SONAR-4939 Add Anyone group

8 files changed, 276 insertions, 109 deletions

diff --git a/sonar-core/src/main/java/org/sonar/core/permission/PermissionDao.java b/sonar-core/src/main/java/org/sonar/core/permission/PermissionDao.java
index b14bb8eda82..7e038608a5d 100644
--- a/sonar-core/src/main/java/org/sonar/core/permission/PermissionDao.java
+++ b/sonar-core/src/main/java/org/sonar/core/permission/PermissionDao.java
@@ -24,6 +24,7 @@ import com.google.common.annotations.VisibleForTesting;
 import org.apache.ibatis.session.RowBounds;
 import org.apache.ibatis.session.SqlSession;
 import org.sonar.api.ServerComponent;
+import org.sonar.api.security.DefaultGroups;
 import org.sonar.core.persistence.MyBatis;
 
 import javax.annotation.Nullable;
@@ -41,6 +42,9 @@ public class PermissionDao implements ServerComponent {
     this.mybatis = mybatis;
   }
 
+  /**
+   * @return a paginated list of users.
+   */
   public List<UserWithPermissionDto> selectUsers(WithPermissionQuery query, @Nullable Long componentId, int offset, int limit) {
     SqlSession session = mybatis.openSession();
     try {
@@ -58,21 +62,21 @@ public class PermissionDao implements ServerComponent {
     return selectUsers(query, componentId, 0, Integer.MAX_VALUE);
   }
 
-  public List<GroupWithPermissionDto> selectGroups(WithPermissionQuery query, @Nullable Long componentId, int offset, int limit) {
+  /**
+   * @return a non paginated list of groups.
+   * Membership parameter from query is not taking into account in order to deal more easily deal the 'Anyone' group
+   */
+  public List<GroupWithPermissionDto> selectGroups(WithPermissionQuery query, @Nullable Long componentId) {
     SqlSession session = mybatis.openSession();
     try {
       Map<String, Object> params = newHashMap();
       params.put("query", query);
       params.put("componentId", componentId);
-      return session.selectList("org.sonar.core.permission.PermissionMapper.selectGroups", params, new RowBounds(offset, limit));
+      params.put("anyoneGroup", DefaultGroups.ANYONE);
+      return session.selectList("org.sonar.core.permission.PermissionMapper.selectGroups", params);
     } finally {
       MyBatis.closeQuietly(session);
     }
   }
 
-  @VisibleForTesting
-  List<GroupWithPermissionDto> selectGroups(WithPermissionQuery query, @Nullable Long componentId) {
-    return selectGroups(query, componentId, 0, Integer.MAX_VALUE);
-  }
-
 }
diff --git a/sonar-core/src/main/resources/org/sonar/core/permission/PermissionMapper.xml b/sonar-core/src/main/resources/org/sonar/core/permission/PermissionMapper.xml
index 21aaea36d86..378e829ef17 100644
--- a/sonar-core/src/main/resources/org/sonar/core/permission/PermissionMapper.xml
+++ b/sonar-core/src/main/resources/org/sonar/core/permission/PermissionMapper.xml
@@ -30,7 +30,8 @@
   </select>
 
   <select id="selectGroups" parameterType="map" resultType="GroupWithPermission">
-    SELECT g.name as name, group_role.role as permission
+    SELECT name, permission FROM
+    (SELECT g.name as name, group_role.role as permission
     FROM groups g
     LEFT JOIN group_roles group_role ON group_role.group_id=g.id AND group_role.role=#{query.permission}
     <if test="componentId != null">
@@ -39,20 +40,27 @@
     <if test="componentId == null">
       AND group_role.resource_id IS NULL
     </if>
+    UNION
+    -- Add Anyone group
+    SELECT #{anyoneGroup} as name, group_role.role as permission
+    FROM group_roles group_role
+    <where>
+      AND group_role.group_id IS NULL
+      AND group_role.role=#{query.permission}
+      <if test="componentId != null">
+        AND group_role.resource_id=#{componentId}
+      </if>
+      <if test="componentId == null">
+        AND group_role.resource_id IS NULL
+      </if>
+    </where>
+    ) as groups
     <where>
-      <choose>
-        <when test="query.membership() == 'IN'">
-          AND group_role.role IS NOT NULL
-        </when>
-        <when test="query.membership() == 'OUT'">
-          AND group_role.role IS NULL
-        </when>
-      </choose>
       <if test="query.search() != null">
-        AND (UPPER(g.name) LIKE #{query.searchSql} ESCAPE '/')
+        AND (UPPER(groups.name) LIKE #{query.searchSql} ESCAPE '/')
       </if>
     </where>
-    ORDER BY g.name
+    ORDER BY groups.name
   </select>
 
