SONAR-10176 Fix query of users having a global permission

2 files changed, 5 insertions, 0 deletions

diff --git a/server/sonar-db-dao/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml b/server/sonar-db-dao/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml
index 60f105b4ede..3df9e766e1e 100644
--- a/server/sonar-db-dao/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml
+++ b/server/sonar-db-dao/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml
@@ -385,6 +385,7 @@
     inner join users u on u.id=ur.user_id
     where
     ur.role=#{permission,jdbcType=VARCHAR}
+    and ur.resource_id is null
 
     union
 
@@ -394,6 +395,7 @@
     inner join users u on u.id=gu.user_id
     where
     gr.role = #{permission,jdbcType=VARCHAR} and
+    gr.resource_id is null and
     gr.group_id is not null
   </select>
 
diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java
index 951f8011a03..2e6ba70c1e2 100644
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/permission/AuthorizationDaoTest.java
@@ -1021,8 +1021,11 @@ public class AuthorizationDaoTest {
     UserDto user3 = db.users().insertUser();
     db.users().insertMember(administratorGroup2, user3);
 
+    ComponentDto project = db.components().insertPrivateProject();
+
     UserDto user4 = db.users().insertUser();
     db.users().insertPermissionOnUser(organization1, user4, ADMINISTER_QUALITY_PROFILES);
+    db.users().insertProjectPermissionOnUser(user4, "admin", project);
     db.users().insertUser();
 
     List<String> logins = underTest.selectGlobalAdministratorLogins(dbSession);