From: Julien Lancelot <julien.lancelot@sonarsource.com>
Date: Mon, 21 Aug 2017 15:37:53 +0000 (+0200)
Subject: SONAR-9616 Does not allow ws to use branch db key
X-Git-Tag: 6.6-RC1~380^2~76
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=a14c1865a7d13b482e35520c701d738ca8b7bddc;p=sonarqube.git

SONAR-9616 Does not allow ws to use branch db key
---

diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java
index ffd9ce378c2..94472380e06 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentCleanerService.java
@@ -30,6 +30,7 @@ import org.sonar.db.component.ComponentDto;
 import org.sonar.server.es.ProjectIndexer;
 import org.sonar.server.es.ProjectIndexers;
 
+import static com.google.common.base.Preconditions.checkArgument;
 import static java.util.Collections.singletonList;
 
 @ServerSide
@@ -58,9 +59,7 @@ public class ComponentCleanerService {
   }
 
   public void delete(DbSession dbSession, ComponentDto project) {
-    if (hasNotProjectScope(project) || isNotDeletable(project)) {
-      throw new IllegalArgumentException("Only projects can be deleted");
-    }
+    checkArgument(!hasNotProjectScope(project) && !isNotDeletable(project) && project.getMainBranchProjectUuid() == null, "Only projects can be deleted");
     dbClient.purgeDao().deleteProject(dbSession, project.uuid());
     projectIndexers.commitAndIndex(dbSession, singletonList(project), ProjectIndexer.Cause.PROJECT_DELETION);
   }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentFinder.java b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentFinder.java
index a9f26f817a5..15ca2b9ebda 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/component/ComponentFinder.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/component/ComponentFinder.java
@@ -99,20 +99,12 @@ public class ComponentFinder {
   }
 
   private static ComponentDto checkComponent(Optional<ComponentDto> componentDto, String message, Object... messageArguments) {
-    if (componentDto.isPresent() && componentDto.get().isEnabled()) {
+    if (componentDto.isPresent() && componentDto.get().isEnabled() && componentDto.get().getMainBranchProjectUuid() == null) {
       return componentDto.get();
     }
     throw new NotFoundException(format(message, messageArguments));
   }
 
-  private static ComponentDto checkComponent(java.util.Optional<ComponentDto> componentDto, String message, Object... messageArguments) {
-    if (componentDto.isPresent() && componentDto.get().isEnabled()) {
-      return componentDto.get();
-    }
-    throw new NotFoundException(format(message, messageArguments));
-  }
-
-
   public ComponentDto getRootComponentByUuidOrKey(DbSession dbSession, @Nullable String projectUuid, @Nullable String projectKey) {
     ComponentDto project;
     if (projectUuid != null) {
@@ -155,7 +147,11 @@ public class ComponentFinder {
    * Components of the main branch won't be found
    */
   public ComponentDto getByKeyAndBranch(DbSession dbSession, String key, String branch) {
-    return checkComponent(dbClient.componentDao().selectByKeyAndBranch(dbSession, key, branch), "Component '%s' on branch '%s' not found", key, branch);
+    java.util.Optional<ComponentDto> componentDto = dbClient.componentDao().selectByKeyAndBranch(dbSession, key, branch);
+    if (componentDto.isPresent() && componentDto.get().isEnabled()) {
+      return componentDto.get();
+    }
+    throw new NotFoundException(format("Component '%s' on branch '%s' not found", key, branch));
   }
 
   public enum ParamNames {
diff --git a/server/sonar-server/src/main/java/org/sonar/server/project/ws/IndexAction.java b/server/sonar-server/src/main/java/org/sonar/server/project/ws/IndexAction.java
index 3a752c5b5ce..a4870800d59 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/project/ws/IndexAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/project/ws/IndexAction.java
@@ -29,6 +29,7 @@ import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.api.utils.text.JsonWriter;
 import org.sonar.api.web.UserRole;
+import org.sonar.core.util.stream.MoreCollectors;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.component.ComponentDto;
@@ -94,7 +95,10 @@ public class IndexAction implements ProjectsWsAction {
   @Override
   public void handle(Request request, Response response) throws Exception {
     try (DbSession dbSession = dbClient.openSession(false)) {
-      List<ComponentDto> projects = getAuthorizedComponents(searchComponents(dbSession, request));
+      List<ComponentDto> projects = getAuthorizedComponents(searchComponents(dbSession, request))
+        .stream()
+        .filter(p -> p.getMainBranchProjectUuid() == null)
+        .collect(MoreCollectors.toList());
       JsonWriter json = response.newJsonWriter();
       json.beginArray();
       for (ComponentDto project : projects) {
@@ -105,15 +109,6 @@ public class IndexAction implements ProjectsWsAction {
     }
   }
 