 </mapper>
diff --git a/sonar-core/src/test/java/org/sonar/core/permission/GroupWithPermissionDaoTest.java b/sonar-core/src/test/java/org/sonar/core/permission/GroupWithPermissionDaoTest.java
index a514b360cc0..47d7ee6ec87 100644
--- a/sonar-core/src/test/java/org/sonar/core/permission/GroupWithPermissionDaoTest.java
+++ b/sonar-core/src/test/java/org/sonar/core/permission/GroupWithPermissionDaoTest.java
@@ -40,61 +40,71 @@ public class GroupWithPermissionDaoTest extends AbstractDaoTestCase {
   }
 
   @Test
-  public void select_all_groups_for_project_permission() throws Exception {
+  public void select_groups_for_project_permission() throws Exception {
     setupData("groups_with_permissions");
 
     WithPermissionQuery query = WithPermissionQuery.builder().permission("user").build();
     List<GroupWithPermissionDto> result = dao.selectGroups(query, COMPONENT_ID);
-    assertThat(result).hasSize(3);
+    assertThat(result).hasSize(4);
+
+    GroupWithPermissionDto anyone = result.get(0);
+    assertThat(anyone.getName()).isEqualTo("Anyone");
+    assertThat(anyone.getPermission()).isNotNull();
 
-    GroupWithPermissionDto user1 = result.get(0);
-    assertThat(user1.getName()).isEqualTo("sonar-administrators");
-    assertThat(user1.getPermission()).isNotNull();
+    GroupWithPermissionDto group1 = result.get(1);
+    assertThat(group1.getName()).isEqualTo("sonar-administrators");
+    assertThat(group1.getPermission()).isNotNull();
 
-    GroupWithPermissionDto user2 = result.get(1);
-    assertThat(user2.getName()).isEqualTo("sonar-reviewers");
-    assertThat(user2.getPermission()).isNull();
+    GroupWithPermissionDto group2 = result.get(2);
+    assertThat(group2.getName()).isEqualTo("sonar-reviewers");
+    assertThat(group2.getPermission()).isNull();
 
-    GroupWithPermissionDto user3 = result.get(2);
-    assertThat(user3.getName()).isEqualTo("sonar-users");
-    assertThat(user3.getPermission()).isNotNull();
+    GroupWithPermissionDto group3 = result.get(3);
+    assertThat(group3.getName()).isEqualTo("sonar-users");
+    assertThat(group3.getPermission()).isNotNull();
   }
 
   @Test
-  public void select_all_groups_for_global_permission() throws Exception {
+  public void anyone_group_is_not_returned_when_it_has_no_permission() throws Exception {
     setupData("groups_with_permissions");
 
+    // Anyone group has not the permission 'admin', so it's not returned
     WithPermissionQuery query = WithPermissionQuery.builder().permission("admin").build();
-    List<GroupWithPermissionDto> result = dao.selectGroups(query, null);
+    List<GroupWithPermissionDto> result = dao.selectGroups(query, COMPONENT_ID);
     assertThat(result).hasSize(3);
 
-    GroupWithPermissionDto user1 = result.get(0);
-    assertThat(user1.getName()).isEqualTo("sonar-administrators");
-    assertThat(user1.getPermission()).isNotNull();
+    GroupWithPermissionDto group1 = result.get(0);
+    assertThat(group1.getName()).isEqualTo("sonar-administrators");
+    assertThat(group1.getPermission()).isNotNull();
 
-    GroupWithPermissionDto user2 = result.get(1);
-    assertThat(user2.getName()).isEqualTo("sonar-reviewers");
-    assertThat(user2.getPermission()).isNull();
+    GroupWithPermissionDto group2 = result.get(1);
+    assertThat(group2.getName()).isEqualTo("sonar-reviewers");
+    assertThat(group2.getPermission()).isNull();
 
-    GroupWithPermissionDto user3 = result.get(2);
-    assertThat(user3.getName()).isEqualTo("sonar-users");
-    assertThat(user3.getPermission()).isNull();
+    GroupWithPermissionDto group3 = result.get(2);
+    assertThat(group3.getName()).isEqualTo("sonar-users");
+    assertThat(group3.getPermission()).isNull();
   }
 
