okorach · okorach · Oct 31, 2025 · Oct 31, 2025 · Oct 31, 2025 · Oct 31, 2025
diff --git a/cli/config.py b/cli/config.py
@@ -39,7 +39,6 @@
 
 TOOL_NAME = "sonar-config"
 
-DONT_INLINE_LISTS = "dontInlineLists"
 FULL_EXPORT = "fullExport"
 EXPORT_EMPTY = "exportEmpty"
 
@@ -104,14 +103,6 @@ def __parse_args(desc: str) -> object:
         f"By default the export will show the value as '{utilities.DEFAULT}' "
         "and the setting will not be imported at import time",
     )
-    parser.add_argument(
-        f"--{DONT_INLINE_LISTS}",
-        required=False,
-        default=False,
-        action="store_true",
-        help="By default, sonar-config exports multi-valued settings as comma separated strings instead of arrays (if there is not comma in values). "
-        "Set this flag if you want to force export multi valued settings as arrays",
-    )
     parser.add_argument(
         f"--{EXPORT_EMPTY}",
         required=False,
@@ -216,7 +207,7 @@ def export_config(endpoint: platform.Platform, what: list[str], **kwargs) -> Non
     export_settings = kwargs.copy()
     export_settings.update(
         {
-            "INLINE_LISTS": not kwargs.get(DONT_INLINE_LISTS, False),
+            "INLINE_LISTS": False,
             "EXPORT_DEFAULTS": True,
             "FULL_EXPORT": kwargs.get(FULL_EXPORT, False),
             "MODE": mode,
@@ -271,8 +262,7 @@ def __prep_json_for_write(json_data: types.ObjectJsonRepr, export_settings: type
         return json_data
     if not export_settings.get("FULL_EXPORT", False):
         json_data = utilities.clean_data(json_data, remove_empty=not export_settings.get(EXPORT_EMPTY, False), remove_none=True)
-    if export_settings.get("INLINE_LISTS", True):
-        json_data = utilities.inline_lists(json_data, exceptions=("conditions",))
+
     return json_data
 
 

diff --git a/sonar/applications.py b/sonar/applications.py
@@ -340,7 +340,7 @@ def export(self, export_settings: types.ConfigSettings) -> types.ObjectJsonRepr:
                 "visibility": self.visibility(),
                 # 'projects': self.projects(),
                 "branches": [br.export() for br in self.branches().values()],
-                "permissions": self.permissions().export(export_settings=export_settings),
+                "permissions": self.permissions().export(),
                 "tags": self.get_tags(),
             }
         )
@@ -521,14 +521,14 @@ def export(endpoint: pf.Platform, export_settings: types.ConfigSettings, **kwarg
     key_regexp = kwargs.get("key_list", ".*")
 
     app_list = {k: v for k, v in get_list(endpoint).items() if not key_regexp or re.match(key_regexp, k)}
-    apps_settings = {}
+    apps_export = {}
     for k, app in app_list.items():
         app_json = app.export(export_settings)
         if write_q:
             write_q.put(app_json)
-        apps_settings[k] = app_json
+        apps_export[k] = app_json
     write_q and write_q.put(util.WRITE_END)
-    return dict(sorted(app_json.items())).values()
+    return dict(sorted(apps_export.items())).values()
 
 
 def audit(endpoint: pf.Platform, audit_settings: types.ConfigSettings, **kwargs) -> list[problem.Problem]:

diff --git a/sonar/branches.py b/sonar/branches.py
@@ -229,19 +229,16 @@ def export(self, export_settings: types.ConfigSettings) -> types.ObjectJsonRepr:
         :rtype: str
         """
         log.debug("Exporting %s", str(self))
-        data = {settings.NEW_CODE_PERIOD: self.new_code()}
+        data = {"name": self.name, "project": self.concerned_object.key}
         if self.is_main():
             data["isMain"] = True
         if self.is_kept_when_inactive() and not self.is_main():
             data["keepWhenInactive"] = True
         if self.new_code():
             data[settings.NEW_CODE_PERIOD] = self.new_code()
-        if export_settings.get("FULL_EXPORT", True):
-            data.update({"name": self.name, "project": self.concerned_object.key})
         if export_settings.get("MODE", "") == "MIGRATION":
             data.update(self.migration_export(export_settings))
-        data = util.remove_nones(data)
-        return None if len(data) == 0 else data
+        return util.remove_nones(data)
 
     def set_keep_when_inactive(self, keep: bool) -> bool:
         """Sets whether the branch is kept when inactive

diff --git a/sonar/permissions/aggregation_permissions.py b/sonar/permissions/aggregation_permissions.py
@@ -22,6 +22,7 @@
 
 from __future__ import annotations
 from sonar.util import types
+from sonar import logging as log
 from sonar.permissions import permissions, project_permissions
 