-  private Optional<ComponentDto> getProjectByKeyOrId(DbSession dbSession, String component) {
-    try {
-      Long componentId = Long.parseLong(component);
-      return ofNullable(dbClient.componentDao().selectById(dbSession, componentId).orNull());
-    } catch (NumberFormatException e) {
-      return ofNullable(dbClient.componentDao().selectByKey(dbSession, component).orNull());
-    }
-  }
-
   private List<ComponentDto> searchComponents(DbSession dbSession, Request request) {
     String projectKey = request.param(PARAM_PROJECT);
     List<ComponentDto> projects = new ArrayList<>();
@@ -127,6 +122,15 @@ public class IndexAction implements ProjectsWsAction {
     return projects;
   }
 
+  private Optional<ComponentDto> getProjectByKeyOrId(DbSession dbSession, String component) {
+    try {
+      Long componentId = Long.parseLong(component);
+      return ofNullable(dbClient.componentDao().selectById(dbSession, componentId).orNull());
+    } catch (NumberFormatException e) {
+      return ofNullable(dbClient.componentDao().selectByKey(dbSession, component).orNull());
+    }
+  }
+
   private List<ComponentDto> getAuthorizedComponents(List<ComponentDto> components) {
     return userSession.keepAuthorizedComponents(UserRole.USER, components);
   }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/projectbranch/ws/ListAction.java b/server/sonar-server/src/main/java/org/sonar/server/projectbranch/ws/ListAction.java
index cf13348c88e..38b902660a2 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/projectbranch/ws/ListAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/projectbranch/ws/ListAction.java
@@ -36,6 +36,7 @@ import org.sonar.db.component.BranchKeyType;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.measure.MeasureDto;
 import org.sonar.db.metric.MetricDto;
+import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.user.UserSession;
 import org.sonar.server.ws.WsUtils;
 import org.sonarqube.ws.WsBranches;
@@ -56,7 +57,6 @@ import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
 import static org.sonar.db.component.BranchType.LONG;
 import static org.sonar.db.component.BranchType.SHORT;
 import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
-import static org.sonar.server.ws.WsUtils.checkFoundWithOptional;
 import static org.sonarqube.ws.Common.BranchType;
 import static org.sonarqube.ws.client.projectbranches.ProjectBranchesParameters.ACTION_LIST;
 import static org.sonarqube.ws.client.projectbranches.ProjectBranchesParameters.PARAM_PROJECT;
@@ -65,10 +65,12 @@ public class ListAction implements BranchWsAction {
 
   private final DbClient dbClient;
   private final UserSession userSession;
+  private final ComponentFinder componentFinder;
 
-  public ListAction(DbClient dbClient, UserSession userSession) {
+  public ListAction(DbClient dbClient, UserSession userSession, ComponentFinder componentFinder) {
     this.dbClient = dbClient;
     this.userSession = userSession;
+    this.componentFinder = componentFinder;
   }
 
   @Override
@@ -92,10 +94,7 @@ public class ListAction implements BranchWsAction {
     String projectKey = request.mandatoryParam(PARAM_PROJECT);
 
     try (DbSession dbSession = dbClient.openSession(false)) {
-      ComponentDto project = checkFoundWithOptional(
-        dbClient.componentDao().selectByKey(dbSession, projectKey),
-        "Project key '%s' not found", projectKey);
-
+      ComponentDto project = componentFinder.getByKey(dbSession, projectKey);
       userSession.checkComponentPermission(UserRole.USER, project);
       checkArgument(project.isEnabled() && PROJECT.equals(project.qualifier()), "Invalid project key");
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java
index 7a8256beb98..90d84fe1584 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentCleanerServiceTest.java
@@ -141,6 +141,16 @@ public class ComponentCleanerServiceTest {
     underTest.delete(dbSession, project);
   }
 
