aboutsummaryrefslogtreecommitdiffstats
path: root/sonar-core/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'sonar-core/src/main')
-rw-r--r--sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java157
-rw-r--r--sonar-core/src/main/java/org/sonar/core/permission/package-info.java24
-rw-r--r--sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java94
3 files changed, 200 insertions, 75 deletions
diff --git a/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java b/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java
new file mode 100644
index 00000000000..7d73036c689
--- /dev/null
+++ b/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java
@@ -0,0 +1,157 @@
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.sonar.core.permission;
+
+import org.apache.ibatis.session.SqlSession;
+import org.sonar.api.ServerExtension;
+import org.sonar.api.security.DefaultGroups;
+import org.sonar.api.task.TaskExtension;
+import org.sonar.core.persistence.MyBatis;
+import org.sonar.core.user.*;
+
+import java.util.List;
+
+/**
+ * Internal use only
+ * @since 3.7
+ *
+ * This facade wraps all the db operations related to component-based permissions
+ */
+public class ComponentPermissionFacade implements TaskExtension, ServerExtension {
+
+ private final MyBatis myBatis;
+ private final RoleDao roleDao;
+ private final UserDao userDao;
+ private final PermissionDao permissionDao;
+
+ public ComponentPermissionFacade(MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionDao permissionDao) {
+ this.myBatis = myBatis;
+ this.roleDao = roleDao;
+ this.userDao = userDao;
+ this.permissionDao = permissionDao;
+ }
+
+ public void setUserPermission(Long resourceId, String userLogin, String permission) {
+ SqlSession session = myBatis.openSession();
+ try {
+ UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(userLogin);
+ if (user != null) {
+ UserRoleDto userRole = new UserRoleDto()
+ .setRole(permission)
+ .setUserId(user.getId())
+ .setResourceId(Long.valueOf(resourceId));
+ roleDao.deleteUserRole(userRole, session);
+ roleDao.insertUserRole(userRole, session);
+ session.commit();
+ }
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ public void setGroupPermission(Long resourceId, String groupName, String permission) {
+ SqlSession session = myBatis.openSession();
+ try {
+ GroupRoleDto groupRole = new GroupRoleDto()
+ .setRole(permission)
+ .setResourceId(Long.valueOf(resourceId));
+ if (DefaultGroups.isAnyone(groupName)) {
+ roleDao.deleteGroupRole(groupRole, session);
+ roleDao.insertGroupRole(groupRole, session);
+ session.commit();
+ } else {
+ GroupDto group = userDao.selectGroupByName(groupName, session);
+ if (group != null) {
+ groupRole.setGroupId(group.getId());
+ roleDao.deleteGroupRole(groupRole, session);
+ roleDao.insertGroupRole(groupRole, session);
+ session.commit();
+ }
+ }
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+
+ public int countPermissions(Long resourceId) {
+ return roleDao.countGroupRoles(resourceId) + roleDao.countUserRoles(resourceId);
+ }
+
+ public void removeAllPermissions(Long resourceId, SqlSession session) {
+ roleDao.deleteGroupRolesByResourceId(resourceId, session);
+ roleDao.deleteUserRolesByResourceId(resourceId, session);
+ }
+
+ public void addUserPermission(Long resourceId, String userLogin, String permission, SqlSession session) {
+ UserDto user = userDao.selectActiveUserByLogin(userLogin, session);
+ if (user != null) {
+ UserRoleDto userRoleDto = new UserRoleDto().setRole(permission).setUserId(user.getId()).setResourceId(resourceId);
+ roleDao.insertUserRole(userRoleDto, session);
+ }
+ }
+
+ public void addGroupPermission(Long resourceId, String groupName, String permission, SqlSession session) {
+ GroupRoleDto groupRole = new GroupRoleDto().setRole(permission).setResourceId(resourceId);
+ if (DefaultGroups.isAnyone(groupName)) {
+ roleDao.insertGroupRole(groupRole, session);
+ } else {
+ GroupDto group = userDao.selectGroupByName(groupName, session);
+ if (group != null) {
+ roleDao.insertGroupRole(groupRole.setGroupId(group.getId()), session);
+ }
+ }
+ }
+
+ public PermissionTemplateDto getPermissionTemplate(Long templateId) {
+ PermissionTemplateDto permissionTemplateDto = permissionDao.selectTemplateById(templateId);
+ if(permissionTemplateDto == null) {
+ throw new IllegalArgumentException("Could not retrieve permission template with id " + templateId);
+ }
+ PermissionTemplateDto templateWithPermissions = permissionDao.selectPermissionTemplate(permissionTemplateDto.getName());
+ if(templateWithPermissions == null) {
+ throw new IllegalArgumentException("Could not retrieve permissions for template with id " + templateId);
+ }
+ return templateWithPermissions;
+ }
+
+ public void applyPermissionTemplate(Long templateId, Long resourceId) {
+ SqlSession session = myBatis.openSession();
+ try {
+ PermissionTemplateDto permissionTemplate = getPermissionTemplate(templateId);
+ List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions();
+ if(usersPermissions != null) {
+ for (PermissionTemplateUserDto userPermission : usersPermissions) {
+ addUserPermission(resourceId, userPermission.getUserLogin(), userPermission.getPermission(), session);
+
+ }
+ }
+ List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions();
+ if(groupsPermissions != null) {
+ for (PermissionTemplateGroupDto groupPermission : groupsPermissions) {
+ addGroupPermission(resourceId, groupPermission.getGroupName(), groupPermission.getPermission(), session);
+ }
+ }
+ session.commit();
+ } finally {
+ MyBatis.closeQuietly(session);
+ }
+ }
+}
diff --git a/sonar-core/src/main/java/org/sonar/core/permission/package-info.java b/sonar-core/src/main/java/org/sonar/core/permission/package-info.java
new file mode 100644
index 00000000000..78344ab013d
--- /dev/null
+++ b/sonar-core/src/main/java/org/sonar/core/permission/package-info.java
@@ -0,0 +1,24 @@
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2013 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+@ParametersAreNonnullByDefault
+package org.sonar.core.permission;
+
+import javax.annotation.ParametersAreNonnullByDefault; \ No newline at end of file
diff --git a/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java b/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java
index eb8febb0fc5..cdaf5b445fb 100644
--- a/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java
+++ b/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java
@@ -28,8 +28,11 @@ import org.sonar.api.security.DefaultGroups;
import org.sonar.api.security.ResourcePermissions;
import org.sonar.api.task.TaskExtension;
import org.sonar.api.web.UserRole;
+import org.sonar.core.permission.ComponentPermissionFacade;
import org.sonar.core.persistence.MyBatis;
-import org.sonar.core.user.*;
+import org.sonar.core.user.PermissionTemplateDto;
+import org.sonar.core.user.PermissionTemplateGroupDto;
+import org.sonar.core.user.PermissionTemplateUserDto;
import java.util.ArrayList;
import java.util.List;
@@ -41,69 +44,31 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte
private final Settings settings;
private final MyBatis myBatis;
- private final RoleDao roleDao;
- private final UserDao userDao;
- private final PermissionDao permissionDao;
+ private final ComponentPermissionFacade permissionFacade;
- public DefaultResourcePermissions(Settings settings, MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionDao permissionDao) {
+ public DefaultResourcePermissions(Settings settings, MyBatis myBatis, ComponentPermissionFacade permissionFacade) {
this.settings = settings;
this.myBatis = myBatis;
- this.roleDao = roleDao;
- this.userDao = userDao;
- this.permissionDao = permissionDao;
+ this.permissionFacade = permissionFacade;
}
public boolean hasRoles(Resource resource) {
if (resource.getId() != null) {
Long resourceId = Long.valueOf(resource.getId());
- return roleDao.countGroupRoles(resourceId) + roleDao.countUserRoles(resourceId) > 0;
+ return permissionFacade.countPermissions(resourceId) > 0;
}
return false;
}
public void grantUserRole(Resource resource, String login, String role) {
if (resource.getId() != null) {
- SqlSession session = myBatis.openSession();
- try {
- UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(login);
- if (user != null) {
- UserRoleDto userRole = new UserRoleDto()
- .setRole(role)
- .setUserId(user.getId())
- .setResourceId(Long.valueOf(resource.getId()));
- roleDao.deleteUserRole(userRole, session);
- roleDao.insertUserRole(userRole, session);
