SONAR-20532 Add DELETE /github-permission-mappings/{githubRole} endpoint

author: Wojtek Wajerowicz <115081248+wojciech-wajerowicz-sonarsource@users.noreply.github.com> 2023-09-26 15:07:25 +0200
committer: sonartech <sonartech@sonarsource.com> 2023-09-28 20:03:11 +0000
commit: b6375cec5bd52fb4d188467ccef4205de1287b50 (patch)
tree: fa4b5c2d53d2b8f9d58256923e966feffc5ea3e4 /server/sonar-webserver-common
parent: 162c2341904ae9b9a675f7287162a02201ec32aa (diff)
download: sonarqube-b6375cec5bd52fb4d188467ccef4205de1287b50.tar.gz
sonarqube-b6375cec5bd52fb4d188467ccef4205de1287b50.zip
2 files changed, 55 insertions, 4 deletions
diff --git a/server/sonar-webserver-common/src/it/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingServiceIT.java b/server/sonar-webserver-common/src/it/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingServiceIT.java
index a2480a3728a..58a20450506 100644
--- a/server/sonar-webserver-common/src/it/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingServiceIT.java
+++ b/server/sonar-webserver-common/src/it/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingServiceIT.java
@@ -32,8 +32,10 @@ import org.sonar.db.audit.AuditPersister;
 import org.sonar.db.provisioning.GithubPermissionsMappingDao;
 import org.sonar.db.provisioning.GithubPermissionsMappingDto;
 import org.sonar.server.common.permission.Operation;
+import org.sonar.server.exceptions.NotFoundException;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.Mockito.mock;
 import static org.sonar.server.common.github.permissions.GithubPermissionsMappingService.ADMIN_GITHUB_ROLE;
 import static org.sonar.server.common.github.permissions.GithubPermissionsMappingService.MAINTAIN_GITHUB_ROLE;
@@ -213,4 +215,41 @@ public class GithubPermissionsMappingServiceIT {
     assertThat(actualPermissionsMapping).isEqualTo(expectedPermissionsMapping);
   }
 
+  @Test
+  public void deletePermissionMappings_whenTryingToDeleteForBaseRole_shouldThrow() {
+    assertThatThrownBy(() -> underTest.deletePermissionMappings(READ_GITHUB_ROLE))
+      .isInstanceOf(IllegalArgumentException.class)
+      .hasMessage("Deleting permission mapping for GitHub base role '" + READ_GITHUB_ROLE + "' is not allowed.");
+  }
+
+  @Test
+  public void deletePermissionMappings_whenNoMappingsExistForGithubRole_shouldThrow() {
+    assertThatThrownBy(() -> underTest.deletePermissionMappings(CUSTOM_ROLE_NAME))
+      .isInstanceOf(NotFoundException.class)
+      .hasMessage("Role '" + CUSTOM_ROLE_NAME + "' not found.");
+  }
+
+  @Test
+  public void deletePermissionMappings_whenTryingToDeleteForCustomRole_shouldDeleteMapping() {
+    Map<String, Set<String>> githubRolesToSqPermissions = Map.of(
+      READ_GITHUB_ROLE, Set.of("user", "codeviewer"),
+      WRITE_GITHUB_ROLE, Set.of("user", "codeviewer", "issueadmin", "securityhotspotadmin", "admin", "scan"),
+      CUSTOM_ROLE_NAME, Set.of("user", "codeviewer", "scan"),
+      "customRole2", Set.of("user", "codeviewer"));
+
+    persistGithubPermissionsMapping(githubRolesToSqPermissions);
+    underTest.deletePermissionMappings("customRole2");
+
+    List<GithubPermissionsMapping> allPermissionMappings = underTest.getPermissionsMapping();
+
+    assertThat(allPermissionMappings)
+      .containsExactlyInAnyOrder(
+        new GithubPermissionsMapping(READ_GITHUB_ROLE, true, new SonarqubePermissions(true, true, false, false, false, false)),
+        new GithubPermissionsMapping(WRITE_GITHUB_ROLE, true, new SonarqubePermissions(true, true, true, true, true, true)),
+        new GithubPermissionsMapping(TRIAGE_GITHUB_ROLE, true, NO_SQ_PERMISSIONS),
+        new GithubPermissionsMapping(MAINTAIN_GITHUB_ROLE, true, NO_SQ_PERMISSIONS),
+        new GithubPermissionsMapping(ADMIN_GITHUB_ROLE, true, NO_SQ_PERMISSIONS),
+        new GithubPermissionsMapping(CUSTOM_ROLE_NAME, false, new SonarqubePermissions(true, true, false, false, false, true)));
+  }
+
 }
diff --git a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingService.java b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingService.java
index ed338fb00dd..68a4b884ce7 100644
--- a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingService.java
+++ b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/github/permissions/GithubPermissionsMappingService.java
@@ -30,9 +30,11 @@ import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.provisioning.GithubPermissionsMappingDao;
 import org.sonar.db.provisioning.GithubPermissionsMappingDto;
+import org.sonar.server.exceptions.NotFoundException;
 