+  @Test
+  public void fail_to_delete_project_when_branch() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(IllegalArgumentException.class);
+
+    underTest.delete(dbSession, branch);
+  }
+
   private DbData insertData(int id) {
     String suffix = String.valueOf(id);
     ComponentDto project = newPrivateProjectDto(db.organizations().insert(), "project-uuid-" + suffix)
diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentFinderTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentFinderTest.java
index c6dcd86eeaa..477acb543d8 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/component/ComponentFinderTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/component/ComponentFinderTest.java
@@ -36,7 +36,6 @@ import static org.sonar.db.component.ComponentTesting.newModuleDto;
 import static org.sonar.db.component.ComponentTesting.newPrivateProjectDto;
 import static org.sonar.server.component.ComponentFinder.ParamNames.ID_AND_KEY;
 
-
 public class ComponentFinderTest {
 
   @Rule
@@ -95,6 +94,28 @@ public class ComponentFinderTest {
     underTest.getByUuidOrKey(dbSession, null, "project-key", ID_AND_KEY);
   }
 
+  @Test
+  public void fail_to_getByUuidOrKey_when_using_branch_uuid() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    underTest.getByUuidOrKey(dbSession, branch.uuid(), null, ID_AND_KEY);
+  }
+
+  @Test
+  public void fail_to_getByUuidOrKey_when_using_branch_key() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    underTest.getByUuidOrKey(dbSession, null, branch.getDbKey(), ID_AND_KEY);
+  }
+
   @Test
   public void fail_when_component_uuid_is_removed() {
     ComponentDto project = db.components().insertComponent(newPrivateProjectDto(db.getDefaultOrganization()));
@@ -106,6 +127,17 @@ public class ComponentFinderTest {
     underTest.getByUuid(dbSession, "file-uuid");
   }
 
+  @Test
+  public void fail_to_getByUuid_on_branch() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    underTest.getByUuid(dbSession, branch.uuid());
+  }
+
   @Test
   public void fail_when_component_key_is_removed() {
     ComponentDto project = db.components().insertComponent(newPrivateProjectDto(db.getDefaultOrganization()));
@@ -117,6 +149,17 @@ public class ComponentFinderTest {
     underTest.getByKey(dbSession, "file-key");
   }
 
+  @Test
+  public void fail_getByKey_on_branch() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    underTest.getByKey(dbSession, branch.getDbKey());
+  }
+
   @Test
   public void get_component_by_uuid() {
     db.components().insertComponent(newPrivateProjectDto(db.organizations().insert(), "project-uuid"));
diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ws/SearchActionTest.java
index 13e61149899..c52742761ac 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/component/ws/SearchActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/component/ws/SearchActionTest.java
@@ -224,6 +224,18 @@ public class SearchActionTest {
     assertThat(call(request).getComponentsList()).extracting(Component::getKey).containsOnly(file1.getDbKey(), file2.getDbKey());
   }
 
+  @Test
+  public void does_not_return_branches() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    userSession.logIn().setRoot();
+
+    SearchWsResponse response = call(new SearchWsRequest().setQualifiers(asList(PROJECT, MODULE, FILE)));
+
+    assertThat(response.getComponentsList()).extracting(Component::getKey)
+      .containsOnly(project.getDbKey());
+  }
+
   @Test
   public void fail_if_unknown_qualifier_provided() {
     expectedException.expect(IllegalArgumentException.class);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ws/SearchProjectsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ws/SearchProjectsActionTest.java
index 7fb817f896c..cc27c3fedc7 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/component/ws/SearchProjectsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/component/ws/SearchProjectsActionTest.java
@@ -1060,6 +1060,19 @@ public class SearchProjectsActionTest {
         tuple(publicProject.getDbKey(), publicProject.isPrivate() ? "private" : "public"));
   }
 
