#------------------------------------------------------------------------------
#
-# GLOBAL ROLES
-#
-#------------------------------------------------------------------------------
-global_role.role=Role
-global_role.users=Users
-global_role.groups=Groups
-global_role.admin=System Administration
-global_role.admin.desc=Ability to perform all administration functions for the instance: global configuration and personalization of default dashboards.
-global_role.profileadmin=Quality Profile Administration
-global_role.profileadmin.desc=Ability to perform any action on the quality profiles.
-global_role.sharedashboard=Dashboard Sharing
-global_role.sharedashboard.desc=Ability to share dashboards that any user will be able to follow.
-global_role.scan=Ability to execute some Sonar analysis
-global_role.scan.desc=Permission required to execute a Sonar analysis. This permission allows to get all settings (even the secured ones like scm account password, jira account password, ...) required to execute all Sonar plugins.
-global_role.dryrun=Ability to execute some local (dry run) Sonar analysis
-global_role.dryrun.desc=Permission required to execute a local (dry run) Sonar analysis without pushing the results to the Sonar server. This permission allows to get all settings required to execute all Sonar plugins except the secured one like scm account password, jira account password... This permission is required for instance to execute a local Sonar analysis in Sonar Eclipse.
+# GLOBAL PERMISSIONS
+#
+#------------------------------------------------------------------------------
+global_permissions.permission=Permission
+global_permissions.users=Users
+global_permissions.groups=Groups
+global_permissions.admin=System Administration
+global_permissions.admin.desc=Ability to perform all administration functions for the instance: global configuration and personalization of default dashboards.
+global_permissions.profileadmin=Quality Profile Administration
+global_permissions.profileadmin.desc=Ability to perform any action on the quality profiles.
+global_permissions.sharedashboard=Dashboard Sharing
+global_permissions.sharedashboard.desc=Ability to share dashboards that any user will be able to follow.
+global_permissions.scan=Ability to execute some Sonar analysis
+global_permissions.scan.desc=Permission required to execute a Sonar analysis. This permission allows to get all settings (even the secured ones like scm account password, jira account password, ...) required to execute all Sonar plugins.
+global_permissions.dryrun=Ability to execute some local (dry run) Sonar analysis
+global_permissions.dryrun.desc=Permission required to execute a local (dry run) Sonar analysis without pushing the results to the Sonar server. This permission allows to get all settings required to execute all Sonar plugins except the secured one like scm account password, jira account password... This permission is required for instance to execute a local Sonar analysis in Sonar Eclipse.
#------------------------------------------------------------------------------
#
import org.sonar.api.task.TaskExtension;
import org.sonar.api.web.UserRole;
import org.sonar.core.persistence.MyBatis;
-import org.sonar.core.user.GroupDto;
-import org.sonar.core.user.GroupRoleDto;
-import org.sonar.core.user.RoleMapper;
-import org.sonar.core.user.UserDto;
-import org.sonar.core.user.UserMapper;
-import org.sonar.core.user.UserRoleDto;
+import org.sonar.core.user.*;
/**
* @since 3.2
private final Settings settings;
private final MyBatis myBatis;
+ private final RoleDao roleDao;
+ private final UserDao userDao;
- public DefaultResourcePermissions(Settings settings, MyBatis myBatis) {
+ public DefaultResourcePermissions(Settings settings, MyBatis myBatis, RoleDao roleDao, UserDao userDao) {
this.settings = settings;
this.myBatis = myBatis;
+ this.roleDao = roleDao;
+ this.userDao = userDao;
}
public boolean hasRoles(Resource resource) {
if (resource.getId() != null) {
- SqlSession session = myBatis.openSession();
- try {
- RoleMapper roleMapper = session.getMapper(RoleMapper.class);
- Long resourceId = Long.valueOf(resource.getId());
- return roleMapper.countGroupRoles(resourceId) + roleMapper.countUserRoles(resourceId) > 0;
-
- } finally {
- MyBatis.closeQuietly(session);
- }
+ Long resourceId = Long.valueOf(resource.getId());
+ return roleDao.countGroupRoles(resourceId) + roleDao.countUserRoles(resourceId) > 0;
