From 5940540dd829e383249a74763c1b1aabf5761d4e Mon Sep 17 00:00:00 2001
From: Teryk Bellahsene <teryk.bellahsene@sonarsource.com>
Date: Tue, 14 Jun 2016 19:32:34 +0200
Subject: [PATCH] SONAR-7747 Replace project creator by current user when
 creating a project

---
 .../server/permission/PermissionService.java  |   6 +-
 .../db/permission/PermissionRepository.java   |  55 +++++---
 .../db/permission/PermissionTemplateDao.java  |  47 ++++---
 .../db/permission/PermissionTemplateDto.java  |  11 ++
 .../permission/PermissionTemplateMapper.java  |   2 +
 .../permission/PermissionTemplateMapper.xml   |  20 +++
 .../permission/PermissionRepositoryTest.java  |   6 +-
 .../permission/PermissionTemplateDaoTest.java | 133 +++++++++++-------
 .../permission/PermissionTemplateTesting.java |  10 ++
 ...ply_default_permission_template-result.xml |   5 +-
 .../apply_default_permission_template.xml     |  33 +++--
 ...ission_template_by_component_id-result.xml |  37 +++++
 ...lt_permission_template_by_component_id.xml |  31 ++++
 13 files changed, 288 insertions(+), 108 deletions(-)
 create mode 100644 sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template_by_component_id-result.xml
 create mode 100644 sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template_by_component_id.xml

diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java
index bfa7d74e1c8..03c9c8e5c52 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionService.java
@@ -20,6 +20,7 @@
 package org.sonar.server.permission;
 
 import java.util.List;
+import org.sonar.api.resources.Qualifiers;
 import org.sonar.api.server.ServerSide;
 import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbClient;
@@ -73,7 +74,10 @@ public class PermissionService {
     } else {
       userSession.checkPermission(GlobalPermissions.PROVISIONING);
     }
-    permissionRepository.applyDefaultPermissionTemplate(session, component);
+
+    Integer currentUserId = userSession.getUserId();
+    Long userId = Qualifiers.PROJECT.equals(component.qualifier()) && currentUserId != null ? currentUserId.longValue() : null;
+    permissionRepository.applyDefaultPermissionTemplate(session, component, userId);
     session.commit();
     indexProjectPermissions();
   }
diff --git a/sonar-db/src/main/java/org/sonar/db/permission/PermissionRepository.java b/sonar-db/src/main/java/org/sonar/db/permission/PermissionRepository.java
index 22f62301b47..7e0361a3588 100644
--- a/sonar-db/src/main/java/org/sonar/db/permission/PermissionRepository.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/PermissionRepository.java
@@ -23,6 +23,8 @@ import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
 import javax.annotation.Nullable;
 import org.apache.commons.lang.StringUtils;
 import org.sonar.api.config.Settings;
@@ -30,10 +32,13 @@ import org.sonar.api.security.DefaultGroups;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto;
 import org.sonar.db.user.GroupDto;
 import org.sonar.db.user.GroupRoleDto;
 import org.sonar.db.user.UserRoleDto;
 
+import static java.util.Objects.requireNonNull;
+
 /**
  * This facade wraps db operations related to permissions
  * <p/>
@@ -137,23 +142,30 @@ public class PermissionRepository {
   }
 
