SONAR-4712 Fix project authorization request to support empty projects

6 files changed, 45 insertions, 40 deletions

diff --git a/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml b/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml
index c7871b83291..b686a35a6d1 100644
--- a/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml
+++ b/sonar-core/src/main/resources/org/sonar/core/user/AuthorizationMapper.xml
@@ -4,32 +4,30 @@
 <mapper namespace="org.sonar.core.user.AuthorizationMapper">
 
   <select id="keepAuthorizedComponentIdsForUser" parameterType="map" resultType="long">
-    SELECT s.project_id
-    FROM group_roles gr, snapshots s
+    SELECT p.id
+    FROM group_roles gr, projects p
     WHERE
       gr.role=#{role}
       and (gr.group_id is null or gr.group_id in (select gu.group_id from groups_users gu where gu.user_id=#{userId}))
-      and gr.resource_id = s.root_project_id and
-      <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or " >project_id=#{element}</foreach>
-      and s.islast = ${_true}
+      and (gr.resource_id = p.root_id or gr.resource_id = p.id) and
+      <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or " >p.id=#{element}</foreach>
     UNION
-    SELECT s.project_id
-    FROM user_roles ur, snapshots s
+    SELECT p.id
+    FROM user_roles ur, projects p
     WHERE
       ur.role=#{role}
       and ur.user_id=#{userId} and
-      <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or " >project_id=#{element}</foreach>
-      and s.islast = ${_true}
+      <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or " >p.id=#{element}</foreach>
   </select>
 
   <select id="keepAuthorizedComponentIdsForAnonymous" parameterType="map" resultType="long">
-      SELECT s.project_id
-      FROM group_roles gr, snapshots s
+      SELECT p.id
+      FROM group_roles gr, projects p
       WHERE
         gr.role=#{role}
         and gr.group_id is null
-        and gr.resource_id = s.root_project_id and
-        <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or " >project_id=#{element}</foreach>
+        and (gr.resource_id = p.root_id or gr.resource_id = p.id) and
+        <foreach collection="componentIds" open="(" close=")" item="element" index="index" separator=" or " >p.id=#{element}</foreach>
   </select>
 
   <select id="selectAuthorizedRootProjectsIds" parameterType="map" resultType="long">
diff --git a/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java b/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java
index 860467bbf46..2ad4c6e3f77 100644
--- a/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java
+++ b/sonar-core/src/test/java/org/sonar/core/user/AuthorizationDaoTest.java
@@ -31,7 +31,7 @@ import static org.fest.assertions.Assertions.assertThat;
 public class AuthorizationDaoTest extends AbstractDaoTestCase {
 
   private static final int USER = 100;
-  private static final long PROJECT = 300l, PACKAGE = 301l, FILE = 302l, FILE_IN_OTHER_PROJECT = 999l;
+  private static final long PROJECT = 300l, PACKAGE = 301l, FILE = 302l, FILE_IN_OTHER_PROJECT = 999l, EMPTY_PROJECT=400l;
 
   @Test
   public void user_should_be_authorized() {
@@ -40,10 +40,10 @@ public class AuthorizationDaoTest extends AbstractDaoTestCase {
 
     AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
     Set<Long> componentIds = authorization.keepAuthorizedComponentIds(
-      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
       USER, "user");
 
-    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE);
+    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE, EMPTY_PROJECT);
 
     // user does not have the role "admin"
     componentIds = authorization.keepAuthorizedComponentIds(
@@ -59,14 +59,14 @@ public class AuthorizationDaoTest extends AbstractDaoTestCase {
 
     AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
     Set<Long> componentIds = authorization.keepAuthorizedComponentIds(
-      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
       USER, "user");
 
-    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE);
+    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE, EMPTY_PROJECT);
 
     // group does not have the role "admin"
     componentIds = authorization.keepAuthorizedComponentIds(
-      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
       USER, "admin");
     assertThat(componentIds).isEmpty();
   }
@@ -78,14 +78,14 @@ public class AuthorizationDaoTest extends AbstractDaoTestCase {
 
     AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
     Set<Long> componentIds = authorization.keepAuthorizedComponentIds(
-      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
       USER, "user");
 
-    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE);
+    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE, EMPTY_PROJECT);
 
     // group does not have the role "admin"
     componentIds = authorization.keepAuthorizedComponentIds(
-      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
       USER, "admin");
     assertThat(componentIds).isEmpty();
   }
@@ -96,10 +96,10 @@ public class AuthorizationDaoTest extends AbstractDaoTestCase {
 
     AuthorizationDao authorization = new AuthorizationDao(getMyBatis());
     Set<Long> componentIds = authorization.keepAuthorizedComponentIds(
-      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT),
+      Sets.<Long>newHashSet(PROJECT, PACKAGE, FILE, FILE_IN_OTHER_PROJECT, EMPTY_PROJECT),
       null, "user");
 
-    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE);
+    assertThat(componentIds).containsOnly(PROJECT, PACKAGE, FILE, EMPTY_PROJECT);
 
