From: Guillaume Jambet <guillaume.jambet@sonarsource.com>
Date: Tue, 7 Nov 2017 16:26:58 +0000 (+0100)
Subject: SONAR-10046 adding minimum length validation to api/permissions
X-Git-Tag: 7.0-RC1~346
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=5dbf937e50b592ec0c171144aac1e45a595dd5ff;p=sonarqube.git

SONAR-10046 adding minimum length validation to api/permissions
---

diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java
index 1f6e95b0f23..27077a53d97 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/GroupsAction.java
@@ -81,11 +81,13 @@ public class GroupsAction implements PermissionsWsAction {
         "<li>'Administer' rights on the specified project</li>" +
         "</ul>")
       .addPagingParams(DEFAULT_PAGE_SIZE, RESULTS_MAX_SIZE)
-      .addSearchQuery("sonar", "names").setDescription("Limit search to group names that contain the supplied string. Must have at least %d characters.<br/>" +
-        "When this parameter is not set, only groups having at least one permission are returned.", SEARCH_QUERY_MIN_LENGTH)
       .setResponseExample(Resources.getResource(getClass(), "groups-example.json"))
       .setHandler(this);
 
+    action.createSearchQuery("sonar", "names")
+      .setDescription("Limit search to group names that contain the supplied string. When this parameter is not set, only groups having at least one permission are returned.")
+      .setMinimumLength(SEARCH_QUERY_MIN_LENGTH);
+
     createOrganizationParameter(action).setSince("6.2");
     createPermissionParameter(action).setRequired(false);
     createProjectParameters(action);
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java
index f7538691c96..40d4946820f 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/UsersAction.java
@@ -54,7 +54,6 @@ import static org.sonar.server.permission.ws.PermissionRequestValidator.validate
 import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter;
 import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createPermissionParameter;
 import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectParameters;
-import static org.sonar.server.ws.WsUtils.checkRequest;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
@@ -91,8 +90,9 @@ public class UsersAction implements PermissionsWsAction {
       .setHandler(this);
 
     action.createParam(Param.TEXT_QUERY)
-      .setDescription("Limit search to user names that contain the supplied string. Must have at least %d characters.<br/>" +
-        "When this parameter is not set, only users having at least one permission are returned.", SEARCH_QUERY_MIN_LENGTH)
+      .setMinimumLength(SEARCH_QUERY_MIN_LENGTH)
+      .setDescription("Limit search to user names that contain the supplied string. <br/>" +
+        "When this parameter is not set, only users having at least one permission are returned.")
       .setExampleValue("eri");
 
     createOrganizationParameter(action).setSince("6.2");
@@ -136,9 +136,6 @@ public class UsersAction implements PermissionsWsAction {
     }
     if (textQuery == null) {
       permissionQuery.withAtLeastOnePermission();
-    } else {
-      checkRequest(textQuery.length() >= SEARCH_QUERY_MIN_LENGTH,
-        "The '%s' parameter must have at least %d characters", Param.TEXT_QUERY, SEARCH_QUERY_MIN_LENGTH);
     }
     return permissionQuery.build();
   }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java
index f10ba0fa49a..44c44ce2655 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateGroupsAction.java
@@ -78,8 +78,9 @@ public class TemplateGroupsAction implements PermissionsWsAction {
       .setHandler(this);
 
     action.createParam(TEXT_QUERY)
-      .setDescription("Limit search to group names that contain the supplied string. Must have at least %d characters.<br/>" +
-        "When this parameter is not set, only group having at least one permission are returned.", SEARCH_QUERY_MIN_LENGTH)
+      .setMinimumLength(SEARCH_QUERY_MIN_LENGTH)
+      .setDescription("Limit search to group names that contain the supplied string. <br/>" +
+        "When this parameter is not set, only group having at least one permission are returned.")
       .setExampleValue("eri");
 
     createProjectPermissionParameter(action);
diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java
index 0c37f59f1c0..ce703cbd3d5 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/TemplateUsersAction.java
@@ -85,8 +85,9 @@ public class TemplateUsersAction implements PermissionsWsAction {
       .setHandler(this);
 
     action.createParam(Param.TEXT_QUERY)
-      .setDescription("Limit search to user names that contain the supplied string. Must have at least %d characters.<br/>" +
-        "When this parameter is not set, only users having at least one permission are returned.", SEARCH_QUERY_MIN_LENGTH)
+      .setMinimumLength(SEARCH_QUERY_MIN_LENGTH)
+      .setDescription("Limit search to user names that contain the supplied string. <br/>" +
+        "When this parameter is not set, only users having at least one permission are returned.")
       .setExampleValue("eri");
     createProjectPermissionParameter(action).setRequired(false);
     createTemplateParameters(action);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java
index c424b43fc99..777a086ab05 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java
@@ -347,8 +347,8 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
   public void fail_if_search_query_is_too_short() throws Exception {
     loginAsAdmin(db.getDefaultOrganization());
 
-    expectedException.expect(BadRequestException.class);
-    expectedException.expectMessage("The 'q' parameter must have at least 3 characters");
+    expectedException.expect(IllegalArgumentException.class);
+    expectedException.expectMessage("'q' length (2) is shorter than the minimum authorized (3)");
 
     newRequest().setParam(TEXT_QUERY, "ab").execute();
   }