SONAR-8608 consistent organization on permission/group/component

6 files changed, 73 insertions, 0 deletions

diff --git a/sonar-db/src/main/java/org/sonar/db/component/ComponentMapper.java b/sonar-db/src/main/java/org/sonar/db/component/ComponentMapper.java
index 7cf6f163b49..ed88b3950e0 100644
--- a/sonar-db/src/main/java/org/sonar/db/component/ComponentMapper.java
+++ b/sonar-db/src/main/java/org/sonar/db/component/ComponentMapper.java
@@ -57,6 +57,14 @@ public interface ComponentMapper {
 
   List<ComponentDto> selectComponentsByQualifiers(@Param("qualifiers") Collection<String> qualifiers);
 
+  /**
+   * Counts the number of components with the specified id belonging to the specified organization.
+   *
+   * @return 1 or 0. Either because the organization uuid is not the one of the component or because the component does
+   *         not exist.
+   */
+  int countComponentByOrganizationAndId(@Param("organizationUuid") String organizationUuid, @Param("componentId") long componentId);
+
   List<ComponentDto> selectByQuery(@Param("query") ComponentQuery query, RowBounds rowBounds);
 
   int countByQuery(@Param("query") ComponentQuery query);
diff --git a/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionDao.java b/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionDao.java
index 77ee9cd6907..ac972f2e31a 100644
--- a/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionDao.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionDao.java
@@ -28,7 +28,10 @@ import org.apache.ibatis.session.RowBounds;
 import org.sonar.api.security.DefaultGroups;
 import org.sonar.db.Dao;
 import org.sonar.db.DbSession;
+import org.sonar.db.component.ComponentMapper;
+import org.sonar.db.user.GroupMapper;
 
+import static com.google.common.base.Preconditions.checkArgument;
 import static org.sonar.db.DatabaseUtils.executeLargeInputs;
 import static org.sonar.db.DatabaseUtils.executeLargeInputsWithoutOutput;
 
@@ -102,9 +105,33 @@ public class GroupPermissionDao implements Dao {
   }
 
   public void insert(DbSession dbSession, GroupPermissionDto dto) {
+    ensureComponentPermissionConsistency(dbSession, dto);
+    ensureGroupPermissionConsistency(dbSession, dto);
     mapper(dbSession).insert(dto);
   }
 
+  private static void ensureComponentPermissionConsistency(DbSession dbSession, GroupPermissionDto dto) {
+    if (dto.getResourceId() == null) {
+      return;
+    }
+    ComponentMapper componentMapper = dbSession.getMapper(ComponentMapper.class);
+    checkArgument(
+      componentMapper.countComponentByOrganizationAndId(dto.getOrganizationUuid(), dto.getResourceId()) == 1,
+      "Can't insert permission '%s' for component with id '%s' in organization with uuid '%s' because this component does not belong to organization with uuid '%s'",
+      dto.getRole(), dto.getResourceId(), dto.getOrganizationUuid(), dto.getOrganizationUuid());
+  }
+
+  private static void ensureGroupPermissionConsistency(DbSession dbSession, GroupPermissionDto dto) {
+    if (dto.getGroupId() == null) {
+      return;
+    }
+    GroupMapper groupMapper = dbSession.getMapper(GroupMapper.class);
+    checkArgument(
+      groupMapper.countGroupByOrganizationAndId(dto.getOrganizationUuid(), dto.getGroupId()) == 1,
+      "Can't insert permission '%s' for group with id '%s' in organization with uuid '%s' because this group does not belong to organization with uuid '%s'",
+      dto.getRole(), dto.getGroupId(), dto.getOrganizationUuid(), dto.getOrganizationUuid());
+  }
+
   /**
    * Delete all the permissions associated to a root component (project)
    */
diff --git a/sonar-db/src/main/java/org/sonar/db/permission/UserPermissionDao.java b/sonar-db/src/main/java/org/sonar/db/permission/UserPermissionDao.java
index ac72fe33491..5490c119b70 100644
--- a/sonar-db/src/main/java/org/sonar/db/permission/UserPermissionDao.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/UserPermissionDao.java
@@ -27,6 +27,7 @@ import org.sonar.core.util.stream.Collectors;
 import org.sonar.db.Dao;
 import org.sonar.db.DatabaseUtils;
 import org.sonar.db.DbSession;
+import org.sonar.db.component.ComponentMapper;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static java.util.Collections.emptyList;
@@ -107,9 +108,21 @@ public class UserPermissionDao implements Dao {
   }
 
   public void insert(DbSession dbSession, UserPermissionDto dto) {
+    ensureComponentPermissionConsistency(dbSession, dto);
     mapper(dbSession).insert(dto);
   }
 
