private Set<String> keepAuthorizedLogins(DbSession dbSession, String projectKey, Set<SubscriberAndChannel> subscriberAndChannels, @Nullable Boolean global, String permission) { Set<String> logins = subscriberAndChannels.stream() .filter(s -> global == null || s.getSubscriber().isGlobal() == global) .map(s -> s.getSubscriber().getLogin()) .collect(Collectors.toSet()); if (logins.isEmpty()) { return Collections.emptySet(); } return dbClient.authorizationDao().keepAuthorizedLoginsOnProject(dbSession, logins, projectKey, permission); }
private Set<String> loadDbPermissions(DbSession dbSession, String projectUuid) { if (userDto != null && userDto.getId() != null) { return dbClient.authorizationDao().selectProjectPermissions(dbSession, projectUuid, userDto.getId()); } return dbClient.authorizationDao().selectProjectPermissionsOfAnonymous(dbSession, projectUuid); }
private List<ProjectQgateAssociationDto> keepAuthorizedProjects(DbSession dbSession, List<ProjectQgateAssociationDto> projects) { if (userSession.isRoot()) { // the method AuthorizationDao#keepAuthorizedProjectIds() should be replaced by // a call to UserSession, which would transparently support roots. // Meanwhile root is explicitly handled. return projects; } List<Long> projectIds = projects.stream().map(ProjectQgateAssociationDto::getId).collect(MoreCollectors.toList()); Collection<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(dbSession, projectIds, userSession.getUserId(), UserRole.USER); return projects.stream().filter(project -> authorizedProjectIds.contains(project.getId())).collect(MoreCollectors.toList()); }
private List<String> getRecipients() { try (DbSession session = dbClient.openSession(false)) { return dbClient.authorizationDao().selectQualityProfileAdministratorLogins(session); } } }
private Set<OrganizationPermission> loadOrganizationPermissions(String organizationUuid) { Set<String> permissionKeys; try (DbSession dbSession = dbClient.openSession(false)) { if (userDto != null && userDto.getId() != null) { permissionKeys = dbClient.authorizationDao().selectOrganizationPermissions(dbSession, organizationUuid, userDto.getId()); } else { permissionKeys = dbClient.authorizationDao().selectOrganizationPermissionsOfAnonymous(dbSession, organizationUuid); } } return permissionKeys.stream() .map(OrganizationPermission::fromKey) .collect(MoreCollectors.toSet(permissionKeys.size())); }
private Map<Long, ComponentDto> searchProjects(DbSession dbSession, List<PropertyDto> properties) { Set<Long> componentIds = properties.stream() .map(PropertyDto::getResourceId) .filter(Objects::nonNull) .collect(MoreCollectors.toSet(properties.size())); Set<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(dbSession, componentIds, userSession.getUserId(), UserRole.USER); return dbClient.componentDao().selectByIds(dbSession, componentIds) .stream() .filter(c -> authorizedProjectIds.contains(c.getId())) .collect(MoreCollectors.uniqueIndex(ComponentDto::getId)); }
private List<String> selectOrganizationsWithNoMoreAdministrators(DbSession dbSession, UserDto user) { Set<String> organizationUuids = dbClient.authorizationDao().selectOrganizationUuidsOfUserWithGlobalPermission( dbSession, user.getId(), OrganizationPermission.ADMINISTER.getKey()); List<String> problematicOrganizations = new ArrayList<>(); for (String organizationUuid : organizationUuids) { int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, organizationUuid, OrganizationPermission.ADMINISTER.getKey(), user.getId()); if (remaining == 0) { problematicOrganizations.add(organizationUuid); } } return problematicOrganizations; }
@Override protected List<ComponentDto> doKeepAuthorizedComponents(String permission, Collection<ComponentDto> components) { try (DbSession dbSession = dbClient.openSession(false)) { Set<String> projectUuids = components.stream() .map(c -> defaultIfEmpty(c.getMainBranchProjectUuid(), c.projectUuid())) .collect(MoreCollectors.toSet(components.size())); Set<String> authorizedProjectUuids = dbClient.authorizationDao().keepAuthorizedProjectUuids(dbSession, projectUuids, getUserId(), permission); return components.stream() .filter(c -> authorizedProjectUuids.contains(c.projectUuid()) || authorizedProjectUuids.contains(c.getMainBranchProjectUuid())) .collect(MoreCollectors.toList(components.size())); } }
private void checkNotTryingToDeleteLastAdminGroup(DbSession dbSession, GroupDto group) { int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroup(dbSession, group.getOrganizationUuid(), OrganizationPermission.ADMINISTER.getKey(), group.getId()); checkArgument(remaining > 0, "The last system admin group cannot be deleted"); }
private void checkOtherAdminsExist(DbSession dbSession, UserPermissionChange change) { if (SYSTEM_ADMIN.equals(change.getPermission()) && !change.getProjectId().isPresent()) { int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUserPermission(dbSession, change.getOrganizationUuid(), change.getPermission(), change.getUserId().getId()); checkRequest(remaining > 0, "Last user with permission '%s'. Permission cannot be removed.", SYSTEM_ADMIN); } } }
@Before public void setUp() { when(dispatcher.getKey()).thenReturn("NewViolations"); when(emailChannel.getKey()).thenReturn("Email"); when(twitterChannel.getKey()).thenReturn("Twitter"); when(dbClient.openSession(anyBoolean())).thenReturn(dbSession); when(dbClient.propertiesDao()).thenReturn(propertiesDao); when(dbClient.notificationQueueDao()).thenReturn(notificationQueueDao); when(dbClient.authorizationDao()).thenReturn(authorizationDao); underTest = new DefaultNotificationManager(new NotificationChannel[] {emailChannel, twitterChannel}, dbClient); }
