From 4e61df66209784c4e8539af3749f10bf04db2617 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Vilain Date: Tue, 9 Jul 2013 17:13:43 +0200 Subject: [PATCH] SONAR-4464 Migrate and delete legacy settings defining default roles for each qualifier --- .../core/persistence/DatabaseVersion.java | 2 +- .../org/sonar/core/persistence/rows-h2.sql | 27 +-- .../permission_templates_controller.rb | 12 +- .../views/permission_templates/index.html.erb | 8 +- .../418_migrate_default_permissions.rb | 166 ++++++++++++++++++ .../main/webapp/WEB-INF/db/migrate/README.txt | 5 +- 6 files changed, 198 insertions(+), 22 deletions(-) create mode 100644 sonar-server/src/main/webapp/WEB-INF/db/migrate/418_migrate_default_permissions.rb diff --git a/sonar-core/src/main/java/org/sonar/core/persistence/DatabaseVersion.java b/sonar-core/src/main/java/org/sonar/core/persistence/DatabaseVersion.java index e77f001bd6b..5b10ab4f0bd 100644 --- a/sonar-core/src/main/java/org/sonar/core/persistence/DatabaseVersion.java +++ b/sonar-core/src/main/java/org/sonar/core/persistence/DatabaseVersion.java @@ -33,7 +33,7 @@ import java.util.List; */ public class DatabaseVersion implements BatchComponent, ServerComponent { - public static final int LAST_VERSION = 417; + public static final int LAST_VERSION = 418; public static enum Status { UP_TO_DATE, REQUIRES_UPGRADE, REQUIRES_DOWNGRADE, FRESH_INSTALL diff --git a/sonar-core/src/main/resources/org/sonar/core/persistence/rows-h2.sql b/sonar-core/src/main/resources/org/sonar/core/persistence/rows-h2.sql index 4589151fd6b..dfa2c076a89 100644 --- a/sonar-core/src/main/resources/org/sonar/core/persistence/rows-h2.sql +++ b/sonar-core/src/main/resources/org/sonar/core/persistence/rows-h2.sql @@ -14,17 +14,21 @@ ALTER TABLE GROUP_ROLES ALTER COLUMN ID RESTART WITH 6; INSERT INTO GROUPS_USERS(USER_ID, GROUP_ID) VALUES (1, 1); INSERT INTO GROUPS_USERS(USER_ID, GROUP_ID) VALUES (1, 2); --- see migration 320 -INSERT INTO PROPERTIES(ID, prop_key, resource_id, text_value, user_id) VALUES (1, 'sonar.role.admin.TRK.defaultGroups', NULL, 'sonar-administrators', NULL); -INSERT INTO PROPERTIES(ID, prop_key, resource_id, text_value, user_id) VALUES (2, 'sonar.role.user.TRK.defaultGroups', NULL, 'Anyone,sonar-users', NULL); -INSERT INTO PROPERTIES(ID, prop_key, resource_id, text_value, user_id) VALUES (3, 'sonar.role.codeviewer.TRK.defaultGroups', NULL, 'Anyone,sonar-users', NULL); -INSERT INTO PROPERTIES(ID, prop_key, resource_id, text_value, user_id) VALUES (4, 'sonar.role.admin.VW.defaultGroups', NULL, 'sonar-administrators', NULL); -INSERT INTO PROPERTIES(ID, prop_key, resource_id, text_value, user_id) VALUES (5, 'sonar.role.user.VW.defaultGroups', NULL, 'Anyone,sonar-users', NULL); -INSERT INTO PROPERTIES(ID, prop_key, resource_id, text_value, user_id) VALUES (6, 'sonar.role.codeviewer.VW.defaultGroups', NULL, 'Anyone,sonar-users', NULL); -INSERT INTO PROPERTIES(ID, prop_key, resource_id, text_value, user_id) VALUES (7, 'sonar.role.admin.SVW.defaultGroups', NULL, 'sonar-administrators', NULL); -INSERT INTO PROPERTIES(ID, prop_key, resource_id, text_value, user_id) VALUES (8, 'sonar.role.user.SVW.defaultGroups', NULL, 'Anyone,sonar-users', NULL); -INSERT INTO PROPERTIES(ID, prop_key, resource_id, text_value, user_id) VALUES (9, 'sonar.role.codeviewer.SVW.defaultGroups', NULL, 'Anyone,sonar-users', NULL); -ALTER TABLE PROPERTIES ALTER COLUMN ID RESTART WITH 10; +-- Default permissions - Replaces the previous role-based properties such as 'sonar.role.admin.TRK.defaultGroups' (see migration 418) +INSERT INTO PERMISSION_TEMPLATES(ID, name, description) VALUES (1, 'Default template', 'This permission template will be used as default when no other permission configuration is available'); +ALTER TABLE PERMISSION_TEMPLATES ALTER COLUMN ID RESTART WITH 2; + +INSERT INTO PERM_TEMPLATES_GROUPS(ID, template_id, group_id, permission_reference) VALUES (1, 1, 1, 'admin'); +INSERT INTO PERM_TEMPLATES_GROUPS(ID, template_id, group_id, permission_reference) VALUES (2, 1, 1, 'user'); +INSERT INTO PERM_TEMPLATES_GROUPS(ID, template_id, group_id, permission_reference) VALUES (3, 1, NULL, 'user'); +INSERT INTO PERM_TEMPLATES_GROUPS(ID, template_id, group_id, permission_reference) VALUES (4, 1, 1, 'codeviewer'); +INSERT INTO PERM_TEMPLATES_GROUPS(ID, template_id, group_id, permission_reference) VALUES (5, 1, NULL, 'codeviewer'); +ALTER TABLE PERM_TEMPLATES_GROUPS ALTER COLUMN ID RESTART WITH 6; + +INSERT INTO PROPERTIES(ID, prop_key, resource_id, text_value, user_id) VALUES (1, 'sonar.permission.template.default', NULL, '1', NULL); +ALTER TABLE PROPERTIES ALTER COLUMN ID RESTART WITH 2; +-- Default permissions end + INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('1'); INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('2'); @@ -181,6 +185,7 @@ INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('414'); INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('415'); INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('416'); INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('417'); +INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('418'); INSERT INTO USERS(ID, LOGIN, NAME, EMAIL, CRYPTED_PASSWORD, SALT, CREATED_AT, UPDATED_AT, REMEMBER_TOKEN, REMEMBER_TOKEN_EXPIRES_AT) VALUES (1, 'admin', 'Administrator', '', 'a373a0e667abb2604c1fd571eb4ad47fe8cc0878', '48bc4b0d93179b5103fd3885ea9119498e9d161b', '2011-09-26 22:27:48.0', '2011-09-26 22:27:48.0', null, null); ALTER TABLE USERS ALTER COLUMN ID RESTART WITH 2; diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/permission_templates_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/permission_templates_controller.rb index edc8624ef29..6fa03c175a4 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/permission_templates_controller.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/permission_templates_controller.rb @@ -39,13 +39,19 @@ class PermissionTemplatesController < ApplicationController def index templates_names = Internal.permission_templates.selectAllPermissionTemplates.collect {|t| t.name} @permission_templates = [] - @default_templates_list = [] + @permission_templates_options = [] templates_names.each do |template_name| permission_template = Internal.permission_templates.selectPermissionTemplate(template_name) @permission_templates << permission_template - @default_templates_list << [permission_template.name, permission_template.id] + @permission_templates_options << [permission_template.name, permission_template.id] end @root_qualifiers = get_root_qualifiers + + @default_templates = {} + @root_qualifiers.each do |qualifier| + default_template_property = Property.by_key("sonar.permission.template.#{qualifier}.default") + @default_templates[qualifier] = default_template_property.text_value unless default_template_property.nil? + end end def edit_users @@ -174,7 +180,7 @@ class PermissionTemplatesController < ApplicationController def set_default_template verify_post_request get_root_qualifiers.each do |qualifier| - Property.set("sonar.permission.template.default.#{qualifier}", params["default_template_#{qualifier}"]) + Property.set("sonar.permission.template.#{qualifier}.default", params["default_template_#{qualifier}"]) end redirect_to :action => 'index' end diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/permission_templates/index.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/permission_templates/index.html.erb index 2a7ba3eeee5..208d1af468a 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/permission_templates/index.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/permission_templates/index.html.erb @@ -10,7 +10,7 @@ <% @root_qualifiers.each do |qualifier| %> <%= label_tag("default_template_#{qualifier}", "Default permission template for #{message('qualifier.' + qualifier)}:") %> - <%= select_tag("default_template_#{qualifier}", options_for_select(@default_templates_list, -1)) %> + <%= select_tag("default_template_#{qualifier}", options_for_select(@permission_templates_options, @default_templates[qualifier] ? @default_templates[qualifier].to_i : -1)) %> <% end %>