   @Test
-  public void select_only_group_with_permission() throws Exception {
+  public void select_groups_for_global_permission() throws Exception {
     setupData("groups_with_permissions");
 
-    // user1 and user2 have permission user
-    assertThat(dao.selectGroups(WithPermissionQuery.builder().permission("user").membership(WithPermissionQuery.IN).build(), COMPONENT_ID)).hasSize(2);
-  }
+    WithPermissionQuery query = WithPermissionQuery.builder().permission("admin").build();
+    List<GroupWithPermissionDto> result = dao.selectGroups(query, null);
+    assertThat(result).hasSize(3);
 
-  @Test
-  public void select_only_group_without_permission() throws Exception {
-    setupData("groups_with_permissions");
+    GroupWithPermissionDto group1 = result.get(0);
+    assertThat(group1.getName()).isEqualTo("sonar-administrators");
+    assertThat(group1.getPermission()).isNotNull();
+
+    GroupWithPermissionDto group2 = result.get(1);
+    assertThat(group2.getName()).isEqualTo("sonar-reviewers");
+    assertThat(group2.getPermission()).isNull();
 
-    // Only user3 has not the user permission
-    assertThat(dao.selectGroups(WithPermissionQuery.builder().permission("user").membership(WithPermissionQuery.OUT).build(), COMPONENT_ID)).hasSize(1);
+    GroupWithPermissionDto group3 = result.get(2);
+    assertThat(group3.getName()).isEqualTo("sonar-users");
+    assertThat(group3.getPermission()).isNull();
   }
 
   @Test
@@ -114,29 +124,11 @@ public class GroupWithPermissionDaoTest extends AbstractDaoTestCase {
     setupData("groups_with_permissions_should_be_sorted_by_group_name");
 
     List<GroupWithPermissionDto> result = dao.selectGroups(WithPermissionQuery.builder().permission("user").build(), COMPONENT_ID);
-    assertThat(result).hasSize(3);
-    assertThat(result.get(0).getName()).isEqualTo("sonar-administrators");
-    assertThat(result.get(1).getName()).isEqualTo("sonar-reviewers");
-    assertThat(result.get(2).getName()).isEqualTo("sonar-users");
-  }
-
-  @Test
-  public void search_groups_should_be_paginated() throws Exception {
-    setupData("groups_with_permissions");
-
-    List<GroupWithPermissionDto> result = dao.selectGroups(WithPermissionQuery.builder().permission("user").build(), COMPONENT_ID, 0, 2);
-    assertThat(result).hasSize(2);
-    assertThat(result.get(0).getName()).isEqualTo("sonar-administrators");
-    assertThat(result.get(1).getName()).isEqualTo("sonar-reviewers");
-
-    result = dao.selectGroups(WithPermissionQuery.builder().permission("user").build(), COMPONENT_ID, 1, 2);
-    assertThat(result).hasSize(2);
-    assertThat(result.get(0).getName()).isEqualTo("sonar-reviewers");
-    assertThat(result.get(1).getName()).isEqualTo("sonar-users");
-
-    result = dao.selectGroups(WithPermissionQuery.builder().permission("user").build(), COMPONENT_ID, 2, 1);
-    assertThat(result).hasSize(1);
-    assertThat(result.get(0).getName()).isEqualTo("sonar-users");
+    assertThat(result).hasSize(4);
+    assertThat(result.get(0).getName()).isEqualTo("Anyone");
+    assertThat(result.get(1).getName()).isEqualTo("sonar-administrators");
+    assertThat(result.get(2).getName()).isEqualTo("sonar-reviewers");
+    assertThat(result.get(3).getName()).isEqualTo("sonar-users");
   }
 
 }
diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/GroupWithPermissionDaoTest/groups_with_permissions.xml b/sonar-core/src/test/resources/org/sonar/core/permission/GroupWithPermissionDaoTest/groups_with_permissions.xml
index 7531359653d..820e566dbdf 100644
--- a/sonar-core/src/test/resources/org/sonar/core/permission/GroupWithPermissionDaoTest/groups_with_permissions.xml
+++ b/sonar-core/src/test/resources/org/sonar/core/permission/GroupWithPermissionDaoTest/groups_with_permissions.xml
@@ -11,6 +11,9 @@
 
