From 99daf5e9698bf4ce9b1ad5c0c7c3dc0b0d9164e0 Mon Sep 17 00:00:00 2001
From: Julien HENRY <julien.henry@sonarsource.com>
Date: Thu, 21 Jun 2018 16:23:05 +0200
Subject: [PATCH] SONAR-10887 Add the new permission to existing users/groups

---
 .../db/migration/version/v73/DbVersion73.java |  6 +-
 ...opulateHotspotAdminPermissionOnGroups.java | 70 +++++++++++++++
 ...tspotAdminPermissionOnTemplatesGroups.java | 74 ++++++++++++++++
 ...otspotAdminPermissionOnTemplatesUsers.java | 74 ++++++++++++++++
 ...PopulateHotspotAdminPermissionOnUsers.java | 70 +++++++++++++++
 ...ateHotspotAdminPermissionOnGroupsTest.java | 77 ++++++++++++++++
 ...tAdminPermissionOnTemplatesGroupsTest.java | 87 +++++++++++++++++++
 ...otAdminPermissionOnTemplatesUsersTest.java | 87 +++++++++++++++++++
 ...lateHotspotAdminPermissionOnUsersTest.java | 77 ++++++++++++++++
 .../group_roles.sql                           |  9 ++
 .../perm_templates_groups.sql                 |  8 ++
 .../perm_templates_users.sql                  |  8 ++
 .../user_roles.sql                            |  9 ++
 13 files changed, 655 insertions(+), 1 deletion(-)
 create mode 100644 server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroups.java
 create mode 100644 server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroups.java
 create mode 100644 server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsers.java
 create mode 100644 server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsers.java
 create mode 100644 server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroupsTest.java
 create mode 100644 server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroupsTest.java
 create mode 100644 server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsersTest.java
 create mode 100644 server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsersTest.java
 create mode 100644 server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroupsTest/group_roles.sql
 create mode 100644 server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroupsTest/perm_templates_groups.sql
 create mode 100644 server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsersTest/perm_templates_users.sql
 create mode 100644 server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsersTest/user_roles.sql

diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java
index 603577df497..a30575b69e7 100644
--- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/DbVersion73.java
@@ -28,7 +28,11 @@ public class DbVersion73 implements DbVersion {
   public void addSteps(MigrationStepRegistry registry) {
     registry
       .add(2200, "Populate PROJECT_BRANCHES with existing main application branches", PopulateMainApplicationBranches.class)
-      .add(2201, "Add 'from hotspot' flag to issues", AddFromHotspotFlagToIssues.class)
+      .add(2201, "Add 'securityhotspotadmin' permission to all permission templates groups already having 'issueadmin'", PopulateHotspotAdminPermissionOnTemplatesGroups.class)
+      .add(2202, "Add 'securityhotspotadmin' permission to all permission templates users already having 'issueadmin'", PopulateHotspotAdminPermissionOnTemplatesUsers.class)
+      .add(2203, "Add 'securityhotspotadmin' permission to all groups already having 'issueadmin'", PopulateHotspotAdminPermissionOnGroups.class)
+      .add(2204, "Add 'securityhotspotadmin' permission to all users already having 'issueadmin'", PopulateHotspotAdminPermissionOnUsers.class)
+      .add(2205, "Add 'from hotspot' flag to issues", AddFromHotspotFlagToIssues.class)
     ;
   }
 }
diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroups.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroups.java
new file mode 100644