   public void applyPermissionTemplate(DbSession session, String templateUuid, long resourceId) {
+    applyPermissionTemplate(session, templateUuid, resourceId, null);
+  }
+
+  private void applyPermissionTemplate(DbSession session, String templateUuid, long componentId, @Nullable Long currentUserId) {
     PermissionTemplateDto permissionTemplate = dbClient.permissionTemplateDao().selectPermissionTemplateWithPermissions(session, templateUuid);
-    updateProjectAuthorizationDate(session, resourceId);
-    dbClient.roleDao().removeAllPermissions(session, resourceId);
-    List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions();
-    //TODO should return an empty list if there's no user permissions
-    if (usersPermissions != null) {
-      for (PermissionTemplateUserDto userPermission : usersPermissions) {
-        insertUserPermission(resourceId, userPermission.getUserId(), userPermission.getPermission(), false, session);
-      }
-    }
-    List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions();
-    //TODO should return an empty list if there's no group permission
-    if (groupsPermissions != null) {
-      for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
-        Long groupId = groupPermission.getGroupId() == null ? null : groupPermission.getGroupId();
-        insertGroupPermission(resourceId, groupId, groupPermission.getPermission(), false, session);
-      }
+    updateProjectAuthorizationDate(session, componentId);
+    dbClient.roleDao().removeAllPermissions(session, componentId);
+
+    List<PermissionTemplateUserDto> usersPermissions = requireNonNull(permissionTemplate.getUsersPermissions());
+    usersPermissions.forEach(userPermission -> insertUserPermission(componentId, userPermission.getUserId(), userPermission.getPermission(), false, session));
+
+    List<PermissionTemplateGroupDto> groupsPermissions = requireNonNull(permissionTemplate.getGroupsPermissions());
+    groupsPermissions.forEach(groupPermission -> insertGroupPermission(componentId, groupPermission.getGroupId(), groupPermission.getPermission(), false, session));
+
+    List<PermissionTemplateCharacteristicDto> characteristics = requireNonNull(permissionTemplate.getCharacteristics());
+    if (currentUserId != null) {
+      Set<String> permissionsForCurrentUserAlreadyInDb = usersPermissions.stream()
+        .filter(userPermission -> currentUserId.equals(userPermission.getUserId()))
+        .map(PermissionTemplateUserDto::getPermission)
+        .collect(Collectors.toSet());
+      characteristics.stream()
+        .filter(PermissionTemplateCharacteristicDto::getWithProjectCreator)
+        .filter(characteristic -> !permissionsForCurrentUserAlreadyInDb.contains(characteristic.getPermission()))
+        .forEach(characteristic -> insertUserPermission(componentId, currentUserId, characteristic.getPermission(), false, session));
     }
   }
 
@@ -162,12 +174,12 @@ public class PermissionRepository {
    */
   public void applyDefaultPermissionTemplate(DbSession session, long componentId) {
     ComponentDto component = dbClient.componentDao().selectOrFailById(session, componentId);
-    applyDefaultPermissionTemplate(session, component);
+    applyDefaultPermissionTemplate(session, component, null);
   }
 
-  public void applyDefaultPermissionTemplate(DbSession session, ComponentDto componentDto) {
-    String applicablePermissionTemplateKey = getApplicablePermissionTemplateKey(session, componentDto.getKey(), componentDto.qualifier());
-    applyPermissionTemplate(session, applicablePermissionTemplateKey, componentDto.getId());
+  public void applyDefaultPermissionTemplate(DbSession dbSession, ComponentDto componentDto, @Nullable Long userId) {
+    String applicablePermissionTemplateKey = getApplicablePermissionTemplateKey(dbSession, componentDto.getKey(), componentDto.qualifier());
+    applyPermissionTemplate(dbSession, applicablePermissionTemplateKey, componentDto.getId(), userId);
   }
 
   /**
@@ -210,7 +222,8 @@ public class PermissionRepository {
       }
       throw new IllegalStateException(MessageFormat.format(
         "The \"{0}\" key matches multiple permission templates: {1}."
-          + " A system administrator must update these templates so that only one of them matches the key.", componentKey,
+          + " A system administrator must update these templates so that only one of them matches the key.",
+        componentKey,
         templatesNames.toString()));
     }
   }
diff --git a/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateDao.java b/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateDao.java
index 61869c93115..d327cee447c 100644
--- a/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateDao.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateDao.java
@@ -19,10 +19,6 @@
  */
 package org.sonar.db.permission;
 
-import static com.google.common.collect.Maps.newHashMap;
-import static java.lang.String.format;
-import static org.sonar.db.DatabaseUtils.executeLargeInputsWithoutOutput;
-
 import com.google.common.annotations.VisibleForTesting;
 import java.util.Date;
 import java.util.HashMap;
@@ -40,8 +36,14 @@ import org.sonar.api.web.UserRole;
 import org.sonar.db.Dao;
 import org.sonar.db.DbSession;
 import org.sonar.db.MyBatis;
+import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto;
 import org.sonar.db.permission.template.PermissionTemplateCharacteristicMapper;
 
+import static com.google.common.collect.Maps.newHashMap;
+import static java.lang.String.format;
+import static java.util.Collections.emptyList;
+import static org.sonar.db.DatabaseUtils.executeLargeInputsWithoutOutput;
+
 public class PermissionTemplateDao implements Dao {
 
   public static final String QUERY_PARAMETER = "query";
@@ -155,18 +157,26 @@ public class PermissionTemplateDao implements Dao {
 