 AGGREGATION_PERMISSIONS = {
@@ -49,4 +50,4 @@ def set(self, new_perms: types.JsonPermissions) -> AggregationPermissions:
         :return: Permissions associated to the aggregation
         :rtype: self
         """
-        return super().set(permissions.white_list(new_perms, AGGREGATION_PERMISSIONS))
+        return super().set(permissions.white_list(permissions.list_to_dict(new_perms), AGGREGATION_PERMISSIONS))
diff --git a/sonar/permissions/global_permissions.py b/sonar/permissions/global_permissions.py
@@ -93,3 +93,18 @@ def edition_filter(perms: types.JsonPermissions, ed: str) -> types.JsonPermissio
             log.warning("Can't manage permission '%s' on a %s edition", p, ed)
             perms.remove(p)
     return perms
+
+
+def fmt_perms(group_or_user: str, perms: list[str], type_of_perm: str) -> types.JsonPermissions:
+    """Helper to convert perms to dict"""
+    return {type_of_perm: group_or_user, "permissions": perms}
+
+
+def group_perms(group: str, perms: list[str]) -> types.JsonPermissions:
+    """Helper to convert group perms to dict"""
+    return fmt_perms(group, perms, "groups")
+
+
+def user_perms(user: str, perms: list[str]) -> types.JsonPermissions:
+    """Helper to convert group perms to dict"""
+    return fmt_perms(user, perms, "users")
diff --git a/sonar/permissions/permission_templates.py b/sonar/permissions/permission_templates.py
@@ -164,7 +164,7 @@ def to_json(self, export_settings: types.ConfigSettings = None) -> types.ObjectJ
             "name": self.name,
             "description": self.description if self.description != "" else None,
             "pattern": self.project_key_pattern,
-            "permissions": self.permissions().export(export_settings=export_settings),
+            "permissions": self.permissions().export(),
         }
 
         defaults = []
@@ -263,7 +263,6 @@ def export(endpoint: pf.Platform, export_settings: types.ConfigSettings) -> type
     """Exports permission templates as JSON"""
     log.info("Exporting permission templates")
     json_data = {pt.name: pt.to_json(export_settings) for pt in get_list(endpoint).values()}
-    log.info("PT RES = %s", utilities.json_dump(json_data))
     return list(dict(sorted(json_data.items())).values())
 
 

diff --git a/sonar/permissions/permissions.py b/sonar/permissions/permissions.py
@@ -37,18 +37,19 @@
     "admin": "Administer System",
     "gateadmin": "Administer Quality Gates",
     "profileadmin": "Administer Quality Profiles",
-    "provisioning": "Create Projects",
     "scan": "Execute Analysis",
+    "provisioning": "Create Projects",
 }
-DEVELOPER_GLOBAL_PERMISSIONS = {**COMMUNITY_GLOBAL_PERMISSIONS, **{"applicationcreator": "Create Applications"}}
-ENTERPRISE_GLOBAL_PERMISSIONS = {**DEVELOPER_GLOBAL_PERMISSIONS, **{"portfoliocreator": "Create Portfolios"}}
+
+DEVELOPER_GLOBAL_PERMISSIONS = {**COMMUNITY_GLOBAL_PERMISSIONS, "applicationcreator": "Create Applications"}
+ENTERPRISE_GLOBAL_PERMISSIONS = {**DEVELOPER_GLOBAL_PERMISSIONS, "portfoliocreator": "Create Portfolios"}
 
 PROJECT_PERMISSIONS = {
-    "admin": "Administer Project",
     "user": "Browse",
     "codeviewer": "See source code",
     "issueadmin": "Administer Issues",
     "securityhotspotadmin": "Create Projects",
+    "admin": "Administer Project",
     "scan": "Execute Analysis",
 }
 
@@ -62,7 +63,7 @@
 
 OBJECTS_WITH_PERMISSIONS = (_GLOBAL, _PROJECTS, _TEMPLATES, _QG, _QP, _APPS, _PORTFOLIOS)
 PERMISSION_TYPES = ("groups", "users")
-NO_PERMISSIONS = {"groups": None, "users": None}
+NO_PERMISSIONS = {p: {} for p in PERMISSION_TYPES}
 