index 00000000000..26c39e91417
--- /dev/null
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroups.java
@@ -0,0 +1,70 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v73;
+
+import java.sql.SQLException;
+import org.sonar.db.Database;
+import org.sonar.server.platform.db.migration.SupportsBlueGreen;
+import org.sonar.server.platform.db.migration.step.DataChange;
+import org.sonar.server.platform.db.migration.step.MassUpdate;
+import org.sonar.server.platform.db.migration.step.Select;
+import org.sonar.server.platform.db.migration.step.SqlStatement;
+
+@SupportsBlueGreen
+public class PopulateHotspotAdminPermissionOnGroups extends DataChange {
+  private static final String ISSUE_ADMIN_ROLE = "issueadmin";
+  private static final String HOTSPOT_ADMIN_ROLE = "securityhotspotadmin";
+
+  public PopulateHotspotAdminPermissionOnGroups(Database db) {
+    super(db);
+  }
+
+  @Override
+  protected void execute(Context context) throws SQLException {
+    MassUpdate massUpdate = context.prepareMassUpdate();
+    massUpdate.select("SELECT group_id, resource_id, organization_uuid" +
+      "  FROM group_roles gr1" +
+      "  WHERE role = ?" +
+      "  AND NOT EXISTS (" +
+      "    SELECT id" +
+      "    FROM group_roles gr2" +
+      "    WHERE role = ?" +
+      "    AND gr1.group_id = gr2.group_id" +
+      "    AND gr1.resource_id = gr2.resource_id" +
+      "    AND gr1.organization_uuid = gr2.organization_uuid)")
+      .setString(1, ISSUE_ADMIN_ROLE)
+      .setString(2, HOTSPOT_ADMIN_ROLE);
+    massUpdate.update("INSERT INTO group_roles (group_id, resource_id, organization_uuid, role) values (?,?,?,?)");
+    massUpdate.rowPluralName("group roles");
+    massUpdate.execute(PopulateHotspotAdminPermissionOnGroups::handle);
+  }
+
+  private static boolean handle(Select.Row row, SqlStatement update) throws SQLException {
+    int groupId = row.getInt(1);
+    int resourceId = row.getInt(2);
+    String organizationUuid = row.getString(3);
+
+    update.setInt(1, groupId);
+    update.setInt(2, resourceId);
+    update.setString(3, organizationUuid);
+    update.setString(4, HOTSPOT_ADMIN_ROLE);
+    return true;
+  }
+}
diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroups.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroups.java
new file mode 100644
index 00000000000..2c352134f57
--- /dev/null
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroups.java
@@ -0,0 +1,74 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v73;
+
+import java.sql.SQLException;
+import java.util.Date;
+import org.sonar.api.utils.System2;
+import org.sonar.db.Database;
+import org.sonar.server.platform.db.migration.SupportsBlueGreen;
+import org.sonar.server.platform.db.migration.step.DataChange;
+import org.sonar.server.platform.db.migration.step.MassUpdate;
+import org.sonar.server.platform.db.migration.step.Select;
+import org.sonar.server.platform.db.migration.step.SqlStatement;
+
+@SupportsBlueGreen
+public class PopulateHotspotAdminPermissionOnTemplatesGroups extends DataChange {
+  private static final String ISSUE_ADMIN_ROLE = "issueadmin";
+  private static final String HOTSPOT_ADMIN_ROLE = "securityhotspotadmin";
+  private final System2 system2;
+
+  public PopulateHotspotAdminPermissionOnTemplatesGroups(Database db, System2 system2) {
+    super(db);
+    this.system2 = system2;
+  }
+
+  @Override
+  protected void execute(Context context) throws SQLException {
+    Date now = new Date(system2.now());
+    MassUpdate massUpdate = context.prepareMassUpdate();
+    massUpdate.select("SELECT group_id, template_id" +
+      "  FROM perm_templates_groups gr1" +
+      "  WHERE permission_reference = ?" +
