SONAR-8173 delete existing permissions "shareDashboard" from db

12 files changed, 180 insertions, 181 deletions

diff --git a/it/it-tests/src/test/java/it/authorisation/DashboardSharingPermissionTest.java b/it/it-tests/src/test/java/it/authorisation/DashboardSharingPermissionTest.java
index 63a8146615b..9eb3496f0b1 100644
--- a/it/it-tests/src/test/java/it/authorisation/DashboardSharingPermissionTest.java
+++ b/it/it-tests/src/test/java/it/authorisation/DashboardSharingPermissionTest.java
@@ -27,7 +27,6 @@ import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Test;
-import org.sonarqube.ws.client.permission.AddUserWsRequest;
 import org.sonarqube.ws.client.permission.PermissionsService;
 import util.user.UserRule;
 
@@ -43,7 +42,6 @@ public class DashboardSharingPermissionTest {
 
   static String DASHBOARD_USER = "dashboard_user";
   static String CAN_SHARE_DASHBOARDS = "can_share_dashboards";
-  static String CANNOT_SHARE_DASHBOARDS = "cannot_share_dashboards";
 
   static PermissionsService permissionsWsClient;
 
@@ -55,12 +53,6 @@ public class DashboardSharingPermissionTest {
 
     userRule.createUser(DASHBOARD_USER, "password");
     userRule.createUser(CAN_SHARE_DASHBOARDS, "password");
-    userRule.createUser(CANNOT_SHARE_DASHBOARDS, "password");
-
-    permissionsWsClient.addUser(new AddUserWsRequest()
-      .setLogin(CAN_SHARE_DASHBOARDS)
-      .setPermission("shareDashboard")
-      );
   }
 
   @AfterClass
@@ -79,8 +71,7 @@ public class DashboardSharingPermissionTest {
   @Test
   public void share_global_dashboard() throws Exception {
     Selenese selenese = Selenese.builder().setHtmlTestsInClasspath("global-dashboard-sharing-permission",
-      "/authorisation/DashboardSharingPermissionTest/global-dashboard-sharing-allowed.html",
-      "/authorisation/DashboardSharingPermissionTest/global-dashboard-sharing-denied.html")
+      "/authorisation/DashboardSharingPermissionTest/global-dashboard-sharing-allowed.html")
       .build();
     orchestrator.executeSelenese(selenese);
   }
diff --git a/it/it-tests/src/test/java/it/authorisation/SystemAdminPermissionTest.java b/it/it-tests/src/test/java/it/authorisation/SystemAdminPermissionTest.java
index af310ada96f..383d2f0cd17 100644
--- a/it/it-tests/src/test/java/it/authorisation/SystemAdminPermissionTest.java
+++ b/it/it-tests/src/test/java/it/authorisation/SystemAdminPermissionTest.java
@@ -26,12 +26,8 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Test;
-import org.sonarqube.ws.client.permission.AddUserWsRequest;
-import org.sonarqube.ws.client.permission.PermissionsService;
 import util.user.UserRule;
 
-import static util.ItUtils.newAdminWsClient;
-
 public class SystemAdminPermissionTest {
 
   @ClassRule
@@ -44,11 +40,7 @@ public class SystemAdminPermissionTest {
   public static void setUpUsers() {
     orchestrator.resetData();
 
-    PermissionsService permissionsWsClient = newAdminWsClient(orchestrator).permissions();
-
     userRule.createUser("can_share", "password");
-    permissionsWsClient.addUser(new AddUserWsRequest().setLogin("can_share").setPermission("shareDashboard"));
-
     userRule.createUser("cannot_share", "password");
   }
 
