import org.sonar.api.resources.Qualifiers;
import org.sonar.api.server.ServerSide;
import org.sonar.core.component.ComponentKeys;
+import org.sonar.core.permission.ProjectPermissions;
import org.sonar.core.util.stream.MoreCollectors;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
this.userSession = userSession;
this.defaultTemplatesResolver = defaultTemplatesResolver;
}
-
+
public boolean wouldUserHaveScanPermissionWithDefaultTemplate(DbSession dbSession,
- String organizationUuid, @Nullable Integer userId,
- @Nullable String branch, String projectKey,
- String qualifier) {
+ String organizationUuid, @Nullable Integer userId,
+ @Nullable String branch, String projectKey,
+ String qualifier) {
if (userSession.hasPermission(OrganizationPermission.SCAN, organizationUuid)) {
return true;
}
List<PermissionTemplateUserDto> usersPermissions = dbClient.permissionTemplateDao().selectUserPermissionsByTemplateId(dbSession, template.getId());
String organizationUuid = template.getOrganizationUuid();
usersPermissions
+ .stream()
+ .filter(up -> permissionValidForProject(project, up.getPermission()))
.forEach(up -> {
UserPermissionDto dto = new UserPermissionDto(organizationUuid, up.getPermission(), up.getUserId(), project.getId());
dbClient.userPermissionDao().insert(dbSession, dto);
});
List<PermissionTemplateGroupDto> groupsPermissions = dbClient.permissionTemplateDao().selectGroupPermissionsByTemplateId(dbSession, template.getId());
- groupsPermissions.forEach(gp -> {
- GroupPermissionDto dto = new GroupPermissionDto()
- .setOrganizationUuid(organizationUuid)
- .setGroupId(isAnyone(gp.getGroupName()) ? null : gp.getGroupId())
- .setRole(gp.getPermission())
- .setResourceId(project.getId());
- dbClient.groupPermissionDao().insert(dbSession, dto);
- });
+ groupsPermissions
+ .stream()
+ .filter(gp -> groupNameValidForProject(project, gp.getGroupName()))
+ .filter(gp -> permissionValidForProject(project, gp.getPermission()))
+ .forEach(gp -> {
+ GroupPermissionDto dto = new GroupPermissionDto()
+ .setOrganizationUuid(organizationUuid)
+ .setGroupId(isAnyone(gp.getGroupName()) ? null : gp.getGroupId())
+ .setRole(gp.getPermission())
+ .setResourceId(project.getId());
+ dbClient.groupPermissionDao().insert(dbSession, dto);
+ });
List<PermissionTemplateCharacteristicDto> characteristics = dbClient.permissionTemplateCharacteristicDao().selectByTemplateIds(dbSession, asList(template.getId()));
if (projectCreatorUserId != null) {
.collect(java.util.stream.Collectors.toSet());
characteristics.stream()
.filter(PermissionTemplateCharacteristicDto::getWithProjectCreator)
+ .filter(up -> permissionValidForProject(project, up.getPermission()))
.filter(characteristic -> !permissionsForCurrentUserAlreadyInDb.contains(characteristic.getPermission()))
.forEach(c -> {
UserPermissionDto dto = new UserPermissionDto(organizationUuid, c.getPermission(), projectCreatorUserId, project.getId());
}
}
+ private static boolean permissionValidForProject(ComponentDto project, String permission) {
+ return project.isPrivate() || !ProjectPermissions.PUBLIC_PERMISSIONS.contains(permission);
+ }
+
+ private static boolean groupNameValidForProject(ComponentDto project, String groupName) {
+ return !project.isPrivate() || !isAnyone(groupName);
+ }
+
/**
* Return the permission template for the given component. If no template key pattern match then consider default
* template for the component qualifier.
