123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377 |
- <?xml version="1.0" encoding="UTF-8" ?>
- <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "mybatis-3-mapper.dtd">
-
- <mapper namespace="org.sonar.db.permission.AuthorizationMapper">
-
- <select id="selectGlobalPermissions" parameterType="map" resultType="string">
- select gr.role
- from group_roles gr
- inner join groups_users gu on gr.group_uuid=gu.group_uuid
- where
- gr.component_uuid is null and
- gu.user_uuid=#{userUuid, jdbcType=VARCHAR}
-
- union
-
- select gr.role
- from group_roles gr
- where
- gr.group_uuid is null and
- gr.component_uuid is null
-
- union
-
- select ur.role
- from user_roles ur
- where
- ur.user_uuid=#{userUuid, jdbcType=VARCHAR}
- and ur.component_uuid is null
- </select>
-
- <select id="selectGlobalPermissionsOfAnonymous" parameterType="map" resultType="string">
- select gr.role
- from group_roles gr
- where
- gr.component_uuid is null and
- gr.group_uuid is null
- </select>
-
- <select id="countUsersWithGlobalPermissionExcludingGroup" parameterType="map" resultType="int">
- select count(1) from
- (
- select gu.user_uuid
- from groups_users gu
- inner join group_roles gr on gr.group_uuid = gu.group_uuid
- where
- gr.role = #{permission, jdbcType=VARCHAR} and
- gr.component_uuid is null and
- gr.group_uuid is not null and
- gr.group_uuid != #{excludedGroupUuid, jdbcType=VARCHAR}
-
- union
-
- select ur.user_uuid
- from user_roles ur
- where
- ur.component_uuid is null and
- ur.role = #{permission, jdbcType=VARCHAR}
- ) remaining
- </select>
-
- <select id="countUsersWithGlobalPermissionExcludingUser" parameterType="map" resultType="int">
- select count(1) from
- (
- select gu.user_uuid
- from groups_users gu
- inner join group_roles gr on gr.group_uuid = gu.group_uuid
- where
- gr.role = #{permission, jdbcType=VARCHAR} and
- gr.component_uuid is null and
- gr.group_uuid is not null and
- gu.user_uuid != #{excludedUserUuid, jdbcType=VARCHAR}
-
- union
-
- select ur.user_uuid
- from user_roles ur
- where
- ur.component_uuid is null and
- ur.role = #{permission, jdbcType=VARCHAR} and
- ur.user_uuid != #{excludedUserUuid, jdbcType=VARCHAR}
- ) remaining
- </select>
-
- <select id="selectUserUuidsWithGlobalPermission" parameterType="map" resultType="String">
- select gu.user_uuid
- from groups_users gu
- inner join group_roles gr on gr.group_uuid = gu.group_uuid
- where
- gr.role = #{permission, jdbcType=VARCHAR} and
- gr.component_uuid is null and
- gr.group_uuid is not null
-
- union
-
- select ur.user_uuid
- from user_roles ur
- where
- ur.component_uuid is null and
- ur.role = #{permission, jdbcType=VARCHAR}
- </select>
-
- <select id="countUsersWithGlobalPermissionExcludingGroupMember" parameterType="map" resultType="int">
- select count(1) from
- (
- select gu.user_uuid
- from groups_users gu
- inner join group_roles gr on gr.group_uuid = gu.group_uuid
- where
- gr.role = #{permission, jdbcType=VARCHAR} and
- gr.component_uuid is null and
- gr.group_uuid is not null and
- (gu.group_uuid != #{groupUuid, jdbcType=VARCHAR} or gu.user_uuid != #{userUuid, jdbcType=VARCHAR})
-
- union
-
- select ur.user_uuid
- from user_roles ur
- where
- ur.component_uuid is null and
- ur.role = #{permission, jdbcType=VARCHAR}
- ) remaining
- </select>
-
- <select id="countUsersWithGlobalPermissionExcludingUserPermission" parameterType="map" resultType="int">
- select count(1) from
- (
- select gu.user_uuid
- from groups_users gu
- inner join group_roles gr on gr.group_uuid = gu.group_uuid
- where
- gr.role = #{permission, jdbcType=VARCHAR} and
- gr.component_uuid is null and
- gr.group_uuid is not null
-
- union
-
- select ur.user_uuid
- from user_roles ur
- where
- ur.component_uuid is null and
- ur.role = #{permission, jdbcType=VARCHAR} and
- ur.user_uuid != #{userUuid, jdbcType=VARCHAR}
- ) remaining
- </select>
-
- <select id="keepAuthorizedProjectUuidsForUser" parameterType="map" resultType="String">
- select
- gr.component_uuid
- from
- group_roles gr
- where
- gr.role=#{role, jdbcType=VARCHAR}
- and (
- gr.group_uuid is null
- or exists (
- select
- 1
- from
- groups_users gu
- where
- gu.user_uuid = #{userUuid, jdbcType=VARCHAR}
- and gr.group_uuid = gu.group_uuid
- )
- )
- and <foreach collection="projectUuids" open="(" close=")" item="element" index="index" separator=" or ">
- gr.component_uuid=#{element, jdbcType=VARCHAR}
- </foreach>
-
- union
-
- select
- p.uuid
- from
- user_roles ur
- inner join components p on
- p.uuid = ur.component_uuid
- where
- ur.role=#{role, jdbcType=VARCHAR}
- and ur.user_uuid=#{userUuid, jdbcType=INTEGER}
- and <foreach collection="projectUuids" open="(" close=")" item="element" index="index" separator=" or ">
- p.uuid=#{element, jdbcType=VARCHAR}
- </foreach>
-
- union
-
