/** * Ensure that there are still users with admin global permission if user is removed from the group. */ private void ensureLastAdminIsNotRemoved(DbSession dbSession, GroupDto group, UserDto user) { int remainingAdmins = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroupMember(dbSession, group.getOrganizationUuid(), OrganizationPermission.ADMINISTER.getKey(), group.getId(), user.getId()); checkRequest(remainingAdmins > 0, "The last administrator user cannot be removed"); }
@Test public void countUsersWithGlobalPermissionExcludingGroupMember() { // u1 has the direct permission, u2 and u3 have the permission through their group UserDto u1 = db.users().insertUser(); db.users().insertPermissionOnUser(organization, u1, A_PERMISSION); db.users().insertPermissionOnGroup(group1, A_PERMISSION); db.users().insertPermissionOnGroup(group1, "another-permission"); UserDto u2 = db.users().insertUser(); db.users().insertMember(group1, u2); UserDto u3 = db.users().insertUser(); db.users().insertMember(group1, u3); // excluding u2 membership --> remain u1 and u3 int count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), A_PERMISSION, group1.getId(), u2.getId()); assertThat(count).isEqualTo(2); // excluding unknown memberships count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), A_PERMISSION, group1.getId(), MISSING_ID); assertThat(count).isEqualTo(3); count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), A_PERMISSION, MISSING_ID, u2.getId()); assertThat(count).isEqualTo(3); // another organization count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, DOES_NOT_EXIST, A_PERMISSION, group1.getId(), u2.getId()); assertThat(count).isEqualTo(0); // another permission count = underTest.countUsersWithGlobalPermissionExcludingGroupMember(dbSession, organization.getUuid(), DOES_NOT_EXIST, group1.getId(), u2.getId()); assertThat(count).isEqualTo(0); }
/** * Ensure that there are still users with admin global permission if user is removed from the group. */ private void ensureLastAdminIsNotRemoved(DbSession dbSession, GroupDto group, UserDto user) { int remainingAdmins = dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroupMember(dbSession, group.getOrganizationUuid(), OrganizationPermission.ADMINISTER.getKey(), group.getId(), user.getId()); checkRequest(remainingAdmins > 0, "The last administrator user cannot be removed"); }