   <group_roles id="4" group_id="201" resource_id="100" role="user"/>
 
+  <!-- Permission 'user' for Anyone group -->
+  <group_roles id="5" group_id="[null]" resource_id="100" role="user"/>
+
   <!-- Global permission -->
   <group_roles id="10" group_id="200" resource_id="[null]" role="admin"/>
 
diff --git a/sonar-core/src/test/resources/org/sonar/core/permission/GroupWithPermissionDaoTest/groups_with_permissions_should_be_sorted_by_group_name.xml b/sonar-core/src/test/resources/org/sonar/core/permission/GroupWithPermissionDaoTest/groups_with_permissions_should_be_sorted_by_group_name.xml
index 21239cf38d4..ba9d9acf297 100644
--- a/sonar-core/src/test/resources/org/sonar/core/permission/GroupWithPermissionDaoTest/groups_with_permissions_should_be_sorted_by_group_name.xml
+++ b/sonar-core/src/test/resources/org/sonar/core/permission/GroupWithPermissionDaoTest/groups_with_permissions_should_be_sorted_by_group_name.xml
@@ -9,4 +9,7 @@
   <group_roles id="2" group_id="200" resource_id="100" role="admin"/>
   <group_roles id="3" group_id="200" resource_id="100" role="codeviewer"/>
 
+  <!-- Permission for Anyone group -->
+  <group_roles id="4" group_id="[null]" resource_id="100" role="user"/>
+
 </dataset>
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/utils/Paging.java b/sonar-plugin-api/src/main/java/org/sonar/api/utils/Paging.java
index e233dadd227..04389e277b5 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/utils/Paging.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/utils/Paging.java
@@ -71,6 +71,14 @@ public class Paging {
     return p;
   }
 
+  /**
+   *
+   * @since 4.1
+   */
+  public boolean hasNextPage(){
+    return pageIndex() < pages();
+  }
+
   public static Paging create(int pageSize, int pageIndex, int totalItems) {
     if (pageSize<1) {
       throw new IllegalArgumentException("Page size must be strictly positive. Got " + pageSize);
diff --git a/sonar-server/src/main/java/org/sonar/server/permission/PermissionFinder.java b/sonar-server/src/main/java/org/sonar/server/permission/PermissionFinder.java
index 838aa254619..263f933e7c5 100644
--- a/sonar-server/src/main/java/org/sonar/server/permission/PermissionFinder.java
+++ b/sonar-server/src/main/java/org/sonar/server/permission/PermissionFinder.java
@@ -19,7 +19,12 @@
  */
 package org.sonar.server.permission;
 
+import org.apache.commons.lang.StringUtils;
+import org.elasticsearch.common.base.Predicate;
+import org.elasticsearch.common.collect.Iterables;
 import org.sonar.api.ServerComponent;
+import org.sonar.api.security.DefaultGroups;
+import org.sonar.api.utils.Paging;
 import org.sonar.core.permission.*;
 import org.sonar.core.resource.ResourceDao;
 import org.sonar.core.resource.ResourceDto;
@@ -28,6 +33,7 @@ import org.sonar.server.exceptions.NotFoundException;
 
 import javax.annotation.Nullable;
 
+import java.util.Collection;
 import java.util.List;
 
 import static com.google.common.collect.Lists.newArrayList;
@@ -60,24 +66,6 @@ public class PermissionFinder implements ServerComponent {
     return new UserWithPermissionQueryResult(toUserWithPermissionList(dtos), hasMoreResults);
   }
 
-  public GroupWithPermissionQueryResult findGroupsWithPermission(WithPermissionQuery query) {
-    Long componentId = getComponentId(query.component());
-    int pageSize = query.pageSize();
-    int pageIndex = query.pageIndex();
-
-    int offset = (pageIndex - 1) * pageSize;
-    // Add one to page size in order to be able to know if there's more results or not
-    int limit = pageSize + 1;
-    List<GroupWithPermissionDto> dtos = dao.selectGroups(query, componentId, offset, limit);
-    boolean hasMoreResults = false;
-    if (dtos.size() == limit) {
-      hasMoreResults = true;
-      // Removed last entry as it's only need to know if there more results or not
-      dtos.remove(dtos.size() - 1);
-    }
-    return new GroupWithPermissionQueryResult(toGroupWithPermissionList(dtos), hasMoreResults);
-  }
-
   private List<UserWithPermission> toUserWithPermissionList(List<UserWithPermissionDto> dtos) {
     List<UserWithPermission> users = newArrayList();
     for (UserWithPermissionDto dto : dtos) {
@@ -86,12 +74,63 @@ public class PermissionFinder implements ServerComponent {
     return users;
   }
 
