SONAR-4453 Apply permission template to a list of resources in the internal permission service

3 files changed, 200 insertions, 75 deletions

diff --git a/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java b/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java
new file mode 100644
index 00000000000..7d73036c689
--- /dev/null
+++ b/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java
@@ -0,0 +1,157 @@
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+package org.sonar.core.permission;
+
+import org.apache.ibatis.session.SqlSession;
+import org.sonar.api.ServerExtension;
+import org.sonar.api.security.DefaultGroups;
+import org.sonar.api.task.TaskExtension;
+import org.sonar.core.persistence.MyBatis;
+import org.sonar.core.user.*;
+
+import java.util.List;
+
+/**
+ * Internal use only
+ * @since 3.7
+ *
+ * This facade wraps all the db operations related to component-based permissions
+ */
+public class ComponentPermissionFacade implements TaskExtension, ServerExtension {
+
+  private final MyBatis myBatis;
+  private final RoleDao roleDao;
+  private final UserDao userDao;
+  private final PermissionDao permissionDao;
+
+  public ComponentPermissionFacade(MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionDao permissionDao) {
+    this.myBatis = myBatis;
+    this.roleDao = roleDao;
+    this.userDao = userDao;
+    this.permissionDao = permissionDao;
+  }
+
+  public void setUserPermission(Long resourceId, String userLogin, String permission) {
+    SqlSession session = myBatis.openSession();
+    try {
+      UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(userLogin);
+      if (user != null) {
+        UserRoleDto userRole = new UserRoleDto()
+          .setRole(permission)
+          .setUserId(user.getId())
+          .setResourceId(Long.valueOf(resourceId));
+        roleDao.deleteUserRole(userRole, session);
+        roleDao.insertUserRole(userRole, session);
+        session.commit();
+      }
+    } finally {
+      MyBatis.closeQuietly(session);
+    }
+  }
+
+  public void setGroupPermission(Long resourceId, String groupName, String permission) {
+    SqlSession session = myBatis.openSession();
+    try {
+      GroupRoleDto groupRole = new GroupRoleDto()
+        .setRole(permission)
+        .setResourceId(Long.valueOf(resourceId));
+      if (DefaultGroups.isAnyone(groupName)) {
+        roleDao.deleteGroupRole(groupRole, session);
+        roleDao.insertGroupRole(groupRole, session);
+        session.commit();
+      } else {
+        GroupDto group = userDao.selectGroupByName(groupName, session);
+        if (group != null) {
+          groupRole.setGroupId(group.getId());
+          roleDao.deleteGroupRole(groupRole, session);
+          roleDao.insertGroupRole(groupRole, session);
+          session.commit();
+        }
+      }
+    } finally {
+      MyBatis.closeQuietly(session);
+    }
+  }
+
+  public int countPermissions(Long resourceId) {
+    return roleDao.countGroupRoles(resourceId) + roleDao.countUserRoles(resourceId);
+  }
+
+  public void removeAllPermissions(Long resourceId, SqlSession session) {
+    roleDao.deleteGroupRolesByResourceId(resourceId, session);
+    roleDao.deleteUserRolesByResourceId(resourceId, session);
+  }
+
+  public void addUserPermission(Long resourceId, String userLogin, String permission, SqlSession session) {
+    UserDto user = userDao.selectActiveUserByLogin(userLogin, session);
+    if (user != null) {
+      UserRoleDto userRoleDto = new UserRoleDto().setRole(permission).setUserId(user.getId()).setResourceId(resourceId);
+      roleDao.insertUserRole(userRoleDto, session);
+    }
+  }
+
+  public void addGroupPermission(Long resourceId, String groupName, String permission, SqlSession session) {
+    GroupRoleDto groupRole = new GroupRoleDto().setRole(permission).setResourceId(resourceId);
+    if (DefaultGroups.isAnyone(groupName)) {
+      roleDao.insertGroupRole(groupRole, session);
+    } else {
+      GroupDto group = userDao.selectGroupByName(groupName, session);
+      if (group != null) {
+        roleDao.insertGroupRole(groupRole.setGroupId(group.getId()), session);
+      }
+    }
+  }
+
+  public PermissionTemplateDto getPermissionTemplate(Long templateId) {
+    PermissionTemplateDto permissionTemplateDto = permissionDao.selectTemplateById(templateId);
+    if(permissionTemplateDto == null) {
+      throw new IllegalArgumentException("Could not retrieve permission template with id " + templateId);
+    }
+    PermissionTemplateDto templateWithPermissions = permissionDao.selectPermissionTemplate(permissionTemplateDto.getName());
+    if(templateWithPermissions == null) {
+      throw new IllegalArgumentException("Could not retrieve permissions for template with id " + templateId);
+    }
+    return templateWithPermissions;
+  }
+
+  public void applyPermissionTemplate(Long templateId, Long resourceId) {
+    SqlSession session = myBatis.openSession();
+    try {
+      PermissionTemplateDto permissionTemplate = getPermissionTemplate(templateId);
+      List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions();
+      if(usersPermissions != null) {
+        for (PermissionTemplateUserDto userPermission : usersPermissions) {
+          addUserPermission(resourceId, userPermission.getUserLogin(), userPermission.getPermission(), session);
+
+        }
+      }
+      List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions();
+      if(groupsPermissions != null) {
+        for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
+          addGroupPermission(resourceId, groupPermission.getGroupName(), groupPermission.getPermission(), session);
+        }
+      }
+      session.commit();
+    } finally {
+      MyBatis.closeQuietly(session);
+    }
+  }
+}
diff --git a/sonar-core/src/main/java/org/sonar/core/permission/package-info.java b/sonar-core/src/main/java/org/sonar/core/permission/package-info.java
new file mode 100644
index 00000000000..78344ab013d
--- /dev/null
+++ b/sonar-core/src/main/java/org/sonar/core/permission/package-info.java
@@ -0,0 +1,24 @@
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+@ParametersAreNonnullByDefault
+package org.sonar.core.permission;
+
+import javax.annotation.ParametersAreNonnullByDefault;
\ No newline at end of file
diff --git a/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java b/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java
index eb8febb0fc5..cdaf5b445fb 100644
--- a/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java
+++ b/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java
@@ -28,8 +28,11 @@ import org.sonar.api.security.DefaultGroups;
 import org.sonar.api.security.ResourcePermissions;
 import org.sonar.api.task.TaskExtension;
 import org.sonar.api.web.UserRole;
+import org.sonar.core.permission.ComponentPermissionFacade;
 import org.sonar.core.persistence.MyBatis;
-import org.sonar.core.user.*;
+import org.sonar.core.user.PermissionTemplateDto;
+import org.sonar.core.user.PermissionTemplateGroupDto;
+import org.sonar.core.user.PermissionTemplateUserDto;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -41,69 +44,31 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte
 
   private final Settings settings;
   private final MyBatis myBatis;
-  private final RoleDao roleDao;
-  private final UserDao userDao;
-  private final PermissionDao permissionDao;
+  private final ComponentPermissionFacade permissionFacade;
 
-  public DefaultResourcePermissions(Settings settings, MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionDao permissionDao) {
+  public DefaultResourcePermissions(Settings settings, MyBatis myBatis, ComponentPermissionFacade permissionFacade) {
     this.settings = settings;
     this.myBatis = myBatis;
-    this.roleDao = roleDao;
-    this.userDao = userDao;
-    this.permissionDao = permissionDao;
+    this.permissionFacade = permissionFacade;
   }
 
   public boolean hasRoles(Resource resource) {
     if (resource.getId() != null) {
       Long resourceId = Long.valueOf(resource.getId());
-      return roleDao.countGroupRoles(resourceId) + roleDao.countUserRoles(resourceId) > 0;
+      return permissionFacade.countPermissions(resourceId) > 0;
     }
     return false;
   }
 
   public void grantUserRole(Resource resource, String login, String role) {
     if (resource.getId() != null) {
-      SqlSession session = myBatis.openSession();
-      try {
-        UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(login);
-        if (user != null) {
-          UserRoleDto userRole = new UserRoleDto()
-              .setRole(role)
-              .setUserId(user.getId())
-              .setResourceId(Long.valueOf(resource.getId()));
-          roleDao.deleteUserRole(userRole, session);
-          roleDao.insertUserRole(userRole, session);
-          session.commit();
-        }
-      } finally {
-        MyBatis.closeQuietly(session);
-      }
+      permissionFacade.setUserPermission(Long.valueOf(resource.getId()), login, role);
     }
   }
 
