7 years ago · 9974dee49c
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java
 */
 package org.sonar.server.permission.ws.template;
 import com.google.common.base.Predicate;
 import java.util.List;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.permission.OldPermissionQuery;
 import org.sonar.db.permission.PermissionQuery;
 import org.sonar.db.permission.template.PermissionTemplateDto;
 import org.sonar.db.permission.UserWithPermissionDto;
 import org.sonar.db.user.UserDto;
 import org.sonar.server.permission.ws.PermissionDependenciesFinder;
 import org.sonar.server.permission.ws.PermissionsWsAction;
 import org.sonar.server.user.UserSession;
 import org.sonarqube.ws.client.permission.AddUserToTemplateWsRequest;
 import static com.google.common.collect.FluentIterable.from;
 import static org.sonar.db.user.GroupMembershipQuery.IN;
 import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
 import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission;
 import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
  }
  private boolean isUserAlreadyAdded(DbSession dbSession, long templateId, String userLogin, String permission) {
    OldPermissionQuery permissionQuery = OldPermissionQuery.builder().permission(permission).membership(IN).build();
    List<UserWithPermissionDto> usersWithPermission = dbClient.permissionTemplateDao().selectUsers(dbSession, permissionQuery, templateId, 0, Integer.MAX_VALUE);
    return from(usersWithPermission).anyMatch(new HasUserPredicate(userLogin));
  }
  private static class HasUserPredicate implements Predicate<UserWithPermissionDto> {
    private final String userLogin;
    public HasUserPredicate(String userLogin) {
      this.userLogin = userLogin;
    }
    @Override
    public boolean apply(UserWithPermissionDto userWithPermission) {
      return userLogin.equals(userWithPermission.getLogin());
    }
    PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build();
    List<String> usersWithPermission = dbClient.permissionTemplateDao().selectUserLoginsByQueryAndTemplate(dbSession, permissionQuery, templateId);
    return usersWithPermission.stream().anyMatch(s -> s.equals(userLogin));
  }
 }
--- a/server/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java
  private void insertDefaultTemplate() {
    DbSession dbSession = dbClient.openSession(false);
    try {
      PermissionTemplateDto defaultPermissionTemplate =
        dbClient.permissionTemplateDao().insert(dbSession, DefaultPermissionTemplates.DEFAULT_TEMPLATE);
      PermissionTemplateDto defaultPermissionTemplate = dbClient.permissionTemplateDao().insert(dbSession, DefaultPermissionTemplates.DEFAULT_TEMPLATE);
      addGroupPermission(defaultPermissionTemplate, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS);
      addGroupPermission(defaultPermissionTemplate, UserRole.ISSUE_ADMIN, DefaultGroups.ADMINISTRATORS);
      addGroupPermission(defaultPermissionTemplate, UserRole.USER, DefaultGroups.ANYONE);
  }
  private void addGroupPermission(PermissionTemplateDto template, String permission, String groupName) {
    Long groupId = null;
    if (DefaultGroups.isAnyone(groupName)) {
      groupId = null;
    } else {
      DbSession dbSession = dbClient.openSession(false);
      try {
    DbSession dbSession = dbClient.openSession(false);
    try {
      Long groupId = null;
      if (DefaultGroups.isAnyone(groupName)) {
        groupId = null;
      } else {
        GroupDto groupDto = dbClient.groupDao().selectByName(dbSession, groupName);
        if (groupDto != null) {
          groupId = groupDto.getId();
        } else {
          LOG.error("Cannot setup default permission for group: " + groupName);
        }
      } finally {
        dbClient.closeSession(dbSession);
      }
      dbClient.permissionTemplateDao().insertGroupPermission(dbSession, template.getId(), groupId, permission);
    } finally {
      dbClient.closeSession(dbSession);
    }
    dbClient.permissionTemplateDao().insertGroupPermission(template.getId(), groupId, permission);
  }
  private void registerInitialization() {
--- a/server/sonar-server/src/test/java/org/sonar/server/computation/task/projectanalysis/step/ApplyPermissionsStepTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/computation/task/projectanalysis/step/ApplyPermissionsStepTest.java
  private void createDefaultPermissionTemplate(String permission) {
    PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().insert(dbSession, newPermissionTemplateDto().setName("Default"));
    settings.setProperty("sonar.permission.template.default", permissionTemplateDto.getKee());
    dbClient.permissionTemplateDao().insertGroupPermission(permissionTemplateDto.getId(), null, permission);
    dbClient.permissionTemplateDao().insertGroupPermission(dbSession, permissionTemplateDto.getId(), null, permission);
    dbSession.commit();
  }
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateUsersActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateUsersActionTest.java
    return dbClient.userDao().insert(dbSession, userDto.setActive(true));
  }
  private void addUserToTemplate(PermissionTemplateUserDto userRoleDto) {
    dbClient.permissionTemplateDao().insertUserPermission(dbSession, userRoleDto);
  private void addUserToTemplate(PermissionTemplateUserDto dto) {
    dbClient.permissionTemplateDao().insertUserPermission(dbSession, dto.getTemplateId(), dto.getUserId(), dto.getPermission());
  }
  private void commit() {
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java
 */
 package org.sonar.server.permission.ws.template;
 import com.google.common.base.Function;
 import java.util.List;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import org.junit.Before;
 import org.junit.Rule;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ResourceTypesRule;
 import org.sonar.db.permission.GroupWithPermissionDto;
 import org.sonar.db.permission.OldPermissionQuery;
 import org.sonar.db.permission.PermissionQuery;
 import org.sonar.db.permission.template.PermissionTemplateDto;
 import org.sonar.db.user.GroupDto;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.WsActionTester;
 import static com.google.common.collect.FluentIterable.from;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.security.DefaultGroups.ANYONE;
 import static org.sonar.api.web.UserRole.ADMIN;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
 import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
 import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
 import static org.sonar.db.user.GroupMembershipQuery.IN;
 import static org.sonar.db.user.GroupTesting.newGroupDto;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
 public class AddGroupToTemplateActionTest {
  private static final String GROUP_NAME = "group-name";
  }
  private List<String> getGroupNamesInTemplateAndPermission(long templateId, String permission) {
    OldPermissionQuery permissionQuery = OldPermissionQuery.builder().permission(permission).membership(IN).build();
    return from(dbClient.permissionTemplateDao()
      .selectGroups(dbSession, permissionQuery, templateId))
      .transform(GroupWithPermissionToGroupName.INSTANCE)
      .toList();
  }
  private enum GroupWithPermissionToGroupName implements Function<GroupWithPermissionDto, String> {
    INSTANCE;
    @Override
    public String apply(@Nonnull GroupWithPermissionDto groupWithPermission) {
      return groupWithPermission.getName();
    }
    PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build();
    return dbClient.permissionTemplateDao()
      .selectGroupNamesByQueryAndTemplate(dbSession, permissionQuery, templateId);
  }
 }
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java
 */