}
return false;
}
.setRole(role)
.setUserId(user.getId())
.setResourceId(Long.valueOf(resource.getId()));
- RoleMapper roleMapper = session.getMapper(RoleMapper.class);
- roleMapper.deleteUserRole(userRole);
- roleMapper.insertUserRole(userRole);
+ roleDao.deleteUserRole(userRole, session);
+ roleDao.insertUserRole(userRole, session);
session.commit();
}
} finally {
GroupRoleDto groupRole = new GroupRoleDto()
.setRole(role)
.setResourceId(Long.valueOf(resource.getId()));
- RoleMapper roleMapper = session.getMapper(RoleMapper.class);
if (DefaultGroups.isAnyone(groupName)) {
- roleMapper.deleteGroupRole(groupRole);
- roleMapper.insertGroupRole(groupRole);
+ roleDao.deleteGroupRole(groupRole, session);
+ roleDao.insertGroupRole(groupRole, session);
session.commit();
} else {
- GroupDto group = session.getMapper(UserMapper.class).selectGroupByName(groupName);
+ GroupDto group = userDao.selectGroupByName(groupName, session);
if (group != null) {
groupRole.setGroupId(group.getId());
- roleMapper.deleteGroupRole(groupRole);
- roleMapper.insertGroupRole(groupRole);
+ roleDao.deleteGroupRole(groupRole, session);
+ roleDao.insertGroupRole(groupRole, session);
session.commit();
}
}
private void removeRoles(Resource resource, SqlSession session) {
Long resourceId = Long.valueOf(resource.getId());
- RoleMapper mapper = session.getMapper(RoleMapper.class);
- mapper.deleteGroupRolesByResourceId(resourceId);
- mapper.deleteUserRolesByResourceId(resourceId);
+ roleDao.deleteGroupRolesByResourceId(resourceId, session);
+ roleDao.deleteUserRolesByResourceId(resourceId, session);
}
private void grantDefaultRoles(Resource resource, String role, SqlSession session) {
- UserMapper userMapper = session.getMapper(UserMapper.class);
- RoleMapper roleMapper = session.getMapper(RoleMapper.class);
-
String[] groupNames = settings.getStringArrayBySeparator("sonar.role." + role + "." + resource.getQualifier() + ".defaultGroups", ",");
for (String groupName : groupNames) {
GroupRoleDto groupRole = new GroupRoleDto().setRole(role).setResourceId(Long.valueOf(resource.getId()));
if (DefaultGroups.isAnyone(groupName)) {
- roleMapper.insertGroupRole(groupRole);
+ roleDao.insertGroupRole(groupRole, session);
} else {
- GroupDto group = userMapper.selectGroupByName(groupName);
+ GroupDto group = userDao.selectGroupByName(groupName, session);
if (group != null) {
- roleMapper.insertGroupRole(groupRole.setGroupId(group.getId()));
+ roleDao.insertGroupRole(groupRole.setGroupId(group.getId()), session);
}
}
}
String[] logins = settings.getStringArrayBySeparator("sonar.role." + role + "." + resource.getQualifier() + ".defaultUsers", ",");
for (String login : logins) {
- UserDto user = userMapper.selectUserByLogin(login);
+ UserDto user = userDao.selectActiveUserByLogin(login, session);
if (user != null) {
- roleMapper.insertUserRole(new UserRoleDto().setRole(role).setUserId(user.getId()).setResourceId(Long.valueOf(resource.getId())));
+ UserRoleDto userRoleDto = new UserRoleDto().setRole(role).setUserId(user.getId()).setResourceId(Long.valueOf(resource.getId()));
+ roleDao.insertUserRole(userRoleDto, session);
}
}
}
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.core.user;
+
+import org.apache.ibatis.session.SqlSession;
+import org.sonar.api.ServerExtension;
+import org.sonar.api.task.TaskExtension;
+import org.sonar.core.persistence.MyBatis;
+
+public class RoleDao implements TaskExtension, ServerExtension {
+
+ private final MyBatis mybatis;
+
+ public RoleDao(MyBatis mybatis) {
+ this.mybatis = mybatis;
+ }
+
+ public void insertGroupRole(GroupRoleDto groupRole, SqlSession session) {
+ RoleMapper mapper = session.getMapper(RoleMapper.class);
+ mapper.insertGroupRole(groupRole);
+ }
+
+ public void insertUserRole(UserRoleDto userRole, SqlSession session) {
+ RoleMapper mapper = session.getMapper(RoleMapper.class);
+ mapper.insertUserRole(userRole);
+ }
+
+ public void deleteUserRole(UserRoleDto userRole, SqlSession session) {
+ RoleMapper mapper = session.getMapper(RoleMapper.class);
+ mapper.deleteUserRole(userRole);
+ }
+
+ public void deleteGroupRole(GroupRoleDto groupRole, SqlSession session) {
+ RoleMapper mapper = session.getMapper(RoleMapper.class);
+ mapper.deleteGroupRole(groupRole);
+ }
+
+ public void deleteGroupRolesByResourceId(Long resourceId, SqlSession session) {
+ RoleMapper mapper = session.getMapper(RoleMapper.class);
