Introduce isLatest project flag

Co-Authored-By: rkg-mm <[email protected]>

src/main/java/org/dependencytrack/model/Policy.java

@@ -142,6 +142,10 @@ public enum ViolationState {
     @Column(name = "INCLUDE_CHILDREN", allowsNull = "true") // New column, must allow nulls on existing data bases)
     private boolean includeChildren;
 
+    @Persistent
+    @Column(name = "ONLY_LATEST_PROJECT_VERSION", defaultValue = "false")
+    private boolean onlyLatestProjectVersion = false;
+
     public long getId() {
         return id;
     }
@@ -224,4 +228,12 @@ public boolean isIncludeChildren() {
     public void setIncludeChildren(boolean includeChildren) {
         this.includeChildren = includeChildren;
     }
+
+    public boolean isOnlyLatestProjectVersion() {
+        return onlyLatestProjectVersion;
+    }
+
+    public void setOnlyLatestProjectVersion(boolean onlyLatestProjectVersion) {
+        this.onlyLatestProjectVersion = onlyLatestProjectVersion;
+    }
 }

src/main/java/org/dependencytrack/model/Project.java

@@ -24,6 +24,7 @@
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonIncludeProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonView;
 import com.fasterxml.jackson.core.JsonGenerator;
 import com.fasterxml.jackson.databind.JsonSerializer;
@@ -94,7 +95,8 @@
                 @Persistent(name = "properties"),
                 @Persistent(name = "tags"),
                 @Persistent(name = "accessTeams"),
-                @Persistent(name = "metadata")
+                @Persistent(name = "metadata"),
+                @Persistent(name = "isLatest")
         }),
         @FetchGroup(name = "METADATA", members = {
                 @Persistent(name = "metadata")
@@ -309,6 +311,11 @@ public enum FetchGroup {
     @Schema(accessMode = Schema.AccessMode.READ_ONLY)
     private ProjectMetadata metadata;
 
+    @Persistent
+    @Index(name = "PROJECT_IS_LATEST_IDX")
+    @Column(name = "IS_LATEST", defaultValue = "false")
+    private boolean isLatest = false;
+
     private transient String bomRef;
 
     private transient ProjectMetrics metrics;
@@ -589,6 +596,15 @@ public String setAuthor(String author){
         return this.author=author;
     }
 
+    @JsonProperty("isLatest")
+    public boolean isLatest() {
+        return isLatest;
+    }
+
+    public void setIsLatest(Boolean latest) {
+        isLatest = latest != null ? latest : false;
+    }
+
     @Override
     public String toString() {
         if (getPurl() != null) {

src/main/java/org/dependencytrack/persistence/PolicyQueryManager.java

@@ -176,11 +176,13 @@ public Policy getPolicy(final String name) {
      * @param violationState the violation state
      * @return the created Policy
      */
-    public Policy createPolicy(String name, Policy.Operator operator, Policy.ViolationState violationState) {
+    public Policy createPolicy(String name, Policy.Operator operator, Policy.ViolationState violationState,
+                               boolean onlyLatestProjectVersion) {
         final Policy policy = new Policy();
         policy.setName(name);
         policy.setOperator(operator);
         policy.setViolationState(violationState);
+        policy.setOnlyLatestProjectVersion(onlyLatestProjectVersion);
         return persist(policy);
     }
 

src/main/java/org/dependencytrack/persistence/ProjectQueryFilterBuilder.java

@@ -121,6 +121,11 @@ ProjectQueryFilterBuilder withParent(UUID uuid){
         return this;
     }
 
+    public ProjectQueryFilterBuilder onlyLatestVersion() {
+        filterCriteria.add("(isLatest == true)");
+        return this;
+    }
+
     String buildFilter() {
         return String.join(" && ", this.filterCriteria);
     }

src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java

@@ -68,6 +68,7 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
+import java.util.concurrent.atomic.AtomicReference;
 
 final class ProjectQueryManager extends QueryManager implements IQueryManager {
 
@@ -272,6 +273,37 @@ public Project getProject(final String name, final String version) {
         return project;
     }
 
+    /**
+     * Returns the latest version of a project by its name.
+     *
+     * @param name the name of the Project (required)
+     * @return a Project object representing the latest version, or null if not found
+     */
+    @Override
+    public Project getLatestProjectVersion(final String name) {
+        final Query<Project> query = pm.newQuery(Project.class);
+
+        final var filterBuilder = new ProjectQueryFilterBuilder()
+                .withName(name)
+                .onlyLatestVersion();
+
+        final String queryFilter = filterBuilder.buildFilter();
+        final Map<String, Object> params = filterBuilder.getParams();
+
+        preprocessACLs(query, queryFilter, params, false);
+        query.setFilter(queryFilter);
+        query.setRange(0, 1);
+
+        final Project project = singleResult(query.executeWithMap(params));
+        if (project != null) {
+            // set Metrics to prevent extra round trip
+            project.setMetrics(getMostRecentProjectMetrics(project));
+            // set ProjectVersions to prevent extra round trip
+            project.setVersions(getProjectVersions(project));
+        }
+        return project;
+    }
+
     /**
      * Returns a list of projects that are accessible by the specified team.
      *
@@ -393,6 +425,11 @@ public PaginatedResult getProjects(final Tag tag) {
         return getProjects(tag, false, false, false);
     }
 