+      "  AND NOT EXISTS (" +
+      "    SELECT id" +
+      "    FROM perm_templates_groups gr2" +
+      "    WHERE permission_reference = ?" +
+      "    AND gr1.group_id = gr2.group_id" +
+      "    AND gr1.template_id = gr2.template_id)")
+      .setString(1, ISSUE_ADMIN_ROLE)
+      .setString(2, HOTSPOT_ADMIN_ROLE);
+    massUpdate.update("INSERT INTO perm_templates_groups (group_id, template_id, permission_reference, created_at, updated_at) values (?,?,?,?,?)");
+    massUpdate.rowPluralName("permission templates groups roles");
+    massUpdate.execute((row, update) -> handle(row, update, now));
+  }
+
+  private static boolean handle(Select.Row row, SqlStatement update, Date now) throws SQLException {
+    int groupId = row.getInt(1);
+    int templateId = row.getInt(2);
+
+    update.setInt(1, groupId);
+    update.setInt(2, templateId);
+    update.setString(3, HOTSPOT_ADMIN_ROLE);
+    update.setDate(4, now);
+    update.setDate(5, now);
+    return true;
+  }
+}
diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsers.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsers.java
new file mode 100644
index 00000000000..b05f7fd97bd
--- /dev/null
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsers.java
@@ -0,0 +1,74 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v73;
+
+import java.sql.SQLException;
+import java.util.Date;
+import org.sonar.api.utils.System2;
+import org.sonar.db.Database;
+import org.sonar.server.platform.db.migration.SupportsBlueGreen;
+import org.sonar.server.platform.db.migration.step.DataChange;
+import org.sonar.server.platform.db.migration.step.MassUpdate;
+import org.sonar.server.platform.db.migration.step.Select;
+import org.sonar.server.platform.db.migration.step.SqlStatement;
+
+@SupportsBlueGreen
+public class PopulateHotspotAdminPermissionOnTemplatesUsers extends DataChange {
+  private static final String ISSUE_ADMIN_ROLE = "issueadmin";
+  private static final String HOTSPOT_ADMIN_ROLE = "securityhotspotadmin";
+  private final System2 system2;
+
+  public PopulateHotspotAdminPermissionOnTemplatesUsers(Database db, System2 system2) {
+    super(db);
+    this.system2 = system2;
+  }
+
+  @Override
+  protected void execute(Context context) throws SQLException {
+    Date now = new Date(system2.now());
+    MassUpdate massUpdate = context.prepareMassUpdate();
+    massUpdate.select("SELECT user_id, template_id" +
+      "  FROM perm_templates_users u1" +
+      "  WHERE permission_reference = ?" +
+      "  AND NOT EXISTS (" +
+      "    SELECT id" +
+      "    FROM perm_templates_users u2" +
+      "    WHERE permission_reference = ?" +
+      "    AND u1.user_id = u2.user_id" +
+      "    AND u1.template_id = u2.template_id)")
+      .setString(1, ISSUE_ADMIN_ROLE)
+      .setString(2, HOTSPOT_ADMIN_ROLE);
+    massUpdate.update("INSERT INTO perm_templates_users (user_id, template_id, permission_reference, created_at, updated_at) values (?,?,?,?,?)");
+    massUpdate.rowPluralName("permission templates users roles");
+    massUpdate.execute((row, update) -> handle(row, update, now));
+  }
+
+  private static boolean handle(Select.Row row, SqlStatement update, Date now) throws SQLException {
+    int userId = row.getInt(1);
+    int templateId = row.getInt(2);
+
+    update.setInt(1, userId);
+    update.setInt(2, templateId);
+    update.setString(3, HOTSPOT_ADMIN_ROLE);
+    update.setDate(4, now);
+    update.setDate(5, now);
+    return true;
+  }
+}
diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsers.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsers.java
new file mode 100644
index 00000000000..cf26fc136e6
--- /dev/null
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsers.java