-  private List<GroupWithPermission> toGroupWithPermissionList(List<GroupWithPermissionDto> dtos) {
-    List<GroupWithPermission> users = newArrayList();
+  /**
+   * Paging for groups search is done in Java in order to correctly handle the 'Anyone' group
+   */
+  public GroupWithPermissionQueryResult findGroupsWithPermission(WithPermissionQuery query) {
+    Long componentId = getComponentId(query.component());
+
+    List<GroupWithPermissionDto> dtos = dao.selectGroups(query, componentId);
+    addAnyoneGroup(dtos, query);
+    List<GroupWithPermissionDto> filteredDtos = filterMembership(dtos, query);
+
+    Paging paging = Paging.create(query.pageSize(), query.pageIndex(), filteredDtos.size());
+    List<GroupWithPermission> pagedGroups = pagedGroups(filteredDtos, paging);
+    return new GroupWithPermissionQueryResult(pagedGroups, paging.hasNextPage());
+  }
+
+  private List<GroupWithPermissionDto> filterMembership(List<GroupWithPermissionDto> dtos, final WithPermissionQuery query) {
+    return newArrayList(Iterables.filter(dtos, new Predicate<GroupWithPermissionDto>() {
+      @Override
+      public boolean apply(GroupWithPermissionDto dto) {
+        if (query.membership().equals(WithPermissionQuery.IN)) {
+          return dto.getPermission() != null;
+        } else if (query.membership().equals(WithPermissionQuery.OUT)) {
+          return dto.getPermission() == null;
+        }
+        return true;
+      }
+    }));
+  }
+
+  /**
+   * As the anyone group does not exists in db, it's not returned when it has not the permission.
+   * We have to manually add it at the begin of the list, if it matched the search text
+   */
+  private void addAnyoneGroup(List<GroupWithPermissionDto> groups, WithPermissionQuery query) {
+    boolean hasAnyoneGroup = Iterables.any(groups, new Predicate<GroupWithPermissionDto>() {
+      @Override
+      public boolean apply(GroupWithPermissionDto group) {
+        return group.getName().equals(DefaultGroups.ANYONE);
+      }
+    });
+    if (!hasAnyoneGroup && (query.search() == null || StringUtils.containsIgnoreCase(DefaultGroups.ANYONE, query.search()))) {
+      groups.add(0, new GroupWithPermissionDto().setName(DefaultGroups.ANYONE));
+    }
+  }
+
+  private List<GroupWithPermission> pagedGroups(Collection<GroupWithPermissionDto> dtos, Paging paging) {
+    List<GroupWithPermission> groups = newArrayList();
+    int index = 0;
     for (GroupWithPermissionDto dto : dtos) {
-      users.add(dto.toGroupWithPermission());
+      if (index >= paging.offset() && groups.size() < paging.pageSize()) {
+        groups.add(dto.toGroupWithPermission());
+      } else if (groups.size() >= paging.pageSize()) {
+        break;
+      }
+      index++;
     }
-    return users;
+    return groups;
   }
 
   @Nullable
diff --git a/sonar-server/src/test/java/org/sonar/server/permission/PermissionFinderTest.java b/sonar-server/src/test/java/org/sonar/server/permission/PermissionFinderTest.java
index 03782075257..b24f4e33c8e 100644
--- a/sonar-server/src/test/java/org/sonar/server/permission/PermissionFinderTest.java
+++ b/sonar-server/src/test/java/org/sonar/server/permission/PermissionFinderTest.java
@@ -25,13 +25,13 @@ import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
-import org.sonar.core.permission.PermissionDao;
-import org.sonar.core.permission.UserWithPermissionDto;
-import org.sonar.core.permission.WithPermissionQuery;
+import org.sonar.core.permission.*;
 import org.sonar.core.resource.ResourceDao;
 import org.sonar.core.resource.ResourceDto;
 import org.sonar.core.resource.ResourceQuery;
 
+import java.util.List;
+
 import static com.google.common.collect.Lists.newArrayList;
 import static org.fest.assertions.Assertions.assertThat;
 import static org.mockito.Matchers.*;
@@ -56,10 +56,10 @@ public class PermissionFinderTest {
   }
 
