SONAR-13936 Move default permission templates to internal properties

3 files changed, 42 insertions, 118 deletions

diff --git a/server/sonar-webserver-core/src/main/java/org/sonar/server/platform/BackendCleanup.java b/server/sonar-webserver-core/src/main/java/org/sonar/server/platform/BackendCleanup.java
index c8b26751aa4..b7bbd9b0782 100644
--- a/server/sonar-webserver-core/src/main/java/org/sonar/server/platform/BackendCleanup.java
+++ b/server/sonar-webserver-core/src/main/java/org/sonar/server/platform/BackendCleanup.java
@@ -229,9 +229,12 @@ public class BackendCleanup {
    * Internal property {@link InternalProperties#DEFAULT_ORGANIZATION} must never be deleted.
    */
   private static void truncateInternalProperties(String tableName, Statement ddlStatement, Connection connection) throws SQLException {
-    try (PreparedStatement preparedStatement = connection.prepareStatement("delete from internal_properties where kee not in (?,?)")) {
+    try (PreparedStatement preparedStatement = connection.prepareStatement("delete from internal_properties where kee not in (?,?,?,?,?)")) {
       preparedStatement.setString(1, InternalProperties.DEFAULT_ORGANIZATION);
       preparedStatement.setString(2, InternalProperties.SERVER_ID_CHECKSUM);
+      preparedStatement.setString(3, InternalProperties.DEFAULT_PROJECT_TEMPLATE);
+      preparedStatement.setString(4, InternalProperties.DEFAULT_PORTFOLIO_TEMPLATE);
+      preparedStatement.setString(5, InternalProperties.DEFAULT_APPLICATION_TEMPLATE);
       preparedStatement.execute();
       // commit is useless on some databases
       connection.commit();
diff --git a/server/sonar-webserver-core/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java b/server/sonar-webserver-core/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java
index ce495844b16..a027562baff 100644
--- a/server/sonar-webserver-core/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java
+++ b/server/sonar-webserver-core/src/main/java/org/sonar/server/startup/RegisterPermissionTemplates.java
@@ -23,31 +23,35 @@ import java.util.Date;
 import java.util.Optional;
 import org.picocontainer.Startable;
 import org.sonar.api.security.DefaultGroups;
+import org.sonar.api.utils.System2;
 import org.sonar.api.utils.log.Logger;
 import org.sonar.api.utils.log.Loggers;
 import org.sonar.api.utils.log.Profiler;
 import org.sonar.api.web.UserRole;
+import org.sonar.core.util.UuidFactory;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
-import org.sonar.db.organization.DefaultTemplates;
 import org.sonar.db.permission.OrganizationPermission;
 import org.sonar.db.permission.template.PermissionTemplateDto;
 import org.sonar.db.user.GroupDto;
-import org.sonar.server.organization.DefaultOrganizationProvider;
+import org.sonar.server.usergroups.DefaultGroupFinder;
 
-import static java.lang.String.format;
+import static org.sonar.server.property.InternalProperties.DEFAULT_PROJECT_TEMPLATE;
 
 public class RegisterPermissionTemplates implements Startable {
 
   private static final Logger LOG = Loggers.get(RegisterPermissionTemplates.class);
-  private static final String DEFAULT_TEMPLATE_UUID = "default_template";
 
   private final DbClient dbClient;
-  private final DefaultOrganizationProvider defaultOrganizationProvider;
+  private final UuidFactory uuidFactory;
+  private final System2 system2;
+  private final DefaultGroupFinder defaultGroupFinder;
 
-  public RegisterPermissionTemplates(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) {
+  public RegisterPermissionTemplates(DbClient dbClient, UuidFactory uuidFactory, System2 system2, DefaultGroupFinder defaultGroupFinder) {
     this.dbClient = dbClient;
-    this.defaultOrganizationProvider = defaultOrganizationProvider;
+    this.uuidFactory = uuidFactory;
+    this.system2 = system2;
+    this.defaultGroupFinder = defaultGroupFinder;
   }
 
