mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168
							/*
 * SonarQube
 * Copyright (C) 2009-2020 SonarSource SA
 * mailto:info AT sonarsource DOT com
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 */
package org.sonar.db.permission;

import java.util.Collection;
import java.util.List;
import java.util.Set;
import javax.annotation.Nullable;
import org.sonar.db.Dao;
import org.sonar.db.DbSession;
import org.sonar.db.EmailSubscriberDto;

import static org.sonar.db.DatabaseUtils.executeLargeInputs;
import static org.sonar.db.DatabaseUtils.executeLargeInputsIntoSet;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;

/**
 * The SQL requests used to verify authorization (the permissions
 * granted to users)
 *
 * @see GroupPermissionDao for CRUD of table group_roles
 * @see UserPermissionDao for CRUD of table user_roles
 */
public class AuthorizationDao implements Dao {

  /**
   * Loads all the global permissions granted to user
   */
  public Set<String> selectGlobalPermissions(DbSession dbSession, String userUuid) {
    return mapper(dbSession).selectGlobalPermissions(userUuid);
  }

  /**
   * Loads all the permissions granted to anonymous user for the specified organization
   */
  public Set<String> selectGlobalPermissionsOfAnonymous(DbSession dbSession) {
    return mapper(dbSession).selectGlobalPermissionsOfAnonymous();
  }

  /**
   * Loads all the permissions granted to logged-in user for the specified project <strong>stored in *_ROLES
   * tables</strong>.
   * An empty Set is returned if user has no permissions on the project.
   *
   * <strong>This method does not support public components</strong>
   */
  public Set<String> selectProjectPermissions(DbSession dbSession, String projectUuid, String userUuid) {
    return mapper(dbSession).selectProjectPermissions(projectUuid, userUuid);
  }

  /**
   * Loads all the permissions granted to anonymous for the specified project <strong>stored in *_ROLES
   * tables</strong>.
   * An empty Set is returned if anonymous user has no permissions on the project.
   *
   * <strong>This method does not support public components</strong>
   */
  public Set<String> selectProjectPermissionsOfAnonymous(DbSession dbSession, String projectUuid) {
    return mapper(dbSession).selectProjectPermissionsOfAnonymous(projectUuid);
  }

  /**
   * The number of users who will still have the permission if the group {@code excludedGroupUuid}
   * is deleted. The anyone virtual group is not taken into account.
   */
  public int countUsersWithGlobalPermissionExcludingGroup(DbSession dbSession, String permission, String excludedGroupUuid) {
    return mapper(dbSession).countUsersWithGlobalPermissionExcludingGroup(permission, excludedGroupUuid);
  }

  /**
   * The number of users who will still have the permission if the user {@code excludedUserId}
   * is deleted. The anyone virtual group is not taken into account.
   */
  public int countUsersWithGlobalPermissionExcludingUser(DbSession dbSession, String permission, String excludedUserUuid) {
    return mapper(dbSession).countUsersWithGlobalPermissionExcludingUser(permission, excludedUserUuid);
  }

  /**
   * The list of users who have the global permission.
   * The anyone virtual group is not taken into account.
   */
  public List<String> selectUserUuidsWithGlobalPermission(DbSession dbSession, String permission) {
    return mapper(dbSession).selectUserUuidsWithGlobalPermission(permission);
  }

  /**
   * The number of users who will still have the permission if the user {@code userId}
   * is removed from group {@code groupUuid}. The anyone virtual group is not taken into account.
   * Contrary to {@link #countUsersWithGlobalPermissionExcludingUser(DbSession, String, String)}, user
   * still exists and may have the permission directly or through other groups.
   */
  public int countUsersWithGlobalPermissionExcludingGroupMember(DbSession dbSession, String permission, String groupUuid, String userUuid) {
    return mapper(dbSession).countUsersWithGlobalPermissionExcludingGroupMember(permission, groupUuid, userUuid);
  }

  /**
   * The number of users who will still have the permission if the permission {@code permission}
   * is removed from user {@code userId}. The anyone virtual group is not taken into account.
   * Contrary to {@link #countUsersWithGlobalPermissionExcludingUser(DbSession, String, String)}, user
   * still exists and may have the permission through groups.
   */
  public int countUsersWithGlobalPermissionExcludingUserPermission(DbSession dbSession, String permission, String userUuid) {
    return mapper(dbSession).countUsersWithGlobalPermissionExcludingUserPermission(permission, userUuid);
  }

  public Set<String> keepAuthorizedProjectUuids(DbSession dbSession, Collection<String> projectUuids, @Nullable String userUuid, String permission) {
    return executeLargeInputsIntoSet(
      projectUuids,
      partition -> {
        if (userUuid == null) {
          return mapper(dbSession).keepAuthorizedProjectUuidsForAnonymous(permission, partition);
        }
        return mapper(dbSession).keepAuthorizedProjectUuidsForUser(userUuid, permission, partition);
      },
      partitionSize -> partitionSize / 2);
  }

  /**
   * Keep only authorized user that have the given permission on a given project.
   * Please Note that if the permission is 'Anyone' is NOT taking into account by this method.
   */
  public Collection<String> keepAuthorizedUsersForRoleAndProject(DbSession dbSession, Collection<String> userUuids, String role, String projectUuid) {
    return executeLargeInputs(
      userUuids,
      partitionOfIds -> mapper(dbSession).keepAuthorizedUsersForRoleAndProject(role, projectUuid, partitionOfIds),
      partitionSize -> partitionSize / 3);
  }

  public Set<EmailSubscriberDto> selectQualityProfileAdministratorLogins(DbSession dbSession) {
    return mapper(dbSession).selectEmailSubscribersWithGlobalPermission(ADMINISTER_QUALITY_PROFILES.getKey());
  }

  /**
   * Used by license notifications
   */
  public Set<EmailSubscriberDto> selectGlobalAdministerEmailSubscribers(DbSession dbSession) {
    return mapper(dbSession).selectEmailSubscribersWithGlobalPermission(ADMINISTER.getKey());
  }

  public Set<String> keepAuthorizedLoginsOnProject(DbSession dbSession, Set<String> logins, String projectKey, String permission) {
    return executeLargeInputsIntoSet(
      logins,
      partitionOfLogins -> mapper(dbSession).keepAuthorizedLoginsOnProject(partitionOfLogins, projectKey, permission),
      partitionSize -> partitionSize / 3);
  }

  private static AuthorizationMapper mapper(DbSession dbSession) {
    return dbSession.getMapper(AuthorizationMapper.class);
  }
}