SONAR-10088 Prevent updating built-in quality gate in rename ws

diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/QGateWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/QGateWsSupport.java
index 854e9e0939d8dead1290848c99d0361e6f3d05e5..f15b1fbc5599610543c5ce993faa9fa465d58bb5 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/QGateWsSupport.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/QGateWsSupport.java
@@ -31,6 +31,7 @@ import org.sonar.server.organization.DefaultOrganizationProvider;
 import org.sonar.server.user.UserSession;
 import org.sonarqube.ws.Qualitygates;
 
+import static com.google.common.base.Preconditions.checkArgument;
 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
 import static org.sonar.server.qualitygate.QualityGates.SONAR_QUALITYGATE_PROPERTY;
 
@@ -82,8 +83,13 @@ public class QGateWsSupport {
     return Long.valueOf(defaultQgate.getValue());
   }
 
-  void checkCanEdit() {
+  void checkCanEdit(QualityGateDto qualityGate) {
+    checkNotBuiltInt(qualityGate);
     userSession.checkPermission(ADMINISTER_QUALITY_GATES, defaultOrganizationProvider.get().getUuid());
   }
 
+  private static void checkNotBuiltInt(QualityGateDto qualityGate) {
+    checkArgument(!qualityGate.isBuiltIn(), "Operation forbidden for built-in Quality Gate '%s'", qualityGate.getName());
+  }
+
 }

diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/RenameAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/RenameAction.java
index c438e00e7fdefa145ba30d48392890c50117748d..e65a5ee037e472e7e460fcc4bfce5b2b02aa28c0 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/RenameAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualitygate/ws/RenameAction.java
@@ -71,7 +71,6 @@ public class RenameAction implements QualityGatesWsAction {
 
   @Override
   public void handle(Request request, Response response) {
-    wsSupport.checkCanEdit();
     long id = QualityGatesWs.parseId(request, PARAM_ID);
     QualityGateDto qualityGate = rename(id, request.mandatoryParam(PARAM_NAME));
     writeProtobuf(QualityGate.newBuilder()
@@ -83,6 +82,7 @@ public class RenameAction implements QualityGatesWsAction {
   private QualityGateDto rename(long id, String name) {
     try (DbSession dbSession = dbClient.openSession(false)) {
       QualityGateDto qualityGate = qualityGateFinder.getById(dbSession, id);
+      wsSupport.checkCanEdit(qualityGate);
       checkArgument(!isNullOrEmpty(name), CANT_BE_EMPTY_MESSAGE, "Name");
       checkNotAlreadyExists(dbSession, qualityGate, name);
       qualityGate.setName(name);

diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/RenameActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/RenameActionTest.java
index 546ddfc86c87975bee83441ad39e2fbbe3fe8dc3..6f561a91c790a0d92b9945486e4e00b453e73119 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/RenameActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/RenameActionTest.java
@@ -107,6 +107,20 @@ public class RenameActionTest {
     assertThat(db.getDbClient().qualityGateDao().selectById(db.getSession(), qualityGate.getId()).getName()).isEqualTo("name");
   }
 
+  @Test
+  public void fail_on_built_in_quality_gate() {
+    logAsQualityGateAdminister();
+    QualityGateDto qualityGate = db.qualityGates().insertQualityGate(qg -> qg.setBuiltIn(true));
+
+    expectedException.expect(IllegalArgumentException.class);
+    expectedException.expectMessage(format("Operation forbidden for built-in Quality Gate '%s'", qualityGate.getName()));
+
+    ws.newRequest()
+      .setParam("id", qualityGate.getId().toString())
+      .setParam("name", "name")
+      .execute();
+  }
+
   @Test
   public void fail_on_empty_name() {
     logAsQualityGateAdminister();