+  @Test
+  public void does_not_return_branches() {
+    ComponentDto project = db.components().insertMainBranch();
+    authorizationIndexerTester.allowOnlyAnyone(project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    projectMeasuresIndexer.indexOnStartup(null);
+
+    SearchProjectsWsResponse result = call(request);
+
+    assertThat(result.getComponentsList()).extracting(Component::getKey)
+      .containsExactlyInAnyOrder(project.getDbKey());
+  }
+
   @Test
   public void fail_when_filter_metrics_are_unknown() {
     userSession.logIn();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ws/ShowActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ws/ShowActionTest.java
index b0c7fa776dc..ee08c280fc0 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/component/ws/ShowActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/component/ws/ShowActionTest.java
@@ -263,7 +263,7 @@ public class ShowActionTest {
 
   @Test
   public void branch() {
-    ComponentDto project = db.components().insertPrivateProject();
+    ComponentDto project = db.components().insertMainBranch();
     userSession.addProjectPermission(UserRole.USER, project);
     String branchKey = "my_branch";
     ComponentDto branch = db.components().insertProjectBranch(project, b -> b.setKey(branchKey));
@@ -346,6 +346,34 @@ public class ShowActionTest {
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() {
+    ComponentDto project = db.components().insertMainBranch();
+    userSession.addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam(PARAM_COMPONENT, branch.getDbKey())
+      .executeProtobuf(ShowWsResponse.class);
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() {
+    ComponentDto project = db.components().insertMainBranch();
+    userSession.addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component id '%s' not found", branch.uuid()));
+
+    ws.newRequest()
+      .setParam(PARAM_COMPONENT_ID, branch.uuid())
+      .executeProtobuf(ShowWsResponse.class);
+  }
+
   private ShowWsResponse newRequest(@Nullable String uuid, @Nullable String key) {
     TestRequest request = ws.newRequest();
     if (uuid != null) {
diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ws/SuggestionsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ws/SuggestionsActionTest.java
index 31630bfaae7..670893dfed9 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/component/ws/SuggestionsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/component/ws/SuggestionsActionTest.java
@@ -601,6 +601,25 @@ public class SuggestionsActionTest {
         tuple(SuggestionCategory.UNIT_TEST_FILE.getName(), true));
   }
 
