diff options
| author | Julien Lancelot <julien.lancelot@sonarsource.com> | 2016-04-27 16:46:26 +0200 |
|---|---|---|
| committer | Julien Lancelot <julien.lancelot@sonarsource.com> | 2016-04-27 16:46:26 +0200 |
| commit | d8edefbdfc628e02203bd7e8c7e7966a0f8080be (patch) | |
| tree | 8a17ad805a40045f82e98d408fafe690041fa952 /sonar-db | |
| parent | c2c3d94965b6c4a086a6751b8252511bff32eb4f (diff) | |
| download | sonarqube-d8edefbdfc628e02203bd7e8c7e7966a0f8080be.tar.gz sonarqube-d8edefbdfc628e02203bd7e8c7e7966a0f8080be.zip | |
Fix query to keep authorized users for a project and a role
The query were returning every users that have the permission from a group, without taking into account given users
Diffstat (limited to 'sonar-db')
| -rw-r--r-- | sonar-db/src/main/resources/org/sonar/db/user/AuthorizationMapper.xml | 4 | ||||
| -rw-r--r-- | sonar-db/src/test/java/org/sonar/db/user/AuthorizationDaoTest.java | 7 |
2 files changed, 8 insertions, 3 deletions
diff --git a/sonar-db/src/main/resources/org/sonar/db/user/AuthorizationMapper.xml b/sonar-db/src/main/resources/org/sonar/db/user/AuthorizationMapper.xml index 8ddb1e09b2c..12bef99c2fd 100644 --- a/sonar-db/src/main/resources/org/sonar/db/user/AuthorizationMapper.xml +++ b/sonar-db/src/main/resources/org/sonar/db/user/AuthorizationMapper.xml @@ -214,12 +214,10 @@ WHERE gr.resource_id=#{componentId} AND gr.role=#{role} - AND (gr.group_id IS NULL OR gr.group_id IN ( - select gu.group_id from groups_users gu where gu.user_id in + AND gu.user_id in <foreach collection="userIds" open="(" close=")" item="id" separator=","> #{id} </foreach> - )) UNION SELECT ur.user_id FROM user_roles ur diff --git a/sonar-db/src/test/java/org/sonar/db/user/AuthorizationDaoTest.java b/sonar-db/src/test/java/org/sonar/db/user/AuthorizationDaoTest.java index ed1a5747d14..53c43c9be32 100644 --- a/sonar-db/src/test/java/org/sonar/db/user/AuthorizationDaoTest.java +++ b/sonar-db/src/test/java/org/sonar/db/user/AuthorizationDaoTest.java @@ -290,6 +290,10 @@ public class AuthorizationDaoTest { // Only 100 and 101 has 'user' role on project newHashSet(100L, 101L, 102L), "user", PROJECT_ID)).containsOnly(100L, 101L); + assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), + // Only 100 and 101 has 'user' role on project + newHashSet(100L), "user", PROJECT_ID)).containsOnly(100L); + // user does not have the role "admin" assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), newHashSet(100L), "admin", PROJECT_ID)).isEmpty(); @@ -305,6 +309,9 @@ public class AuthorizationDaoTest { // Only 100 and 101 has 'user' role on project newHashSet(100L, 101L, 102L), "user", PROJECT_ID)).containsOnly(100L, 101L); + assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), + newHashSet(100L), "user", PROJECT_ID)).containsOnly(100L); + // user does not have the role "admin" assertThat(authorization.keepAuthorizedUsersForRoleAndProject(dbTester.getSession(), newHashSet(100L), "admin", PROJECT_ID)).isEmpty(); |