- session.commit();
- }
- } finally {
- MyBatis.closeQuietly(session);
- }
+ permissionFacade.setUserPermission(Long.valueOf(resource.getId()), login, role);
}
}
public void grantGroupRole(Resource resource, String groupName, String role) {
if (resource.getId() != null) {
- SqlSession session = myBatis.openSession();
- try {
- GroupRoleDto groupRole = new GroupRoleDto()
- .setRole(role)
- .setResourceId(Long.valueOf(resource.getId()));
- if (DefaultGroups.isAnyone(groupName)) {
- roleDao.deleteGroupRole(groupRole, session);
- roleDao.insertGroupRole(groupRole, session);
- session.commit();
- } else {
- GroupDto group = userDao.selectGroupByName(groupName, session);
- if (group != null) {
- groupRole.setGroupId(group.getId());
- roleDao.deleteGroupRole(groupRole, session);
- roleDao.insertGroupRole(groupRole, session);
- session.commit();
- }
- }
- } finally {
- MyBatis.closeQuietly(session);
- }
+ permissionFacade.setGroupPermission(Long.valueOf(resource.getId()), groupName, role);
}
}
@@ -124,8 +89,7 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte
private void removeRoles(Resource resource, SqlSession session) {
Long resourceId = Long.valueOf(resource.getId());
- roleDao.deleteGroupRolesByResourceId(resourceId, session);
- roleDao.deleteUserRolesByResourceId(resourceId, session);
+ permissionFacade.removeAllPermissions(resourceId, session);
}
private void grantDefaultRoles(Resource resource, String role, SqlSession session) {
@@ -133,24 +97,14 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte
List<String> groupNames = getEligibleGroups(role, applicablePermissionTemplate);
for (String groupName : groupNames) {
- GroupRoleDto groupRole = new GroupRoleDto().setRole(role).setResourceId(Long.valueOf(resource.getId()));
- if (DefaultGroups.isAnyone(groupName)) {
- roleDao.insertGroupRole(groupRole, session);
- } else {
- GroupDto group = userDao.selectGroupByName(groupName, session);
- if (group != null) {
- roleDao.insertGroupRole(groupRole.setGroupId(group.getId()), session);
- }
- }
+ Long resourceId = Long.valueOf(resource.getId());
+ permissionFacade.addGroupPermission(resourceId, groupName, role, session);
}
List<String> logins = getEligibleUsers(role, applicablePermissionTemplate);
for (String login : logins) {
- UserDto user = userDao.selectActiveUserByLogin(login, session);
- if (user != null) {
- UserRoleDto userRoleDto = new UserRoleDto().setRole(role).setUserId(user.getId()).setResourceId(Long.valueOf(resource.getId()));
- roleDao.insertUserRole(userRoleDto, session);
- }
+ Long resourceId = Long.valueOf(resource.getId());
+ permissionFacade.addUserPermission(resourceId, login, role, session);
}
}
@@ -184,25 +138,15 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte
private PermissionTemplateDto getPermissionTemplate(String qualifier) {
String qualifierTemplateId = settings.getString("sonar.permission.template." + qualifier + ".default");
if(!StringUtils.isBlank(qualifierTemplateId)) {
- return getTemplateWithPermissions(qualifierTemplateId);
+ Long templateId = Long.parseLong(qualifierTemplateId);
+ return permissionFacade.getPermissionTemplate(templateId);
}
String defaultTemplateId = settings.getString("sonar.permission.template.default");
if(StringUtils.isBlank(defaultTemplateId)) {
throw new IllegalStateException("At least one default permission template should be defined");
}
- return getTemplateWithPermissions(defaultTemplateId);
- }
-
- private PermissionTemplateDto getTemplateWithPermissions(String templateId) {
- PermissionTemplateDto permissionTemplateDto = permissionDao.selectTemplateById(Long.parseLong(templateId));
- if(permissionTemplateDto == null) {
- throw new IllegalArgumentException("Could not retrieve permission template with id " + templateId);
- }
- PermissionTemplateDto templateWithPermissions = permissionDao.selectPermissionTemplate(permissionTemplateDto.getName());
- if(templateWithPermissions == null) {
- throw new IllegalArgumentException("Could not retrieve permissions for template with id " + templateId);
- }
- return templateWithPermissions;
+ Long templateId = Long.parseLong(defaultTemplateId);
+ return permissionFacade.getPermissionTemplate(templateId);
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 20:14:36 +0000