     // group does not have the role "admin"
     componentIds = authorization.keepAuthorizedComponentIds(
diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/anonymous_should_be_authorized.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/anonymous_should_be_authorized.xml
index 58cca91d8f1..76984033aa1 100644
--- a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/anonymous_should_be_authorized.xml
+++ b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/anonymous_should_be_authorized.xml
@@ -3,10 +3,12 @@
   <user_roles id="1" user_id="100" resource_id="999" role="user"/>
   <groups_users user_id="100" group_id="200"/>
   <group_roles id="1" group_id="[null]" resource_id="300" role="user"/>
+  <group_roles id="2" group_id="[null]" resource_id="400" role="user"/>
 
-  <snapshots id="1" project_id="300" root_project_id="300" islast="[true]"/>
-  <snapshots id="2" project_id="301" root_project_id="300" islast="[true]"/>
-  <snapshots id="3" project_id="302" root_project_id="300" islast="[true]"/>
-  <snapshots id="4" project_id="303" root_project_id="300" islast="[true]"/>
+  <projects id="301" kee="pj-w-snapshot:package" root_id="300" />
+  <projects id="302" kee="pj-w-snapshot:file" root_id="300" />
+  <projects id="303" kee="pj-w-snapshot:other" root_id="300" />
+  <projects id="300" kee="pj-w-snapshot" />
+  <projects id="400" kee="pj-wo-snapshot" />
 
 </dataset>
diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_be_authorized.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_be_authorized.xml
index b85ea3765d6..3631f49e9ee 100644
--- a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_be_authorized.xml
+++ b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_be_authorized.xml
@@ -5,10 +5,12 @@
   <user_roles id="1" user_id="100" resource_id="999" role="user"/>
   <groups_users user_id="100" group_id="200"/>
   <group_roles id="1" group_id="200" resource_id="300" role="user"/>
+  <group_roles id="2" group_id="200" resource_id="400" role="user"/>
 
-  <snapshots id="1" project_id="300" root_project_id="300" islast="[true]"/>
-  <snapshots id="2" project_id="301" root_project_id="300" islast="[true]"/>
-  <snapshots id="3" project_id="302" root_project_id="300" islast="[true]"/>
-  <snapshots id="4" project_id="303" root_project_id="300" islast="[true]"/>
+  <projects id="301" kee="pj-w-snapshot:package" root_id="300" />
+  <projects id="302" kee="pj-w-snapshot:file" root_id="300" />
+  <projects id="303" kee="pj-w-snapshot:other" root_id="300" />
+  <projects id="300" kee="pj-w-snapshot" />
+  <projects id="400" kee="pj-wo-snapshot" />
 
 </dataset>
diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_have_global_authorization.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_have_global_authorization.xml
index f79a1a2b08f..6ceb4b16f1b 100644
--- a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_have_global_authorization.xml
+++ b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/group_should_have_global_authorization.xml
@@ -6,9 +6,10 @@
   <groups_users user_id="100" group_id="200"/>
   <group_roles id="1" group_id="200" resource_id="[null]" role="user"/>
 
-  <snapshots id="1" project_id="300" root_project_id="300" islast="[true]"/>
-  <snapshots id="2" project_id="301" root_project_id="300" islast="[true]"/>
-  <snapshots id="3" project_id="302" root_project_id="300" islast="[true]"/>
-  <snapshots id="4" project_id="303" root_project_id="300" islast="[true]"/>
+  <projects id="301" kee="pj-w-snapshot:package" root_id="300" />
+  <projects id="302" kee="pj-w-snapshot:file" root_id="300" />
+  <projects id="303" kee="pj-w-snapshot:other" root_id="300" />
+  <projects id="300" kee="pj-w-snapshot" />
+  <projects id="400" kee="pj-wo-snapshot" />
 
 </dataset>
diff --git a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/user_should_be_authorized.xml b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/user_should_be_authorized.xml
index 7448058b9d6..b5d58e167cb 100644
--- a/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/user_should_be_authorized.xml
+++ b/sonar-core/src/test/resources/org/sonar/core/user/AuthorizationDaoTest/user_should_be_authorized.xml
@@ -2,12 +2,14 @@
 
   <!-- user 100 has the role "user" on the project 300 and in group 200 -->
   <user_roles id="1" user_id="100" resource_id="300" role="user"/>
+  <user_roles id="2" user_id="100" resource_id="400" role="user"/>
   <groups_users user_id="100" group_id="200"/>
   <group_roles id="1" group_id="200" resource_id="999" role="user"/>
 
-  <snapshots id="1" project_id="300" root_project_id="300" islast="[true]"/>
-  <snapshots id="2" project_id="301" root_project_id="300" islast="[true]"/>
-  <snapshots id="3" project_id="302" root_project_id="300" islast="[true]"/>
-  <snapshots id="4" project_id="303" root_project_id="300" islast="[true]"/>
+  <projects id="301" kee="pj-w-snapshot:package" root_id="300" />
+  <projects id="302" kee="pj-w-snapshot:file" root_id="300" />
+  <projects id="303" kee="pj-w-snapshot:other" root_id="300" />
+  <projects id="300" kee="pj-w-snapshot" />
+  <projects id="400" kee="pj-wo-snapshot" />
 
 </dataset>