Add security hotspot admin for project creators in default templates

diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java
index 1d17020b7ef9a0ea3450bab669f9da9b9a89c7a7..cf6e30fbe44bce7b0477277030abb9e38c436dec 100644 (file)
--- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java
@@ -37,6 +37,7 @@ public class DbVersion73 implements DbVersion {
       .add(2207, "Populate SUBSCRIPTION in ORGANIZATIONS", PopulateSubscriptionOnOrganizations.class)
       .add(2208, "Add rules.security_standards", AddSecurityStandardsToRules.class)
       .add(2209, "Fix missing quality profiles on organizations", FixMissingQualityProfilesOnOrganizations.class)
+      .add(2210, "Add 'securityhotspotadmin' permission to templates characteristics already having 'issueadmin'", PopulateHotspotAdminPermissionOnTemplatesCharacteristics.class)
     ;
   }
 }

diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristics.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristics.java
new file mode 100644 (file)
index 0000000..c6eb4ad
--- /dev/null
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristics.java
@@ -0,0 +1,74 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v73;
+
+import java.sql.SQLException;
+import java.util.Date;
+import org.sonar.api.utils.System2;
+import org.sonar.db.Database;
+import org.sonar.server.platform.db.migration.SupportsBlueGreen;
+import org.sonar.server.platform.db.migration.step.DataChange;
+import org.sonar.server.platform.db.migration.step.MassUpdate;
+import org.sonar.server.platform.db.migration.step.Select;
+import org.sonar.server.platform.db.migration.step.SqlStatement;
+
+@SupportsBlueGreen
+public class PopulateHotspotAdminPermissionOnTemplatesCharacteristics extends DataChange {
+  private static final String ISSUE_ADMIN_ROLE = "issueadmin";
+  private static final String HOTSPOT_ADMIN_ROLE = "securityhotspotadmin";
+  private final System2 system2;
+
+  public PopulateHotspotAdminPermissionOnTemplatesCharacteristics(Database db, System2 system2) {
+    super(db);
+    this.system2 = system2;
+  }
+
+  @Override
+  protected void execute(Context context) throws SQLException {
+    Date now = new Date(system2.now());
+    MassUpdate massUpdate = context.prepareMassUpdate();
+    massUpdate.select("SELECT template_id" +
+      "  FROM perm_tpl_characteristics c1" +
+      "  WHERE permission_key = ?" +
+      "  AND with_project_creator = ?" +
+      "  AND NOT EXISTS (" +
+      "    SELECT id" +
+      "    FROM perm_tpl_characteristics c2" +
+      "    WHERE permission_key = ?" +
+      "    AND c1.template_id = c2.template_id)")
+      .setString(1, ISSUE_ADMIN_ROLE)
+      .setBoolean(2, true)
+      .setString(3, HOTSPOT_ADMIN_ROLE);
+    massUpdate.update("INSERT INTO perm_tpl_characteristics (template_id, permission_key, with_project_creator, created_at, updated_at) values (?,?,?,?,?)");
+    massUpdate.rowPluralName("permission templates characteristics");
+    massUpdate.execute((row, update) -> handle(row, update, now.getTime()));
+  }
+
+  private static boolean handle(Select.Row row, SqlStatement update, long now) throws SQLException {
+    int templateId = row.getInt(1);
+
+    update.setInt(1, templateId);
+    update.setString(2, HOTSPOT_ADMIN_ROLE);
+    update.setBoolean(3, true);
+    update.setLong(4, now);
+    update.setLong(5, now);
+    return true;
+  }
+}

diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73Test.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73Test.java
index 2bb8434ebef81e3493fa5c69b21ca80ebd2d9a00..3b3f4486ecdd9cbd67610839d3c57dc9a9e13487 100644 (file)
--- a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73Test.java
+++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73Test.java
@@ -35,6 +35,6 @@ public class DbVersion73Test {
 