import java.util.List;
import javax.annotation.Nullable;
+import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;
import org.sonar.api.web.UserRole;
+import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
private PermissionTemplateDbTester templateDb = dbTester.permissionTemplates();
private DbSession session = dbTester.getSession();
private PermissionIndexer permissionIndexer = mock(PermissionIndexer.class);
+
+ private OrganizationDto organization;
+ private ComponentDto privateProject;
+ private ComponentDto publicProject;
+ private GroupDto group;
+ private UserDto user;
+ private UserDto creator;
+
private PermissionTemplateService underTest = new PermissionTemplateService(dbTester.getDbClient(), permissionIndexer, userSession, defaultTemplatesResolver);
+ @Before
+ public void setUp() throws Exception {
+ organization = dbTester.organizations().insert();
+ privateProject = dbTester.components().insertPrivateProject(organization);
+ publicProject = dbTester.components().insertPublicProject(organization);
+ group = dbTester.users().insertGroup(organization);
+ user = dbTester.users().insertUser();
+ creator = dbTester.users().insertUser();
+ }
+
+ @Test
+ public void apply_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
+
+ underTest.apply(session, permissionTemplate, singletonList(privateProject));
+
+ assertThat(selectProjectPermissionsOfGroup(organization, null, privateProject)).isEmpty();
+ }
+
+ @Test
+ public void apply_default_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
+ dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
+
+ underTest.applyDefault(session, organization.getUuid(), privateProject, creator.getId());
+
+ assertThat(selectProjectPermissionsOfGroup(organization, null, privateProject)).isEmpty();
+ }
+
+ @Test
+ public void apply_inserts_permissions_to_group_AnyOne_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm));
+ dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
+
+ underTest.apply(session, permissionTemplate, singletonList(publicProject));
+
+ assertThat(selectProjectPermissionsOfGroup(organization, null, publicProject))
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
+ @Test
+ public void applyDefault_inserts_permissions_to_group_AnyOne_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, perm));
+ dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
+ dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
+
+ underTest.applyDefault(session, organization.getUuid(), publicProject, null);
+
+ assertThat(selectProjectPermissionsOfGroup(organization, null, publicProject))
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
+ @Test
+ public void apply_inserts_any_permissions_to_group_when_applying_template_on_private_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
+
+ underTest.apply(session, permissionTemplate, singletonList(privateProject));
+
+ assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject))
+ .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
+ @Test
+ public void applyDefault_inserts_any_permissions_to_group_when_applying_template_on_private_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
+ dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
+
+ underTest.applyDefault(session, organization.getUuid(), privateProject, null);
+
+ assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject))
+ .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
+ @Test
+ public void apply_inserts_permissions_to_group_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
+
+ underTest.apply(session, permissionTemplate, singletonList(publicProject));
+
+ assertThat(selectProjectPermissionsOfGroup(organization, group, publicProject))
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
+ @Test
+ public void applyDefault_inserts_permissions_to_group_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, perm));
+ dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
+ dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
+
+ underTest.applyDefault(session, organization.getUuid(), publicProject, null);
+
+ assertThat(selectProjectPermissionsOfGroup(organization, group, publicProject))
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
+ @Test
+ public void apply_inserts_permissions_to_user_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
+ dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
+
+ underTest.apply(session, permissionTemplate, singletonList(publicProject));
+
+ assertThat(selectProjectPermissionsOfUser(user, publicProject))
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
+ @Test
+ public void applyDefault_inserts_permissions_to_user_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
+ dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
+ dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
