7 jaren geleden · ed1aa9d75e
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDao.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDao.java
@@ -44,16 +44,16 @@ public class GroupPermissionDao implements Dao {
   * The virtual group "Anyone" may be returned as the value {@link DefaultGroups#ANYONE}.
   * @return group names, sorted in alphabetical order
   */
  public List<String> selectGroupNamesByQuery(DbSession dbSession, String organizationUuid, PermissionQuery query) {
    return mapper(dbSession).selectGroupNamesByQuery(organizationUuid, query, new RowBounds(query.getPageOffset(), query.getPageSize()));
  public List<String> selectGroupNamesByQuery(DbSession dbSession, PermissionQuery query) {
    return mapper(dbSession).selectGroupNamesByQuery(query, new RowBounds(query.getPageOffset(), query.getPageSize()));
  }

  /**
   * Count the number of groups returned by {@link #selectGroupNamesByQuery(DbSession, String, PermissionQuery)},
   * Count the number of groups returned by {@link #selectGroupNamesByQuery(DbSession, PermissionQuery)},
   * without applying pagination.
   */
  public int countGroupsByQuery(DbSession dbSession, String organizationUuid, PermissionQuery query) {
    return mapper(dbSession).countGroupsByQuery(organizationUuid, query);
  public int countGroupsByQuery(DbSession dbSession, PermissionQuery query) {
    return mapper(dbSession).countGroupsByQuery(query);
  }

  /**
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionMapper.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionMapper.java
@@ -28,10 +28,9 @@ import org.apache.ibatis.session.RowBounds;

 public interface GroupPermissionMapper {

  List<String> selectGroupNamesByQuery(@Param("organizationUuid") String organizationUuid,
    @Param("query") PermissionQuery query, RowBounds rowBounds);
  List<String> selectGroupNamesByQuery(@Param("query") PermissionQuery query, RowBounds rowBounds);

  int countGroupsByQuery(@Param("organizationUuid") String organizationUuid, @Param("query") PermissionQuery query);
  int countGroupsByQuery(@Param("query") PermissionQuery query);

  List<GroupPermissionDto> selectByGroupIds(@Param("organizationUuid") String organizationUuid,
    @Param("groupIds") List<Integer> groupIds, @Nullable @Param("projectId") Long projectId);
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/PermissionQuery.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/PermissionQuery.java
@@ -27,6 +27,7 @@ import org.sonar.db.WildcardPosition;

 import static com.google.common.base.MoreObjects.firstNonNull;
 import static com.google.common.base.Preconditions.checkArgument;
 import static java.util.Objects.requireNonNull;
 import static org.apache.commons.lang.StringUtils.defaultIfBlank;
 import static org.sonar.api.utils.Paging.offset;
 import static org.sonar.db.DaoDatabaseUtils.buildLikeValue;
@@ -41,9 +42,11 @@ public class PermissionQuery {
  public static final int DEFAULT_PAGE_SIZE = 20;
  public static final int DEFAULT_PAGE_INDEX = 1;

  // filter: return only the users or groups that are members of the organization
  private final String organizationUuid;
  // filter: return only the users or groups who have this permission
  private final String permission;
  // filter on project, else filter global permissions
  // filter on project, else filter org permissions
  private final String componentUuid;
  private final String template;

@@ -60,6 +63,7 @@ public class PermissionQuery {
  private final int pageOffset;

  private PermissionQuery(Builder builder) {
    this.organizationUuid = builder.organizationUuid;
    this.permission = builder.permission;
    this.withAtLeastOnePermission = builder.withAtLeastOnePermission;
    this.componentUuid = builder.componentUuid;
@@ -71,6 +75,10 @@ public class PermissionQuery {
    this.pageOffset = offset(builder.pageIndex, builder.pageSize);
  }

  public String getOrganizationUuid() {
    return organizationUuid;
  }

  @CheckForNull
  public String getPermission() {
    return permission;
@@ -120,6 +128,7 @@ public class PermissionQuery {

  public static class Builder {
    private String permission;
    private String organizationUuid;
    private String componentUuid;
    private String template;
    private String searchQuery;
@@ -148,6 +157,11 @@ public class PermissionQuery {
      return this;
    }

    public Builder setOrganizationUuid(String organizationUuid) {
      this.organizationUuid = organizationUuid;
      return this;
    }

    public Builder setSearchQuery(@Nullable String s) {
      this.searchQuery = defaultIfBlank(s, null);
      return this;
@@ -169,6 +183,7 @@ public class PermissionQuery {
    }

    public PermissionQuery build() {
      this.organizationUuid = requireNonNull(organizationUuid, "Organization UUID cannot be null");
      this.pageIndex = firstNonNull(pageIndex, DEFAULT_PAGE_INDEX);
      this.pageSize = firstNonNull(pageSize, DEFAULT_PAGE_SIZE);
      checkArgument(searchQuery == null || searchQuery.length() >= SEARCH_QUERY_MIN_LENGTH, "Search query should contains at least %s characters", SEARCH_QUERY_MIN_LENGTH);
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/UserPermissionDao.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/UserPermissionDao.java
@@ -37,12 +37,11 @@ public class UserPermissionDao implements Dao {

  /**
   * List of user permissions ordered by alphabetical order of user names
   *
   * @param query non-null query including optional filters.
   *  @param query non-null query including optional filters.
   * @param userLogins if null, then filter on all active users. If not null, then filter on logins, including disabled users.
   *                   Must not be empty. If not null then maximum size is {@link org.sonar.db.DatabaseUtils#PARTITION_SIZE_FOR_ORACLE}.
   *                   Must not be empty. If not null then maximum size is {@link DatabaseUtils#PARTITION_SIZE_FOR_ORACLE}.
   */
  public List<UserPermissionDto> select(DbSession dbSession, String organizationUuid, PermissionQuery query, @Nullable Collection<String> userLogins) {
  public List<UserPermissionDto> select(DbSession dbSession, PermissionQuery query, @Nullable Collection<String> userLogins) {
    if (userLogins != null) {
      if (userLogins.isEmpty()) {
        return emptyList();
@@ -51,15 +50,15 @@ public class UserPermissionDao implements Dao {
    }

    RowBounds rowBounds = new RowBounds(query.getPageOffset(), query.getPageSize());
    return mapper(dbSession).selectByQuery(organizationUuid, query, userLogins, rowBounds);
    return mapper(dbSession).selectByQuery(query, userLogins, rowBounds);
  }

  /**
   * Shortcut over {@link #select(DbSession, String, PermissionQuery, Collection)} to return only distinct user
   * Shortcut over {@link #select(DbSession, PermissionQuery, Collection)} to return only distinct user
   * ids, keeping the same order.
   */
  public List<Integer> selectUserIds(DbSession dbSession, String organizationUuid, PermissionQuery query) {
    List<UserPermissionDto> dtos = select(dbSession, organizationUuid, query, null);
  public List<Integer> selectUserIds(DbSession dbSession, PermissionQuery query) {
    List<UserPermissionDto> dtos = select(dbSession, query, null);
    return dtos.stream()
      .map(UserPermissionDto::getUserId)
      .distinct()
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/UserPermissionMapper.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/UserPermissionMapper.java
@@ -27,15 +27,14 @@ import org.apache.ibatis.session.RowBounds;

 public interface UserPermissionMapper {

  List<UserPermissionDto> selectByQuery(@Param("organizationUuid") String organizationUuid,
    @Param("query") PermissionQuery query, @Nullable @Param("userLogins") Collection<String> userLogins, RowBounds rowBounds);
  List<UserPermissionDto> selectByQuery(@Param("query") PermissionQuery query, @Nullable @Param("userLogins") Collection<String> userLogins, RowBounds rowBounds);

  /**
   * Count the number of distinct users returned by {@link #selectByQuery(String, PermissionQuery, Collection, RowBounds)}
   * Count the number of distinct users returned by {@link #selectByQuery(PermissionQuery, Collection, RowBounds)}
   * {@link PermissionQuery#getPageOffset()} and {@link PermissionQuery#getPageSize()} are ignored.
   *
   * @param useNull must always be null. It is needed for using the sql of 
   * {@link #selectByQuery(String, PermissionQuery, Collection, RowBounds)}
   * {@link #selectByQuery(PermissionQuery, Collection, RowBounds)}
   */
  int countUsersByQuery(@Param("organizationUuid") String organizationUuid, @Param("query") PermissionQuery query,
    @Nullable @Param("userLogins") Collection<String> useNull);
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java
@@ -69,8 +69,8 @@ public class PermissionTemplateDao implements Dao {
    return mapper(dbSession).selectUserPermissionsByTemplateIdAndUserLogins(templateId, Collections.emptyList());
  }

  public List<String> selectGroupNamesByQueryAndTemplate(DbSession session, PermissionQuery query, String organizationUuid, long templateId) {
    return mapper(session).selectGroupNamesByQueryAndTemplate(organizationUuid, templateId, query, new RowBounds(query.getPageOffset(), query.getPageSize()));
  public List<String> selectGroupNamesByQueryAndTemplate(DbSession session, PermissionQuery query, long templateId) {
    return mapper(session).selectGroupNamesByQueryAndTemplate(templateId, query, new RowBounds(query.getPageOffset(), query.getPageSize()));
  }

  public int countGroupNamesByQueryAndTemplate(DbSession session, PermissionQuery query, String organizationUuid, long templateId) {
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateMapper.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateMapper.java
@@ -72,8 +72,7 @@ public interface PermissionTemplateMapper {

  int countUserLoginsByQueryAndTemplate(@Param("query") PermissionQuery query, @Param("templateId") long templateId);

  List<String> selectGroupNamesByQueryAndTemplate(@Param("organizationUuid") String organizationUuid,
    @Param("templateId") long templateId, @Param("query") PermissionQuery query, RowBounds rowBounds);
  List<String> selectGroupNamesByQueryAndTemplate(@Param("templateId") long templateId, @Param("query") PermissionQuery query, RowBounds rowBounds);

  int countGroupNamesByQueryAndTemplate(@Param("organizationUuid") String organizationUuid, @Param("query") PermissionQuery query, @Param("templateId") long templateId);

--- a/server/sonar-db-dao/src/main/resources/org/sonar/db/permission/GroupPermissionMapper.xml
+++ b/server/sonar-db-dao/src/main/resources/org/sonar/db/permission/GroupPermissionMapper.xml
@@ -43,7 +43,7 @@
      from groups g
      left join group_roles gr on g.id = gr.group_id
      where
      g.organization_uuid = #{organizationUuid,jdbcType=VARCHAR}
      g.organization_uuid = #{query.organizationUuid,jdbcType=VARCHAR}

    union all

@@ -51,7 +51,7 @@
    from group_roles gr
    <if test="query.withAtLeastOnePermission()">
      where
      gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and
      gr.organization_uuid = #{query.organizationUuid,jdbcType=VARCHAR} and
      gr.group_id is null
    </if>

