Add roles

alpine/alpine-infra/src/main/java/alpine/persistence/AlpineQueryManager.java

@@ -50,6 +50,8 @@
 import java.util.Map;
 import java.util.Set;
 
+import org.datanucleus.store.rdbms.query.JDOQLQuery;
+
 /**
  * This QueryManager provides a concrete extension of {@link AbstractAlpineQueryManager} by
  * providing methods that operate on the default Alpine models such as ManagedUser and Team.
@@ -537,8 +539,11 @@ public List<ManagedUser> getManagedUsers() {
      * @since 1.0.0
      */
     public User getUser(String username) {
-        final Query<User> query = pm.newQuery(User.class, "username == :username");
-        query.setParameters(username);
+        final Query<User> query = pm.newQuery(User.class)
+                .filter("username == :username")
+                .setNamedParameters(Map.of("username", username))
+                .extension(JDOQLQuery.EXTENSION_CANDIDATE_DONT_RESTRICT_DISCRIMINATOR, true);
+
         return executeAndCloseUnique(query);
     }
 

apiserver/src/main/java/org/dependencytrack/model/Role.java

@@ -0,0 +1,154 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) OWASP Foundation. All Rights Reserved.
+ */
+package org.dependencytrack.model;
+
+import alpine.common.validation.RegexSequence;
+import alpine.model.Permission;
+import alpine.server.json.TrimmedStringDeserializer;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Pattern;
+import jakarta.validation.constraints.Size;
+
+import java.io.Serializable;
+import java.util.Comparator;
+import java.util.LinkedHashSet;
+import java.util.Objects;
+import java.util.Set;
+import java.util.UUID;
+import java.util.function.Function;
+
+import javax.jdo.annotations.Column;
+import javax.jdo.annotations.Element;
+import javax.jdo.annotations.FetchGroup;
+import javax.jdo.annotations.IdGeneratorStrategy;
+import javax.jdo.annotations.Join;
+import javax.jdo.annotations.PersistenceCapable;
+import javax.jdo.annotations.Persistent;
+import javax.jdo.annotations.PrimaryKey;
+import javax.jdo.annotations.Unique;
+
+/**
+ * Model for tracking roles. Roles define static sets of permissions
+ * that can be applied to a user with the scope of a project.
+ *
+ * @author Allen Shearin
+ * @since 5.6.0
+ */
+@PersistenceCapable
+@FetchGroup(name = "ALL", members = {
+        @Persistent(name = "name"),
+        @Persistent(name = "permissions"),
+        @Persistent(name = "uuid"),
+})
+@JsonInclude(JsonInclude.Include.NON_NULL)
+public class Role implements Serializable {
+
+    private static final long serialVersionUID = -427858073810766917L;
+
+    /**
+     * Defines JDO fetch groups for this class.
+     */
+    public enum FetchGroup {
+        ALL
+    }
+
+    @PrimaryKey
+    @Persistent(valueStrategy = IdGeneratorStrategy.NATIVE)
+    @JsonIgnore
+    private long id;
+
+    @Persistent
+    @Unique(name = "ROLE_NAME_IDX", deferred = "true")
+    @Column(name = "NAME", jdbcType = "VARCHAR", allowsNull = "false")
+    @NotBlank
+    @Size(min = 1, max = 255)
+    @JsonDeserialize(using = TrimmedStringDeserializer.class)
+    @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters")
+    private String name;
+
+    @Persistent(table = "ROLES_PERMISSIONS", defaultFetchGroup = "true")
+    @Join(column = "ROLE_ID")
+    @Element(column = "PERMISSION_ID")
+    private Set<Permission> permissions = new LinkedHashSet<>();
+
+    @Persistent(customValueStrategy = "uuid")
+    @Unique(name = "ROLE_UUID_IDX")
+    @Column(name = "UUID", sqlType = "UUID", allowsNull = "false")
+    @NotNull
+    private UUID uuid;
+
+    public long getId() {
+        return id;
+    }
+
+    public void setId(long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public Set<Permission> getPermissions() {
+        return permissions;
+    }
+
+    public void setPermissions(Set<Permission> permissions) {
+        this.permissions = permissions;
+    }
+
+    public boolean addPermissions(Permission... permissions) {
+        this.permissions = Objects.requireNonNullElse(this.permissions, new LinkedHashSet<>());
+
+        return this.permissions.addAll(Set.of(permissions));
+    }
+
+    public UUID getUuid() {
+        return uuid;
+    }
+
+    public void setUuid(UUID uuid) {
+        this.uuid = uuid;
+    }
+
+    @Override
+    public String toString() {
+        var permissionStrings = permissions.stream()
+                .map(Permission::getName)
+                .sorted(Comparator.comparing(Function.identity(), String.CASE_INSENSITIVE_ORDER))
+                .toList();
+
+        return "%s{uuid='%s', name='%s', permissions=%s}".formatted(
+                getClass().getSimpleName(),
+                uuid,
+                name,
+                permissionStrings);
+    }
+
+}

apiserver/src/main/java/org/dependencytrack/model/UserProjectRole.java

@@ -0,0 +1,109 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) OWASP Foundation. All Rights Reserved.
+ */
+package org.dependencytrack.model;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonInclude;
+
+import alpine.model.User;
+
+import java.io.Serializable;
+
+import javax.jdo.annotations.Column;
+import javax.jdo.annotations.IdGeneratorStrategy;
+import javax.jdo.annotations.Index;
+import javax.jdo.annotations.PersistenceCapable;
+import javax.jdo.annotations.Persistent;
+import javax.jdo.annotations.PrimaryKey;
+
+/**
+ * Base class for user-project-role mapping.
+ *
+ * @author Jonathan Howard
+ * @since 5.6.0
+ */
+@PersistenceCapable(table = "USER_PROJECT_ROLES")
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@Index(name = "USER_PROJECT_ROLES_IDX", unique = "true", members = { "user", "project" })
+public class UserProjectRole implements Serializable {
+
+    @PrimaryKey
+    @Persistent(valueStrategy = IdGeneratorStrategy.NATIVE)
+    @JsonIgnore
+    private long id;
+
+    @Persistent(defaultFetchGroup = "true")
+    @Column(name = "USER_ID")
+    private User user;
+
+    @Persistent(defaultFetchGroup = "true")
+    @Column(name = "PROJECT_ID")
+    private Project project;
+
+    @Persistent(defaultFetchGroup = "true")
+    @Column(name = "ROLE_ID")
+    private Role role;
+
+    public UserProjectRole() {}
+
+    public UserProjectRole(final User user, final Project project, final Role role) {
+        this.user = user;
+        this.project = project;
+        this.role = role;
+    }
+
+    public long getId() {
+        return id;
+    }
+
+    public void setId(final long id) {
+        this.id = id;
+    }
+
+    public User getUser() {
+        return user;
+    }
+
+    public void setUser(final User user) {
+        this.user = user;
+    }
+
+    public Project getProject() {
+        return project;
+    }
+
+    public void setProject(final Project project) {
+        this.project = project;
+    }
+
+    public Role getRole() {
+        return role;
+    }
+
+    public void setRole(final Role role) {
+        this.role = role;
+    }
+
+    @Override
+    public String toString() {
+        return "%s{user='%s', project='%s', role='%s'}".formatted(
+                getClass().getSimpleName(), user.getUsername(), project.getName(), role.getName());
+    }
+
+}