From 84432182b11b8435f9f05f09b14f23334f32f1ce Mon Sep 17 00:00:00 2001
From: Hamid Reza Shakibi <lost.gost.1999@gmail.com>
Date: Thu, 12 Oct 2023 17:18:41 +0330
Subject: [PATCH] filter flatten permissions for project and template

---
 constants/permissions/permissions.go        | 15 +++++++++++++++
 constants/permissions/permissions_order.go  | 19 +++++++++++++++++++
 sonarqube/resource_sonarqube_permissions.go | 19 +++++++++++++++----
 3 files changed, 49 insertions(+), 4 deletions(-)
 create mode 100644 constants/permissions/permissions.go
 create mode 100644 constants/permissions/permissions_order.go

diff --git a/constants/permissions/permissions.go b/constants/permissions/permissions.go
new file mode 100644
index 00000000..81249fac
--- /dev/null
+++ b/constants/permissions/permissions.go
@@ -0,0 +1,15 @@
+package permissions
+
+const (
+	Admin                = "admin"
+	Browse               = "user"
+	ProjectCreation      = "provisioning"
+	ApplicationCreation  = "applicationcreator"
+	PortfolioCreation    = "portfoliocreator"
+	QualityGateAdmin     = "gateadmin"
+	QualityProfileAdmin  = "profileadmin"
+	Scan                 = "scan"
+	CodeViewer           = "codeviewer"
+	IssueAdmin           = "issueadmin"
+	SecurityHotspotAdmin = "securityhotspotadmin"
+)
diff --git a/constants/permissions/permissions_order.go b/constants/permissions/permissions_order.go
new file mode 100644
index 00000000..9d9afd9b
--- /dev/null
+++ b/constants/permissions/permissions_order.go
@@ -0,0 +1,19 @@
+package permissions
+
+var PERMISSIONS_ORDER_FOR_PROJECT = []string{
+	Browse,
+	CodeViewer,
+	IssueAdmin,
+	SecurityHotspotAdmin,
+	Admin,
+	Scan,
+}
+
+var PERMISSIONS_ORDER_GLOBAL = []string{
+	Admin,
+	QualityGateAdmin, QualityProfileAdmin,
+	Scan,
+	ProjectCreation,
+	ApplicationCreation,
+	PortfolioCreation,
+}
diff --git a/sonarqube/resource_sonarqube_permissions.go b/sonarqube/resource_sonarqube_permissions.go
index 3e9b3d9b..6963a31a 100644
--- a/sonarqube/resource_sonarqube_permissions.go
+++ b/sonarqube/resource_sonarqube_permissions.go
@@ -5,9 +5,11 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"slices"
 	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	permissionsConst "github.com/jdamata/terraform-provider-sonarqube/constants/permissions"
 	"github.com/satori/uuid"
 )
 
@@ -149,6 +151,7 @@ func resourceSonarqubePermissionsCreate(d *schema.ResourceData, m interface{}) e
 
 func resourceSonarqubePermissionsRead(d *schema.ResourceData, m interface{}) error {
 	sonarQubeURL := m.(*ProviderConfiguration).sonarQubeURL
+	permissionsFilter := permissionsConst.PERMISSIONS_ORDER_FOR_PROJECT
 
 	// build the base query
 	RawQuery := url.Values{
@@ -176,6 +179,9 @@ func resourceSonarqubePermissionsRead(d *schema.ResourceData, m interface{}) err
 			sonarQubeURL.Path = strings.TrimSuffix(sonarQubeURL.Path, "/") + "/api/permissions/template_users"
 			RawQuery.Add("templateName", templateName.(string))
 		} else {
+			if !RawQuery.Has("projectKey") {
+				permissionsFilter = permissionsConst.PERMISSIONS_ORDER_GLOBAL
+			}
 			// direct user permission
 			sonarQubeURL.Path = strings.TrimSuffix(sonarQubeURL.Path, "/") + "/api/permissions/users"
 		}
@@ -205,7 +211,7 @@ func resourceSonarqubePermissionsRead(d *schema.ResourceData, m interface{}) err
 		for _, value := range users.Users {
 			if strings.EqualFold(value.Login, loginName) {
 				d.Set("login_name", value.Login)
-				d.Set("permissions", flattenPermissions(&value.Permissions))
+				d.Set("permissions", flattenPermissions(&value.Permissions, &permissionsFilter))
 				return nil
 			}
 		}
@@ -220,6 +226,9 @@ func resourceSonarqubePermissionsRead(d *schema.ResourceData, m interface{}) err
 			sonarQubeURL.Path = strings.TrimSuffix(sonarQubeURL.Path, "/") + "/api/permissions/template_groups"
 			RawQuery.Add("templateName", templateName.(string))
 		} else {
+			if !RawQuery.Has("projectKey") {
+				permissionsFilter = permissionsConst.PERMISSIONS_ORDER_GLOBAL
+			}
 			// direct group permission
 			sonarQubeURL.Path = strings.TrimSuffix(sonarQubeURL.Path, "/") + "/api/permissions/groups"
 		}
@@ -249,7 +258,7 @@ func resourceSonarqubePermissionsRead(d *schema.ResourceData, m interface{}) err
 		for _, value := range groups.Groups {
 			if strings.EqualFold(value.Name, groupName) {
 				d.Set("group_name", value.Name)
-				d.Set("permissions", flattenPermissions(&value.Permissions))
+				d.Set("permissions", flattenPermissions(&value.Permissions, &permissionsFilter))
 				return nil
 			}
 		}
@@ -339,14 +348,16 @@ func expandPermissions(d *schema.ResourceData) []string {
 	return expandedPermissions
 }
 
-func flattenPermissions(input *[]string) []interface{} {
+func flattenPermissions(input *[]string, filter *[]string) []interface{} {
 	flatPermissions := make([]interface{}, 0)
 	if input == nil {
 		return flatPermissions
 	}
 
 	for _, permission := range *input {
-		flatPermissions = append(flatPermissions, permission)
+		if len(*filter) == 0 || slices.Contains(*filter, permission) {
+			flatPermissions = append(flatPermissions, permission)
+		}
 	}
 
 	return flatPermissions