SONAR-6912 do not remove a group member if no more admins

2 files changed, 16 insertions, 2 deletions

diff --git a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java
index 9b60f610117..50845b65cea 100644
--- a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java
@@ -79,7 +79,7 @@ public class AuthorizationDao implements Dao {
   }
 
   /**
-   * The number of users who will still have the permission when the group {@code excludedGroupId}
+   * The number of users who will still have the permission if the group {@code excludedGroupId}
    * is deleted. The anyone virtual group is not taken into account.
    */
   public int countUsersWithGlobalPermissionExcludingGroup(DbSession dbSession, String organizationUuid,
@@ -88,7 +88,7 @@ public class AuthorizationDao implements Dao {
   }
 
   /**
-   * The number of users who will still have the permission when the user {@code excludedUserId}
+   * The number of users who will still have the permission if the user {@code excludedUserId}
    * is deleted. The anyone virtual group is not taken into account.
    */
   public int countUsersWithGlobalPermissionExcludingUser(DbSession dbSession, String organizationUuid,
@@ -96,6 +96,17 @@ public class AuthorizationDao implements Dao {
     return mapper(dbSession).countUsersWithGlobalPermissionExcludingUser(organizationUuid, permission, excludedUSerId);
   }
 
+  /**
+   * The number of users who will still have the permission if the user {@code userId}
+   * is removed from group {@code groupId}. The anyone virtual group is not taken into account.
+   * Contrary to {@link #countUsersWithGlobalPermissionExcludingUser(DbSession, String, String, long)}, user
+   * still exists and may have the permission directly or through other groups.
+   */
+  public int countUsersWithGlobalPermissionExcludingGroupMember(DbSession dbSession, String organizationUuid,
+    String permission, long groupId, long userId) {
+    return mapper(dbSession).countUsersWithGlobalPermissionExcludingGroupMember(organizationUuid, permission, groupId, userId);
+  }
+
   public Set<Long> keepAuthorizedProjectIds(DbSession dbSession, Collection<Long> componentIds, @Nullable Integer userId, String role) {
     return executeLargeInputsIntoSet(
       componentIds,
diff --git a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java
index df686f1cac6..5c7e2ae853e 100644
--- a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java
@@ -43,6 +43,9 @@ public interface AuthorizationMapper {
   int countUsersWithGlobalPermissionExcludingUser(@Param("organizationUuid") String organizationUuid, @Param("permission") String permission,
     @Param("excludedUserId") long excludedUserId);
 
+  int countUsersWithGlobalPermissionExcludingGroupMember(@Param("organizationUuid") String organizationUuid,
+                                                         @Param("permission") String permission, @Param("groupId") long groupId, @Param("userId") long userId);
+
   Set<Long> keepAuthorizedProjectIdsForAnonymous(@Param("role") String role, @Param("componentIds") Collection<Long> componentIds);
 
   Set<Long> keepAuthorizedProjectIdsForUser(@Param("userId") long userId, @Param("role") String role, @Param("componentIds") Collection<Long> componentIds);