SONAR-3618 Support custom default permissions for non-project resources

author: Simon Brandhof <simon.brandhof@gmail.com> 2012-07-05 16:40:16 +0200
committer: Simon Brandhof <simon.brandhof@gmail.com> 2012-07-05 17:00:17 +0200
commit: cba251c929936768308e59365bc44f532bb16756 (patch)
tree: 5b6b4afcc4863b6264e41d112677e31b7ea1da8f /plugins
parent: 5016b01b23344d65768d68ab03419caad3f57c4b (diff)
download: sonarqube-cba251c929936768308e59365bc44f532bb16756.tar.gz
sonarqube-cba251c929936768308e59365bc44f532bb16756.zip
30 files changed, 570 insertions, 523 deletions
diff --git a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/CorePlugin.java b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/CorePlugin.java
index 86cb29c81a7..cad94d72a16 100644
--- a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/CorePlugin.java
+++ b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/CorePlugin.java
@@ -20,12 +20,7 @@
 package org.sonar.plugins.core;
 
 import com.google.common.collect.ImmutableList;
-import org.sonar.api.CoreProperties;
-import org.sonar.api.Extension;
-import org.sonar.api.Properties;
-import org.sonar.api.Property;
-import org.sonar.api.PropertyType;
-import org.sonar.api.SonarPlugin;
+import org.sonar.api.*;
 import org.sonar.api.checks.NoSonarFilter;
 import org.sonar.api.resources.Java;
 import org.sonar.plugins.core.batch.ExcludedResourceFilter;
@@ -36,79 +31,19 @@ import org.sonar.plugins.core.charts.DistributionAreaChart;
 import org.sonar.plugins.core.charts.DistributionBarChart;
 import org.sonar.plugins.core.charts.XradarChart;
 import org.sonar.plugins.core.colorizers.JavaColorizerFormat;
-import org.sonar.plugins.core.dashboards.DefaultDashboard;
-import org.sonar.plugins.core.dashboards.HotspotsDashboard;
-import org.sonar.plugins.core.dashboards.MyFavouritesDashboard;
-import org.sonar.plugins.core.dashboards.ProjectsDashboard;
-import org.sonar.plugins.core.dashboards.ReviewsDashboard;
-import org.sonar.plugins.core.dashboards.TimeMachineDashboard;
-import org.sonar.plugins.core.dashboards.TreemapDashboard;
+import org.sonar.plugins.core.dashboards.*;
 import org.sonar.plugins.core.filters.MyFavouritesFilter;
 import org.sonar.plugins.core.filters.ProjectFilter;
 import org.sonar.plugins.core.filters.TreeMapFilter;
 import org.sonar.plugins.core.security.ApplyProjectRolesDecorator;
-import org.sonar.plugins.core.sensors.BranchCoverageDecorator;
-import org.sonar.plugins.core.sensors.CheckAlertThresholds;
-import org.sonar.plugins.core.sensors.CommentDensityDecorator;
-import org.sonar.plugins.core.sensors.CoverageDecorator;
-import org.sonar.plugins.core.sensors.DirectoriesDecorator;
-import org.sonar.plugins.core.sensors.FilesDecorator;
-import org.sonar.plugins.core.sensors.GenerateAlertEvents;
-import org.sonar.plugins.core.sensors.ItBranchCoverageDecorator;
-import org.sonar.plugins.core.sensors.ItCoverageDecorator;
-import org.sonar.plugins.core.sensors.ItLineCoverageDecorator;
-import org.sonar.plugins.core.sensors.LineCoverageDecorator;
-import org.sonar.plugins.core.sensors.ManualMeasureDecorator;
-import org.sonar.plugins.core.sensors.ManualViolationInjector;
-import org.sonar.plugins.core.sensors.ProfileEventsSensor;
-import org.sonar.plugins.core.sensors.ProfileSensor;
-import org.sonar.plugins.core.sensors.ProjectLinksSensor;
-import org.sonar.plugins.core.sensors.ReviewNotifications;
-import org.sonar.plugins.core.sensors.ReviewWorkflowDecorator;
-import org.sonar.plugins.core.sensors.ReviewsMeasuresDecorator;
-import org.sonar.plugins.core.sensors.UnitTestDecorator;
-import org.sonar.plugins.core.sensors.VersionEventsSensor;
-import org.sonar.plugins.core.sensors.ViolationSeverityUpdater;
-import org.sonar.plugins.core.sensors.ViolationsDecorator;
-import org.sonar.plugins.core.sensors.ViolationsDensityDecorator;
-import org.sonar.plugins.core.sensors.WeightedViolationsDecorator;
+import org.sonar.plugins.core.security.DefaultResourcePermissioning;
+import org.sonar.plugins.core.sensors.*;
 import org.sonar.plugins.core.testdetailsviewer.TestsViewerDefinition;
-import org.sonar.plugins.core.timemachine.NewCoverageAggregator;
-import org.sonar.plugins.core.timemachine.NewCoverageFileAnalyzer;
-import org.sonar.plugins.core.timemachine.NewItCoverageFileAnalyzer;
-import org.sonar.plugins.core.timemachine.NewViolationsDecorator;
-import org.sonar.plugins.core.timemachine.ReferenceAnalysis;
-import org.sonar.plugins.core.timemachine.TendencyDecorator;
-import org.sonar.plugins.core.timemachine.TimeMachineConfigurationPersister;
-import org.sonar.plugins.core.timemachine.VariationDecorator;
-import org.sonar.plugins.core.timemachine.ViolationPersisterDecorator;
-import org.sonar.plugins.core.timemachine.ViolationTrackingDecorator;
+import org.sonar.plugins.core.timemachine.*;
 import org.sonar.plugins.core.web.Lcom4Viewer;
-import org.sonar.plugins.core.widgets.AlertsWidget;
-import org.sonar.plugins.core.widgets.CommentsDuplicationsWidget;
-import org.sonar.plugins.core.widgets.ComplexityWidget;
-import org.sonar.plugins.core.widgets.CoverageWidget;
-import org.sonar.plugins.core.widgets.CustomMeasuresWidget;
-import org.sonar.plugins.core.widgets.DescriptionWidget;
-import org.sonar.plugins.core.widgets.EventsWidget;
-import org.sonar.plugins.core.widgets.FilterWidget;
-import org.sonar.plugins.core.widgets.HotspotMetricWidget;
-import org.sonar.plugins.core.widgets.HotspotMostViolatedResourcesWidget;
-import org.sonar.plugins.core.widgets.HotspotMostViolatedRulesWidget;
-import org.sonar.plugins.core.widgets.ItCoverageWidget;
-import org.sonar.plugins.core.widgets.RulesWidget;
-import org.sonar.plugins.core.widgets.SizeWidget;
-import org.sonar.plugins.core.widgets.TimeMachineWidget;
-import org.sonar.plugins.core.widgets.TimelineWidget;
-import org.sonar.plugins.core.widgets.TreemapWidget;
+import org.sonar.plugins.core.widgets.*;
 import org.sonar.plugins.core.widgets.actionPlans.ActionPlansWidget;
-import org.sonar.plugins.core.widgets.reviews.FalsePositiveReviewsWidget;
-import org.sonar.plugins.core.widgets.reviews.MyReviewsWidget;
-import org.sonar.plugins.core.widgets.reviews.PlannedReviewsWidget;
-import org.sonar.plugins.core.widgets.reviews.ProjectReviewsWidget;
-import org.sonar.plugins.core.widgets.reviews.ReviewsMetricsWidget;
-import org.sonar.plugins.core.widgets.reviews.ReviewsPerDeveloperWidget;
-import org.sonar.plugins.core.widgets.reviews.UnplannedReviewsWidget;
+import org.sonar.plugins.core.widgets.reviews.*;
 