 import static java.util.stream.Collectors.groupingBy;
 import static java.util.stream.Collectors.toSet;
+import static org.sonar.api.utils.Preconditions.checkArgument;
 import static org.sonar.server.common.permission.Operation.ADD;
 import static org.sonar.server.common.permission.Operation.REMOVE;
 
@@ -56,8 +58,7 @@ public class GithubPermissionsMappingService {
     UserRole.ISSUE_ADMIN, builder -> builder.issueAdmin(true),
     UserRole.SECURITYHOTSPOT_ADMIN, builder -> builder.securityHotspotAdmin(true),
     UserRole.ADMIN, builder -> builder.admin(true),
-    UserRole.SCAN, builder -> builder.scan(true)
-  );
+    UserRole.SCAN, builder -> builder.scan(true));
 
   private final DbClient dbClient;
   private final GithubPermissionsMappingDao githubPermissionsMappingDao;
@@ -107,6 +108,18 @@ public class GithubPermissionsMappingService {
     }
   }
 
+  public void deletePermissionMappings(String githubRole) {
+    checkArgument(!GITHUB_BASE_ROLES.contains(githubRole), "Deleting permission mapping for GitHub base role '" + githubRole + "' is not allowed.");
+    try (DbSession dbSession = dbClient.openSession(false)) {
+      Set<GithubPermissionsMappingDto> existingPermissions = githubPermissionsMappingDao.findAllForGithubRole(dbSession, githubRole);
+      if (existingPermissions.isEmpty()) {
+        throw new NotFoundException("Role '" + githubRole + "' not found.");
+      }
+      githubPermissionsMappingDao.deleteAllPermissionsForRole(dbSession, githubRole);
+      dbSession.commit();
+    }
+  }
+
   private void updatePermissionsMappings(DbSession dbSession, String githubRole, List<PermissionMappingChange> permissionChanges) {
     Set<String> currentPermissionsForRole = getSqPermissionsForGithubRole(dbSession, githubRole);
     removePermissions(dbSession, permissionChanges, currentPermissionsForRole);
@@ -135,8 +148,7 @@ public class GithubPermissionsMappingService {
       .filter(permissionMappingChange -> ADD.equals(permissionMappingChange.operation()))
       .filter(permissionMappingChange -> !currentPermissionsForRole.contains(permissionMappingChange.sonarqubePermission()))
       .forEach(
-        mapping -> githubPermissionsMappingDao.insert(dbSession, new GithubPermissionsMappingDto(uuidFactory.create(), mapping.githubRole(), mapping.sonarqubePermission()))
-      );
+        mapping -> githubPermissionsMappingDao.insert(dbSession, new GithubPermissionsMappingDto(uuidFactory.create(), mapping.githubRole(), mapping.sonarqubePermission())));
   }
 
   private static SonarqubePermissions getSonarqubePermissions(Set<GithubPermissionsMappingDto> githubPermissionsMappingDtos) {
author	Wojtek Wajerowicz <115081248+wojciech-wajerowicz-sonarsource@users.noreply.github.com>	2023-09-26 15:07:25 +0200
committer	sonartech <sonartech@sonarsource.com>	2023-09-28 20:03:11 +0000
commit	b6375cec5bd52fb4d188467ccef4205de1287b50 (patch)
tree	fa4b5c2d53d2b8f9d58256923e966feffc5ea3e4 /server/sonar-webserver-common
parent	162c2341904ae9b9a675f7287162a02201ec32aa (diff)
download	sonarqube-b6375cec5bd52fb4d188467ccef4205de1287b50.tar.gz sonarqube-b6375cec5bd52fb4d188467ccef4205de1287b50.zip