   @Test
-  public void find() throws Exception {
+  public void find_users() throws Exception {
     WithPermissionQuery query = WithPermissionQuery.builder().permission("user").build();
     when(dao.selectUsers(eq(query), anyLong(), anyInt(), anyInt())).thenReturn(
-      newArrayList(new UserWithPermissionDto().setName("user1"))
+      newArrayList(new UserWithPermissionDto().setName("user1").setPermission("user"))
     );
 
     UserWithPermissionQueryResult result = finder.findUsersWithPermission(query);
@@ -68,7 +68,7 @@ public class PermissionFinderTest {
   }
 
   @Test
-  public void find_with_paging() throws Exception {
+  public void find_users_with_paging() throws Exception {
     WithPermissionQuery query = WithPermissionQuery.builder().permission("user").pageIndex(3).pageSize(10).build();
     finder.findUsersWithPermission(query);
 
@@ -81,12 +81,12 @@ public class PermissionFinderTest {
   }
 
   @Test
-  public void find_with_paging_having_more_results() throws Exception {
+  public void find_users_with_paging_having_more_results() throws Exception {
     WithPermissionQuery query = WithPermissionQuery.builder().permission("user").pageIndex(1).pageSize(2).build();
     when(dao.selectUsers(eq(query), anyLong(), anyInt(), anyInt())).thenReturn(newArrayList(
-      new UserWithPermissionDto().setName("user1"),
-      new UserWithPermissionDto().setName("user2"),
-      new UserWithPermissionDto().setName("user3"))
+      new UserWithPermissionDto().setName("user1").setPermission("user"),
+      new UserWithPermissionDto().setName("user2").setPermission("user"),
+      new UserWithPermissionDto().setName("user3").setPermission("user"))
     );
     UserWithPermissionQueryResult result = finder.findUsersWithPermission(query);
 
@@ -100,13 +100,13 @@ public class PermissionFinderTest {
   }
 
   @Test
-  public void find_with_paging_having_no_more_results() throws Exception {
+  public void find_users_with_paging_having_no_more_results() throws Exception {
     WithPermissionQuery query = WithPermissionQuery.builder().permission("user").pageIndex(1).pageSize(10).build();
     when(dao.selectUsers(eq(query), anyLong(), anyInt(), anyInt())).thenReturn(newArrayList(
-      new UserWithPermissionDto().setName("user1"),
-      new UserWithPermissionDto().setName("user2"),
-      new UserWithPermissionDto().setName("user4"),
-      new UserWithPermissionDto().setName("user3"))
+      new UserWithPermissionDto().setName("user1").setPermission("user"),
+      new UserWithPermissionDto().setName("user2").setPermission("user"),
+      new UserWithPermissionDto().setName("user4").setPermission("user"),
+      new UserWithPermissionDto().setName("user3").setPermission("user"))
     );
     UserWithPermissionQueryResult result = finder.findUsersWithPermission(query);
 
@@ -119,4 +119,114 @@ public class PermissionFinderTest {
     assertThat(result.hasMoreResults()).isFalse();
   }
 