 import java.util.List;
 
@@ -291,110 +226,111 @@ public final class CorePlugin extends SonarPlugin {
   @SuppressWarnings("unchecked")
   public List<Class<? extends Extension>> getExtensions() {
     return ImmutableList.of(
-        DefaultResourceTypes.class,
-        UserManagedMetrics.class,
-        ProjectFileSystemLogger.class,
+      DefaultResourceTypes.class,
+      UserManagedMetrics.class,
+      ProjectFileSystemLogger.class,
 
-        // maven
-        MavenInitializer.class,
+      // maven
+      MavenInitializer.class,
 
-        // languages
-        Java.class,
+      // languages
+      Java.class,
 
-        // pages
-        TestsViewerDefinition.class,
-        Lcom4Viewer.class,
+      // pages
+      TestsViewerDefinition.class,
+      Lcom4Viewer.class,
 
-        // filters
-        ProjectFilter.class,
-        TreeMapFilter.class,
-        MyFavouritesFilter.class,
+      // filters
+      ProjectFilter.class,
+      TreeMapFilter.class,
+      MyFavouritesFilter.class,
 
-        // widgets
-        AlertsWidget.class,
-        CoverageWidget.class,
-        ItCoverageWidget.class,
-        CommentsDuplicationsWidget.class,
-        DescriptionWidget.class,
-        ComplexityWidget.class,
-        RulesWidget.class,
-        SizeWidget.class,
-        EventsWidget.class,
-        CustomMeasuresWidget.class,
-        TimelineWidget.class,
-        TimeMachineWidget.class,
-        HotspotMetricWidget.class,
-        HotspotMostViolatedResourcesWidget.class,
-        HotspotMostViolatedRulesWidget.class,
-        MyReviewsWidget.class,
-        ProjectReviewsWidget.class,
-        FalsePositiveReviewsWidget.class,
-        ReviewsPerDeveloperWidget.class,
-        PlannedReviewsWidget.class,
-        UnplannedReviewsWidget.class,
-        ActionPlansWidget.class,
-        ReviewsMetricsWidget.class,
-        TreemapWidget.class,
-        FilterWidget.class,
+      // widgets
+      AlertsWidget.class,
+      CoverageWidget.class,
+      ItCoverageWidget.class,
+      CommentsDuplicationsWidget.class,
+      DescriptionWidget.class,
+      ComplexityWidget.class,
+      RulesWidget.class,
+      SizeWidget.class,
+      EventsWidget.class,
+      CustomMeasuresWidget.class,
+      TimelineWidget.class,
+      TimeMachineWidget.class,
+      HotspotMetricWidget.class,
+      HotspotMostViolatedResourcesWidget.class,
+      HotspotMostViolatedRulesWidget.class,
+      MyReviewsWidget.class,
+      ProjectReviewsWidget.class,
+      FalsePositiveReviewsWidget.class,
+      ReviewsPerDeveloperWidget.class,
+      PlannedReviewsWidget.class,
+      UnplannedReviewsWidget.class,
+      ActionPlansWidget.class,
+      ReviewsMetricsWidget.class,
+      TreemapWidget.class,
+      FilterWidget.class,
 
-        // dashboards
-        DefaultDashboard.class,
-        HotspotsDashboard.class,
-        ReviewsDashboard.class,
-        TimeMachineDashboard.class,
-        ProjectsDashboard.class,
-        TreemapDashboard.class,
-        MyFavouritesDashboard.class,
+      // dashboards
+      DefaultDashboard.class,
+      HotspotsDashboard.class,
+      ReviewsDashboard.class,
+      TimeMachineDashboard.class,
+      ProjectsDashboard.class,
+      TreemapDashboard.class,
+      MyFavouritesDashboard.class,
 
-        // chart
-        XradarChart.class,
-        DistributionBarChart.class,
-        DistributionAreaChart.class,
+      // chart
+      XradarChart.class,
+      DistributionBarChart.class,
+      DistributionAreaChart.class,
 
-        // colorizers
-        JavaColorizerFormat.class,
+      // colorizers
+      JavaColorizerFormat.class,
 
