From: Julien Lancelot Date: Mon, 24 Sep 2018 14:00:05 +0000 (+0200) Subject: SONAR-11305 Return external identity only to sys admin in api/users/search X-Git-Tag: 7.5~389 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7b567ba3d15ed7dd0b0bba0330686487e35af85c;p=sonarqube.git SONAR-11305 Return external identity only to sys admin in api/users/search --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java index 0c3179718c0..bfb1d3ad9e0 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java @@ -95,6 +95,7 @@ public class SearchAction implements UsersWsAction { "When accessed anonymously, only logins and names are returned.") .setSince("3.6") .setChangelog( + new Change("7.4", "External identity is only returned to system administrators"), new Change("6.4", "Paging response fields moved to a Paging object"), new Change("6.4", "Avatar has been added to the response"), new Change("6.4", "Email is only returned when user has Administer System permission")) @@ -150,7 +151,6 @@ public class SearchAction implements UsersWsAction { setIfNeeded(FIELD_AVATAR, fields, emptyToNull(user.getEmail()), u -> userBuilder.setAvatar(avatarResolver.create(user))); setIfNeeded(FIELD_ACTIVE, fields, user.isActive(), userBuilder::setActive); setIfNeeded(FIELD_LOCAL, fields, user.isLocal(), userBuilder::setLocal); - setIfNeeded(FIELD_EXTERNAL_IDENTITY, fields, user.getExternalLogin(), userBuilder::setExternalIdentity); setIfNeeded(FIELD_EXTERNAL_PROVIDER, fields, user.getExternalIdentityProvider(), userBuilder::setExternalProvider); setIfNeeded(FIELD_TOKENS_COUNT, fields, tokensCount, userBuilder::setTokensCount); setIfNeeded(isNeeded(FIELD_SCM_ACCOUNTS, fields) && !user.getScmAccountsAsList().isEmpty(), user.getScmAccountsAsList(), @@ -160,6 +160,7 @@ public class SearchAction implements UsersWsAction { setIfNeeded(FIELD_EMAIL, fields, user.getEmail(), userBuilder::setEmail); setIfNeeded(isNeeded(FIELD_GROUPS, fields) && !groups.isEmpty(), groups, g -> userBuilder.setGroups(Groups.newBuilder().addAllGroups(g))); + setIfNeeded(FIELD_EXTERNAL_IDENTITY, fields, user.getExternalLogin(), userBuilder::setExternalIdentity); } return userBuilder.build(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java index 77e6c2bbc8f..6def2160c4c 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java @@ -203,6 +203,38 @@ public class SearchActionTest { .containsExactlyInAnyOrder(tuple(user.getLogin(), false)); } + @Test + public void return_external_information() { + UserDto user = db.users().insertUser(); + userIndexer.indexOnStartup(null); + userSession.logIn().setSystemAdministrator(); + + SearchWsResponse response = ws.newRequest() + .executeProtobuf(SearchWsResponse.class); + + assertThat(response.getUsersList()) + .extracting(User::getLogin, User::getExternalIdentity, User::getExternalProvider) + .containsExactlyInAnyOrder(tuple(user.getLogin(), user.getExternalLogin(), user.getExternalIdentityProvider())); + } + + @Test + public void return_external_identity_only_when_system_administer() { + UserDto user = db.users().insertUser(); + userIndexer.indexOnStartup(null); + + userSession.logIn().setSystemAdministrator(); + assertThat(ws.newRequest() + .executeProtobuf(SearchWsResponse.class).getUsersList()) + .extracting(User::getLogin, User::getExternalIdentity) + .containsExactlyInAnyOrder(tuple(user.getLogin(), user.getExternalLogin())); + + userSession.logIn(); + assertThat(ws.newRequest() + .executeProtobuf(SearchWsResponse.class).getUsersList()) + .extracting(User::getLogin, User::hasExternalIdentity) + .containsExactlyInAnyOrder(tuple(user.getLogin(), false)); + } + @Test public void only_return_login_and_name_when_not_logged() { UserDto user = db.users().insertUser();