+ mapper.deleteGroupRolesByResourceId(resourceId);
+ }
+
+ public void deleteUserRolesByResourceId(Long resourceId, SqlSession session) {
+ RoleMapper mapper = session.getMapper(RoleMapper.class);
+ mapper.deleteUserRolesByResourceId(resourceId);
+ }
+
+ public int countGroupRoles(Long resourceId) {
+ SqlSession session = mybatis.openSession();
+ try {
+ RoleMapper mapper = session.getMapper(RoleMapper.class);
+ return mapper.countGroupRoles(resourceId);
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ public int countUserRoles(Long resourceId) {
+ SqlSession session = mybatis.openSession();
+ try {
+ RoleMapper mapper = session.getMapper(RoleMapper.class);
+ return mapper.countUserRoles(resourceId);
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+}
public UserDto selectActiveUserByLogin(String login) {
SqlSession session = mybatis.openSession();
try {
- UserMapper mapper = session.getMapper(UserMapper.class);
- return mapper.selectUserByLogin(login);
+ return selectActiveUserByLogin(login, session);
} finally {
MyBatis.closeQuietly(session);
}
}
+ public UserDto selectActiveUserByLogin(String login, SqlSession session) {
+ UserMapper mapper = session.getMapper(UserMapper.class);
+ return mapper.selectUserByLogin(login);
+ }
+
public List<UserDto> selectUsersByLogins(List<String> logins) {
List<UserDto> users = Lists.newArrayList();
if (!logins.isEmpty()) {
* @return the group, null if group not found
*/
+ public GroupDto selectGroupByName(String name, SqlSession session) {
+ UserMapper mapper = session.getMapper(UserMapper.class);
+ return mapper.selectGroupByName(name);
+ }
+
+
public GroupDto selectGroupByName(String name) {
SqlSession session = mybatis.openSession();
try {
- UserMapper mapper = session.getMapper(UserMapper.class);
- return mapper.selectGroupByName(name);
+ return selectGroupByName(name, session);
} finally {
MyBatis.closeQuietly(session);
}
import org.sonar.api.resources.Resource;
import org.sonar.api.security.DefaultGroups;
import org.sonar.core.persistence.AbstractDaoTestCase;
-import org.sonar.core.resource.DefaultResourcePermissions;
+import org.sonar.core.user.RoleDao;
+import org.sonar.core.user.UserDao;
import static org.fest.assertions.Assertions.assertThat;
public void grantGroupRole() {
setupData("grantGroupRole");
- DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis());
+ DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis(),
+ new RoleDao(getMyBatis()), new UserDao(getMyBatis()));
permissions.grantGroupRole(project, "sonar-administrators", "admin");
// do not insert duplicated rows
public void grantGroupRole_anyone() {
setupData("grantGroupRole_anyone");
- DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis());
+ DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis(),
+ new RoleDao(getMyBatis()), new UserDao(getMyBatis()));
permissions.grantGroupRole(project, DefaultGroups.ANYONE, "admin");
checkTables("grantGroupRole_anyone", "group_roles");
public void grantGroupRole_ignore_if_group_not_found() {
setupData("grantGroupRole_ignore_if_group_not_found");
- DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis());
+ DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis(),
+ new RoleDao(getMyBatis()), new UserDao(getMyBatis()));
permissions.grantGroupRole(project, "not_found", "admin");
checkTables("grantGroupRole_ignore_if_group_not_found", "group_roles");
public void grantGroupRole_ignore_if_not_persisted() {
setupData("grantGroupRole_ignore_if_not_persisted");
- DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis());
+ DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis(),
+ new RoleDao(getMyBatis()), new UserDao(getMyBatis()));
Project resourceWithoutId = new Project("");
permissions.grantGroupRole(resourceWithoutId, "sonar-users", "admin");
public void grantUserRole() {
setupData("grantUserRole");
- DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis());
+ DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis(),
+ new RoleDao(getMyBatis()), new UserDao(getMyBatis()));
permissions.grantUserRole(project, "marius", "admin");
// do not insert duplicated rows
settings.setProperty("sonar.role.user.TRK.defaultUsers", "");
settings.setProperty("sonar.role.codeviewer.TRK.defaultGroups", "Anyone,sonar-users");
settings.setProperty("sonar.role.codeviewer.TRK.defaultUsers", "");
- DefaultResourcePermissions permissions = new DefaultResourcePermissions(settings, getMyBatis());