 MAX_PERMS = 100
 
@@ -81,29 +82,23 @@ def __init__(self, concerned_object: object) -> None:
     def __str__(self) -> str:
         return f"permissions of {str(self.concerned_object)}"
 
-    def to_json(self, perm_type: Optional[str] = None, csv: bool = False) -> types.JsonPermissions:
+    def to_json(self, perm_type: Optional[str] = None) -> types.JsonPermissions:
         """Converts a permission object to JSON"""
-        if not csv:
-            return self.permissions.get(perm_type, {}) if is_valid(perm_type) else self.permissions
+        order = PROJECT_PERMISSIONS if self.concerned_object else ENTERPRISE_GLOBAL_PERMISSIONS
         perms = []
         for p in normalize(perm_type):
             if p not in self.permissions or len(self.permissions[p]) == 0:
                 continue
             for k, v in self.permissions.get(p, {}).items():
                 if not v or len(v) == 0:
                     continue
-                perms += [{p[:-1]: k, "permissions": encode(v)}]
+                perms += [{p[:-1]: k, "permissions": encode(v, order)}]
         return perms if len(perms) > 0 else None
 
-    def export(self, export_settings: types.ConfigSettings) -> types.ObjectJsonRepr:
+    def export(self) -> types.ObjectJsonRepr:
         """Exports permissions as JSON"""
-        inlined = export_settings.get("INLINE_LISTS", True)
-        perms = self.to_json(csv=inlined)
-        if not inlined:
-            perms = {k: v for k, v in perms.items() if len(v) > 0}
-        if not perms or len(perms) == 0:
-            return None
-        return perms
+        perms = self.to_json()
+        return None if not perms or len(perms) == 0 else perms
 
     @abstractmethod
     def read(self) -> Permissions:
@@ -119,44 +114,28 @@ def set(self, new_perms: types.JsonPermissions) -> Permissions:
         :param JsonPermissions new_perms: The permissions to set
         """
 
-    def set_user_permissions(self, user_perms: dict[str, list[str]]) -> Permissions:
-        """Sets user permissions of an object
-
-        :param dict[str, list[str]] user_perms: The user permissions to apply
-        """
-        return self.set({"users": user_perms})
-
-    def set_group_permissions(self, group_perms: dict[str, list[str]]) -> Permissions:
-        """Sets user permissions of an object
-
-        :param dict[str, list[str]] group_perms: The group permissions to apply
-        """
-        return self.set({"groups": group_perms})
-
     def clear(self) -> Permissions:
         """Clears all permissions of an object
         :return: self
         :rtype: Permissions
         """
         return self.set({"users": {}, "groups": {}})
 
-    def users(self) -> dict[str, list[str]]:
+    def users(self) -> types.JsonPermissions:
         """
         :return: User permissions of an object
-        :rtype: list (for QualityGate and QualityProfile) or dict (for other objects)
         """
         if self.permissions is None:
             self.read()
-        return self.to_json(perm_type="users")
+        return self.permissions.get("users", {})
 
-    def groups(self) -> dict[str, list[str]]:
+    def groups(self) -> types.JsonPermissions:
         """
         :return: Group permissions of an object
-        :rtype: list (for QualityGate and QualityProfile) or dict (for other objects)
         """
         if self.permissions is None:
             self.read()
-        return self.to_json(perm_type="groups")
+        return self.permissions.get("groups", {})
 
     def added_permissions(self, other_perms: types.JsonPermissions) -> types.JsonPermissions:
         return diff(self.permissions, other_perms)
@@ -212,7 +191,7 @@ def __audit_max_users_or_groups_with_permissions(self, audit_settings: types.Con
         """Audits maximum number of user or groups with permissions"""
         problems = []
         o = self.concerned_object
-        data = self.to_json()
+        data = self.permissions
         for t in PERMISSION_TYPES:
             max_count = audit_settings.get(f"audit.permissions.max{t.capitalize()}", 5)
             count = len(data.get(t, {}))
@@ -224,7 +203,7 @@ def __audit_max_users_or_groups_with_permissions(self, audit_settings: types.Con
     def audit_sonar_users_permissions(self, audit_settings: types.ConfigSettings) -> list[Problem]:
         """Audits that default user group has no sensitive permissions"""
         __SENSITIVE_PERMISSIONS = ["issueadmin", "scan", "securityhotspotadmin", "admin", "gateadmin", "profileadmin"]
-        groups = self.to_json(perm_type="groups")
+        groups = self.permissions.get("groups", {})
         if isinstance(groups, list):
             groups = {u: ["admin"] for u in groups}
         default_gr = self.endpoint.default_user_group()
@@ -234,7 +213,7 @@ def audit_sonar_users_permissions(self, audit_settings: types.ConfigSettings) ->
 
