Revert "SONAR-1884 Fix filter on project permissions for user/group"

This reverts commit 95cde188b5fe83d2beada2970ad0b0f1452945e9.

4 files changed, 4 insertions, 50 deletions

diff --git a/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml b/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml
index f14637152b8..79c15536960 100644
--- a/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml
+++ b/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml
@@ -8,17 +8,15 @@
     FROM group_roles gr, projects p
     WHERE
       gr.role=#{role}
-      and (gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
-      and
-        (gr.resource_id is null or gr.resource_id = p.root_id or gr.resource_id = p.id) and
-        <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or " >p.kee=#{element}</foreach>
+      and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
+      and (gr.resource_id = p.root_id or gr.resource_id = p.id) and
+      <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or " >p.kee=#{element}</foreach>
     UNION
     SELECT p.kee
     FROM user_roles ur, projects p
     WHERE
       ur.role=#{role}
-      and ur.user_id=#{userId}
-      and (ur.resource_id is null or ur.resource_id = p.root_id or ur.resource_id = p.id) and
+      and ur.user_id=#{userId} and
       <foreach collection="componentKeys" open="(" close=")" item="element" index="index" separator=" or " >p.kee=#{element}</foreach>
   </select>
 
diff --git a/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java b/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java
index 9b8b6e8a8e6..a20f0b08ff8 100644
--- a/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java
+++ b/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java
@@ -54,25 +54,6 @@ public class AuthorizationDaoTest extends AbstractDaoTestCase {
   }
 
   @Test
-  public void user_should_have_global_authorization() {
-    // is not in an authorized group
-    setupData("user_should_have_global_permission");
-
-    AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
-    Set<String> componentIds = authorization.keepAuthorizedComponentKeys(
-      Sets.<String>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
-      USER, "project_admin");
-
-    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE, EMPTY_PROJECT);
-
-    // user does not have the role "profile_admin"
-    componentIds = authorization.keepAuthorizedComponentKeys(
-      Sets.<String>newHashSet(PROJECT, PACKAGE, FILE),
-      USER, "profile_admin");
-    assertThat(componentIds).isEmpty();
-  }
-
-  @Test
   public void group_should_be_authorized() {
     // user is in an authorized group
     setupData("group_should_be_authorized");
@@ -84,13 +65,6 @@ public class AuthorizationDaoTest extends AbstractDaoTestCase {
 
     assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE, EMPTY_PROJECT);
 
-    // user is in group that doesn't have user right
-    componentIds = authorization.keepAuthorizedComponentKeys(
-      Sets.<String>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
-      200, "user");
-
-    assertThat(componentIds).containsOnly(EMPTY_PROJECT);
-
     // group does not have the role "admin"
     componentIds = authorization.keepAuthorizedComponentKeys(
       Sets.<String>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_be_authorized.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_be_authorized.xml
index d0b191eaf28..3631f49e9ee 100644
--- a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_be_authorized.xml
+++ b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_be_authorized.xml
@@ -2,16 +2,10 @@
 
   <!-- user 100 has no direct grant access, but is in the group 200 that has the role "user"
   on the project 300  -->
-  <!-- user 200 has no grant access either, but is in the group 300 that has no role on project 300 -->
   <user_roles id="1" user_id="100" resource_id="999" role="user"/>
-  <user_roles id="2" user_id="200" resource_id="999" role="user"/>
-
   <groups_users user_id="100" group_id="200"/>
-  <groups_users user_id="200" group_id="300"/>
-
   <group_roles id="1" group_id="200" resource_id="300" role="user"/>
   <group_roles id="2" group_id="200" resource_id="400" role="user"/>
-  <group_roles id="3" group_id="300" resource_id="400" role="user"/>
 
   <projects id="301" kee="pj-w-snapshot:package" root_id="300" />
   <projects id="302" kee="pj-w-snapshot:file" root_id="300" />
diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/user_should_have_global_permission.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/user_should_have_global_permission.xml
deleted file mode 100644
index 2c2b97bc038..00000000000
--- a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/user_should_have_global_permission.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<dataset>
-
-  <!-- user 100 has the role "project_admin" on all resources -->
-  <user_roles id="1" user_id="100" resource_id="[null]" role="project_admin"/>
-
-  <projects id="301" kee="pj-w-snapshot:package" root_id="300" />
-  <projects id="302" kee="pj-w-snapshot:file" root_id="300" />
-  <projects id="303" kee="pj-w-snapshot:other" root_id="300" />
-  <projects id="300" kee="pj-w-snapshot" />
-  <projects id="400" kee="pj-wo-snapshot" />
-
-</dataset>