@@ -77,8 +69,7 @@ public class SystemAdminPermissionTest {
   @Test
   public void should_change_ownership_of_shared_global_dashboard() throws Exception {
     seleniumSuite("change-global-dashboard-ownership",
-      "/authorisation/SystemAdminPermissionTest/change-shared-global-dashboard-owner.html",
-      "/authorisation/SystemAdminPermissionTest/change-shared-global-dashboard-owner-failure.html");
+      "/authorisation/SystemAdminPermissionTest/change-shared-global-dashboard-owner.html");
   }
 
   private void seleniumSuite(String suiteName, String... tests) {
diff --git a/it/it-tests/src/test/resources/authorisation/DashboardSharingPermissionTest/global-dashboard-sharing-denied.html b/it/it-tests/src/test/resources/authorisation/DashboardSharingPermissionTest/global-dashboard-sharing-denied.html
deleted file mode 100644
index 571c287cddb..00000000000
--- a/it/it-tests/src/test/resources/authorisation/DashboardSharingPermissionTest/global-dashboard-sharing-denied.html
+++ /dev/null
@@ -1,54 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head profile="http://selenium-ide.openqa.org/profiles/test-case">
-  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-  <title>global-dashboard-sharing-permission</title>
-</head>
-<body>
-<table cellpadding="1" cellspacing="1" border="1">
-  <tbody>
-  <tr>
-    <td>open</td>
-    <td>/sessions/logout</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>open</td>
-    <td>/dashboards</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>type</td>
-    <td>id=login</td>
-    <td>cannot_share_dashboards</td>
-  </tr>
-  <tr>
-    <td>type</td>
-    <td>id=password</td>
-    <td>password</td>
-  </tr>
-  <tr>
-    <td>clickAndWait</td>
-    <td>name=commit</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>click</td>
-    <td>create-link-dashboard</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>waitForVisible</td>
-    <td>css=div.modal-body</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>assertElementNotPresent</td>
-    <td>css=div.modal-body > div.modal.field > input#shared</td>
-    <td></td>
-  </tr>
-  </tbody>
-</table>
-</body>
-</html>
diff --git a/it/it-tests/src/test/resources/authorisation/SystemAdminPermissionTest/change-shared-global-dashboard-owner-failure.html b/it/it-tests/src/test/resources/authorisation/SystemAdminPermissionTest/change-shared-global-dashboard-owner-failure.html
deleted file mode 100644
index b3a6b718f3a..00000000000
--- a/it/it-tests/src/test/resources/authorisation/SystemAdminPermissionTest/change-shared-global-dashboard-owner-failure.html
+++ /dev/null
@@ -1,104 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head profile="http://selenium-ide.openqa.org/profiles/test-case">
-  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-  <title>change-shared-global-dashboard-owner</title>
-</head>
-<body>
-<table cellpadding="1" cellspacing="1" border="1">
-  <tbody>
-  <tr>
-      <td>open</td>
-      <td>/sessions/logout</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>open</td>
-    <td>/dashboards</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>type</td>
-    <td>login</td>
-    <td>admin</td>
-  </tr>
-  <tr>
-    <td>type</td>
-    <td>password</td>
-    <td>admin</td>
-  </tr>
-  <tr>
-    <td>clickAndWait</td>
-    <td>commit</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>click</td>
-    <td>create-link-dashboard</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>waitForVisible</td>
-    <td>css=div.modal-body</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>type</td>
-    <td>name</td>
-    <td>shared-global-dashboard-fail</td>
-  </tr>
-  <tr>
-    <td>storeValue</td>
-    <td>name</td>
-    <td>DASHBOARD_NAME</td>
-  </tr>
-  <tr>
-    <td>click</td>
-    <td>name=shared</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>clickAndWait</td>
-    <td>save-submit</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>waitForVisible</td>
-    <td>edit-${DASHBOARD_NAME}</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>click</td>
-    <td>edit-${DASHBOARD_NAME}</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>waitForVisible</td>
-    <td>css=div.modal-body</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>type</td>
-    <td>select-dashboard-owner</td>
-    <td>cannot_share</td>
-  </tr>
-  <tr>
-    <td>click</td>
-    <td>save-submit</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>waitForVisible</td>
-    <td>css=div.modal-body > p.error</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>waitForText</td>
-    <td>css=div.modal-body > p.error</td>
-    <td>glob:*User cannot own this dashboard because of insufficient rights*</td>
-  </tr>
-  </tbody>
-</table>
-</body>
-</html>
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/db/migrate/1402_delete_permission_share_dashboard.rb b/server/sonar-web/src/main/webapp/WEB-INF/db/migrate/1402_delete_permission_share_dashboard.rb
new file mode 100644
index 00000000000..0a469670eef
--- /dev/null
+++ b/server/sonar-web/src/main/webapp/WEB-INF/db/migrate/1402_delete_permission_share_dashboard.rb
@@ -0,0 +1,29 @@
+#
+# SonarQube, open source software quality management tool.
+# Copyright (C) 2008-2014 SonarSource
+# mailto:contact AT sonarsource DOT com
+#
+# SonarQube is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 3 of the License, or (at your option) any later version.
+#
+# SonarQube is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+
+#
+# SonarQube 6.2
+#
+class DeletePermissionShareDashboard < ActiveRecord::Migration
+
+  def self.up
+    execute_java_migration('org.sonar.db.version.v62.DeletePermissionShareDashboard')
+  end
+end
diff --git a/sonar-db/src/main/java/org/sonar/db/version/DatabaseVersion.java b/sonar-db/src/main/java/org/sonar/db/version/DatabaseVersion.java
index e071a09f747..c065e9f79cf 100644
--- a/sonar-db/src/main/java/org/sonar/db/version/DatabaseVersion.java
+++ b/sonar-db/src/main/java/org/sonar/db/version/DatabaseVersion.java
@@ -30,7 +30,7 @@ import org.sonar.db.MyBatis;
 
