public void applyPermissionTemplate(Long templateId, Long resourceId) {
SqlSession session = myBatis.openSession();
try {
+ removeAllPermissions(resourceId, session);
PermissionTemplateDto permissionTemplate = getPermissionTemplate(templateId);
List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions();
if(usersPermissions != null) {
List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions();
if(groupsPermissions != null) {
for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
- addGroupPermission(resourceId, groupPermission.getGroupName(), groupPermission.getPermission(), session);
+ String groupName = groupPermission.getGroupName() == null ? DefaultGroups.ANYONE : groupPermission.getGroupName();
+ addGroupPermission(resourceId, groupName, groupPermission.getPermission(), session);
}
}
session.commit();
DELETE FROM perm_templates_users
WHERE template_id = #{templateId}
AND user_id = #{userId}
+ AND permission_reference = #{permission}
</delete>
<insert id="insertGroupPermission" parameterType="PermissionTemplateGroup">
<delete id="deleteGroupPermission" parameterType="PermissionTemplateGroup">
DELETE FROM perm_templates_groups
WHERE template_id = #{templateId}
+ AND permission_reference = #{permission}
AND
<choose>
<when test="groupId != null">
</sql>
<select id="selectUserByLogin" parameterType="string" resultType="User">
- select
+ SELECT
<include refid="userColumns"/>
- from users u where u.login=#{id} and u.active=${_true}
+ FROM users u WHERE u.login=#{id} AND u.active=${_true}
</select>
<select id="selectUsersByLogins" parameterType="map" resultType="User">
- select
+ SELECT
<include refid="userColumns"/>
- from users u where u.login in
+ FROM users u WHERE u.login IN
<foreach item="login" index="index" collection="logins" open="(" separator="," close=")">
#{login}
</foreach>
</select>
<select id="selectUsers" parameterType="map" resultType="User">
- select
+ SELECT
<include refid="userColumns"/>
- from users u
+ FROM users u
<where>
<if test="logins != null and logins.size() > 0">
- u.login in
+ u.login IN
<foreach item="login" index="index" collection="logins" open="(" separator="," close=")">
#{login}
</foreach>
</if>
<if test="includeDeactivated==false">
- and u.active=${_true}
+ AND u.active=${_true}
</if>
<if test="searchText != null">
- and (u.login like #{searchTextSql} escape '/' or u.name like #{searchTextSql} escape '/')
+ AND (u.login LIKE #{searchTextSql} ESCAPE '/' OR u.name LIKE #{searchTextSql} ESCAPE '/')
</if>
</where>
- order by u.name
+ ORDER BY u.name
</select>
<select id="selectGroupByName" parameterType="string" resultType="Group">
- select id, name, description, created_at AS "createdAt", updated_at AS "updatedAt"
- from groups where name=#{id}
+ SELECT id, name, description, created_at AS "createdAt", updated_at AS "updatedAt"
+ FROM groups WHERE name=#{id}
</select>
<delete id="removeUserFromGroups" parameterType="long">
- delete from groups_users where user_id=#{id}
+ DELETE FROM groups_users WHERE user_id=#{id}
</delete>
<delete id="deleteUserRoles" parameterType="long">
- delete from user_roles where user_id=#{id}
+ DELETE FROM user_roles WHERE user_id=#{id}
</delete>
<delete id="deleteUserProperties" parameterType="long">
- delete from properties where user_id=#{id}
+ DELETE FROM properties WHERE user_id=#{id}
</delete>
<delete id="deleteUserDashboards" parameterType="long">
- delete from dashboards where user_id=#{id}
+ DELETE FROM dashboards WHERE user_id=#{id}
</delete>
<delete id="deleteUserActiveDashboards" parameterType="long">
- delete from active_dashboards where user_id=#{id}
+ DELETE FROM active_dashboards WHERE user_id=#{id}
</delete>
<delete id="" parameterType="long">
- delete from user_roles where user_id=#{id}
+ DELETE FROM user_roles WHERE user_id=#{id}
</delete>
<delete id="deleteUserMeasureFilters" parameterType="long">
- delete from measure_filters where user_id=#{id}
+ DELETE FROM measure_filters WHERE user_id=#{id}
</delete>
<delete id="deleteUserMeasureFilterFavourites" parameterType="long">
- delete from measure_filter_favourites where user_id=#{id}
+ DELETE FROM measure_filter_favourites WHERE user_id=#{id}
</delete>
<delete id="deleteUserIssueFilters" parameterType="String">
- delete from issue_filters where user_login=#{id}
+ DELETE FROM issue_filters WHERE user_login=#{id}
</delete>
<delete id="deleteUserIssueFilterFavourites" parameterType="String">
- delete from issue_filter_favourites where user_login=#{id}
+ DELETE FROM issue_filter_favourites WHERE user_login=#{id}
</delete>
<update id="deactivateUser" parameterType="long">
- update users set active=${_false} where id=#{id}
+ UPDATE users SET active=${_false} WHERE id=#{id}
</update>
</mapper>
package org.sonar.core.permission;
-public class ComponentPermissionFacadeTest {
+import org.junit.Before;
+import org.junit.Test;
+import org.sonar.core.persistence.AbstractDaoTestCase;
+import org.sonar.core.user.PermissionDao;
+import org.sonar.core.user.RoleDao;
+import org.sonar.core.user.UserDao;
+
+public class ComponentPermissionFacadeTest extends AbstractDaoTestCase {
+
+ private ComponentPermissionFacade permissionFacade;
+ private RoleDao roleDao;
