package org.sonar.core.permission;
+import org.apache.commons.lang.StringUtils;
import org.apache.ibatis.session.SqlSession;
import org.sonar.api.ServerComponent;
+import org.sonar.api.config.Settings;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.task.TaskComponent;
+import org.sonar.api.web.UserRole;
import org.sonar.core.persistence.MyBatis;
-import org.sonar.core.user.*;
+import org.sonar.core.user.GroupDto;
+import org.sonar.core.user.GroupRoleDto;
+import org.sonar.core.user.RoleDao;
+import org.sonar.core.user.UserDao;
+import org.sonar.core.user.UserRoleDto;
import javax.annotation.Nullable;
import java.util.List;
+import static com.google.common.collect.Lists.newArrayList;
+
/**
* Internal use only
*
private final RoleDao roleDao;
private final UserDao userDao;
private final PermissionTemplateDao permissionTemplateDao;
+ private final Settings settings;
- public PermissionFacade(MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionTemplateDao permissionTemplateDao) {
+ public PermissionFacade(MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionTemplateDao permissionTemplateDao, Settings settings) {
this.myBatis = myBatis;
this.roleDao = roleDao;
this.userDao = userDao;
this.permissionTemplateDao = permissionTemplateDao;
+ this.settings = settings;
}
public void insertUserPermission(@Nullable Long resourceId, Long userId, String permission, @Nullable SqlSession session) {
public List<String> selectUserPermissions(String user, Long componentId) {
return roleDao.selectUserPermissions(user, componentId);
}
+
+ public void grantDefaultRoles(Long componentId, String qualifier) {
+ SqlSession session = myBatis.openSession();
+ try {
+ removeAllPermissions(componentId, session);
+ grantDefaultRoles(componentId, qualifier, UserRole.ADMIN, session);
+ grantDefaultRoles(componentId, qualifier, UserRole.USER, session);
+ grantDefaultRoles(componentId, qualifier, UserRole.CODEVIEWER, session);
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ private void grantDefaultRoles(Long resourceId, String qualifier, String role, SqlSession session) {
+ PermissionTemplateDto applicablePermissionTemplate = getDefaultPermissionTemplate(qualifier);
+
+ List<Long> groupIds = getEligibleGroups(role, applicablePermissionTemplate);
+ for (Long groupId : groupIds) {
+ insertGroupPermission(resourceId, groupId, role, session);
+ }
+
+ List<Long> userIds = getEligibleUsers(role, applicablePermissionTemplate);
+ for (Long userId : userIds) {
+ insertUserPermission(resourceId, userId, role, session);
+ }
+ }
+
+ private List<Long> getEligibleGroups(String role, PermissionTemplateDto permissionTemplate) {
+ List<Long> eligibleGroups = newArrayList();
+ List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions();
+ if (groupsPermissions != null) {
+ for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
+ if (role.equals(groupPermission.getPermission())) {
+ Long groupId = groupPermission.getGroupId() != null ? groupPermission.getGroupId() : null;
+ eligibleGroups.add(groupId);
+ }
+ }
+ }
+ return eligibleGroups;
+ }
+
+ private List<Long> getEligibleUsers(String role, PermissionTemplateDto permissionTemplate) {
+ List<Long> eligibleUsers = newArrayList();
+ List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions();
+ if (usersPermissions != null) {
+ for (PermissionTemplateUserDto userPermission : usersPermissions) {
+ if (role.equals(userPermission.getPermission())) {
+ eligibleUsers.add(userPermission.getUserId());
+ }
+ }
+ }
+ return eligibleUsers;
+ }
+
+ private PermissionTemplateDto getDefaultPermissionTemplate(String qualifier) {
+ String qualifierTemplateKey = settings.getString("sonar.permission.template." + qualifier + ".default");
+ if (!StringUtils.isBlank(qualifierTemplateKey)) {
+ return getPermissionTemplate(qualifierTemplateKey);
+ }
+
+ String defaultTemplateKey = settings.getString("sonar.permission.template.default");
+ if (StringUtils.isBlank(defaultTemplateKey)) {