   @CheckForNull
   public PermissionTemplateDto selectByUuidWithUserAndGroupPermissions(DbSession session, String templateUuid) {
-    PermissionTemplateDto permissionTemplate;
+    PermissionTemplateDto template;
     PermissionTemplateMapper mapper = mapper(session);
-    permissionTemplate = mapper.selectByUuid(templateUuid);
-    PermissionTemplateDto templateUsersPermissions = mapper.selectTemplateUsersPermissions(templateUuid);
-    if (templateUsersPermissions != null) {
-      permissionTemplate.setUsersPermissions(templateUsersPermissions.getUsersPermissions());
+    template = mapper.selectByUuid(templateUuid);
+    if (template == null) {
+      return null;
     }
-    PermissionTemplateDto templateGroupsPermissions = mapper.selectTemplateGroupsPermissions(templateUuid);
-    if (templateGroupsPermissions != null) {
-      permissionTemplate.setGroupsByPermission(templateGroupsPermissions.getGroupsPermissions());
-    }
-    return permissionTemplate;
+
+    PermissionTemplateDto templateWithUserPermissions = mapper.selectTemplateUsersPermissions(templateUuid);
+    List<PermissionTemplateUserDto> userPermissions = templateWithUserPermissions == null ? emptyList() : templateWithUserPermissions.getUsersPermissions();
+    template.setUsersPermissions(userPermissions);
+
+    PermissionTemplateDto templateWithGroupPermissions = mapper.selectTemplateGroupsPermissions(templateUuid);
+    List<PermissionTemplateGroupDto> groupPermissions = templateWithGroupPermissions == null ? emptyList() : templateWithGroupPermissions.getGroupsPermissions();
+    template.setGroupsByPermission(groupPermissions);
+
+    PermissionTemplateDto templateWithCharacteristics = mapper.selectTemplateCharacteristics(templateUuid);
+    List<PermissionTemplateCharacteristicDto> characteristics = templateWithCharacteristics == null ? emptyList() : templateWithCharacteristics.getCharacteristics();
+    template.setCharacteristics(characteristics);
+
+    return template;
   }
 
   @CheckForNull
@@ -384,15 +394,14 @@ public class PermissionTemplateDao implements Dao {
   }
 
   /**
-   * Load permission template and load associated collections of users and groups permissions
+   * Load permission template and load associated collections of users and groups permissions, and characteristics
    */
-  @VisibleForTesting
   PermissionTemplateDto selectPermissionTemplateWithPermissions(DbSession session, String templateUuid) {
-    PermissionTemplateDto permissionTemplateDto = selectByUuid(session, templateUuid);
-    if (permissionTemplateDto == null) {
+    PermissionTemplateDto template = selectByUuid(session, templateUuid);
+    if (template == null) {
       throw new IllegalArgumentException("Could not retrieve permission template with uuid " + templateUuid);
     }
-    PermissionTemplateDto templateWithPermissions = selectByUuidWithUserAndGroupPermissions(session, permissionTemplateDto.getUuid());
+    PermissionTemplateDto templateWithPermissions = selectByUuidWithUserAndGroupPermissions(session, template.getUuid());
     if (templateWithPermissions == null) {
       throw new IllegalArgumentException("Could not retrieve permissions for template with uuid " + templateUuid);
     }
diff --git a/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateDto.java b/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateDto.java
index ad14008096f..e268ffa0075 100644
--- a/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateDto.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateDto.java
@@ -23,6 +23,7 @@ import java.util.Date;
 import java.util.List;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nullable;
+import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto;
 
 public class PermissionTemplateDto {
 
@@ -33,6 +34,7 @@ public class PermissionTemplateDto {
   private String keyPattern;
   private List<PermissionTemplateUserDto> usersPermissions;
   private List<PermissionTemplateGroupDto> groupsPermissions;
+  private List<PermissionTemplateCharacteristicDto> characteristics;
   private Date createdAt;
   private Date updatedAt;
 
@@ -143,4 +145,13 @@ public class PermissionTemplateDto {
     this.updatedAt = updatedAt;
     return this;
   }
+
+  public List<PermissionTemplateCharacteristicDto> getCharacteristics() {
+    return characteristics;
+  }
+
+  public PermissionTemplateDto setCharacteristics(List<PermissionTemplateCharacteristicDto> characteristics) {
+    this.characteristics = characteristics;
+    return this;
+  }
 }
diff --git a/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateMapper.java b/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateMapper.java
index afb01562a94..1551cef2adb 100644
--- a/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateMapper.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/PermissionTemplateMapper.java
@@ -50,6 +50,8 @@ public interface PermissionTemplateMapper {
 
   PermissionTemplateDto selectTemplateGroupsPermissions(String templateKey);
 
