From b319c87ecf00b6c95b5dcb7924bdc8689b5153a0 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Sat, 29 Jun 2013 19:07:40 +0200 Subject: [PATCH] SONAR-4412 revert check of last remaining admin user --- .../java/org/sonar/core/user/RoleDao.java | 10 ------- .../java/org/sonar/core/user/RoleMapper.java | 2 +- .../org/sonar/core/user/RoleMapper.xml | 14 ---------- .../java/org/sonar/core/user/RoleDaoTest.java | 13 ---------- .../user/RoleDaoTest/systemAdminsCount.xml | 23 ---------------- .../permission/InternalPermissionService.java | 13 ---------- .../InternalPermissionServiceTest.java | 26 ------------------- 7 files changed, 1 insertion(+), 100 deletions(-) delete mode 100644 sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/systemAdminsCount.xml diff --git a/sonar-core/src/main/java/org/sonar/core/user/RoleDao.java b/sonar-core/src/main/java/org/sonar/core/user/RoleDao.java index 74884a41794..0b275b9662c 100644 --- a/sonar-core/src/main/java/org/sonar/core/user/RoleDao.java +++ b/sonar-core/src/main/java/org/sonar/core/user/RoleDao.java @@ -145,14 +145,4 @@ public class RoleDao implements TaskExtension, ServerExtension { MyBatis.closeQuietly(session); } } - - public int countSystemAdministrators(@Nullable String groupName) { - SqlSession session = mybatis.openSession(); - try { - RoleMapper mapper = session.getMapper(RoleMapper.class); - return mapper.countSystemAdministrators(groupName); - } finally { - MyBatis.closeQuietly(session); - } - } } diff --git a/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java b/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java index da7b6c422ef..0fcaac7973b 100644 --- a/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java +++ b/sonar-core/src/main/java/org/sonar/core/user/RoleMapper.java @@ -49,5 +49,5 @@ public interface RoleMapper { int countUserRoles(Long resourceId); - int countSystemAdministrators(@Nullable @Param("groupName") String groupName); + List countSystemAdministrators(@Nullable @Param("groupName") String groupName); } diff --git a/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml b/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml index 1a267371a9b..3dba348d55a 100644 --- a/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml +++ b/sonar-core/src/main/resources/org/sonar/core/user/RoleMapper.xml @@ -88,18 +88,4 @@ SELECT count(id) FROM group_roles WHERE resource_id=#{id} - - diff --git a/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java b/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java index 127ba6ab654..33eae64cf56 100644 --- a/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java +++ b/sonar-core/src/test/java/org/sonar/core/user/RoleDaoTest.java @@ -75,17 +75,4 @@ public class RoleDaoTest extends AbstractDaoTestCase { checkTable("groupPermissions", "group_roles", "group_id", "role"); } - @Test - public void should_retrieve_system_admins_count() throws Exception { - setupData("systemAdminsCount"); - - RoleDao dao = new RoleDao(getMyBatis()); - int overallAdminsCount = dao.countSystemAdministrators(null); - int adminsCountAfterWholeGroupRemoval = dao.countSystemAdministrators("sonar-administrators"); - int adminsCountAfterNonAdminGroupRemoval = dao.countSystemAdministrators("sonar-users"); - - assertThat(overallAdminsCount).isEqualTo(3); - assertThat(adminsCountAfterWholeGroupRemoval).isEqualTo(1); - assertThat(adminsCountAfterNonAdminGroupRemoval).isEqualTo(3); - } } diff --git a/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/systemAdminsCount.xml b/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/systemAdminsCount.xml deleted file mode 100644 index f39cc938f24..00000000000 --- a/sonar-core/src/test/resources/org/sonar/core/user/RoleDaoTest/systemAdminsCount.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java b/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java index 78e9a12393c..e2973b61a47 100644 --- a/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java +++ b/sonar-server/src/main/java/org/sonar/server/permission/InternalPermissionService.java @@ -61,9 +61,6 @@ public class InternalPermissionService implements ServerComponent { UserSession.get().checkPermission(Permissions.SYSTEM_ADMIN); PermissionChangeQuery permissionChangeQuery = PermissionChangeQuery.buildFromParams(params); if(permissionChangeQuery.isValid()) { - if(Permissions.SYSTEM_ADMIN.equals(permissionChangeQuery.getRole()) && REMOVE.equals(permissionChange)) { - checkThatAtLeastOneAdminRemains(permissionChangeQuery); - } applyPermissionChange(permissionChange, permissionChangeQuery); } else { String errorMsg = String.format("Request '%s permission %s' is invalid", permissionChange, permissionChangeQuery.getRole()); @@ -127,14 +124,4 @@ public class InternalPermissionService implements ServerComponent { return (ADD.equals(operation) && existingPermissions.contains(role)) || (REMOVE.equals(operation) && !existingPermissions.contains(role)); } - - private void checkThatAtLeastOneAdminRemains(PermissionChangeQuery permissionChangeQuery) { - int remainingSystemAdmins = roleDao.countSystemAdministrators(permissionChangeQuery.getGroup()); - if(remainingSystemAdmins == 0) { - String errorMsg = String.format("Cannot remove permission %s to %s - At least one system administrator should remain active", - permissionChangeQuery.getRole(), permissionChangeQuery.getUser() == null ? permissionChangeQuery.getGroup() : permissionChangeQuery.getUser()); - LOG.error(errorMsg); - throw new BadRequestException(errorMsg); - } - } } diff --git a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java index d36d539e38c..34e3966bc31 100644 --- a/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java +++ b/sonar-server/src/test/java/org/sonar/server/permission/InternalPermissionServiceTest.java @@ -138,32 +138,6 @@ public class InternalPermissionServiceTest { service.addPermission(params); } - @Test - public void should_prevent_last_admin_removal() throws Exception { - throwable.expect(BadRequestException.class); - params = buildParams("admin", null, Permissions.SYSTEM_ADMIN); - when(roleDao.countSystemAdministrators(null)).thenReturn(0); - - service.removePermission(params); - } - - @Test - public void should_prevent_last_admin_group_removal() throws Exception { - throwable.expect(BadRequestException.class); - params = buildParams(null, "sonar-administrators", Permissions.SYSTEM_ADMIN); - GroupDto adminGroups = new GroupDto().setId(2L).setName("sonar-administrators"); - - roleDao = mock(RoleDao.class); - when(roleDao.selectGroupPermissions("sonar-administrators")).thenReturn(Lists.newArrayList(Permissions.SYSTEM_ADMIN)); - when(roleDao.countSystemAdministrators("sonar-administrators")).thenReturn(0); - - userDao = mock(UserDao.class); - when(userDao.selectGroupByName("sonar-administrators")).thenReturn(adminGroups); - - service = new InternalPermissionService(roleDao, userDao); - service.removePermission(params); - } - @Test public void should_fail_on_anonymous_access() throws Exception { throwable.expect(ForbiddenException.class); -- 2.39.5