--- a/server/sonar-db-dao/src/main/resources/org/sonar/db/permission/UserPermissionMapper.xml
+++ b/server/sonar-db-dao/src/main/resources/org/sonar/db/permission/UserPermissionMapper.xml
@@ -22,6 +22,7 @@
    from users u
    left join user_roles ur on ur.user_id = u.id
    left join projects p on ur.resource_id = p.id
    inner join organization_members om on u.id=om.user_id and om.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR}
    <where>
      <if test="userLogins == null">
        and u.active = ${_true}
@@ -38,7 +39,7 @@
      </if>
      <!-- filter rows with user permissions -->
      <if test="query.withAtLeastOnePermission()">
        and ur.organization_uuid = #{organizationUuid,jdbcType=VARCHAR}
        and ur.organization_uuid = #{query.organizationUuid,jdbcType=VARCHAR}
        and ur.role is not null
        <if test="query.componentUuid==null">
          and ur.resource_id is null
--- a/server/sonar-db-dao/src/main/resources/org/sonar/db/permission/template/PermissionTemplateMapper.xml
+++ b/server/sonar-db-dao/src/main/resources/org/sonar/db/permission/template/PermissionTemplateMapper.xml
@@ -135,6 +135,7 @@
  <sql id="userLoginsByQueryAndTemplate">
    FROM users u
    LEFT JOIN perm_templates_users ptu ON ptu.user_id=u.id AND ptu.template_id=#{templateId}
    INNER JOIN organization_members om ON u.id=om.user_id AND om.organization_uuid=#{query.organizationUuid}
    <where>
      u.active = ${_true}
      <if test="query.getSearchQueryToSql() != null">
@@ -173,7 +174,7 @@
    LEFT JOIN perm_templates_groups ptg ON
      ptg.group_id=g.id
    where
      g.organization_uuid=#{organizationUuid,jdbcType=VARCHAR}
      g.organization_uuid=#{query.organizationUuid,jdbcType=VARCHAR}
    UNION ALL
    SELECT
      0 AS group_id,
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/DbTester.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/DbTester.java
@@ -158,6 +158,10 @@ public class DbTester extends AbstractDbTester<TestDb> {
    }
  }

  public boolean hasDefaultOrganization() {
    return defaultOrganization != null;
  }

  public OrganizationDto getDefaultOrganization() {
    checkState(defaultOrganization != null, "Default organization has not been created");
    return defaultOrganization;
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/GroupPermissionDaoTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/GroupPermissionDaoTest.java
@@ -103,7 +103,7 @@ public class GroupPermissionDaoTest {
    GroupDto group1 = db.users().insertGroup(organizationDto, "Group-1");
    db.users().insertPermissionOnAnyone(organizationDto, SCAN);

    assertThat(underTest.selectGroupNamesByQuery(dbSession, organizationDto.getUuid(), PermissionQuery.builder().build()))
    assertThat(underTest.selectGroupNamesByQuery(dbSession, newQuery().setOrganizationUuid(organizationDto.getUuid()).build()))
      .containsExactly(ANYONE, group1.getName(), group2.getName(), group3.getName());
  }

@@ -117,15 +117,15 @@ public class GroupPermissionDaoTest {
    db.users().insertPermissionOnGroup(group1, PROVISION_PROJECTS);

    assertThat(underTest.countGroupsByQuery(dbSession,
      defaultOrganizationUuid, PermissionQuery.builder().build())).isEqualTo(4);
      newQuery().build())).isEqualTo(4);
    assertThat(underTest.countGroupsByQuery(dbSession,
      defaultOrganizationUuid, PermissionQuery.builder().setPermission(PROVISION_PROJECTS.getKey()).build())).isEqualTo(1);
      newQuery().setPermission(PROVISION_PROJECTS.getKey()).build())).isEqualTo(1);
    assertThat(underTest.countGroupsByQuery(dbSession,
      defaultOrganizationUuid, PermissionQuery.builder().withAtLeastOnePermission().build())).isEqualTo(2);
      newQuery().withAtLeastOnePermission().build())).isEqualTo(2);
    assertThat(underTest.countGroupsByQuery(dbSession,
      defaultOrganizationUuid, PermissionQuery.builder().setSearchQuery("Group-").build())).isEqualTo(3);
      newQuery().setSearchQuery("Group-").build())).isEqualTo(3);
    assertThat(underTest.countGroupsByQuery(dbSession,
      defaultOrganizationUuid, PermissionQuery.builder().setSearchQuery("Any").build())).isEqualTo(1);
      newQuery().setSearchQuery("Any").build())).isEqualTo(1);
  }

  @Test
@@ -144,13 +144,13 @@ public class GroupPermissionDaoTest {
    db.users().insertProjectPermissionOnGroup(group2, UserRole.ADMIN, project);

    assertThat(underTest.selectGroupNamesByQuery(dbSession,
      organizationDto.getUuid(), PermissionQuery.builder().setPermission(SCAN.getKey()).build())).containsExactly(ANYONE, group1.getName());
      newQuery().setOrganizationUuid(organizationDto.getUuid()).setPermission(SCAN.getKey()).build())).containsExactly(ANYONE, group1.getName());

    assertThat(underTest.selectGroupNamesByQuery(dbSession,
      organizationDto.getUuid(), PermissionQuery.builder().setPermission(ADMINISTER.getKey()).build())).containsExactly(group3.getName());
      newQuery().setOrganizationUuid(organizationDto.getUuid()).setPermission(ADMINISTER.getKey()).build())).containsExactly(group3.getName());

    assertThat(underTest.selectGroupNamesByQuery(dbSession,
      organizationDto.getUuid(), PermissionQuery.builder().setPermission(PROVISION_PROJECTS.getKey()).build())).containsExactly(ANYONE);
      newQuery().setOrganizationUuid(organizationDto.getUuid()).setPermission(PROVISION_PROJECTS.getKey()).build())).containsExactly(ANYONE);
  }

  @Test
@@ -171,13 +171,13 @@ public class GroupPermissionDaoTest {
    db.users().insertProjectPermissionOnGroup(group3, SCAN_EXECUTION, anotherProject);
    db.users().insertPermissionOnGroup(group2, SCAN);

    PermissionQuery.Builder builderOnComponent = PermissionQuery.builder().setComponentUuid(project.uuid());
    PermissionQuery.Builder builderOnComponent = newQuery().setComponentUuid(project.uuid());
    assertThat(underTest.selectGroupNamesByQuery(dbSession,
      defaultOrganizationUuid, builderOnComponent.withAtLeastOnePermission().build())).containsOnlyOnce(group1.getName());
      builderOnComponent.withAtLeastOnePermission().build())).containsOnlyOnce(group1.getName());
    assertThat(underTest.selectGroupNamesByQuery(dbSession,
      defaultOrganizationUuid, builderOnComponent.setPermission(SCAN_EXECUTION).build())).containsOnlyOnce(group1.getName());
      builderOnComponent.setPermission(SCAN_EXECUTION).build())).containsOnlyOnce(group1.getName());
    assertThat(underTest.selectGroupNamesByQuery(dbSession,
      defaultOrganizationUuid, builderOnComponent.setPermission(USER).build())).containsOnlyOnce(ANYONE);
      builderOnComponent.setPermission(USER).build())).containsOnlyOnce(ANYONE);
  }

  @Test
@@ -185,7 +185,7 @@ public class GroupPermissionDaoTest {
    IntStream.rangeClosed(0, 9).forEach(i -> db.users().insertGroup(db.getDefaultOrganization(), i + "-name"));

    List<String> groupNames = underTest.selectGroupNamesByQuery(dbSession,
      defaultOrganizationUuid, PermissionQuery.builder().setPageIndex(2).setPageSize(3).build());
      newQuery().setPageIndex(2).setPageSize(3).build());
    assertThat(groupNames).containsExactly("3-name", "4-name", "5-name");
  }

@@ -196,7 +196,7 @@ public class GroupPermissionDaoTest {
    db.users().insertPermissionOnGroup(group, SCAN);

    assertThat(underTest.selectGroupNamesByQuery(dbSession,
      defaultOrganizationUuid, PermissionQuery.builder().setSearchQuery("any").build())).containsOnlyOnce(ANYONE, group.getName());
      newQuery().setSearchQuery("any").build())).containsOnlyOnce(ANYONE, group.getName());
  }

  @Test
@@ -204,7 +204,7 @@ public class GroupPermissionDaoTest {
    GroupDto group = db.users().insertGroup();

    assertThat(underTest.selectGroupNamesByQuery(dbSession,
      defaultOrganizationUuid, PermissionQuery.builder().build()))
      newQuery().build()))
        .doesNotContain(ANYONE)
        .containsExactly(group.getName());
  }
@@ -461,6 +461,10 @@ public class GroupPermissionDaoTest {
    verifyOrganizationUuidsInTable();
  }

  private PermissionQuery.Builder newQuery() {
    return PermissionQuery.builder().setOrganizationUuid(db.getDefaultOrganization().getUuid());
  }

  private void verifyOrganizationUuidsInTable(String... organizationUuids) {
    assertThat(db.select("select distinct organization_uuid as \"organizationUuid\" from group_roles"))
      .extracting((row) -> (String) row.get("organizationUuid"))
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/UserPermissionDaoTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/UserPermissionDaoTest.java
@@ -68,7 +68,9 @@ public class UserPermissionDaoTest {
    organizationDto = dbTester.organizations().insert();
    project1 = dbTester.components().insertProject(organizationDto);
    project2 = dbTester.components().insertProject(organizationDto);
    dbTester.commit();
    dbTester.organizations().addMember(organizationDto, user1);
    dbTester.organizations().addMember(organizationDto, user2);
    dbTester.organizations().addMember(organizationDto, user3);
  }

  @Test
@@ -81,70 +83,72 @@ public class UserPermissionDaoTest {
    // permissions on another organization, to be excluded
    UserPermissionDto org2Global1 = addGlobalPermission(org2, SYSTEM_ADMIN, user1);
    UserPermissionDto org2Global2 = addGlobalPermission(org2, PROVISIONING, user2);
    dbTester.organizations().addMember(org2, user1);
    dbTester.organizations().addMember(org2, user2);

    // global permissions of users who has at least one global permission, ordered by user name then permission
    PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().build();
    PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().build();
    expectPermissions(organizationDto, query, null, global2, global3, global1);

    // default query returns all users, whatever their permissions nor organizations
    // (that's a non-sense, but still this is required for api/permissions/groups
    // when filtering users by name)
    query = PermissionQuery.builder().build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).build();
    expectPermissions(organizationDto, query, null, global2, global3, org2Global2, global1, org2Global1, project1Perm);

    // return empty list if non-null but empty logins
    expectPermissions(organizationDto, query, Collections.emptyList());

    // global permissions of user1
    query = PermissionQuery.builder().withAtLeastOnePermission().build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().build();
    expectPermissions(organizationDto, query, asList(user1.getLogin()), global1);

    // global permissions of user2
    query = PermissionQuery.builder().withAtLeastOnePermission().build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().build();
    expectPermissions(organizationDto, query, asList(user2.getLogin()), global2, global3);

    // global permissions of user1, user2 and another one
    query = PermissionQuery.builder().withAtLeastOnePermission().build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().build();
    expectPermissions(organizationDto, query, asList(user1.getLogin(), user2.getLogin(), "missing"), global2, global3, global1);

    // empty global permissions if login does not exist
    query = PermissionQuery.builder().withAtLeastOnePermission().build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().build();
    expectPermissions(organizationDto, query, asList("missing"));

    // empty global permissions if user does not have any
    query = PermissionQuery.builder().withAtLeastOnePermission().build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().build();
    expectPermissions(organizationDto, query, asList(user3.getLogin()));

    // user3 has no global permissions
    query = PermissionQuery.builder().withAtLeastOnePermission().build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().build();
    expectPermissions(organizationDto, query, asList(user3.getLogin()));

    // global permissions "admin"
    query = PermissionQuery.builder().setPermission(SYSTEM_ADMIN).build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).setPermission(SYSTEM_ADMIN).build();
    expectPermissions(organizationDto, query, null, global2, global1);

    // empty if nobody has the specified global permission
    query = PermissionQuery.builder().setPermission("missing").build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).setPermission("missing").build();
    expectPermissions(organizationDto, query, null);

    // search by user name (matches 2 users)
    query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("mari").build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().setSearchQuery("mari").build();
    expectPermissions(organizationDto, query, null, global2, global3, global1);

    // search by user login
    query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("ogin2").build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().setSearchQuery("ogin2").build();
    expectPermissions(organizationDto, query, null, global2, global3);

    // search by user email
    query = PermissionQuery.builder().withAtLeastOnePermission().setSearchQuery("mail2").build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().setSearchQuery("mail2").build();
    expectPermissions(organizationDto, query, null, global2, global3);

    // search by user name (matches 2 users) and global permission
    query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(PROVISIONING).build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).setSearchQuery("Mari").setPermission(PROVISIONING).build();
    expectPermissions(organizationDto, query, null, global3);

