--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.hotspot.ws;
+
+import java.util.Objects;
+import org.sonar.api.server.ws.Request;
+import org.sonar.api.server.ws.Response;
+import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbSession;
+import org.sonar.db.issue.IssueChangeDto;
+import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.user.UserSession;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static java.lang.String.format;
+import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01;
+
+public class DeleteCommentAction implements HotspotsWsAction {
+ private static final String PARAM_COMMENT = "comment";
+
+ private final UserSession userSession;
+ private final DbClient dbClient;
+ private final HotspotWsSupport hotspotWsSupport;
+
+ public DeleteCommentAction(DbClient dbClient, HotspotWsSupport hotspotWsSupport, UserSession userSession) {
+ this.dbClient = dbClient;
+ this.hotspotWsSupport = hotspotWsSupport;
+ this.userSession = userSession;
+ }
+
+ @Override
+ public void define(WebService.NewController controller) {
+ WebService.NewAction action = controller
+ .createAction("delete_comment")
+ .setHandler(this)
+ .setPost(true)
+ .setDescription("Delete comment from Security Hotpot.<br/>" +
+ "Requires authentication and the following permission: 'Browse' on the project of the specified Security Hotspot.")
+ .setSince("8.2")
+ .setInternal(true);
+
+ action.createParam(PARAM_COMMENT)
+ .setDescription("Comment key.")
+ .setRequired(true)
+ .setExampleValue(UUID_EXAMPLE_01);
+ }
+
+ @Override
+ public void handle(Request request, Response response) throws Exception {
+ hotspotWsSupport.checkLoggedIn();
+
+ String commentKey = request.mandatoryParam(PARAM_COMMENT);
+
+ try (DbSession dbSession = dbClient.openSession(false)) {
+ IssueChangeDto hotspotComment = getHotspotComment(commentKey, dbSession);
+ validate(dbSession, hotspotComment);
+ deleteComment(dbSession, hotspotComment.getKey());
+ response.noContent();
+ }
+ }
+
+ private IssueChangeDto getHotspotComment(String commentKey, DbSession dbSession) {
+ return dbClient.issueChangeDao().selectCommentByKey(dbSession, commentKey)
+ .orElseThrow(() -> new NotFoundException(format("Comment with key '%s' does not exist", commentKey)));
+ }
+
+ private void validate(DbSession dbSession, IssueChangeDto issueChangeDto) {
+ hotspotWsSupport.loadAndCheckProject(dbSession, issueChangeDto.getIssueKey());
+ checkArgument(Objects.equals(issueChangeDto.getUserUuid(), userSession.getUuid()), "You can only delete your own comments");
+ }
+
+ private void deleteComment(DbSession dbSession, String commentKey) {
+ dbClient.issueChangeDao().delete(dbSession, commentKey);
+ }
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.hotspot.ws;
+
+import java.util.Optional;
+import org.junit.Rule;
+import org.junit.Test;
+import org.sonar.api.server.ws.WebService.Param;
+import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbTester;
+import org.sonar.db.component.ComponentDto;
+import org.sonar.db.issue.IssueChangeDto;
+import org.sonar.db.issue.IssueDto;
+import org.sonar.db.user.UserDto;
+import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.exceptions.UnauthorizedException;
+import org.sonar.server.tester.UserSessionRule;
+import org.sonar.server.ws.TestRequest;
+import org.sonar.server.ws.TestResponse;
+import org.sonar.server.ws.WsActionTester;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.mock;
+
+public class DeleteCommentActionTest {
+
+ @Rule
+ public DbTester dbTester = DbTester.create(System2.INSTANCE);
+
+ @Rule
+ public UserSessionRule userSessionRule = UserSessionRule.standalone();
+
+ private DbClient dbClient = dbTester.getDbClient();
+ private System2 system2 = mock(System2.class);
+ private HotspotWsSupport hotspotWsSupport = new HotspotWsSupport(dbClient, userSessionRule, system2);
+
+ private DeleteCommentAction underTest = new DeleteCommentAction(dbClient, hotspotWsSupport, userSessionRule);
+ private WsActionTester actionTester = new WsActionTester(underTest);
+
+ @Test
+ public void verify_ws_def() {
+ assertThat(actionTester.getDef().isInternal()).isTrue();
+ assertThat(actionTester.getDef().isPost()).isTrue();
+
+ Param commentKeyParam = actionTester.getDef().param("comment");
+ assertThat(commentKeyParam).isNotNull();
+ assertThat(commentKeyParam.isRequired()).isTrue();
+ }
+
+ @Test
+ public void delete_comment_from_hotspot_private_project() {
+ UserDto userDeletingOwnComment = dbTester.users().insertUser();
+
+ ComponentDto project = dbTester.components().insertPrivateProject();
+