 public class DatabaseVersion {
 
-  public static final int LAST_VERSION = 1_401;
+  public static final int LAST_VERSION = 1_402;
 
   /**
    * The minimum supported version which can be upgraded. Lower
diff --git a/sonar-db/src/main/java/org/sonar/db/version/MigrationStepModule.java b/sonar-db/src/main/java/org/sonar/db/version/MigrationStepModule.java
index 6d22fe4f6b2..99ad098d33f 100644
--- a/sonar-db/src/main/java/org/sonar/db/version/MigrationStepModule.java
+++ b/sonar-db/src/main/java/org/sonar/db/version/MigrationStepModule.java
@@ -161,6 +161,7 @@ import org.sonar.db.version.v61.RemoveViewsDefinitionFromProperties;
 import org.sonar.db.version.v61.ShrinkModuleUuidPathOfProjects;
 import org.sonar.db.version.v62.CreateDefaultOrganization;
 import org.sonar.db.version.v62.CreateTableOrganizations;
+import org.sonar.db.version.v62.DeletePermissionShareDashboard;
 
 public class MigrationStepModule extends Module {
   @Override
@@ -342,6 +343,8 @@ public class MigrationStepModule extends Module {
 
       // 6.2
       CreateTableOrganizations.class,
-      CreateDefaultOrganization.class);
+      CreateDefaultOrganization.class,
+      DeletePermissionShareDashboard.class
+    );
   }
 }
diff --git a/sonar-db/src/main/java/org/sonar/db/version/v62/DeletePermissionShareDashboard.java b/sonar-db/src/main/java/org/sonar/db/version/v62/DeletePermissionShareDashboard.java
new file mode 100644
index 00000000000..e634220e9dc
--- /dev/null
+++ b/sonar-db/src/main/java/org/sonar/db/version/v62/DeletePermissionShareDashboard.java
@@ -0,0 +1,51 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2016 SonarSource SA
+ * mailto:contact AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.db.version.v62;
+
+import java.sql.SQLException;
+import org.sonar.db.Database;
+import org.sonar.db.version.BaseDataChange;
+import org.sonar.db.version.MassUpdate;
+
+public class DeletePermissionShareDashboard extends BaseDataChange {
+
+  private static final String PERMISSION = "shareDashboard";
+
+  public DeletePermissionShareDashboard(Database db) {
+    super(db);
+  }
+
+  @Override
+  public void execute(Context context) throws SQLException {
+    deleteFromTable(context, "group_roles");
+    deleteFromTable(context, "user_roles");
+  }
+
+  private static void deleteFromTable(Context context, String tableName) throws SQLException {
+    MassUpdate massUpdate = context.prepareMassUpdate();
+    massUpdate.select("select id from " + tableName + " where role=?").setString(1, PERMISSION);
+    massUpdate.update("delete from " + tableName + " where id=?");
+    massUpdate.rowPluralName(tableName);
+    massUpdate.execute((row, update) -> {
+      update.setLong(1, row.getLong(1));
+      return true;
+    });
+  }
+}
diff --git a/sonar-db/src/main/resources/org/sonar/db/version/rows-h2.sql b/sonar-db/src/main/resources/org/sonar/db/version/rows-h2.sql
index c59f2c5e0e1..9dfd8d2a3c3 100644
--- a/sonar-db/src/main/resources/org/sonar/db/version/rows-h2.sql
+++ b/sonar-db/src/main/resources/org/sonar/db/version/rows-h2.sql
@@ -506,6 +506,7 @@ INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('1319');
 
 INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('1400');
 INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('1401');
+INSERT INTO SCHEMA_MIGRATIONS(VERSION) VALUES ('1402');
 
 INSERT INTO USERS(ID, LOGIN, NAME, EMAIL, EXTERNAL_IDENTITY, EXTERNAL_IDENTITY_PROVIDER, USER_LOCAL, CRYPTED_PASSWORD, SALT, CREATED_AT, UPDATED_AT) VALUES (1, 'admin', 'Administrator', '', 'admin', 'sonarqube', true, 'a373a0e667abb2604c1fd571eb4ad47fe8cc0878', '48bc4b0d93179b5103fd3885ea9119498e9d161b', '1418215735482', '1418215735482');
 ALTER TABLE USERS ALTER COLUMN ID RESTART WITH 2;
diff --git a/sonar-db/src/test/java/org/sonar/db/version/MigrationStepModuleTest.java b/sonar-db/src/test/java/org/sonar/db/version/MigrationStepModuleTest.java
index 844afdc41b4..959b8ee341f 100644
--- a/sonar-db/src/test/java/org/sonar/db/version/MigrationStepModuleTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/version/MigrationStepModuleTest.java
@@ -29,6 +29,6 @@ public class MigrationStepModuleTest {
   public void verify_count_of_added_MigrationStep_types() {
     ComponentContainer container = new ComponentContainer();
     new MigrationStepModule().configure(container);
-    assertThat(container.size()).isEqualTo(143);
+    assertThat(container.size()).isEqualTo(144);
   }
 }
diff --git a/sonar-db/src/test/java/org/sonar/db/version/v62/DeletePermissionShareDashboardTest.java b/sonar-db/src/test/java/org/sonar/db/version/v62/DeletePermissionShareDashboardTest.java
new file mode 100644
index 00000000000..96af154fbad
--- /dev/null
+++ b/sonar-db/src/test/java/org/sonar/db/version/v62/DeletePermissionShareDashboardTest.java
@@ -0,0 +1,73 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2016 SonarSource SA
+ * mailto:contact AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.db.version.v62;
+
+import java.sql.SQLException;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.sonar.api.utils.System2;
+import org.sonar.db.DbTester;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class DeletePermissionShareDashboardTest {
+
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
+
+  @Rule
+  public DbTester db = DbTester.createForSchema(System2.INSTANCE, DeletePermissionShareDashboardTest.class, "roles.sql");
+
+  private DeletePermissionShareDashboard underTest = new DeletePermissionShareDashboard(db.database());
+
+  @Test
+  public void delete_permissions() throws SQLException {
+    // combinations of group permissions to be kept
+    db.executeInsert("group_roles", "id", "1", "group_id", null, "resource_id", null, "role", "admin");
+    db.executeInsert("group_roles", "id", "2", "group_id", null, "resource_id", "1", "role", "issueadmin");
+    db.executeInsert("group_roles", "id", "3", "group_id", "1", "resource_id", null, "role", "admin");
+    db.executeInsert("group_roles", "id", "4", "group_id", "1", "resource_id", "1", "role", "issueadmin");