 package org.sonar.server.permission.ws.template;
 import com.google.common.base.Function;
 import java.util.List;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import org.junit.Before;
 import org.junit.Rule;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ResourceTypesRule;
 import org.sonar.db.permission.OldPermissionQuery;
 import org.sonar.db.permission.PermissionQuery;
 import org.sonar.db.permission.template.PermissionTemplateDto;
 import org.sonar.db.permission.UserWithPermissionDto;
 import org.sonar.db.user.UserDto;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.WsActionTester;
 import static com.google.common.collect.FluentIterable.from;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
 import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
 import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
 import static org.sonar.db.user.GroupMembershipQuery.IN;
 import static org.sonar.db.user.UserTesting.newUserDto;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
  }
  private List<String> getLoginsInTemplateAndPermission(long templateId, String permission) {
    OldPermissionQuery permissionQuery = OldPermissionQuery.builder().permission(permission).membership(IN).build();
    return from(dbClient.permissionTemplateDao()
      .selectUsers(dbSession, permissionQuery, templateId, 0, Integer.MAX_VALUE))
      .transform(UserWithPermissionToUserLogin.INSTANCE)
      .toList();
  }
  private enum UserWithPermissionToUserLogin implements Function<UserWithPermissionDto, String> {
    INSTANCE;
    @Override
    public String apply(@Nonnull UserWithPermissionDto userWithPermission) {
      return userWithPermission.getLogin();
    }
    PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build();
    return dbClient.permissionTemplateDao()
      .selectUserLoginsByQueryAndTemplate(dbSession, permissionQuery, templateId);
  }
 }
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java
 */
 package org.sonar.server.permission.ws.template;
 import com.google.common.base.Predicate;
 import com.google.common.collect.FluentIterable;
 import java.util.List;
 import javax.annotation.Nullable;
 import org.junit.Before;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.ResourceTypesRule;
 import org.sonar.db.permission.GroupWithPermissionDto;
 import org.sonar.db.permission.OldPermissionQuery;
 import org.sonar.db.permission.PermissionQuery;
 import org.sonar.db.permission.PermissionRepository;
 import org.sonar.db.permission.UserWithPermissionDto;
 import org.sonar.db.permission.template.PermissionTemplateDto;
 import org.sonar.db.user.GroupDto;
 import org.sonar.db.user.GroupRoleDto;
 import static org.mockito.Mockito.verify;
 import static org.sonar.db.component.ComponentTesting.newProjectDto;
 import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
 import static org.sonar.db.user.GroupMembershipQuery.IN;
 import static org.sonar.db.user.GroupTesting.newGroupDto;
 import static org.sonar.db.user.UserTesting.newUserDto;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
 public class ApplyTemplateActionTest {
  @Rule
  }
  private void assertTemplate1AppliedToProject() {
    assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).extracting("name").containsExactly(group1.getName());
    assertThat(selectProjectPermissionGroups(project, UserRole.USER)).extracting("name").containsExactly(group2.getName());
    assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).containsExactly(group1.getName());
    assertThat(selectProjectPermissionGroups(project, UserRole.USER)).containsExactly(group2.getName());
    assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
    assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).extracting("login").containsExactly(user1.getLogin());
    assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).extracting("login").containsExactly(user2.getLogin());
    assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).containsExactly(user1.getLogin());
    assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).containsExactly(user2.getLogin());
  }
  private TestResponse newRequest(@Nullable String templateUuid, @Nullable String projectUuid, @Nullable String projectKey) {
      .setGroupId(group.getId()));
  }
  private List<GroupWithPermissionDto> selectProjectPermissionGroups(ComponentDto project, String permission) {
    return FluentIterable.from(dbClient.permissionDao().selectGroups(dbSession, query(permission), project.getId()))
      .filter(new PermissionNotNull())
      .toList();
  private List<String> selectProjectPermissionGroups(ComponentDto project, String permission) {
    PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build();
    return dbClient.permissionDao().selectGroupNamesByPermissionQuery(dbSession, query);
  }
  private List<UserWithPermissionDto> selectProjectPermissionUsers(ComponentDto project, String permission) {
    return dbClient.permissionDao().selectUsers(dbSession, query(permission), project.getId(), 0, Integer.MAX_VALUE);
  private List<String> selectProjectPermissionUsers(ComponentDto project, String permission) {
    PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build();
    return dbClient.permissionDao().selectLoginsByPermissionQuery(dbSession, query);
  }
  private void commit() {
    dbSession.commit();
  }
  private static OldPermissionQuery query(String permission) {
    return OldPermissionQuery.builder().membership(IN).permission(permission).build();
  }
  private static class PermissionNotNull implements Predicate<GroupWithPermissionDto> {
    @Override
    public boolean apply(@Nullable GroupWithPermissionDto input) {
      return input.getPermission() != null;
    }
  }
 }
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java
 package org.sonar.server.permission.ws.template;
 import com.google.common.base.Predicate;
 import com.google.common.collect.FluentIterable;
 import java.util.List;
 import javax.annotation.Nullable;
 import org.junit.Before;
 import org.sonar.db.component.ResourceTypesRule;
 import org.sonar.db.permission.GroupWithPermissionDto;
 import org.sonar.db.permission.OldPermissionQuery;
 import org.sonar.db.permission.PermissionQuery;
 import org.sonar.db.permission.PermissionRepository;
 import org.sonar.db.permission.UserWithPermissionDto;
 import org.sonar.db.permission.template.PermissionTemplateDto;
 import org.sonar.db.user.GroupDbTester;
 import org.sonar.db.user.GroupDto;
  }
  private void assertTemplate1AppliedToProject(ComponentDto project) {
    assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).extracting("name").containsExactly(group1.getName());
    assertThat(selectProjectPermissionGroups(project, UserRole.USER)).extracting("name").containsExactly(group2.getName());
    assertThat(selectProjectPermissionGroups(project, UserRole.ADMIN)).containsExactly(group1.getName());
    assertThat(selectProjectPermissionGroups(project, UserRole.USER)).containsExactly(group2.getName());
    assertThat(selectProjectPermissionUsers(project, UserRole.ADMIN)).isEmpty();
    assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).extracting("login").containsExactly(user1.getLogin());
    assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).extracting("login").containsExactly(user2.getLogin());
    assertThat(selectProjectPermissionUsers(project, UserRole.CODEVIEWER)).containsExactly(user1.getLogin());
    assertThat(selectProjectPermissionUsers(project, UserRole.ISSUE_ADMIN)).containsExactly(user2.getLogin());
  }
  private void assertNoPermissionOnProject(ComponentDto project) {
      .setGroupId(group.getId()));
  }
  private List<GroupWithPermissionDto> selectProjectPermissionGroups(ComponentDto project, String permission) {
