diff options
Diffstat (limited to 'sonar-db/src/main')
7 files changed, 75 insertions, 32 deletions
diff --git a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java index c8a9c39e71a..dc6677e63d1 100644 --- a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java +++ b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationDao.java @@ -77,6 +77,15 @@ public class AuthorizationDao implements Dao { return mapper(dbSession).selectRootComponentPermissionsOfAnonymous(rootComponentId); } + /** + * The number of users who will still have the permission when the group {@code excludedGroupId} + * is deleted. + */ + public int countRemainingUserIdsWithGlobalPermissionIfExcludeGroup(DbSession dbSession, String organizationUuid, + String permission, long excludedGroupId) { + return mapper(dbSession).countRemainingUserIdsWithGlobalPermissionIfExcludeGroup(organizationUuid, permission, excludedGroupId); + } + public Collection<Long> keepAuthorizedProjectIds(DbSession dbSession, Collection<Long> componentIds, @Nullable Integer userId, String role) { return executeLargeInputs( componentIds, diff --git a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java index cfbcf015e9a..dc422f10476 100644 --- a/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java +++ b/sonar-db/src/main/java/org/sonar/db/permission/AuthorizationMapper.java @@ -37,6 +37,8 @@ public interface AuthorizationMapper { Set<String> selectRootComponentPermissionsOfAnonymous(@Param("rootComponentId") long rootComponentId); + int countRemainingUserIdsWithGlobalPermissionIfExcludeGroup(@Param("organizationUuid") String organizationUuid, @Param("permission") String permission, @Param("excludedGroupId") long excludedGroupId); + List<Long> keepAuthorizedProjectIdsForAnonymous(@Param("role") String role, @Param("componentIds") Collection<Long> componentIds); List<Long> keepAuthorizedProjectIdsForUser(@Param("userId") long userId, @Param("role") String role, @Param("componentIds") Collection<Long> componentIds); diff --git a/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionDao.java b/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionDao.java index 53e579fa6c1..18bff43b55e 100644 --- a/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionDao.java +++ b/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionDao.java @@ -92,21 +92,20 @@ public class GroupPermissionDao implements Dao { } /** - * @return the permissions granted to the requested group, optionally on the requested project. An - * empty list is returned if the group or project do not exist. + * Selects the global permissions granted to group. An empty list is returned if the + * group does not exist. */ - public List<String> selectGroupPermissions(DbSession session, long groupId, @Nullable Long projectId) { - return session.getMapper(GroupPermissionMapper.class).selectGroupPermissions(groupId, projectId); + public List<String> selectGlobalPermissionsOfGroup(DbSession session, String organizationUuid, @Nullable Long groupId) { + return mapper(session).selectGlobalPermissionsOfGroup(organizationUuid, groupId); } + /** - * @return the permissions granted to Anyone virtual group, optionally on the requested project. An - * empty list is returned if the project does not exist. - * @deprecated not compatible with organizations if {@code projectId} is null. Should have an organization parameter. + * Selects the permissions granted to group and project. An empty list is returned if the + * group or project do not exist. */ - @Deprecated - public List<String> selectAnyonePermissions(DbSession session, @Nullable Long projectId) { - return session.getMapper(GroupPermissionMapper.class).selectAnyonePermissions(projectId); + public List<String> selectProjectPermissionsOfGroup(DbSession session, String organizationUuid, @Nullable Long groupId, long projectId) { + return mapper(session).selectProjectPermissionsOfGroup(organizationUuid, groupId, projectId); } /** diff --git a/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionMapper.java b/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionMapper.java index 6c3978bc10e..28c9af27a76 100644 --- a/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionMapper.java +++ b/sonar-db/src/main/java/org/sonar/db/permission/GroupPermissionMapper.java @@ -54,10 +54,6 @@ public interface GroupPermissionMapper { void groupsCountByProjectIdAndPermission(Map<String, Object> parameters, ResultHandler