@@ -51,7 +51,7 @@ <% users=Api::Utils.insensitive_sort(permission_template.getUsersForPermission('admin').collect {|u| u.userName}) - groups=Api::Utils.insensitive_sort(permission_template.getGroupsForPermission('admin').collect {|g| g.groupName}) + groups=Api::Utils.insensitive_sort(permission_template.getGroupsForPermission('admin').collect {|g| g.groupName.blank? ? 'Anyone' : g.groupName}) %> <%= users.join(', ') %> (<%= link_to message('select users'), {:action => :edit_users, :name => permission_template.name, :permission => 'admin'}, @@ -63,7 +63,7 @@ <% users=Api::Utils.insensitive_sort(permission_template.getUsersForPermission('user').collect {|u| u.userName}) - groups=Api::Utils.insensitive_sort(permission_template.getGroupsForPermission('user').collect {|g| g.groupName}) + groups=Api::Utils.insensitive_sort(permission_template.getGroupsForPermission('user').collect {|g| g.groupName.blank? ? 'Anyone' : g.groupName}) %> <%= users.join(', ') %> (<%= link_to message('select users'), {:action => :edit_users, :name => permission_template.name, :permission => 'user'}, @@ -75,7 +75,7 @@ <% users=Api::Utils.insensitive_sort(permission_template.getUsersForPermission('codeviewer').collect {|u| u.userName}) - groups=Api::Utils.insensitive_sort(permission_template.getGroupsForPermission('codeviewer').collect {|g| g.groupName}) + groups=Api::Utils.insensitive_sort(permission_template.getGroupsForPermission('codeviewer').collect {|g| g.groupName.blank? ? 'Anyone' : g.groupName}) %> <%= users.join(', ') %> (<%= link_to message('select users'), {:action => :edit_users, :name => permission_template.name, :permission => 'codeviewer'}, diff --git a/sonar-server/src/main/webapp/WEB-INF/db/migrate/418_migrate_default_permissions.rb b/sonar-server/src/main/webapp/WEB-INF/db/migrate/418_migrate_default_permissions.rb new file mode 100644 index 00000000000..8ed3e31d381 --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/db/migrate/418_migrate_default_permissions.rb @@ -0,0 +1,166 @@ +# +# SonarQube, open source software quality management tool. +# Copyright (C) 2008-2013 SonarSource +# mailto:contact AT sonarsource DOT com +# +# SonarQube is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 3 of the License, or (at your option) any later version. +# +# SonarQube is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# + +# +# @since SonarQube 3.7 +# +class MigrateDefaultPermissions < ActiveRecord::Migration + + ROOT_QUALIFIERS = {:TRK => 'Projects', :VW => 'Views', :SVW => 'Subviews', :DEV => 'Developers'} + + class Group < ActiveRecord::Base + end + + class GroupRole < ActiveRecord::Base + end + + class User < ActiveRecord::Base + end + + class UserRole < ActiveRecord::Base + end + + class Property < ActiveRecord::Base + set_table_name 'properties' + end + + class PermissionTemplate < ActiveRecord::Base + end + + class PermissionTemplateUser < ActiveRecord::Base + set_table_name 'perm_templates_users' + end + + class PermissionTemplateGroup < ActiveRecord::Base + set_table_name 'perm_templates_groups' + end + + def self.up + Group.reset_column_information + GroupRole.reset_column_information + User.reset_column_information + UserRole.reset_column_information + Property.reset_column_information + PermissionTemplate.reset_column_information + PermissionTemplateUser.reset_column_information + PermissionTemplateGroup.reset_column_information + + create_default_permission_template + + migrate_existing_default_permissions + + end + + private + + def self.create_default_permission_template + + default_template = PermissionTemplate.create( + :name => 'Default template', + :description => 'This permission template will be used as default when no other permission configuration is available') + puts('default template created') + + sonar_admins_group = Group.find_by_name('sonar-administrators') + sonar_users_group = Group.find_by_name('sonar-users') + + # sonar-administrators default permissions + if sonar_admins_group + PermissionTemplateGroup.create(:group_id => sonar_admins_group.id, :permission_reference => 'admin', :template_id => default_template.id) + puts('admin template group created') + end + + # sonar-users default permissions + if sonar_users_group + PermissionTemplateGroup.create(:group_id => sonar_users_group.id, :permission_reference => 'user', :template_id => default_template.id) + PermissionTemplateGroup.create(:group_id => sonar_users_group.id, :permission_reference => 'codeviewer', :template_id => default_template.id) + puts('users template group created') + end + + # Anyone group default permissions + PermissionTemplateGroup.create(:group_id => nil, :permission_reference => 'user', :template_id => default_template.id) + PermissionTemplateGroup.create(:group_id => nil, :permission_reference => 'codeviewer', :template_id => default_template.id) + + default_template_key = 'sonar.permission.template.default' + default_template_value = default_template.id.to_s + + Property.create(:prop_key => default_template_key, :text_value => default_template_value) + + end + + def self.migrate_existing_default_permissions + + ROOT_QUALIFIERS.keys.each do |qualifier| + existing_properties = [] + existing_properties << Property.find_by_prop_key("sonar.role.admin.#{qualifier}.defaultGroups") + existing_properties << Property.find_by_prop_key("sonar.role.user.#{qualifier}.defaultGroups") + existing_properties << Property.find_by_prop_key("sonar.role.codeviewer.#{qualifier}.defaultGroups") + existing_properties << Property.find_by_prop_key("sonar.role.admin.#{qualifier}.defaultUsers") + existing_properties << Property.find_by_prop_key("sonar.role.user.#{qualifier}.defaultUsers") + existing_properties << Property.find_by_prop_key("sonar.role.codeviewer.#{qualifier}.defaultUsers") + + existing_properties.reject! {|prop| prop.nil?} + + if existing_properties.length > 0 + migrate_existing_permissions(qualifier, existing_properties) + end + + delete_existing_default_permissions(existing_properties) + end + + end + + def self.migrate_existing_permissions(qualifier, properties) + + unless properties.empty? + + qualifier_template = PermissionTemplate.create( + :name => "Default template for #{ROOT_QUALIFIERS[qualifier]}", + :description => "This template has been automatically created using the previously configured default permissions for #{ROOT_QUALIFIERS[qualifier]}") + + properties.each do |property| + key_fields = property.prop_key.split('.') + value_fields = property.text_value.split(',') + role = key_fields[2] + if 'defaultGroups'.eql?(key_fields[4]) + value_fields.each do |group_name| + group_id = 'Anyone'.eql?(group_name) ? nil : Group.find_by_name(group_name).id + PermissionTemplateGroup.create(:group_id => group_id, :permission_reference => role, :template_id => qualifier_template.id) + end + else + value_fields.each do |user_name| + user = User.find_by_name(user_name) + PermissionTemplateUser.create(:user_id => user.id, :permission_reference => role, :template_id => qualifier_template.id) + end + end + end + + Property.create(:prop_key => "sonar.permission.template.#{qualifier}.default", :text_value => qualifier_template.id) + + end + + end + + def self.delete_existing_default_permissions(properties) + properties.each do |property| + Property.delete(property.id) unless property.nil? + end + end + +end diff --git a/sonar-server/src/main/webapp/WEB-INF/db/migrate/README.txt b/sonar-server/src/main/webapp/WEB-INF/db/migrate/README.txt index a618f27923e..bc8ccac3a03 100644 --- a/sonar-server/src/main/webapp/WEB-INF/db/migrate/README.txt +++ b/sonar-server/src/main/webapp/WEB-INF/db/migrate/README.txt @@ -5,9 +5,8 @@ HOW TO ADD A MIGRATION + sonar-core/src/main/resources/org/sonar/core/persistence/schema-h2.ddl + sonar-core/src/main/resources/org/sonar/core/persistence/rows-h2.sql : - add "INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('')" -* Update the migration id defined in the Java class org.sonar.core.persistence.DatabaseTest -* If a table is added or removed, then update the list org.sonar.core.persistence.DatabaseTest#TABLES - +* Update the migration id defined in sonar-core/src/main/java/org/sonar/core/persistence/DatabaseVersion.java +* If a table is added or removed, then edit sonar-core/src/main/java/org/sonar/core/persistence/DatabaseUtils.java RECOMMENDATIONS -- 2.39.5