+  @Test
+  public void find_groups() throws Exception {
+    when(dao.selectGroups(any(WithPermissionQuery.class), anyLong())).thenReturn(
+      newArrayList(new GroupWithPermissionDto().setName("users").setPermission("user"))
+    );
+
+    GroupWithPermissionQueryResult result = finder.findGroupsWithPermission(
+      WithPermissionQuery.builder().permission("user").membership(WithPermissionQuery.IN).build());
+    assertThat(result.groups()).hasSize(1);
+    assertThat(result.hasMoreResults()).isFalse();
+  }
+
+  @Test
+  public void find_groups_should_be_paginated() throws Exception {
+    when(dao.selectGroups(any(WithPermissionQuery.class), anyLong())).thenReturn(newArrayList(
+      new GroupWithPermissionDto().setName("Anyone").setPermission("user"),
+      new GroupWithPermissionDto().setName("Admin").setPermission("user"),
+      new GroupWithPermissionDto().setName("Users").setPermission(null),
+      new GroupWithPermissionDto().setName("Reviewers").setPermission(null),
+      new GroupWithPermissionDto().setName("Other").setPermission(null)
+    ));
+
+    GroupWithPermissionQueryResult result = finder.findGroupsWithPermission(
+      WithPermissionQuery.builder()
+        .permission("user")
+        .pageSize(2)
+        .pageIndex(2)
+        .build());
+
+    assertThat(result.hasMoreResults()).isTrue();
+    List<GroupWithPermission> groups = result.groups();
+    assertThat(groups).hasSize(2);
+    assertThat(groups.get(0).name()).isEqualTo("Users");
+    assertThat(groups.get(1).name()).isEqualTo("Reviewers");
+
+    assertThat(finder.findGroupsWithPermission(
+      WithPermissionQuery.builder()
+        .permission("user")
+        .pageSize(2)
+        .pageIndex(3)
+        .build()).hasMoreResults()).isFalse();
+  }
+
+  @Test
+  public void find_groups_should_filter_membership() throws Exception {
+    when(dao.selectGroups(any(WithPermissionQuery.class), anyLong())).thenReturn(newArrayList(
+      new GroupWithPermissionDto().setName("Anyone").setPermission("user"),
+      new GroupWithPermissionDto().setName("Admin").setPermission("user"),
+      new GroupWithPermissionDto().setName("Users").setPermission(null),
+      new GroupWithPermissionDto().setName("Reviewers").setPermission(null),
+      new GroupWithPermissionDto().setName("Other").setPermission(null)
+    ));
+
+    assertThat(finder.findGroupsWithPermission(
+      WithPermissionQuery.builder().permission("user").membership(WithPermissionQuery.IN).build()).groups()).hasSize(2);
+    assertThat(finder.findGroupsWithPermission(
+      WithPermissionQuery.builder().permission("user").membership(WithPermissionQuery.OUT).build()).groups()).hasSize(3);
+    assertThat(finder.findGroupsWithPermission(
+      WithPermissionQuery.builder().permission("user").membership(WithPermissionQuery.ANY).build()).groups()).hasSize(5);
+  }
+
+  @Test
+  public void find_groups_with_added_anyone_group() throws Exception {
+    when(dao.selectGroups(any(WithPermissionQuery.class), anyLong())).thenReturn(
+      newArrayList(new GroupWithPermissionDto().setName("users").setPermission("user"))
+    );
+
+    GroupWithPermissionQueryResult result = finder.findGroupsWithPermission( WithPermissionQuery.builder().permission("user")
+      .pageIndex(1).membership(WithPermissionQuery.ANY).build());
+    assertThat(result.groups()).hasSize(2);
+    GroupWithPermission first = result.groups().get(0);
+    assertThat(first.name()).isEqualTo("Anyone");
+    assertThat(first.hasPermission()).isFalse();
+  }
+
+  @Test
+  public void find_groups_without_adding_anyone_group_when_search_text_do_not_matched() throws Exception {
+    when(dao.selectGroups(any(WithPermissionQuery.class), anyLong())).thenReturn(
+      newArrayList(new GroupWithPermissionDto().setName("users").setPermission("user"))
+    );
+
+    GroupWithPermissionQueryResult result = finder.findGroupsWithPermission(WithPermissionQuery.builder().permission("user").search("other")
+      .pageIndex(1).membership(WithPermissionQuery.ANY).build());
+    // Anyone group should not be added
+    assertThat(result.groups()).hasSize(1);
+  }
+
+  @Test
+  public void find_groups_with_added_anyone_group_when_search_text_matched() throws Exception {
+    when(dao.selectGroups(any(WithPermissionQuery.class), anyLong())).thenReturn(
+      newArrayList(new GroupWithPermissionDto().setName("MyAnyGroup").setPermission("user"))
+    );
+
+    GroupWithPermissionQueryResult result = finder.findGroupsWithPermission(WithPermissionQuery.builder().permission("user").search("any")
+      .pageIndex(1).membership(WithPermissionQuery.ANY).build());
+    assertThat(result.groups()).hasSize(2);
+  }
+
+  @Test
+  public void find_groups_without_adding_anyone_group_when_out_membership_selected() throws Exception {
+    when(dao.selectGroups(any(WithPermissionQuery.class), anyLong())).thenReturn(
+      newArrayList(new GroupWithPermissionDto().setName("users").setPermission("user"))
+    );
+
+    GroupWithPermissionQueryResult result = finder.findGroupsWithPermission( WithPermissionQuery.builder().permission("user")
+      .pageIndex(1).membership(WithPermissionQuery.OUT).build());
+    // Anyone group should not be added
+    assertThat(result.groups()).hasSize(1);
+  }
+
 }