   @Override
@@ -55,11 +59,10 @@ public class RegisterPermissionTemplates implements Startable {
     Profiler profiler = Profiler.create(Loggers.get(getClass())).startInfo("Register permission templates");
 
     try (DbSession dbSession = dbClient.openSession(false)) {
-      String defaultOrganizationUuid = defaultOrganizationProvider.get().getUuid();
-      Optional<DefaultTemplates> defaultTemplates = dbClient.organizationDao().getDefaultTemplates(dbSession, defaultOrganizationUuid);
-      if (!defaultTemplates.isPresent()) {
+      Optional<String> defaultProjectTemplate = dbClient.internalPropertiesDao().selectByKey(dbSession, DEFAULT_PROJECT_TEMPLATE);
+      if (!defaultProjectTemplate.isPresent()) {
         PermissionTemplateDto defaultTemplate = getOrInsertDefaultTemplate(dbSession);
-        dbClient.organizationDao().setDefaultTemplates(dbSession, defaultOrganizationUuid, new DefaultTemplates().setProjectUuid(defaultTemplate.getUuid()));
+        dbClient.internalPropertiesDao().save(dbSession, DEFAULT_PROJECT_TEMPLATE, defaultTemplate.getUuid());
         dbSession.commit();
       }
     }
@@ -73,17 +76,12 @@ public class RegisterPermissionTemplates implements Startable {
   }
 
   private PermissionTemplateDto getOrInsertDefaultTemplate(DbSession dbSession) {
-    PermissionTemplateDto permissionTemplateDto = dbClient.permissionTemplateDao().selectByUuid(dbSession, DEFAULT_TEMPLATE_UUID);
-    if (permissionTemplateDto != null) {
-      return permissionTemplateDto;
-    }
-
     PermissionTemplateDto template = new PermissionTemplateDto()
       .setName("Default template")
-      .setUuid(DEFAULT_TEMPLATE_UUID)
+      .setUuid(uuidFactory.create())
       .setDescription("This permission template will be used as default when no other permission configuration is available")
-      .setCreatedAt(new Date())
-      .setUpdatedAt(new Date());
+      .setCreatedAt(new Date(system2.now()))
+      .setUpdatedAt(new Date(system2.now()));
 
     dbClient.permissionTemplateDao().insert(dbSession, template);
     insertDefaultGroupPermissions(dbSession, template);
@@ -108,10 +106,7 @@ public class RegisterPermissionTemplates implements Startable {
   }
 
   private void insertPermissionsForDefaultGroup(DbSession dbSession, PermissionTemplateDto template) {
-    String defaultGroupUuid = dbClient.organizationDao().getDefaultGroupUuid(dbSession, defaultOrganizationProvider.get().getUuid())
-      .orElseThrow(() -> new IllegalStateException("Default group is not defined"));
-    GroupDto defaultGroup = Optional.ofNullable(dbClient.groupDao().selectByUuid(dbSession, defaultGroupUuid))
-      .orElseThrow(() -> new IllegalStateException(format("Default group with id %s doesn't exist", defaultGroupUuid)));
+    GroupDto defaultGroup = defaultGroupFinder.findDefaultGroup(dbSession);
     insertGroupPermission(dbSession, template, UserRole.USER, defaultGroup);
     insertGroupPermission(dbSession, template, UserRole.CODEVIEWER, defaultGroup);
     insertGroupPermission(dbSession, template, UserRole.ISSUE_ADMIN, defaultGroup);
diff --git a/server/sonar-webserver-core/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java b/server/sonar-webserver-core/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java
index 1c9d0879c11..ebb7b0f1cd0 100644
--- a/server/sonar-webserver-core/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java
+++ b/server/sonar-webserver-core/src/test/java/org/sonar/server/startup/RegisterPermissionTemplatesTest.java
@@ -25,30 +25,24 @@ import java.util.Optional;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
-import org.sonar.api.resources.Qualifiers;
-import org.sonar.api.resources.ResourceTypes;
 import org.sonar.api.security.DefaultGroups;
 import org.sonar.api.utils.System2;
 import org.sonar.api.utils.log.LogTester;
 import org.sonar.api.utils.log.LoggerLevel;
 import org.sonar.api.web.UserRole;
+import org.sonar.core.util.UuidFactoryFast;
 import org.sonar.db.DbTester;
-import org.sonar.db.organization.DefaultTemplates;
 import org.sonar.db.permission.OrganizationPermission;
 import org.sonar.db.permission.template.PermissionTemplateDto;
 import org.sonar.db.permission.template.PermissionTemplateGroupDto;
 import org.sonar.db.user.GroupDto;
-import org.sonar.server.organization.DefaultOrganizationProvider;
-import org.sonar.server.organization.TestDefaultOrganizationProvider;
+import org.sonar.server.usergroups.DefaultGroupFinder;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.sonar.db.permission.template.PermissionTemplateTesting.newPermissionTemplateDto;
+import static org.sonar.server.property.InternalProperties.DEFAULT_PROJECT_TEMPLATE;
 
 public class RegisterPermissionTemplatesTest {
-  private static final String DEFAULT_TEMPLATE_UUID = "default_template";
 
