SONAR-7874 api/user_groups/search requires now to be logged

diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java
index 1519c60cf7c921dcc49c3a8a47d3d7d6ab2a5dc7..8c2df2adf867af6fcec41e558eccdc2e0a3ba820 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java
@@ -38,6 +38,7 @@ import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.user.GroupDto;
 import org.sonar.server.es.SearchOptions;
+import org.sonar.server.user.UserSession;
 
 import static org.sonar.server.es.SearchOptions.MAX_LIMIT;
 
@@ -49,16 +50,19 @@ public class SearchAction implements UserGroupsWsAction {
   private static final String FIELD_MEMBERS_COUNT = "membersCount";
   private static final List<String> ALL_FIELDS = Arrays.asList(FIELD_NAME, FIELD_DESCRIPTION, FIELD_MEMBERS_COUNT);
 
-  private DbClient dbClient;
+  private final DbClient dbClient;
+  private final UserSession userSession;
 
-  public SearchAction(DbClient dbClient) {
+  public SearchAction(DbClient dbClient, UserSession userSession) {
     this.dbClient = dbClient;
+    this.userSession = userSession;
   }
 
   @Override
   public void define(NewController context) {
     context.createAction("search")
-      .setDescription("Search for user groups")
+      .setDescription("Search for user groups <br>." +
+        "Require to be logged.")
       .setHandler(this)
       .setResponseExample(getClass().getResource("example-search.json"))
       .setSince("5.2")
@@ -69,6 +73,7 @@ public class SearchAction implements UserGroupsWsAction {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
+    userSession.checkLoggedIn();
     int page = request.mandatoryParamAsInt(Param.PAGE);
     int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE);
     SearchOptions options = new SearchOptions()

diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java
index 605db91747dea4e70bd44d6a3e3f9d92d532bbee..b8c65d582db6560a3ab90b00c4c392a564c61856 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java
@@ -23,15 +23,17 @@ import org.apache.commons.lang.StringUtils;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.sonar.api.server.ws.WebService.Param;
 import org.sonar.api.utils.System2;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.user.GroupDao;
-import org.sonar.db.user.GroupMembershipDao;
 import org.sonar.db.user.UserGroupDao;
 import org.sonar.db.user.UserGroupDto;
+import org.sonar.server.exceptions.UnauthorizedException;
+import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsTester;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -42,10 +44,16 @@ public class SearchActionTest {
 
   @Rule
   public DbTester db = DbTester.create(System2.INSTANCE);
+
+  @Rule
+  public UserSessionRule userSession = UserSessionRule.standalone();
+
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
+
   private WsTester ws;
 
   private GroupDao groupDao;
-  private GroupMembershipDao groupMembershipDao;
   private UserGroupDao userGroupDao;
   private DbSession dbSession;
 
@@ -53,21 +61,22 @@ public class SearchActionTest {
   public void setUp() {
     DbClient dbClient = db.getDbClient();
     groupDao = dbClient.groupDao();
-    groupMembershipDao = dbClient.groupMembershipDao();
     userGroupDao = dbClient.userGroupDao();
 
-    ws = new WsTester(new UserGroupsWs(new SearchAction(dbClient)));
+    ws = new WsTester(new UserGroupsWs(new SearchAction(dbClient, userSession)));
 
     dbSession = dbClient.openSession(false);
   }
 
   @Test
   public void search_empty() throws Exception {
+    loginAsSimpleUser();
     newRequest().execute().assertJson(getClass(), "empty.json");
   }
 
   @Test
   public void search_without_parameters() throws Exception {
+    loginAsSimpleUser();
     insertGroups("users", "admins", "customer1", "customer2", "customer3");
     dbSession.commit();
 
@@ -76,6 +85,7 @@ public class SearchActionTest {
 
   @Test
   public void search_with_members() throws Exception {
+    loginAsSimpleUser();
     insertGroups("users", "admins", "customer1", "customer2", "customer3");
     insertMembers("users", 5);
     insertMembers("admins", 1);
@@ -87,6 +97,7 @@ public class SearchActionTest {
 
   @Test
   public void search_with_query() throws Exception {
+    loginAsSimpleUser();
     insertGroups("users", "admins", "customer%_%/1", "customer%_%/2", "customer%_%/3");
     dbSession.commit();
 
@@ -95,6 +106,7 @@ public class SearchActionTest {
 
   @Test
   public void search_with_paging() throws Exception {
+    loginAsSimpleUser();
     insertGroups("users", "admins", "customer1", "customer2", "customer3");
     dbSession.commit();
 
@@ -108,6 +120,7 @@ public class SearchActionTest {
 
   @Test
   public void search_with_fields() throws Exception {
+    loginAsSimpleUser();
     insertGroups("sonar-users");
     dbSession.commit();
 
@@ -142,6 +155,14 @@ public class SearchActionTest {
       .contains("membersCount");
   }
 
+  @Test
+  public void fail_when_not_logged() throws Exception {
+    userSession.anonymous();
+
+    expectedException.expect(UnauthorizedException.class);
+    newRequest().execute();
+  }
+
   private WsTester.TestRequest newRequest() {
     return ws.newGetRequest("api/user_groups", "search");
   }
@@ -160,4 +181,9 @@ public class SearchActionTest {
       userGroupDao.insert(dbSession, new UserGroupDto().setGroupId(groupId).setUserId((long) i + 1));
     }
   }
+
+  private void loginAsSimpleUser() {
+    userSession.login("user");
+  }
+
 }

diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java
index ba1a32bacd7c94346cd3e23fee6fb9ee3a45a507..2e8b7a6755e3c39afbe931eae1f8f316647cff49 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java
@@ -32,14 +32,16 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 
 public class UserGroupsWsTest {
+
   @Rule
   public UserSessionRule userSessionRule = UserSessionRule.standalone();
+
   WebService.Controller controller;
 
   @Before
   public void setUp() {
     WsTester tester = new WsTester(new UserGroupsWs(
-      new SearchAction(mock(DbClient.class)),
+      new SearchAction(mock(DbClient.class), mock(UserSession.class)),
       new CreateAction(mock(DbClient.class), mock(UserSession.class), mock(UserGroupUpdater.class))));
     controller = tester.controller("api/user_groups");
   }