    // search by user name (no match)
    query = PermissionQuery.builder().setSearchQuery("Unknown").build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).setSearchQuery("Unknown").build();
    expectPermissions(organizationDto, query, null);
  }

@@ -157,47 +161,47 @@ public class UserPermissionDaoTest {
    addProjectPermission(organizationDto, ISSUE_ADMIN, user3, project2);

    // project permissions of users who has at least one permission on this project
    PermissionQuery query = PermissionQuery.builder().withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    expectPermissions(organizationDto, query, null, perm3, perm2, perm1);

    // project permissions of user1
    query = PermissionQuery.builder().withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    expectPermissions(organizationDto, query, asList(user1.getLogin()), perm2, perm1);

    // project permissions of user2
    query = PermissionQuery.builder().withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    expectPermissions(organizationDto, query, asList(user2.getLogin()), perm3);

    // project permissions of user2 and another one
    query = PermissionQuery.builder().withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    expectPermissions(organizationDto, query, asList(user2.getLogin(), "missing"), perm3);

    // empty project permissions if login does not exist
    query = PermissionQuery.builder().withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    expectPermissions(organizationDto, query, asList("missing"));

    // empty project permissions if user does not have any
    query = PermissionQuery.builder().withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    expectPermissions(organizationDto, query, asList(user3.getLogin()));

    // empty if nobody has the specified global permission
    query = PermissionQuery.builder().setPermission("missing").setComponentUuid(project1.uuid()).build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).setPermission("missing").setComponentUuid(project1.uuid()).build();
    expectPermissions(organizationDto, query, null);

    // search by user name (matches 2 users), users with at least one permission
    query = PermissionQuery.builder().setSearchQuery("Mari").withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).setSearchQuery("Mari").withAtLeastOnePermission().setComponentUuid(project1.uuid()).build();
    expectPermissions(organizationDto, query, null, perm3, perm2, perm1);

    // search by user name (matches 2 users) and project permission
    query = PermissionQuery.builder().setSearchQuery("Mari").setPermission(ISSUE_ADMIN).setComponentUuid(project1.uuid()).build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).setSearchQuery("Mari").setPermission(ISSUE_ADMIN).setComponentUuid(project1.uuid()).build();
    expectPermissions(organizationDto, query, null, perm3, perm2);

    // search by user name (no match)
    query = PermissionQuery.builder().setSearchQuery("Unknown").setComponentUuid(project1.uuid()).build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).setSearchQuery("Unknown").setComponentUuid(project1.uuid()).build();
    expectPermissions(organizationDto, query, null);

    // permissions of unknown project
    query = PermissionQuery.builder().setComponentUuid("missing").withAtLeastOnePermission().build();
    query = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).setComponentUuid("missing").withAtLeastOnePermission().build();
    expectPermissions(organizationDto, query, null);
  }

@@ -237,30 +241,36 @@ public class UserPermissionDaoTest {
    addProjectPermission(org1, ISSUE_ADMIN, user2, project1);
    addProjectPermission(org2, ISSUE_ADMIN, user2, project2);

    addOrganizationMember(org1, user1);
    addOrganizationMember(org1, user2);
    addOrganizationMember(org2, user1);
    addOrganizationMember(org2, user2);

    // logins are ordered by user name: user2 ("Marie") then user1 ("Marius")
    PermissionQuery query = PermissionQuery.builder().setComponentUuid(project1.uuid()).withAtLeastOnePermission().build();
    assertThat(underTest.selectUserIds(dbSession, org1.getUuid(), query)).containsExactly(user2.getId(), user1.getId());
    assertThat(underTest.selectUserIds(dbSession, "otherOrg", query)).isEmpty();
    PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(project1.getOrganizationUuid()).setComponentUuid(project1.uuid()).withAtLeastOnePermission().build();
    assertThat(underTest.selectUserIds(dbSession, query)).containsExactly(user2.getId(), user1.getId());
    query = PermissionQuery.builder().setOrganizationUuid("anotherOrg").setComponentUuid(project1.uuid()).withAtLeastOnePermission().build();
    assertThat(underTest.selectUserIds(dbSession, query)).isEmpty();

    // on a project without permissions
    query = PermissionQuery.builder().setComponentUuid("missing").withAtLeastOnePermission().build();
    assertThat(underTest.selectUserIds(dbSession, org1.getUuid(), query)).isEmpty();
    query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setComponentUuid("missing").withAtLeastOnePermission().build();
    assertThat(underTest.selectUserIds(dbSession, query)).isEmpty();

    // search all users whose name matches "mar", whatever the permissions
    query = PermissionQuery.builder().setSearchQuery("mar").build();
    assertThat(underTest.selectUserIds(dbSession, org1.getUuid(), query)).containsExactly(user2.getId(), user1.getId());
    query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setSearchQuery("mar").build();
    assertThat(underTest.selectUserIds(dbSession, query)).containsExactly(user2.getId(), user1.getId());

    // search all users whose name matches "mariu", whatever the permissions
    query = PermissionQuery.builder().setSearchQuery("mariu").build();
    assertThat(underTest.selectUserIds(dbSession, org1.getUuid(), query)).containsExactly(user1.getId());
    query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setSearchQuery("mariu").build();
    assertThat(underTest.selectUserIds(dbSession, query)).containsExactly(user1.getId());

    // search all users whose name matches "mariu", whatever the permissions
    query = PermissionQuery.builder().setSearchQuery("mariu").setComponentUuid(project1.uuid()).build();
    assertThat(underTest.selectUserIds(dbSession, org1.getUuid(), query)).containsExactly(user1.getId());
    query = PermissionQuery.builder().setOrganizationUuid(org1.getUuid()).setSearchQuery("mariu").setComponentUuid(project1.uuid()).build();
    assertThat(underTest.selectUserIds(dbSession, query)).containsExactly(user1.getId());

    // search all users whose name matches "mariu", whatever the organization
    query = PermissionQuery.builder().setSearchQuery("mariu").build();
    assertThat(underTest.selectUserIds(dbSession, "missingOrg", query)).containsExactly(user1.getId());
    query = PermissionQuery.builder().setOrganizationUuid("missingOrg").setSearchQuery("mariu").build();
    assertThat(underTest.selectUserIds(dbSession, query)).isEmpty();
  }

  @Test
@@ -444,7 +454,7 @@ public class UserPermissionDaoTest {

  private void expectPermissions(OrganizationDto org, PermissionQuery query, @Nullable Collection<String> logins, UserPermissionDto... expected) {
    // test method "select()"
    List<UserPermissionDto> permissions = underTest.select(dbSession, org.getUuid(), query, logins);
    List<UserPermissionDto> permissions = underTest.select(dbSession, query, logins);
    assertThat(permissions).hasSize(expected.length);
    for (int i = 0; i < expected.length; i++) {
      UserPermissionDto got = permissions.get(i);
@@ -475,6 +485,10 @@ public class UserPermissionDaoTest {
    return dto;
  }

  private void addOrganizationMember(OrganizationDto org, UserDto user) {
    dbTester.organizations().addMember(org, user);
  }

  private void assertThatProjectPermissionDoesNotExist(UserDto user, String permission, ComponentDto project) {
    assertThat(dbTester.countSql(dbSession, "select count(id) from user_roles where role='" + permission + "' and user_id=" + user.getId() + " and resource_id=" + project.getId()))
      .isEqualTo(0);
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/GroupWithPermissionTemplateDaoTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/GroupWithPermissionTemplateDaoTest.java
@@ -80,7 +80,7 @@ public class GroupWithPermissionTemplateDaoTest {
    assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("p-2"), organization, template))
      .containsOnly("Group-2");

    assertThat(selectGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission().build(), organization, 123L))
    assertThat(selectGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().build(), organization, 123L))
      .isEmpty();
    assertThat(selectGroupNamesByQueryAndTemplate(builder().setSearchQuery("unknown"), organization, template))
      .isEmpty();
@@ -142,23 +142,23 @@ public class GroupWithPermissionTemplateDaoTest {
    permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getId(), null, USER);
    permissionTemplateDbTester.addGroupToTemplate(anotherTemplate.getId(), group1.getId(), PROVISIONING);

    assertThat(countGroupNamesByQueryAndTemplate(builder(), organization, template))
    assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()), organization, template))
      .isEqualTo(4);
    assertThat(countGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission(), organization, template))
    assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission(), organization, template))
      .isEqualTo(2);
    assertThat(countGroupNamesByQueryAndTemplate(builder().setPermission(USER), organization, template)).isEqualTo(1);
    assertThat(countGroupNamesByQueryAndTemplate(builder().setPermission(USER), organization, anotherTemplate))
    assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setPermission(USER), organization, template)).isEqualTo(1);
    assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setPermission(USER), organization, anotherTemplate))
      .isEqualTo(1);
    assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("groU"), organization, template))
    assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("groU"), organization, template))
      .isEqualTo(3);
    assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("nYo"), organization, template))
    assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("nYo"), organization, template))
      .isEqualTo(1);
    assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("p-2"), organization, template))
    assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("p-2"), organization, template))
      .isEqualTo(1);

    assertThat(countGroupNamesByQueryAndTemplate(builder().withAtLeastOnePermission().build(), organization, 123L))
    assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).withAtLeastOnePermission().build(), organization, 123L))
      .isZero();
    assertThat(countGroupNamesByQueryAndTemplate(builder().setSearchQuery("unknown"), organization, template))
    assertThat(countGroupNamesByQueryAndTemplate(builder().setOrganizationUuid(organization.getUuid()).setSearchQuery("unknown"), organization, template))
      .isZero();
  }

@@ -229,11 +229,11 @@ public class GroupWithPermissionTemplateDaoTest {
  }

  private List<String> selectGroupNamesByQueryAndTemplate(PermissionQuery.Builder queryBuilder, OrganizationDto organization, PermissionTemplateDto permissionTemplateDto) {
    return selectGroupNamesByQueryAndTemplate(queryBuilder.build(), organization, permissionTemplateDto.getId());
    return selectGroupNamesByQueryAndTemplate(queryBuilder.setOrganizationUuid(organization.getUuid()).build(), organization, permissionTemplateDto.getId());
  }

  private List<String> selectGroupNamesByQueryAndTemplate(PermissionQuery query, OrganizationDto organization, long templateId) {
    return underTest.selectGroupNamesByQueryAndTemplate(session, query, organization.getUuid(), templateId);
    return underTest.selectGroupNamesByQueryAndTemplate(session, query, templateId);
  }

  private int countGroupNamesByQueryAndTemplate(PermissionQuery.Builder queryBuilder, OrganizationDto organization, PermissionTemplateDto permissionTemplateDto) {
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/UserWithPermissionTemplateDaoTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/template/UserWithPermissionTemplateDaoTest.java
@@ -27,6 +27,7 @@ import org.sonar.api.utils.System2;
 import org.sonar.api.web.UserRole;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.permission.PermissionQuery;

 import static java.util.Arrays.asList;
 import static java.util.Collections.singletonList;
@@ -41,16 +42,16 @@ public class UserWithPermissionTemplateDaoTest {
  @Rule
  public DbTester dbTester = DbTester.create(System2.INSTANCE);

  DbSession dbSession = dbTester.getSession();
  private DbSession dbSession = dbTester.getSession();

  PermissionTemplateDao dao = dbTester.getDbClient().permissionTemplateDao();
  private PermissionTemplateDao underTest = dbTester.getDbClient().permissionTemplateDao();

  @Test
  public void select_logins() {
    dbTester.prepareDbUnit(getClass(), "users_with_permissions.xml");

    assertThat(dao.selectUserLoginsByQueryAndTemplate(dbSession, builder().build(), TEMPLATE_ID)).containsOnly("user1", "user2", "user3");
    assertThat(dao.selectUserLoginsByQueryAndTemplate(dbSession, builder().withAtLeastOnePermission().setPermission("user").build(),
    assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, newQuery().build(), TEMPLATE_ID)).containsOnly("user1", "user2", "user3");
    assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, newQuery().withAtLeastOnePermission().setPermission("user").build(),
      TEMPLATE_ID)).containsOnly("user1", "user2");
  }