+  @Test
+  public void does_not_return_branches() {
+    ComponentDto project = db.components().insertMainBranch();
+    authorizationIndexerTester.allowOnlyAnyone(project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    componentIndexer.indexOnStartup(null);
+    authorizationIndexerTester.allowOnlyAnyone(project);
+
+    SuggestionsWsResponse response = ws.newRequest()
+      .setMethod("POST")
+      .setParam(PARAM_QUERY, project.name())
+      .executeProtobuf(SuggestionsWsResponse.class);
+
+    assertThat(response.getResultsList())
+      .filteredOn(c -> "TRK".equals(c.getQ()))
+      .extracting(Category::getItemsList)
+      .hasSize(1);
+  }
+
   @Test
   public void should_not_propose_to_show_more_results_if_0_projects_are_found() {
     check_proposal_to_show_more_results(0, 0, 0L, null, true);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/component/ws/TreeActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/component/ws/TreeActionTest.java
index 24e3c70c287..2e74d63376a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/component/ws/TreeActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/component/ws/TreeActionTest.java
@@ -342,6 +342,34 @@ public class TreeActionTest {
         tuple(file.getKey(), branchKey));
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() {
+    ComponentDto project = db.components().insertMainBranch();
+    userSession.addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam(PARAM_COMPONENT, branch.getDbKey())
+      .executeProtobuf(WsComponents.ShowWsResponse.class);
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() {
+    ComponentDto project = db.components().insertMainBranch();
+    userSession.addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component id '%s' not found", branch.uuid()));
+
+    ws.newRequest()
+      .setParam(PARAM_COMPONENT_ID, branch.uuid())
+      .executeProtobuf(WsComponents.ShowWsResponse.class);
+  }
+
   @Test
   public void fail_when_not_enough_privileges() {
     ComponentDto project = componentDb.insertComponent(newPrivateProjectDto(db.organizations().insert(), "project-uuid"));
diff --git a/server/sonar-server/src/test/java/org/sonar/server/duplication/ws/ShowActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/duplication/ws/ShowActionTest.java
index 6999d892776..25dde90482a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/duplication/ws/ShowActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/duplication/ws/ShowActionTest.java
@@ -31,6 +31,7 @@ import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.SnapshotDto;
 import org.sonar.db.metric.MetricDto;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
@@ -40,6 +41,7 @@ import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.db.component.ComponentTesting.newFileDto;
 import static org.sonar.db.component.SnapshotTesting.newAnalysis;
@@ -132,6 +134,36 @@ public class ShowActionTest {
     newBaseRequest().execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSessionRule.addProjectPermission(UserRole.CODEVIEWER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam("key", branch.getDbKey())
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSessionRule.addProjectPermission(UserRole.CODEVIEWER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    ws.newRequest()
+      .setParam("uuid", branch.uuid())
+      .execute();
+  }
+
   private TestRequest newBaseRequest() {
     return ws.newRequest();
   }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/favorite/ws/AddActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/favorite/ws/AddActionTest.java
index 41733e1e629..b4aad0ceba1 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/favorite/ws/AddActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/favorite/ws/AddActionTest.java
@@ -30,6 +30,7 @@ import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.property.PropertyDto;
 import org.sonar.db.property.PropertyQuery;
 import org.sonar.server.component.TestComponentFinder;
@@ -42,6 +43,7 @@ import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 
+import static java.lang.String.format;
 import static java.net.HttpURLConnection.HTTP_NO_CONTENT;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.core.util.Protobuf.setNullable;
@@ -133,6 +135,19 @@ public class AddActionTest {
     call(PROJECT_KEY);
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    call(branch.getDbKey());
+  }
+
   @Test
   public void definition() {
     WebService.Action definition = ws.getDef();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/favorite/ws/RemoveActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/favorite/ws/RemoveActionTest.java
index 51a448c3521..63fcc8e05c2 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/favorite/ws/RemoveActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/favorite/ws/RemoveActionTest.java
@@ -24,9 +24,11 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.sonar.api.server.ws.WebService;
+import org.sonar.api.web.UserRole;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.NotFoundException;
@@ -37,6 +39,7 @@ import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 
+import static java.lang.String.format;
 import static java.net.HttpURLConnection.HTTP_NO_CONTENT;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.core.util.Protobuf.setNullable;
@@ -103,6 +106,19 @@ public class RemoveActionTest {
     call(PROJECT_KEY);
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    call(branch.getDbKey());
+  }
+
   @Test
   public void definition() {
     WebService.Action definition = ws.getDef();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionComponentsTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionComponentsTest.java
index f80f1e6859b..4654c080ed6 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionComponentsTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/issue/ws/SearchActionComponentsTest.java
@@ -38,7 +38,6 @@ import org.sonar.db.component.ComponentDto;
 import org.sonar.db.issue.IssueDto;
 import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.rule.RuleDefinitionDto;
-import org.sonar.db.rule.RuleDefinitionDto;
 import org.sonar.server.es.EsTester;
 import org.sonar.server.issue.ActionFinder;
 import org.sonar.server.issue.IssueFieldsSetter;
@@ -57,14 +56,12 @@ import org.sonar.server.view.index.ViewIndexDefinition;
 import org.sonar.server.view.index.ViewIndexer;
 import org.sonar.server.ws.WsActionTester;
 import org.sonar.server.ws.WsResponseCommonFormat;
-import org.sonarqube.ws.Issues.Component;
 import org.sonarqube.ws.Issues;
+import org.sonarqube.ws.Issues.Component;
 import org.sonarqube.ws.Issues.Issue;
 import org.sonarqube.ws.Issues.SearchWsResponse;
 import org.sonarqube.ws.client.issue.IssuesWsParameters;
 
-import static com.google.common.collect.Lists.newArrayList;
-import static java.util.Collections.emptySet;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.tuple;
 import static org.sonar.api.utils.DateUtils.addDays;
@@ -758,6 +755,26 @@ public class SearchActionComponentsTest {
       .doesNotContain(branchIssue.getKey());
   }
 