@@ -0,0 +1,70 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v73;
+
+import java.sql.SQLException;
+import org.sonar.db.Database;
+import org.sonar.server.platform.db.migration.SupportsBlueGreen;
+import org.sonar.server.platform.db.migration.step.DataChange;
+import org.sonar.server.platform.db.migration.step.MassUpdate;
+import org.sonar.server.platform.db.migration.step.Select;
+import org.sonar.server.platform.db.migration.step.SqlStatement;
+
+@SupportsBlueGreen
+public class PopulateHotspotAdminPermissionOnUsers extends DataChange {
+  private static final String ISSUE_ADMIN_ROLE = "issueadmin";
+  private static final String HOTSPOT_ADMIN_ROLE = "securityhotspotadmin";
+
+  public PopulateHotspotAdminPermissionOnUsers(Database db) {
+    super(db);
+  }
+
+  @Override
+  protected void execute(Context context) throws SQLException {
+    MassUpdate massUpdate = context.prepareMassUpdate();
+    massUpdate.select("SELECT user_id, resource_id, organization_uuid" +
+      "  FROM user_roles ur1" +
+      "  WHERE role = ?" +
+      "  AND NOT EXISTS (" +
+      "    SELECT id" +
+      "    FROM user_roles ur2" +
+      "    WHERE role = ?" +
+      "    AND ur1.user_id = ur2.user_id" +
+      "    AND ur1.resource_id = ur2.resource_id" +
+      "    AND ur1.organization_uuid = ur2.organization_uuid)")
+      .setString(1, ISSUE_ADMIN_ROLE)
+      .setString(2, HOTSPOT_ADMIN_ROLE);
+    massUpdate.update("INSERT INTO user_roles (user_id, resource_id, organization_uuid, role) values (?,?,?,?)");
+    massUpdate.rowPluralName("user roles");
+    massUpdate.execute(PopulateHotspotAdminPermissionOnUsers::handle);
+  }
+
+  private static boolean handle(Select.Row row, SqlStatement update) throws SQLException {
+    int userId = row.getInt(1);
+    int resourceId = row.getInt(2);
+    String organizationUuid = row.getString(3);
+
+    update.setInt(1, userId);
+    update.setInt(2, resourceId);
+    update.setString(3, organizationUuid);
+    update.setString(4, HOTSPOT_ADMIN_ROLE);
+    return true;
+  }
+}
diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroupsTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroupsTest.java
new file mode 100644
index 00000000000..6e117cdc971
--- /dev/null
+++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroupsTest.java
@@ -0,0 +1,77 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v73;
+
+import java.sql.SQLException;
+import java.util.stream.Collectors;
+import org.assertj.core.groups.Tuple;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.sonar.db.CoreDbTester;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.groups.Tuple.tuple;
+
+public class PopulateHotspotAdminPermissionOnGroupsTest {
+
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
+
+  @Rule
+  public CoreDbTester db = CoreDbTester.createForSchema(PopulateHotspotAdminPermissionOnGroupsTest.class, "group_roles.sql");
+
+  private PopulateHotspotAdminPermissionOnGroups underTest = new PopulateHotspotAdminPermissionOnGroups(db.database());
+
+  @Test
+  public void insert_missing_permission() throws SQLException {
+    insertGroupRole("uuid", 1, 2, "noissueadmin");
+    insertGroupRole("uuid", 3, 4, "issueadmin");
+    insertGroupRole("uuid", 3, 4, "another");
+    insertGroupRole("uuid2", 5, 6, "securityhotspotadmin");
+
+    underTest.execute();
+
+    assertGroupRoles(
+      tuple("uuid", 1L, 2L, "noissueadmin"),
+      tuple("uuid", 3L, 4L, "issueadmin"),
+      tuple("uuid", 3L, 4L, "another"),
+      tuple("uuid", 3L, 4L, "securityhotspotadmin"),
+      tuple("uuid2", 5L, 6L, "securityhotspotadmin"));
+  }
+
+  private void insertGroupRole(String orgaUuid, int groupId, int resourceId, String role) {