-        // batch
-        ProfileSensor.class,
-        ProfileEventsSensor.class,
-        ProjectLinksSensor.class,
-        UnitTestDecorator.class,
-        VersionEventsSensor.class,
-        CheckAlertThresholds.class,
-        GenerateAlertEvents.class,
-        ViolationsDecorator.class,
-        WeightedViolationsDecorator.class,
-        ViolationsDensityDecorator.class,
-        LineCoverageDecorator.class,
-        CoverageDecorator.class,
-        BranchCoverageDecorator.class,
-        ItLineCoverageDecorator.class,
-        ItCoverageDecorator.class,
-        ItBranchCoverageDecorator.class,
-        ApplyProjectRolesDecorator.class,
-        ExcludedResourceFilter.class,
-        CommentDensityDecorator.class,
-        NoSonarFilter.class,
-        DirectoriesDecorator.class,
-        FilesDecorator.class,
-        ReviewNotifications.class,
-        ReviewWorkflowDecorator.class,
-        ReferenceAnalysis.class,
-        ManualMeasureDecorator.class,
-        ManualViolationInjector.class,
-        ViolationSeverityUpdater.class,
-        IndexProjectPostJob.class,
-        ReviewsMeasuresDecorator.class,
+      // batch
+      ProfileSensor.class,
+      ProfileEventsSensor.class,
+      ProjectLinksSensor.class,
+      UnitTestDecorator.class,
+      VersionEventsSensor.class,
+      CheckAlertThresholds.class,
+      GenerateAlertEvents.class,
+      ViolationsDecorator.class,
+      WeightedViolationsDecorator.class,
+      ViolationsDensityDecorator.class,
+      LineCoverageDecorator.class,
+      CoverageDecorator.class,
+      BranchCoverageDecorator.class,
+      ItLineCoverageDecorator.class,
+      ItCoverageDecorator.class,
+      ItBranchCoverageDecorator.class,
+      DefaultResourcePermissioning.class,
+      ApplyProjectRolesDecorator.class,
+      ExcludedResourceFilter.class,
+      CommentDensityDecorator.class,
+      NoSonarFilter.class,
+      DirectoriesDecorator.class,
+      FilesDecorator.class,
+      ReviewNotifications.class,
+      ReviewWorkflowDecorator.class,
+      ReferenceAnalysis.class,
+      ManualMeasureDecorator.class,
+      ManualViolationInjector.class,
+      ViolationSeverityUpdater.class,
+      IndexProjectPostJob.class,
+      ReviewsMeasuresDecorator.class,
 
-        // time machine
-        TendencyDecorator.class,
-        VariationDecorator.class,
-        ViolationTrackingDecorator.class,
-        ViolationPersisterDecorator.class,
-        NewViolationsDecorator.class,
-        TimeMachineConfigurationPersister.class,
-        NewCoverageFileAnalyzer.class,
-        NewItCoverageFileAnalyzer.class,
-        NewCoverageAggregator.class);
+      // time machine
+      TendencyDecorator.class,
+      VariationDecorator.class,
+      ViolationTrackingDecorator.class,
+      ViolationPersisterDecorator.class,
+      NewViolationsDecorator.class,
+      TimeMachineConfigurationPersister.class,
+      NewCoverageFileAnalyzer.class,
+      NewItCoverageFileAnalyzer.class,
+      NewCoverageAggregator.class);
   }
 }
diff --git a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/ApplyProjectRolesDecorator.java b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/ApplyProjectRolesDecorator.java
index b6fdab34637..ba0e975295e 100644
--- a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/ApplyProjectRolesDecorator.java
+++ b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/ApplyProjectRolesDecorator.java
@@ -21,21 +21,17 @@ package org.sonar.plugins.core.security;
 
 import org.sonar.api.batch.Decorator;
 import org.sonar.api.batch.DecoratorContext;
-import org.sonar.api.database.DatabaseSession;
 import org.sonar.api.resources.Project;
 import org.sonar.api.resources.Qualifiers;
 import org.sonar.api.resources.Resource;
+import org.sonar.api.security.ResourcePermissioning;
 
 public class ApplyProjectRolesDecorator implements Decorator {
 
-  private RoleManager roleManager;
+  private final ResourcePermissioning resourcePermissioning;
 
-  ApplyProjectRolesDecorator(RoleManager roleManager) {
-    this.roleManager = roleManager;
-  }
-
-  public ApplyProjectRolesDecorator(DatabaseSession session) {
-    this.roleManager = new RoleManager(session);
+  public ApplyProjectRolesDecorator(ResourcePermissioning resourcePermissioning) {
+    this.resourcePermissioning = resourcePermissioning;
   }
 
   public boolean shouldExecuteOnProject(Project project) {
@@ -44,29 +40,15 @@ public class ApplyProjectRolesDecorator implements Decorator {
 
   public void decorate(Resource resource, DecoratorContext context) {
     if (shouldDecorateResource(resource)) {
-      Project project = (Project) resource;
-      roleManager.affectDefaultRolesToResource(project.getId());
+      resourcePermissioning.grantDefaultPermissions(resource);
     }
   }
 
   private boolean shouldDecorateResource(Resource resource) {
-    if (isProject(resource)) {
-      Project project = (Project) resource;
-      return project.getId() != null && countRoles(project.getId()) == 0;
-    }
-    return false;
+    return resource.getId() != null && isProject(resource) && !resourcePermissioning.hasPermissions(resource);
   }
 
