SONAR-24667 Stop relying on UserRole from the plugin API

13 files changed, 173 insertions, 14 deletions

diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/AuthorizationDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/AuthorizationDao.java
index 1402b8cadd0..85dd8c651e9 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/AuthorizationDao.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/AuthorizationDao.java
@@ -126,6 +126,10 @@ public class AuthorizationDao implements Dao {
     return mapper(dbSession).countUsersWithGlobalPermissionExcludingUserPermission(permission, userUuid);
   }
 
+  public Set<String> keepAuthorizedEntityUuids(DbSession dbSession, Collection<String> entityUuids, @Nullable String userUuid, ProjectPermission permission) {
+    return keepAuthorizedEntityUuids(dbSession, entityUuids, userUuid, permission.getKey());
+  }
+
   public Set<String> keepAuthorizedEntityUuids(DbSession dbSession, Collection<String> entityUuids, @Nullable String userUuid, String permission) {
     return executeLargeInputsIntoSet(
       entityUuids,
@@ -142,10 +146,15 @@ public class AuthorizationDao implements Dao {
    * Keep only authorized user that have the given permission on a given entity.
    * Please Note that if the permission is 'Anyone' is NOT taking into account by this method.
    */
-  public Collection<String> keepAuthorizedUsersForRoleAndEntity(DbSession dbSession, Collection<String> userUuids, String role, String entityUuid) {
+  public Collection<String> keepAuthorizedUsersForRoleAndEntity(DbSession dbSession, Collection<String> userUuids, ProjectPermission permission, String entityUuid) {
+    return keepAuthorizedUsersForRoleAndEntity(dbSession, userUuids, permission.getKey(), entityUuid);
+  }
+
+
+  public Collection<String> keepAuthorizedUsersForRoleAndEntity(DbSession dbSession, Collection<String> userUuids, String permission, String entityUuid) {
     return executeLargeInputs(
       userUuids,
-      partitionOfIds -> mapper(dbSession).keepAuthorizedUsersForRoleAndEntity(role, entityUuid, partitionOfIds),
+      partitionOfIds -> mapper(dbSession).keepAuthorizedUsersForRoleAndEntity(permission, entityUuid, partitionOfIds),
       partitionSize -> partitionSize / 3);
   }
 
@@ -161,6 +170,10 @@ public class AuthorizationDao implements Dao {
     return mapper(dbSession).selectEmailSubscribersWithGlobalPermission(ADMINISTER.getKey());
   }
 
+  public Set<String> keepAuthorizedLoginsOnEntity(DbSession dbSession, Set<String> logins, String entityKey, ProjectPermission permission) {
+    return keepAuthorizedLoginsOnEntity(dbSession, logins, entityKey, permission.getKey());
+  }
+
   public Set<String> keepAuthorizedLoginsOnEntity(DbSession dbSession, Set<String> logins, String entityKey, String permission) {
     return executeLargeInputsIntoSet(
       logins,
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/CountPerEntityPermission.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/CountPerEntityPermission.java
index 9d6c2c207ac..e3870a20127 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/CountPerEntityPermission.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/CountPerEntityPermission.java
@@ -34,9 +34,9 @@ public class CountPerEntityPermission {
   }
 
   @VisibleForTesting
-  CountPerEntityPermission(String entityUuid, String permission, int count) {
+  CountPerEntityPermission(String entityUuid, ProjectPermission permission, int count) {
     this.entityUuid = entityUuid;
-    this.permission = permission;
+    this.permission = permission.getKey();
     this.count = count;
   }
 
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GlobalPermission.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GlobalPermission.java
index 395d31a7ff9..f7998a70808 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GlobalPermission.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GlobalPermission.java
@@ -59,7 +59,7 @@ public enum GlobalPermission {
         return p;
       }
     }
-    throw new IllegalArgumentException("Unsupported permission: " + key);
+    throw new IllegalArgumentException("Unsupported global permission: " + key);
   }
 
   public static boolean contains(String key) {
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDao.java
index 3306033e1d3..bcdfaee08db 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDao.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDao.java
@@ -117,6 +117,10 @@ public class GroupPermissionDao implements Dao {
    * permission, <strong>excluding group "AnyOne"</strong> (which implies the returned {@code Sett} can't contain
    * {@code null}).
    */
+  public Set<String> selectGroupUuidsWithPermissionOnEntityBut(DbSession session, String entityUuid, ProjectPermission permission) {
+    return selectGroupUuidsWithPermissionOnEntityBut(session, entityUuid, permission.getKey());
+  }
+
   public Set<String> selectGroupUuidsWithPermissionOnEntityBut(DbSession session, String entityUuid, String permission) {
     return mapper(session).selectGroupUuidsWithPermissionOnEntityBut(entityUuid, permission);
   }
@@ -205,6 +209,11 @@ public class GroupPermissionDao implements Dao {
    * @param groupUuid         if null, then anyone, else uuid of group
    * @param entityDto         if null, then global permission, otherwise the uuid of entity
    */
+  public void delete(DbSession dbSession, ProjectPermission permission, @Nullable String groupUuid,
+    @Nullable String groupName, @Nullable EntityDto entityDto) {
+    delete(dbSession, permission.getKey(), groupUuid, groupName, entityDto);
+  }
+
   public void delete(DbSession dbSession, String permission, @Nullable String groupUuid,
     @Nullable String groupName, @Nullable EntityDto entityDto) {
 
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDto.java
index e0507f7bb26..d6fcd6a3646 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDto.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/GroupPermissionDto.java
@@ -64,6 +64,10 @@ public class GroupPermissionDto {
     return role;
   }
 
+  public GroupPermissionDto setRole(ProjectPermission permission) {
+    return setRole(permission.getKey());
+  }
+
   public GroupPermissionDto setRole(String role) {
     this.role = role;
     return this;
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/PermissionQuery.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/PermissionQuery.java
index 95dd6226eea..5bb0acd62f1 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/PermissionQuery.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/PermissionQuery.java
@@ -137,6 +137,10 @@ public class PermissionQuery {
       return this;
     }
 
+    public Builder setPermission(@Nullable ProjectPermission permission) {
+      return setPermission(permission == null ? null : permission.getKey());
+    }
+
     public Builder setEntity(ComponentDto component) {
       return setEntityUuid(component.uuid());
     }
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/ProjectPermission.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/ProjectPermission.java
new file mode 100644
index 00000000000..230594b58b5
--- /dev/null
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/ProjectPermission.java
@@ -0,0 +1,77 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.db.permission;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.EnumSet;
+import java.util.Set;
+
+public enum ProjectPermission {
+
+  USER("user"),
+  ADMIN("admin"),
+  CODEVIEWER("codeviewer"),
+  ISSUE_ADMIN("issueadmin"),
+  SECURITYHOTSPOT_ADMIN("securityhotspotadmin"),
+  SCAN("scan");
+
+  /**
+   * Permissions which are implicitly available for any user, any group on public projects.
+   */
+  public static final Set<ProjectPermission> PUBLIC_PERMISSIONS = Collections.unmodifiableSet(EnumSet.of(ProjectPermission.USER, ProjectPermission.CODEVIEWER));
+
+  private final String key;
+
+  ProjectPermission(String key) {
+    this.key = key;
+  }
+
+  public String getKey() {
+    return key;
+  }
+
+  @Override
+  public String toString() {
+    return key;
+  }
+
+  public static ProjectPermission fromKey(String key) {
+    for (ProjectPermission p : values()) {
+      if (p.getKey().equals(key)) {
+        return p;
+      }
+    }
+    throw new IllegalArgumentException("Unsupported project permission: " + key);
+  }
+
+  public static boolean contains(String key) {
+    return Arrays.stream(values()).anyMatch(v -> v.getKey().equals(key));
+  }
+
+  public static boolean isPublic(ProjectPermission permission) {
+    return PUBLIC_PERMISSIONS.contains(permission);
+  }
+
+  public static boolean isPublic(String permissionKey) {
+    return PUBLIC_PERMISSIONS.stream().anyMatch(p -> p.getKey().equals(permissionKey));
+  }
+
+}
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDao.java
index 7014a0aed29..b6cc79c9f85 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDao.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDao.java
@@ -25,6 +25,7 @@ import org.sonar.db.Dao;
 import org.sonar.db.DbSession;
 import org.sonar.db.audit.AuditPersister;
 import org.sonar.db.audit.model.PermissionTemplateNewValue;
+import org.sonar.db.permission.ProjectPermission;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static java.util.Objects.requireNonNull;
@@ -41,6 +42,10 @@ public class PermissionTemplateCharacteristicDao implements Dao {
     return executeLargeInputs(templateUuids, partitionOfTemplateUuids -> mapper(dbSession).selectByTemplateUuids(partitionOfTemplateUuids));
   }
 
