break;
case REMOVE:
checkAdminUsersExistOutsideTheRemovedGroup(dbSession, change);
- GroupPermissionDto deletedDto = new GroupPermissionDto()
- .setRole(change.getPermission())
- .setOrganizationUuid(change.getOrganizationUuid())
- .setGroupId(change.getGroupIdOrAnyone().getId())
- .setResourceId(change.getNullableProjectId());
- dbClient.roleDao().deleteGroupRole(deletedDto, dbSession);
+ dbClient.groupPermissionDao().delete(dbSession,
+ change.getPermission(),
+ change.getOrganizationUuid(),
+ change.getGroupIdOrAnyone().getId(),
+ change.getNullableProjectId());
break;
default:
throw new UnsupportedOperationException("Unsupported permission change: " + change.getOperation());
mapper(dbSession).deleteByRootComponentId(rootComponentId);
}
+ /**
+ * Delete a single permission. It can be:
+ * <ul>
+ * <li>a global permission granted to a group</li>
+ * <li>a global permission granted to anyone</li>
+ * <li>a permission granted to a group for a project</li>
+ * <li>a permission granted to anyone for a project</li>
+ * </ul>
+ * @param dbSession
+ * @param permission the kind of permission
+ * @param organizationUuid UUID of organization, even if parameter {@code groupId} is not null
+ * @param groupId if null, then anyone, else id of group
+ * @param rootComponentId if null, then global permission, else id of root component (project)
+ */
+ public void delete(DbSession dbSession, String permission, String organizationUuid, @Nullable Long groupId, @Nullable Long rootComponentId) {
+ mapper(dbSession).delete(permission, organizationUuid, groupId, rootComponentId);
+ }
+
private static GroupPermissionMapper mapper(DbSession session) {
return session.getMapper(GroupPermissionMapper.class);
}
void insert(GroupPermissionDto dto);
void deleteByRootComponentId(@Param("rootComponentId") long componentId);
+
+ void delete(@Param("permission") String permission, @Param("organizationUuid") String organizationUuid,
+ @Nullable @Param("groupId") Long groupId, @Nullable @Param("rootComponentId") Long rootComponentId);
}
this.settings = settings;
}
- public void deleteGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, DbSession session) {
- GroupPermissionDto groupRole = new GroupPermissionDto()
- .setRole(permission)
- .setGroupId(groupId)
- .setResourceId(resourceId);
- updateProjectAuthorizationDate(session, resourceId);
- dbClient.roleDao().deleteGroupRole(groupRole, session);
- }
-
/**
* For each modification of permission on a project, update the authorization_updated_at to help ES reindex only relevant changes
*/
import org.sonar.api.security.DefaultGroups;
import org.sonar.db.Dao;
import org.sonar.db.DbSession;
-import org.sonar.db.permission.GroupPermissionDto;
public class RoleDao implements Dao {
return session.getMapper(RoleMapper.class).selectGroupPermissions(groupName, resourceId, DefaultGroups.isAnyone(groupName));
}
- /**
- * @deprecated does not support organizations on anyone groups
- */
- @Deprecated
- public void deleteGroupRole(GroupPermissionDto groupRole, DbSession session) {
- mapper(session).deleteGroupRole(groupRole);
- }
-
private static int countResourceGroupRoles(DbSession session, Long resourceId) {
return mapper(session).countResourceGroupRoles(resourceId);
}
import java.util.List;
import javax.annotation.Nullable;
import org.apache.ibatis.annotations.Param;
-import org.sonar.db.permission.GroupPermissionDto;
/**
* @since 3.2
*/
List<String> selectGroupPermissions(@Param("groupName") String groupName, @Nullable @Param("resourceId") Long resourceId, @Param("isAnyOneGroup") Boolean isAnyOneGroup);
- void deleteGroupRole(GroupPermissionDto dto);
-
int countResourceGroupRoles(Long resourceId);
int countResourceUserRoles(long resourceId);
delete from group_roles
where resource_id=#{rootComponentId,jdbcType=BIGINT}
</delete>
+