+  PermissionTemplateDto selectTemplateCharacteristics(String templateKey);
+
   void insertUserPermission(PermissionTemplateUserDto permissionTemplateUser);
 
   void insertGroupPermission(PermissionTemplateGroupDto permissionTemplateGroup);
diff --git a/sonar-db/src/main/resources/org/sonar/db/permission/PermissionTemplateMapper.xml b/sonar-db/src/main/resources/org/sonar/db/permission/PermissionTemplateMapper.xml
index e7df62ba258..f84b0231441 100644
--- a/sonar-db/src/main/resources/org/sonar/db/permission/PermissionTemplateMapper.xml
+++ b/sonar-db/src/main/resources/org/sonar/db/permission/PermissionTemplateMapper.xml
@@ -254,6 +254,21 @@
     AND (g.name IS NOT NULL OR ptg.group_id IS NULL)
   </select>
 
+  <select id="selectTemplateCharacteristics" parameterType="String" resultMap="fullPermissionsTemplateResult">
+    SELECT pt.id AS template_id,
+    pt.name AS template_name,
+    pt.description AS template_description,
+    pt.key_pattern AS template_key_pattern,
+    pt.created_at AS template_created_at,
+    pt.updated_at AS template_updated_at,
+    ptc.id AS permission_template_characteristic_id,
+    ptc.permission_key AS characteristic_permission,
+    ptc.with_project_creator AS with_project_creator
+    FROM permission_templates pt
+      INNER JOIN perm_tpl_characteristics ptc ON ptc.template_id = pt.id
+    WHERE pt.kee = #{templateKey}
+  </select>
+
   <select id="usersCountByTemplateIdAndPermission" parameterType="map"
           resultType="org.sonar.db.permission.CountByTemplateAndPermissionDto">
     SELECT ptu.template_id as templateId, ptu.permission_reference as permission, count(u.login) as count
@@ -313,6 +328,11 @@
       <result property="permission" column="group_permission"/>
       <result property="groupName" column="group_name"/>
     </collection>
+    <collection property="characteristics" ofType="TemplatePermission">
+      <id property="id" column="permission_template_characteristic_id"/>
+      <result property="permission" column="characteristic_permission"/>
+      <result property="withProjectCreator" column="with_project_creator"/>
+    </collection>
   </resultMap>
 
 </mapper>
diff --git a/sonar-db/src/test/java/org/sonar/db/permission/PermissionRepositoryTest.java b/sonar-db/src/test/java/org/sonar/db/permission/PermissionRepositoryTest.java
index fbce7f1857e..bd307d7be18 100644
--- a/sonar-db/src/test/java/org/sonar/db/permission/PermissionRepositoryTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/permission/PermissionRepositoryTest.java
@@ -81,13 +81,13 @@ public class PermissionRepositoryTest {
 
   @Test
   public void apply_default_permission_template_from_component_id() {
-    dbTester.prepareDbUnit(getClass(), "apply_default_permission_template.xml");
+    dbTester.prepareDbUnit(getClass(), "apply_default_permission_template_by_component_id.xml");
     settings.setProperty("sonar.permission.template.default", DEFAULT_TEMPLATE);
 
     underTest.applyDefaultPermissionTemplate(session, PROJECT_ID);
     session.commit();
 
-    dbTester.assertDbUnitTable(getClass(), "apply_default_permission_template-result.xml", "user_roles", "user_id", "resource_id", "role");
+    dbTester.assertDbUnitTable(getClass(), "apply_default_permission_template_by_component_id-result.xml", "user_roles", "user_id", "resource_id", "role");
   }
 
   @Test
@@ -95,7 +95,7 @@ public class PermissionRepositoryTest {
     dbTester.prepareDbUnit(getClass(), "apply_default_permission_template.xml");
     settings.setProperty("sonar.permission.template.default", DEFAULT_TEMPLATE);
 
-    underTest.applyDefaultPermissionTemplate(session, dbTester.getDbClient().componentDao().selectOrFailByKey(session, "org.struts:struts"));
+    underTest.applyDefaultPermissionTemplate(session, dbTester.getDbClient().componentDao().selectOrFailByKey(session, "org.struts:struts"), 201L);
     session.commit();
 