+ throw new IllegalStateException("At least one default permission template should be defined");
+ }
+ return getPermissionTemplate(defaultTemplateKey);
+ }
}
*/
package org.sonar.core.resource;
-import org.apache.commons.lang.StringUtils;
import org.apache.ibatis.session.SqlSession;
-import org.sonar.api.config.Settings;
import org.sonar.api.resources.Resource;
import org.sonar.api.security.ResourcePermissions;
-import org.sonar.api.web.UserRole;
import org.sonar.core.permission.PermissionFacade;
-import org.sonar.core.permission.PermissionTemplateDto;
-import org.sonar.core.permission.PermissionTemplateGroupDto;
-import org.sonar.core.permission.PermissionTemplateUserDto;
import org.sonar.core.persistence.MyBatis;
import org.sonar.core.user.UserDto;
import org.sonar.core.user.UserMapper;
-import java.util.List;
-
-import static com.google.common.collect.Lists.newArrayList;
-
/**
* @since 3.2
*/
public class DefaultResourcePermissions implements ResourcePermissions {
- private final Settings settings;
private final MyBatis myBatis;
private final PermissionFacade permissionFacade;
- public DefaultResourcePermissions(Settings settings, MyBatis myBatis, PermissionFacade permissionFacade) {
- this.settings = settings;
+ public DefaultResourcePermissions(MyBatis myBatis, PermissionFacade permissionFacade) {
this.myBatis = myBatis;
this.permissionFacade = permissionFacade;
}
}
public void grantDefaultRoles(Resource resource) {
- if (resource.getId() != null) {
- SqlSession session = myBatis.openSession();
- try {
- removeRoles(resource, session);
- grantDefaultRoles(resource, UserRole.ADMIN, session);
- grantDefaultRoles(resource, UserRole.USER, session);
- grantDefaultRoles(resource, UserRole.CODEVIEWER, session);
- session.commit();
- } finally {
- MyBatis.closeQuietly(session);
- }
- }
- }
-
- private void removeRoles(Resource resource, SqlSession session) {
- Long resourceId = Long.valueOf(resource.getId());
- permissionFacade.removeAllPermissions(resourceId, session);
- }
-
- private void grantDefaultRoles(Resource resource, String role, SqlSession session) {
- PermissionTemplateDto applicablePermissionTemplate = getPermissionTemplate(resource.getQualifier());
-
- List<Long> groupIds = getEligibleGroups(role, applicablePermissionTemplate);
- for (Long groupId : groupIds) {
- Long resourceId = Long.valueOf(resource.getId());
- permissionFacade.insertGroupPermission(resourceId, groupId, role, session);
- }
-
- List<Long> userIds = getEligibleUsers(role, applicablePermissionTemplate);
- for (Long userId : userIds) {
- Long resourceId = Long.valueOf(resource.getId());
- permissionFacade.insertUserPermission(resourceId, userId, role, session);
- }
- }
-
- private List<Long> getEligibleGroups(String role, PermissionTemplateDto permissionTemplate) {
- List<Long> eligibleGroups = newArrayList();
- List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions();
- if (groupsPermissions != null) {
- for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
- if (role.equals(groupPermission.getPermission())) {
- Long groupId = groupPermission.getGroupId() != null ? groupPermission.getGroupId() : null;
- eligibleGroups.add(groupId);
- }
- }
- }
- return eligibleGroups;
- }
-
- private List<Long> getEligibleUsers(String role, PermissionTemplateDto permissionTemplate) {
- List<Long> eligibleUsers = newArrayList();
- List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions();
- if (usersPermissions != null) {
- for (PermissionTemplateUserDto userPermission : usersPermissions) {
- if (role.equals(userPermission.getPermission())) {
- eligibleUsers.add(userPermission.getUserId());
- }
- }
- }
- return eligibleUsers;
- }
-
- private PermissionTemplateDto getPermissionTemplate(String qualifier) {
- String qualifierTemplateKey = settings.getString("sonar.permission.template." + qualifier + ".default");
- if (!StringUtils.isBlank(qualifierTemplateKey)) {
- return permissionFacade.getPermissionTemplate(qualifierTemplateKey);