+  public Optional<PermissionTemplateCharacteristicDto> selectByPermissionAndTemplateId(DbSession dbSession, ProjectPermission permission, String templateUuid) {
+    return selectByPermissionAndTemplateId(dbSession, permission.getKey(), templateUuid);
+  }
+
   public Optional<PermissionTemplateCharacteristicDto> selectByPermissionAndTemplateId(DbSession dbSession, String permission, String templateUuid) {
     PermissionTemplateCharacteristicDto dto = mapper(dbSession).selectByPermissionAndTemplateUuid(permission, templateUuid);
     return Optional.ofNullable(dto);
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDto.java
index 89aebabc55d..fc3224c9ec6 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDto.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateCharacteristicDto.java
@@ -19,6 +19,8 @@
  */
 package org.sonar.db.permission.template;
 
+import org.sonar.db.permission.ProjectPermission;
+
 import static com.google.common.base.Preconditions.checkArgument;
 
 public class PermissionTemplateCharacteristicDto {
@@ -54,6 +56,10 @@ public class PermissionTemplateCharacteristicDto {
     return permission;
   }
 
+  public PermissionTemplateCharacteristicDto setPermission(ProjectPermission permission) {
+    return setPermission(permission.getKey());
+  }
+
   public PermissionTemplateCharacteristicDto setPermission(String permission) {
     checkArgument(permission.length() <= MAX_PERMISSION_KEY_LENGTH, "Permission key length (%s) is longer than the maximum authorized (%s). '%s' was provided.",
       permission.length(), MAX_PERMISSION_KEY_LENGTH, permission);
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java
index 5ef2e73adef..46a6633133e 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateDao.java
@@ -37,6 +37,7 @@ import org.sonar.db.audit.AuditPersister;
 import org.sonar.db.audit.model.PermissionTemplateNewValue;
 import org.sonar.db.permission.CountPerEntityPermission;
 import org.sonar.db.permission.PermissionQuery;
+import org.sonar.db.permission.ProjectPermission;
 
 import static java.lang.String.format;
 import static org.sonar.api.security.DefaultGroups.ANYONE;
@@ -175,6 +176,11 @@ public class PermissionTemplateDao implements Dao {
     return permissionTemplate;
   }
 
+  public void insertUserPermission(DbSession session, String templateUuid, String userUuid, ProjectPermission permission,
+    String templateName, String userLogin) {
+    insertUserPermission(session, templateUuid, userUuid, permission.getKey(), templateName, userLogin);
+  }
+
   public void insertUserPermission(DbSession session, String templateUuid, String userUuid, String permission,
     String templateName, String userLogin) {
     PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto()
@@ -192,6 +198,11 @@ public class PermissionTemplateDao implements Dao {
     session.commit();
   }
 
+  public void deleteUserPermission(DbSession session, String templateUuid, String userUuid, ProjectPermission permission,
+    String templateName, String userLogin) {
+    deleteUserPermission(session, templateUuid, userUuid, permission.getKey(), templateName, userLogin);
+  }
+
   public void deleteUserPermission(DbSession session, String templateUuid, String userUuid, String permission,
     String templateName, String userLogin) {
     PermissionTemplateUserDto permissionTemplateUser = new PermissionTemplateUserDto()
@@ -215,6 +226,11 @@ public class PermissionTemplateDao implements Dao {
     }
   }
 
+  public void insertGroupPermission(DbSession session, String templateUuid, @Nullable String groupUuid, ProjectPermission permission,
+    String templateName, @Nullable String groupName) {
+    insertGroupPermission(session, templateUuid, groupUuid, permission.getKey(), templateName, groupName);
+  }
+
   public void insertGroupPermission(DbSession session, String templateUuid, @Nullable String groupUuid, String permission,
     String templateName, @Nullable String groupName) {
     PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto()
@@ -236,6 +252,11 @@ public class PermissionTemplateDao implements Dao {
       permissionTemplateGroup.getPermission(), null, null, permissionTemplateGroup.getGroupUuid(), permissionTemplateGroup.getGroupName()));
   }
 
+  public void deleteGroupPermission(DbSession session, String templateUuid, @Nullable String groupUuid, ProjectPermission permission, String templateName,
+    @Nullable String groupName) {
+    deleteGroupPermission(session, templateUuid, groupUuid, permission.getKey(), templateName, groupName);
+  }
+
   public void deleteGroupPermission(DbSession session, String templateUuid, @Nullable String groupUuid, String permission, String templateName,
     @Nullable String groupName) {
     PermissionTemplateGroupDto permissionTemplateGroup = new PermissionTemplateGroupDto()
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateGroupDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateGroupDto.java
index 1bd6fc26ef1..94155be3d5c 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateGroupDto.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/permission/template/PermissionTemplateGroupDto.java
@@ -21,6 +21,7 @@ package org.sonar.db.permission.template;
 
 import java.util.Date;
 import javax.annotation.Nullable;
+import org.sonar.db.permission.ProjectPermission;
 
 public class PermissionTemplateGroupDto {
   private String uuid;
@@ -67,6 +68,10 @@ public class PermissionTemplateGroupDto {
     return this;
   }
 
+  public PermissionTemplateGroupDto setPermission(ProjectPermission permission) {
+    return setPermission(permission.getKey());
+  }
+
   public String getGroupName() {
     return groupName;
   }
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java
index d1e8a396407..d1e6085d072 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java
@@ -19,5 +19,20 @@
  */
 package org.sonar.db.provisioning;
 
+import org.apache.ibatis.annotations.AutomapConstructor;
+import org.sonar.db.permission.ProjectPermission;
+
 public record DevOpsPermissionsMappingDto(String uuid, String devOpsPlatform, String role, String sonarqubePermission) {
+
+  @AutomapConstructor
+  public DevOpsPermissionsMappingDto {
+  }
+
+  public DevOpsPermissionsMappingDto(String uuid, String devOpsPlatform, String role, ProjectPermission sonarqubePermission) {
+    this(uuid, devOpsPlatform, role, sonarqubePermission.getKey());
+  }
+
+  public ProjectPermission projectPermission() {
+    return ProjectPermission.fromKey(sonarqubePermission);
+  }
 }
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/RoleDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/RoleDao.java
index 6c725d60262..bc823cc79a6 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/user/RoleDao.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/RoleDao.java
@@ -19,33 +19,33 @@
  */
 package org.sonar.db.user;
 
-import com.google.common.collect.ImmutableSet;
 import java.util.Collection;
+import java.util.EnumSet;
 import java.util.List;
 import java.util.Set;
-import org.sonar.api.web.UserRole;
 import org.sonar.db.Dao;
 import org.sonar.db.DbSession;
+import org.sonar.db.permission.ProjectPermission;
 
 import static com.google.common.base.Preconditions.checkArgument;
-import static org.sonar.api.web.UserRole.CODEVIEWER;
-import static org.sonar.api.web.UserRole.USER;
+import static org.sonar.db.permission.ProjectPermission.CODEVIEWER;
+import static org.sonar.db.permission.ProjectPermission.USER;
 
 public class RoleDao implements Dao {
-  private static final Set<String> UNSUPPORTED_PROJECT_PERMISSIONS = ImmutableSet.of(USER, CODEVIEWER);
+  private static final Set<ProjectPermission> UNSUPPORTED_PROJECT_PERMISSIONS = EnumSet.of(USER, CODEVIEWER);
 
   /**
    * All the entities on which the user has {@code permission}, directly or through
    * groups.
    *
-   * @throws IllegalArgumentException this method does not support permissions {@link UserRole#USER user} nor
-   *         {@link UserRole#CODEVIEWER codeviewer} because it does not support public root components.
+   * @throws IllegalArgumentException this method does not support permissions {@link ProjectPermission#USER user} nor
+   *         {@link ProjectPermission#CODEVIEWER codeviewer} because it does not support public root components.
    */
-  public List<String> selectEntityUuidsByPermissionAndUserUuidAndQualifier(DbSession dbSession, String permission, String userUuid, Collection<String> qualifiers) {
+  public List<String> selectEntityUuidsByPermissionAndUserUuidAndQualifier(DbSession dbSession, ProjectPermission permission, String userUuid, Collection<String> qualifiers) {
     checkArgument(
       !UNSUPPORTED_PROJECT_PERMISSIONS.contains(permission),
       "Permissions %s are not supported by selectEntityUuidsByPermissionAndUserUuidAndQualifier", UNSUPPORTED_PROJECT_PERMISSIONS);
-    return mapper(dbSession).selectEntityUuidsByPermissionAndUserUuidAndQualifier(permission, userUuid, qualifiers);
+    return mapper(dbSession).selectEntityUuidsByPermissionAndUserUuidAndQualifier(permission.getKey(), userUuid, qualifiers);
   }
 
   public void deleteGroupRolesByGroupUuid(DbSession session, String groupUuid) {