   private boolean isProject(Resource resource) {
-    if (Qualifiers.PROJECT.equals(resource.getQualifier()) ||
-        Qualifiers.VIEW.equals(resource.getQualifier()) ||
-        Qualifiers.SUBVIEW.equals(resource.getQualifier())) {
-      return resource instanceof Project;
-    }
-    return false;
-  }
-
-  private int countRoles(int resourceId) {
-    return roleManager.getUserRoles(resourceId).size() + roleManager.getGroupRoles(resourceId).size();
+    return Qualifiers.PROJECT.equals(resource.getQualifier()) || Qualifiers.VIEW.equals(resource.getQualifier());
   }
 }
diff --git a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/DefaultResourcePermissioning.java b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/DefaultResourcePermissioning.java
new file mode 100644
index 00000000000..db88d0643a2
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/DefaultResourcePermissioning.java
@@ -0,0 +1,167 @@
+/*
+ * Sonar, open source software quality management tool.
+ * Copyright (C) 2008-2012 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * Sonar is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * Sonar is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with Sonar; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
+ */
+package org.sonar.plugins.core.security;
+
+import org.apache.ibatis.session.SqlSession;
+import org.sonar.api.BatchExtension;
+import org.sonar.api.Properties;
+import org.sonar.api.Property;
+import org.sonar.api.config.Settings;
+import org.sonar.api.resources.Resource;
+import org.sonar.api.security.DefaultGroups;
+import org.sonar.api.security.ResourcePermissioning;
+import org.sonar.api.web.UserRole;
+import org.sonar.core.persistence.MyBatis;
+import org.sonar.core.user.*;
+
+/**
+ * @since 3.2
+ */
+@Properties({
+  @Property(key = "sonar.role." + UserRole.ADMIN + ".TRK.defaultGroups",
+    name = "Default groups for project administrators",
+    defaultValue = DefaultGroups.ADMINISTRATORS,
+    global = false,
+    project = false),
+  @Property(key = "sonar.role." + UserRole.USER + ".TRK.defaultGroups",
+    name = "Default groups for project users",
+    defaultValue = DefaultGroups.USERS + "," + DefaultGroups.ANYONE,
+    global = false,
+    project = false),
+  @Property(key = "sonar.role." + UserRole.CODEVIEWER + ".TRK.defaultGroups",
+    name = "Default groups for project code viewers",
+    defaultValue = DefaultGroups.USERS + "," + DefaultGroups.ANYONE,
+    global = false,
+    project = false)
+})
+public class DefaultResourcePermissioning implements ResourcePermissioning, BatchExtension {
+
+  private final Settings settings;
+  private final MyBatis myBatis;
+
+  public DefaultResourcePermissioning(Settings settings, MyBatis myBatis) {
+    this.settings = settings;
+    this.myBatis = myBatis;
+  }
+
+  public boolean hasPermissions(Resource resource) {
+    if (resource.getId() != null) {
+      SqlSession session = myBatis.openSession();
+      try {
+        RoleMapper roleMapper = session.getMapper(RoleMapper.class);
+        Long resourceId = new Long(resource.getId());
+        return roleMapper.countGroupRoles(resourceId) + roleMapper.countUserRoles(resourceId) > 0;
+
+      } finally {
+        MyBatis.closeQuietly(session);
+      }
+    }
+    return false;
+  }
+
+  public void addUserPermissions(Resource resource, String login, String role) {
+    if (resource.getId() != null) {
+      SqlSession session = myBatis.openSession();
+      try {
+        UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(login);
+        if (user != null) {
+          UserRoleDto userRole = new UserRoleDto()
+            .setRole(role)
+            .setUserId(user.getId())
+            .setResourceId(new Long(resource.getId()));
+          session.getMapper(RoleMapper.class).insertUserRole(userRole);
+          session.commit();
+        }
+      } finally {
+        MyBatis.closeQuietly(session);
+      }
+    }
+  }
+
+  public void addGroupPermissions(Resource resource, String groupName, String role) {
+    if (resource.getId() != null) {
+      SqlSession session = myBatis.openSession();
+      try {
+        GroupRoleDto groupRole = new GroupRoleDto()
+          .setRole(role)
+          .setResourceId(new Long(resource.getId()));
+        if (DefaultGroups.isAnyone(groupName)) {
+          session.getMapper(RoleMapper.class).insertGroupRole(groupRole);
+          session.commit();
+        } else {
+          GroupDto group = session.getMapper(UserMapper.class).selectGroupByName(groupName);
+          if (group != null) {
+            session.getMapper(RoleMapper.class).insertGroupRole(groupRole.setGroupId(group.getId()));
+            session.commit();
+          }
+        }
+      } finally {
+        MyBatis.closeQuietly(session);
+      }
+    }
+  }
+
+  public void grantDefaultPermissions(Resource resource) {
+    if (resource.getId() != null) {
+      SqlSession session = myBatis.openSession();
+      try {
+        removePermissions(resource, session);
+        grantDefaultPermissions(resource, UserRole.ADMIN, session);
+        grantDefaultPermissions(resource, UserRole.USER, session);
+        grantDefaultPermissions(resource, UserRole.CODEVIEWER, session);
+        session.commit();
+      } finally {
+        MyBatis.closeQuietly(session);
+      }
+    }
+  }
+
+  private void removePermissions(Resource resource, SqlSession session) {
+    Long resourceId = new Long(resource.getId());
+    RoleMapper mapper = session.getMapper(RoleMapper.class);
+    mapper.deleteGroupRolesByResourceId(resourceId);
+    mapper.deleteUserRolesByResourceId(resourceId);
+  }
+
+  private void grantDefaultPermissions(Resource resource, String role, SqlSession session) {
+    UserMapper userMapper = session.getMapper(UserMapper.class);
+    RoleMapper roleMapper = session.getMapper(RoleMapper.class);
+    String[] groupNames = settings.getStringArrayBySeparator("sonar.role." + role + "." + resource.getQualifier() + ".defaultGroups", ",");
+    for (String groupName : groupNames) {
+      GroupRoleDto groupRole = new GroupRoleDto().setRole(role).setResourceId(new Long(resource.getId()));
+      if (DefaultGroups.isAnyone(groupName)) {
+        roleMapper.insertGroupRole(groupRole);
+      } else {
+        GroupDto group = userMapper.selectGroupByName(groupName);
+        if (group != null) {
+          roleMapper.insertGroupRole(groupRole.setGroupId(group.getId()));
+        }
+      }
+    }
+
+    String[] logins = settings.getStringArrayBySeparator("sonar.role." + role + "." + resource.getQualifier() + ".defaultUsers", ",");
+    for (String login : logins) {
+      UserDto user = userMapper.selectUserByLogin(login);
+      if (user != null) {
+        roleMapper.insertUserRole(new UserRoleDto().setRole(role).setUserId(user.getId()).setResourceId(new Long(resource.getId())));
+      }
+    }
+  }
+}
diff --git a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/RoleManager.java b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/RoleManager.java
deleted file mode 100644
index d8e4f7a4192..00000000000
--- a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/security/RoleManager.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Sonar, open source software quality management tool.
- * Copyright (C) 2008-2012 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * Sonar is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * Sonar is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with Sonar; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
- */
-package org.sonar.plugins.core.security;
-
-import org.apache.commons.lang.StringUtils;
-import org.sonar.api.database.DatabaseSession;
-import org.sonar.api.security.GroupRole;
-import org.sonar.api.security.UserRole;
-
-import javax.persistence.Query;
-import java.util.List;
-
-/**
- * @since 1.12
- */
-public class RoleManager {
-
-  protected static final String DEFAULT_ROLE_PREFIX = "default-";
-  private DatabaseSession session;
-
-  public RoleManager(DatabaseSession session) {
-    this.session = session;
-  }
-
-  public void affectDefaultRolesToResource(int resourceId) {
-    for (UserRole defaultRole : getDefaultUserRoles()) {
-      session.save(createResourceRoleFromDefault(defaultRole, resourceId));
-    }
-    for (GroupRole defaultRole : getDefaultGroupRoles()) {
-      session.save(createResourceRoleFromDefault(defaultRole, resourceId));
-    }
-    session.commit();
-  }
-
-  public List<UserRole> getUserRoles(int resourceId) {
-    return session.getResults(UserRole.class, "resourceId", resourceId);
-  }
-
-  public List<GroupRole> getGroupRoles(int resourceId) {
-    return session.getResults(GroupRole.class, "resourceId", resourceId);
-  }
-
-  protected List<UserRole> getDefaultUserRoles() {
-    final Query query = session.createQuery("from " + UserRole.class.getSimpleName() + " ur where ur.resourceId is null and ur.role like '" + DEFAULT_ROLE_PREFIX + "%'");
-    return query.getResultList();
-  }
-
-  protected List<GroupRole> getDefaultGroupRoles() {
-    final Query query = session.createQuery("from " + GroupRole.class.getSimpleName() + " gr where gr.resourceId is null and gr.role like '" + DEFAULT_ROLE_PREFIX + "%'");
-    return query.getResultList();
-  }
-
-  protected UserRole createResourceRoleFromDefault(UserRole defaultUserRole, int resourceId) {
-    final UserRole result = new UserRole();
-    result.setRole(convertDefaultRoleName(defaultUserRole.getRole()));
-    result.setResourceId(resourceId);
-    result.setUserId(defaultUserRole.getUserId());
-    return result;
-  }
-
-  protected GroupRole createResourceRoleFromDefault(GroupRole defaultUserRole, int resourceId) {
-    final GroupRole result = new GroupRole();
-    result.setRole(convertDefaultRoleName(defaultUserRole.getRole()));
-    result.setResourceId(resourceId);
-    result.setGroupId(defaultUserRole.getGroupId());
-    return result;
-  }
-
-  protected static String convertDefaultRoleName(String defaultRoleName) {
-    return StringUtils.substringAfter(defaultRoleName, DEFAULT_ROLE_PREFIX);
-  }
-}
diff --git a/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/ApplyProjectRolesDecoratorTest.java b/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/ApplyProjectRolesDecoratorTest.java
index 4a703632d52..cd212425246 100644
--- a/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/ApplyProjectRolesDecoratorTest.java
+++ b/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/ApplyProjectRolesDecoratorTest.java
@@ -22,33 +22,30 @@ package org.sonar.plugins.core.security;
 import org.junit.Before;
 import org.junit.Test;
 import org.sonar.api.resources.Project;
-import org.sonar.api.security.GroupRole;
-
-import java.util.ArrayList;
-import java.util.Arrays;
+import org.sonar.api.security.ResourcePermissioning;
 