    return FluentIterable.from(dbClient.permissionDao().selectGroups(dbSession, query(permission), project.getId()))
      .filter(new PermissionNotNull())
      .toList();
  private List<String> selectProjectPermissionGroups(ComponentDto project, String permission) {
    PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build();
    return dbClient.permissionDao().selectGroupNamesByPermissionQuery(dbSession, query);
  }
  private List<UserWithPermissionDto> selectProjectPermissionUsers(ComponentDto project, String permission) {
    return dbClient.permissionDao().selectUsers(dbSession, query(permission), project.getId(), 0, Integer.MAX_VALUE);
  private List<String> selectProjectPermissionUsers(ComponentDto project, String permission) {
    PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build();
    return dbClient.permissionDao().selectLoginsByPermissionQuery(dbSession, query);
  }
  private void commit() {
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
 */
 package org.sonar.server.permission.ws.template;
 import com.google.common.base.Function;
 import java.util.List;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import org.junit.Before;
 import org.junit.Rule;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ResourceTypesRule;
 import org.sonar.db.permission.GroupWithPermissionDto;
 import org.sonar.db.permission.OldPermissionQuery;
 import org.sonar.db.permission.PermissionQuery;
 import org.sonar.db.permission.template.PermissionTemplateDto;
 import org.sonar.db.user.GroupDto;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.WsActionTester;
 import static com.google.common.collect.FluentIterable.from;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.security.DefaultGroups.ANYONE;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
 import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
 import static org.sonar.db.user.GroupMembershipQuery.IN;
 import static org.sonar.db.user.GroupTesting.newGroupDto;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
 public class RemoveGroupFromTemplateActionTest {
  private static final String GROUP_NAME = "group-name";
  }
  private List<String> getGroupNamesInTemplateAndPermission(long templateId, String permission) {
    OldPermissionQuery permissionQuery = OldPermissionQuery.builder().permission(permission).membership(IN).build();
    return from(dbClient.permissionTemplateDao()
      .selectGroups(dbSession, permissionQuery, templateId))
      .transform(GroupWithPermissionToGroupName.INSTANCE)
      .toList();
  }
  private enum GroupWithPermissionToGroupName implements Function<GroupWithPermissionDto, String> {
    INSTANCE;
    @Override
    public String apply(@Nonnull GroupWithPermissionDto groupWithPermission) {
      return groupWithPermission.getName();
    }
    PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build();
    return dbClient.permissionTemplateDao()
      .selectGroupNamesByQueryAndTemplate(dbSession, permissionQuery, templateId);
  }
 }
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java
 */
 package org.sonar.server.permission.ws.template;
 import com.google.common.base.Function;
 import java.util.List;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import org.junit.Before;
 import org.junit.Rule;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ResourceTypesRule;
 import org.sonar.db.permission.OldPermissionQuery;
 import org.sonar.db.permission.PermissionQuery;
 import org.sonar.db.permission.template.PermissionTemplateDto;
 import org.sonar.db.permission.UserWithPermissionDto;
 import org.sonar.db.user.UserDto;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.WsActionTester;
 import static com.google.common.collect.FluentIterable.from;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
 import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
 import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
 import static org.sonar.db.user.GroupMembershipQuery.IN;
 import static org.sonar.db.user.UserTesting.newUserDto;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
  }
  private List<String> getLoginsInTemplateAndPermission(long templateId, String permission) {
    OldPermissionQuery permissionQuery = OldPermissionQuery.builder().permission(permission).membership(IN).build();
    return from(dbClient.permissionTemplateDao()
      .selectUsers(dbSession, permissionQuery, templateId, 0, Integer.MAX_VALUE))
        .transform(UserWithPermissionToUserLogin.INSTANCE)
        .toList();
  }
  private enum UserWithPermissionToUserLogin implements Function<UserWithPermissionDto, String> {
    INSTANCE;
    @Override
    public String apply(@Nonnull UserWithPermissionDto userWithPermission) {
      return userWithPermission.getLogin();
    }
    PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build();
    return dbClient.permissionTemplateDao()
      .selectUserLoginsByQueryAndTemplate(dbSession, permissionQuery, templateId);
  }
  private void addUserToTemplate(UserDto user, PermissionTemplateDto permissionTemplate, String permission) {
--- a/server/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java
    verify(loadedTemplateDao).insert(argThat(Matches.template(expectedTemplate)));
    verify(permissionTemplateDao).insert(any(DbSession.class), eq(DefaultPermissionTemplates.DEFAULT_TEMPLATE));
    verify(permissionTemplateDao).insertGroupPermission(1L, 1L, UserRole.ADMIN);
    verify(permissionTemplateDao).insertGroupPermission(1L, 1L, UserRole.ISSUE_ADMIN);
    verify(permissionTemplateDao).insertGroupPermission(1L, null, UserRole.USER);
    verify(permissionTemplateDao).insertGroupPermission(1L, null, UserRole.CODEVIEWER);
    verify(permissionTemplateDao).insertGroupPermission(any(DbSession.class),eq(1L), eq(1L), eq(UserRole.ADMIN));
    verify(permissionTemplateDao).insertGroupPermission(any(DbSession.class), eq(1L), eq(1L), eq(UserRole.ISSUE_ADMIN));
    verify(permissionTemplateDao).insertGroupPermission(any(DbSession.class), eq(1L), eq(null), eq(UserRole.USER));
    verify(permissionTemplateDao).insertGroupPermission(any(DbSession.class), eq(1L), eq(null), eq(UserRole.CODEVIEWER));
    verifyNoMoreInteractions(permissionTemplateDao);
    verify(settings).saveProperty(DEFAULT_TEMPLATE_PROPERTY, DefaultPermissionTemplates.DEFAULT_TEMPLATE.getUuid());
  }
--- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/DeleteActionTest.java
  @Test
  public void delete_with_permission_templates() throws Exception {
    GroupDto group = groupDao.insert(dbSession, new GroupDto().setName("to-delete"));
    permissionTemplateDao.insertGroupPermission(42L, group.getId(), UserRole.ADMIN);
    permissionTemplateDao.insertGroupPermission(dbSession, 42L, group.getId(), UserRole.ADMIN);
    dbSession.commit();
    loginAsAdmin();
--- a/sonar-db/src/main/java/org/sonar/db/permission/PermissionDao.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/PermissionDao.java
 import org.sonar.api.security.DefaultGroups;
 import org.sonar.db.Dao;
 import org.sonar.db.DbSession;
 import org.sonar.db.MyBatis;
 import org.sonar.db.user.GroupRoleDto;
 import org.sonar.db.user.UserPermissionDto;
 import static com.google.common.collect.Maps.newHashMap;
 import static org.sonar.db.DatabaseUtils.executeLargeInputs;
 import static org.sonar.db.DatabaseUtils.executeLargeInputsWithoutOutput;
 public class PermissionDao implements Dao {
  private static final String QUERY_PARAMETER = "query";
  private static final String COMPONENT_ID_PARAMETER = "componentId";
  private static final String ANYONE_GROUP_PARAMETER = "anyoneGroup";
  private final MyBatis myBatis;
  public PermissionDao(MyBatis myBatis) {
    this.myBatis = myBatis;
  }
  /**
   * @return a paginated list of users.