+
+ underTest.applyDefault(session, organization.getUuid(), publicProject, null);
+
+ assertThat(selectProjectPermissionsOfUser(user, publicProject))
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
+ @Test
+ public void apply_inserts_any_permissions_to_user_when_applying_template_on_private_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
+ dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
+
+ underTest.apply(session, permissionTemplate, singletonList(privateProject));
+
+ assertThat(selectProjectPermissionsOfUser(user, privateProject))
+ .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
+ @Test
+ public void applyDefault_inserts_any_permissions_to_user_when_applying_template_on_private_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, perm));
+ dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
+ dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
+
+ underTest.applyDefault(session, organization.getUuid(), privateProject, null);
+
+ assertThat(selectProjectPermissionsOfUser(user, privateProject))
+ .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
+ @Test
+ public void applyDefault_inserts_permissions_to_ProjectCreator_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm));
+ dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");
+ dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
+
+ underTest.applyDefault(session, organization.getUuid(), publicProject, user.getId());
+
+ assertThat(selectProjectPermissionsOfUser(user, publicProject))
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
+ @Test
+ public void applyDefault_inserts_any_permissions_to_ProjectCreator_when_applying_template_on_private_project() {
+ PermissionTemplateDto permissionTemplate = dbTester.permissionTemplates().insertTemplate(organization);
+ ProjectPermissions.ALL
+ .forEach(perm -> dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, perm));
+ dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");
+ dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null);
+
+ underTest.applyDefault(session, organization.getUuid(), privateProject, user.getId());
+
+ assertThat(selectProjectPermissionsOfUser(user, privateProject))
+ .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ }
+
@Test
public void apply_permission_template() {
- OrganizationDto organization = dbTester.organizations().insert();
ComponentDto project = dbTester.components().insertPrivateProject(organization);
GroupDto adminGroup = dbTester.users().insertGroup(organization);
GroupDto userGroup = dbTester.users().insertGroup(organization);
- UserDto user = dbTester.users().insertUser();
dbTester.users().insertPermissionOnGroup(adminGroup, "admin");
dbTester.users().insertPermissionOnGroup(userGroup, "user");
dbTester.users().insertPermissionOnUser(organization, user, "admin");
assertThat(selectProjectPermissionsOfGroup(organization, adminGroup, project)).containsOnly("admin", "issueadmin");
assertThat(selectProjectPermissionsOfGroup(organization, userGroup, project)).containsOnly("user", "codeviewer");
- assertThat(selectProjectPermissionsOfGroup(organization, null, project)).containsOnly("user", "codeviewer");
+ assertThat(selectProjectPermissionsOfGroup(organization, null, project)).isEmpty();
assertThat(selectProjectPermissionsOfUser(user, project)).containsOnly("admin");
checkAuthorizationUpdatedAtIsUpdated(project);
@Test
public void would_user_have_scan_permission_with_default_permission_template() {
- OrganizationDto organization = dbTester.organizations().insert();
- UserDto user = dbTester.users().insertUser();
- GroupDto group = dbTester.users().insertGroup(organization);
dbTester.users().insertMember(group, user);
PermissionTemplateDto template = templateDb.insertTemplate(organization);
dbTester.organizations().setDefaultTemplates(template, null);
OrganizationDto otherOrganization = db.organizations().insert();
db.components().insertPrivateProject(otherOrganization);
- ComponentDto project = db.components().insertPrivateProject(organization);
+ ComponentDto privateProject = db.components().insertPrivateProject(organization);
+ ComponentDto publicProject = db.components().insertPublicProject(organization);
ComponentDto view = db.components().insertView(organization);
loginAsAdmin(organization);
newRequest().setParam(PARAM_TEMPLATE_ID, template1.getUuid()).execute();
- assertTemplate1AppliedToProject(project);
- assertTemplate1AppliedToProject(view);
+ assertTemplate1AppliedToPrivateProject(privateProject);
+ assertTemplate1AppliedToPublicProject(publicProject);
+ assertTemplate1AppliedToPublicProject(view);
}
@Test
@Test
public void bulk_apply_template_by_template_name() throws Exception {
- ComponentDto project = db.components().insertComponent(ComponentTesting.newPrivateProjectDto(organization));