+  private static void ensureComponentPermissionConsistency(DbSession dbSession, UserPermissionDto dto) {
+    if (dto.getComponentId() == null) {
+      return;
+    }
+    ComponentMapper componentMapper = dbSession.getMapper(ComponentMapper.class);
+    checkArgument(
+      componentMapper.countComponentByOrganizationAndId(dto.getOrganizationUuid(), dto.getComponentId()) == 1,
+      "Can't insert permission '%s' for component with id '%s' in organization with uuid '%s' because this component does not belong to organization with uuid '%s'",
+      dto.getPermission(), dto.getComponentId(), dto.getOrganizationUuid(), dto.getOrganizationUuid());
+  }
+
   /**
    * Removes a single global permission from user
    */
diff --git a/sonar-db/src/main/java/org/sonar/db/user/GroupMapper.java b/sonar-db/src/main/java/org/sonar/db/user/GroupMapper.java
index cbb3e0dff7c..8066482bb79 100644
--- a/sonar-db/src/main/java/org/sonar/db/user/GroupMapper.java
+++ b/sonar-db/src/main/java/org/sonar/db/user/GroupMapper.java
@@ -42,6 +42,13 @@ public interface GroupMapper {
 
   int countByQuery(@Param("organizationUuid") String organizationUuid, @Nullable @Param("query") String query);
 
+  /**
+   * Counts the number of groups with the specified id belonging to the specified organization.
+   *
+   * @return 1 or 0. Either because the organization uuid is not the one of the group or because the group does not exist
+   */
+  int countGroupByOrganizationAndId(@Param("organizationUuid") String organizationUuid, @Param("groupId") long groupId);
+
   void deleteById(long groupId);
 
   void deleteByOrganization(@Param("organizationUuid") String organizationUuid);
diff --git a/sonar-db/src/main/resources/org/sonar/db/component/ComponentMapper.xml b/sonar-db/src/main/resources/org/sonar/db/component/ComponentMapper.xml
index 0607cbce185..c6614dd1d44 100644
--- a/sonar-db/src/main/resources/org/sonar/db/component/ComponentMapper.xml
+++ b/sonar-db/src/main/resources/org/sonar/db/component/ComponentMapper.xml
@@ -225,6 +225,15 @@
       </foreach>
   </select>
 
+  <select id="countComponentByOrganizationAndId" resultType="int">
+    select
+      count(1)
+    from projects p
+    where
+      p.organization_uuid = #{organizationUuid,jdbcType=VARCHAR}
+      and p.id = #{componentId,jdbcType=BIGINT}
+  </select>
+
   <select id="selectByQuery" resultType="Component">
     select
       <include refid="componentColumns"/>
diff --git a/sonar-db/src/main/resources/org/sonar/db/user/GroupMapper.xml b/sonar-db/src/main/resources/org/sonar/db/user/GroupMapper.xml
index bc74e334d7e..39b0193fc31 100644
--- a/sonar-db/src/main/resources/org/sonar/db/user/GroupMapper.xml
+++ b/sonar-db/src/main/resources/org/sonar/db/user/GroupMapper.xml
@@ -120,6 +120,15 @@
     </if>
   </select>
 
+  <select id="countGroupByOrganizationAndId" parameterType="map" resultType="int">
+    select
+      count(1)
+    from groups g
+    where
+      g.organization_uuid = #{organizationUuid,jdbcType=VARCHAR}
+      and g.id = #{groupId,jdbcType=BIGINT}
+  </select>
+
   <select id="selectByOrganizationUuid" parameterType="map" resultType="Group">
     select
     <include refid="groupColumns"/>