   * @deprecated use {@link #selectLoginsByPermissionQuery(DbSession, PermissionQuery)} or {@link #selectUserPermissionsByLoginsAnProject(DbSession, List, Long)} instead
   */
  @Deprecated
  public List<UserWithPermissionDto> selectUsers(DbSession session, OldPermissionQuery query, @Nullable Long componentId, int offset, int limit) {
    Map<String, Object> params = usersParameters(query, componentId);
    return mapper(session).selectUsers(params, new RowBounds(offset, limit));
  }
  /**
   * Ordered by user names
   */
    return executeLargeInputs(logins, l -> mapper(dbSession).selectUserPermissionsByLogins(l, projectId));
  }
  /**
   * @deprecated use {@link #countUsersByQuery(DbSession, PermissionQuery)} instead
   */
  @Deprecated
  public int countUsers(DbSession session, OldPermissionQuery query, @Nullable Long componentId) {
    Map<String, Object> params = usersParameters(query, componentId);
    return mapper(session).countUsers(params);
  }
  private static Map<String, Object> usersParameters(OldPermissionQuery query, @Nullable Long componentId) {
    Map<String, Object> params = newHashMap();
    params.put(QUERY_PARAMETER, query);
    params.put(COMPONENT_ID_PARAMETER, componentId);
    return params;
  }
  /**
   * 'Anyone' group is not returned when it has not the asked permission.
   * Membership parameter from query is not taking into account in order to deal more easily with the 'Anyone' group
   *
   * @return a non paginated list of groups.
   * @deprecated use {@link #selectGroupNamesByPermissionQuery(DbSession, PermissionQuery)} or {@link #selectGroupPermissionsByGroupNamesAndProject(DbSession, List, Long)} instead
   */
  @Deprecated
  public List<GroupWithPermissionDto> selectGroups(DbSession session, OldPermissionQuery query, @Nullable Long componentId) {
    Map<String, Object> params = groupsParameters(query, componentId);
    return mapper(session).selectGroups(params);
  }
  public List<GroupWithPermissionDto> selectGroups(OldPermissionQuery query, @Nullable Long componentId) {
    DbSession session = myBatis.openSession(false);
    try {
      return selectGroups(session, query, componentId);
    } finally {
      MyBatis.closeQuietly(session);
    }
  }
  public int countGroups(DbSession session, String permission, @Nullable Long componentId) {
    Map<String, Object> parameters = new HashMap<>();
    parameters.put("permission", permission);
      });
  }
  private static Map<String, Object> groupsParameters(OldPermissionQuery query, @Nullable Long componentId) {
    Map<String, Object> params = newHashMap();
    params.put(QUERY_PARAMETER, query);
    params.put(COMPONENT_ID_PARAMETER, componentId);
    params.put(ANYONE_GROUP_PARAMETER, DefaultGroups.ANYONE);
    return params;
  }
  private static PermissionMapper mapper(SqlSession session) {
    return session.getMapper(PermissionMapper.class);
  }
--- a/sonar-db/src/main/java/org/sonar/db/permission/PermissionMapper.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/PermissionMapper.java
 public interface PermissionMapper {
  List<UserWithPermissionDto> selectUsers(Map<String, Object> parameters, RowBounds rowBounds);
  int countUsers(Map<String, Object> parameters);
  List<String> selectLoginsByPermissionQuery(@Param("query") PermissionQuery query, RowBounds rowBounds);
  int countUsersByPermissionQuery(@Param("query") PermissionQuery query);
  List<UserPermissionDto> selectUserPermissionsByLogins(@Param("logins") List<String> logins, @Nullable @Param("projectId") Long projectId);
  List<GroupWithPermissionDto> selectGroups(Map<String, Object> parameters);
  int countGroups(Map<String, Object> parameters);
  List<String> selectGroupNamesByPermissionQuery(@Param("query") PermissionQuery query, RowBounds rowBounds);
--- a/sonar-db/src/main/java/org/sonar/db/permission/PermissionRepository.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/PermissionRepository.java
    dbClient.roleDao().deleteGroupRole(groupRole, session);
  }
  public void deleteGroupPermission(@Nullable Long resourceId, String groupName, String permission, DbSession session) {
    if (isAnyone(groupName)) {
      deleteGroupPermission(resourceId, (Long) null, permission, session);
    } else {
      GroupDto group = dbClient.groupDao().selectByName(session, groupName);
      if (group != null) {
        deleteGroupPermission(resourceId, group.getId(), permission, session);
      }
    }
  }
  /**
   * For each modification of permission on a project, update the authorization_updated_at to help ES reindex only relevant changes
   */
--- a/sonar-db/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java
 import org.sonar.db.DbSession;
 import org.sonar.db.MyBatis;
 import org.sonar.db.permission.CountByProjectAndPermissionDto;
 import org.sonar.db.permission.GroupWithPermissionDto;
 import org.sonar.db.permission.OldPermissionQuery;
 import org.sonar.db.permission.PermissionQuery;
 import org.sonar.db.permission.UserWithPermissionDto;
 import static java.lang.String.format;
 import static org.sonar.api.security.DefaultGroups.ANYONE;
    this.system = system;
  }
  @Deprecated
  public List<UserWithPermissionDto> selectUsers(DbSession session, OldPermissionQuery query, Long templateId, int offset, int limit) {
    return mapper(session).selectUsers(query, templateId, new RowBounds(offset, limit));
  }
  /**
   * @return a paginated list of user logins.
   */
    return executeLargeInputs(logins, l -> mapper(dbSession).selectUserPermissionsByTemplateIdAndUserLogins(templateId, l));
  }
  public List<PermissionTemplateUserDto> selectUserPermissionsByTemplateId(DbSession dbSession, long templateId) {
  private List<PermissionTemplateUserDto> selectUserPermissionsByTemplateId(DbSession dbSession, long templateId) {
    return mapper(dbSession).selectUserPermissionsByTemplateIdAndUserLogins(templateId, Collections.emptyList());
  }
    return executeLargeInputs(groups, g -> mapper(dbSession).selectGroupPermissionsByTemplateIdAndGroupNames(templateId, g));
  }
  public List<PermissionTemplateGroupDto> selectGroupPermissionsByTemplateId(DbSession dbSession, long templateId) {
  List<PermissionTemplateGroupDto> selectGroupPermissionsByTemplateId(DbSession dbSession, long templateId) {
    return mapper(dbSession).selectGroupPermissionsByTemplateIdAndGroupNames(templateId, Collections.emptyList());
  }
  /**
   * 'Anyone' group is not returned when it has not the asked permission.
   * Membership parameter from query is not taking into account in order to deal more easily with the 'Anyone' group.
   * @return a non paginated list of groups.