+ private UserDao userDao;
+ private PermissionDao permissionDao;
+
+ @Before
+ public void setUp() {
+ roleDao = new RoleDao(getMyBatis());
+ userDao = new UserDao(getMyBatis());
+ permissionDao = new PermissionDao(getMyBatis());
+ permissionFacade = new ComponentPermissionFacade(getMyBatis(), roleDao, userDao, permissionDao);
+ }
+
+ @Test
+ public void should_apply_permission_template() throws Exception {
+ setupData("should_apply_permission_template");
+
+ permissionFacade.applyPermissionTemplate(1L, 123L);
+
+ checkTable("should_apply_permission_template", "group_roles", "group_id", "resource_id", "role");
+ checkTable("should_apply_permission_template", "user_roles", "group_id", "resource_id", "role");
+ }
}
permissionDao.deletePermissionTemplate(1L);
checkTable("deletePermissionTemplate", "permission_templates", "id", "name", "description");
- checkTable("deletePermissionTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission");
- checkTable("deletePermissionTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission");
+ checkTable("deletePermissionTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("deletePermissionTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
}
@Test
permissionDao.addUserPermission(1L, 1L, "new_permission");
checkTable("addUserPermissionToTemplate", "permission_templates", "id", "name", "description");
- checkTable("addUserPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission");
- checkTable("addUserPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission");
+ checkTable("addUserPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("addUserPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
}
@Test
public void should_remove_user_permission_from_template() throws Exception {
setupData("removeUserPermissionFromTemplate");
- permissionDao.removeUserPermission(1L, 2L, "existing_permission");
+ permissionDao.removeUserPermission(1L, 2L, "permission_to_remove");
checkTable("removeUserPermissionFromTemplate", "permission_templates", "id", "name", "description");
- checkTable("removeUserPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission");
- checkTable("removeUserPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission");
+ checkTable("removeUserPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("removeUserPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
}
@Test
permissionDao.addGroupPermission(1L, 1L, "new_permission");
checkTable("addGroupPermissionToTemplate", "permission_templates", "id", "name", "description");
- checkTable("addGroupPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission");
- checkTable("addGroupPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission");
+ checkTable("addGroupPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("addGroupPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
}
@Test
public void should_remove_group_permission_from_template() throws Exception {
setupData("removeGroupPermissionFromTemplate");
- permissionDao.removeGroupPermission(1L, 2L, "existing_permission");
+ permissionDao.removeGroupPermission(1L, 2L, "permission_to_remove");
checkTable("removeGroupPermissionFromTemplate", "permission_templates", "id", "name", "description");
- checkTable("removeGroupPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission");
- checkTable("removeGroupPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission");
+ checkTable("removeGroupPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("removeGroupPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
}
@Test
permissionDao.addGroupPermission(1L, null, "new_permission");
checkTable("addNullGroupPermissionToTemplate", "permission_templates", "id", "name", "description");
- checkTable("addNullGroupPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission");
- checkTable("addNullGroupPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission");
+ checkTable("addNullGroupPermissionToTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("addNullGroupPermissionToTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
}
@Test
public void should_remove_group_permission_with_null_name() throws Exception {
setupData("removeNullGroupPermissionFromTemplate");
- permissionDao.removeGroupPermission(1L, null, "existing_permission");
+ permissionDao.removeGroupPermission(1L, null, "permission_to_remove");
checkTable("removeNullGroupPermissionFromTemplate", "permission_templates", "id", "name", "description");
- checkTable("removeNullGroupPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission");
- checkTable("removeNullGroupPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission");
+ checkTable("removeNullGroupPermissionFromTemplate", "perm_templates_users", "id", "template_id", "user_id", "permission_reference");
+ checkTable("removeNullGroupPermissionFromTemplate", "perm_templates_groups", "id", "template_id", "group_id", "permission_reference");
}
}
--- /dev/null
+<dataset>
+
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+ <!-- new groups permissions : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer) -->
+ <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