@@ -58,16 +59,16 @@ public class UserWithPermissionTemplateDaoTest {
  public void return_no_logins_on_unknown_template_key() {
    dbTester.prepareDbUnit(getClass(), "users_with_permissions.xml");

    assertThat(dao.selectUserLoginsByQueryAndTemplate(dbSession, builder().setPermission("user").withAtLeastOnePermission().build(), 999L)).isEmpty();
    assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, newQuery().setPermission("user").withAtLeastOnePermission().build(), 999L)).isEmpty();
  }

  @Test
  public void select_only_logins_with_permission() {
    dbTester.prepareDbUnit(getClass(), "users_with_permissions.xml");

    assertThat(dao.selectUserLoginsByQueryAndTemplate(
    assertThat(underTest.selectUserLoginsByQueryAndTemplate(
      dbSession,
      builder().setPermission("user").withAtLeastOnePermission().build(),
      newQuery().setPermission("user").withAtLeastOnePermission().build(),
      TEMPLATE_ID)).containsOnly("user1", "user2");
  }

@@ -75,7 +76,7 @@ public class UserWithPermissionTemplateDaoTest {
  public void select_only_enable_users() {
    dbTester.prepareDbUnit(getClass(), "select_only_enable_users.xml");

    List<String> result = dao.selectUserLoginsByQueryAndTemplate(dbSession, builder().setPermission("user").build(), TEMPLATE_ID);
    List<String> result = underTest.selectUserLoginsByQueryAndTemplate(dbSession, newQuery().setPermission("user").build(), TEMPLATE_ID);
    assertThat(result).hasSize(2);

    // Disabled user should not be returned
@@ -86,13 +87,13 @@ public class UserWithPermissionTemplateDaoTest {
  public void search_by_user_name() {
    dbTester.prepareDbUnit(getClass(), "users_with_permissions.xml");

    List<String> result = dao.selectUserLoginsByQueryAndTemplate(
      dbSession, builder().withAtLeastOnePermission().setPermission("user").setSearchQuery("SEr1").build(),
    List<String> result = underTest.selectUserLoginsByQueryAndTemplate(
      dbSession, newQuery().withAtLeastOnePermission().setPermission("user").setSearchQuery("SEr1").build(),
      TEMPLATE_ID);
    assertThat(result).containsOnly("user1");

    result = dao.selectUserLoginsByQueryAndTemplate(
      dbSession, builder().withAtLeastOnePermission().setPermission("user").setSearchQuery("user").build(),
    result = underTest.selectUserLoginsByQueryAndTemplate(
      dbSession, newQuery().withAtLeastOnePermission().setPermission("user").setSearchQuery("user").build(),
      TEMPLATE_ID);
    assertThat(result).hasSize(2);
  }
@@ -101,31 +102,31 @@ public class UserWithPermissionTemplateDaoTest {
  public void should_be_sorted_by_user_name() {
    dbTester.prepareDbUnit(getClass(), "users_with_permissions_should_be_sorted_by_user_name.xml");

    assertThat(dao.selectUserLoginsByQueryAndTemplate(dbSession, builder().build(), TEMPLATE_ID)).containsOnly("user1", "user2", "user3");
    assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, newQuery().build(), TEMPLATE_ID)).containsOnly("user1", "user2", "user3");
  }

  @Test
  public void should_be_paginated() {
    dbTester.prepareDbUnit(getClass(), "users_with_permissions.xml");

    assertThat(dao.selectUserLoginsByQueryAndTemplate(dbSession, builder().setPageIndex(1).setPageSize(2).build(), TEMPLATE_ID)).containsOnly("user1", "user2");
    assertThat(dao.selectUserLoginsByQueryAndTemplate(dbSession, builder().setPageIndex(2).setPageSize(2).build(), TEMPLATE_ID)).containsOnly("user3");
    assertThat(dao.selectUserLoginsByQueryAndTemplate(dbSession, builder().setPageIndex(3).setPageSize(1).build(), TEMPLATE_ID)).containsOnly("user3");
    assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, newQuery().setPageIndex(1).setPageSize(2).build(), TEMPLATE_ID)).containsOnly("user1", "user2");
    assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, newQuery().setPageIndex(2).setPageSize(2).build(), TEMPLATE_ID)).containsOnly("user3");
    assertThat(underTest.selectUserLoginsByQueryAndTemplate(dbSession, newQuery().setPageIndex(3).setPageSize(1).build(), TEMPLATE_ID)).containsOnly("user3");
  }

  @Test
  public void count_users() throws Exception {
    dbTester.prepareDbUnit(getClass(), "users_with_permissions.xml");

    assertThat(dao.countUserLoginsByQueryAndTemplate(dbSession, builder().build(), TEMPLATE_ID)).isEqualTo(3);
    assertThat(dao.countUserLoginsByQueryAndTemplate(dbSession, builder().withAtLeastOnePermission().setPermission("user").build(), TEMPLATE_ID)).isEqualTo(2);
    assertThat(underTest.countUserLoginsByQueryAndTemplate(dbSession, newQuery().build(), TEMPLATE_ID)).isEqualTo(3);
    assertThat(underTest.countUserLoginsByQueryAndTemplate(dbSession, newQuery().withAtLeastOnePermission().setPermission("user").build(), TEMPLATE_ID)).isEqualTo(2);
  }

  @Test
  public void select_user_permission_templates_by_template_and_logins() throws Exception {
    dbTester.prepareDbUnit(getClass(), "users_with_permissions.xml");

    assertThat(dao.selectUserPermissionsByTemplateIdAndUserLogins(dbSession, 50L, singletonList("user1")))
    assertThat(underTest.selectUserPermissionsByTemplateIdAndUserLogins(dbSession, 50L, singletonList("user1")))
      .extracting(PermissionTemplateUserDto::getUserLogin, PermissionTemplateUserDto::getPermission)
      .containsOnly(
        tuple("user1", UserRole.USER),
@@ -133,7 +134,7 @@ public class UserWithPermissionTemplateDaoTest {
        tuple("user1", UserRole.CODEVIEWER)
      );

    assertThat(dao.selectUserPermissionsByTemplateIdAndUserLogins(dbSession, 50L, asList("user1", "user2", "user3")))
    assertThat(underTest.selectUserPermissionsByTemplateIdAndUserLogins(dbSession, 50L, asList("user1", "user2", "user3")))
      .extracting(PermissionTemplateUserDto::getUserLogin, PermissionTemplateUserDto::getPermission)
      .containsOnly(
        tuple("user1", UserRole.USER),
@@ -142,8 +143,12 @@ public class UserWithPermissionTemplateDaoTest {
        tuple("user2", UserRole.USER)
      );

    assertThat(dao.selectUserPermissionsByTemplateIdAndUserLogins(dbSession, 50L, singletonList("unknown"))).isEmpty();
    assertThat(dao.selectUserPermissionsByTemplateIdAndUserLogins(dbSession, 50L, Collections.emptyList())).isEmpty();
    assertThat(dao.selectUserPermissionsByTemplateIdAndUserLogins(dbSession, 123L, singletonList("user1"))).isEmpty();
    assertThat(underTest.selectUserPermissionsByTemplateIdAndUserLogins(dbSession, 50L, singletonList("unknown"))).isEmpty();
    assertThat(underTest.selectUserPermissionsByTemplateIdAndUserLogins(dbSession, 50L, Collections.emptyList())).isEmpty();
    assertThat(underTest.selectUserPermissionsByTemplateIdAndUserLogins(dbSession, 123L, singletonList("user1"))).isEmpty();
  }

  private PermissionQuery.Builder newQuery() {
    return builder().setOrganizationUuid("ORG_UUID");
  }
 }
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/user/UserDbTester.java
@@ -67,6 +67,9 @@ public class UserDbTester {

  public UserDto insertUser(UserDto userDto) {
    UserDto updatedUser = dbClient.userDao().insert(db.getSession(), userDto);
    if (db.hasDefaultOrganization() && userDto.isActive()) {
      db.organizations().addMember(db.getDefaultOrganization(), updatedUser);
    }
    db.commit();
    return updatedUser;
  }
--- a/server/sonar-db-dao/src/test/resources/org/sonar/db/permission/template/UserWithPermissionTemplateDaoTest/select_only_enable_users.xml
+++ b/server/sonar-db-dao/src/test/resources/org/sonar/db/permission/template/UserWithPermissionTemplateDaoTest/select_only_enable_users.xml
@@ -21,6 +21,21 @@
         active="[false]"
         is_root="[false]"/>

  <organization_members
      user_id="200"
      organization_uuid="ORG_UUID"
  />

  <organization_members
      user_id="201"
      organization_uuid="ORG_UUID"
  />

  <organization_members
      user_id="202"
      organization_uuid="ORG_UUID"
  />

  <perm_templates_users id="1"
                        user_id="200"
                        permission_reference="user"
--- a/server/sonar-db-dao/src/test/resources/org/sonar/db/permission/template/UserWithPermissionTemplateDaoTest/users_with_permissions.xml
+++ b/server/sonar-db-dao/src/test/resources/org/sonar/db/permission/template/UserWithPermissionTemplateDaoTest/users_with_permissions.xml
@@ -16,6 +16,21 @@
         active="[true]"
         is_root="[false]"/>

  <organization_members
    user_id="200"
    organization_uuid="ORG_UUID"
  />

  <organization_members
    user_id="201"
    organization_uuid="ORG_UUID"
  />

  <organization_members
    user_id="202"
    organization_uuid="ORG_UUID"
  />

  <perm_templates_users id="1"
                        user_id="200"
                        permission_reference="user"
--- a/server/sonar-db-dao/src/test/resources/org/sonar/db/permission/template/UserWithPermissionTemplateDaoTest/users_with_permissions_should_be_sorted_by_user_name.xml
+++ b/server/sonar-db-dao/src/test/resources/org/sonar/db/permission/template/UserWithPermissionTemplateDaoTest/users_with_permissions_should_be_sorted_by_user_name.xml
@@ -16,6 +16,21 @@
         active="[true]"
         is_root="[false]"/>

  <organization_members
      user_id="200"
      organization_uuid="ORG_UUID"
  />

  <organization_members
      user_id="201"
      organization_uuid="ORG_UUID"
  />

  <organization_members
      user_id="202"
      organization_uuid="ORG_UUID"
  />

  <perm_templates_users id="1"
                        user_id="200"
                        permission_reference="user"
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java
@@ -98,10 +98,10 @@ public class GroupsAction implements PermissionsWsAction {
      Optional<ProjectId> projectId = support.findProjectId(dbSession, request);
      checkProjectAdmin(userSession, org.getUuid(), projectId);

