SONAR-7027 Rename grantDefaultRoles to applyDefaultPermissionTemplate

Also accept ComponentDto as parameter

4 files changed, 155 insertions, 37 deletions

diff --git a/sonar-db/src/main/java/org/sonar/db/permission/PermissionRepository.java b/sonar-db/src/main/java/org/sonar/db/permission/PermissionRepository.java
index 9986a04ce81..14067392513 100644
--- a/sonar-db/src/main/java/org/sonar/db/permission/PermissionRepository.java
+++ b/sonar-db/src/main/java/org/sonar/db/permission/PermissionRepository.java
@@ -31,7 +31,7 @@ import org.sonar.api.security.DefaultGroups;
 import org.sonar.api.server.ServerSide;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
-import org.sonar.db.component.ResourceDto;
+import org.sonar.db.component.ComponentDto;
 import org.sonar.db.user.GroupDto;
 import org.sonar.db.user.GroupRoleDto;
 import org.sonar.db.user.UserRoleDto;
@@ -41,7 +41,7 @@ import org.sonar.db.user.UserRoleDto;
  * <p/>
  * Should be removed when batch will no more create permission, and be replaced by a new PermissionService in module server (probably be a merge with InternalPermissionService)
  * <p/>
- * WARNING, this class is called by Views to apply default permission template on new views
+ * WARNING, this class is called by Deveveloper Cockpit to apply default permission template on new developers
  */
 @ServerSide
 public class PermissionRepository {
@@ -81,12 +81,17 @@ public class PermissionRepository {
     dbClient.roleDao().deleteUserRole(userRoleDto, session);
   }
 
+  /**
+   * @param updateProjectAuthorizationDate is false when doing bulk action in order to not update the same project multiple times for nothing
+   */
   private void insertGroupPermission(@Nullable Long resourceId, @Nullable Long groupId, String permission, boolean updateProjectAuthorizationDate, DbSession session) {
     GroupRoleDto groupRole = new GroupRoleDto()
       .setRole(permission)
       .setGroupId(groupId)
       .setResourceId(resourceId);
-    updateProjectAuthorizationDate(session, resourceId);
+    if (updateProjectAuthorizationDate) {
+      updateProjectAuthorizationDate(session, resourceId);
+    }
     dbClient.roleDao().insertGroupRole(session, groupRole);
   }
 
@@ -155,10 +160,17 @@ public class PermissionRepository {
     }
   }
 
-  public void grantDefaultRoles(DbSession session, long componentId, String qualifier) {
-    ResourceDto resource = dbClient.resourceDao().selectResource(componentId, session);
-    String applicablePermissionTemplateKey = getApplicablePermissionTemplateKey(session, resource.getKey(), qualifier);
-    applyPermissionTemplate(session, applicablePermissionTemplateKey, componentId);
+  /**
+   * Warning, this method is also used by the Developer Cockpit plugin
+   */
+  public void applyDefaultPermissionTemplate(DbSession session, long componentId) {
+    ComponentDto component = dbClient.componentDao().selectOrFailById(session, componentId);
+    applyDefaultPermissionTemplate(session, component);
+  }
+
+  public void applyDefaultPermissionTemplate(DbSession session, ComponentDto componentDto) {
+    String applicablePermissionTemplateKey = getApplicablePermissionTemplateKey(session, componentDto.getKey(), componentDto.qualifier());
+    applyPermissionTemplate(session, applicablePermissionTemplateKey, componentDto.getId());
   }
 
   /**
diff --git a/sonar-db/src/test/java/org/sonar/db/permission/PermissionRepositoryTest.java b/sonar-db/src/test/java/org/sonar/db/permission/PermissionRepositoryTest.java
index d402a664ae4..9458bf96e4f 100644
--- a/sonar-db/src/test/java/org/sonar/db/permission/PermissionRepositoryTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/permission/PermissionRepositoryTest.java
@@ -28,6 +28,7 @@ import org.junit.rules.ExpectedException;
 import org.sonar.api.config.Settings;
 import org.sonar.api.utils.System2;
 import org.sonar.api.web.UserRole;
+import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.user.RoleDao;
 import org.sonar.test.DbTests;
@@ -39,6 +40,10 @@ import static org.mockito.Mockito.when;
 @Category(DbTests.class)
 public class PermissionRepositoryTest {
 