+ <group_roles id="4" group_id="101" resource_id="123" role="user"/>
+ <group_roles id="5" group_id="[null]" resource_id="123" role="user"/>
+ <group_roles id="6" group_id="101" resource_id="123" role="codeviewer"/>
+ <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
+
+ <!-- new user permission : marius (admin) -->
+ <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+
+ <!-- default permission template for all qualifiers -->
+ <permission_templates id="1" name="default"/>
+
+ <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
+ <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
+ <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
+ <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
+
+ <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
+
+</dataset>
\ No newline at end of file
--- /dev/null
+<dataset>
+
+ <groups id="100" name="sonar-administrators" />
+ <groups id="101" name="sonar-users" />
+
+ <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+
+ <!-- on other resources -->
+ <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+ <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+ <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+
+ <!-- default permission template for all qualifiers -->
+ <permission_templates id="1" name="default"/>
+
+ <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
+ <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
+ <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
+ <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
+
+ <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
+
+</dataset>
\ No newline at end of file
<dataset>
<permission_templates id="1" name="my template" description="my description"/>
<perm_templates_users/>
- <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission"/>
+ <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
+ <perm_templates_groups id="3" template_id="1" group_id="2" permission_reference="remaining_permission_same_group"/>
</dataset>
\ No newline at end of file
<dataset>
<permission_templates id="1" name="my template" description="my description"/>
<perm_templates_users/>
- <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission"/>
- <perm_templates_groups id="2" template_id="1" group_id="2" permission_reference="existing_permission"/>
+ <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
+ <perm_templates_groups id="2" template_id="1" group_id="2" permission_reference="permission_to_remove"/>
+ <perm_templates_groups id="3" template_id="1" group_id="2" permission_reference="remaining_permission_same_group"/>
</dataset>
\ No newline at end of file
<dataset>
<permission_templates id="1" name="my template" description="my description"/>
<perm_templates_users/>
- <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission"/>
+ <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="remaining_permission_same_group"/>
</dataset>
\ No newline at end of file
<dataset>
<permission_templates id="1" name="my template" description="my description"/>
<perm_templates_users/>
- <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission"/>
- <perm_templates_groups id="2" template_id="1" group_id="[null]" permission_reference="existing_permission"/>
+ <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
+ <perm_templates_groups id="2" template_id="1" group_id="[null]" permission_reference="permission_to_remove"/>
+ <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="remaining_permission_same_group"/>
</dataset>
\ No newline at end of file
<dataset>
<permission_templates id="1" name="my template" description="my description"/>
- <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="remaining_permission"/>
+ <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="remaining_permission_other_user"/>
+ <perm_templates_users id="3" template_id="1" user_id="2" permission_reference="remaining_permission_same_user"/>
<perm_templates_groups/>
</dataset>
\ No newline at end of file
<dataset>
<permission_templates id="1" name="my template" description="my description"/>
- <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="remaining_permission"/>
- <perm_templates_users id="2" template_id="1" user_id="2" permission_reference="existing_permission"/>
+ <perm_templates_users id="1" template_id="1" user_id="1" permission_reference="remaining_permission_other_user"/>
+ <perm_templates_users id="2" template_id="1" user_id="2" permission_reference="permission_to_remove"/>
+ <perm_templates_users id="3" template_id="1" user_id="2" permission_reference="remaining_permission_same_user"/>
<perm_templates_groups/>
</dataset>
\ No newline at end of file
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import java.util.List;
-import java.util.Map;
/**
* Used by ruby code <pre>Internal.permission_templates</pre>
}
};
updater.executeUpdate();
- }
-
- public void applyPermissionTemplate(String templateName, Map<String, Object> params) {
-
-
-
}
private void validateTemplateName(Long templateId, String templateName) {
package org.sonar.server.permission;
import com.google.common.collect.Lists;
+import org.sonar.api.security.DefaultGroups;
import org.sonar.api.web.UserRole;