 import static org.mockito.Mockito.*;
 
 public class ApplyProjectRolesDecoratorTest {
 
-  private RoleManager roleManager;
+  private ResourcePermissioning resourcePermissioning;
   private ApplyProjectRolesDecorator decorator;
 
   @Before
   public void before() {
-    roleManager = mock(RoleManager.class);
-    decorator = new ApplyProjectRolesDecorator(roleManager);
+    resourcePermissioning = mock(ResourcePermissioning.class);
+    decorator = new ApplyProjectRolesDecorator(resourcePermissioning);
   }
 
   @Test
-  public void doNotApplySecurityWhenExistingRoles() {
+  public void doNotApplySecurityWhenExistingPermissions() {
     Project project = new Project("project");
     project.setId(10);
-    when(roleManager.getGroupRoles(10)).thenReturn(Arrays.<GroupRole>asList(new GroupRole()));
+    when(resourcePermissioning.hasPermissions(project)).thenReturn(true);
 
     decorator.decorate(project, null);
 
-    verify(roleManager, never()).affectDefaultRolesToResource(anyInt());
+    verify(resourcePermissioning, never()).grantDefaultPermissions(project);
   }
 
   @Test
@@ -56,23 +53,22 @@ public class ApplyProjectRolesDecoratorTest {
     Project project = new Project("project");
     Project module = new Project("module").setParent(project);
     module.setId(10);
-
-    when(roleManager.getGroupRoles(10)).thenReturn(Arrays.<GroupRole>asList());
+    when(resourcePermissioning.hasPermissions(project)).thenReturn(false);
 
     decorator.decorate(module, null);
 
-    verify(roleManager, never()).affectDefaultRolesToResource(anyInt());
+    verify(resourcePermissioning, never()).grantDefaultPermissions(module);
   }
 
   @Test
-  public void applySecurityWhenNoRoles() {
+  public void applySecurityWhenNoPermissions() {
     Project project = new Project("project");
     project.setId(10);
-    when(roleManager.getGroupRoles(10)).thenReturn(new ArrayList<GroupRole>());
+    when(resourcePermissioning.hasPermissions(project)).thenReturn(false);
 
     decorator.decorate(project, null);
 
-    verify(roleManager).affectDefaultRolesToResource(10);
+    verify(resourcePermissioning).grantDefaultPermissions(project);
   }
 
 }
diff --git a/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/DefaultResourcePermissioningTest.java b/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/DefaultResourcePermissioningTest.java
new file mode 100644
index 00000000000..6c0d86cd088
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/DefaultResourcePermissioningTest.java
@@ -0,0 +1,132 @@
+/*
+ * Sonar, open source software quality management tool.
+ * Copyright (C) 2008-2012 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * Sonar is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * Sonar is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with Sonar; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
+ */
+package org.sonar.plugins.core.security;
+
+import org.junit.Test;
+import org.sonar.api.config.PropertyDefinitions;
+import org.sonar.api.config.Settings;
+import org.sonar.api.resources.Project;
+import org.sonar.api.resources.Resource;
+import org.sonar.api.security.DefaultGroups;
+import org.sonar.core.persistence.AbstractDaoTestCase;
+
+import static org.fest.assertions.Assertions.assertThat;
+
+public class DefaultResourcePermissioningTest extends AbstractDaoTestCase {
+
+  private Resource project = new Project("project").setId(123);
+
+  @Test
+  public void addGroupPermissions() {
+    setupData("addGroupPermissions");
+
+    DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis());
+    permissioning.addGroupPermissions(project, "sonar-administrators", "admin");
+
+    checkTables("addGroupPermissions", "group_roles");
+  }
+
+  @Test
+  public void addGroupPermissions_anyone() {
+    setupData("addGroupPermissions_anyone");
+
+    DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis());
+    permissioning.addGroupPermissions(project, DefaultGroups.ANYONE, "admin");
+
+    checkTables("addGroupPermissions_anyone", "group_roles");
+  }
+
+  @Test
+  public void addGroupPermissions_ignore_if_group_not_found() {
+    setupData("addGroupPermissions_ignore_if_group_not_found");
+
+    DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis());
+    permissioning.addGroupPermissions(project, "not_found", "admin");
+
+    checkTables("addGroupPermissions_ignore_if_group_not_found", "group_roles");
+  }
+
+  @Test
+  public void addGroupPermissions_ignore_if_not_persisted() {
+    setupData("addGroupPermissions_ignore_if_not_persisted");
+
+    DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis());
+    Project resourceWithoutId = new Project("");
+    permissioning.addGroupPermissions(resourceWithoutId, "sonar-users", "admin");
+
+    checkTables("addGroupPermissions_ignore_if_not_persisted", "group_roles");
+  }
+
+  @Test
+  public void grantDefaultPermissions() {
+    setupData("grantDefaultPermissions");
+
+    Settings settings = new Settings(new PropertyDefinitions(DefaultResourcePermissioning.class));
+    DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis());
+    permissioning.grantDefaultPermissions(project);
+
+    checkTables("grantDefaultPermissions", "user_roles", "group_roles");
+  }
+
+  @Test
+  public void grantDefaultPermissions_unknown_group() {
+    setupData("grantDefaultPermissions_unknown_group");
+
+    Settings settings = new Settings();
+    settings.setProperty("sonar.role.admin.TRK.defaultGroups", "sonar-administrators,unknown");
+    DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis());
+    permissioning.grantDefaultPermissions(project);
+
+    checkTables("grantDefaultPermissions_unknown_group", "group_roles");
+  }
+
+  @Test
+  public void grantDefaultPermissions_users() {
+    setupData("grantDefaultPermissions_users");
+
+    Settings settings = new Settings();
+    settings.setProperty("sonar.role.admin.TRK.defaultUsers", "marius,disabled,notfound");
+    DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(settings, getMyBatis());
+    permissioning.grantDefaultPermissions(project);
+
+    checkTables("grantDefaultPermissions_users", "user_roles");
+  }
+
+  @Test
+  public void hasPermissions() {
+    setupData("hasPermissions");
+    DefaultResourcePermissioning permissioning = new DefaultResourcePermissioning(new Settings(), getMyBatis());
+
+    // no groups and at least one user
+    assertThat(permissioning.hasPermissions(new Project("only_users").setId(1))).isTrue();
+
+    // no users and at least one group
+    assertThat(permissioning.hasPermissions(new Project("only_groups").setId(2))).isTrue();
+
+    // groups and users
+    assertThat(permissioning.hasPermissions(new Project("groups_and_users").setId(3))).isTrue();
+
+    // no groups, no users
+    assertThat(permissioning.hasPermissions(new Project("no_groups_no_users").setId(4))).isFalse();
+
+    // does not exist
+    assertThat(permissioning.hasPermissions(new Project("not_found"))).isFalse();
+  }
+}
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/RoleManagerTest.java b/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/RoleManagerTest.java
deleted file mode 100644
index 0a361240201..00000000000
--- a/plugins/sonar-core-plugin/src/test/java/org/sonar/plugins/core/security/RoleManagerTest.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Sonar, open source software quality management tool.
- * Copyright (C) 2008-2012 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * Sonar is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * Sonar is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with Sonar; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
- */
-package org.sonar.plugins.core.security;
-
-import org.junit.Test;
-import org.sonar.jpa.test.AbstractDbUnitTestCase;
-
-import static org.hamcrest.Matchers.is;
-import static org.junit.Assert.assertThat;
-
-public class RoleManagerTest extends AbstractDbUnitTestCase {
-
-  @Test
-  public void affectDefaultRolesToResource() {
-    setupData("affectDefaultRolesToResource");
-    new RoleManager(getSession()).affectDefaultRolesToResource(10);
-    checkTables("affectDefaultRolesToResource", "user_roles", "group_roles");
-  }
-
-  @Test
-  public void affectZeroDefaultRolesToResource() {
-    setupData("affectZeroDefaultRolesToResource");
-    new RoleManager(getSession()).affectDefaultRolesToResource(10);
-    checkTables("affectZeroDefaultRolesToResource", "user_roles", "group_roles");
-  }
-
-  @Test
-  public void affectAnyoneDefaultRoleToResource() {
-    setupData("affectAnyoneDefaultRoleToResource");
-    new RoleManager(getSession()).affectDefaultRolesToResource(10);
-    checkTables("affectAnyoneDefaultRoleToResource", "group_roles");
-  }
-
-  @Test
-  public void convertDefaultRoleName() {
-    assertThat(RoleManager.convertDefaultRoleName(RoleManager.DEFAULT_ROLE_PREFIX + "admin"), is("admin"));
-  }
-}
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions-result.xml
new file mode 100644
index 00000000000..db7b21199a5
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions-result.xml
@@ -0,0 +1,6 @@
+<dataset>
+  <groups id="100" name="sonar-administrators"/>
+  <groups id="101" name="sonar-users"/>
+
+  <group_roles id="1" group_id="100" resource_id="123" role="admin"/>
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions.xml
new file mode 100644
index 00000000000..6a4d9c92410
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions.xml
@@ -0,0 +1,4 @@
+<dataset>
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_anyone-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_anyone-result.xml
new file mode 100644
index 00000000000..4b48bf9e59a
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_anyone-result.xml
@@ -0,0 +1,6 @@
+<dataset>
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
+
+  <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_anyone.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_anyone.xml
new file mode 100644
index 00000000000..6a4d9c92410
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_anyone.xml
@@ -0,0 +1,4 @@
+<dataset>
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_group_not_found-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_group_not_found-result.xml
new file mode 100644
index 00000000000..78695dd52b2
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_group_not_found-result.xml
@@ -0,0 +1,7 @@
+<dataset>
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
+
+  <!-- already existed -->
+  <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_group_not_found.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_group_not_found.xml
new file mode 100644
index 00000000000..78695dd52b2
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_group_not_found.xml
@@ -0,0 +1,7 @@
+<dataset>
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
+
+  <!-- already existed -->
+  <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_not_persisted-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_not_persisted-result.xml
new file mode 100644
index 00000000000..78695dd52b2
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_not_persisted-result.xml
@@ -0,0 +1,7 @@
+<dataset>
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
+
+  <!-- already existed -->
+  <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_not_persisted.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_not_persisted.xml
new file mode 100644
index 00000000000..78695dd52b2
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/addGroupPermissions_ignore_if_not_persisted.xml
@@ -0,0 +1,7 @@
+<dataset>
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
+
+  <!-- already existed -->
+  <group_roles id="1" group_id="[null]" resource_id="123" role="admin"/>
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions-result.xml
new file mode 100644
index 00000000000..23b0c67e69c
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions-result.xml
@@ -0,0 +1,20 @@
+<dataset>
+  <groups id="100" name="sonar-administrators"/>
+  <groups id="101" name="sonar-users"/>
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+
+  <!-- on other resources -->
+  <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+  <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+  <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+  <!--
+  new rows : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer),
+   -->
+  <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
+  <group_roles id="4" group_id="101" resource_id="123" role="user"/>
+  <group_roles id="5" group_id="[null]" resource_id="123" role="user"/>
+  <group_roles id="6" group_id="101" resource_id="123" role="codeviewer"/>
+  <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
+
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions.xml
new file mode 100644
index 00000000000..21a4dda2ccf
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions.xml
@@ -0,0 +1,10 @@
+<dataset>
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+
+  <!-- on other resources -->
+  <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+  <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+  <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_unknown_group-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_unknown_group-result.xml
new file mode 100644
index 00000000000..ef56a12934c
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_unknown_group-result.xml
@@ -0,0 +1,16 @@
+<dataset>
+  <groups id="100" name="sonar-administrators"/>
+  <groups id="101" name="sonar-users"/>
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+
+  <!-- on other resources -->
+  <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+  <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+  <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+  <!--
+  new rows : sonar-administrators (admin)
+   -->
+  <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
+
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_unknown_group.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_unknown_group.xml
new file mode 100644
index 00000000000..21a4dda2ccf
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_unknown_group.xml
@@ -0,0 +1,10 @@
+<dataset>
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+
+  <!-- on other resources -->
+  <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+  <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+  <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_users-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_users-result.xml
new file mode 100644
index 00000000000..caff65f9e21
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_users-result.xml
@@ -0,0 +1,16 @@
+<dataset>
+  <groups id="100" name="sonar-administrators"/>
+  <groups id="101" name="sonar-users"/>
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+  <users id="201" login="disabled" name="Disabled" email="[null]" active="[false]"/>
+
+  <!-- on other resources -->
+  <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+  <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+  <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+  <!--
+ new row : marius (admin)
+  -->
+  <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_users.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_users.xml
new file mode 100644
index 00000000000..7c5f6c5d347
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/grantDefaultPermissions_users.xml
@@ -0,0 +1,11 @@
+<dataset>
+  <groups id="100" name="sonar-administrators" />
+  <groups id="101" name="sonar-users" />
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]" />
+  <users id="201" login="disabled" name="Disabled" email="[null]" active="[false]" />
+
+  <!-- on other resources -->
+  <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+  <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+  <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/hasPermissions.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/hasPermissions.xml
new file mode 100644
index 00000000000..3d5f9a5ecf2
--- /dev/null
+++ b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/DefaultResourcePermissioningTest/hasPermissions.xml
@@ -0,0 +1,16 @@
+<dataset>
+  <groups id="100" name="sonar-administrators"/>
+  <groups id="101" name="sonar-users"/>
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+
+  <!-- only_users -->
+  <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+  <!-- only_groups -->
+  <group_roles id="1" group_id="100" resource_id="2" role="admin"/>
+
+  <!-- groups_and_users -->
+  <group_roles id="2" group_id="101" resource_id="3" role="user"/>
+  <user_roles id="2" user_id="200" resource_id="3" role="admin"/>
+
+</dataset>
+\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectAnyoneDefaultRoleToResource-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectAnyoneDefaultRoleToResource-result.xml
deleted file mode 100644
index 28a4c30bb5c..00000000000
--- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectAnyoneDefaultRoleToResource-result.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<dataset>
-
-  <!-- GROUPS ***************** -->
-  <!-- global roles -->
-  <group_roles id="1" group_id="1" role="admin" resource_id="[null]" />
-  <group_roles id="2" group_id="2" role="viewer" resource_id="[null]" />
-
-  <!-- default project roles -->
-  <group_roles id="3" group_id="[null]" role="default-admin" resource_id="[null]" />
-  <group_roles id="4" group_id="[null]" role="default-viewer" resource_id="[null]" />
-
-  <!-- existing project roles -->
-  <group_roles id="5" group_id="5" role="admin" resource_id="7" />
-
-
-
-  <!-- new project role : group 'Anyone' has admin and viewer -->
-  <group_roles id="6" group_id="[null]" role="admin" resource_id="10" />
-  <group_roles id="7" group_id="[null]" role="viewer" resource_id="10" />
-
-</dataset>
-\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectAnyoneDefaultRoleToResource.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectAnyoneDefaultRoleToResource.xml
deleted file mode 100644
index 59af13b6b19..00000000000
--- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectAnyoneDefaultRoleToResource.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<dataset>
-
-  <!-- GROUPS ***************** -->
-  <!-- global roles -->
-  <group_roles id="1" group_id="1" role="admin" resource_id="[null]" />
-  <group_roles id="2" group_id="2" role="viewer" resource_id="[null]" />
-
-  <!-- default project roles -->
-  <group_roles id="3" group_id="[null]" role="default-admin" resource_id="[null]" />
-  <group_roles id="4" group_id="[null]" role="default-viewer" resource_id="[null]" />
-
-  <!-- existing project roles -->
-  <group_roles id="5" group_id="5" role="admin" resource_id="7" />
-
-
-</dataset>
-\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectDefaultRolesToResource-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectDefaultRolesToResource-result.xml
deleted file mode 100644
index ecb82d497a1..00000000000
--- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectDefaultRolesToResource-result.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<dataset>
-
-  <!-- USERS ***************** -->
-
-  <!-- global roles -->
-  <user_roles id="1" user_id="1" role="admin" resource_id="[null]" />
-  <user_roles id="2" user_id="2" role="viewer" resource_id="[null]" />
-
-  <!-- default project roles -->
-  <user_roles id="3" user_id="1" role="default-admin" resource_id="[null]" />
-  <user_roles id="4" user_id="1" role="default-viewer" resource_id="[null]" />
-
-  <!-- existing project roles -->
-  <user_roles id="5" user_id="5" role="admin" resource_id="7" />
-
-
-  <!-- new project role -->
-  <user_roles id="6" user_id="1" role="admin" resource_id="10" />
-  <user_roles id="7" user_id="1" role="viewer" resource_id="10" />
-
-
-  <!-- GROUPS ***************** -->
-  <!-- global roles -->
-  <group_roles id="1" group_id="1" role="admin" resource_id="[null]" />
-  <group_roles id="2" group_id="2" role="viewer" resource_id="[null]" />
-
-  <!-- default project roles -->
-  <group_roles id="3" group_id="1" role="default-admin" resource_id="[null]" />
-  <group_roles id="4" group_id="1" role="default-viewer" resource_id="[null]" />
-
-  <!-- existing project roles -->
-  <group_roles id="5" group_id="5" role="admin" resource_id="7" />
-
-  <!-- new project roles -->
-  <group_roles id="6" group_id="1" role="admin" resource_id="10" />
-  <group_roles id="7" group_id="1" role="viewer" resource_id="10" />
-
-
-</dataset>
-\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectDefaultRolesToResource.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectDefaultRolesToResource.xml
deleted file mode 100644
index a6565eeea01..00000000000
--- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectDefaultRolesToResource.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<dataset>
-
-  <!-- USERS ***************** -->
-
-  <!-- global roles -->
-  <user_roles id="1" user_id="1" role="admin" resource_id="[null]" />
-  <user_roles id="2" user_id="2" role="viewer" resource_id="[null]" />
-
-  <!-- default project roles -->
-  <user_roles id="3" user_id="1" role="default-admin" resource_id="[null]" />
-  <user_roles id="4" user_id="1" role="default-viewer" resource_id="[null]" />
-
-  <!-- existing project roles -->
-  <user_roles id="5" user_id="5" role="admin" resource_id="7" />
-
-
-
-  <!-- GROUPS ***************** -->
-  <!-- global roles -->
-  <group_roles id="1" group_id="1" role="admin" resource_id="[null]" />
-  <group_roles id="2" group_id="2" role="viewer" resource_id="[null]" />
-
-  <!-- default project roles -->
-  <group_roles id="3" group_id="1" role="default-admin" resource_id="[null]" />
-  <group_roles id="4" group_id="1" role="default-viewer" resource_id="[null]" />
-
-  <!-- existing project roles -->
-  <group_roles id="5" group_id="5" role="admin" resource_id="7" />
-
-
-</dataset>
-\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectZeroDefaultRolesToResource-result.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectZeroDefaultRolesToResource-result.xml
deleted file mode 100644
index 30ce5f48597..00000000000
--- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectZeroDefaultRolesToResource-result.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<dataset>
-
-  <!-- USERS ***************** -->
-
-  <!-- global roles -->
-  <user_roles id="1" user_id="1" role="admin" resource_id="[null]" />
-  <user_roles id="2" user_id="2" role="viewer" resource_id="[null]" />
-
-  <!-- existing project roles -->
-  <user_roles id="5" user_id="5" role="admin" resource_id="7" />
-
-  <!-- no default project roles -->
-
-
-
-  <!-- GROUPS ***************** -->
-
-  <!-- global roles -->
-  <group_roles id="1" group_id="1" role="admin" resource_id="[null]" />
-  <group_roles id="2" group_id="2" role="viewer" resource_id="[null]" />
-
-  <!-- existing project roles -->
-  <group_roles id="5" group_id="5" role="admin" resource_id="7" />
-
-  <!-- no default project roles -->
-
-</dataset>
-\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectZeroDefaultRolesToResource.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectZeroDefaultRolesToResource.xml
deleted file mode 100644
index 66f2aa19f2b..00000000000
--- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/affectZeroDefaultRolesToResource.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<dataset>
-
-  <!-- USERS ***************** -->
-
-  <!-- global roles -->
-  <user_roles id="1" user_id="1" role="admin" resource_id="[null]" />
-  <user_roles id="2" user_id="2" role="viewer" resource_id="[null]" />
-
-  <!-- existing project roles -->
-  <user_roles id="5" user_id="5" role="admin" resource_id="7" />
-
-  <!-- no default project roles -->
-
-
-
-  <!-- GROUPS ***************** -->
-  
-  <!-- global roles -->
-  <group_roles id="1" group_id="1" role="admin" resource_id="[null]" />
-  <group_roles id="2" group_id="2" role="viewer" resource_id="[null]" />
-
-  <!-- existing project roles -->
-  <group_roles id="5" group_id="5" role="admin" resource_id="7" />
-
-  <!-- no default project roles -->
-
-</dataset>
-\ No newline at end of file
diff --git a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/sharedFixture.xml b/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/sharedFixture.xml
deleted file mode 100644
index 861917acf7c..00000000000
--- a/plugins/sonar-core-plugin/src/test/resources/org/sonar/plugins/core/security/RoleManagerTest/sharedFixture.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<dataset>
-  <projects id="10" scope="PRJ" qualifier="TRK" kee="mygroup:myartifact" name="[null]"
-            root_id="[null]"
-            description="[null]"
-            enabled="true" language="java" copy_resource_id="[null]" person_id="[null]"
-            long_name="[null]" />
-</dataset>
-\ No newline at end of file
diff --git a/plugins/sonar-l10n-en-plugin/src/main/resources/org/sonar/l10n/core.properties b/plugins/sonar-l10n-en-plugin/src/main/resources/org/sonar/l10n/core.properties
index c0ff95b6f0a..2633daf30ee 100644
--- a/plugins/sonar-l10n-en-plugin/src/main/resources/org/sonar/l10n/core.properties
+++ b/plugins/sonar-l10n-en-plugin/src/main/resources/org/sonar/l10n/core.properties
@@ -306,12 +306,12 @@ duplications.page=Duplications
 email_configuration.page=Email Settings
 event_categories.page=Event Categories
 filters.page=Filters
-global_roles.page=Global Roles
+system_administrators.page=System Administrators
 manual_metrics.page=Manual Metrics
 manual_measures.page=Manual Measures
 manual_rules.page=Manual Rules
 my_profile.page=My Profile
-project_roles.page=Project Roles
+roles.page=Roles
 project_settings.page=Settings
 project_links.page=Links
 project_exclusions.page=Exclusions
@@ -328,7 +328,6 @@ violations.page=Violations
 violations_drilldown.page=Violations Drilldown
 update_center.page=Update Center
 lcom4_viewer.page=LCOM4
-dependencies.page=Dependencies
 resource_deletion.page={0} Deletion
 update_key.page=Update Key
 project_quality_profile.page=Quality Profile
author	Simon Brandhof <simon.brandhof@gmail.com>	2012-07-05 16:40:16 +0200
committer	Simon Brandhof <simon.brandhof@gmail.com>	2012-07-05 17:00:17 +0200
commit	cba251c929936768308e59365bc44f532bb16756 (patch)
tree	5b6b4afcc4863b6264e41d112677e31b7ea1da8f /plugins
parent	5016b01b23344d65768d68ab03419caad3f57c4b (diff)
download	sonarqube-cba251c929936768308e59365bc44f532bb16756.tar.gz sonarqube-cba251c929936768308e59365bc44f532bb16756.zip