SONAR-16246 Fix incorrect warning in portfolio view when user has relevant permissions

diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
index 1809f5a49386b4b1e83078466fffb128e9f7cb3b..914b2a985f6d72bc8911040de7d9c2d7b3edb83e 100644 (file)
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/user/ServerUserSession.java
@@ -59,10 +59,11 @@ public class ServerUserSession extends AbstractUserSession {
   private final UserDto userDto;
   private final DbClient dbClient;
   private final Map<String, String> projectUuidByComponentUuid = new HashMap<>();
+  private final Map<String, Set<String>> permissionsByProjectUuid = new HashMap<>();
+
   private Collection<GroupDto> groups;
   private Boolean isSystemAdministrator;
   private Set<GlobalPermission> permissions;
-  private Map<String, Set<String>> permissionsByProjectUuid;
 
   public ServerUserSession(DbClient dbClient, @Nullable UserDto userDto) {
     this.dbClient = dbClient;
@@ -164,41 +165,44 @@ public class ServerUserSession extends AbstractUserSession {
 
   @Override
   protected boolean hasProjectUuidPermission(String permission, String projectUuid) {
-    if (permissionsByProjectUuid == null) {
-      permissionsByProjectUuid = new HashMap<>();
-    }
     return hasPermission(permission, projectUuid);
   }
 
   @Override
   protected boolean hasChildProjectsPermission(String permission, String applicationUuid) {
-    if (permissionsByProjectUuid == null) {
-      permissionsByProjectUuid = new HashMap<>();
-    }
-
     Set<String> childProjectUuids = loadChildProjectUuids(applicationUuid);
-
-    return childProjectUuids
-      .stream()
-      .map(uuid -> hasPermission(permission, uuid))
-      .allMatch(Boolean::valueOf);
+    return childProjectUuids.stream()
+      .allMatch(uuid -> hasPermission(permission, uuid));
   }
 
   @Override
   protected boolean hasPortfolioChildProjectsPermission(String permission, String portfolioUuid) {
-    if (permissionsByProjectUuid == null) {
-      permissionsByProjectUuid = new HashMap<>();
-    }
-
     Set<ComponentDto> portfolioHierarchyComponents = resolvePortfolioHierarchyComponents(portfolioUuid);
+    Set<String> branchUuids = findBranchUuids(portfolioHierarchyComponents);
+    Set<String> projectUuids = findProjectUuids(branchUuids);
 
-    Set<String> portfolioHierarchyComponentUuids = portfolioHierarchyComponents.stream().map(ComponentDto::getCopyComponentUuid).collect(Collectors.toSet());
-
-    return portfolioHierarchyComponentUuids
-      .stream()
+    return projectUuids.stream()
       .allMatch(uuid -> hasPermission(permission, uuid));
   }
 
+  private static Set<String> findBranchUuids(Set<ComponentDto> portfolioHierarchyComponents) {
+    return portfolioHierarchyComponents.stream()
+      .map(ComponentDto::getCopyComponentUuid)
+      .collect(Collectors.toSet());
+  }
+
+  private Set<String> findProjectUuids(Set<String> branchesComponents) {
+    try (DbSession dbSession = dbClient.openSession(false)) {
+      return dbClient.componentDao().selectByUuids(dbSession, branchesComponents).stream()
+        .map(ServerUserSession::getProjectId)
+        .collect(toSet());
+    }
+  }
+
+  private static String getProjectId(ComponentDto branchComponent) {
+    return Optional.ofNullable(branchComponent.getMainBranchProjectUuid()).orElse(branchComponent.uuid());
+  }
+
   private boolean hasPermission(String permission, String projectUuid) {
     Set<String> projectPermissions = permissionsByProjectUuid.computeIfAbsent(projectUuid, this::loadProjectPermissions);
     return projectPermissions.contains(permission);