import org.sonar.core.user.*;
import org.sonar.server.exceptions.BadRequestException;
}
Long getGroupId() {
+ if(DefaultGroups.isAnyone(updatedReference)) {
+ return null;
+ }
GroupDto groupDto = userDao.selectGroupByName(updatedReference);
if(groupDto == null) {
throw new BadRequestException("Unknown group: " + updatedReference);
def edit_groups
@permission = params[:permission]
@permission_template = Internal.permission_templates.selectPermissionTemplate(params[:name])
- @groups_with_permission = @permission_template.getGroupsForPermission(params[:permission]).collect {|g| [g.groupName, g.groupName]}
- @groups_without_permission = all_groups.select {|g| !g.nil?}.each.collect {|g| [g.name, g.name]} - @groups_with_permission
+ @groups_with_permission = @permission_template.getGroupsForPermission(params[:permission]).collect {|g| [group_ref(g.groupName), group_ref(g.groupName)]}
+ @groups_without_permission = all_groups.each.collect {|g| g.nil? ? ['Anyone', 'Anyone'] : [g.name, g.name]} - @groups_with_permission
render :partial => 'permission_templates/edit_groups'
end
selected_groups = params[:groups] || []
- previous_groups_with_permission = @permission_template.getGroupsForPermission(params[:permission]).collect {|g| [g.groupName, g.groupName]}
- new_groups_with_permission = all_groups.select {|g| !g.nil? && selected_groups.include?(g.name)}.collect {|g| [g.name, g.name]}
+ previous_groups_with_permission = @permission_template.getGroupsForPermission(params[:permission]).collect {|g| [group_ref(g.groupName), group_ref(g.groupName)]}
+ new_groups_with_permission = all_groups.collect {|g| g.nil? ? ['Anyone', 'Anyone'] : [g.name, g.name]}.select {|g| selected_groups.include?(g[1])}
promoted_groups = new_groups_with_permission - previous_groups_with_permission
demoted_groups = previous_groups_with_permission - new_groups_with_permission
def bulk_apply_template
verify_post_request
- require_parameters :name
+ require_parameters :template_id
Internal.permissions.applyPermissionTemplate(params)
-
redirect_to :action => 'projects'
end
group ? group.name : 'Anyone'
end
+ def group_ref(group_name)
+ group_name.blank? ? 'Anyone' : group_name
+ end
+
def default_project_group_names(role, qualifier)
group_names=(controller.java_facade.getConfigurationValue("sonar.role.#{role}.#{qualifier}.defaultGroups")||'').split(',')
<select name="from" id="from" size="30" style="margin: 5px 0; width: 300px;" multiple="multiple">
<% @groups_without_permission.sort.each do |group| %>
- <option value="<%= group[1] -%>"><%= h group[0] -%></option>
+ <option value="<%= group[1] -%>"><%= h(group[0].blank? ? 'Anyone' : group[0]) -%></option>
<% end %>
</select>
</td>
verify(permissionDao, times(1)).removeGroupPermission(1L, 1L, DEFAULT_PERMISSION);
}
+ @Test
+ public void should_add_permission_to_anyone_group() throws Exception {
+ when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
+
+ permissionTemplateService.addGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "Anyone");
+
+ verify(permissionDao).addGroupPermission(1L, null, DEFAULT_PERMISSION);
+ verifyZeroInteractions(userDao);
+ }
+
+ @Test
+ public void should_remove_permission_from_anyone_group() throws Exception {
+ when(permissionDao.selectTemplateByName(DEFAULT_NAME)).thenReturn(DEFAULT_TEMPLATE);
+
+ permissionTemplateService.removeGroupPermission(DEFAULT_NAME, DEFAULT_PERMISSION, "Anyone");
+
+ verify(permissionDao).removeGroupPermission(1L, null, DEFAULT_PERMISSION);
+ verifyZeroInteractions(userDao);
+ }
+
private PermissionTemplateUserDto buildUserPermission(String userName, String permission) {
return new PermissionTemplateUserDto().setUserName(userName).setPermission(permission);
}
))
.setGroupsByPermission(Lists.newArrayList(
new PermissionTemplateGroupDto().setId(1L).setGroupId(1L).setGroupName("group1").setPermission("permission3"),
- new PermissionTemplateGroupDto().setId(2L).setGroupId(2L).setGroupName("group2").setPermission("permission3")
+ new PermissionTemplateGroupDto().setId(2L).setGroupId(2L).setGroupName("group2").setPermission("permission3"),
+ new PermissionTemplateGroupDto().setId(3L).setGroupId(null).setGroupName(null).setPermission("permission3")
));
PermissionTemplate permissionTemplate = PermissionTemplate.create(permissionTemplateDto);
assertThat(permissionTemplate.getUsersForPermission("permission2")).onProperty("userName").containsOnly("user1");
assertThat(permissionTemplate.getUsersForPermission("permission2")).onProperty("userId").containsOnly(1L);
assertThat(permissionTemplate.getUsersForPermission("permission2")).onProperty("userLogin").containsOnly("login1");
- assertThat(permissionTemplate.getGroupsForPermission("permission3")).onProperty("groupName").containsOnly("group1", "group2");
- assertThat(permissionTemplate.getGroupsForPermission("permission3")).onProperty("groupId").containsOnly(1L, 2L);
+ assertThat(permissionTemplate.getGroupsForPermission("permission3")).onProperty("groupName").containsOnly("group1", "group2", null);
+ assertThat(permissionTemplate.getGroupsForPermission("permission3")).onProperty("groupId").containsOnly(1L, 2L, null);
}
}
projects / sonarqube.git / commitdiff