+  @Test
+  public void does_not_return_branch_issues_when_using_db_key() {
+    RuleDefinitionDto rule = db.rules().insert();
+    ComponentDto project = db.components().insertPrivateProject();
+    userSession.addProjectPermission(UserRole.USER, project);
+    ComponentDto projectFile = db.components().insertComponent(newFileDto(project));
+    IssueDto projectIssue = db.issues().insertIssue(newIssue(rule, project, projectFile));
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    ComponentDto branchFile = db.components().insertComponent(newFileDto(branch));
+    IssueDto branchIssue = db.issues().insertIssue(newIssue(rule, branch, branchFile));
+    allowAnyoneOnProjects(project);
+    indexIssues();
+
+    SearchWsResponse result = ws.newRequest()
+      .setParam(PARAM_COMPONENT_KEYS, branch.getDbKey())
+      .executeProtobuf(SearchWsResponse.class);
+
+    assertThat(result.getIssuesList()).isEmpty();
+  }
+
   private void allowAnyoneOnProjects(ComponentDto... projects) {
     userSession.registerComponents(projects);
     Arrays.stream(projects).forEach(p -> permissionIndexer.allowOnlyAnyone(p));
diff --git a/server/sonar-server/src/test/java/org/sonar/server/measure/ws/ComponentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/measure/ws/ComponentActionTest.java
index 4a4012d8442..362ba23e66a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/measure/ws/ComponentActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/measure/ws/ComponentActionTest.java
@@ -31,6 +31,7 @@ import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.SnapshotDto;
 import org.sonar.db.measure.MeasureDto;
 import org.sonar.db.metric.MetricDto;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.computation.task.projectanalysis.measure.Measure;
 import org.sonar.server.exceptions.BadRequestException;
@@ -38,15 +39,13 @@ import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsActionTester;
-import org.sonarqube.ws.WsMeasures;
-import org.sonarqube.ws.WsMeasures.Component;
-import org.sonarqube.ws.Common;
 import org.sonarqube.ws.Common;
 import org.sonarqube.ws.WsMeasures;
 import org.sonarqube.ws.WsMeasures.Component;
 import org.sonarqube.ws.WsMeasures.ComponentWsResponse;
 
 import static java.lang.Double.parseDouble;
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.tuple;
 import static org.sonar.api.utils.DateUtils.parseDateTime;
@@ -340,6 +339,40 @@ public class ComponentActionTest {
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    insertNclocMetric();
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam(PARAM_COMPONENT, branch.getDbKey())
+      .setParam(PARAM_METRIC_KEYS, "ncloc")
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    insertNclocMetric();
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    ws.newRequest()
+      .setParam(DEPRECATED_PARAM_COMPONENT_ID, branch.uuid())
+      .setParam(PARAM_METRIC_KEYS, "ncloc")
+      .execute();
+  }
+
   @Test
   public void json_example() {
     ComponentDto project = db.components().insertPrivateProject();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/measure/ws/ComponentTreeActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/measure/ws/ComponentTreeActionTest.java
index 2c3e8e2cfd5..52911d542b7 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/measure/ws/ComponentTreeActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/measure/ws/ComponentTreeActionTest.java
@@ -26,7 +26,6 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.sonar.api.measures.Metric;
-import org.sonar.api.resources.Qualifiers;
 import org.sonar.api.server.ws.WebService.Param;
 import org.sonar.api.utils.System2;
 import org.sonar.api.web.UserRole;
@@ -41,6 +40,7 @@ import org.sonar.db.component.SnapshotDto;
 import org.sonar.db.measure.MeasureDto;
 import org.sonar.db.metric.MetricDto;
 import org.sonar.db.metric.MetricTesting;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.ForbiddenException;
@@ -82,6 +82,7 @@ import static org.sonar.server.measure.ws.ComponentTreeAction.NAME_SORT;
 import static org.sonar.server.measure.ws.ComponentTreeAction.WITH_MEASURES_ONLY_METRIC_SORT_FILTER;
 import static org.sonar.test.JsonAssert.assertJson;
 import static org.sonarqube.ws.client.measure.MeasuresWsParameters.ADDITIONAL_PERIODS;
+import static org.sonarqube.ws.client.measure.MeasuresWsParameters.DEPRECATED_PARAM_BASE_COMPONENT_ID;
 import static org.sonarqube.ws.client.measure.MeasuresWsParameters.DEPRECATED_PARAM_BASE_COMPONENT_KEY;
 import static org.sonarqube.ws.client.measure.MeasuresWsParameters.PARAM_ADDITIONAL_FIELDS;
 import static org.sonarqube.ws.client.measure.MeasuresWsParameters.PARAM_BRANCH;
@@ -838,6 +839,40 @@ public class ComponentTreeActionTest {
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    insertNclocMetric();
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam(PARAM_COMPONENT, branch.getDbKey())
+      .setParam(PARAM_METRIC_KEYS, "ncloc")
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    insertNclocMetric();
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    ws.newRequest()
+      .setParam(DEPRECATED_PARAM_BASE_COMPONENT_ID, branch.uuid())
+      .setParam(PARAM_METRIC_KEYS, "ncloc")
+      .execute();
+  }
+
   private static MetricDto newMetricDto() {
     return MetricTesting.newMetricDto()
       .setWorstValue(null)
diff --git a/server/sonar-server/src/test/java/org/sonar/server/measure/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/measure/ws/SearchActionTest.java
index 83ba85dcf35..6c846d51018 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/measure/ws/SearchActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/measure/ws/SearchActionTest.java
@@ -264,6 +264,20 @@ public class SearchActionTest {
     assertThat(result.getMeasuresCount()).isEqualTo(1);
   }
 