     def audit_anyone_permissions(self, audit_settings: types.ConfigSettings) -> list[Problem]:
         """Audits that Anyone group has no permissions"""
-        groups = self.to_json(perm_type="groups")
+        groups = self.permissions.get("groups", {})
         if groups and any(gr_name == "Anyone" for gr_name in groups):
             return [Problem(get_rule(RuleId.PROJ_PERM_ANYONE), self.concerned_object, str(self.concerned_object))]
         return []
@@ -322,18 +301,12 @@ def _post_api(self, api: str, set_field: str, perms_dict: types.JsonPermissions,
         return ok
 
 
-def simplify(perms_dict: dict[str, list[str]]) -> Optional[dict[str, str]]:
-    """Simplifies permissions by converting to CSV an array"""
-    if perms_dict is None or len(perms_dict) == 0:
-        return None
-    return {k: encode(v) for k, v in perms_dict.items() if len(v) > 0}
-
-
-def encode(perms_array: dict[str, list[str]]) -> dict[str, str]:
+def encode(perms_array: dict[str, list[str]], order: list[str]) -> dict[str, str]:
     """
     :meta private:
     """
-    return utilities.list_to_csv(perms_array, ", ", check_for_separator=True)
+    ordered = utilities.order_list(perms_array, *order)
+    return utilities.list_to_csv(ordered, ", ", check_for_separator=True)
 
 
 def decode(encoded_perms: dict[str, str]) -> dict[str, list[str]]:
@@ -426,15 +399,43 @@ def white_list(perms: types.JsonPermissions, allowed_perms: list[str]) -> types.
 def black_list(perms: types.JsonPermissions, disallowed_perms: list[str]) -> types.JsonPermissions:
     """Returns permissions filtered after a black list of disallowed permissions"""
     resulting_perms = {}
-    for perm_type, sub_perms in perms.items():
-        # if perm_type not in PERMISSION_TYPES:
-        #    continue
+    for perm_type, sub_perms in list_to_dict(perms).items():
         resulting_perms[perm_type] = {}
         for user_or_group, original_perms in sub_perms.items():
             resulting_perms[perm_type][user_or_group] = [p for p in original_perms if p not in disallowed_perms]
-    return resulting_perms
+    return dict_to_list(resulting_perms)
 
 
 def convert_for_yaml(json_perms: types.ObjectJsonRepr) -> types.ObjectJsonRepr:
     """Converts permissions in a format that is more friendly for YAML"""
     return json_perms
+
+
+def fmt_perms(group_or_user: str, perms: list[str], type_of_perm: str) -> types.JsonPermissions:
+    """Helper to convert perms to dict"""
+    return {type_of_perm[:-1]: group_or_user, "permissions": perms}
+
+
+def group_perms(group: str, perms: list[str]) -> types.JsonPermissions:
+    """Helper to convert group perms to dict"""
+    return fmt_perms(group, perms, "groups")
+
+
+def user_perms(user: str, perms: list[str]) -> types.JsonPermissions:
+    """Helper to convert group perms to dict"""
+    return fmt_perms(user, perms, "users")
+
+
+def list_to_dict(perms: types.JsonPermissions) -> dict[str, dict[str, list[str]]]:
+    log.info("L2D = %s", utilities.json_dump(perms))
+    res = {"users": {p["user"]: p["permissions"] for p in perms if "user" in p}}
+    res |= {"groups": {p["group"]: p["permissions"] for p in perms if "group" in p}}
+    return res
+
+
+def dict_to_list(perms: dict[str, dict[str, list[str]]]) -> types.JsonPermissions:
+    res = []
+    for ptype in PERMISSION_TYPES:
+        for p in perms.get(ptype, {}):
+            res += [{ptype[:-1]: k, "permissions": v} for k, v in p]
+    return res
diff --git a/sonar/permissions/quality_permissions.py b/sonar/permissions/quality_permissions.py
@@ -62,6 +62,7 @@ def to_json(self, perm_type: Optional[tuple[str, ...]] = None, csv: bool = False
             dperms = self.permissions.get(p, None)
             if dperms is not None and len(dperms) > 0:
                 perms[p] = permissions.encode(self.permissions.get(p, None))
+        perms = permissions.dict_to_list(perms)
         return perms if len(perms) > 0 else None
 
     def audit(self, audit_settings: types.ConfigSettings) -> list[Problem]: