SONAR-8260 fix conflict between project and org parameters

author Simon Brandhof <simon.brandhof@sonarsource.com>

Wed, 2 Nov 2016 16:01:24 +0000 (17:01 +0100)

committer Simon Brandhof <simon.brandhof@sonarsource.com>

Thu, 3 Nov 2016 12:57:46 +0000 (13:57 +0100)
author Simon Brandhof <simon.brandhof@sonarsource.com>
Wed, 2 Nov 2016 16:01:24 +0000 (17:01 +0100)
committer Simon Brandhof <simon.brandhof@sonarsource.com>
Thu, 3 Nov 2016 12:57:46 +0000 (13:57 +0100)
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java

index 08325de06da0bf7c37d49666198802a7cdbbdfac..42ab1e18073653f37dcbbcbc2502de76dc52c3a8 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java
@@ -33,6 +33,7 @@ import org.sonar.server.permission.UserId;
  import org.sonar.server.permission.UserPermissionChange;
  import org.sonar.server.user.UserSession;
  
+import static com.google.common.base.Preconditions.checkArgument;
  import static java.util.Arrays.asList;
  import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
  import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter;
@@ -80,7 +81,9 @@ public class AddUserAction implements PermissionsWsAction {
      try (DbSession dbSession = dbClient.openSession(false)) {
        UserId user = support.findUser(dbSession, request.mandatoryParam(PARAM_USER_LOGIN));
        Optional<ProjectId> projectId = support.findProject(dbSession, request);
-      OrganizationDto org = support.findOrganization(dbSession, request.param(PARAM_ORGANIZATION_KEY));
+      String organizationKey = request.param(PARAM_ORGANIZATION_KEY);
+      checkArgument(!projectId.isPresent() || organizationKey == null, "Organization must not be set when project is set.");
+      OrganizationDto org = support.findOrganization(dbSession, organizationKey);
  
        checkProjectAdmin(userSession, org.getUuid(), projectId);
  
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java

index 4a135b3b6f96218d5694ec277c8e9aa95c4c8698..ead2f1cf17d6b57d93efb2f8ed86512ada49924d 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
@@ -318,6 +318,22 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
      db.rootFlag().verify(rootByGroupPermissionUser, true);
    }
  
+  @Test
+  public void organization_parameter_must_not_be_set_on_project_permissions() {
+    ComponentDto project = db.components().insertProject();
+    loginAsAdminOnDefaultOrganization();
+
+    expectedException.expect(IllegalArgumentException.class);
+    expectedException.expectMessage("Organization must not be set when project is set.");
+
+    newRequest()
+      .setParam(PARAM_USER_LOGIN, user.getLogin())
+      .setParam(PARAM_PROJECT_KEY, project.getKey())
+      .setParam(PARAM_ORGANIZATION_KEY, "an_org")
+      .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+      .execute();
+  }
+
    private void executeRequest(UserDto userDto, String permission) throws Exception {
      executeRequest(userDto, permission, null);
    }
author	Simon Brandhof <simon.brandhof@sonarsource.com>
	Wed, 2 Nov 2016 16:01:24 +0000 (17:01 +0100)
committer	Simon Brandhof <simon.brandhof@sonarsource.com>
	Thu, 3 Nov 2016 12:57:46 +0000 (13:57 +0100)
server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java		patch \| blob \| history
server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java		patch \| blob \| history