+  @Test
+  public void does_not_return_branch_when_using_db_key() {
+    MetricDto coverage = insertCoverageMetric();
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    SnapshotDto analysis = db.components().insertSnapshot(branch);
+    db.measures().insertMeasure(branch, analysis, coverage, m -> m.setValue(10d));
+    setBrowsePermissionOnUser(project);
+
+    SearchWsResponse result = call(asList(branch.getDbKey()), singletonList(coverage.getKey()));
+
+    assertThat(result.getMeasuresList()).isEmpty();
+  }
+
   @Test
   public void fail_if_no_metric() {
     ComponentDto project = db.components().insertPrivateProject();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/measure/ws/SearchHistoryActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/measure/ws/SearchHistoryActionTest.java
index 4570c450be8..85940ce4dc8 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/measure/ws/SearchHistoryActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/measure/ws/SearchHistoryActionTest.java
@@ -39,6 +39,7 @@ import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.SnapshotDto;
 import org.sonar.db.measure.MeasureDto;
 import org.sonar.db.metric.MetricDto;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
@@ -53,6 +54,7 @@ import org.sonarqube.ws.client.measure.SearchHistoryRequest;
 
 import static com.google.common.collect.Lists.newArrayList;
 import static java.lang.Double.parseDouble;
+import static java.lang.String.format;
 import static java.util.Collections.singletonList;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.tuple;
@@ -298,6 +300,22 @@ public class SearchHistoryActionTest {
       .containsExactlyInAnyOrder(measure.getValue());
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam(PARAM_COMPONENT, branch.getDbKey())
+      .setParam(PARAM_METRICS, "ncloc")
+      .execute();
+  }
+
   @Test
   public void fail_if_unknown_metric() {
     wsRequest.setMetrics(newArrayList(complexityMetric.getKey(), nclocMetric.getKey(), "METRIC_42", "42_METRIC"));
diff --git a/server/sonar-server/src/test/java/org/sonar/server/notification/ws/AddActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/notification/ws/AddActionTest.java
index 8c573bf9285..4f7437cca4a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/notification/ws/AddActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/notification/ws/AddActionTest.java
@@ -43,6 +43,7 @@ import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 import org.sonarqube.ws.client.notification.AddRequest;
 