+ <delete id="delete" parameterType="map">
+ delete from group_roles
+ where
+ role=#{permission,jdbcType=VARCHAR} and
+ organization_uuid=#{organizationUuid,jdbcType=VARCHAR} and
+ <choose>
+ <when test="rootComponentId != null">
+ resource_id=#{rootComponentId,jdbcType=BIGINT}
+ </when>
+ <otherwise>
+ resource_id is null
+ </otherwise>
+ </choose>
+ and
+ <choose>
+ <when test="groupId != null">
+ group_id=#{groupId,jdbcType=BIGINT}
+ </when>
+ <otherwise>
+ group_id is null
+ </otherwise>
+ </choose>
+ </delete>
+
</mapper>
</where>
</select>
- <delete id="deleteGroupRole" parameterType="map">
- DELETE FROM group_roles
- WHERE role=#{role}
- AND
- <choose>
- <when test="resourceId != null">
- resource_id=#{resourceId}
- </when>
- <otherwise>
- resource_id IS NULL
- </otherwise>
- </choose>
- AND
- <choose>
- <when test="groupId != null">
- group_id=#{groupId}
- </when>
- <otherwise>
- group_id IS NULL
- </otherwise>
- </choose>
- </delete>
-
<select id="countResourceUserRoles" parameterType="long" resultType="int">
SELECT count(1)
FROM user_roles WHERE resource_id=#{id}
assertThat(db.countSql("select count(id) from group_roles where resource_id=" + project1.getId())).isEqualTo(0);
assertThat(db.countRowsOfTable("group_roles")).isEqualTo(2);
}
+
+ @Test
+ public void delete_global_permission_from_group() {
+ GroupDto group1 = db.users().insertGroup();
+ ComponentDto project1 = db.components().insertProject();
+ db.users().insertPermissionOnAnyone("perm1");
+ db.users().insertPermissionOnGroup(group1, "perm2");
+ db.users().insertProjectPermissionOnGroup(group1, "perm3", project1);
+ db.users().insertProjectPermissionOnAnyone("perm4", project1);
+
+ underTest.delete(dbSession, "perm2", group1.getOrganizationUuid(), group1.getId(), null);
+ dbSession.commit();
+
+ assertThatNoPermission("perm2");
+ assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3);
+ }
+
+ @Test
+ public void delete_global_permission_from_anyone() {
+ GroupDto group1 = db.users().insertGroup();
+ ComponentDto project1 = db.components().insertProject();
+ db.users().insertPermissionOnAnyone("perm1");
+ db.users().insertPermissionOnGroup(group1, "perm2");
+ db.users().insertProjectPermissionOnGroup(group1, "perm3", project1);
+ db.users().insertProjectPermissionOnAnyone("perm4", project1);
+
+ underTest.delete(dbSession, "perm1", group1.getOrganizationUuid(), null, null);
+ dbSession.commit();
+
+ assertThatNoPermission("perm1");
+ assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3);
+ }
+
+ @Test
+ public void delete_project_permission_from_group() {
+ GroupDto group1 = db.users().insertGroup();
+ ComponentDto project1 = db.components().insertProject();
+ db.users().insertPermissionOnAnyone("perm1");
+ db.users().insertPermissionOnGroup(group1, "perm2");
+ db.users().insertProjectPermissionOnGroup(group1, "perm3", project1);
+ db.users().insertProjectPermissionOnAnyone("perm4", project1);
+
+ underTest.delete(dbSession, "perm3", group1.getOrganizationUuid(), group1.getId(), project1.getId());
+ dbSession.commit();
+
+ assertThatNoPermission("perm3");
+ assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3);
+ }
+
+ @Test
+ public void delete_project_permission_from_anybody() {
+ GroupDto group1 = db.users().insertGroup();
+ ComponentDto project1 = db.components().insertProject();
+ db.users().insertPermissionOnAnyone("perm1");
+ db.users().insertPermissionOnGroup(group1, "perm2");
+ db.users().insertProjectPermissionOnGroup(group1, "perm3", project1);
+ db.users().insertProjectPermissionOnAnyone("perm4", project1);
+
+ underTest.delete(dbSession, "perm4", group1.getOrganizationUuid(), null, project1.getId());
+ dbSession.commit();
+
+ assertThatNoPermission("perm4");
+ assertThat(db.countRowsOfTable("group_roles")).isEqualTo(3);
+ }
+