     dbTester.assertDbUnitTable(getClass(), "apply_default_permission_template-result.xml", "user_roles", "user_id", "resource_id", "role");
diff --git a/sonar-db/src/test/java/org/sonar/db/permission/PermissionTemplateDaoTest.java b/sonar-db/src/test/java/org/sonar/db/permission/PermissionTemplateDaoTest.java
index b99319fa790..a51fe643ccd 100644
--- a/sonar-db/src/test/java/org/sonar/db/permission/PermissionTemplateDaoTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/permission/PermissionTemplateDaoTest.java
@@ -19,17 +19,6 @@
  */
 package org.sonar.db.permission;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-import static org.sonar.api.web.UserRole.ADMIN;
-import static org.sonar.api.web.UserRole.CODEVIEWER;
-import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
-import static org.sonar.api.web.UserRole.USER;
-import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateDto;
-import static org.sonar.db.user.GroupTesting.newGroupDto;
-import static org.sonar.db.user.UserTesting.newUserDto;
-
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
@@ -43,24 +32,43 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
+import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto;
+import org.sonar.db.user.GroupDbTester;
 import org.sonar.db.user.GroupDto;
+import org.sonar.db.user.UserDbTester;
 import org.sonar.db.user.UserDto;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.tuple;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import static org.sonar.api.web.UserRole.ADMIN;
+import static org.sonar.api.web.UserRole.CODEVIEWER;
+import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
+import static org.sonar.api.web.UserRole.USER;
+import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateCharacteristicDto;
+import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateDto;
+import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateGroupDto;
+import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateUserDto;
+import static org.sonar.db.user.GroupTesting.newGroupDto;
+import static org.sonar.db.user.UserTesting.newUserDto;
 
 public class PermissionTemplateDaoTest {
 
   System2 system = mock(System2.class);
 
-  @Rule
-  public DbTester db = DbTester.create(system);
   @Rule
   public ExpectedException expectedException = ExpectedException.none();
-
-  final DbSession session = db.getSession();
+  @Rule
+  public DbTester db = DbTester.create(system);
   DbClient dbClient = db.getDbClient();
+  DbSession dbSession = db.getSession();
+  GroupDbTester groupDb = new GroupDbTester(db);
+  UserDbTester userDb = new UserDbTester(db);
 
   PermissionTemplateDao underTest = new PermissionTemplateDao(db.myBatis(), system);
 
@@ -102,19 +110,6 @@ public class PermissionTemplateDaoTest {
     assertThat(permissionTemplate.getGroupsPermissions()).extracting("permission").containsOnly("group_permission1", "group_permission1", "group_permission2");
   }
 
-  @Test
-  public void should_select_empty_permission_template() {
-    db.prepareDbUnit(getClass(), "selectEmptyPermissionTemplate.xml");
-
-    PermissionTemplateDto permissionTemplate = underTest.selectByUuidWithUserAndGroupPermissions("my_template_20130102_030405");
-
-    assertThat(permissionTemplate).isNotNull();
-    assertThat(permissionTemplate.getName()).isEqualTo("my template");
-    assertThat(permissionTemplate.getDescription()).isEqualTo("my description");
-    assertThat(permissionTemplate.getUsersPermissions()).isNull();
-    assertThat(permissionTemplate.getGroupsPermissions()).isNull();
-  }
-
   @Test
   public void should_select_permission_template_by_key() {
     db.prepareDbUnit(getClass(), "selectPermissionTemplate.xml");
@@ -155,8 +150,8 @@ public class PermissionTemplateDaoTest {
   public void should_delete_permission_template() {
     db.prepareDbUnit(getClass(), "deletePermissionTemplate.xml");
 
-    underTest.deleteById(session, 1L);
-    session.commit();
+    underTest.deleteById(dbSession, 1L);
+    dbSession.commit();
 
     checkTemplateTables("deletePermissionTemplate-result.xml");
     db.assertDbUnitTable(getClass(), "deletePermissionTemplate-result.xml", "perm_tpl_characteristics");
@@ -227,17 +222,57 @@ public class PermissionTemplateDaoTest {
   }
 
   @Test
-  public void should_retrieve_permission_template() {
-    PermissionTemplateDto permissionTemplateDto = new PermissionTemplateDto().setName("Test template").setUuid("test_template");
-    PermissionTemplateDto templateWithPermissions = new PermissionTemplateDto().setUuid("test_template");
-    underTest = mock(PermissionTemplateDao.class);
-    when(underTest.selectByUuid(db.getSession(), "test_template")).thenReturn(permissionTemplateDto);
-    when(underTest.selectByUuidWithUserAndGroupPermissions(db.getSession(), "test_template")).thenReturn(templateWithPermissions);
-    when(underTest.selectPermissionTemplateWithPermissions(db.getSession(), "test_template")).thenCallRealMethod();
+  public void new_permission_template_with_empty_user_group_characteristics() {
+    PermissionTemplateDto template = underTest.insert(dbSession, newPermissionTemplateDto().setUuid("TEMPLATE_UUID"));
+
+    PermissionTemplateDto result = underTest.selectByUuidWithUserAndGroupPermissions(dbSession, "TEMPLATE_UUID");
+
+    assertThat(result).extracting(PermissionTemplateDto::getId, PermissionTemplateDto::getUuid, PermissionTemplateDto::getName, PermissionTemplateDto::getDescription)
+      .containsExactly(template.getId(), template.getUuid(), template.getName(), template.getDescription());
+
+    assertThat(result.getUsersPermissions()).isEmpty();
+    assertThat(result.getGroupsPermissions()).isEmpty();
+    assertThat(result.getCharacteristics()).isEmpty();
+  }
+
+  @Test
+  public void unknown_permission_template() {
+    PermissionTemplateDto result = underTest.selectByUuidWithUserAndGroupPermissions(dbSession, "UNKNOWN_TEMPLATE_UUID");
 