   public void grantGroupRole(Resource resource, String groupName, String role) {
     if (resource.getId() != null) {
-      SqlSession session = myBatis.openSession();
-      try {
-        GroupRoleDto groupRole = new GroupRoleDto()
-            .setRole(role)
-            .setResourceId(Long.valueOf(resource.getId()));
-        if (DefaultGroups.isAnyone(groupName)) {
-          roleDao.deleteGroupRole(groupRole, session);
-          roleDao.insertGroupRole(groupRole, session);
-          session.commit();
-        } else {
-          GroupDto group = userDao.selectGroupByName(groupName, session);
-          if (group != null) {
-            groupRole.setGroupId(group.getId());
-            roleDao.deleteGroupRole(groupRole, session);
-            roleDao.insertGroupRole(groupRole, session);
-            session.commit();
-          }
-        }
-      } finally {
-        MyBatis.closeQuietly(session);
-      }
+      permissionFacade.setGroupPermission(Long.valueOf(resource.getId()), groupName, role);
     }
   }
 
@@ -124,8 +89,7 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte
 
   private void removeRoles(Resource resource, SqlSession session) {
     Long resourceId = Long.valueOf(resource.getId());
-    roleDao.deleteGroupRolesByResourceId(resourceId, session);
-    roleDao.deleteUserRolesByResourceId(resourceId, session);
+    permissionFacade.removeAllPermissions(resourceId, session);
   }
 
   private void grantDefaultRoles(Resource resource, String role, SqlSession session) {
@@ -133,24 +97,14 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte
 
     List<String> groupNames = getEligibleGroups(role, applicablePermissionTemplate);
     for (String groupName : groupNames) {
-      GroupRoleDto groupRole = new GroupRoleDto().setRole(role).setResourceId(Long.valueOf(resource.getId()));
-      if (DefaultGroups.isAnyone(groupName)) {
-        roleDao.insertGroupRole(groupRole, session);
-      } else {
-        GroupDto group = userDao.selectGroupByName(groupName, session);
-        if (group != null) {
-          roleDao.insertGroupRole(groupRole.setGroupId(group.getId()), session);
-        }
-      }
+      Long resourceId = Long.valueOf(resource.getId());
+      permissionFacade.addGroupPermission(resourceId, groupName, role, session);
     }
 
     List<String> logins = getEligibleUsers(role, applicablePermissionTemplate);
     for (String login : logins) {
-      UserDto user = userDao.selectActiveUserByLogin(login, session);
-      if (user != null) {
-        UserRoleDto userRoleDto = new UserRoleDto().setRole(role).setUserId(user.getId()).setResourceId(Long.valueOf(resource.getId()));
-        roleDao.insertUserRole(userRoleDto, session);
-      }
+      Long resourceId = Long.valueOf(resource.getId());
+      permissionFacade.addUserPermission(resourceId, login, role, session);
     }
   }
 
@@ -184,25 +138,15 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte
   private PermissionTemplateDto getPermissionTemplate(String qualifier) {
     String qualifierTemplateId = settings.getString("sonar.permission.template." + qualifier + ".default");
     if(!StringUtils.isBlank(qualifierTemplateId)) {
-      return getTemplateWithPermissions(qualifierTemplateId);
+      Long templateId = Long.parseLong(qualifierTemplateId);
+      return permissionFacade.getPermissionTemplate(templateId);
     }
 
     String defaultTemplateId = settings.getString("sonar.permission.template.default");
     if(StringUtils.isBlank(defaultTemplateId)) {
       throw new IllegalStateException("At least one default permission template should be defined");
     }
-    return getTemplateWithPermissions(defaultTemplateId);
-  }
-
-  private PermissionTemplateDto getTemplateWithPermissions(String templateId) {
-    PermissionTemplateDto permissionTemplateDto = permissionDao.selectTemplateById(Long.parseLong(templateId));
-    if(permissionTemplateDto == null) {
-      throw new IllegalArgumentException("Could not retrieve permission template with id " + templateId);
-    }
-    PermissionTemplateDto templateWithPermissions = permissionDao.selectPermissionTemplate(permissionTemplateDto.getName());
-    if(templateWithPermissions == null) {
-      throw new IllegalArgumentException("Could not retrieve permissions for template with id " + templateId);
-    }
-    return templateWithPermissions;
+    Long templateId = Long.parseLong(defaultTemplateId);
+    return permissionFacade.getPermissionTemplate(templateId);
   }
 }