   @Rule
   public DbTester db = DbTester.create(System2.INSTANCE);
@@ -57,62 +51,13 @@ public class RegisterPermissionTemplatesTest {
   @Rule
   public ExpectedException expectedException = ExpectedException.none();
 
-  private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);
-  private ResourceTypes resourceTypes = mock(ResourceTypes.class);
-  private RegisterPermissionTemplates underTest = new RegisterPermissionTemplates(db.getDbClient(), defaultOrganizationProvider);
+  private RegisterPermissionTemplates underTest = new RegisterPermissionTemplates(db.getDbClient(), UuidFactoryFast.getInstance(), System2.INSTANCE, new DefaultGroupFinder(db.getDbClient()));
 
   @Test
-  public void fail_with_ISE_if_default_template_must_be_created_and_no_default_group_is_defined() {
-    expectedException.expect(IllegalStateException.class);
-    expectedException.expectMessage("Default group is not defined");
-
-    underTest.start();
-  }
-
-  @Test
-  public void fail_with_ISE_if_default_template_must_be_created_and_default_group_does_not_exist() {
-    setDefaultGroup(new GroupDto().setUuid("22"));
-
-    expectedException.expect(IllegalStateException.class);
-    expectedException.expectMessage("Default group with id 22 doesn't exist");
-
-    underTest.start();
-  }
-
-  @Test
-  public void insert_default_permission_template_if_fresh_install_without_governance() {
-    GroupDto defaultGroup = createAndSetDefaultGroup();
-    db.users().insertGroup(DefaultGroups.ADMINISTRATORS);
-
-    when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(false);
-    when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(false);
-    underTest.start();
-
-    PermissionTemplateDto defaultTemplate = selectTemplate();
-    assertThat(defaultTemplate.getName()).isEqualTo("Default template");
-
-    List<PermissionTemplateGroupDto> groupPermissions = selectGroupPermissions(defaultTemplate);
-    assertThat(groupPermissions).hasSize(7);
-    expectGroupPermission(groupPermissions, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS);
-    expectGroupPermission(groupPermissions, OrganizationPermission.APPLICATION_CREATOR.getKey(), DefaultGroups.ADMINISTRATORS);
-    expectGroupPermission(groupPermissions, OrganizationPermission.PORTFOLIO_CREATOR.getKey(), DefaultGroups.ADMINISTRATORS);
-    expectGroupPermission(groupPermissions, UserRole.CODEVIEWER, defaultGroup.getName());
-    expectGroupPermission(groupPermissions, UserRole.USER, defaultGroup.getName());
-    expectGroupPermission(groupPermissions, UserRole.ISSUE_ADMIN, defaultGroup.getName());
-    expectGroupPermission(groupPermissions, UserRole.SECURITYHOTSPOT_ADMIN, defaultGroup.getName());
-
-    verifyDefaultTemplates();
-
-    assertThat(logTester.logs(LoggerLevel.ERROR)).isEmpty();
-  }
-
-  @Test
-  public void insert_default_permission_template_if_fresh_install_with_governance() {
-    GroupDto defaultGroup = createAndSetDefaultGroup();
+  public void insert_default_permission_template_if_fresh_install() {
+    GroupDto defaultGroup = db.users().insertDefaultGroup();
     db.users().insertGroup(DefaultGroups.ADMINISTRATORS);
 
-    when(resourceTypes.isQualifierPresent(eq(Qualifiers.APP))).thenReturn(true);
-    when(resourceTypes.isQualifierPresent(eq(Qualifiers.VIEW))).thenReturn(true);
     underTest.start();
 
     PermissionTemplateDto defaultTemplate = selectTemplate();
@@ -128,14 +73,14 @@ public class RegisterPermissionTemplatesTest {
     expectGroupPermission(groupPermissions, UserRole.ISSUE_ADMIN, defaultGroup.getName());
     expectGroupPermission(groupPermissions, UserRole.SECURITYHOTSPOT_ADMIN, defaultGroup.getName());
 
