import org.sonar.api.server.ws.WebService;
import org.sonar.api.server.ws.WebService.Param;
import org.sonar.api.utils.text.JsonWriter;
+import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.persistence.DbSession;
import org.sonar.server.db.DbClient;
import org.sonar.server.es.SearchOptions;
import org.sonar.server.es.SearchResult;
+import org.sonar.server.user.UserSession;
import org.sonar.server.user.index.UserDoc;
import org.sonar.server.user.index.UserIndex;
private final UserIndex userIndex;
private final DbClient dbClient;
+ private final UserSession userSession;
- public SearchAction(UserIndex userIndex, DbClient dbClient) {
+ public SearchAction(UserIndex userIndex, DbClient dbClient, UserSession userSession) {
this.userIndex = userIndex;
this.dbClient = dbClient;
+ this.userSession = userSession;
}
@Override
public void define(WebService.NewController controller) {
WebService.NewAction action = controller.createAction("search")
- .setDescription("Get a list of active users.")
+ .setDescription("Get a list of active users. Requires Administer System permission.")
.setSince("3.6")
.setHandler(this)
.setResponseExample(getClass().getResource("example-search.json"));
@Override
public void handle(Request request, Response response) throws Exception {
+ userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+
SearchOptions options = new SearchOptions()
.setPage(request.mandatoryParamAsInt(Param.PAGE), request.mandatoryParamAsInt(Param.PAGE_SIZE));
List<String> fields = request.paramAsStrings(Param.FIELDS);
import org.junit.After;
import org.junit.Before;
import org.junit.ClassRule;
+import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.config.Settings;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.System2;
+import org.sonar.core.permission.GlobalPermissions;
import org.sonar.core.persistence.DbSession;
import org.sonar.core.persistence.DbTester;
import org.sonar.core.user.GroupDto;
import org.sonar.core.user.UserGroupDto;
import org.sonar.server.db.DbClient;
import org.sonar.server.es.EsTester;
+import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.user.db.GroupDao;
import org.sonar.server.user.db.UserDao;
import org.sonar.server.user.db.UserGroupDao;
@ClassRule
public static final EsTester esTester = new EsTester().addDefinitions(new UserIndexDefinition(new Settings()));
+ @Rule
+ public UserSessionRule userSession = UserSessionRule.standalone();
+
WebService.Controller controller;
WsTester tester;
session = dbClient.openSession(false);
index = new UserIndex(esTester.client());
- tester = new WsTester(new UsersWs(new SearchAction(index, dbClient)));
+ tester = new WsTester(new UsersWs(new SearchAction(index, dbClient, userSession)));
controller = tester.controller("api/users");
}
@Test
public void search_empty() throws Exception {
+ loginAsAdmin();
tester.newGetRequest("api/users", "search").execute().assertJson(getClass(), "empty.json");
}
public void search_without_parameters() throws Exception {
injectUsers(5);
+ loginAsAdmin();
tester.newGetRequest("api/users", "search").execute().assertJson(getClass(), "five_users.json");
}
public void search_with_query() throws Exception {
injectUsers(5);
+ loginAsAdmin();
tester.newGetRequest("api/users", "search").setParam("q", "user-1").execute().assertJson(getClass(), "user_one.json");
}
public void search_with_paging() throws Exception {
injectUsers(10);
+ loginAsAdmin();
tester.newGetRequest("api/users", "search").setParam("ps", "5").execute().assertJson(getClass(), "page_one.json");
tester.newGetRequest("api/users", "search").setParam("ps", "5").setParam("p", "2").execute().assertJson(getClass(), "page_two.json");
}
public void search_with_fields() throws Exception {
injectUsers(1);
+ loginAsAdmin();
+
assertThat(tester.newGetRequest("api/users", "search").execute().outputAsString())
.contains("login")
.contains("name")
dbClient.userGroupDao().insert(session, new UserGroupDto().setGroupId(group2.getId()).setUserId(users.get(0).getId()));
session.commit();
+ loginAsAdmin();
tester.newGetRequest("api/users", "search").execute().assertJson(getClass(), "user_with_groups.json");
}
+ @Test(expected = ForbiddenException.class)
+ public void fail_on_missing_permission() throws Exception {
+ userSession.login("not-admin");
+ tester.newGetRequest("api/users", "search").execute();
+ }
+
private List<UserDto> injectUsers(int numberOfUsers) throws Exception {
List<UserDto> userDtos = Lists.newArrayList();
long createdAt = System.currentTimeMillis();
esTester.putDocuments(UserIndexDefinition.INDEX, UserIndexDefinition.TYPE_USER, users);
return userDtos;
}
+
+ private void loginAsAdmin() {
+ userSession.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+ }
}
import org.sonar.api.server.ws.WebService;
import org.sonar.server.db.DbClient;
import org.sonar.server.tester.UserSessionRule;
+import org.sonar.server.user.UserSession;
import org.sonar.server.user.UserUpdater;
import org.sonar.server.user.index.UserIndex;
import org.sonar.server.ws.WsTester;
new CurrentAction(userSessionRule),
new DeactivateAction(mock(UserIndex.class), mock(UserUpdater.class), userSessionRule),
new ChangePasswordAction(mock(UserUpdater.class), userSessionRule),
- new SearchAction(mock(UserIndex.class), mock(DbClient.class))));
+ new SearchAction(mock(UserIndex.class), mock(DbClient.class), mock(UserSession.class))));
controller = tester.controller("api/users");
}