+    db.executeInsert(
+      "GROUP_ROLES",
+      "ORGANIZATION_UUID", orgaUuid,
+      "GROUP_ID", groupId,
+      "RESOURCE_ID", resourceId,
+      "ROLE", role);
+  }
+
+  private void assertGroupRoles(Tuple... expectedTuples) {
+    assertThat(db.select("SELECT ORGANIZATION_UUID, GROUP_ID, RESOURCE_ID, ROLE FROM GROUP_ROLES")
+      .stream()
+      .map(map -> new Tuple(map.get("ORGANIZATION_UUID"), map.get("GROUP_ID"), map.get("RESOURCE_ID"), map.get("ROLE")))
+      .collect(Collectors.toList()))
+        .containsExactlyInAnyOrder(expectedTuples);
+  }
+
+}
diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroupsTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroupsTest.java
new file mode 100644
index 00000000000..32dde593c97
--- /dev/null
+++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroupsTest.java
@@ -0,0 +1,87 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v73;
+
+import java.sql.SQLException;
+import java.util.Date;
+import java.util.stream.Collectors;
+import org.assertj.core.groups.Tuple;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.sonar.api.utils.System2;
+import org.sonar.db.CoreDbTester;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.groups.Tuple.tuple;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class PopulateHotspotAdminPermissionOnTemplatesGroupsTest {
+
+  private static final Date PAST = new Date(100_000_000_000L);
+  private static final Date NOW = new Date(500_000_000_000L);
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
+
+  @Rule
+  public CoreDbTester db = CoreDbTester.createForSchema(PopulateHotspotAdminPermissionOnTemplatesGroupsTest.class, "perm_templates_groups.sql");
+
+  private System2 system2 = mock(System2.class);
+
+  private PopulateHotspotAdminPermissionOnTemplatesGroups underTest = new PopulateHotspotAdminPermissionOnTemplatesGroups(db.database(), system2);
+
+  @Test
+  public void insert_missing_permission() throws SQLException {
+    when(system2.now()).thenReturn(NOW.getTime());
+    insertPermTemplateGroupRole(1, 2, "noissueadmin");
+    insertPermTemplateGroupRole(3, 4, "issueadmin");
+    insertPermTemplateGroupRole(3, 4, "another");
+    insertPermTemplateGroupRole(5, 6, "securityhotspotadmin");
+
+    underTest.execute();
+
+    assertPermTemplateGroupRoles(
+      tuple(1L, 2L, "noissueadmin", PAST, PAST),
+      tuple(3L, 4L, "issueadmin", PAST, PAST),
+      tuple(3L, 4L, "another", PAST, PAST),
+      tuple(3L, 4L, "securityhotspotadmin", NOW, NOW),
+      tuple(5L, 6L, "securityhotspotadmin", PAST, PAST));
+  }
+
+  private void insertPermTemplateGroupRole(int templateId, int groupId, String role) {
+    db.executeInsert(
+      "PERM_TEMPLATES_GROUPS",
+      "TEMPLATE_ID", templateId,
+      "GROUP_ID", groupId,
+      "PERMISSION_REFERENCE", role,
+      "CREATED_AT", PAST,
+      "UPDATED_AT", PAST);
+  }
+
+  private void assertPermTemplateGroupRoles(Tuple... expectedTuples) {
+    assertThat(db.select("SELECT TEMPLATE_ID, GROUP_ID, PERMISSION_REFERENCE, CREATED_AT, UPDATED_AT FROM PERM_TEMPLATES_GROUPS")
+      .stream()
+      .map(map -> new Tuple(map.get("TEMPLATE_ID"), map.get("GROUP_ID"), map.get("PERMISSION_REFERENCE"), map.get("CREATED_AT"), map.get("UPDATED_AT")))
+      .collect(Collectors.toList()))
+        .containsExactlyInAnyOrder(expectedTuples);
+  }
+
+}
diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsersTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsersTest.java
new file mode 100644
index 00000000000..0bf16bc430b
--- /dev/null
+++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsersTest.java
@@ -0,0 +1,87 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v73;
+