   */
  @Deprecated
  public List<GroupWithPermissionDto> selectGroups(DbSession session, OldPermissionQuery query, Long templateId) {
    return selectGroups(session, query, templateId, 0, Integer.MAX_VALUE);
  }
  @Deprecated
  public List<GroupWithPermissionDto> selectGroups(DbSession session, OldPermissionQuery query, Long templateId, int offset, int limit) {
    return mapper(session).selectGroups(query, templateId, ANYONE, ADMIN, new RowBounds(offset, limit));
  }
  @Deprecated
  public List<GroupWithPermissionDto> selectGroups(OldPermissionQuery query, Long templateId) {
    DbSession session = myBatis.openSession(false);
    try {
      return selectGroups(session, query, templateId);
    } finally {
      MyBatis.closeQuietly(session);
    }
  }
  @Deprecated
  public int countGroups(DbSession session, OldPermissionQuery query, long templateId) {
    return countGroups(session, query, templateId, null);
  }
  private static int countGroups(DbSession session, OldPermissionQuery query, long templateId, @Nullable String groupName) {
    return mapper(session).countGroups(query, templateId, ANYONE, ADMIN, groupName != null ? groupName.toUpperCase(Locale.ENGLISH) : null);
  }
    return mapper(session).selectByUuid(templateUuid);
  }
  @CheckForNull
  public PermissionTemplateDto selectByUuid(String templateUuid) {
    DbSession session = myBatis.openSession(false);
    try {
      return selectByUuid(session, templateUuid);
    } finally {
      MyBatis.closeQuietly(session);
    }
  }
  @CheckForNull
  public PermissionTemplate selectByUuidWithUserAndGroupPermissions(DbSession session, String templateUuid) {
    PermissionTemplateMapper mapper = mapper(session);
    return mapper(session).selectAll(null);
  }
  public List<PermissionTemplateDto> selectAll() {
    DbSession session = myBatis.openSession(false);
    try {
      return selectAll(session);
    } finally {
      MyBatis.closeQuietly(session);
    }
  }
  public int countAll(DbSession dbSession, String nameQuery) {
    String upperCasedNameQuery = toUppercaseSqlQuery(nameQuery);
    mapper.delete(templateId);
  }
  /**
   * @deprecated since 5.2 use {@link #update(DbSession, PermissionTemplateDto)}
   */
  @Deprecated
  public void update(Long templateId, String templateName, @Nullable String description, @Nullable String projectPattern) {
    PermissionTemplateDto permissionTemplate = new PermissionTemplateDto()
      .setId(templateId)
      .setName(templateName)
      .setDescription(description)
      .setKeyPattern(projectPattern)
      .setUpdatedAt(now());
    DbSession session = myBatis.openSession(false);
    try {
      update(session, permissionTemplate);
    } finally {
      MyBatis.closeQuietly(session);
    }
  }
  public PermissionTemplateDto update(DbSession session, PermissionTemplateDto permissionTemplate) {
    mapper(session).update(permissionTemplate);
    session.commit();
    return permissionTemplate;
  }
  /**
   * @deprecated since 5.2 {@link #insertUserPermission(DbSession, Long, Long, String)}
   */
  @Deprecated
  public void insertUserPermission(Long templateId, Long userId, String permission) {
    DbSession session = myBatis.openSession(false);
    try {
      insertUserPermission(session, templateId, userId, permission);
    } finally {
      MyBatis.closeQuietly(session);
    }
  }
  public void insertUserPermission(DbSession session, Long templateId, Long userId, String permission) {
    PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto()
      .setTemplateId(templateId)
    session.commit();
  }
  public void insertUserPermission(DbSession session, PermissionTemplateUserDto permissionTemplateUserDto) {
    mapper(session).insertUserPermission(permissionTemplateUserDto);
  }
  /**
   * @deprecated since 5.2 {@link #deleteUserPermission(DbSession, Long, Long, String)}
   */
  @Deprecated
  public void deleteUserPermission(Long templateId, Long userId, String permission) {
    DbSession session = myBatis.openSession(false);
    try {
      deleteUserPermission(session, templateId, userId, permission);
    } finally {
      MyBatis.closeQuietly(session);
    }
  }
  public void deleteUserPermission(DbSession session, Long templateId, Long userId, String permission) {
    PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto()
      .setTemplateId(templateId)
    session.commit();
  }
  /**
   * @deprecated since 5.2 use {@link #insertGroupPermission(DbSession, Long, Long, String)}
   */
  @Deprecated
  public void insertGroupPermission(Long templateId, @Nullable Long groupId, String permission) {
    DbSession session = myBatis.openSession(false);
    try {
      insertGroupPermission(session, templateId, groupId, permission);
    } finally {
      MyBatis.closeQuietly(session);
    }
  }
  public void insertGroupPermission(DbSession session, Long templateId, @Nullable Long groupId, String permission) {
    PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto()
      .setTemplateId(templateId)
    mapper(session).insertGroupPermission(permissionTemplateGroup);
  }
  /**
   * @deprecated since 5.2 use {@link #deleteGroupPermission(DbSession, Long, Long, String)}
   */
  @Deprecated
  public void deleteGroupPermission(Long templateId, @Nullable Long groupId, String permission) {
    DbSession session = myBatis.openSession(false);
    try {
      deleteGroupPermission(session, templateId, groupId, permission);
    } finally {
      MyBatis.closeQuietly(session);
    }
  }
  public void deleteGroupPermission(DbSession session, Long templateId, @Nullable Long groupId, String permission) {
    PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto()
      .setTemplateId(templateId)
--- a/sonar-db/src/main/resources/org/sonar/db/permission/PermissionMapper.xml
+++ b/sonar-db/src/main/resources/org/sonar/db/permission/PermissionMapper.xml
 <mapper namespace="org.sonar.db.permission.PermissionMapper">
  <select id="selectUsers" parameterType="map" resultType="UserWithPermission">
    SELECT u.login as login, u.name as name, u.email as email, user_role.role as permission
    <include refid="usersSelection"/>
    ORDER BY u.name
  </select>
  <select id="countUsers" parameterType="map" resultType="int">
    SELECT count(u.login)
    <include refid="usersSelection"/>
  </select>
  <sql id="usersSelection">
    FROM users u
    LEFT JOIN user_roles user_role ON user_role.user_id=u.id
    ) groups
  </select>
  <select id="selectGroups" parameterType="map" resultType="GroupWithPermission">
    SELECT id, name, description, permission FROM
    (SELECT g.id as id, g.name as name, g.description as description, group_role.role as permission
    FROM groups g
    LEFT JOIN group_roles group_role ON group_role.group_id=g.id
    AND group_role.role=#{query.permission}
    <if test="componentId != null">
      AND group_role.resource_id=#{componentId}
    </if>
    <if test="componentId == null">
      AND group_role.resource_id IS NULL
    </if>
    UNION
    -- Add Anyone group permission
    SELECT 0 as id, #{anyoneGroup} as name, NULL as description, group_role.role as permission
    FROM group_roles group_role
    <where>
      AND group_role.role=#{query.permission}
      AND group_role.group_id IS NULL
      <if test="componentId != null">
        AND group_role.resource_id=#{componentId}
      </if>
      <if test="componentId == null">
        AND group_role.resource_id IS NULL