- }
-
- String defaultTemplateKey = settings.getString("sonar.permission.template.default");
- if (StringUtils.isBlank(defaultTemplateKey)) {
- throw new IllegalStateException("At least one default permission template should be defined");
- }
- return permissionFacade.getPermissionTemplate(defaultTemplateKey);
+ permissionFacade.grantDefaultRoles(Long.valueOf(resource.getId()), resource.getQualifier());
}
}
}
}
+ /**
+ * Return provisioned projects = enabled projects without snapshot
+ */
+ public List<Component> selectProvisionedProjects(Collection<String> qualifiers) {
+ if (qualifiers.isEmpty()) {
+ return Collections.emptyList();
+ }
+ SqlSession session = mybatis.openSession();
+ try {
+ return toComponents(session.getMapper(ResourceMapper.class).selectProvisionedProjects(qualifiers));
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
public static ComponentDto toComponent(ResourceDto resourceDto){
return new ComponentDto()
.setId(resourceDto.getId())
List<ResourceDto> selectGhostsProjects(@Param("qualifiers") Collection<String> qualifier);
+ List<ResourceDto> selectProvisionedProjects(@Param("qualifiers") Collection<String> qualifier);
+
void insert(ResourceDto resource);
void update(ResourceDto resource);
</where>
</select>
+ <select id="selectProvisionedProjects" parameterType="map" resultMap="resourceResultMap">
+ select p.* from projects p
+ left join snapshots s on s.project_id=p.id
+ <where>
+ and s.id is null
+ <if test="qualifiers != null and qualifiers.size() > 0">
+ and <foreach item="qualifier" index="index" collection="qualifiers" open="(" separator=" or " close=")">p.qualifier=#{qualifier}
+ </foreach>
+ </if>
+ and p.copy_resource_id is null
+ </where>
+ </select>
+
<select id="selectAuthorizedChildrenComponentIds" parameterType="map" resultType="int">
<include refid="selectAuthorizedChildrenComponentIdsQuery" />
</select>
package org.sonar.core.permission;
+import org.sonar.api.config.Settings;
+
import org.apache.ibatis.session.SqlSession;
import org.junit.Before;
import org.junit.Rule;
import org.sonar.core.persistence.MyBatis;
import org.sonar.core.user.RoleDao;
import org.sonar.core.user.UserDao;
-
import static org.fest.assertions.Assertions.assertThat;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
RoleDao roleDao = new RoleDao(getMyBatis());
UserDao userDao = new UserDao(getMyBatis());
permissionTemplateDao = new PermissionTemplateDao(getMyBatis());
- permissionFacade = new PermissionFacade(getMyBatis(), roleDao, userDao, permissionTemplateDao);
+ Settings settings = new Settings();
+ permissionFacade = new PermissionFacade(getMyBatis(), roleDao, userDao, permissionTemplateDao, settings);
}
@Test
when(permissionTemplateDao.selectTemplateByKey("test_template")).thenReturn(permissionTemplateDto);
when(permissionTemplateDao.selectPermissionTemplate("Test template")).thenReturn(templateWithPermissions);
- permissionFacade = new PermissionFacade(null, null, null, permissionTemplateDao);
+ permissionFacade = new PermissionFacade(null, null, null, permissionTemplateDao, null);
PermissionTemplateDto permissionTemplate = permissionFacade.getPermissionTemplate("test_template");
permissionTemplateDao = mock(PermissionTemplateDao.class);
- permissionFacade = new PermissionFacade(null, null, null, permissionTemplateDao);
+ permissionFacade = new PermissionFacade(null, null, null, permissionTemplateDao, null);
permissionFacade.getPermissionTemplate("unmatched");
}
public void initResourcePermissions() {
settings = new Settings();
PermissionFacade permissionFacade = new PermissionFacade(getMyBatis(),
- new RoleDao(getMyBatis()), new UserDao(getMyBatis()), new PermissionTemplateDao(getMyBatis()));
- permissions = new DefaultResourcePermissions(settings, getMyBatis(), permissionFacade);
+ new RoleDao(getMyBatis()), new UserDao(getMyBatis()), new PermissionTemplateDao(getMyBatis()), settings);
+ permissions = new DefaultResourcePermissions(getMyBatis(), permissionFacade);
}
@Test