@Override public void handle(Request request, Response response) throws Exception { String profileKey = request.mandatoryParam(PARAM_KEY); try (DbSession session = dbClient.openSession(false)) { checkProfileExists(profileKey, session); String selected = request.param(Param.SELECTED); String query = request.param(Param.TEXT_QUERY); int page = request.mandatoryParamAsInt(Param.PAGE); int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); List<ProjectQprofileAssociationDto> projects = loadAllProjects(profileKey, session, selected, query).stream() .sorted(comparing(ProjectQprofileAssociationDto::getProjectName) .thenComparing(ProjectQprofileAssociationDto::getProjectUuid)) .collect(MoreCollectors.toList()); Collection<String> projectUuids = projects.stream() .map(ProjectQprofileAssociationDto::getProjectUuid) .collect(MoreCollectors.toSet()); Set<String> authorizedProjectUuids = dbClient.authorizationDao().keepAuthorizedProjectUuids(session, projectUuids, userSession.getUserId(), UserRole.USER); Paging paging = forPageIndex(page).withPageSize(pageSize).andTotal(authorizedProjectUuids.size()); List<ProjectQprofileAssociationDto> authorizedProjects = projects.stream() .filter(input -> authorizedProjectUuids.contains(input.getProjectUuid())) .skip(paging.offset()) .limit(paging.pageSize()) .collect(MoreCollectors.toList()); writeProjects(response, authorizedProjects, paging); } }
private void checkIfRemainingGlobalAdministrators(DbSession dbSession, GroupPermissionChange change) { if (SYSTEM_ADMIN.equals(change.getPermission()) && !change.getGroupIdOrAnyone().isAnyone() && !change.getProjectId().isPresent()) { // removing global admin permission from group int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroup(dbSession, change.getOrganizationUuid(), SYSTEM_ADMIN, change.getGroupIdOrAnyone().getId()); checkRequest(remaining > 0, "Last group with permission '%s'. Permission cannot be removed.", SYSTEM_ADMIN); } }
private void ensureLastAdminIsNotRemoved(DbSession dbSession, OrganizationDto organizationDto, UserDto user) { int remainingAdmins = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUser(dbSession, organizationDto.getUuid(), ADMINISTER.getKey(), user.getId()); checkRequest(remainingAdmins > 0, "The last administrator member cannot be removed"); } }
/** * Ensure that there are still users with admin global permission if user is removed from the group. */ private void ensureLastAdminIsNotRemoved(DbSession dbSession, GroupDto group, UserDto user) { int remainingAdmins = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroupMember(dbSession, group.getOrganizationUuid(), OrganizationPermission.ADMINISTER.getKey(), group.getId(), user.getId()); checkRequest(remainingAdmins > 0, "The last administrator user cannot be removed"); }
private Set<String> keepAuthorizedLogins(DbSession dbSession, String projectKey, Set<SubscriberAndChannel> subscriberAndChannels, @Nullable Boolean global, String permission) { Set<String> logins = subscriberAndChannels.stream() .filter(s -> global == null || s.getSubscriber().isGlobal() == global) .map(s -> s.getSubscriber().getLogin()) .collect(Collectors.toSet()); if (logins.isEmpty()) { return Collections.emptySet(); } return dbClient.authorizationDao().keepAuthorizedLoginsOnProject(dbSession, logins, projectKey, permission); }
private Set<String> loadDbPermissions(DbSession dbSession, String projectUuid) { if (userDto != null && userDto.getId() != null) { return dbClient.authorizationDao().selectProjectPermissions(dbSession, projectUuid, userDto.getId()); } return dbClient.authorizationDao().selectProjectPermissionsOfAnonymous(dbSession, projectUuid); }
private List<ProjectQgateAssociationDto> keepAuthorizedProjects(DbSession dbSession, List<ProjectQgateAssociationDto> projects) { if (userSession.isRoot()) { // the method AuthorizationDao#keepAuthorizedProjectIds() should be replaced by // a call to UserSession, which would transparently support roots. // Meanwhile root is explicitly handled. return projects; } List<Long> projectIds = projects.stream().map(ProjectQgateAssociationDto::getId).collect(MoreCollectors.toList()); Collection<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(dbSession, projectIds, userSession.getUserId(), UserRole.USER); return projects.stream().filter(project -> authorizedProjectIds.contains(project.getId())).collect(MoreCollectors.toList()); }
private Map<Long, ComponentDto> searchProjects(DbSession dbSession, List<PropertyDto> properties) { Set<Long> componentIds = properties.stream() .map(PropertyDto::getResourceId) .filter(Objects::nonNull) .collect(MoreCollectors.toSet(properties.size())); Set<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(dbSession, componentIds, userSession.getUserId(), UserRole.USER); return dbClient.componentDao().selectByIds(dbSession, componentIds) .stream() .filter(c -> authorizedProjectIds.contains(c.getId())) .collect(MoreCollectors.uniqueIndex(ComponentDto::getId)); }
private void checkOtherAdminsExist(DbSession dbSession, UserPermissionChange change) { if (SYSTEM_ADMIN.equals(change.getPermission()) && !change.getProjectId().isPresent()) { int remaining = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUserPermission(dbSession, change.getOrganizationUuid(), change.getPermission(), change.getUserId().getId()); checkRequest(remaining > 0, "Last user with permission '%s'. Permission cannot be removed.", SYSTEM_ADMIN); } } }