+ ComponentDto privateProject = db.components().insertPrivateProject(organization);
+ ComponentDto publicProject = db.components().insertPublicProject(organization);
loginAsAdmin(organization);
newRequest()
.setParam(PARAM_TEMPLATE_NAME, template1.getName())
.execute();
- assertTemplate1AppliedToProject(project);
+ assertTemplate1AppliedToPrivateProject(privateProject);
+ assertTemplate1AppliedToPublicProject(publicProject);
}
@Test
public void apply_template_by_qualifier() throws Exception {
- ComponentDto project = db.components().insertComponent(ComponentTesting.newPrivateProjectDto(organization));
+ ComponentDto publicProject = db.components().insertPublicProject(organization);
+ ComponentDto privateProject = db.components().insertPrivateProject(organization);
ComponentDto view = db.components().insertComponent(newView(organization));
loginAsAdmin(organization);
newRequest()
.setParam(PARAM_TEMPLATE_ID, template1.getUuid())
- .setParam(PARAM_QUALIFIER, project.qualifier()).execute();
+ .setParam(PARAM_QUALIFIER, privateProject.qualifier()).execute();
- assertTemplate1AppliedToProject(project);
+ assertTemplate1AppliedToPrivateProject(privateProject);
+ assertTemplate1AppliedToPublicProject(publicProject);
assertNoPermissionOnProject(view);
}
+ @Test
+ public void apply_template_by_query_on_name_and_key_public_project() throws Exception {
+ ComponentDto publicProjectFoundByKey = ComponentTesting.newPublicProjectDto(organization).setKey("sonar");
+ db.components().insertProjectAndSnapshot(publicProjectFoundByKey);
+ ComponentDto publicProjectFoundByName = ComponentTesting.newPublicProjectDto(organization).setName("name-sonar-name");
+ db.components().insertProjectAndSnapshot(publicProjectFoundByName);
+ // match must be exact on key
+ ComponentDto projectUntouched = ComponentTesting.newPublicProjectDto(organization).setKey("new-sonar").setName("project-name");
+ db.components().insertProjectAndSnapshot(projectUntouched);
+ loginAsAdmin(organization);
+
+ newRequest()
+ .setParam(PARAM_TEMPLATE_ID, template1.getUuid())
+ .setParam(Param.TEXT_QUERY, "sonar")
+ .execute();
+
+ assertTemplate1AppliedToPublicProject(publicProjectFoundByKey);
+ assertTemplate1AppliedToPublicProject(publicProjectFoundByName);
+ assertNoPermissionOnProject(projectUntouched);
+ }
+
@Test
public void apply_template_by_query_on_name_and_key() throws Exception {
- ComponentDto projectFoundByKey = ComponentTesting.newPrivateProjectDto(organization).setKey("sonar");
- db.components().insertProjectAndSnapshot(projectFoundByKey);
- ComponentDto projectFoundByName = ComponentTesting.newPrivateProjectDto(organization).setName("name-sonar-name");
- db.components().insertProjectAndSnapshot(projectFoundByName);
+ ComponentDto privateProjectFoundByKey = ComponentTesting.newPrivateProjectDto(organization).setKey("sonar");
+ db.components().insertProjectAndSnapshot(privateProjectFoundByKey);
+ ComponentDto privateProjectFoundByName = ComponentTesting.newPrivateProjectDto(organization).setName("name-sonar-name");
+ db.components().insertProjectAndSnapshot(privateProjectFoundByName);
// match must be exact on key
- ComponentDto projectUntouched = ComponentTesting.newPrivateProjectDto(organization).setKey("new-sonar").setName("project-name");
+ ComponentDto projectUntouched = ComponentTesting.newPublicProjectDto(organization).setKey("new-sonar").setName("project-name");
db.components().insertProjectAndSnapshot(projectUntouched);
loginAsAdmin(organization);
.setParam(Param.TEXT_QUERY, "sonar")
.execute();
- assertTemplate1AppliedToProject(projectFoundByKey);
- assertTemplate1AppliedToProject(projectFoundByName);
+ assertTemplate1AppliedToPrivateProject(privateProjectFoundByKey);
+ assertTemplate1AppliedToPrivateProject(privateProjectFoundByName);
assertNoPermissionOnProject(projectUntouched);
}
newRequest().setParam(PARAM_TEMPLATE_ID, "unknown-template-uuid").execute();
}
- private void assertTemplate1AppliedToProject(ComponentDto project) throws Exception {
+ private void assertTemplate1AppliedToPublicProject(ComponentDto project) throws Exception {
+ assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).containsExactly(group1.getName());
+ assertThat(selectProjectPermissionGroups(project, UserRole.USER)).isEmpty();
+ assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
+ assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).isEmpty();
+ assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).containsExactly(user2.getId());
+ }
+
+ private void assertTemplate1AppliedToPrivateProject(ComponentDto project) throws Exception {
assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).containsExactly(group1.getName());
assertThat(selectProjectPermissionGroups(project, UserRole.USER)).containsExactly(group2.getName());
assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();