+ IssueDto hotspot = dbTester.issues().insertHotspot(h -> h.setProject(project));
+ IssueChangeDto comment = dbTester.issues().insertComment(hotspot, userDeletingOwnComment, "Some comment");
+
+ userSessionRule.logIn(userDeletingOwnComment);
+ userSessionRule.addProjectPermission(UserRole.USER, project);
+
+ TestRequest request = newRequest(comment.getKey());
+
+ TestResponse response = request.execute();
+ assertThat(response.getStatus()).isEqualTo(204);
+ assertThat(getHotspotCommentByKey(comment.getKey()))
+ .isEmpty();
+ }
+
+ @Test
+ public void delete_comment_from_hotspot_public_project() {
+ UserDto userAddingComment = dbTester.users().insertUser();
+
+ ComponentDto project = dbTester.components().insertPublicProject();
+
+ IssueDto hotspot = dbTester.issues().insertHotspot(h -> h.setProject(project));
+ IssueChangeDto comment = dbTester.issues().insertComment(hotspot, userAddingComment, "Some comment");
+
+ assertThat(getHotspotCommentByKey(comment.getKey()))
+ .isNotEmpty();
+
+ userSessionRule.logIn(userAddingComment);
+ userSessionRule.registerComponents(project);
+
+ TestRequest request = newRequest(comment.getKey());
+
+ TestResponse response = request.execute();
+ assertThat(response.getStatus()).isEqualTo(204);
+ assertThat(getHotspotCommentByKey(comment.getKey()))
+ .isEmpty();
+ }
+
+ @Test
+ public void fails_with_UnauthorizedException_if_user_is_anonymous() {
+ userSessionRule.anonymous();
+
+ TestRequest request = actionTester.newRequest();
+
+ assertThatThrownBy(request::execute)
+ .isInstanceOf(UnauthorizedException.class)
+ .hasMessage("Authentication is required");
+ }
+
+ @Test
+ public void fails_if_comment_with_provided_key_does_not_exist() {
+ userSessionRule.logIn();
+
+ TestRequest request = newRequest("not-existing-comment-key");
+
+ assertThatThrownBy(request::execute)
+ .isInstanceOf(NotFoundException.class)
+ .hasMessage("Comment with key 'not-existing-comment-key' does not exist");
+ }
+
+ @Test
+ public void fails_if_trying_to_delete_comment_of_another_user_in_private_project() {
+ UserDto userTryingToDelete = dbTester.users().insertUser();
+ UserDto userWithHotspotComment = dbTester.users().insertUser();
+
+ ComponentDto project = dbTester.components().insertPrivateProject();
+
+ IssueDto hotspot = dbTester.issues().insertHotspot(h -> h.setProject(project));
+ IssueChangeDto comment = dbTester.issues().insertComment(hotspot, userWithHotspotComment, "Some comment");
+
+ userSessionRule.logIn(userTryingToDelete);
+ userSessionRule.addProjectPermission(UserRole.USER, project);
+
+ TestRequest request = newRequest(comment.getKey());
+
+ assertThatThrownBy(request::execute)
+ .isInstanceOf(IllegalArgumentException.class)
+ .hasMessage("You can only delete your own comments");
+ }
+
+ @Test
+ public void fails_if_trying_to_delete_comment_of_another_user_in_public_project() {
+ UserDto userTryingToDelete = dbTester.users().insertUser();
+ UserDto userWithHotspotComment = dbTester.users().insertUser();
+
+ ComponentDto project = dbTester.components().insertPublicProject();
+
+ IssueDto hotspot = dbTester.issues().insertHotspot(h -> h.setProject(project));
+ IssueChangeDto comment = dbTester.issues().insertComment(hotspot, userWithHotspotComment, "Some comment");
+
+ userSessionRule.logIn(userTryingToDelete)
+ .registerComponents(project);
+
+ TestRequest request = newRequest(comment.getKey());
+
+ assertThatThrownBy(request::execute)
+ .isInstanceOf(IllegalArgumentException.class)
+ .hasMessage("You can only delete your own comments");
+ }
+
+ private TestRequest newRequest(String commentKey) {
+ return actionTester.newRequest()
+ .setParam("comment", commentKey);
+ }
+
+ private Optional<IssueChangeDto> getHotspotCommentByKey(String commentKey) {
+ return dbClient.issueChangeDao().selectCommentByKey(dbTester.getSession(), commentKey);
+ }
+}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonarqube.ws.client.hotspots;
+
+import javax.annotation.Generated;
+
+/**
+ * This is part of the internal API.
+ * This is a POST request.
+ * @see <a href="https://next.sonarqube.com/sonarqube/web_api/api/hotspots/delete_comment">Further information about this action online (including a response example)</a>
+ * @since 8.2
+ */
+@Generated("sonar-ws-generator")
+public class DeleteCommentRequest {
+
+ private String comment;
+
+ /**
+ * This is a mandatory parameter.
+ * Example value: "AU-Tpxb--iU5OvuD2FLy"
+ */
+ public DeleteCommentRequest setComment(String comment) {
+ this.comment = comment;
+ return this;
+ }
+
+ public String getComment() {
+ return comment;
+ }
+}
projects / sonarqube.git / commitdiff