-    PermissionTemplateDto permissionTemplate = underTest.selectPermissionTemplateWithPermissions(db.getSession(), "test_template");
+    assertThat(result).isNull();
+  }
 
-    assertThat(permissionTemplate).isSameAs(templateWithPermissions);
+  @Test
+  public void permission_template_with_user_group_and_characteristics() {
+    PermissionTemplateDto template = dbClient.permissionTemplateDao().insert(dbSession, newPermissionTemplateDto().setUuid("TEMPLATE_UUID"));
+    PermissionTemplateCharacteristicDto characteristic = dbClient.permissionTemplateCharacteristicDao().insert(dbSession, newPermissionTemplateCharacteristicDto()
+      .setTemplateId(template.getId())
+      .setPermission(UserRole.USER)
+      .setWithProjectCreator(true));
+    GroupDto group = groupDb.insertGroup(newGroupDto());
+    PermissionTemplateGroupDto groupTemplate = newPermissionTemplateGroupDto()
+      .setTemplateId(template.getId())
+      .setGroupId(group.getId())
+      .setPermission(UserRole.ADMIN);
+    underTest.insertGroupPermission(dbSession, groupTemplate);
+    UserDto user = userDb.insertUser(newUserDto());
+    underTest.insertUserPermission(dbSession, newPermissionTemplateUserDto()
+      .setTemplateId(template.getId())
+      .setPermission(UserRole.CODEVIEWER)
+      .setUserId(user.getId()));
+    db.commit();
+
+    PermissionTemplateDto result = underTest.selectByUuidWithUserAndGroupPermissions(dbSession, "TEMPLATE_UUID");
+    assertThat(result).isEqualToIgnoringNullFields(template);
+    assertThat(result.getCharacteristics()).hasSize(1)
+      .extracting(PermissionTemplateCharacteristicDto::getId, PermissionTemplateCharacteristicDto::getPermission, PermissionTemplateCharacteristicDto::getWithProjectCreator)
+      .containsExactly(tuple(characteristic.getId(), UserRole.USER, true));
+    assertThat(result.getGroupsPermissions()).hasSize(1)
+      .extracting(PermissionTemplateGroupDto::getGroupId, PermissionTemplateGroupDto::getGroupName, PermissionTemplateGroupDto::getPermission)
+      .containsExactly(tuple(group.getId(), group.getName(), UserRole.ADMIN));
+    assertThat(result.getUsersPermissions()).hasSize(1)
+      .extracting(PermissionTemplateUserDto::getUserId, PermissionTemplateUserDto::getUserLogin, PermissionTemplateUserDto::getPermission)
+      .containsExactly(tuple(user.getId(), user.getLogin(), UserRole.CODEVIEWER));
   }
 
   @Test
@@ -268,7 +303,7 @@ public class PermissionTemplateDaoTest {
     commit();
 
     final List<CountByTemplateAndPermissionDto> result = new ArrayList<>();
-    underTest.groupsCountByTemplateIdAndPermission(session, Arrays.asList(template1.getId(), template2.getId(), template3.getId()), new ResultHandler() {
+    underTest.groupsCountByTemplateIdAndPermission(dbSession, Arrays.asList(template1.getId(), template2.getId(), template3.getId()), new ResultHandler() {
       @Override
       public void handleResult(ResultContext context) {
         result.add((CountByTemplateAndPermissionDto) context.getResultObject());
@@ -301,7 +336,7 @@ public class PermissionTemplateDaoTest {
     commit();
 
     final List<CountByTemplateAndPermissionDto> result = new ArrayList<>();
-    underTest.usersCountByTemplateIdAndPermission(session, Arrays.asList(template1.getId(), template2.getId(), template3.getId()), new ResultHandler() {
+    underTest.usersCountByTemplateIdAndPermission(dbSession, Arrays.asList(template1.getId(), template2.getId(), template3.getId()), new ResultHandler() {
       @Override
       public void handleResult(ResultContext context) {
         result.add((CountByTemplateAndPermissionDto) context.getResultObject());
@@ -320,35 +355,35 @@ public class PermissionTemplateDaoTest {
     insertTemplate(newPermissionTemplateDto().setName("aaaccc"));
     commit();
 