resultHandler); - List<String> selectGroupPermissions(@Param("groupId") long groupId, @Nullable @Param("projectId") Long projectId); - - List<String> selectAnyonePermissions(@Nullable @Param("projectId") Long projectId); - void insert(GroupPermissionDto dto); void deleteByRootComponentId(@Param("rootComponentId") long componentId); @@ -66,4 +62,8 @@ public interface GroupPermissionMapper { @Nullable @Param("groupId") Long groupId, @Nullable @Param("rootComponentId") Long rootComponentId); int countRowsByRootComponentId(@Param("rootComponentId") long rootComponentId); + + List<String> selectGlobalPermissionsOfGroup(@Param("organizationUuid") String organizationUuid, @Nullable @Param("groupId") Long groupId); + + List<String> selectProjectPermissionsOfGroup(@Param("organizationUuid") String organizationUuid, @Nullable @Param("groupId") Long groupId, @Param("projectId") long projectId); } diff --git a/sonar-db/src/main/java/org/sonar/db/user/RoleDao.java b/sonar-db/src/main/java/org/sonar/db/user/RoleDao.java index a09bba9ec33..cfd6a2ea69c 100644 --- a/sonar-db/src/main/java/org/sonar/db/user/RoleDao.java +++ b/sonar-db/src/main/java/org/sonar/db/user/RoleDao.java @@ -49,6 +49,10 @@ public class RoleDao implements Dao { mapper(session).deleteGroupRolesByGroupId(groupId); } + /** + * @deprecated does not support organizations + */ + @Deprecated public int countUserPermissions(DbSession session, String permission, @Nullable Long allGroupsExceptThisGroupId) { return mapper(session).countUsersWithPermission(permission, allGroupsExceptThisGroupId); } diff --git a/sonar-db/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml b/sonar-db/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml index d819a2b2294..63043b8bf02 100644 --- a/sonar-db/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml +++ b/sonar-db/src/main/resources/org/sonar/db/permission/AuthorizationMapper.xml @@ -71,6 +71,29 @@ gr.group_id is null </select> + <select id="countRemainingUserIdsWithGlobalPermissionIfExcludeGroup" parameterType="map" resultType="int"> + select count(1) from + ( + select gu.user_id + from groups_users gu + inner join group_roles gr on gr.group_id = gu.group_id + where + gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and + gr.role = #{permission,jdbcType=VARCHAR} and + gr.resource_id is null and + gr.group_id is not null and + gr.group_id != #{excludedGroupId,jdbcType=BIGINT} + + union + + select ur.user_id + from user_roles ur + where + ur.resource_id is null and + ur.role = #{permission,jdbcType=VARCHAR} + ) remaining + </select> + <select id="keepAuthorizedProjectIdsForUser" parameterType="map" resultType="long"> SELECT gr.resource_id FROM group_roles gr diff --git a/sonar-db/src/main/resources/org/sonar/db/permission/GroupPermissionMapper.xml b/sonar-db/src/main/resources/org/sonar/db/permission/GroupPermissionMapper.xml index e9c9bbb780e..683b2990d5d 100644 --- a/sonar-db/src/main/resources/org/sonar/db/permission/GroupPermissionMapper.xml +++ b/sonar-db/src/main/resources/org/sonar/db/permission/GroupPermissionMapper.xml @@ -124,30 +124,36 @@ </if> </select> - <select id="selectGroupPermissions" parameterType="map" resultType="String"> + <select id="selectGlobalPermissionsOfGroup" parameterType="map" resultType="String"> select gr.role from group_roles gr - where gr.group_id = #{groupId} - and - <if test="projectId == null"> - gr.resource_id is null - </if> - <if test="projectId != null"> - gr.resource_id = #{projectId} - </if> + where + gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and + gr.resource_id is null and + <choose> + <when test="groupId != null"> + gr.group_id = #{groupId,jdbcType=BIGINT} + </when> + <otherwise> + gr.group_id is null + </otherwise> + </choose> </select> - <select id="selectAnyonePermissions" parameterType="map" resultType="String"> + <select id="selectProjectPermissionsOfGroup" parameterType="map" resultType="String"> select gr.role from group_roles gr - where gr.group_id is null - and - <if test="projectId == null"> - gr.resource_id is null - </if> - <if test="projectId != null"> - gr.resource_id = #{projectId} - </if> + where + gr.organization_uuid = #{organizationUuid,jdbcType=VARCHAR} and + gr.resource_id = #{projectId,jdbcType=BIGINT} and + <choose> + <when test="groupId != null"> + gr.group_id = #{groupId,jdbcType=BIGINT} + </when> + <otherwise> + gr.group_id is null + </otherwise> + </choose> </select> <select id="countRowsByRootComponentId" parameterType="long" resultType="int"> |