      </if>
    </where>
    ) groups
    <where>
      <if test="query.search() != null">
        AND (UPPER(groups.name) LIKE #{query.searchSql} ESCAPE '/')
      </if>
    </where>
    ORDER BY groups.name
  </select>
  <select id="selectGroupNamesByPermissionQuery" parameterType="map" resultType="string">
    select distinct gr.name, lower(gr.name), gr.group_id
    <include refid="groupsByQuery" />
--- a/sonar-db/src/test/java/org/sonar/db/permission/GroupWithPermissionDaoTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/permission/GroupWithPermissionDaoTest.java
  @Rule
  public DbTester db = DbTester.create(System2.INSTANCE);
  GroupDbTester groupDb = new GroupDbTester(db);
  PermissionDbTester permissionDb = new PermissionDbTester(db);
  ComponentDbTester componentDb = new ComponentDbTester(db);
  DbSession dbSession = db.getSession();
  private GroupDbTester groupDb = new GroupDbTester(db);
  private PermissionDbTester permissionDb = new PermissionDbTester(db);
  private ComponentDbTester componentDb = new ComponentDbTester(db);
  private DbSession dbSession = db.getSession();
  PermissionDao underTest = new PermissionDao(db.myBatis());
  @Test
  public void select_groups_for_project_permission() {
    db.prepareDbUnit(getClass(), "groups_with_permissions.xml");
    OldPermissionQuery query = OldPermissionQuery.builder().permission("user").build();
    List<GroupWithPermissionDto> result = underTest.selectGroups(dbSession, query, COMPONENT_ID);
    assertThat(result).hasSize(4);
    GroupWithPermissionDto anyone = result.get(0);
    assertThat(anyone.getName()).isEqualTo("Anyone");
    assertThat(anyone.getDescription()).isNull();
    assertThat(anyone.getPermission()).isNotNull();
    GroupWithPermissionDto group1 = result.get(1);
    assertThat(group1.getName()).isEqualTo("sonar-administrators");
    assertThat(group1.getDescription()).isEqualTo("System administrators");
    assertThat(group1.getPermission()).isNotNull();
    GroupWithPermissionDto group2 = result.get(2);
    assertThat(group2.getName()).isEqualTo("sonar-reviewers");
    assertThat(group2.getDescription()).isEqualTo("Reviewers");
    assertThat(group2.getPermission()).isNull();
    GroupWithPermissionDto group3 = result.get(3);
    assertThat(group3.getName()).isEqualTo("sonar-users");
    assertThat(group3.getDescription()).isEqualTo("Any new users created will automatically join this group");
    assertThat(group3.getPermission()).isNotNull();
  }
  @Test
  public void anyone_group_is_not_returned_when_it_has_no_permission() {
    db.prepareDbUnit(getClass(), "groups_with_permissions.xml");
    // Anyone group has not the permission 'admin', so it's not returned
    OldPermissionQuery query = OldPermissionQuery.builder().permission("admin").build();
    List<GroupWithPermissionDto> result = underTest.selectGroups(dbSession, query, COMPONENT_ID);
    assertThat(result).hasSize(3);
    GroupWithPermissionDto group1 = result.get(0);
    assertThat(group1.getName()).isEqualTo("sonar-administrators");
    assertThat(group1.getPermission()).isNotNull();
    GroupWithPermissionDto group2 = result.get(1);
    assertThat(group2.getName()).isEqualTo("sonar-reviewers");
    assertThat(group2.getPermission()).isNull();
    GroupWithPermissionDto group3 = result.get(2);
    assertThat(group3.getName()).isEqualTo("sonar-users");
    assertThat(group3.getPermission()).isNull();
  }
  @Test
  public void select_groups_for_global_permission() {
    db.prepareDbUnit(getClass(), "groups_with_permissions.xml");
    OldPermissionQuery query = OldPermissionQuery.builder().permission("admin").build();
    List<GroupWithPermissionDto> result = underTest.selectGroups(dbSession, query, null);
    assertThat(result).hasSize(3);
    GroupWithPermissionDto group1 = result.get(0);
    assertThat(group1.getName()).isEqualTo("sonar-administrators");
    assertThat(group1.getPermission()).isNotNull();
    GroupWithPermissionDto group2 = result.get(1);
    assertThat(group2.getName()).isEqualTo("sonar-reviewers");
    assertThat(group2.getPermission()).isNull();
    GroupWithPermissionDto group3 = result.get(2);
    assertThat(group3.getName()).isEqualTo("sonar-users");
    assertThat(group3.getPermission()).isNull();
  }
  @Test
  public void search_by_groups_name() {
    db.prepareDbUnit(getClass(), "groups_with_permissions.xml");
    List<GroupWithPermissionDto> result = underTest.selectGroups(dbSession, OldPermissionQuery.builder().permission("user").search("aDMini").build(), COMPONENT_ID);
    assertThat(result).hasSize(1);
    assertThat(result.get(0).getName()).isEqualTo("sonar-administrators");
    result = underTest.selectGroups(dbSession, OldPermissionQuery.builder().permission("user").search("sonar").build(), COMPONENT_ID);
    assertThat(result).hasSize(3);
  }
  @Test
  public void search_groups_should_be_sorted_by_group_name() {
    db.prepareDbUnit(getClass(), "groups_with_permissions_should_be_sorted_by_group_name.xml");
    List<GroupWithPermissionDto> result = underTest.selectGroups(dbSession, OldPermissionQuery.builder().permission("user").build(), COMPONENT_ID);
    int count = underTest.countGroups(dbSession, "user", COMPONENT_ID);
    assertThat(result).hasSize(4);
    assertThat(count).isEqualTo(2);
    assertThat(result.get(0).getName()).isEqualTo("Anyone");
    assertThat(result.get(1).getName()).isEqualTo("sonar-administrators");
    assertThat(result.get(2).getName()).isEqualTo("sonar-reviewers");
    assertThat(result.get(3).getName()).isEqualTo("sonar-users");
  }
  private PermissionDao underTest = new PermissionDao();
  @Test
  public void group_count_by_permission_and_component_id() {
--- a/sonar-db/src/test/java/org/sonar/db/permission/PermissionRepositoryTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/permission/PermissionRepositoryTest.java
    checkAuthorizationUpdatedAtIsUpdated();
  }
  @Test
  public void should_delete_group_name_permission() {
    dbTester.prepareDbUnit(getClass(), "should_delete_group_permission.xml");
    underTest.deleteGroupPermission(PROJECT_ID, "devs", UserRole.USER, session);
    session.commit();
    dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
    dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "projects", "authorization_updated_at");
  }
  @Test
  public void would_user_have_permission_with_default_permission_template() {
    UserDto user = userDb.insertUser();
--- a/sonar-db/src/test/java/org/sonar/db/permission/UserWithPermissionDaoTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/permission/UserWithPermissionDaoTest.java
  ComponentDbTester componentDb = new ComponentDbTester(dbTester);
  DbSession session = dbTester.getSession();
  PermissionDao underTest = new PermissionDao(dbTester.myBatis());
  PermissionDao underTest = new PermissionDao();
  @Test
  public void select_logins_by_query() {
--- a/sonar-db/src/test/java/org/sonar/db/permission/template/GroupWithPermissionTemplateDaoTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/permission/template/GroupWithPermissionTemplateDaoTest.java
 import org.sonar.api.utils.System2;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.permission.GroupWithPermissionDto;
 import org.sonar.db.permission.OldPermissionQuery;
 import org.sonar.db.permission.PermissionQuery;
 import org.sonar.db.user.GroupDbTester;
 import org.sonar.db.user.GroupDto;