-    verifyDefaultTemplates();
+    verifyDefaultTemplateForProject(defaultTemplate.getUuid());
 
     assertThat(logTester.logs(LoggerLevel.ERROR)).isEmpty();
   }
 
   @Test
   public void ignore_administrators_permissions_if_group_does_not_exist() {
-    GroupDto defaultGroup = createAndSetDefaultGroup();
+    GroupDto defaultGroup = db.users().insertDefaultGroup();
 
     underTest.start();
 
@@ -149,33 +94,25 @@ public class RegisterPermissionTemplatesTest {
     expectGroupPermission(groupPermissions, UserRole.ISSUE_ADMIN, defaultGroup.getName());
     expectGroupPermission(groupPermissions, UserRole.SECURITYHOTSPOT_ADMIN, defaultGroup.getName());
 
-    verifyDefaultTemplates();
+    verifyDefaultTemplateForProject(defaultTemplate.getUuid());
 
     assertThat(logTester.logs(LoggerLevel.ERROR)).contains("Cannot setup default permission for group: sonar-administrators");
   }
 
   @Test
-  public void do_not_create_default_template_if_already_exists_but_register_when_it_is_not() {
-    db.permissionTemplates().insertTemplate(newPermissionTemplateDto().setUuid(DEFAULT_TEMPLATE_UUID));
-
-    underTest.start();
-
-    verifyDefaultTemplates();
-  }
-
-  @Test
-  public void do_not_fail_if_default_template_exists_and_is_registered() {
-    PermissionTemplateDto projectTemplate = db.permissionTemplates().insertTemplate(newPermissionTemplateDto()
-      .setUuid(DEFAULT_TEMPLATE_UUID));
-    db.organizations().setDefaultTemplates(projectTemplate, null, null);
+  public void do_not_fail_if_default_template_exists() {
+    db.users().insertDefaultGroup();
+    PermissionTemplateDto projectTemplate = db.permissionTemplates().insertTemplate(newPermissionTemplateDto());
+    db.getDbClient().internalPropertiesDao().save(db.getSession(), DEFAULT_PROJECT_TEMPLATE, projectTemplate.getUuid());
+    db.commit();
 
     underTest.start();
 
-    verifyDefaultTemplates();
+    verifyDefaultTemplateForProject(projectTemplate.getUuid());
   }
 
   private PermissionTemplateDto selectTemplate() {
-    return db.getDbClient().permissionTemplateDao().selectByUuid(db.getSession(), DEFAULT_TEMPLATE_UUID);
+    return db.getDbClient().permissionTemplateDao().selectByName(db.getSession(), "Default template");
   }
 
   private List<PermissionTemplateGroupDto> selectGroupPermissions(PermissionTemplateDto template) {
@@ -189,21 +126,10 @@ public class RegisterPermissionTemplatesTest {
         .isTrue();
   }
 
-  private void verifyDefaultTemplates() {
-    Optional<DefaultTemplates> defaultTemplates = db.getDbClient().organizationDao().getDefaultTemplates(db.getSession(), db.getDefaultOrganization().getUuid());
-    assertThat(defaultTemplates)
-      .isPresent();
-    assertThat(defaultTemplates.get().getProjectUuid()).isEqualTo(DEFAULT_TEMPLATE_UUID);
+  private void verifyDefaultTemplateForProject(String expectedDefaultTemplateForProjectUuid) {
+    Optional<String> defaultPermissionTemplateForProject = db.getDbClient().internalPropertiesDao().selectByKey(db.getSession(), DEFAULT_PROJECT_TEMPLATE);
+    assertThat(defaultPermissionTemplateForProject).isPresent();
+    assertThat(defaultPermissionTemplateForProject).contains(expectedDefaultTemplateForProjectUuid);
   }
 
-  private void setDefaultGroup(GroupDto defaultGroup) {
-    db.getDbClient().organizationDao().setDefaultGroupUuid(db.getSession(), db.getDefaultOrganization().getUuid(), defaultGroup);
-    db.commit();
-  }
-
-  private GroupDto createAndSetDefaultGroup() {
-    GroupDto res = db.users().insertGroup();
-    setDefaultGroup(res);
-    return res;
-  }
 }