-    List<PermissionTemplateDto> templates = underTest.selectAll(session, "aaa");
-    int count = underTest.countAll(session, "aaa");
+    List<PermissionTemplateDto> templates = underTest.selectAll(dbSession, "aaa");
+    int count = underTest.countAll(dbSession, "aaa");
 
     assertThat(templates.get(0).getName()).isEqualTo("aaabbb");
     assertThat(count).isEqualTo(2);
   }
 
   private PermissionTemplateDto insertTemplate(PermissionTemplateDto template) {
-    return dbClient.permissionTemplateDao().insert(session, template);
+    return dbClient.permissionTemplateDao().insert(dbSession, template);
   }
 
   private GroupDto insertGroup(GroupDto groupDto) {
-    return dbClient.groupDao().insert(session, groupDto);
+    return dbClient.groupDao().insert(dbSession, groupDto);
   }
 
   private UserDto insertUser(UserDto userDto) {
-    return dbClient.userDao().insert(session, userDto.setActive(true));
+    return dbClient.userDao().insert(dbSession, userDto.setActive(true));
   }
 
   private void addGroupToTemplate(long templateId, @Nullable Long groupId, String permission) {
-    dbClient.permissionTemplateDao().insertGroupPermission(session, templateId, groupId, permission);
+    dbClient.permissionTemplateDao().insertGroupPermission(dbSession, templateId, groupId, permission);
   }
 
   private void addUserToTemplate(long templateId, long userId, String permission) {
-    dbClient.permissionTemplateDao().insertUserPermission(session, templateId, userId, permission);
+    dbClient.permissionTemplateDao().insertUserPermission(dbSession, templateId, userId, permission);
   }
 
   private void commit() {
-    session.commit();
+    dbSession.commit();
   }
 
   private void checkTemplateTables(String fileName) {
diff --git a/sonar-db/src/test/java/org/sonar/db/permission/PermissionTemplateTesting.java b/sonar-db/src/test/java/org/sonar/db/permission/PermissionTemplateTesting.java
index 1eb782c457a..06167ff5e24 100644
--- a/sonar-db/src/test/java/org/sonar/db/permission/PermissionTemplateTesting.java
+++ b/sonar-db/src/test/java/org/sonar/db/permission/PermissionTemplateTesting.java
@@ -23,6 +23,7 @@ import java.util.Date;
 import org.apache.commons.lang.math.RandomUtils;
 import org.sonar.core.permission.ProjectPermissions;
 import org.sonar.core.util.Uuids;
+import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto;
 
 import static org.apache.commons.lang.RandomStringUtils.randomAlphanumeric;
 import static org.apache.commons.lang.RandomStringUtils.randomAscii;
@@ -50,4 +51,13 @@ public class PermissionTemplateTesting {
       .setCreatedAt(new Date())
       .setUpdatedAt(new Date());
   }
+
+  public static PermissionTemplateCharacteristicDto newPermissionTemplateCharacteristicDto() {
+    return new PermissionTemplateCharacteristicDto()
+      .setPermission(ProjectPermissions.ALL.get(RandomUtils.nextInt(ProjectPermissions.ALL.size())))
+      .setWithProjectCreator(RandomUtils.nextBoolean())
+      .setCreatedAt(System.currentTimeMillis())
+      .setUpdatedAt(System.currentTimeMillis());
+  }
+
 }
diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template-result.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template-result.xml
index b70b4ac31a0..617ffffe38e 100644
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template-result.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template-result.xml
@@ -4,6 +4,7 @@
   <groups id="101" name="sonar-users"/>
 
   <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+  <users id="201" login="janette" name="Janette" email="[null]" active="[true]"/>
 
   <!-- on other resources -->
   <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
@@ -18,8 +19,10 @@
   <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
   <group_roles id="8" group_id="100" resource_id="123" role="issueadmin"/>
 
-  <!-- new user permission : marius (admin) -->
+  <!-- new user permission : marius (admin) & janette (user) -->
   <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+  <user_roles id="3" user_id="201" resource_id="123" role="admin"/>
+  <user_roles id="4" user_id="201" resource_id="123" role="user"/>
 
   <!-- default permission template for all qualifiers -->
   <permission_templates id="1" name="default" kee="default_20130101_010203"/>
diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template.xml
index 0ed1f2d089b..537a1a75b9a 100644
--- a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template.xml
@@ -5,26 +5,31 @@
             enabled="[true]" language="java" copy_component_uuid="[null]" developer_uuid="[null]" path="[null]"
             authorization_updated_at="123456789"/>
 