 public class GroupWithPermissionTemplateDaoTest {
  private static final long TEMPLATE_ID = 50L;
  @Rule
  public DbTester dbTester = DbTester.create(System2.INSTANCE);
  private DbSession session = dbTester.getSession();
  private GroupDbTester groupDb = new GroupDbTester(dbTester);
  private PermissionTemplateDbTester permissionTemplateDbTester = new PermissionTemplateDbTester(dbTester);
  DbSession session = dbTester.getSession();
  GroupDbTester groupDb = new GroupDbTester(dbTester);
  PermissionTemplateDbTester permissionTemplateDbTester = new PermissionTemplateDbTester(dbTester);
  PermissionTemplateDao underTest = dbTester.getDbClient().permissionTemplateDao();
  @Test
  public void select_groups() {
    dbTester.prepareDbUnit(getClass(), "groups_with_permissions.xml");
    OldPermissionQuery query = OldPermissionQuery.builder().permission("user").build();
    List<GroupWithPermissionDto> result = underTest.selectGroups(session, query, TEMPLATE_ID);
    int count = underTest.countGroups(session, query, TEMPLATE_ID);
    assertThat(result).hasSize(4);
    assertThat(count).isEqualTo(4);
    GroupWithPermissionDto anyone = result.get(0);
    assertThat(anyone.getName()).isEqualTo("Anyone");
    assertThat(anyone.getDescription()).isNull();
    assertThat(anyone.getPermission()).isNotNull();
    GroupWithPermissionDto group1 = result.get(1);
    assertThat(group1.getName()).isEqualTo("sonar-administrators");
    assertThat(group1.getDescription()).isEqualTo("System administrators");
    assertThat(group1.getPermission()).isNotNull();
    GroupWithPermissionDto group2 = result.get(2);
    assertThat(group2.getName()).isEqualTo("sonar-reviewers");
    assertThat(group2.getDescription()).isEqualTo("Reviewers");
    assertThat(group2.getPermission()).isNull();
    GroupWithPermissionDto group3 = result.get(3);
    assertThat(group3.getName()).isEqualTo("sonar-users");
    assertThat(group3.getDescription()).isEqualTo("Any new users created will automatically join this group");
    assertThat(group3.getPermission()).isNotNull();
  }
  @Test
  public void anyone_group_is_returned_when_it_has_no_permission() {
    dbTester.prepareDbUnit(getClass(), "groups_with_permissions.xml");
    // Anyone group is returned even if it doesn't have the permission
    OldPermissionQuery query = OldPermissionQuery.builder().permission(USER).build();
    List<GroupWithPermissionDto> result = underTest.selectGroups(session, query, TEMPLATE_ID);
    assertThat(result).hasSize(4);
    GroupWithPermissionDto group1 = result.get(1);
    assertThat(group1.getName()).isEqualTo("sonar-administrators");
    assertThat(group1.getPermission()).isNotNull();
    GroupWithPermissionDto group2 = result.get(2);
    assertThat(group2.getName()).isEqualTo("sonar-reviewers");
    assertThat(group2.getPermission()).isNull();
    GroupWithPermissionDto group3 = result.get(3);
    assertThat(group3.getName()).isEqualTo("sonar-users");
    assertThat(group3.getPermission()).isNotNull();
  }
  @Test
  public void search_by_groups_name() {
    dbTester.prepareDbUnit(getClass(), "groups_with_permissions.xml");
    List<GroupWithPermissionDto> result = underTest.selectGroups(session, OldPermissionQuery.builder().permission("user").search("aDMini").build(), TEMPLATE_ID);
    assertThat(result).hasSize(1);
    assertThat(result.get(0).getName()).isEqualTo("sonar-administrators");
    result = underTest.selectGroups(session, OldPermissionQuery.builder().permission("user").search("sonar").build(), TEMPLATE_ID);
    assertThat(result).hasSize(3);
  }
  @Test
  public void search_groups_should_be_sorted_by_group_name() {
    dbTester.prepareDbUnit(getClass(), "groups_with_permissions_should_be_sorted_by_group_name.xml");
    List<GroupWithPermissionDto> result = underTest.selectGroups(session, OldPermissionQuery.builder().permission("user").build(), TEMPLATE_ID);
    assertThat(result).hasSize(4);
    assertThat(result.get(0).getName()).isEqualTo("Anyone");
    assertThat(result.get(1).getName()).isEqualTo("sonar-administrators");
    assertThat(result.get(2).getName()).isEqualTo("sonar-reviewers");
    assertThat(result.get(3).getName()).isEqualTo("sonar-users");
  }
  private PermissionTemplateDao underTest = dbTester.getDbClient().permissionTemplateDao();
  @Test
  public void select_group_names_by_query_and_template() {
--- a/sonar-db/src/test/java/org/sonar/db/permission/template/PermissionTemplateDaoTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/permission/template/PermissionTemplateDaoTest.java
  public void should_select_permission_template_by_key() {
    db.prepareDbUnit(getClass(), "selectPermissionTemplate.xml");
    PermissionTemplateDto permissionTemplate = underTest.selectByUuid("my_template_20130102_030405");
    PermissionTemplateDto permissionTemplate = underTest.selectByUuid(dbSession, "my_template_20130102_030405");
    assertThat(permissionTemplate).isNotNull();
    assertThat(permissionTemplate.getId()).isEqualTo(1L);
    db.prepareDbUnit(getClass(), "selectAllPermissionTemplates.xml");
    commit();
    List<PermissionTemplateDto> permissionTemplates = underTest.selectAll();
    List<PermissionTemplateDto> permissionTemplates = underTest.selectAll(dbSession);
    assertThat(permissionTemplates).hasSize(3);
    assertThat(permissionTemplates).extracting("id").containsOnly(1L, 2L, 3L);
  public void should_update_permission_template() {
    db.prepareDbUnit(getClass(), "updatePermissionTemplate.xml");
    underTest.update(1L, "new_name", "new_description", "new_regexp");
    PermissionTemplateDto dto = new PermissionTemplateDto();
    dto.setId(1L);
    dto.setName("new_name");
    dto.setDescription("new_description");
    dto.setKeyPattern("new_regexp");
    underTest.update(dbSession, dto);
    db.assertDbUnitTable(getClass(), "updatePermissionTemplate-result.xml", "permission_templates", "id", "name", "kee", "description");
  }
  public void should_add_user_permission_to_template() {
    db.prepareDbUnit(getClass(), "addUserPermissionToTemplate.xml");
    underTest.insertUserPermission(1L, 1L, "new_permission");
    underTest.insertUserPermission(dbSession, 1L, 1L, "new_permission");
    checkTemplateTables("addUserPermissionToTemplate-result.xml");
  }
  public void should_remove_user_permission_from_template() {
    db.prepareDbUnit(getClass(), "removeUserPermissionFromTemplate.xml");
    underTest.deleteUserPermission(1L, 2L, "permission_to_remove");
    underTest.deleteUserPermission(dbSession, 1L, 2L, "permission_to_remove");
    checkTemplateTables("removeUserPermissionFromTemplate-result.xml");
  }
  public void should_add_group_permission_to_template() {
    db.prepareDbUnit(getClass(), "addGroupPermissionToTemplate.xml");
    underTest.insertGroupPermission(1L, 1L, "new_permission");
    underTest.insertGroupPermission(dbSession, 1L, 1L, "new_permission");
    checkTemplateTables("addGroupPermissionToTemplate-result.xml");
  }
  @Test
  public void should_remove_group_permission_from_template() {
    db.prepareDbUnit(getClass(), "removeGroupPermissionFromTemplate.xml");
    underTest.deleteGroupPermission(1L, 2L, "permission_to_remove");
    checkTemplateTables("removeGroupPermissionFromTemplate-result.xml");
  }
  @Test
  public void remove_by_group() {
    db.prepareDbUnit(getClass(), "remove_by_group.xml");
  public void should_add_group_permission_with_null_name() {
