id="[null]" resource_id="1" role="user"/>
- <group_roles id="5" group_id="[null]" resource_id="1" role="admin"/>
- <group_roles id="6" group_id="[null]" resource_id="2" role="user"/>
-
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <projects id="1" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
- description="the description" long_name="Apache Struts"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="2014-01-01"/>
-
- <projects id="2" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.sonar.sample" name="Sample"
- description="the description" long_name="Sample"
- enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
- authorization_updated_at="2014-09-05"/>
-
- <groups id="100" name="devs"/>
-
- <!-- Permissions for user 1 -->
-
- <users id="10" login="user1" name="User 1" email="user1@company.net" active="[true]"/>
-
- <user_roles id="1" user_id="10" resource_id="1" role="user"/>
- <user_roles id="2" user_id="10" resource_id="1" role="admin"/>
- <user_roles id="3" user_id="10" resource_id="2" role="user"/>
-
- <group_roles id="1" group_id="100" resource_id="1" role="user"/>
- <group_roles id="2" group_id="100" resource_id="1" role="admin"/>
- <group_roles id="3" group_id="100" resource_id="2" role="user"/>
-
- <!-- Anyone group -->
-
- <group_roles id="4" group_id="[null]" resource_id="1" role="user"/>
- <group_roles id="5" group_id="[null]" resource_id="1" role="admin"/>
- <group_roles id="6" group_id="[null]" resource_id="2" role="user"/>
-
-
- <!-- Permissions for user 2 -->
-
- <users id="11" login="user2" name="User 2" email="user2@company.net" active="[true]"/>
-
- <user_roles id="4" user_id="10" resource_id="1" role="user"/>
- <user_roles id="5" user_id="10" resource_id="2" role="user"/>
-
- <group_roles id="10" group_id="100" resource_id="1" role="user"/>
- <group_roles id="11" group_id="100" resource_id="2" role="user"/>
-
-</dataset>
--- /dev/null
+<dataset>
+
+ <projects id="1" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="2014-01-01"/>
+
+ <groups id="100" name="devs"/>
+
+ <users id="10" login="user1" name="User 1" email="user1@company.net" active="[true]"/>
+
+ <user_roles id="1" user_id="10" resource_id="1" role="user"/>
+ <user_roles id="2" user_id="10" resource_id="1" role="admin"/>
+ <user_roles id="3" user_id="10" resource_id="2" role="user"/>
+
+ <group_roles id="1" group_id="100" resource_id="1" role="user"/>
+ <group_roles id="2" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="3" group_id="100" resource_id="2" role="user"/>
+
+ <!-- Anyone group -->
+
+ <group_roles id="4" group_id="[null]" resource_id="1" role="user"/>
+ <group_roles id="5" group_id="[null]" resource_id="1" role="admin"/>
+ <group_roles id="6" group_id="[null]" resource_id="2" role="user"/>
+
+
+</dataset>
--- /dev/null
+<dataset>
+
+ <projects id="1" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="2014-01-01"/>
+
+ <projects id="2" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.sonar.sample" name="Sample"
+ description="the description" long_name="Sample"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="2014-09-05"/>
+
+ <groups id="100" name="devs"/>
+
+ <!-- Permissions for user 1 -->
+
+ <users id="10" login="user1" name="User 1" email="user1@company.net" active="[true]"/>
+
+ <user_roles id="1" user_id="10" resource_id="1" role="user"/>
+ <user_roles id="2" user_id="10" resource_id="1" role="admin"/>
+ <user_roles id="3" user_id="10" resource_id="2" role="user"/>
+
+ <group_roles id="1" group_id="100" resource_id="1" role="user"/>
+ <group_roles id="2" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="3" group_id="100" resource_id="2" role="user"/>
+
+ <!-- Anyone group -->
+
+ <group_roles id="4" group_id="[null]" resource_id="1" role="user"/>
+ <group_roles id="5" group_id="[null]" resource_id="1" role="admin"/>
+ <group_roles id="6" group_id="[null]" resource_id="2" role="user"/>
+
+
+ <!-- Permissions for user 2 -->
+
+ <users id="11" login="user2" name="User 2" email="user2@company.net" active="[true]"/>
+
+ <user_roles id="4" user_id="10" resource_id="1" role="user"/>
+ <user_roles id="5" user_id="10" resource_id="2" role="user"/>
+
+ <group_roles id="10" group_id="100" resource_id="1" role="user"/>
+ <group_roles id="11" group_id="100" resource_id="2" role="user"/>
+
+</dataset>
--- /dev/null
+
+<dataset>
+
+ <groups id="100" name="devs"/>
+
+ <users id="10" login="user1" name="User 1" email="user1@company.net" active="[true]"/>
+
+
+ <!-- Project 1 -->
+
+ <projects id="1" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+ description="the description" long_name="Apache Struts"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="2014-01-01"/>
+
+ <user_roles id="1" user_id="10" resource_id="1" role="user"/>
+ <user_roles id="2" user_id="10" resource_id="1" role="admin"/>
+ <user_roles id="3" user_id="10" resource_id="2" role="user"/>
+
+
+ <!-- Project 2 -->
+
+ <projects id="2" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.sonar:sample" name="Struts"
+ description="the description" long_name="SonarQube Sample"
+ enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+ authorization_updated_at="2014-01-02"/>
+
+ <user_roles id="10" user_id="10" resource_id="2" role="user"/>
+ <user_roles id="11" user_id="10" resource_id="2" role="admin"/>
+
+</dataset>
INNER JOIN users ON users.id = user_roles.user_id
WHERE
projects.authorization_updated_at >= #{date}
+ <if test="project != null">
+ and projects.kee = #{project}
+ </if>
UNION
-- groups without Anyone
SELECT
INNER JOIN groups ON groups.id = group_roles.group_id
WHERE
projects.authorization_updated_at >= #{date}
+ <if test="project != null">
+ and projects.kee = #{project}
+ </if>
AND group_id IS NOT NULL
UNION
-- Anyone groups
INNER JOIN group_roles ON group_roles.resource_id = projects.id AND group_roles.role = #{permission}
WHERE
projects.authorization_updated_at >= #{date}
+ <if test="project != null">
+ and projects.kee = #{project}
+ </if>
AND group_roles.group_id IS NULL
) project_authorization
</select>
projects / sonarqube.git / commitdiff