   @Test
   public void verify_migration_count() {
-    verifyMigrationCount(underTest, 10);
+    verifyMigrationCount(underTest, 11);
   }
 }

diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest.java
new file mode 100644 (file)
index 0000000..cfd4dd1
--- /dev/null
+++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest.java
@@ -0,0 +1,95 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v73;
+
+import java.sql.SQLException;
+import java.util.stream.Collectors;
+import org.assertj.core.groups.Tuple;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.sonar.api.utils.System2;
+import org.sonar.db.CoreDbTester;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.groups.Tuple.tuple;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest {
+
+  private static final long PAST = 100_000_000_000L;
+  private static final long NOW = 500_000_000_000L;
+
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
+
+  @Rule
+  public CoreDbTester db = CoreDbTester.createForSchema(PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest.class, "perm_tpl_characteristics.sql");
+
+  private System2 system2 = mock(System2.class);
+
+  private PopulateHotspotAdminPermissionOnTemplatesCharacteristics underTest = new PopulateHotspotAdminPermissionOnTemplatesCharacteristics(db.database(), system2);
+
+  @Test
+  public void insert_missing_permission() throws SQLException {
+    when(system2.now()).thenReturn(NOW);
+    insertPermTemplateCharacteristic(1, "noissueadmin", true);
+    insertPermTemplateCharacteristic(3, "issueadmin", true);
+    insertPermTemplateCharacteristic(3, "another", true);
+    insertPermTemplateCharacteristic(5, "securityhotspotadmin", true);
+    insertPermTemplateCharacteristic(11, "noissueadmin", false);
+    insertPermTemplateCharacteristic(13, "issueadmin", false);
+    insertPermTemplateCharacteristic(13, "another", false);
+    insertPermTemplateCharacteristic(15, "securityhotspotadmin", false);
+
+    underTest.execute();
+
+    assertPermTemplateCharacteristics(
+      tuple(1L, "noissueadmin", true, PAST, PAST),
+      tuple(3L, "issueadmin", true, PAST, PAST),
+      tuple(3L, "another", true, PAST, PAST),
+      tuple(3L, "securityhotspotadmin", true, NOW, NOW),
+      tuple(5L, "securityhotspotadmin", true, PAST, PAST),
+      tuple(11L, "noissueadmin", false, PAST, PAST),
+      tuple(13L, "issueadmin", false, PAST, PAST),
+      tuple(13L, "another", false, PAST, PAST),
+      tuple(15L, "securityhotspotadmin", false, PAST, PAST));
+  }
+
+  private void insertPermTemplateCharacteristic(int templateId, String perm, boolean withProjectCreator) {
+    db.executeInsert(
+      "PERM_TPL_CHARACTERISTICS",
+      "TEMPLATE_ID", templateId,
+      "PERMISSION_KEY", perm,
+      "WITH_PROJECT_CREATOR", withProjectCreator,
+      "CREATED_AT", PAST,
+      "UPDATED_AT", PAST);
+  }
+
+  private void assertPermTemplateCharacteristics(Tuple... expectedTuples) {
+    assertThat(db.select("SELECT TEMPLATE_ID, PERMISSION_KEY, WITH_PROJECT_CREATOR, CREATED_AT, UPDATED_AT FROM PERM_TPL_CHARACTERISTICS")
+      .stream()
+      .map(map -> new Tuple(map.get("TEMPLATE_ID"), map.get("PERMISSION_KEY"), map.get("WITH_PROJECT_CREATOR"), map.get("CREATED_AT"), map.get("UPDATED_AT")))
+      .collect(Collectors.toList()))
+      .containsExactlyInAnyOrder(expectedTuples);
+  }
+
+}

diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest/perm_tpl_characteristics.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest/perm_tpl_characteristics.sql
new file mode 100644 (file)
index 0000000..df0d57b
--- /dev/null
+++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesCharacteristicsTest/perm_tpl_characteristics.sql
@@ -0,0 +1,9 @@
+CREATE TABLE "PERM_TPL_CHARACTERISTICS" (
+  "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1),
+  "TEMPLATE_ID" INTEGER NOT NULL,
+  "PERMISSION_KEY" VARCHAR(64) NOT NULL,
+  "WITH_PROJECT_CREATOR" BOOLEAN NOT NULL DEFAULT FALSE,
+  "CREATED_AT" BIGINT NOT NULL,
+  "UPDATED_AT" BIGINT NOT NULL
+);
+CREATE UNIQUE INDEX "UNIQ_PERM_TPL_CHARAC" ON "PERM_TPL_CHARACTERISTICS" ("TEMPLATE_ID", "PERMISSION_KEY");