    db.prepareDbUnit(getClass(), "addNullGroupPermissionToTemplate.xml");
    underTest.insertGroupPermission(1L, null, "new_permission");
    underTest.insertGroupPermission(dbSession, 1L, null, "new_permission");
    checkTemplateTables("addNullGroupPermissionToTemplate-result.xml");
  }
  @Test
  public void should_remove_group_permission_with_null_name() {
    db.prepareDbUnit(getClass(), "removeNullGroupPermissionFromTemplate.xml");
    underTest.deleteGroupPermission(1L, null, "permission_to_remove");
    checkTemplateTables("removeNullGroupPermissionFromTemplate-result.xml");
  }
  @Test
  public void new_permission_template_with_empty_user_group_characteristics() {
    PermissionTemplateDto template = underTest.insert(dbSession, newPermissionTemplateDto().setUuid("TEMPLATE_UUID"));
--- a/sonar-db/src/test/resources/org/sonar/db/permission/GroupWithPermissionDaoTest/groups_with_permissions.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/GroupWithPermissionDaoTest/groups_with_permissions.xml
 <dataset>
  <groups id="200" name="sonar-administrators" description="System administrators"/>
  <groups id="201" name="sonar-users" description="Any new users created will automatically join this group"/>
  <groups id="202" name="sonar-reviewers" description="Reviewers"/>
  <!-- Project permissions -->
  <group_roles id="1" group_id="200" resource_id="100" role="user"/>
  <group_roles id="2" group_id="200" resource_id="100" role="admin"/>
  <group_roles id="3" group_id="200" resource_id="100" role="codeviewer"/>
  <group_roles id="4" group_id="201" resource_id="100" role="user"/>
  <!-- Permission 'user' for Anyone group -->
  <group_roles id="5" group_id="[null]" resource_id="100" role="user"/>
  <!-- Global permission -->
  <group_roles id="10" group_id="200" resource_id="[null]" role="admin"/>
 </dataset>
--- a/sonar-db/src/test/resources/org/sonar/db/permission/GroupWithPermissionDaoTest/groups_with_permissions_should_be_sorted_by_group_name.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/GroupWithPermissionDaoTest/groups_with_permissions_should_be_sorted_by_group_name.xml
 <dataset>
  <groups id="200" name="sonar-reviewers" description="Reviewers"/>
  <groups id="201" name="sonar-users" description="Any new users created will automatically join this group"/>
  <groups id="202" name="sonar-administrators" description="System administrators"/>
  <!-- Project permissions -->
  <group_roles id="1" group_id="200" resource_id="100" role="user"/>
  <group_roles id="2" group_id="200" resource_id="100" role="admin"/>
  <group_roles id="3" group_id="200" resource_id="100" role="codeviewer"/>
  <!-- Permission for Anyone group -->
  <group_roles id="4" group_id="[null]" resource_id="100" role="user"/>
 </dataset>
--- a/sonar-db/src/test/resources/org/sonar/db/permission/template/GroupWithPermissionTemplateDaoTest/groups_with_permissions.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/template/GroupWithPermissionTemplateDaoTest/groups_with_permissions.xml
 <dataset>
  <groups id="200" name="sonar-administrators" description="System administrators"/>
  <groups id="201" name="sonar-users" description="Any new users created will automatically join this group"/>
  <groups id="202" name="sonar-reviewers" description="Reviewers"/>
  <perm_templates_groups id="1" group_id="200" permission_reference="user" template_id="50"/>
  <perm_templates_groups id="2" group_id="200" permission_reference="admin" template_id="50"/>
  <perm_templates_groups id="3" group_id="200" permission_reference="codeviewer" template_id="50"/>
  <perm_templates_groups id="4" group_id="201" permission_reference="user" template_id="50"/>
  <!-- Permission 'user' for Anyone group -->
  <perm_templates_groups id="5" group_id="[null]" permission_reference="user" template_id="50"/>
 </dataset>
--- a/sonar-db/src/test/resources/org/sonar/db/permission/template/GroupWithPermissionTemplateDaoTest/groups_with_permissions_should_be_sorted_by_group_name.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/template/GroupWithPermissionTemplateDaoTest/groups_with_permissions_should_be_sorted_by_group_name.xml
 <dataset>
  <groups id="200" name="sonar-reviewers"/>
  <groups id="201" name="sonar-users"/>
  <groups id="202" name="sonar-administrators"/>
  <perm_templates_groups id="1" group_id="200" permission_reference="user" template_id="50"/>
  <perm_templates_groups id="2" group_id="200" permission_reference="admin" template_id="50"/>
  <perm_templates_groups id="3" group_id="200" permission_reference="codeviewer" template_id="50"/>
  <perm_templates_groups id="4" group_id="201" permission_reference="user" template_id="50"/>
  <!-- Permission 'user' for Anyone group -->
  <perm_templates_groups id="5" group_id="[null]" permission_reference="user" template_id="50"/>
 </dataset>
--- a/sonar-db/src/test/resources/org/sonar/db/permission/template/PermissionTemplateDaoTest/removeGroupPermissionFromTemplate-result.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/template/PermissionTemplateDaoTest/removeGroupPermissionFromTemplate-result.xml
 <dataset>
  <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
  <perm_templates_users/>
  <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
  <perm_templates_groups id="3" template_id="1" group_id="2" permission_reference="remaining_permission_same_group"/>
 </dataset>
--- a/sonar-db/src/test/resources/org/sonar/db/permission/template/PermissionTemplateDaoTest/removeGroupPermissionFromTemplate.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/template/PermissionTemplateDaoTest/removeGroupPermissionFromTemplate.xml
 <dataset>
  <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
  <perm_templates_users/>
  <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
  <perm_templates_groups id="2" template_id="1" group_id="2" permission_reference="permission_to_remove"/>
  <perm_templates_groups id="3" template_id="1" group_id="2" permission_reference="remaining_permission_same_group"/>
 </dataset>
--- a/sonar-db/src/test/resources/org/sonar/db/permission/template/PermissionTemplateDaoTest/removeNullGroupPermissionFromTemplate-result.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/template/PermissionTemplateDaoTest/removeNullGroupPermissionFromTemplate-result.xml
 <dataset>
  <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
  <perm_templates_users/>
  <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
  <perm_templates_groups id="3" template_id="1" group_id="[null]"
                         permission_reference="remaining_permission_same_group"/>
 </dataset>
--- a/sonar-db/src/test/resources/org/sonar/db/permission/template/PermissionTemplateDaoTest/removeNullGroupPermissionFromTemplate.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/template/PermissionTemplateDaoTest/removeNullGroupPermissionFromTemplate.xml
 <dataset>
  <permission_templates id="1" name="my template" kee="my_template_20130102_030405" description="my description"/>
  <perm_templates_users/>
  <perm_templates_groups id="1" template_id="1" group_id="1" permission_reference="remaining_permission_other_group"/>
  <perm_templates_groups id="2" template_id="1" group_id="[null]" permission_reference="permission_to_remove"/>
  <perm_templates_groups id="3" template_id="1" group_id="[null]"
                         permission_reference="remaining_permission_same_group"/>
 </dataset>