+    @Override
+    public Project createProject(String name, String description, String version, List<Tag> tags, Project parent,
+                                 PackageURL purl, boolean active, boolean commitIndex) {
+        return createProject(name, description, version, tags, parent, purl, active, false, commitIndex);
+    }
 
     /**
      * Creates a new Project.
@@ -405,35 +442,21 @@ public PaginatedResult getProjects(final Tag tag) {
      * @param purl        an optional Package URL
      * @param active      specified if the project is active
      * @param commitIndex specifies if the search index should be committed (an expensive operation)
+     * @param isLatest    specified if the project version is latest
      * @return the created Project
      */
     @Override
-    public Project createProject(String name, String description, String version, List<Tag> tags, Project parent, PackageURL purl, boolean active, boolean commitIndex) {
+    public Project createProject(String name, String description, String version, List<Tag> tags, Project parent,
+                                 PackageURL purl, boolean active, boolean isLatest, boolean commitIndex) {
         final Project project = new Project();
         project.setName(name);
         project.setDescription(description);
         project.setVersion(version);
-        if (parent != null) {
-            if (!Boolean.TRUE.equals(parent.isActive())) {
-                throw new IllegalArgumentException("An inactive Parent cannot be selected as parent");
-            }
-            project.setParent(parent);
-        }
+        project.setParent(parent);
         project.setPurl(purl);
         project.setActive(active);
-        final Project result = persist(project);
-
-        final List<Tag> resolvedTags = resolveTags(tags);
-        bind(project, resolvedTags);
-
-        new KafkaEventDispatcher().dispatchNotification(new Notification()
-                .scope(NotificationScope.PORTFOLIO)
-                .group(NotificationGroup.PROJECT_CREATED)
-                .level(NotificationLevel.INFORMATIONAL)
-                .title(NotificationConstants.Title.PROJECT_CREATED)
-                .content(result.getName() + " was created")
-                .subject(pm.detachCopy(result)));
-        return result;
+        project.setIsLatest(isLatest);
+        return createProject(project, tags, commitIndex);
     }
 
     /**
@@ -449,10 +472,18 @@ public Project createProject(final Project project, List<Tag> tags, boolean comm
         if (project.getParent() != null && !Boolean.TRUE.equals(project.getParent().isActive())) {
             throw new IllegalArgumentException("An inactive Parent cannot be selected as parent");
         }
-        final Project result = persist(project);
-        final List<Tag> resolvedTags = resolveTags(tags);
-        bind(project, resolvedTags);
-
+        final Project oldLatestProject = project.isLatest() ? getLatestProjectVersion(project.getName()) : null;
+        final Project result = callInTransaction(() -> {
+            // Remove isLatest flag from current latest project version, if the new project will be the latest
+            if(oldLatestProject != null) {
+                oldLatestProject.setIsLatest(false);
+                persist(oldLatestProject);
+            }
+            final Project newProject = persist(project);
+            final List<Tag> resolvedTags = resolveTags(tags);
+            bind(project, resolvedTags);
+            return newProject;
+        });
         new KafkaEventDispatcher().dispatchNotification(new Notification()
                 .scope(NotificationScope.PORTFOLIO)
                 .group(NotificationGroup.PROJECT_CREATED)
@@ -492,6 +523,14 @@ public Project updateProject(Project transientProject, boolean commitIndex) {
         }
         project.setActive(transientProject.isActive());
 
+        final Project oldLatestProject;
+        if(Boolean.TRUE.equals(transientProject.isLatest()) && Boolean.FALSE.equals(project.isLatest())) {
+            oldLatestProject = getLatestProjectVersion(project.getName());
+        } else {
+            oldLatestProject = null;
+        }
+        project.setIsLatest(transientProject.isLatest());
+
         if (transientProject.getParent() != null && transientProject.getParent().getUuid() != null) {
             if (project.getUuid().equals(transientProject.getParent().getUuid())) {
                 throw new IllegalArgumentException("A project cannot select itself as a parent");
@@ -509,10 +548,17 @@ public Project updateProject(Project transientProject, boolean commitIndex) {
             project.setParent(null);
         }
 
-        final List<Tag> resolvedTags = resolveTags(transientProject.getTags());
-        bind(project, resolvedTags);
+        final Project result = callInTransaction(() -> {
+            // Remove isLatest flag from current latest project version, if this project will be the latest now
+            if(oldLatestProject != null) {
+                oldLatestProject.setIsLatest(false);
+                persist(oldLatestProject);
+            }
 
