diff options
Diffstat (limited to 'sonar-core')
5 files changed, 227 insertions, 76 deletions
diff --git a/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java b/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java new file mode 100644 index 00000000000..7d73036c689 --- /dev/null +++ b/sonar-core/src/main/java/org/sonar/core/permission/ComponentPermissionFacade.java @@ -0,0 +1,157 @@ +/* + * SonarQube, open source software quality management tool. + * Copyright (C) 2008-2013 SonarSource + * mailto:contact AT sonarsource DOT com + * + * SonarQube is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * SonarQube is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +package org.sonar.core.permission; + +import org.apache.ibatis.session.SqlSession; +import org.sonar.api.ServerExtension; +import org.sonar.api.security.DefaultGroups; +import org.sonar.api.task.TaskExtension; +import org.sonar.core.persistence.MyBatis; +import org.sonar.core.user.*; + +import java.util.List; + +/** + * Internal use only + * @since 3.7 + * + * This facade wraps all the db operations related to component-based permissions + */ +public class ComponentPermissionFacade implements TaskExtension, ServerExtension { + + private final MyBatis myBatis; + private final RoleDao roleDao; + private final UserDao userDao; + private final PermissionDao permissionDao; + + public ComponentPermissionFacade(MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionDao permissionDao) { + this.myBatis = myBatis; + this.roleDao = roleDao; + this.userDao = userDao; + this.permissionDao = permissionDao; + } + + public void setUserPermission(Long resourceId, String userLogin, String permission) { + SqlSession session = myBatis.openSession(); + try { + UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(userLogin); + if (user != null) { + UserRoleDto userRole = new UserRoleDto() + .setRole(permission) + .setUserId(user.getId()) + .setResourceId(Long.valueOf(resourceId)); + roleDao.deleteUserRole(userRole, session); + roleDao.insertUserRole(userRole, session); + session.commit(); + } + } finally { + MyBatis.closeQuietly(session); + } + } + + public void setGroupPermission(Long resourceId, String groupName, String permission) { + SqlSession session = myBatis.openSession(); + try { + GroupRoleDto groupRole = new GroupRoleDto() + .setRole(permission) + .setResourceId(Long.valueOf(resourceId)); + if (DefaultGroups.isAnyone(groupName)) { + roleDao.deleteGroupRole(groupRole, session); + roleDao.insertGroupRole(groupRole, session); + session.commit(); + } else { + GroupDto group = userDao.selectGroupByName(groupName, session); + if (group != null) { + groupRole.setGroupId(group.getId()); + roleDao.deleteGroupRole(groupRole, session); + roleDao.insertGroupRole(groupRole, session); + session.commit(); + } + } + } finally { + MyBatis.closeQuietly(session); + } + } + + public int countPermissions(Long resourceId) { + return roleDao.countGroupRoles(resourceId) + roleDao.countUserRoles(resourceId); + } + + public void removeAllPermissions(Long resourceId, SqlSession session) { + roleDao.deleteGroupRolesByResourceId(resourceId, session); + roleDao.deleteUserRolesByResourceId(resourceId, session); + } + + public void addUserPermission(Long resourceId, String userLogin, String permission, SqlSession session) { + UserDto user = userDao.selectActiveUserByLogin(userLogin, session); + if (user != null) { + UserRoleDto userRoleDto = new UserRoleDto().setRole(permission).setUserId(user.getId()).setResourceId(resourceId); + roleDao.insertUserRole(userRoleDto, session); + } + } + + public void addGroupPermission(Long resourceId, String groupName, String permission, SqlSession session) { + GroupRoleDto groupRole = new GroupRoleDto().setRole(permission).setResourceId(resourceId); + if (DefaultGroups.isAnyone(groupName)) { + roleDao.insertGroupRole(groupRole, session); + } else { + GroupDto group = userDao.selectGroupByName(groupName, session); + if (group != null) { + roleDao.insertGroupRole(groupRole.setGroupId(group.getId()), session); + } + } + } + + public PermissionTemplateDto getPermissionTemplate(Long templateId) { + PermissionTemplateDto permissionTemplateDto = permissionDao.selectTemplateById(templateId); + if(permissionTemplateDto == null) { + throw new IllegalArgumentException("Could not retrieve permission template with id " + templateId); + } + PermissionTemplateDto templateWithPermissions = permissionDao.selectPermissionTemplate(permissionTemplateDto.getName()); + if(templateWithPermissions == null) { + throw new IllegalArgumentException("Could not retrieve permissions for template with id " + templateId); + } + return templateWithPermissions; + } + + public void applyPermissionTemplate(Long templateId, Long resourceId) { + SqlSession session = myBatis.openSession(); + try { + PermissionTemplateDto permissionTemplate = getPermissionTemplate(templateId); + List<PermissionTemplateUserDto> usersPermissions = permissionTemplate.getUsersPermissions(); + if(usersPermissions != null) { + for (PermissionTemplateUserDto userPermission : usersPermissions) { + addUserPermission(resourceId, userPermission.getUserLogin(), userPermission.getPermission(), session); + + } + } + List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplate.getGroupsPermissions(); + if(groupsPermissions != null) { + for (PermissionTemplateGroupDto groupPermission : groupsPermissions) { + addGroupPermission(resourceId, groupPermission.getGroupName(), groupPermission.getPermission(), session); + } + } + session.commit(); + } finally { + MyBatis.closeQuietly(session); + } + } +} diff --git a/sonar-core/src/main/java/org/sonar/core/permission/package-info.java b/sonar-core/src/main/java/org/sonar/core/permission/package-info.java new file mode 100644 index 00000000000..78344ab013d --- /dev/null +++ b/sonar-core/src/main/java/org/sonar/core/permission/package-info.java @@ -0,0 +1,24 @@ +/* + * SonarQube, open source software quality management tool. + * Copyright (C) 2008-2013 SonarSource + * mailto:contact AT sonarsource DOT com + * + * SonarQube is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * SonarQube is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +@ParametersAreNonnullByDefault +package org.sonar.core.permission; + +import javax.annotation.ParametersAreNonnullByDefault;
\ No newline at end of file diff --git a/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java b/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java index eb8febb0fc5..cdaf5b445fb 100644 --- a/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java +++ b/sonar-core/src/main/java/org/sonar/core/resource/DefaultResourcePermissions.java @@ -28,8 +28,11 @@ import org.sonar.api.security.DefaultGroups; import org.sonar.api.security.ResourcePermissions; import org.sonar.api.task.TaskExtension; import org.sonar.api.web.UserRole; +import org.sonar.core.permission.ComponentPermissionFacade; import org.sonar.core.persistence.MyBatis; -import org.sonar.core.user.*; +import org.sonar.core.user.PermissionTemplateDto; +import org.sonar.core.user.PermissionTemplateGroupDto; +import org.sonar.core.user.PermissionTemplateUserDto; import java.util.ArrayList; import java.util.List; @@ -41,69 +44,31 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte private final Settings settings; private final MyBatis myBatis; - private final RoleDao roleDao; - private final UserDao userDao; - private final PermissionDao permissionDao; + private final ComponentPermissionFacade permissionFacade; - public DefaultResourcePermissions(Settings settings, MyBatis myBatis, RoleDao roleDao, UserDao userDao, PermissionDao permissionDao) { + public DefaultResourcePermissions(Settings settings, MyBatis myBatis, ComponentPermissionFacade permissionFacade) { this.settings = settings; this.myBatis = myBatis; - this.roleDao = roleDao; - this.userDao = userDao; - this.permissionDao = permissionDao; + this.permissionFacade = permissionFacade; } public boolean hasRoles(Resource resource) { if (resource.getId() != null) { Long resourceId = Long.valueOf(resource.getId()); - return roleDao.countGroupRoles(resourceId) + roleDao.countUserRoles(resourceId) > 0; + return permissionFacade.countPermissions(resourceId) > 0; } return false; } public void grantUserRole(Resource resource, String login, String role) { if (resource.getId() != null) { - SqlSession session = myBatis.openSession(); - try { - UserDto user = session.getMapper(UserMapper.class).selectUserByLogin(login); - if (user != null) { - UserRoleDto userRole = new UserRoleDto() - .setRole(role) - .setUserId(user.getId()) - .setResourceId(Long.valueOf(resource.getId())); - roleDao.deleteUserRole(userRole, session); - roleDao.insertUserRole(userRole, session); - session.commit(); - } - } finally { - MyBatis.closeQuietly(session); - } + permissionFacade.setUserPermission(Long.valueOf(resource.getId()), login, role); } } public void grantGroupRole(Resource resource, String groupName, String role) { if (resource.getId() != null) { - SqlSession session = myBatis.openSession(); - try { - GroupRoleDto groupRole = new GroupRoleDto() - .setRole(role) - .setResourceId(Long.valueOf(resource.getId())); - if (DefaultGroups.isAnyone(groupName)) { - roleDao.deleteGroupRole(groupRole, session); - roleDao.insertGroupRole(groupRole, session); - session.commit(); - } else { - GroupDto group = userDao.selectGroupByName(groupName, session); - if (group != null) { - groupRole.setGroupId(group.getId()); - roleDao.deleteGroupRole(groupRole, session); - roleDao.insertGroupRole(groupRole, session); - session.commit(); - } - } - } finally { - MyBatis.closeQuietly(session); - } + permissionFacade.setGroupPermission(Long.valueOf(resource.getId()), groupName, role); } } @@ -124,8 +89,7 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte private void removeRoles(Resource resource, SqlSession session) { Long resourceId = Long.valueOf(resource.getId()); - roleDao.deleteGroupRolesByResourceId(resourceId, session); - roleDao.deleteUserRolesByResourceId(resourceId, session); + permissionFacade.removeAllPermissions(resourceId, session); } private void grantDefaultRoles(Resource resource, String role, SqlSession session) { @@ -133,24 +97,14 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte List<String> groupNames = getEligibleGroups(role, applicablePermissionTemplate); for (String groupName : groupNames) { - GroupRoleDto groupRole = new GroupRoleDto().setRole(role).setResourceId(Long.valueOf(resource.getId())); - if (DefaultGroups.isAnyone(groupName)) { - roleDao.insertGroupRole(groupRole, session); - } else { - GroupDto group = userDao.selectGroupByName(groupName, session); - if (group != null) { - roleDao.insertGroupRole(groupRole.setGroupId(group.getId()), session); - } - } + Long resourceId = Long.valueOf(resource.getId()); + permissionFacade.addGroupPermission(resourceId, groupName, role, session); } List<String> logins = getEligibleUsers(role, applicablePermissionTemplate); for (String login : logins) { - UserDto user = userDao.selectActiveUserByLogin(login, session); - if (user != null) { - UserRoleDto userRoleDto = new UserRoleDto().setRole(role).setUserId(user.getId()).setResourceId(Long.valueOf(resource.getId())); - roleDao.insertUserRole(userRoleDto, session); - } + Long resourceId = Long.valueOf(resource.getId()); + permissionFacade.addUserPermission(resourceId, login, role, session); } } @@ -184,25 +138,15 @@ public class DefaultResourcePermissions implements ResourcePermissions, TaskExte private PermissionTemplateDto getPermissionTemplate(String qualifier) { String qualifierTemplateId = settings.getString("sonar.permission.template." + qualifier + ".default"); if(!StringUtils.isBlank(qualifierTemplateId)) { - return getTemplateWithPermissions(qualifierTemplateId); + Long templateId = Long.parseLong(qualifierTemplateId); + return permissionFacade.getPermissionTemplate(templateId); } String defaultTemplateId = settings.getString("sonar.permission.template.default"); if(StringUtils.isBlank(defaultTemplateId)) { throw new IllegalStateException("At least one default permission template should be defined"); } - return getTemplateWithPermissions(defaultTemplateId); - } - - private PermissionTemplateDto getTemplateWithPermissions(String templateId) { - PermissionTemplateDto permissionTemplateDto = permissionDao.selectTemplateById(Long.parseLong(templateId)); - if(permissionTemplateDto == null) { - throw new IllegalArgumentException("Could not retrieve permission template with id " + templateId); - } - PermissionTemplateDto templateWithPermissions = permissionDao.selectPermissionTemplate(permissionTemplateDto.getName()); - if(templateWithPermissions == null) { - throw new IllegalArgumentException("Could not retrieve permissions for template with id " + templateId); - } - return templateWithPermissions; + Long templateId = Long.parseLong(defaultTemplateId); + return permissionFacade.getPermissionTemplate(templateId); } } diff --git a/sonar-core/src/test/java/org/sonar/core/permission/ComponentPermissionFacadeTest.java b/sonar-core/src/test/java/org/sonar/core/permission/ComponentPermissionFacadeTest.java new file mode 100644 index 00000000000..88fca000c36 --- /dev/null +++ b/sonar-core/src/test/java/org/sonar/core/permission/ComponentPermissionFacadeTest.java @@ -0,0 +1,24 @@ +/* + * SonarQube, open source software quality management tool. + * Copyright (C) 2008-2013 SonarSource + * mailto:contact AT sonarsource DOT com + * + * SonarQube is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * SonarQube is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +package org.sonar.core.permission; + +public class ComponentPermissionFacadeTest { +} diff --git a/sonar-core/src/test/java/org/sonar/core/resource/DefaultResourcePermissionsTest.java b/sonar-core/src/test/java/org/sonar/core/resource/DefaultResourcePermissionsTest.java index d3442d46283..5a6fc165002 100644 --- a/sonar-core/src/test/java/org/sonar/core/resource/DefaultResourcePermissionsTest.java +++ b/sonar-core/src/test/java/org/sonar/core/resource/DefaultResourcePermissionsTest.java @@ -27,6 +27,7 @@ import org.sonar.api.config.Settings; import org.sonar.api.resources.Project; import org.sonar.api.resources.Resource; import org.sonar.api.security.DefaultGroups; +import org.sonar.core.permission.ComponentPermissionFacade; import org.sonar.core.persistence.AbstractDaoTestCase; import org.sonar.core.user.PermissionDao; import org.sonar.core.user.RoleDao; @@ -46,8 +47,9 @@ public class DefaultResourcePermissionsTest extends AbstractDaoTestCase { @Before public void initResourcePermissions() { settings = new Settings(); - permissions = new DefaultResourcePermissions(settings, getMyBatis(), + ComponentPermissionFacade permissionFacade = new ComponentPermissionFacade(getMyBatis(), new RoleDao(getMyBatis()), new UserDao(getMyBatis()), new PermissionDao(getMyBatis())); + permissions = new DefaultResourcePermissions(settings, getMyBatis(), permissionFacade); } @Test |