-  <groups id="100" name="sonar-administrators"/>
-  <groups id="101" name="sonar-users"/>
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
 
-  <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+  <users id="201" login="janette" name="Janette" email="[null]" active="[true]" />
 
   <!-- on other resources -->
-  <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
-  <group_roles id="2" group_id="101" resource_id="1" role="user"/>
-  <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+  <group_roles id="1" group_id="100" resource_id="1" role="admin" />
+  <group_roles id="2" group_id="101" resource_id="1" role="user" />
+  <user_roles id="1" user_id="200" resource_id="1" role="admin" />
 
   <!-- default permission template for all qualifiers -->
-  <permission_templates id="1" name="default" kee="default_20130101_010203"/>
+  <permission_templates id="1" name="default" kee="default_20130101_010203" />
 
-  <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
-  <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
-  <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
-  <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
-  <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
-  <perm_templates_groups id="6" template_id="1" group_id="100" permission_reference="issueadmin"/>
+  <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin" />
+  <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user" />
+  <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user" />
+  <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer" />
+  <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer" />
+  <perm_templates_groups id="6" template_id="1" group_id="100" permission_reference="issueadmin" />
 
-  <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
+  <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin" />
+  <perm_templates_users id="2" template_id="1" user_id="201" permission_reference="admin" />
 
+  <perm_tpl_characteristics id="1" template_id="1" permission_key="user" with_project_creator="[true]" created_at="1234567890" updated_at="123457890" />
+  <perm_tpl_characteristics id="2" template_id="1" permission_key="admin" with_project_creator="[true]" created_at="1234567890" updated_at="123457890" />
+  <perm_tpl_characteristics id="3" template_id="2" permission_key="user" with_project_creator="[false]" created_at="1234567890" updated_at="1234567890" />
 </dataset>
diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template_by_component_id-result.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template_by_component_id-result.xml
new file mode 100644
index 00000000000..3eeec0d08bf
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template_by_component_id-result.xml
@@ -0,0 +1,37 @@
+<dataset>
+
+  <groups id="100" name="sonar-administrators"/>
+  <groups id="101" name="sonar-users"/>
+
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+  <users id="201" login="janette" name="Janette" email="[null]" active="[true]"/>
+
+  <!-- on other resources -->
+  <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+  <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+  <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+  <!-- new groups permissions : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer) -->
+  <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
+  <group_roles id="4" group_id="101" resource_id="123" role="user"/>
+  <group_roles id="5" group_id="[null]" resource_id="123" role="user"/>
+  <group_roles id="6" group_id="101" resource_id="123" role="codeviewer"/>
+  <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
+  <group_roles id="8" group_id="100" resource_id="123" role="issueadmin"/>
+
+  <!-- new user permission : marius (admin) & janette (user) -->
+  <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+
+  <!-- default permission template for all qualifiers -->
+  <permission_templates id="1" name="default" kee="default_20130101_010203"/>
+
+  <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
+  <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
+  <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
+  <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
+  <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
+  <perm_templates_groups id="6" template_id="1" group_id="100" permission_reference="issueadmin"/>
+
+  <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
+
+</dataset>
diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template_by_component_id.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template_by_component_id.xml
new file mode 100644
index 00000000000..7a5dbbb3756
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template_by_component_id.xml
@@ -0,0 +1,31 @@
+<dataset>
+  <projects id="123" uuid="A" root_uuid="A" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+            description="the description" long_name="Apache Struts"
+            enabled="[true]" language="java" copy_component_uuid="[null]" developer_uuid="[null]" path="[null]"
+            authorization_updated_at="123456789"/>
+
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
+
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+
+  <!-- on other resources -->
+  <group_roles id="1" group_id="100" resource_id="1" role="admin" />
+  <group_roles id="2" group_id="101" resource_id="1" role="user" />
+  <user_roles id="1" user_id="200" resource_id="1" role="admin" />
+
+  <!-- default permission template for all qualifiers -->
+  <permission_templates id="1" name="default" kee="default_20130101_010203" />
+
+  <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin" />
+  <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user" />
+  <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user" />
+  <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer" />
+  <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer" />
+  <perm_templates_groups id="6" template_id="1" group_id="100" permission_reference="issueadmin" />
+
+  <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin" />
+
+  <perm_tpl_characteristics id="1" template_id="1" permission_key="user" with_project_creator="[true]" created_at="1234567890" updated_at="123457890" />
+  <perm_tpl_characteristics id="2" template_id="2" permission_key="user" with_project_creator="[false]" created_at="1234567890" updated_at="1234567890" />
+</dataset>
-- 
2.39.5