SONAR-6805 WS permissions/remove_group allow removal of last group and users admin permissions

1 files changed, 2 insertions, 0 deletions

diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionUpdater.java
index b78b2541988..9ce9a0bdaa4 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionUpdater.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/PermissionUpdater.java
@@ -146,6 +146,7 @@ public class PermissionUpdater {
 
   private void checkOtherAdminUsersExist(DbSession session, PermissionChange permissionChange) {
     if (GlobalPermissions.SYSTEM_ADMIN.equals(permissionChange.permission())
+      && permissionChange.componentKey() == null
       && dbClient.roleDao().countUserPermissions(session, permissionChange.permission(), null) <= 1) {
       throw new BadRequestException(String.format("Last user with '%s' permission. Permission cannot be removed.", GlobalPermissions.SYSTEM_ADMIN));
     }
@@ -154,6 +155,7 @@ public class PermissionUpdater {
   private void checkAdminUsersExistOutsideTheRemovedGroup(DbSession session, PermissionChange permissionChange, @Nullable Long groupIdToExclude) {
     if (GlobalPermissions.SYSTEM_ADMIN.equals(permissionChange.permission())
       && groupIdToExclude != null
+      && permissionChange.componentKey() == null
       && dbClient.roleDao().countUserPermissions(session, permissionChange.permission(), groupIdToExclude) <= 0) {
       throw new BadRequestException(String.format("Last group with '%s' permission. Permission cannot be removed.", GlobalPermissions.SYSTEM_ADMIN));
     }