+ DefaultResourcePermissions permissions = new DefaultResourcePermissions(settings, getMyBatis(),
+ new RoleDao(getMyBatis()), new UserDao(getMyBatis()));
permissions.grantDefaultRoles(project);
Settings settings = new Settings();
settings.setProperty("sonar.role.admin.TRK.defaultGroups", "sonar-administrators,unknown");
- DefaultResourcePermissions permissions = new DefaultResourcePermissions(settings, getMyBatis());
+ DefaultResourcePermissions permissions = new DefaultResourcePermissions(settings, getMyBatis(),
+ new RoleDao(getMyBatis()), new UserDao(getMyBatis()));
permissions.grantDefaultRoles(project);
checkTables("grantDefaultRoles_unknown_group", "group_roles");
Settings settings = new Settings();
settings.setProperty("sonar.role.admin.TRK.defaultUsers", "marius,disabled,notfound");
- DefaultResourcePermissions permissions = new DefaultResourcePermissions(settings, getMyBatis());
+ DefaultResourcePermissions permissions = new DefaultResourcePermissions(settings, getMyBatis(),
+ new RoleDao(getMyBatis()), new UserDao(getMyBatis()));
permissions.grantDefaultRoles(project);
checkTables("grantDefaultRoles_users", "user_roles");
@Test
public void hasRoles() {
setupData("hasRoles");
- DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis());
+ DefaultResourcePermissions permissions = new DefaultResourcePermissions(new Settings(), getMyBatis(),
+ new RoleDao(getMyBatis()), new UserDao(getMyBatis()));
// no groups and at least one user
assertThat(permissions.hasRoles(new Project("only_users").setId(1))).isTrue();
--- /dev/null
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.core.user;
+
+import org.sonar.core.persistence.AbstractDaoTestCase;
+
+public class RoleDaoTest extends AbstractDaoTestCase {
+
+
+}
end
def global_role_name(role)
- message("global_role.#{role}", :default => role)
+ message("global_permissions.#{role}", :default => role)
end
end
<table class="data width100" id="global-roles">
<thead>
<tr >
- <th><%= message('global_role.role') -%></th>
- <th width="30%"><%= message('global_role.users') -%></th>
- <th width="30%"><%= message('global_role.groups') -%></th>
+ <th><%= message('global_permissions.permission') -%></th>
+ <th width="30%"><%= message('global_permissions.users') -%></th>
+ <th width="30%"><%= message('global_permissions.groups') -%></th>
</tr>
</thead>
<tbody>
- <% ['admin', 'profileadmin', 'sharedashboard', 'scan', 'dryrun'].each do |globalRole| %>
- <tr class="<%= cycle('even', 'odd', :name => 'globalRole') -%>" >
+ <% ['admin', 'profileadmin', 'sharedashboard', 'scan', 'dryrun'].each do |global_permissions| %>
+ <tr class="<%= cycle('even', 'odd', :name => 'global_permission') -%>" >
<td valign="top">
- <b><%= message('global_role.' + globalRole) -%></b><br/>
- <span class="small gray"><%= message('global_role.' + globalRole + '.desc') -%></span></td>
+ <b><%= message('global_permissions.' + global_permissions) -%></b><br/>
+ <span class="small gray"><%= message('global_permissions.' + global_permissions + '.desc') -%></span></td>
<td valign="top" style="word-break:break-all;width:30%;">
- <span><%= users(globalRole).map(&:name).join(', ') -%></span>
- (<%= link_to "select", {:action => 'edit_users', :role => globalRole, :redirect => 'global'}, :class => 'link-action' -%>)
+ <span><%= users(global_permissions).map(&:name).join(', ') -%></span>
+ (<%= link_to "select", {:action => 'edit_users', :role => global_permissions, :redirect => 'global'}, :class => 'link-action' -%>)
</td>
<td valign="top" style="word-break:break-all;width:30%;">
- <span><%= groups(globalRole).map{|g| group_name(g)}.join(', ') %></span>
- (<%= link_to "select", {:action => 'edit_groups', :role => globalRole, :redirect => 'global'}, :class => 'link-action' -%>)
+ <span><%= groups(global_permissions).map{|g| group_name(g)}.join(', ') %></span>
+ (<%= link_to "select", {:action => 'edit_groups', :role => global_permissions, :redirect => 'global'}, :class => 'link-action' -%>)
</td>
</tr>
<% end %>
<thead>
<tr>
<th><%= message('projects_role.role') -%> <%= message("qualifiers.#{@qualifier}") -%></th>
- <th width="35%"><%= message('global_role.users') -%></th>
- <th width="35%"><%= message('global_role.groups') -%></th>
+ <th width="35%"><%= message('projects_role.users') -%></th>
+ <th width="35%"><%= message('projects_role.groups') -%></th>
</tr>
</thead>
<tbody>
projects / sonarqube.git / commitdiff