+import java.sql.SQLException;
+import java.util.Date;
+import java.util.stream.Collectors;
+import org.assertj.core.groups.Tuple;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.sonar.api.utils.System2;
+import org.sonar.db.CoreDbTester;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.groups.Tuple.tuple;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class PopulateHotspotAdminPermissionOnTemplatesUsersTest {
+
+  private static final Date PAST = new Date(100_000_000_000L);
+  private static final Date NOW = new Date(500_000_000_000L);
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
+
+  @Rule
+  public CoreDbTester db = CoreDbTester.createForSchema(PopulateHotspotAdminPermissionOnTemplatesUsersTest.class, "perm_templates_users.sql");
+
+  private System2 system2 = mock(System2.class);
+
+  private PopulateHotspotAdminPermissionOnTemplatesUsers underTest = new PopulateHotspotAdminPermissionOnTemplatesUsers(db.database(), system2);
+
+  @Test
+  public void insert_missing_permission() throws SQLException {
+    when(system2.now()).thenReturn(NOW.getTime());
+    insertPermTemplateUserRole(1, 2, "noissueadmin");
+    insertPermTemplateUserRole(3, 4, "issueadmin");
+    insertPermTemplateUserRole(3, 4, "another");
+    insertPermTemplateUserRole(5, 6, "securityhotspotadmin");
+
+    underTest.execute();
+
+    assertPermTemplateUserRoles(
+      tuple(1L, 2L, "noissueadmin", PAST, PAST),
+      tuple(3L, 4L, "issueadmin", PAST, PAST),
+      tuple(3L, 4L, "another", PAST, PAST),
+      tuple(3L, 4L, "securityhotspotadmin", NOW, NOW),
+      tuple(5L, 6L, "securityhotspotadmin", PAST, PAST));
+  }
+
+  private void insertPermTemplateUserRole(int templateId, int userId, String role) {
+    db.executeInsert(
+      "PERM_TEMPLATES_USERS",
+      "TEMPLATE_ID", templateId,
+      "USER_ID", userId,
+      "PERMISSION_REFERENCE", role,
+      "CREATED_AT", PAST,
+      "UPDATED_AT", PAST);
+  }
+
+  private void assertPermTemplateUserRoles(Tuple... expectedTuples) {
+    assertThat(db.select("SELECT TEMPLATE_ID, USER_ID, PERMISSION_REFERENCE, CREATED_AT, UPDATED_AT FROM PERM_TEMPLATES_USERS")
+      .stream()
+      .map(map -> new Tuple(map.get("TEMPLATE_ID"), map.get("USER_ID"), map.get("PERMISSION_REFERENCE"), map.get("CREATED_AT"), map.get("UPDATED_AT")))
+      .collect(Collectors.toList()))
+        .containsExactlyInAnyOrder(expectedTuples);
+  }
+
+}
diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsersTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsersTest.java
new file mode 100644
index 00000000000..d4367559f5f
--- /dev/null
+++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsersTest.java
@@ -0,0 +1,77 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v73;
+
+import java.sql.SQLException;
+import java.util.stream.Collectors;
+import org.assertj.core.groups.Tuple;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.sonar.db.CoreDbTester;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.groups.Tuple.tuple;
+
+public class PopulateHotspotAdminPermissionOnUsersTest {
+
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
+
+  @Rule
+  public CoreDbTester db = CoreDbTester.createForSchema(PopulateHotspotAdminPermissionOnUsersTest.class, "user_roles.sql");
+
+  private PopulateHotspotAdminPermissionOnUsers underTest = new PopulateHotspotAdminPermissionOnUsers(db.database());
+
+  @Test
+  public void insert_missing_permission() throws SQLException {
+    insertUserRole("uuid", 1, 2, "noissueadmin");
+    insertUserRole("uuid", 3, 4, "issueadmin");
+    insertUserRole("uuid", 3, 4, "another");
+    insertUserRole("uuid2", 5, 6, "securityhotspotadmin");
+
+    underTest.execute();
+
+    assertUserRoles(
