SONAR-4050 The roles on each project are re-initialized with the default values as...

diff --git a/sonar-batch/src/main/java/org/sonar/batch/index/DefaultResourcePersister.java b/sonar-batch/src/main/java/org/sonar/batch/index/DefaultResourcePersister.java
index 77b97879ced37cee6c46ba6785acd0e8c3f01eb7..93b48113c9238bd9cf977905ebb74d9b4262412e 100644 (file)
--- a/sonar-batch/src/main/java/org/sonar/batch/index/DefaultResourcePersister.java
+++ b/sonar-batch/src/main/java/org/sonar/batch/index/DefaultResourcePersister.java
@@ -25,12 +25,18 @@ import org.apache.commons.lang.StringUtils;
 import org.sonar.api.database.DatabaseSession;
 import org.sonar.api.database.model.ResourceModel;
 import org.sonar.api.database.model.Snapshot;
-import org.sonar.api.resources.*;
+import org.sonar.api.resources.Library;
+import org.sonar.api.resources.Project;
+import org.sonar.api.resources.Qualifiers;
+import org.sonar.api.resources.Resource;
+import org.sonar.api.resources.ResourceUtils;
+import org.sonar.api.resources.Scopes;
 import org.sonar.api.security.ResourcePermissions;
 import org.sonar.api.utils.SonarException;
 
 import javax.persistence.NonUniqueResultException;
 import javax.persistence.Query;
+
 import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
@@ -88,7 +94,9 @@ public final class DefaultResourcePersister implements ResourcePersister {
     snapshot = session.save(snapshot);
     session.commit();
 
-    permissions.grantDefaultRoles(project);
+    if (!permissions.hasRoles(project)) {
+      permissions.grantDefaultRoles(project);
+    }
 
     return snapshot;
   }

diff --git a/sonar-batch/src/test/java/org/sonar/batch/index/DefaultResourcePersisterTest.java b/sonar-batch/src/test/java/org/sonar/batch/index/DefaultResourcePersisterTest.java
index 3d35e195e0a584962e1ee33f5baaf6ad1619d5c3..a9ea3b30b511053533ca22c9c8829a4cbee05a58 100644 (file)
--- a/sonar-batch/src/test/java/org/sonar/batch/index/DefaultResourcePersisterTest.java
+++ b/sonar-batch/src/test/java/org/sonar/batch/index/DefaultResourcePersisterTest.java
@@ -38,6 +38,9 @@ import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase {
 
@@ -72,7 +75,7 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase {
     ResourcePersister persister = new DefaultResourcePersister(getSession(), mock(ResourcePermissions.class));
     persister.saveProject(singleProject, null);
 
-    checkTables("shouldSaveNewProject", new String[] {"build_date", "created_at"}, "projects", "snapshots");
+    checkTables("shouldSaveNewProject", new String[]{"build_date", "created_at"}, "projects", "snapshots");
 
     // SONAR-3636 : created_at must be fed when inserting a new entry in the 'projects' table
     ResourceModel model = getSession().getSingleResult(ResourceModel.class, "key", singleProject.getKey());
@@ -89,7 +92,7 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase {
     persister.saveProject(moduleB, multiModuleProject);
     persister.saveProject(moduleB1, moduleB);
 
-    checkTables("shouldSaveNewMultiModulesProject", new String[] {"build_date", "created_at"}, "projects", "snapshots");
+    checkTables("shouldSaveNewMultiModulesProject", new String[]{"build_date", "created_at"}, "projects", "snapshots");
   }
 
   @Test
@@ -101,8 +104,9 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase {
     persister.saveResource(singleProject, new JavaPackage("org.foo").setEffectiveKey("foo:org.foo"));
 
     // check that the directory is attached to the project
-    checkTables("shouldSaveNewDirectory", new String[] {"build_date", "created_at"}, "projects", "snapshots");
+    checkTables("shouldSaveNewDirectory", new String[]{"build_date", "created_at"}, "projects", "snapshots");
   }
+
   @Test
   public void shouldSaveNewLibrary() {
     setupData("shared");
@@ -113,7 +117,7 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase {
     persister.saveResource(singleProject, new Library("junit:junit", "4.8.2").setEffectiveKey("junit:junit"));// do nothing, already saved
     persister.saveResource(singleProject, new Library("junit:junit", "3.2").setEffectiveKey("junit:junit"));
 
-    checkTables("shouldSaveNewLibrary", new String[] {"build_date", "created_at"}, "projects", "snapshots");
+    checkTables("shouldSaveNewLibrary", new String[]{"build_date", "created_at"}, "projects", "snapshots");
   }
 
   @Test
@@ -141,7 +145,7 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase {
     singleProject.setDescription("new description");
     persister.saveProject(singleProject, null);
 
-    checkTables("shouldUpdateExistingResource", new String[] {"build_date", "created_at"}, "projects", "snapshots");
+    checkTables("shouldUpdateExistingResource", new String[]{"build_date", "created_at"}, "projects", "snapshots");
   }
 
   // SONAR-1700
@@ -152,7 +156,33 @@ public class DefaultResourcePersisterTest extends AbstractDbUnitTestCase {
     ResourcePersister persister = new DefaultResourcePersister(getSession(), mock(ResourcePermissions.class));
     persister.saveProject(singleProject, null);
 
-    checkTables("shouldRemoveRootIndexIfResourceIsProject", new String[] {"build_date", "created_at"}, "projects", "snapshots");
+    checkTables("shouldRemoveRootIndexIfResourceIsProject", new String[]{"build_date", "created_at"}, "projects", "snapshots");
+  }
+
+  @Test
+  public void shouldGrantDefaultPermissionsIfNewProject() {
+    setupData("shared");
+
+    ResourcePermissions permissions = mock(ResourcePermissions.class);
+    when(permissions.hasRoles(singleProject)).thenReturn(false);
+
+    ResourcePersister persister = new DefaultResourcePersister(getSession(), permissions);
+    persister.saveProject(singleProject, null);
+
+    verify(permissions).grantDefaultRoles(singleProject);
+  }
+
+  @Test
+  public void shouldNotGrantDefaultPermissionsIfExistingProject() {
+    setupData("shared");
+
+    ResourcePermissions permissions = mock(ResourcePermissions.class);
+    when(permissions.hasRoles(singleProject)).thenReturn(true);
+
+    ResourcePersister persister = new DefaultResourcePersister(getSession(), permissions);
+    persister.saveProject(singleProject, null);
+
+    verify(permissions, never()).grantDefaultRoles(singleProject);
   }
 
   private static Project newProject(String key, String language) {

diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissions.java b/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissions.java
index 7c20de3883fb59b76a60ae384262dcd29924e502..b3eff260a2561fac7b835d8c25fc0932ea504794 100644 (file)
--- a/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissions.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/security/ResourcePermissions.java
@@ -39,6 +39,9 @@ public interface ResourcePermissions extends BatchComponent, ServerComponent {
 
   /**
    * Limitation - the resource id is used instead of logical key.
+   * Important note : the existing roles are overridden by default ones, so it's recommended
+   * to check that {@link ResourcePermissions#hasRoles(org.sonar.api.resources.Resource)} is
+   * false before executing this method.
    */
   void grantDefaultRoles(Resource resource);