Revert to old permissions

Author: okorach-sonar

sonar/permissions/permissions.py

@@ -63,7 +63,7 @@
 
 OBJECTS_WITH_PERMISSIONS = (_GLOBAL, _PROJECTS, _TEMPLATES, _QG, _QP, _APPS, _PORTFOLIOS)
 PERMISSION_TYPES = ("groups", "users")
-NO_PERMISSIONS = []
+NO_PERMISSIONS = {p: {} for p in PERMISSION_TYPES}
 
 MAX_PERMS = 100
 
@@ -85,9 +85,15 @@ def __str__(self) -> str:
     def to_json(self, perm_type: Optional[str] = None) -> types.JsonPermissions:
         """Converts a permission object to JSON"""
         order = PROJECT_PERMISSIONS if self.concerned_object else ENTERPRISE_GLOBAL_PERMISSIONS
-        perms += [{"permissions": encode(p["permissions"], order), **p} for p in self.permissions]
-        if perm_type:
-            perms = [p for p in perms if perm_type[:-1] in p.keys()]
+        perms = []
+        for p in normalize(perm_type):
+            if p not in self.permissions or len(self.permissions[p]) == 0:
+                continue
+            for k, v in self.permissions.get(p, {}).items():
+                if not v or len(v) == 0:
+                    continue
+                perms += [{p[:-1]: k, "permissions": encode(v, order)}]
+        log.info("RETURN PERM = %s", utilities.json_dump(perms))
         return perms if len(perms) > 0 else None
 
     def export(self) -> types.ObjectJsonRepr:
@@ -258,7 +264,7 @@ def count(self, perm_type: Optional[str] = None, perm_filter: Optional[list[str]
         return perm_counter
 
     def _get_api(self, api: str, perm_type: str, ret_field: str, **extra_params) -> types.JsonPermissions:
-        perms = []
+        perms = {}
         params = extra_params.copy()
         page, nbr_pages = 1, 1
         counter = 0
@@ -270,7 +276,7 @@ def _get_api(self, api: str, perm_type: str, ret_field: str, **extra_params) ->
                 # perms.update({p[ret_field]: p["permissions"] for p in data[perm_type]})
                 for p in data[perm_type]:
                     if len(p["permissions"]) > 0:
-                        perms.append({perm_type[:-1]: p[ret_field], "permssions": p["permissions"]})
+                        perms[p[ret_field]] = p["permissions"]
                         counter = 0
                     else:
                         counter += 1
@@ -381,22 +387,23 @@ def diffarray(perms_1: list[str], perms_2: list[str]) -> list[str]:
 
 def white_list(perms: types.JsonPermissions, allowed_perms: list[str]) -> types.JsonPermissions:
     """Returns permissions filtered from a white list of allowed permissions"""
-    resulting_perms = []
-    for perm in perms.items():
-        k = "users" if "users" in perm else "groups"
-        log.info("PERM = %s", str(perm))
-        v = [p for p in perm["permissions"] if p in allowed_perms]
-        resulting_perms.append({k: perm[k], "permissions": v})
+    resulting_perms = {}
+    for perm_type, sub_perms in perms.items():
+        # if perm_type not in PERMISSION_TYPES:
+        #    continue
+        resulting_perms[perm_type] = {}
+        for user_or_group, original_perms in sub_perms.items():
+            resulting_perms[perm_type][user_or_group] = [p for p in original_perms if p in allowed_perms]
     return resulting_perms
 
 
 def black_list(perms: types.JsonPermissions, disallowed_perms: list[str]) -> types.JsonPermissions:
     """Returns permissions filtered after a black list of disallowed permissions"""
-    resulting_perms = []
-    for perm in perms:
-        k = "users" if "users" in perm else "groups"
-        v = [p for p in perm["permissions"] if p not in disallowed_perms]
-        resulting_perms.append({k: perm[k], "permissions": v})
+    resulting_perms = {}
+    for perm_type, sub_perms in perms.items():
+        resulting_perms[perm_type] = {}
+        for user_or_group, original_perms in sub_perms.items():
+            resulting_perms[perm_type][user_or_group] = [p for p in original_perms if p not in disallowed_perms]
     return resulting_perms
 
 

sonar/permissions/project_permissions.py

@@ -51,7 +51,7 @@ def read(self) -> ProjectPermissions:
         """Reads permissions in SonarQube"""
         self.permissions = permissions.NO_PERMISSIONS.copy()
         for p in permissions.PERMISSION_TYPES:
-            self.permissions += self._get_api(
+            self.permissions[p] = self._get_api(
                 ProjectPermissions.APIS["get"][p],
                 p,
                 ProjectPermissions.API_GET_FIELD[p],

sonar/permissions/quality_permissions.py

@@ -55,11 +55,14 @@ def to_json(self, perm_type: Optional[tuple[str, ...]] = None, csv: bool = False
         """Returns the JSON representation of permissions"""
         if not self.permissions:
             return None
-        perms = self.permissions.copy()
-        if perm_type:
-            perms = [p for p in self.permissions if perm_type[:1] in p]
-        if csv:
-            perms = [{"permissions": permissions.encode(p["permissions"], permissions.ENTERPRISE_GLOBAL_PERMISSIONS), **p} for p in perms]
+        if not csv:
+            return self.permissions[perm_type] if permissions.is_valid(perm_type) and perm_type in self.permissions else self.permissions
+        perms = {}
+        for p in permissions.normalize(perm_type):
+            dperms = self.permissions.get(p, None)
+            if dperms is not None and len(dperms) > 0:
+                perms[p] = permissions.encode(self.permissions.get(p, None))
+        perms = permissions.dict_to_list(perms)
         return perms if len(perms) > 0 else None
 
     def audit(self, audit_settings: types.ConfigSettings) -> list[Problem]:
@@ -109,10 +112,10 @@ def _set_perms(self, new_perms: types.ObjectJsonRepr, apis: dict[str, dict[str,
 
     def _read_perms(self, apis: dict[str, dict[str, str]], field: str, **kwargs) -> types.ObjectJsonRepr:
         """Reads permissions of a QP or QG"""
-        self.permissions = permissions.NO_PERMISSIONS.copy()
+        self.permissions = {p: [] for p in permissions.PERMISSION_TYPES}
         if self.concerned_object.is_built_in:
             log.debug("No permissions for %s because it's built-in", str(self))
         else:
             for p in permissions.PERMISSION_TYPES:
-                self.permissions += self._get_api(apis["get"][p], p, field[p], **kwargs)
+                self.permissions[p] = self._get_api(apis["get"][p], p, field[p], **kwargs)
         return self.permissions

sonar/permissions/template_permissions.py

@@ -39,9 +39,9 @@ class TemplatePermissions(project_permissions.ProjectPermissions):
 
     def read(self) -> TemplatePermissions:
         """Reads permissions of a permission template"""
-        self.permissions = permissions.NO_PERMISSIONS.copy()
+        self.permissions = permissions.NO_PERMISSIONS
         for p in permissions.PERMISSION_TYPES:
-            self.permissions += self._get_api(
+            self.permissions[p] = self._get_api(
                 TemplatePermissions.API_GET[p],
                 p,
                 TemplatePermissions.API_GET_FIELD[p],