      PermissionQuery query = buildPermissionQuery(request, projectId);
      PermissionQuery query = buildPermissionQuery(request, org, projectId);
      // TODO validatePermission(groupsRequest.getPermission(), wsProjectRef);
      List<GroupDto> groups = findGroups(dbSession, org, query);
      int total = dbClient.groupPermissionDao().countGroupsByQuery(dbSession, org.getUuid(), query);
      int total = dbClient.groupPermissionDao().countGroupsByQuery(dbSession, query);
      List<GroupPermissionDto> groupsWithPermission = findGroupPermissions(dbSession, org, groups, projectId);
      Paging paging = Paging.forPageIndex(request.mandatoryParamAsInt(Param.PAGE)).withPageSize(query.getPageSize()).andTotal(total);
      WsGroupsResponse groupsResponse = buildResponse(groups, groupsWithPermission, paging);
@@ -109,9 +109,10 @@ public class GroupsAction implements PermissionsWsAction {
    }
  }

  private static PermissionQuery buildPermissionQuery(Request request, Optional<ProjectId> project) {
  private static PermissionQuery buildPermissionQuery(Request request, OrganizationDto org, Optional<ProjectId> project) {
    String textQuery = request.param(Param.TEXT_QUERY);
    PermissionQuery.Builder permissionQuery = PermissionQuery.builder()
      .setOrganizationUuid(org.getUuid())
      .setPermission(request.param(PARAM_PERMISSION))
      .setPageIndex(request.mandatoryParamAsInt(Param.PAGE))
      .setPageSize(request.mandatoryParamAsInt(Param.PAGE_SIZE))
@@ -149,7 +150,7 @@ public class GroupsAction implements PermissionsWsAction {
  }

  private List<GroupDto> findGroups(DbSession dbSession, OrganizationDto org, PermissionQuery dbQuery) {
    List<String> orderedNames = dbClient.groupPermissionDao().selectGroupNamesByQuery(dbSession, org.getUuid(), dbQuery);
    List<String> orderedNames = dbClient.groupPermissionDao().selectGroupNamesByQuery(dbSession, dbQuery);
    List<GroupDto> groups = dbClient.groupDao().selectByNames(dbSession, org.getUuid(), orderedNames);
    if (orderedNames.contains(DefaultGroups.ANYONE)) {
      groups.add(0, new GroupDto().setId(0).setName(DefaultGroups.ANYONE).setOrganizationUuid(org.getUuid()));
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/SearchGlobalPermissionsAction.java
@@ -87,7 +87,7 @@ public class SearchGlobalPermissionsAction implements PermissionsWsAction {
    OrganizationPermission.all()
      .map(OrganizationPermission::getKey)
      .forEach(permissionKey -> {
        PermissionQuery query = permissionQuery(permissionKey);
        PermissionQuery query = permissionQuery(permissionKey, org);
        response.addPermissions(
          permission
            .clear()
@@ -110,16 +110,17 @@ public class SearchGlobalPermissionsAction implements PermissionsWsAction {
  }

  private int countGroups(DbSession dbSession, OrganizationDto org, String permission) {
    PermissionQuery query = PermissionQuery.builder().setPermission(permission).build();
    return dbClient.groupPermissionDao().countGroupsByQuery(dbSession, org.getUuid(), query);
    PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(org.getUuid()).setPermission(permission).build();
    return dbClient.groupPermissionDao().countGroupsByQuery(dbSession, query);
  }

  private int countUsers(DbSession dbSession, OrganizationDto org, PermissionQuery permissionQuery) {
    return dbClient.userPermissionDao().countUsers(dbSession, org.getUuid(), permissionQuery);
  }

  private static PermissionQuery permissionQuery(String permissionKey) {
  private static PermissionQuery permissionQuery(String permissionKey, OrganizationDto org) {
    return PermissionQuery.builder()
      .setOrganizationUuid(org.getUuid())
      .setPermission(permissionKey)
      .withAtLeastOnePermission()
      .build();
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java
@@ -103,8 +103,8 @@ public class UsersAction implements PermissionsWsAction {
      Optional<ProjectId> projectId = support.findProjectId(dbSession, request);
      checkProjectAdmin(userSession, org.getUuid(), projectId);

      PermissionQuery query = buildPermissionQuery(request, projectId);
      List<UserDto> users = findUsers(dbSession, org, query);
      PermissionQuery query = buildPermissionQuery(request, org, projectId);
      List<UserDto> users = findUsers(dbSession, query);
      int total = dbClient.userPermissionDao().countUsers(dbSession, org.getUuid(), query);
      List<UserPermissionDto> userPermissions = findUserPermissions(dbSession, org, users, projectId);
      Paging paging = Paging.forPageIndex(request.mandatoryParamAsInt(Param.PAGE)).withPageSize(query.getPageSize()).andTotal(total);
@@ -113,10 +113,11 @@ public class UsersAction implements PermissionsWsAction {
    }
  }

  private static PermissionQuery buildPermissionQuery(Request request, Optional<ProjectId> project) {
  private static PermissionQuery buildPermissionQuery(Request request, OrganizationDto organization, Optional<ProjectId> project) {
    String textQuery = request.param(Param.TEXT_QUERY);
    String permission = request.param(PARAM_PERMISSION);
    PermissionQuery.Builder permissionQuery = PermissionQuery.builder()
      .setOrganizationUuid(organization.getUuid())
      .setPermission(permission)
      .setPageIndex(request.mandatoryParamAsInt(Param.PAGE))
      .setPageSize(request.mandatoryParamAsInt(Param.PAGE_SIZE))
@@ -160,8 +161,8 @@ public class UsersAction implements PermissionsWsAction {
    return response.build();
  }

  private List<UserDto> findUsers(DbSession dbSession, OrganizationDto org, PermissionQuery query) {
    List<Integer> orderedIds = dbClient.userPermissionDao().selectUserIds(dbSession, org.getUuid(), query);
  private List<UserDto> findUsers(DbSession dbSession, PermissionQuery query) {
    List<Integer> orderedIds = dbClient.userPermissionDao().selectUserIds(dbSession, query);
    return Ordering.explicit(orderedIds).onResultOf(UserDto::getId).immutableSortedCopy(dbClient.userDao().selectByIds(dbSession, orderedIds));
  }

@@ -171,9 +172,10 @@ public class UsersAction implements PermissionsWsAction {
    }
    List<String> logins = users.stream().map(UserDto::getLogin).collect(Collectors.toList());
    PermissionQuery query = PermissionQuery.builder()
      .setOrganizationUuid(org.getUuid())
      .setComponentUuid(project.isPresent() ? project.get().getUuid() : null)
      .withAtLeastOnePermission()
      .build();
    return dbClient.userPermissionDao().select(dbSession, org.getUuid(), query, logins);
    return dbClient.userPermissionDao().select(dbSession, query, logins);
  }
 }
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddUserToTemplateAction.java
@@ -98,15 +98,15 @@ public class AddUserToTemplateAction implements PermissionsWsAction {
      UserId user = wsSupport.findUser(dbSession, userLogin);
      wsSupport.checkMembership(dbSession, organizationDto, user);

      if (!isUserAlreadyAdded(dbSession, template.getId(), userLogin, permission)) {
      if (!isUserAlreadyAdded(dbSession, organizationDto, template.getId(), userLogin, permission)) {
        dbClient.permissionTemplateDao().insertUserPermission(dbSession, template.getId(), user.getId(), permission);
        dbSession.commit();
      }
    }
  }

  private boolean isUserAlreadyAdded(DbSession dbSession, long templateId, String userLogin, String permission) {
    PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build();
  private boolean isUserAlreadyAdded(DbSession dbSession, OrganizationDto organizationDto, long templateId, String userLogin, String permission) {
    PermissionQuery permissionQuery = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).setPermission(permission).build();
    List<String> usersWithPermission = dbClient.permissionTemplateDao().selectUserLoginsByQueryAndTemplate(dbSession, permissionQuery, templateId);
    return usersWithPermission.stream().anyMatch(s -> s.equals(userLogin));
  }
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java
@@ -65,42 +65,6 @@ public class TemplateGroupsAction implements PermissionsWsAction {
    this.support = support;
  }

  private static PermissionQuery buildPermissionQuery(Request request) {
    String textQuery = request.param(TEXT_QUERY);
    String permission = request.param(PARAM_PERMISSION);
    PermissionQuery.Builder permissionQuery = PermissionQuery.builder()
      .setPermission(permission != null ? validateProjectPermission(permission) : null)
      .setPageIndex(request.mandatoryParamAsInt(PAGE))
      .setPageSize(request.mandatoryParamAsInt(PAGE_SIZE))
      .setSearchQuery(textQuery);
    if (textQuery == null) {
      permissionQuery.withAtLeastOnePermission();
    }
    return permissionQuery.build();
  }

  private static WsPermissions.WsGroupsResponse buildResponse(List<GroupDto> groups, List<PermissionTemplateGroupDto> groupPermissions, Paging paging) {
    Multimap<Integer, String> permissionsByGroupId = TreeMultimap.create();
    groupPermissions.forEach(groupPermission -> permissionsByGroupId.put(groupPermission.getGroupId(), groupPermission.getPermission()));
    WsPermissions.WsGroupsResponse.Builder response = WsPermissions.WsGroupsResponse.newBuilder();

    groups.forEach(group -> {
      WsPermissions.Group.Builder wsGroup = response.addGroupsBuilder()
        .setName(group.getName());
      if (group.getId() != 0) {
        wsGroup.setId(String.valueOf(group.getId()));
      }
      setNullable(group.getDescription(), wsGroup::setDescription);
      wsGroup.addAllPermissions(permissionsByGroupId.get(group.getId()));
    });

    response.getPagingBuilder()
      .setPageIndex(paging.pageIndex())
      .setPageSize(paging.pageSize())
      .setTotal(paging.total());
    return response.build();
  }

  @Override
  public void define(WebService.NewController context) {
    WebService.NewAction action = context.createAction("template_groups")
@@ -129,7 +93,7 @@ public class TemplateGroupsAction implements PermissionsWsAction {
      PermissionTemplateDto template = support.findTemplate(dbSession, templateRef);
      checkGlobalAdmin(userSession, template.getOrganizationUuid());

      PermissionQuery query = buildPermissionQuery(wsRequest);
      PermissionQuery query = buildPermissionQuery(wsRequest, template);
      int total = dbClient.permissionTemplateDao().countGroupNamesByQueryAndTemplate(dbSession, query, template.getOrganizationUuid(), template.getId());
      Paging paging = Paging.forPageIndex(wsRequest.mandatoryParamAsInt(PAGE)).withPageSize(wsRequest.mandatoryParamAsInt(PAGE_SIZE)).andTotal(total);
      List<GroupDto> groups = findGroups(dbSession, query, template);
@@ -139,8 +103,45 @@ public class TemplateGroupsAction implements PermissionsWsAction {
    }
  }

  private static PermissionQuery buildPermissionQuery(Request request, PermissionTemplateDto template) {
    String textQuery = request.param(TEXT_QUERY);
    String permission = request.param(PARAM_PERMISSION);
    PermissionQuery.Builder permissionQuery = PermissionQuery.builder()
      .setOrganizationUuid(template.getOrganizationUuid())
      .setPermission(permission != null ? validateProjectPermission(permission) : null)
      .setPageIndex(request.mandatoryParamAsInt(PAGE))
      .setPageSize(request.mandatoryParamAsInt(PAGE_SIZE))
      .setSearchQuery(textQuery);
    if (textQuery == null) {
      permissionQuery.withAtLeastOnePermission();
    }
    return permissionQuery.build();
  }

  private static WsPermissions.WsGroupsResponse buildResponse(List<GroupDto> groups, List<PermissionTemplateGroupDto> groupPermissions, Paging paging) {
    Multimap<Integer, String> permissionsByGroupId = TreeMultimap.create();
    groupPermissions.forEach(groupPermission -> permissionsByGroupId.put(groupPermission.getGroupId(), groupPermission.getPermission()));
    WsPermissions.WsGroupsResponse.Builder response = WsPermissions.WsGroupsResponse.newBuilder();

    groups.forEach(group -> {
      WsPermissions.Group.Builder wsGroup = response.addGroupsBuilder()
        .setName(group.getName());
      if (group.getId() != 0) {
        wsGroup.setId(String.valueOf(group.getId()));
      }
      setNullable(group.getDescription(), wsGroup::setDescription);
      wsGroup.addAllPermissions(permissionsByGroupId.get(group.getId()));
    });

    response.getPagingBuilder()
      .setPageIndex(paging.pageIndex())
      .setPageSize(paging.pageSize())
      .setTotal(paging.total());
    return response.build();
  }

  private List<GroupDto> findGroups(DbSession dbSession, PermissionQuery dbQuery, PermissionTemplateDto template) {
    List<String> orderedNames = dbClient.permissionTemplateDao().selectGroupNamesByQueryAndTemplate(dbSession, dbQuery, template.getOrganizationUuid(), template.getId());
    List<String> orderedNames = dbClient.permissionTemplateDao().selectGroupNamesByQueryAndTemplate(dbSession, dbQuery, template.getId());
    List<GroupDto> groups = dbClient.groupDao().selectByNames(dbSession, template.getOrganizationUuid(), orderedNames);
    if (orderedNames.contains(DefaultGroups.ANYONE)) {
      groups.add(0, new GroupDto().setId(0).setName(DefaultGroups.ANYONE));
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java
@@ -67,41 +67,6 @@ public class TemplateUsersAction implements PermissionsWsAction {
    this.support = support;
  }

  private static PermissionQuery buildQuery(Request wsRequest, PermissionTemplateDto template) {
    String textQuery = wsRequest.param(TEXT_QUERY);
    String permission = wsRequest.param(PARAM_PERMISSION);
    PermissionQuery.Builder query = PermissionQuery.builder()
      .setTemplate(template.getUuid())
      .setPermission(permission != null ? validateProjectPermission(permission) : null)
      .setPageIndex(wsRequest.mandatoryParamAsInt(PAGE))
      .setPageSize(wsRequest.mandatoryParamAsInt(PAGE_SIZE))
      .setSearchQuery(textQuery);
    if (textQuery == null) {
      query.withAtLeastOnePermission();
    }
    return query.build();
  }

  private static WsPermissions.UsersWsResponse buildResponse(List<UserDto> users, List<PermissionTemplateUserDto> permissionTemplateUsers, Paging paging) {
    Multimap<Integer, String> permissionsByUserId = TreeMultimap.create();
    permissionTemplateUsers.forEach(userPermission -> permissionsByUserId.put(userPermission.getUserId(), userPermission.getPermission()));

    UsersWsResponse.Builder responseBuilder = UsersWsResponse.newBuilder();
    users.forEach(user -> {
      WsPermissions.User.Builder userResponse = responseBuilder.addUsersBuilder()
        .setLogin(user.getLogin())
        .addAllPermissions(permissionsByUserId.get(user.getId()));
      setNullable(user.getEmail(), userResponse::setEmail);
      setNullable(user.getName(), userResponse::setName);
    });
    responseBuilder.getPagingBuilder()
      .setPageIndex(paging.pageIndex())
      .setPageSize(paging.pageSize())
      .setTotal(paging.total())
      .build();
    return responseBuilder.build();
  }

  @Override
  public void define(WebService.NewController context) {
    WebService.NewAction action = context
@@ -141,6 +106,42 @@ public class TemplateUsersAction implements PermissionsWsAction {
    }
  }

  private static PermissionQuery buildQuery(Request wsRequest, PermissionTemplateDto template) {
    String textQuery = wsRequest.param(TEXT_QUERY);
    String permission = wsRequest.param(PARAM_PERMISSION);
    PermissionQuery.Builder query = PermissionQuery.builder()
      .setOrganizationUuid(template.getOrganizationUuid())
      .setTemplate(template.getUuid())
      .setPermission(permission != null ? validateProjectPermission(permission) : null)
      .setPageIndex(wsRequest.mandatoryParamAsInt(PAGE))
      .setPageSize(wsRequest.mandatoryParamAsInt(PAGE_SIZE))
      .setSearchQuery(textQuery);
    if (textQuery == null) {
      query.withAtLeastOnePermission();
    }
    return query.build();
  }

  private static WsPermissions.UsersWsResponse buildResponse(List<UserDto> users, List<PermissionTemplateUserDto> permissionTemplateUsers, Paging paging) {
    Multimap<Integer, String> permissionsByUserId = TreeMultimap.create();
    permissionTemplateUsers.forEach(userPermission -> permissionsByUserId.put(userPermission.getUserId(), userPermission.getPermission()));

    UsersWsResponse.Builder responseBuilder = UsersWsResponse.newBuilder();
    users.forEach(user -> {
      WsPermissions.User.Builder userResponse = responseBuilder.addUsersBuilder()
        .setLogin(user.getLogin())
        .addAllPermissions(permissionsByUserId.get(user.getId()));
      setNullable(user.getEmail(), userResponse::setEmail);
      setNullable(user.getName(), userResponse::setName);
    });
    responseBuilder.getPagingBuilder()
      .setPageIndex(paging.pageIndex())
      .setPageSize(paging.pageSize())
      .setTotal(paging.total())
      .build();
    return responseBuilder.build();
  }

  private List<UserDto> findUsers(DbSession dbSession, PermissionQuery query, PermissionTemplateDto template) {
    List<String> orderedLogins = dbClient.permissionTemplateDao().selectUserLoginsByQueryAndTemplate(dbSession, query, template.getId());
    return Ordering.explicit(orderedLogins).onResultOf(UserDto::getLogin).immutableSortedCopy(dbClient.userDao().selectByLogins(dbSession, orderedLogins));
--- a/server/sonar-server/src/test/java/org/sonar/server/issue/ws/AssignActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/issue/ws/AssignActionTest.java
@@ -94,7 +94,6 @@ public class AssignActionTest {
  public void assign_to_someone() throws Exception {
    IssueDto issue = newIssueWithBrowsePermission();
    UserDto userDto = db.users().insertUser("arthur");
    addUserAsMemberOfDefaultOrganization(userDto);

    ws.newRequest()
      .setParam("issue", issue.getKey())
@@ -160,7 +159,6 @@ public class AssignActionTest {
  public void nothing_to_do_when_new_assignee_is_same_as_old_one() throws Exception {
    IssueDto issue = newIssueWithBrowsePermission();
    UserDto userDto = db.users().insertUser(PREVIOUS_ASSIGNEE);
    addUserAsMemberOfDefaultOrganization(userDto);

    ws.newRequest()
      .setParam("issue", issue.getKey())
@@ -258,7 +256,6 @@ public class AssignActionTest {

  private void setUserWithBrowsePermission(IssueDto issue) {
    UserDto currentUser = db.users().insertUser(CURRENT_USER_LOGIN);
    addUserAsMemberOfDefaultOrganization(currentUser);
    userSession.logIn(CURRENT_USER_LOGIN).addProjectUuidPermissions(USER, issue.getProjectUuid());
  }

@@ -268,9 +265,4 @@ public class AssignActionTest {
    assertThat(issueReloaded.getIssueUpdateTime()).isEqualTo(NOW);
    assertThat(issueReloaded.getUpdatedAt()).isEqualTo(NOW);
  }

  private void addUserAsMemberOfDefaultOrganization(UserDto user) {
    db.organizations().addMember(db.getDefaultOrganization(), user);
  }

 }
--- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/AddMemberActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/AddMemberActionTest.java
@@ -112,7 +112,7 @@ public class AddMemberActionTest {
    assertMember(organization.getUuid(), user.getId());
    List<UserDoc> userDocs = userIndex.search(UserQuery.builder().build(), new SearchOptions()).getDocs();
    assertThat(userDocs).hasSize(1);
    assertThat(userDocs.get(0).organizationUuids()).containsOnly(organization.getUuid());
    assertThat(userDocs.get(0).organizationUuids()).containsOnly(organization.getUuid(), db.getDefaultOrganization().getUuid());
  }

  @Test
--- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchMembersActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchMembersActionTest.java
@@ -88,14 +88,8 @@ public class SearchMembersActionTest {

  @Test
  public void search_members_of_default_organization() {
    OrganizationDto defaultOrganization = db.getDefaultOrganization();
    OrganizationDto anotherOrganization = db.organizations().insert();
    UserDto user = db.users().insertUser();
    UserDto anotherUser = db.users().insertUser();
    UserDto userInAnotherOrganization = db.users().insertUser();
    db.organizations().addMember(defaultOrganization, user);
    db.organizations().addMember(defaultOrganization, anotherUser);
    db.organizations().addMember(anotherOrganization, userInAnotherOrganization);
    indexAllUsers();

    SearchMembersWsResponse result = call();
@@ -132,7 +126,6 @@ public class SearchMembersActionTest {
  @Test
  public void return_avatar() {
    UserDto user = db.users().insertUser(u -> u.setEmail("email@domain.com"));
    db.organizations().addMember(db.getDefaultOrganization(), user);
    indexer.index(user.getLogin());

    SearchMembersWsResponse result = call();
@@ -145,7 +138,6 @@ public class SearchMembersActionTest {
    UserDto user = db.users().insertUser();
    GroupDto group = db.users().insertGroup();
    db.users().insertMember(group, user);
    db.organizations().addMember(db.getDefaultOrganization(), user);
    indexAllUsers();

    SearchMembersWsResponse result = call();
@@ -164,8 +156,6 @@ public class SearchMembersActionTest {
    OrganizationDto anotherOrganization = db.organizations().insert();
    GroupDto anotherGroup = db.users().insertGroup(anotherOrganization);
    db.users().insertMember(anotherGroup, user);
    db.organizations().addMember(db.getDefaultOrganization(), user);
    db.organizations().addMember(db.getDefaultOrganization(), anotherUser);
    db.organizations().addMember(anotherOrganization, user);
    indexAllUsers();

@@ -178,16 +168,15 @@ public class SearchMembersActionTest {

  @Test
  public void search_non_members() {
    OrganizationDto defaultOrganization = db.getDefaultOrganization();
    OrganizationDto anotherOrganization = db.organizations().insert();
    UserDto user = db.users().insertUser();
    UserDto anotherUser = db.users().insertUser();
    UserDto userInAnotherOrganization = db.users().insertUser();
    db.organizations().addMember(anotherOrganization, user);
    db.organizations().addMember(anotherOrganization, anotherUser);
    db.organizations().addMember(defaultOrganization, userInAnotherOrganization);
    db.organizations().addMember(anotherOrganization, userInAnotherOrganization);
    indexAllUsers();
    request.setSelected(WebService.SelectionMode.DESELECTED.value());
    request
      .setOrganization(anotherOrganization.getKey())
      .setSelected(WebService.SelectionMode.DESELECTED.value());

    SearchMembersWsResponse result = call();

@@ -202,7 +191,6 @@ public class SearchMembersActionTest {
  public void search_members_pagination() {
    IntStream.range(0, 10).forEach(i -> {
      UserDto userDto = db.users().insertUser(user -> user.setName("USER_" + i));
      db.organizations().addMember(db.getDefaultOrganization(), userDto);
      indexer.index(userDto.getLogin());
    });
    indexAllUsers();
@@ -221,7 +209,6 @@ public class SearchMembersActionTest {
  public void search_members_by_name() {
    IntStream.range(0, 10).forEach(i -> {
      UserDto userDto = db.users().insertUser(user -> user.setName("USER_" + i));
      db.organizations().addMember(db.getDefaultOrganization(), userDto);
      indexer.index(userDto.getLogin());
    });
    indexAllUsers();
@@ -236,7 +223,6 @@ public class SearchMembersActionTest {
  public void search_members_by_login() {
    IntStream.range(0, 10).forEach(i -> {
      UserDto userDto = db.users().insertUser(user -> user.setLogin("USER_" + i));
      db.organizations().addMember(db.getDefaultOrganization(), userDto);
      indexer.index(userDto.getLogin());
    });
    indexAllUsers();
@@ -253,7 +239,6 @@ public class SearchMembersActionTest {
      UserDto userDto = db.users().insertUser(user -> user
        .setLogin("L" + i)
        .setEmail("USER_" + i + "@email.com"));
      db.organizations().addMember(db.getDefaultOrganization(), userDto);
      indexer.index(userDto.getLogin());
    });
    indexAllUsers();
@@ -266,12 +251,8 @@ public class SearchMembersActionTest {

  @Test
  public void json_example() {
    UserDto ada = db.users().insertUser(u -> u.setLogin("ada.lovelace").setName("Ada Lovelace").setEmail("ada@lovelace.com"));
    indexer.index(ada.getLogin());
    UserDto grace = db.users().insertUser(u -> u.setLogin("grace.hopper").setName("Grace Hopper").setEmail("grace@hopper.com"));
    indexer.index(grace.getLogin());
    db.organizations().addMember(db.getDefaultOrganization(), ada);
    db.organizations().addMember(db.getDefaultOrganization(), grace);
    db.users().insertUser(u -> u.setLogin("ada.lovelace").setName("Ada Lovelace").setEmail("ada@lovelace.com"));
    db.users().insertUser(u -> u.setLogin("grace.hopper").setName("Grace Hopper").setEmail("grace@hopper.com"));
    indexAllUsers();

    String result = ws.newRequest().execute().getInput();
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
@@ -59,7 +59,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

  @Test
  public void add_permission_to_user_on_default_organization_if_organization_is_not_specified() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    newRequest()
@@ -105,7 +104,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
  @Test
  public void add_permission_to_project_referenced_by_its_key() throws Exception {
    ComponentDto project = db.components().insertProject();
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    newRequest()
@@ -121,7 +119,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
  @Test
  public void add_permission_to_view() throws Exception {
    ComponentDto view = db.components().insertComponent(newView(db.getDefaultOrganization(), "view-uuid").setKey("view-key"));
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    newRequest()
@@ -136,7 +133,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

  @Test
  public void fail_when_project_uuid_is_unknown() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(NotFoundException.class);
@@ -150,7 +146,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

  @Test
  public void fail_when_project_permission_without_project() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(BadRequestException.class);
@@ -163,7 +158,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

  @Test
  public void fail_when_component_is_not_a_project() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    db.components().insertComponent(newFileDto(newProjectDto(db.organizations().insert(), "project-uuid"), null, "file-uuid"));
    loginAsAdmin(db.getDefaultOrganization());

@@ -178,7 +172,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

  @Test
  public void fail_when_get_request() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(ServerException.class);
@@ -192,7 +185,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

  @Test
  public void fail_when_user_login_is_missing() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(IllegalArgumentException.class);
@@ -204,7 +196,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

  @Test
  public void fail_when_permission_is_missing() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(NotFoundException.class);
@@ -216,7 +207,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

  @Test
  public void fail_when_project_uuid_and_project_key_are_provided() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    db.components().insertProject();
    loginAsAdmin(db.getDefaultOrganization());

@@ -233,7 +223,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

  @Test
  public void adding_global_permission_fails_if_not_administrator_of_organization() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    userSession.logIn();

    expectedException.expect(ForbiddenException.class);
@@ -246,7 +235,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

  @Test
  public void adding_project_permission_fails_if_not_administrator_of_project() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    ComponentDto project = db.components().insertProject();
    userSession.logIn();

@@ -264,7 +252,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
   */
  @Test
  public void adding_project_permission_is_allowed_to_project_administrators() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    ComponentDto project = db.components().insertProject();

    userSession.logIn().addProjectUuidPermissions(UserRole.ADMIN, project.uuid());
@@ -280,7 +267,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {

  @Test
  public void organization_parameter_must_not_be_set_on_project_permissions() {
    addUserAsMemberOfDefaultOrganization();
    ComponentDto project = db.components().insertProject();
    loginAsAdmin(db.getDefaultOrganization());

@@ -313,10 +299,6 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
      .execute();
  }

  private void addUserAsMemberOfDefaultOrganization() {
    db.organizations().addMember(db.getDefaultOrganization(), user);
  }

  private void addUserAsMemberOfOrganization(OrganizationDto organization) {
    db.organizations().addMember(organization, user);
  }
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java
@@ -70,6 +70,8 @@ public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest<Sear
    db.users().insertPermissionOnGroup(adminGroup, ADMINISTER);
    UserDto user = db.users().insertUser(newUserDto("user", "user-name"));
    UserDto adminUser = db.users().insertUser(newUserDto("admin", "admin-name"));
    db.organizations().addMember(org, user);
    db.organizations().addMember(org, adminUser);
    db.users().insertPermissionOnUser(org, user, PROVISION_PROJECTS);
    db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_PROFILES);
    db.users().insertPermissionOnUser(org, adminUser, ADMINISTER_QUALITY_PROFILES);
@@ -97,6 +99,7 @@ public class SearchGlobalPermissionsActionTest extends BasePermissionWsTest<Sear

    // to be ignored, by default organization is used when searching for permissions
    db.users().insertPermissionOnUser(org, user, ADMINISTER_QUALITY_GATES);
    db.organizations().addMember(org, user);

    WsPermissions.WsSearchGlobalPermissionsResponse result = WsPermissions.WsSearchGlobalPermissionsResponse.parseFrom(
      newRequest()
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java
@@ -206,8 +206,8 @@ public class AddGroupToTemplateActionTest extends BasePermissionWsTest<AddGroupT
  }

  private List<String> getGroupNamesInTemplateAndPermission(PermissionTemplateDto template, String permission) {
    PermissionQuery query = PermissionQuery.builder().setPermission(permission).build();
    PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(template.getOrganizationUuid()).setPermission(permission).build();
    return db.getDbClient().permissionTemplateDao()
      .selectGroupNamesByQueryAndTemplate(db.getSession(), query, template.getOrganizationUuid(), template.getId());
      .selectGroupNamesByQueryAndTemplate(db.getSession(), query, template.getId());
  }
 }
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java
@@ -61,17 +61,15 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT

  @Test
  public void add_user_to_template() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    newRequest(user.getLogin(), permissionTemplate.getUuid(), CODEVIEWER);

    assertThat(getLoginsInTemplateAndPermission(permissionTemplate.getId(), CODEVIEWER)).containsExactly(user.getLogin());
    assertThat(getLoginsInTemplateAndPermission(permissionTemplate, CODEVIEWER)).containsExactly(user.getLogin());
  }

  @Test
  public void add_user_to_template_by_name() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    newRequest()
@@ -80,7 +78,7 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT
      .setParam(PARAM_TEMPLATE_NAME, permissionTemplate.getName().toUpperCase())
      .execute();

    assertThat(getLoginsInTemplateAndPermission(permissionTemplate.getId(), CODEVIEWER)).containsExactly(user.getLogin());
    assertThat(getLoginsInTemplateAndPermission(permissionTemplate, CODEVIEWER)).containsExactly(user.getLogin());
  }

  @Test
@@ -97,23 +95,21 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT
      .setParam(PARAM_ORGANIZATION, organizationDto.getKey())
      .execute();

    assertThat(getLoginsInTemplateAndPermission(permissionTemplate.getId(), CODEVIEWER)).containsExactly(user.getLogin());
    assertThat(getLoginsInTemplateAndPermission(permissionTemplate, CODEVIEWER)).containsExactly(user.getLogin());
  }

  @Test
  public void does_not_add_a_user_twice() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    newRequest(user.getLogin(), permissionTemplate.getUuid(), ISSUE_ADMIN);
    newRequest(user.getLogin(), permissionTemplate.getUuid(), ISSUE_ADMIN);

    assertThat(getLoginsInTemplateAndPermission(permissionTemplate.getId(), ISSUE_ADMIN)).containsExactly(user.getLogin());
    assertThat(getLoginsInTemplateAndPermission(permissionTemplate, ISSUE_ADMIN)).containsExactly(user.getLogin());
  }

  @Test
  public void fail_if_not_a_project_permission() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(IllegalArgumentException.class);
@@ -123,7 +119,6 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT

  @Test
  public void fail_if_not_admin_of_default_organization() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    userSession.logIn().addPermission(ADMINISTER_QUALITY_PROFILES, db.getDefaultOrganization());

    expectedException.expect(ForbiddenException.class);
@@ -133,7 +128,6 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT

  @Test
  public void fail_if_user_missing() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(IllegalArgumentException.class);
@@ -143,7 +137,6 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT

  @Test
  public void fail_if_permission_missing() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(IllegalArgumentException.class);
@@ -153,7 +146,6 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT

  @Test
  public void fail_if_template_uuid_and_name_are_missing() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(BadRequestException.class);
@@ -163,7 +155,6 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT

  @Test
  public void fail_if_user_does_not_exist() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(NotFoundException.class);
@@ -174,7 +165,6 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT

  @Test
  public void fail_if_template_key_does_not_exist() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(NotFoundException.class);
@@ -185,7 +175,6 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT

  @Test
  public void fail_if_organization_does_not_exist() throws Exception {
    addUserAsMemberOfDefaultOrganization();
    loginAsAdmin(db.getDefaultOrganization());

    expectedException.expect(NotFoundException.class);
@@ -233,14 +222,10 @@ public class AddUserToTemplateActionTest extends BasePermissionWsTest<AddUserToT
    request.execute();
  }

  private List<String> getLoginsInTemplateAndPermission(long templateId, String permission) {
    PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build();
  private List<String> getLoginsInTemplateAndPermission(PermissionTemplateDto template, String permission) {
    PermissionQuery permissionQuery = PermissionQuery.builder().setOrganizationUuid(template.getOrganizationUuid()).setPermission(permission).build();
    return db.getDbClient().permissionTemplateDao()
      .selectUserLoginsByQueryAndTemplate(db.getSession(), permissionQuery, templateId);
  }

  private void addUserAsMemberOfDefaultOrganization() {
    db.organizations().addMember(db.getDefaultOrganization(), user);
      .selectUserLoginsByQueryAndTemplate(db.getSession(), permissionQuery, template.getId());
  }

  private void addUserAsMemberOfOrganization(OrganizationDto organization) {
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/ApplyTemplateActionTest.java
@@ -216,12 +216,12 @@ public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateA
  }

  private List<String> selectProjectPermissionGroups(ComponentDto project, String permission) {
    PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build();
    return db.getDbClient().groupPermissionDao().selectGroupNamesByQuery(db.getSession(), db.getDefaultOrganization().getUuid(), query);
    PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(project.getOrganizationUuid()).setPermission(permission).setComponentUuid(project.uuid()).build();
    return db.getDbClient().groupPermissionDao().selectGroupNamesByQuery(db.getSession(), query);
  }

  private List<Integer> selectProjectPermissionUsers(ComponentDto project, String permission) {
    PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build();
    return db.getDbClient().userPermissionDao().selectUserIds(db.getSession(), db.getDefaultOrganization().getUuid(), query);
    PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(project.getOrganizationUuid()).setPermission(permission).setComponentUuid(project.uuid()).build();
    return db.getDbClient().userPermissionDao().selectUserIds(db.getSession(), query);
  }
 }
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/BulkApplyTemplateActionTest.java
@@ -76,6 +76,9 @@ public class BulkApplyTemplateActionTest extends BasePermissionWsTest<BulkApplyT
    group1 = db.users().insertGroup(organization);
    group2 = db.users().insertGroup(organization);

    db.organizations().addMember(organization, user1);
    db.organizations().addMember(organization, user2);

    // template 1 for org 1
    template1 = db.permissionTemplates().insertTemplate(organization);
    addUserToTemplate(user1, template1, UserRole.CODEVIEWER);
@@ -219,12 +222,12 @@ public class BulkApplyTemplateActionTest extends BasePermissionWsTest<BulkApplyT
  }

  private List<String> selectProjectPermissionGroups(ComponentDto project, String permission) {
    PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build();
    return db.getDbClient().groupPermissionDao().selectGroupNamesByQuery(db.getSession(), project.getOrganizationUuid(), query);
    PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(project.getOrganizationUuid()).setPermission(permission).setComponentUuid(project.uuid()).build();
    return db.getDbClient().groupPermissionDao().selectGroupNamesByQuery(db.getSession(), query);
  }

  private List<Integer> selectProjectPermissionUsers(ComponentDto project, String permission) {
    PermissionQuery query = PermissionQuery.builder().setPermission(permission).setComponentUuid(project.uuid()).build();
    return db.getDbClient().userPermissionDao().selectUserIds(db.getSession(), project.getOrganizationUuid(), query);
    PermissionQuery query = PermissionQuery.builder().setOrganizationUuid(project.getOrganizationUuid()).setPermission(permission).setComponentUuid(project.uuid()).build();
    return db.getDbClient().userPermissionDao().selectUserIds(db.getSession(), query);
  }
 }
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
@@ -193,8 +193,8 @@ public class RemoveGroupFromTemplateActionTest extends BasePermissionWsTest<Remo
  }

  private List<String> getGroupNamesInTemplateAndPermission(PermissionTemplateDto template, String permission) {
    PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build();
    PermissionQuery permissionQuery = PermissionQuery.builder().setOrganizationUuid(template.getOrganizationUuid()).setPermission(permission).build();
    return db.getDbClient().permissionTemplateDao()
      .selectGroupNamesByQueryAndTemplate(db.getSession(), permissionQuery, template.getOrganizationUuid(), template.getId());
      .selectGroupNamesByQueryAndTemplate(db.getSession(), permissionQuery, template.getId());
  }
 }
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java
@@ -65,7 +65,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov
    loginAsAdmin(db.getDefaultOrganization());
    newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);

    assertThat(getLoginsInTemplateAndPermission(template.getId(), DEFAULT_PERMISSION)).isEmpty();
    assertThat(getLoginsInTemplateAndPermission(template, DEFAULT_PERMISSION)).isEmpty();
  }

  @Test
@@ -77,7 +77,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov
      .setParam(PARAM_TEMPLATE_NAME, template.getName().toUpperCase())
      .execute();

    assertThat(getLoginsInTemplateAndPermission(template.getId(), DEFAULT_PERMISSION)).isEmpty();
    assertThat(getLoginsInTemplateAndPermission(template, DEFAULT_PERMISSION)).isEmpty();
  }

  @Test
@@ -86,7 +86,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov
    newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);
    newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);

    assertThat(getLoginsInTemplateAndPermission(template.getId(), DEFAULT_PERMISSION)).isEmpty();
    assertThat(getLoginsInTemplateAndPermission(template, DEFAULT_PERMISSION)).isEmpty();
  }

  @Test
@@ -96,8 +96,8 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov
    loginAsAdmin(db.getDefaultOrganization());
    newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);

    assertThat(getLoginsInTemplateAndPermission(template.getId(), DEFAULT_PERMISSION)).isEmpty();
    assertThat(getLoginsInTemplateAndPermission(template.getId(), ISSUE_ADMIN)).containsExactly(user.getLogin());
    assertThat(getLoginsInTemplateAndPermission(template, DEFAULT_PERMISSION)).isEmpty();
    assertThat(getLoginsInTemplateAndPermission(template, ISSUE_ADMIN)).containsExactly(user.getLogin());
  }

  @Test
@@ -108,7 +108,7 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov
    loginAsAdmin(db.getDefaultOrganization());
    newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);

    assertThat(getLoginsInTemplateAndPermission(template.getId(), DEFAULT_PERMISSION)).containsExactly("new-login");
    assertThat(getLoginsInTemplateAndPermission(template, DEFAULT_PERMISSION)).containsExactly("new-login");
  }

  @Test
@@ -200,10 +200,10 @@ public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<Remov
    request.execute();
  }

  private List<String> getLoginsInTemplateAndPermission(long templateId, String permission) {
    PermissionQuery permissionQuery = PermissionQuery.builder().setPermission(permission).build();
  private List<String> getLoginsInTemplateAndPermission(PermissionTemplateDto template, String permission) {
    PermissionQuery permissionQuery = PermissionQuery.builder().setOrganizationUuid(template.getOrganizationUuid()).setPermission(permission).build();
    return db.getDbClient().permissionTemplateDao()
      .selectUserLoginsByQueryAndTemplate(db.getSession(), permissionQuery, templateId);
      .selectUserLoginsByQueryAndTemplate(db.getSession(), permissionQuery, template.getId());
  }

  private void addUserToTemplate(UserDto user, PermissionTemplateDto template, String permission) {
--- a/server/sonar-server/src/test/java/org/sonar/server/user/index/UserResultSetIteratorTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/user/index/UserResultSetIteratorTest.java
@@ -51,7 +51,7 @@ public class UserResultSetIteratorTest {
      .setScmAccounts(Arrays.asList("user,2", "user_2"))
      .setCreatedAt(1_500_000_000_000L)
      .setUpdatedAt(1_500_000_000_000L));
    UserDto userDto3 = db.users().insertUser(u -> u
    UserDto inactiveUser = db.users().insertUser(u -> u
      .setName("User3")
      .setLogin("user3")
      .setEmail(null)
@@ -78,7 +78,7 @@ public class UserResultSetIteratorTest {
    assertThat(user1.scmAccounts()).containsOnly("user_1", "u1");
    assertThat(user1.createdAt()).isEqualTo(1_500_000_000_000L);
    assertThat(user1.updatedAt()).isEqualTo(1_500_000_000_000L);
    assertThat(user1.organizationUuids()).containsOnly("ORG_1", "ORG_2");
    assertThat(user1.organizationUuids()).containsOnly("ORG_1", "ORG_2", db.getDefaultOrganization().getUuid());

    UserDoc user2 = usersByLogin.get("user2");
    assertThat(user2.name()).isEqualTo("User2");
@@ -87,7 +87,7 @@ public class UserResultSetIteratorTest {
    assertThat(user2.scmAccounts()).containsOnly("user,2", "user_2");
    assertThat(user2.createdAt()).isEqualTo(1_500_000_000_000L);
    assertThat(user2.updatedAt()).isEqualTo(1_500_000_000_000L);
    assertThat(user2.organizationUuids()).containsOnly("ORG_1");
    assertThat(user2.organizationUuids()).containsOnly("ORG_1", db.getDefaultOrganization().getUuid());

    UserDoc user3 = usersByLogin.get("user3");
    assertThat(user3.name()).isEqualTo("User3");
--- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/AddUserActionTest.java
@@ -62,7 +62,6 @@ public class AddUserActionTest {
  public void add_user_to_group_referenced_by_its_id() throws Exception {
    GroupDto group = db.users().insertGroup();
    UserDto user = db.users().insertUser();
    addUserAsMemberOfDefaultOrganization(user);
    loginAsAdminOnDefaultOrganization();

    newRequest()
@@ -78,7 +77,6 @@ public class AddUserActionTest {
  public void add_user_to_group_referenced_by_its_name() throws Exception {
    GroupDto group = db.users().insertGroup();
    UserDto user = db.users().insertUser();
    addUserAsMemberOfDefaultOrganization(user);
    loginAsAdminOnDefaultOrganization();

    newRequest()
@@ -115,7 +113,6 @@ public class AddUserActionTest {
    GroupDto users = db.users().insertGroup(defaultOrg, "users");
    UserDto user = db.users().insertUser("my-admin");
    db.users().insertMember(users, user);
    addUserAsMemberOfDefaultOrganization(user);
    loginAsAdminOnDefaultOrganization();

    newRequest()
@@ -132,7 +129,6 @@ public class AddUserActionTest {
    GroupDto users = db.users().insertGroup();
    UserDto user = db.users().insertUser();
    db.users().insertMember(users, user);
    addUserAsMemberOfDefaultOrganization(user);
    loginAsAdminOnDefaultOrganization();

    newRequest()
@@ -151,8 +147,6 @@ public class AddUserActionTest {
    UserDto user1 = db.users().insertUser();
    UserDto user2 = db.users().insertUser();
    db.users().insertMember(users, user1);
    addUserAsMemberOfDefaultOrganization(user1);
    addUserAsMemberOfDefaultOrganization(user2);
    loginAsAdminOnDefaultOrganization();

    newRequest()
@@ -169,7 +163,6 @@ public class AddUserActionTest {
  public void fail_if_group_does_not_exist() throws Exception {
    UserDto user = db.users().insertUser();
    loginAsAdminOnDefaultOrganization();
    addUserAsMemberOfDefaultOrganization(user);

    expectedException.expect(NotFoundException.class);

@@ -196,7 +189,6 @@ public class AddUserActionTest {
  public void fail_if_not_administrator() throws Exception {
    GroupDto group = db.users().insertGroup();
    UserDto user = db.users().insertUser();
    addUserAsMemberOfDefaultOrganization(user);

    expectedException.expect(UnauthorizedException.class);

@@ -263,10 +255,6 @@ public class AddUserActionTest {
    return new GroupWsSupport(db.getDbClient(), defaultOrganizationProvider);
  }

  private void addUserAsMemberOfDefaultOrganization(UserDto user) {
    db.organizations().addMember(db.getDefaultOrganization(), user);
  }

  private void addUserAsMemberOfOrganization(OrganizationDto organization, UserDto user) {
    db.organizations().addMember(organization, user);
  }
--- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java
@@ -75,7 +75,6 @@ public class UpdateActionTest {
    GroupDto group = db.users().insertGroup();
    UserDto user = db.users().insertUser();
    db.users().insertMember(group, user);
    db.organizations().addMember(db.getDefaultOrganization(), user);
    loginAsAdminOnDefaultOrganization();

    newRequest()
--- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UsersActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UsersActionTest.java
@@ -119,8 +119,6 @@ public class UsersActionTest {
    UserDto lovelace = db.users().insertUser(newUserDto().setLogin("ada.login").setName("Ada Lovelace"));
    UserDto hopper = db.users().insertUser(newUserDto().setLogin("grace").setName("Grace Hopper"));
    db.users().insertMember(group, lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), hopper);
    loginAsAdminOnDefaultOrganization();

    newUsersRequest()
@@ -155,8 +153,6 @@ public class UsersActionTest {
    UserDto lovelace = db.users().insertUser(newUserDto().setLogin("ada.login").setName("Ada Lovelace"));
    UserDto hopper = db.users().insertUser(newUserDto().setLogin("grace").setName("Grace Hopper"));
    db.users().insertMember(group, lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), hopper);
    loginAsAdminOnDefaultOrganization();

    newUsersRequest()
@@ -173,8 +169,6 @@ public class UsersActionTest {
    UserDto graceHopper = db.users().insertUser(newUserDto().setLogin("grace").setName("Grace Hopper"));
    db.users().insertMember(group, adaLovelace);
    db.users().insertMember(group, graceHopper);
    db.organizations().addMember(db.getDefaultOrganization(), adaLovelace);
    db.organizations().addMember(db.getDefaultOrganization(), graceHopper);
    loginAsAdminOnDefaultOrganization();

    String response = newUsersRequest().setParam(PARAM_GROUP_ID, group.getId().toString()).execute().outputAsString();
@@ -188,8 +182,6 @@ public class UsersActionTest {
    UserDto lovelace = db.users().insertUser(newUserDto().setLogin("ada").setName("Ada Lovelace"));
    UserDto hopper = db.users().insertUser(newUserDto().setLogin("grace").setName("Grace Hopper"));
    db.users().insertMember(group, lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), hopper);
    loginAsAdminOnDefaultOrganization();

    newUsersRequest()
@@ -210,8 +202,6 @@ public class UsersActionTest {
    UserDto lovelace = db.users().insertUser(newUserDto().setLogin("ada").setName("Ada Lovelace"));
    UserDto hopper = db.users().insertUser(newUserDto().setLogin("grace").setName("Grace Hopper"));
    db.users().insertMember(group, lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), hopper);
    loginAsAdminOnDefaultOrganization();

    newUsersRequest()
@@ -227,8 +217,6 @@ public class UsersActionTest {
    UserDto lovelace = db.users().insertUser(newUserDto().setLogin("ada").setName("Ada Lovelace"));
    UserDto hopper = db.users().insertUser(newUserDto().setLogin("grace").setName("Grace Hopper"));
    db.users().insertMember(group, lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), hopper);
    loginAsAdminOnDefaultOrganization();

    newUsersRequest()
@@ -253,8 +241,6 @@ public class UsersActionTest {
    UserDto lovelace = db.users().insertUser(newUserDto().setLogin("ada.login").setName("Ada Lovelace").setEmail("ada@email.com"));
    UserDto hopper = db.users().insertUser(newUserDto().setLogin("grace").setName("Grace Hopper").setEmail("grace@hopper.com"));
    db.users().insertMember(group, lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), lovelace);
    db.organizations().addMember(db.getDefaultOrganization(), hopper);
    loginAsAdminOnDefaultOrganization();

    newUsersRequest()