- <include refid="sqlSelectPublicProjectsIfRole"/>
- </select>
-
- <sql id="sqlSelectPublicProjectsIfRole">
- select
- p.uuid
- from
- components p
- where
- <foreach collection="projectUuids" open="(" close=")" item="element" index="index" separator=" or ">
- p.uuid=#{element ,jdbcType=VARCHAR}
- </foreach>
- and p.private = ${_false}
- and #{role, jdbcType=VARCHAR} in ('user','codeviewer')
- </sql>
-
- <select id="keepAuthorizedProjectUuidsForAnonymous" parameterType="map" resultType="String">
- select
- gr.component_uuid
- from
- group_roles gr
- where
- gr.role=#{role, jdbcType=VARCHAR}
- and gr.group_uuid is null
- and <foreach collection="projectUuids" open="(" close=")" item="element" index="index" separator=" or ">
- gr.component_uuid=#{element, jdbcType=VARCHAR}
- </foreach>
-
- union
-
- <include refid="sqlSelectPublicProjectsIfRole"/>
- </select>
-
- <select id="keepAuthorizedUsersForRoleAndProject" parameterType="map" resultType="String">
- select
- gu.user_uuid
- from
- groups_users gu
- inner join group_roles gr on
- gr.group_uuid=gu.group_uuid
- where
- gr.component_uuid=#{componentUuid, jdbcType=VARCHAR}
- and gr.role=#{role, jdbcType=VARCHAR}
- and gu.user_uuid in
- <foreach collection="userUuids" open="(" close=")" item="uuid" separator=",">
- #{uuid, jdbcType=VARCHAR}
- </foreach>
-
- union
-
- select
- ur.user_uuid
- from
- user_roles ur
- where
- ur.component_uuid=#{componentUuid, jdbcType=VARCHAR}
- and ur.role=#{role, jdbcType=VARCHAR}
- and ur.user_uuid IN
- <foreach collection="userUuids" open="(" close=")" item="uuid" separator=",">
- #{uuid, jdbcType=VARCHAR}
- </foreach>
-
- union
-
- select
- u.uuid
- from
- users u
- where
- u.uuid in
- <foreach collection="userUuids" open="(" close=")" item="uuid" separator=",">
- #{uuid, jdbcType=VARCHAR}
- </foreach>
- and exists (
- select
- 1
- from
- components p
- where
- p.uuid =#{componentUuid, jdbcType=VARCHAR}
- and p.private = ${_false}
- and #{role, jdbcType=VARCHAR} in ('user','codeviewer')
- )
- </select>
-
- <select id="selectProjectPermissions" parameterType="map" resultType="String">
- select ur.role
- from user_roles ur
- inner join components p on p.uuid = ur.component_uuid
- where
- p.uuid = #{projectUuid, jdbcType=VARCHAR} and
- ur.user_uuid = #{userUuid, jdbcType=VARCHAR}
-
- union
-
- select gr.role
- from group_roles gr
- inner join groups_users gu on gr.group_uuid = gu.group_uuid
- inner join components p on p.uuid = gr.component_uuid
- where
- p.uuid = #{projectUuid, jdbcType=VARCHAR} and
- gu.user_uuid = #{userUuid, jdbcType=VARCHAR}
-
- union
-
- <include refid="sql_selectProjectPermissionsOfAnonymous"/>
- </select>
-
- <select id="selectProjectPermissionsOfAnonymous" parameterType="map" resultType="String">
- <include refid="sql_selectProjectPermissionsOfAnonymous"/>
- </select>
-
- <sql id="sql_selectProjectPermissionsOfAnonymous">
- select
- gr.role
- from
- group_roles gr
- inner join components p on
- p.uuid = gr.component_uuid
- where
- p.uuid = #{projectUuid, jdbcType=VARCHAR}
- and gr.group_uuid is null
- </sql>
-
- <select id="selectEmailSubscribersWithGlobalPermission" parameterType="map" resultType="org.sonar.db.EmailSubscriberDto">
- select
- u.login as "login",
- ${_true} as "global",
- u.email as "email"
- from
- users u
- inner join user_roles ur on
- ur.user_uuid = u.uuid
- and ur.role=#{permission, jdbcType=VARCHAR}
- and ur.component_uuid is null
- where
- u.email is not null
-
- union
-
- select
- u.login as "login",
- ${_true} as "global",
- u.email as "email"
- from users u
- inner join groups_users gu on
- u.uuid=gu.user_uuid
- inner join group_roles gr on
- gr.group_uuid = gu.group_uuid
- and gr.role = #{permission, jdbcType=VARCHAR}
- and gr.component_uuid is null
- where
- u.email is not null
-
- </select>
-
- <select id="keepAuthorizedLoginsOnProject" parameterType="map" resultType="String">
- select u.login
- from users u
- where
- u.login in <foreach collection="logins" open="(" close=")" item="login" separator=",">#{login, jdbcType=VARCHAR}</foreach>
- and (
- exists (
- select 1
- from user_roles ur
- inner join components p on p.uuid = ur.component_uuid
- where
- p.kee = #{projectKey, jdbcType=VARCHAR}
- and ur.role = #{permission, jdbcType=VARCHAR}
- and ur.user_uuid = u.uuid
- ) or exists (
- select 1
- from components p
- inner join group_roles gr on gr.component_uuid = p.uuid
- inner join groups_users gu on gu.group_uuid = gr.group_uuid
- where
- p.kee = #{projectKey, jdbcType=VARCHAR}
- and gu.user_uuid = u.uuid
- and gr.role = #{permission, jdbcType=VARCHAR}
- )
- <if test="permission == 'user' or permission == 'codeviewer'">
- or exists (
- select 1
- from components p
- where
- p.kee = #{projectKey, jdbcType=VARCHAR}
- and p.private = ${_false}
- )
- </if>
- )
- </select>
- </mapper>
|