+
+    // combinations of group permissions to be removed (even if it does make sense to have "shareDashboard"
+    // on projects)
+    db.executeInsert("group_roles", "id", "5", "group_id", null, "resource_id", null, "role", "shareDashboard");
+    db.executeInsert("group_roles", "id", "6", "group_id", null, "resource_id", "1", "role", "shareDashboard");
+    db.executeInsert("group_roles", "id", "7", "group_id", "1", "resource_id", null, "role", "shareDashboard");
+    db.executeInsert("group_roles", "id", "8", "group_id", "1", "resource_id", "1", "role", "shareDashboard");
+
+    // combinations of user permissions to be kept
+    db.executeInsert("user_roles", "id", "1", "user_id", "100", "resource_id", null, "role", "admin");
+    db.executeInsert("user_roles", "id", "2", "user_id", "100", "resource_id", "1", "role", "issueadmin");
+
+    // combinations of user permissions to be removed (even if it does make sense to have "shareDashboard"
+    // on projects)
+    db.executeInsert("user_roles", "id", "3", "user_id", "100", "resource_id", null, "role", "shareDashboard");
+    db.executeInsert("user_roles", "id", "4", "user_id", "100", "resource_id", "1", "role", "shareDashboard");
+
+    underTest.execute();
+
+    assertThat(db.countRowsOfTable("group_roles")).isEqualTo(4);
+    assertThat(db.countSql("select count(id) from group_roles where role='shareDashboard'")).isEqualTo(0);
+
+    assertThat(db.countRowsOfTable("user_roles")).isEqualTo(2);
+    assertThat(db.countSql("select count(id) from user_roles where role='shareDashboard'")).isEqualTo(0);
+  }
+}
diff --git a/sonar-db/src/test/resources/org/sonar/db/version/v62/DeletePermissionShareDashboardTest/roles.sql b/sonar-db/src/test/resources/org/sonar/db/version/v62/DeletePermissionShareDashboardTest/roles.sql
new file mode 100644
index 00000000000..4d08a027079
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/version/v62/DeletePermissionShareDashboardTest/roles.sql
@@ -0,0 +1,18 @@
+CREATE TABLE "GROUP_ROLES" (
+  "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1),
+  "GROUP_ID" INTEGER,
+  "RESOURCE_ID" INTEGER,
+  "ROLE" VARCHAR(64) NOT NULL
+);
+CREATE INDEX "GROUP_ROLES_RESOURCE" ON "GROUP_ROLES" ("RESOURCE_ID");
+CREATE UNIQUE INDEX "UNIQ_GROUP_ROLES" ON "GROUP_ROLES" ("GROUP_ID", "RESOURCE_ID", "ROLE");
+
+
+CREATE TABLE "USER_ROLES" (
+  "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1),
+  "USER_ID" INTEGER,
+  "RESOURCE_ID" INTEGER,
+  "ROLE" VARCHAR(64) NOT NULL
+);
+CREATE INDEX "USER_ROLES_RESOURCE" ON "USER_ROLES" ("RESOURCE_ID");
+CREATE INDEX "USER_ROLES_USER" ON "USER_ROLES" ("USER_ID");