From b319c87ecf00b6c95b5dcb7924bdc8689b5153a0 Mon Sep 17 00:00:00 2001
From: Simon Brandhof <simon.brandhof@gmail.com>
Date: Sat, 29 Jun 2013 19:07:40 +0200
Subject: [PATCH] SONAR-4412 revert check of last remaining admin user

---
 .../java/org/sonar/core/user/RoleDao.java     | 10 -------
 .../java/org/sonar/core/user/RoleMapper.java  |  2 +-
 .../org/sonar/core/user/RoleMapper.xml        | 14 ----------
 .../java/org/sonar/core/user/RoleDaoTest.java | 13 ----------
 .../user/RoleDaoTest/systemAdminsCount.xml    | 23 ----------------
 .../permission/InternalPermissionService.java | 13 ----------
 .../InternalPermissionServiceTest.java        | 26 -------------------
 7 files changed, 1 insertion(+), 100 deletions(-)
 delete mode 100644 sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/systemAdminsCount.xml

diff --git a/sonar-core/src/main/java/org/sonar/core/user/RoleDao.java b/sonar-core/src/main/java/org/sonar/core/user/RoleDao.java
index 74884a41794..0b275b9662c 100644
--- a/sonar-core/src/main/java/org/sonar/core/user/RoleDao.java
+++ b/sonar-core/src/main/java/org/sonar/core/user/RoleDao.java
@@ -145,14 +145,4 @@ public class RoleDao implements TaskExtension, ServerExtension {
       MyBatis.closeQuietly(session);
     }
   }
-
-  public int countSystemAdministrators(@Nullable String groupName) {
-    SqlSession session = mybatis.openSession();
-    try {
-      RoleMapper mapper = session.getMapper(RoleMapper.class);
-      return mapper.countSystemAdministrators(groupName);
-    } finally {
-      MyBatis.closeQuietly(session);
-    }
-  }
 }
diff --git a/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java b/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java
index da7b6c422ef..0fcaac7973b 100644
--- a/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java
+++ b/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java
@@ -49,5 +49,5 @@ public interface RoleMapper {
 
   int countUserRoles(Long resourceId);
 
-  int countSystemAdministrators(@Nullable @Param("groupName") String groupName);
+  List<Long> countSystemAdministrators(@Nullable @Param("groupName") String groupName);
 }
diff --git a/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml b/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml
index 1a267371a9b..3dba348d55a 100644
--- a/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml
+++ b/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml
@@ -88,18 +88,4 @@
     SELECT count(id)
     FROM group_roles WHERE resource_id=#{id}
   </select>
-
-  <select id="countSystemAdministrators" parameterType="String" resultType="int">
-    SELECT COUNT(DISTINCT u.id)
-    FROM users AS u
-    LEFT JOIN user_roles AS ur ON ur.user_id = u.id
-    INNER JOIN groups_users AS gu ON gu.user_id = u.id
-    INNER JOIN group_roles AS gr ON gr.group_id = gu.group_id
-    INNER JOIN groups AS g ON g.id = gu.group_id
-    WHERE (ur.role = 'admin' AND ur.resource_id IS NULL) OR (gr.role = 'admin' AND gr.resource_id IS NULL)
-    AND u.active = ${_true}
-    <if test="groupName != null">
-      AND g.name != #{groupName}
-    </if>
-  </select>
 </mapper>
diff --git a/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java b/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java
index 127ba6ab654..33eae64cf56 100644
--- a/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java
+++ b/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java
@@ -75,17 +75,4 @@ public class RoleDaoTest extends AbstractDaoTestCase {
     checkTable("groupPermissions", "group_roles", "group_id", "role");
   }
 
-  @Test
-  public void should_retrieve_system_admins_count() throws Exception {
-    setupData("systemAdminsCount");
-
-    RoleDao dao = new RoleDao(getMyBatis());
-    int overallAdminsCount = dao.countSystemAdministrators(null);
-    int adminsCountAfterWholeGroupRemoval = dao.countSystemAdministrators("sonar-administrators");
-    int adminsCountAfterNonAdminGroupRemoval = dao.countSystemAdministrators("sonar-users");
-
-    assertThat(overallAdminsCount).isEqualTo(3);
-    assertThat(adminsCountAfterWholeGroupRemoval).isEqualTo(1);
-    assertThat(adminsCountAfterNonAdminGroupRemoval).isEqualTo(3);
-  }
 }
diff --git a/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/systemAdminsCount.xml b/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/systemAdminsCount.xml
deleted file mode 100644
index f39cc938f24..00000000000
--- a/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/systemAdminsCount.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<dataset>
-
-  <users id="200" login="admin" name="admin" active="[true]"/>
-  <users id="201" login="user_admin" name="user_admin" active="[true]"/>
-  <users id="202" login="user_in_admin_group" name="user_in_admin_group" active="[true]"/>
-  <users id="203" login="non_admin" name="non_admin" active="[true]"/>
-
-  <user_roles id="1" user_id="201" role="admin"/>
-
-  <groups_users group_id="100" user_id="200"/>
-  <groups_users group_id="100" user_id="202"/>
-  <groups_users group_id="101" user_id="201"/>
-  <groups_users group_id="101" user_id="203"/>
-
-  <groups id="100" name="sonar-administrators"/>
-  <groups id="101" name="sonar-users"/>
-
-  <group_roles id="1" group_id="100" role="admin"/>
-  <group_roles id="2" group_id="100" role="profileadmin"/>
-  <group_roles id="3" group_id="100" role="sharedashboard"/>
-  <group_roles id="4" group_id="101" role="sharedashboard"/>
-
-</dataset>
\ No newline at end of file
diff --git a/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java b/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java
index 78e9a12393c..e2973b61a47 100644
--- a/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java
+++ b/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java
@@ -61,9 +61,6 @@ public class InternalPermissionService implements ServerComponent {
     UserSession.get().checkPermission(Permissions.SYSTEM_ADMIN);
     PermissionChangeQuery permissionChangeQuery = PermissionChangeQuery.buildFromParams(params);
     if(permissionChangeQuery.isValid()) {
-      if(Permissions.SYSTEM_ADMIN.equals(permissionChangeQuery.getRole()) && REMOVE.equals(permissionChange)) {
-        checkThatAtLeastOneAdminRemains(permissionChangeQuery);
-      }
       applyPermissionChange(permissionChange, permissionChangeQuery);
     } else {
       String errorMsg = String.format("Request '%s permission %s' is invalid", permissionChange, permissionChangeQuery.getRole());
@@ -127,14 +124,4 @@ public class InternalPermissionService implements ServerComponent {
     return (ADD.equals(operation) && existingPermissions.contains(role)) ||
       (REMOVE.equals(operation) && !existingPermissions.contains(role));
   }
-
-  private void checkThatAtLeastOneAdminRemains(PermissionChangeQuery permissionChangeQuery) {
-    int remainingSystemAdmins = roleDao.countSystemAdministrators(permissionChangeQuery.getGroup());
-    if(remainingSystemAdmins == 0) {
-      String errorMsg = String.format("Cannot remove permission %s to %s - At least one system administrator should remain active",
-        permissionChangeQuery.getRole(), permissionChangeQuery.getUser() == null ? permissionChangeQuery.getGroup() : permissionChangeQuery.getUser());
-      LOG.error(errorMsg);
-      throw new BadRequestException(errorMsg);
-    }
-  }
 }
diff --git a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java
index d36d539e38c..34e3966bc31 100644
--- a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java
+++ b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java
@@ -138,32 +138,6 @@ public class InternalPermissionServiceTest {
     service.addPermission(params);
   }
 
-  @Test
-  public void should_prevent_last_admin_removal() throws Exception {
-    throwable.expect(BadRequestException.class);
-    params = buildParams("admin", null, Permissions.SYSTEM_ADMIN);
-    when(roleDao.countSystemAdministrators(null)).thenReturn(0);
-
-    service.removePermission(params);
-  }
-
-  @Test
-  public void should_prevent_last_admin_group_removal() throws Exception {
-    throwable.expect(BadRequestException.class);
-    params = buildParams(null, "sonar-administrators", Permissions.SYSTEM_ADMIN);
-    GroupDto adminGroups = new GroupDto().setId(2L).setName("sonar-administrators");
-
-    roleDao = mock(RoleDao.class);
-    when(roleDao.selectGroupPermissions("sonar-administrators")).thenReturn(Lists.newArrayList(Permissions.SYSTEM_ADMIN));
-    when(roleDao.countSystemAdministrators("sonar-administrators")).thenReturn(0);
-
-    userDao = mock(UserDao.class);
-    when(userDao.selectGroupByName("sonar-administrators")).thenReturn(adminGroups);
-
-    service = new InternalPermissionService(roleDao, userDao);
-    service.removePermission(params);
-  }
-
   @Test
   public void should_fail_on_anonymous_access() throws Exception {
     throwable.expect(ForbiddenException.class);
-- 
2.39.5