-        final Project result = persist(project);
+            final List<Tag> resolvedTags = resolveTags(transientProject.getTags());
+            bind(project, resolvedTags);
+            return persist(project);
+        });
         return result;
     }
 
@@ -526,10 +572,11 @@ public Project clone(
             final boolean includeServices,
             final boolean includeAuditHistory,
             final boolean includeACL,
-            final boolean includePolicyViolations
+            final boolean includePolicyViolations,
+            final boolean makeCloneLatest
     ) {
+        final AtomicReference<Project> oldLatestProject = new AtomicReference<>();
         final var jsonMapper = new JsonMapper();
-
         return callInTransaction(() -> {
             final Project source = getObjectByUuid(Project.class, from, Project.FetchGroup.ALL.name());
             if (source == null) {
@@ -543,6 +590,11 @@ public Project clone(
                         Project was supposed to be cloned to version %s, \
                         but that version already exists""".formatted(newVersion));
             }
+            if(makeCloneLatest) {
+                oldLatestProject.set(source.isLatest() ? source : getLatestProjectVersion(source.getName()));
+            } else {
+                oldLatestProject.set(null);
+            }
             Project project = new Project();
             project.setAuthors(source.getAuthors());
             project.setManufacturer(source.getManufacturer());
@@ -554,13 +606,19 @@ public Project clone(
             project.setVersion(newVersion);
             project.setClassifier(source.getClassifier());
             project.setActive(source.isActive());
+            project.setIsLatest(makeCloneLatest);
             project.setCpe(source.getCpe());
             project.setPurl(source.getPurl());
             project.setSwidTagId(source.getSwidTagId());
             if (source.getDirectDependencies() != null && includeComponents && includeServices) {
                 project.setDirectDependencies(source.getDirectDependencies());
             }
             project.setParent(source.getParent());
+            // Remove isLatest flag from current latest project version, if this project will be the latest now
+            if(oldLatestProject.get() != null) {
+                oldLatestProject.get().setIsLatest(false);
+                persist(oldLatestProject.get());
+            }
             project = persist(project);
 
             if (source.getMetadata() != null) {

src/main/java/org/dependencytrack/persistence/QueryManager.java

@@ -557,6 +557,10 @@ public PaginatedResult getProjects(final Team team, final boolean excludeInactiv
         return getProjectQueryManager().getProjects(team, excludeInactive, bypass, onlyRoot);
     }
 
+    public Project getLatestProjectVersion(final String name) {
+        return getProjectQueryManager().getLatestProjectVersion(name);
+    }
+
     public PaginatedResult getProjectsWithoutDescendantsOf(final boolean excludeInactive, final Project project) {
         return getProjectQueryManager().getProjectsWithoutDescendantsOf(excludeInactive, project);
     }
@@ -625,6 +629,11 @@ public Project createProject(final Project project, List<Tag> tags, boolean comm
         return getProjectQueryManager().createProject(project, tags, commitIndex);
     }
 
+    public Project createProject(String name, String description, String version, List<Tag> tags, Project parent,
+                                 PackageURL purl, boolean active, boolean isLatest, boolean commitIndex) {
+        return getProjectQueryManager().createProject(name, description, version, tags, parent, purl, active, isLatest, commitIndex);
+    }
+
     public Project updateProject(Project transientProject, boolean commitIndex) {
         return getProjectQueryManager().updateProject(transientProject, commitIndex);
     }
@@ -635,9 +644,9 @@ public boolean updateNewProjectACL(Project transientProject, Principal principal
 
     public Project clone(UUID from, String newVersion, boolean includeTags, boolean includeProperties,
                          boolean includeComponents, boolean includeServices, boolean includeAuditHistory,
-                         boolean includeACL, boolean includePolicyViolations) {
+                         boolean includeACL, boolean includePolicyViolations, boolean makeCloneLatest) {
         return getProjectQueryManager().clone(from, newVersion, includeTags, includeProperties,
-                includeComponents, includeServices, includeAuditHistory, includeACL, includePolicyViolations);
+                includeComponents, includeServices, includeAuditHistory, includeACL, includePolicyViolations, makeCloneLatest);
     }
 
     public Project updateLastBomImport(Project p, Date date, String bomFormat) {
@@ -792,7 +801,11 @@ public Policy getPolicy(final String name) {
     }
 
     public Policy createPolicy(String name, Policy.Operator operator, Policy.ViolationState violationState) {
-        return getPolicyQueryManager().createPolicy(name, operator, violationState);
+        return this.createPolicy(name, operator, violationState, false);
+    }
+
+    public Policy createPolicy(String name, Policy.Operator operator, Policy.ViolationState violationState, boolean onlyLatestProjectVersion) {
+        return getPolicyQueryManager().createPolicy(name, operator, violationState, onlyLatestProjectVersion);
     }
 
     public void removeProjectFromPolicies(final Project project) {