+  static final String DEFAULT_TEMPLATE = "default_20130101_010203";
+  static final long PROJECT_ID = 123L;
+  static final long NOW = 123456789L;
+
   @Rule
   public ExpectedException throwable = ExpectedException.none();
 
@@ -46,77 +51,102 @@ public class PermissionRepositoryTest {
 
   @Rule
   public DbTester dbTester = DbTester.create(system2);
+  DbSession session = dbTester.getSession();
 
-  PermissionRepository underTest;
+  Settings settings = new Settings();
+  PermissionRepository underTest = new PermissionRepository(dbTester.getDbClient(), settings);
 
   @Before
   public void setUp() {
-    when(system2.now()).thenReturn(123456789L);
-
-    Settings settings = new Settings();
-    underTest = new PermissionRepository(dbTester.getDbClient(), settings);
+    when(system2.now()).thenReturn(NOW);
   }
 
   @Test
-  public void should_apply_permission_template() {
+  public void apply_permission_template() {
     dbTester.prepareDbUnit(getClass(), "should_apply_permission_template.xml");
 
     RoleDao roleDao = dbTester.getDbClient().roleDao();
-    assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "sonar-administrators", 123L)).isEmpty();
-    assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "sonar-users", 123L)).isEmpty();
-    assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "Anyone", 123L)).isEmpty();
-    assertThat(roleDao.selectUserPermissions(dbTester.getSession(), "marius", 123L)).isEmpty();
+    assertThat(roleDao.selectGroupPermissions(session, "sonar-administrators", PROJECT_ID)).isEmpty();
+    assertThat(roleDao.selectGroupPermissions(session, "sonar-users", PROJECT_ID)).isEmpty();
+    assertThat(roleDao.selectGroupPermissions(session, "Anyone", PROJECT_ID)).isEmpty();
+    assertThat(roleDao.selectUserPermissions(session, "marius", PROJECT_ID)).isEmpty();
+
+    underTest.applyPermissionTemplate(session, "default_20130101_010203", PROJECT_ID);
+
+    assertThat(roleDao.selectGroupPermissions(session, "sonar-administrators", PROJECT_ID)).containsOnly("admin", "issueadmin");
+    assertThat(roleDao.selectGroupPermissions(session, "sonar-users", PROJECT_ID)).containsOnly("user", "codeviewer");
+    assertThat(roleDao.selectGroupPermissions(session, "Anyone", PROJECT_ID)).containsOnly("user", "codeviewer");
+
+    assertThat(roleDao.selectUserPermissions(session, "marius", PROJECT_ID)).containsOnly("admin");
+
+    checkAuthorizationUpdatedAtIsUpdated();
+  }
+
+  @Test
+  public void apply_default_permission_template_from_component_id() {
+    dbTester.prepareDbUnit(getClass(), "apply_default_permission_template.xml");
+    settings.setProperty("sonar.permission.template.default", DEFAULT_TEMPLATE);
 
-    underTest.applyPermissionTemplate(dbTester.getSession(), "default_20130101_010203", 123L);
+    underTest.applyDefaultPermissionTemplate(session, PROJECT_ID);
+    session.commit();
 
-    assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "sonar-administrators", 123L)).containsOnly("admin", "issueadmin");
-    assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "sonar-users", 123L)).containsOnly("user", "codeviewer");
-    assertThat(roleDao.selectGroupPermissions(dbTester.getSession(), "Anyone", 123L)).containsOnly("user", "codeviewer");
+    dbTester.assertDbUnitTable(getClass(), "apply_default_permission_template-result.xml", "user_roles", "user_id", "resource_id", "role");
+  }
+
+  @Test
+  public void apply_default_permission_template_from_component() {
+    dbTester.prepareDbUnit(getClass(), "apply_default_permission_template.xml");
+    settings.setProperty("sonar.permission.template.default", DEFAULT_TEMPLATE);
 
-    assertThat(roleDao.selectUserPermissions(dbTester.getSession(), "marius", 123L)).containsOnly("admin");
+    underTest.applyDefaultPermissionTemplate(session, dbTester.getDbClient().componentDao().selectOrFailByKey(session, "org.struts:struts"));
+    session.commit();
 
-    assertThat(dbTester.getDbClient().resourceDao().selectResource(123L, dbTester.getSession()).getAuthorizationUpdatedAt()).isEqualTo(123456789L);
+    dbTester.assertDbUnitTable(getClass(), "apply_default_permission_template-result.xml", "user_roles", "user_id", "resource_id", "role");
   }
 
   @Test
   public void should_add_user_permission() {
     dbTester.prepareDbUnit(getClass(), "should_add_user_permission.xml");
 
-    underTest.insertUserPermission(123L, 200L, UserRole.ADMIN, dbTester.getSession());
-    dbTester.getSession().commit();
+    underTest.insertUserPermission(PROJECT_ID, 200L, UserRole.ADMIN, session);
+    session.commit();
 
     dbTester.assertDbUnitTable(getClass(), "should_add_user_permission-result.xml", "user_roles", "user_id", "resource_id", "role");
     dbTester.assertDbUnitTable(getClass(), "should_add_user_permission-result.xml", "projects", "authorization_updated_at");
+
+    checkAuthorizationUpdatedAtIsUpdated();
   }
 
   @Test
   public void should_delete_user_permission() {
     dbTester.prepareDbUnit(getClass(), "should_delete_user_permission.xml");
 
-    underTest.deleteUserPermission(123L, 200L, UserRole.ADMIN, dbTester.getSession());
-    dbTester.getSession().commit();
+    underTest.deleteUserPermission(PROJECT_ID, 200L, UserRole.ADMIN, session);
+    session.commit();
 
     dbTester.assertDbUnitTable(getClass(), "should_delete_user_permission-result.xml", "user_roles", "user_id", "resource_id", "role");
     dbTester.assertDbUnitTable(getClass(), "should_delete_user_permission-result.xml", "projects", "authorization_updated_at");
+    checkAuthorizationUpdatedAtIsUpdated();
   }
 
   @Test
   public void should_insert_group_permission() {
     dbTester.prepareDbUnit(getClass(), "should_insert_group_permission.xml");
 
-    underTest.insertGroupPermission(123L, 100L, UserRole.USER, dbTester.getSession());
-    dbTester.getSession().commit();
+    underTest.insertGroupPermission(PROJECT_ID, 100L, UserRole.USER, session);
+    session.commit();
 
     dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
     dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "projects", "authorization_updated_at");
+    checkAuthorizationUpdatedAtIsUpdated();
   }
 
   @Test
   public void should_insert_group_name_permission() {
     dbTester.prepareDbUnit(getClass(), "should_insert_group_permission.xml");
 
-    underTest.insertGroupPermission(123L, "devs", UserRole.USER, dbTester.getSession());
-    dbTester.getSession().commit();
+    underTest.insertGroupPermission(PROJECT_ID, "devs", UserRole.USER, session);
+    session.commit();
 
     dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
     dbTester.assertDbUnitTable(getClass(), "should_insert_group_permission-result.xml", "projects", "authorization_updated_at");
@@ -126,8 +156,8 @@ public class PermissionRepositoryTest {
   public void should_insert_anyone_group_permission() {
     dbTester.prepareDbUnit(getClass(), "should_insert_anyone_group_permission.xml");
 
-    underTest.insertGroupPermission(123L, "Anyone", UserRole.USER, dbTester.getSession());
-    dbTester.getSession().commit();
+    underTest.insertGroupPermission(PROJECT_ID, "Anyone", UserRole.USER, session);
+    session.commit();
 
     dbTester.assertDbUnitTable(getClass(), "should_insert_anyone_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
     dbTester.assertDbUnitTable(getClass(), "should_insert_anyone_group_permission-result.xml", "projects", "authorization_updated_at");
@@ -137,21 +167,31 @@ public class PermissionRepositoryTest {
   public void should_delete_group_permission() {
     dbTester.prepareDbUnit(getClass(), "should_delete_group_permission.xml");
 
-    underTest.deleteGroupPermission(123L, 100L, UserRole.USER, dbTester.getSession());
-    dbTester.getSession().commit();
+    underTest.deleteGroupPermission(PROJECT_ID, 100L, UserRole.USER, session);
+    session.commit();
 
     dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
     dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "projects", "authorization_updated_at");
+    checkAuthorizationUpdatedAtIsUpdated();
   }
 
   @Test
   public void should_delete_group_name_permission() {
     dbTester.prepareDbUnit(getClass(), "should_delete_group_permission.xml");
 
-    underTest.deleteGroupPermission(123L, "devs", UserRole.USER, dbTester.getSession());
-    dbTester.getSession().commit();
+    underTest.deleteGroupPermission(PROJECT_ID, "devs", UserRole.USER, session);
+    session.commit();
 
     dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "group_roles", "group_id", "resource_id", "role");
     dbTester.assertDbUnitTable(getClass(), "should_delete_group_permission-result.xml", "projects", "authorization_updated_at");
   }
+
+  private void checkAuthorizationUpdatedAtIsUpdated() {
+    assertThat(dbTester.getDbClient().resourceDao().selectResource(PROJECT_ID, session).getAuthorizationUpdatedAt()).isEqualTo(NOW);
+  }
+
+  private void checkAuthorizationUpdatedAtIsNotUpdated() {
+    assertThat(dbTester.getDbClient().resourceDao().selectResource(PROJECT_ID, session).getAuthorizationUpdatedAt()).isNull();
+  }
+
 }
diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template-result.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template-result.xml
new file mode 100644
index 00000000000..b70b4ac31a0
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template-result.xml
@@ -0,0 +1,36 @@
+<dataset>
+
+  <groups id="100" name="sonar-administrators"/>
+  <groups id="101" name="sonar-users"/>
+
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+
+  <!-- on other resources -->
+  <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+  <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+  <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+  <!-- new groups permissions : sonar-administrators (admin), sonar-users (user & codeviewer), Anyone (user & codeviewer) -->
+  <group_roles id="3" group_id="100" resource_id="123" role="admin"/>
+  <group_roles id="4" group_id="101" resource_id="123" role="user"/>
+  <group_roles id="5" group_id="[null]" resource_id="123" role="user"/>
+  <group_roles id="6" group_id="101" resource_id="123" role="codeviewer"/>
+  <group_roles id="7" group_id="[null]" resource_id="123" role="codeviewer"/>
+  <group_roles id="8" group_id="100" resource_id="123" role="issueadmin"/>
+
+  <!-- new user permission : marius (admin) -->
+  <user_roles id="2" user_id="200" resource_id="123" role="admin"/>
+
+  <!-- default permission template for all qualifiers -->
+  <permission_templates id="1" name="default" kee="default_20130101_010203"/>
+
+  <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
+  <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
+  <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
+  <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
+  <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
+  <perm_templates_groups id="6" template_id="1" group_id="100" permission_reference="issueadmin"/>
+
+  <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
+
+</dataset>
diff --git a/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template.xml b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template.xml
new file mode 100644
index 00000000000..f990d2158f9
--- /dev/null
+++ b/sonar-db/src/test/resources/org/sonar/db/permission/PermissionRepositoryTest/apply_default_permission_template.xml
@@ -0,0 +1,30 @@
+<dataset>
+
+  <projects id="123" root_id="[null]" scope="PRJ" qualifier="TRK" kee="org.struts:struts" name="Struts"
+            description="the description" long_name="Apache Struts"
+            enabled="[true]" language="java" copy_resource_id="[null]" person_id="[null]" path="[null]"
+            authorization_updated_at="123456789"/>
+
+  <groups id="100" name="sonar-administrators"/>
+  <groups id="101" name="sonar-users"/>
+
+  <users id="200" login="marius" name="Marius" email="[null]" active="[true]"/>
+
+  <!-- on other resources -->
+  <group_roles id="1" group_id="100" resource_id="1" role="admin"/>
+  <group_roles id="2" group_id="101" resource_id="1" role="user"/>
+  <user_roles id="1" user_id="200" resource_id="1" role="admin"/>
+
+  <!-- default permission template for all qualifiers -->
+  <permission_templates id="1" name="default" kee="default_20130101_010203"/>
+
+  <perm_templates_groups id="1" template_id="1" group_id="100" permission_reference="admin"/>
+  <perm_templates_groups id="2" template_id="1" group_id="101" permission_reference="user"/>
+  <perm_templates_groups id="3" template_id="1" group_id="[null]" permission_reference="user"/>
+  <perm_templates_groups id="4" template_id="1" group_id="101" permission_reference="codeviewer"/>
+  <perm_templates_groups id="5" template_id="1" group_id="[null]" permission_reference="codeviewer"/>
+  <perm_templates_groups id="6" template_id="1" group_id="100" permission_reference="issueadmin"/>
+
+  <perm_templates_users id="1" template_id="1" user_id="200" permission_reference="admin"/>
+
+</dataset>