+      tuple("uuid", 1L, 2L, "noissueadmin"),
+      tuple("uuid", 3L, 4L, "issueadmin"),
+      tuple("uuid", 3L, 4L, "another"),
+      tuple("uuid", 3L, 4L, "securityhotspotadmin"),
+      tuple("uuid2", 5L, 6L, "securityhotspotadmin"));
+  }
+
+  private void insertUserRole(String orgaUuid, int userId, int resourceId, String role) {
+    db.executeInsert(
+      "USER_ROLES",
+      "ORGANIZATION_UUID", orgaUuid,
+      "USER_ID", userId,
+      "RESOURCE_ID", resourceId,
+      "ROLE", role);
+  }
+
+  private void assertUserRoles(Tuple... expectedTuples) {
+    assertThat(db.select("SELECT ORGANIZATION_UUID, USER_ID, RESOURCE_ID, ROLE FROM USER_ROLES")
+      .stream()
+      .map(map -> new Tuple(map.get("ORGANIZATION_UUID"), map.get("USER_ID"), map.get("RESOURCE_ID"), map.get("ROLE")))
+      .collect(Collectors.toList()))
+        .containsExactlyInAnyOrder(expectedTuples);
+  }
+
+}
diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroupsTest/group_roles.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroupsTest/group_roles.sql
new file mode 100644
index 00000000000..6ea4f53d266
--- /dev/null
+++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnGroupsTest/group_roles.sql
@@ -0,0 +1,9 @@
+CREATE TABLE "GROUP_ROLES" (
+  "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1),
+  "ORGANIZATION_UUID" VARCHAR(40) NOT NULL,
+  "GROUP_ID" INTEGER,
+  "RESOURCE_ID" INTEGER,
+  "ROLE" VARCHAR(64) NOT NULL
+);
+CREATE INDEX "GROUP_ROLES_RESOURCE" ON "GROUP_ROLES" ("RESOURCE_ID");
+CREATE UNIQUE INDEX "UNIQ_GROUP_ROLES" ON "GROUP_ROLES" ("ORGANIZATION_UUID", "GROUP_ID", "RESOURCE_ID", "ROLE");
\ No newline at end of file
diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroupsTest/perm_templates_groups.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroupsTest/perm_templates_groups.sql
new file mode 100644
index 00000000000..0e133ab7882
--- /dev/null
+++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesGroupsTest/perm_templates_groups.sql
@@ -0,0 +1,8 @@
+CREATE TABLE "PERM_TEMPLATES_GROUPS" (
+  "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1),
+  "GROUP_ID" INTEGER,
+  "TEMPLATE_ID" INTEGER NOT NULL,
+  "PERMISSION_REFERENCE" VARCHAR(64) NOT NULL,
+  "CREATED_AT" TIMESTAMP,
+  "UPDATED_AT" TIMESTAMP
+);
\ No newline at end of file
diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsersTest/perm_templates_users.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsersTest/perm_templates_users.sql
new file mode 100644
index 00000000000..649e019f428
--- /dev/null
+++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnTemplatesUsersTest/perm_templates_users.sql
@@ -0,0 +1,8 @@
+CREATE TABLE "PERM_TEMPLATES_USERS" (
+  "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1),
+  "USER_ID" INTEGER NOT NULL,
+  "TEMPLATE_ID" INTEGER NOT NULL,
+  "PERMISSION_REFERENCE" VARCHAR(64) NOT NULL,
+  "CREATED_AT" TIMESTAMP,
+  "UPDATED_AT" TIMESTAMP
+);
\ No newline at end of file
diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsersTest/user_roles.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsersTest/user_roles.sql
new file mode 100644
index 00000000000..180c8c5fbb8
--- /dev/null
+++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v73/PopulateHotspotAdminPermissionOnUsersTest/user_roles.sql
@@ -0,0 +1,9 @@
+CREATE TABLE "USER_ROLES" (
+  "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1),
+  "ORGANIZATION_UUID" VARCHAR(40) NOT NULL,
+  "USER_ID" INTEGER,
+  "RESOURCE_ID" INTEGER,
+  "ROLE" VARCHAR(64) NOT NULL
+);
+CREATE INDEX "USER_ROLES_RESOURCE" ON "USER_ROLES" ("RESOURCE_ID");
+CREATE INDEX "USER_ROLES_USER" ON "USER_ROLES" ("USER_ID");
\ No newline at end of file
-- 
2.39.5