+ private void assertThatNoPermission(String permission) {
+ assertThat(db.countSql("select count(id) from group_roles where role='" + permission + "'")).isEqualTo(0);
+ }
}
dbTester.assertDbUnitTable(getClass(), "apply_default_permission_template-result.xml", "user_roles", "user_id", "resource_id", "role");
}
- @Test
- public void should_delete_group_permission() {
- dbTester.prepareDbUnit(getClass(), "should_delete_group_permission.xml");
-
- underTest.deleteGroupPermission(PROJECT.getId(), 100L, UserRole.USER, session);
- session.commit();
-
- dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
- dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "projects", "authorization_updated_at");
- checkAuthorizationUpdatedAtIsUpdated();
- }
-
@Test
public void would_user_have_permission_with_default_permission_template() {
UserDto user = dbTester.users().insertUser();
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
-import org.sonar.db.permission.GroupPermissionDto;
import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.db.user.GroupTesting.newGroupDto;
assertThat(underTest.selectGroupPermissions(db.getSession(), "sonar-users", 1L)).containsOnly(UserRole.CODEVIEWER);
}
- @Test
- public void delete_global_group_permission() {
- db.prepareDbUnit(getClass(), "globalGroupPermissions.xml");
-
- GroupPermissionDto groupRoleToDelete = new GroupPermissionDto().setGroupId(100L).setRole(GlobalPermissions.QUALITY_PROFILE_ADMIN);
-
- underTest.deleteGroupRole(groupRoleToDelete, db.getSession());
- db.getSession().commit();
-
- db.assertDbUnit(getClass(), "globalGroupPermissions-result.xml", "group_roles");
- }
-
- @Test
- public void delete_resource_group_permission() {
- db.prepareDbUnit(getClass(), "resourceGroupPermissions.xml");
-
- GroupPermissionDto groupRoleToDelete = new GroupPermissionDto().setGroupId(100L).setRole(UserRole.CODEVIEWER).setResourceId(1L);
-
- underTest.deleteGroupRole(groupRoleToDelete, db.getSession());
- db.getSession().commit();
-
- db.assertDbUnit(getClass(), "resourceGroupPermissions-result.xml", "group_roles");
- }
-
@Test
public void delete_all_group_permissions_by_group_id() {
db.prepareDbUnit(getClass(), "deleteGroupPermissionsByGroupId.xml");
return insertGroup(group);
}
+ /**
+ * Create group in default organization
+ */
+ public GroupDto insertGroup() {
+ GroupDto group = newGroupDto().setOrganizationUuid(db.getDefaultOrganization().getUuid());
+ return insertGroup(group);
+ }
+
public GroupDto insertGroup(GroupDto dto) {
db.getDbClient().groupDao().insert(db.getSession(), dto);
db.commit();
+++ /dev/null
-<dataset>
-
- <groups id="100"
- name="devs"
- organization_uuid="org1"/>
-
- <group_roles id="1"
- group_id="100"
- resource_id="123"
- role="admin"
- organization_uuid="org1"/>
-
- <projects uuid="A"
- uuid_path="NOT_USED"
- root_uuid="A"
- scope="PRJ"
- qualifier="TRK"
- kee="org.struts:struts"
- name="Struts"
- description="the description"
- long_name="Apache Struts"
- enabled="[true]"
- language="java"
- copy_component_uuid="[null]"
- developer_uuid="[null]"
- path="[null]"
- authorization_updated_at="123456789"
- id="123"/>
-
-</dataset>
+++ /dev/null
-<dataset>
-
- <groups id="100"
- name="devs"
- organization_uuid="org1"/>
-
- <group_roles id="1"
- group_id="100"
- resource_id="123"
- role="admin"
- organization_uuid="org1"/>
- <group_roles id="2"
- group_id="100"
- resource_id="123"
- role="user"
- organization_uuid="org1"/>
-
- <projects uuid="A"
- uuid_path="NOT_USED"
- root_uuid="A"
- scope="PRJ"
- qualifier="TRK"
- kee="org.struts:struts"
- name="Struts"
- description="the description"
- long_name="Apache Struts"
- enabled="[true]"
- language="java"
- copy_component_uuid="[null]"
- developer_uuid="[null]"
- path="[null]"
- authorization_updated_at="123456789"
- id="123"/>
-
-</dataset>
projects / sonarqube.git / commitdiff