SONAR-10356 restrict api/projects/search_my_projects to 1000 projects

diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchMyProjectsAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchMyProjectsAction.java
index a3e07082fc2215e6f6f5f842ee967ce8c6e00a4f..515c07cf690a57794f911a850ed383fe642c6242 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchMyProjectsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchMyProjectsAction.java
@@ -56,7 +56,7 @@ public class SearchMyProjectsAction implements ProjectsWsAction {
   @Override
   public void define(WebService.NewController context) {
     WebService.NewAction action = context.createAction("search_my_projects")
-      .setDescription("Return list of projects for which the current user has 'Administer' permission.")
+      .setDescription("Return list of projects for which the current user has 'Administer' permission. Maximum 1'000 projects are returned.")
       .setResponseExample(getClass().getResource("search_my_projects-example.json"))
       .addPagingParams(100, MAX_SIZE)
       .setSince("6.0")

diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchMyProjectsDataLoader.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchMyProjectsDataLoader.java
index be0e6630dda8d1df983306f617f4ea296b265af9..e602b8d401b65d8ca563aeef4645187d0d4076a0 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchMyProjectsDataLoader.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/SearchMyProjectsDataLoader.java
@@ -26,6 +26,7 @@ import java.util.List;
 import org.sonar.api.measures.CoreMetrics;
 import org.sonar.api.resources.Qualifiers;
 import org.sonar.api.web.UserRole;
+import org.sonar.db.DatabaseUtils;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.component.ComponentDto;
@@ -81,7 +82,7 @@ public class SearchMyProjectsDataLoader {
     List<Long> componentIds = dbClient.roleDao().selectComponentIdsByPermissionAndUserId(dbSession, UserRole.ADMIN, userId);
     ComponentQuery dbQuery = ComponentQuery.builder()
       .setQualifiers(Qualifiers.PROJECT)
-      .setComponentIds(ImmutableSet.copyOf(componentIds))
+      .setComponentIds(ImmutableSet.copyOf(componentIds.subList(0, Math.min(componentIds.size(), DatabaseUtils.PARTITION_SIZE_FOR_ORACLE))))
       .build();
 
     return new ProjectsResult(

diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchMyProjectsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchMyProjectsActionTest.java
index 8c4df109c8d53382e216616fd0dcd02641144655..e676fc6c06d87fa967fee0589e5512c8940f10d4 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchMyProjectsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchMyProjectsActionTest.java
@@ -19,6 +19,7 @@
  */
 package org.sonar.server.project.ws;
 
+import java.util.stream.IntStream;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -116,12 +117,25 @@ public class SearchMyProjectsActionTest {
     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, jdk7);
     db.users().insertProjectPermissionOnUser(anotherUser, UserRole.ADMIN, cLang);
 
-    SearchMyProjectsWsResponse result = call_ws();
+    SearchMyProjectsWsResponse result = callWs();
 
     assertThat(result.getProjectsCount()).isEqualTo(1);
     assertThat(result.getProjects(0).getId()).isEqualTo(jdk7.uuid());
   }
 
+  @Test
+  public void return_only_first_1000_projects() {
+    OrganizationDto organization = db.organizations().insert();
+    IntStream.range(0, 1_010).forEach(i -> {
+      ComponentDto project = db.components().insertComponent(newPrivateProjectDto(organization));
+      db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project);
+    });
+
+    SearchMyProjectsWsResponse result = callWs();
+
+    assertThat(result.getPaging().getTotal()).isEqualTo(1_000);
+  }
+
   @Test
   public void sort_projects_by_name() {
     OrganizationDto organizationDto = db.organizations().insert();
@@ -133,7 +147,7 @@ public class SearchMyProjectsActionTest {
     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, a_project);
     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, c_project);
 
-    SearchMyProjectsWsResponse result = call_ws();
+    SearchMyProjectsWsResponse result = callWs();
 
     assertThat(result.getProjectsCount()).isEqualTo(3);
     assertThat(result.getProjectsList()).extracting(Project::getId)
@@ -166,7 +180,7 @@ public class SearchMyProjectsActionTest {
     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, jdk7);
     db.users().insertProjectPermissionOnUser(user, UserRole.ISSUE_ADMIN, clang);
 
-    SearchMyProjectsWsResponse result = call_ws();
+    SearchMyProjectsWsResponse result = callWs();
 
     assertThat(result.getProjectsCount()).isEqualTo(1);
     assertThat(result.getProjects(0).getId()).isEqualTo(jdk7.uuid());
@@ -181,7 +195,7 @@ public class SearchMyProjectsActionTest {
     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, jdk7);
     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, view);
 
-    SearchMyProjectsWsResponse result = call_ws();
+    SearchMyProjectsWsResponse result = callWs();
 
     assertThat(result.getProjectsCount()).isEqualTo(1);
     assertThat(result.getProjects(0).getId()).isEqualTo(jdk7.uuid());
@@ -193,7 +207,7 @@ public class SearchMyProjectsActionTest {
     ComponentDto branch = db.components().insertProjectBranch(project);
     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project);
 
-    SearchMyProjectsWsResponse result = call_ws();
+    SearchMyProjectsWsResponse result = callWs();
 
     assertThat(result.getProjectsList())
       .extracting(Project::getKey)
@@ -212,7 +226,7 @@ public class SearchMyProjectsActionTest {
     db.users().insertProjectPermissionOnGroup(group, UserRole.ADMIN, jdk7);
     db.users().insertProjectPermissionOnGroup(group, UserRole.USER, cLang);
 
-    SearchMyProjectsWsResponse result = call_ws();
+    SearchMyProjectsWsResponse result = callWs();
 
     assertThat(result.getProjectsCount()).isEqualTo(1);
     assertThat(result.getProjects(0).getId()).isEqualTo(jdk7.uuid());
@@ -234,7 +248,7 @@ public class SearchMyProjectsActionTest {
     db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, sonarqube);
     db.users().insertProjectPermissionOnGroup(group, UserRole.ADMIN, sonarqube);
 
-    SearchMyProjectsWsResponse result = call_ws();
+    SearchMyProjectsWsResponse result = callWs();
 
     assertThat(result.getProjectsCount()).isEqualTo(3);
     assertThat(result.getProjectsList()).extracting(Project::getId).containsOnly(jdk7.uuid(), cLang.uuid(), sonarqube.uuid());
@@ -251,7 +265,7 @@ public class SearchMyProjectsActionTest {
     userSession.anonymous();
     expectedException.expect(UnauthorizedException.class);
 
-    call_ws();
+    callWs();
   }
 
   private ComponentDto insertClang(OrganizationDto organizationDto) {
@@ -273,7 +287,7 @@ public class SearchMyProjectsActionTest {
       .setDbKey("Java"));
   }
 
-  private SearchMyProjectsWsResponse call_ws() {
+  private SearchMyProjectsWsResponse callWs() {
     return ws.newRequest()
       .executeProtobuf(SearchMyProjectsWsResponse.class);
   }