mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
Browse Source

SONAR-1330 Purge edit permissions when deleting user

tags/6.6-RC1
Julien Lancelot 6 years ago
parent
068f55312c
commit
f0af72abc1
6 changed files with 45 additions and 0 deletions
Split View Show Diff Stats
  1. 4
    0
      server/sonar-db-dao/src/main/java/org/sonar/db/qualityprofile/QProfileEditUsersDao.java
  2. 2
    0
      server/sonar-db-dao/src/main/java/org/sonar/db/qualityprofile/QProfileEditUsersMapper.java
  3. 5
    0
      server/sonar-db-dao/src/main/resources/org/sonar/db/qualityprofile/QProfileEditUsersMapper.xml
  4. 20
    0
      server/sonar-db-dao/src/test/java/org/sonar/db/qualityprofile/QProfileEditUsersDaoTest.java
  5. 1
    0
      server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java
  6. 13
    0
      server/sonar-server/src/test/java/org/sonar/server/user/ws/DeactivateActionTest.java

+ 4
- 0
server/sonar-db-dao/src/main/java/org/sonar/db/qualityprofile/QProfileEditUsersDao.java View File

@@ -66,6 +66,10 @@ public class QProfileEditUsersDao implements Dao {
executeLargeUpdates(qProfiles.stream().map(QProfileDto::getKee).collect(toList()), p -> mapper(dbSession).deleteByQProfiles(p));
}

public void deleteByUser(DbSession dbSession, UserDto user) {
mapper(dbSession).deleteByUser(user.getId());
}

private static QProfileEditUsersMapper mapper(DbSession dbSession) {
return dbSession.getMapper(QProfileEditUsersMapper.class);
}

+ 2
- 0
server/sonar-db-dao/src/main/java/org/sonar/db/qualityprofile/QProfileEditUsersMapper.java View File

@@ -39,4 +39,6 @@ public interface QProfileEditUsersMapper {
void delete(@Param("qProfileUuid") String qProfileUuid, @Param("userId") int userId);

void deleteByQProfiles(@Param("qProfileUuids") Collection<String> qProfileUuids);

void deleteByUser(@Param("userId") int userId);
}

+ 5
- 0
server/sonar-db-dao/src/main/resources/org/sonar/db/qualityprofile/QProfileEditUsersMapper.xml View File

@@ -110,5 +110,10 @@
where qprofile_uuid in <foreach collection="qProfileUuids" open="(" close=")" item="qProfileUuid" separator=",">#{qProfileUuid, jdbcType=VARCHAR}</foreach>
</delete>

<delete id="deleteByUser" parameterType="map">
delete from qprofile_edit_users
where user_id = #{userId, jdbcType=INTEGER}
</delete>

</mapper>


+ 20
- 0
server/sonar-db-dao/src/test/java/org/sonar/db/qualityprofile/QProfileEditUsersDaoTest.java View File

@@ -309,4 +309,24 @@ public class QProfileEditUsersDaoTest {
assertThat(underTest.exists(db.getSession(), profile3, user1)).isTrue();
assertThat(underTest.exists(db.getSession(), anotherProfile, user1)).isTrue();
}

@Test
public void deleteByUser() {
OrganizationDto organization1 = db.organizations().insert();
OrganizationDto organization2 = db.organizations().insert();
QProfileDto profile1 = db.qualityProfiles().insert(organization1);
QProfileDto profile2 = db.qualityProfiles().insert(organization2);
QProfileDto profile3 = db.qualityProfiles().insert(organization1);
UserDto user1 = db.users().insertUser();
UserDto user2 = db.users().insertUser();
db.qualityProfiles().addUserPermission(profile1, user1);
db.qualityProfiles().addUserPermission(profile2, user1);
db.qualityProfiles().addUserPermission(profile3, user2);

underTest.deleteByUser(db.getSession(), user1);

assertThat(underTest.exists(db.getSession(), profile1, user1)).isFalse();
assertThat(underTest.exists(db.getSession(), profile2, user1)).isFalse();
assertThat(underTest.exists(db.getSession(), profile3, user2)).isTrue();
}
}

+ 1
- 0
server/sonar-server/src/main/java/org/sonar/server/user/ws/DeactivateAction.java View File

@@ -100,6 +100,7 @@ public class DeactivateAction implements UsersWsAction {
dbClient.userGroupDao().deleteByUserId(dbSession, userId);
dbClient.userPermissionDao().deleteByUserId(dbSession, userId);
dbClient.permissionTemplateDao().deleteUserPermissionsByUserId(dbSession, userId);
dbClient.qProfileEditUsersDao().deleteByUser(dbSession, user);
dbClient.organizationMemberDao().deleteByUserId(dbSession, userId);
dbClient.userDao().deactivateUser(dbSession, user);
userIndexer.commitAndIndex(dbSession, user);

+ 13
- 0
server/sonar-server/src/test/java/org/sonar/server/user/ws/DeactivateActionTest.java View File

@@ -35,6 +35,7 @@ import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.permission.template.PermissionTemplateUserDto;
import org.sonar.db.property.PropertyDto;
import org.sonar.db.property.PropertyQuery;
import org.sonar.db.qualityprofile.QProfileDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.es.EsTester;
@@ -177,6 +178,18 @@ public class DeactivateActionTest {
assertThat(db.getDbClient().permissionTemplateDao().selectUserPermissionsByTemplateId(dbSession, anotherTemplate.getId())).extracting(PermissionTemplateUserDto::getUserId).isEmpty();
}

@Test
public void deactivate_user_deletes_his_qprofiles_permissions() {
logInAsSystemAdministrator();
UserDto user = insertUser(newUserDto());
QProfileDto profile = db.qualityProfiles().insert(db.getDefaultOrganization());
db.qualityProfiles().addUserPermission(profile, user);

deactivate(user.getLogin()).getInput();

assertThat(db.getDbClient().qProfileEditUsersDao().exists(dbSession, profile, user)).isFalse();
}

@Test
public void deactivate_user_deletes_his_default_assignee_settings() {
logInAsSystemAdministrator();

Write Preview
Loading…
Cancel
Save