+import static java.lang.String.format;
 import static java.net.HttpURLConnection.HTTP_NO_CONTENT;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.core.util.Protobuf.setNullable;
@@ -252,6 +253,17 @@ public class AddActionTest {
     call(request);
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    call(request.setProject(branch.getDbKey()));
+  }
+
   private TestResponse call(AddRequest.Builder wsRequestBuilder) {
     AddRequest wsRequest = wsRequestBuilder.build();
     TestRequest request = ws.newRequest();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/notification/ws/RemoveActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/notification/ws/RemoveActionTest.java
index 1a33c4adc6d..f8a25ade4ee 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/notification/ws/RemoveActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/notification/ws/RemoveActionTest.java
@@ -44,6 +44,7 @@ import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 import org.sonarqube.ws.client.notification.RemoveRequest;
 
+import static java.lang.String.format;
 import static java.net.HttpURLConnection.HTTP_NO_CONTENT;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.core.util.Protobuf.setNullable;
@@ -268,6 +269,17 @@ public class RemoveActionTest {
     call(request);
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    call(request.setProject(branch.getDbKey()));
+  }
+
   private TestResponse call(RemoveRequest.Builder wsRequestBuilder) {
     RemoveRequest wsRequest = wsRequestBuilder.build();
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java
index bfdfaf80b72..7789faf94b4 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddGroupActionTest.java
@@ -31,6 +31,7 @@ import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.exceptions.ServerException;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
@@ -446,6 +447,44 @@ public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
     assertThat(db.users().selectAnyonePermissions(organization, project)).isEmpty();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    GroupDto group = db.users().insertGroup(organization);
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project key '%s' not found", branch.getDbKey()));
+
+    newRequest()
+      .setParam(PARAM_ORGANIZATION, organization.getKey())
+      .setParam(PARAM_PROJECT_KEY, branch.getDbKey())
+      .setParam(PARAM_GROUP_NAME, group.getName())
+      .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    GroupDto group = db.users().insertGroup(organization);
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project id '%s' not found", branch.uuid()));
+
+    newRequest()
+      .setParam(PARAM_ORGANIZATION, organization.getKey())
+      .setParam(PARAM_PROJECT_ID, branch.uuid())
+      .setParam(PARAM_GROUP_NAME, group.getName())
+      .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+      .execute();
+  }
+
   private void executeRequest(GroupDto groupDto, String permission) throws Exception {
     newRequest()
       .setParam(PARAM_GROUP_NAME, groupDto.getName())
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
index 28468181d22..d4cd798b8e9 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java
@@ -31,6 +31,7 @@ import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.exceptions.ServerException;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
 import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
@@ -379,6 +380,44 @@ public class AddUserActionTest extends BasePermissionWsTest<AddUserAction> {
     assertThat(db.users().selectAnyonePermissions(organization, project)).isEmpty();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    addUserAsMemberOfOrganization(organization);
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project key '%s' not found", branch.getDbKey()));
+
+    newRequest()
+      .setParam(PARAM_ORGANIZATION, organization.getKey())
+      .setParam(PARAM_PROJECT_KEY, branch.getDbKey())
+      .setParam(PARAM_USER_LOGIN, user.getLogin())
+      .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    addUserAsMemberOfOrganization(organization);
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project id '%s' not found", branch.uuid()));
+
+    newRequest()
+      .setParam(PARAM_ORGANIZATION, organization.getKey())
+      .setParam(PARAM_PROJECT_ID, branch.uuid())
+      .setParam(PARAM_USER_LOGIN, user.getLogin())
+      .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+      .execute();
+  }
+
   private void addUserAsMemberOfOrganization(OrganizationDto organization) {
     db.organizations().addMember(organization, user);
   }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java
index 9a9c67ac835..931968f9f0a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java
@@ -28,8 +28,10 @@ import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.user.GroupDto;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.exceptions.UnauthorizedException;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.server.ws.WebService.Param.PAGE;
 import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
@@ -289,4 +291,38 @@ public class GroupsActionTest extends BasePermissionWsTest<GroupsAction> {
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_uuid() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    GroupDto group = db.users().insertGroup(db.getDefaultOrganization());
+    db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
+    loginAsAdmin(db.getDefaultOrganization());
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project id '%s' not found", branch.uuid()));
+
+    newRequest()
+      .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+      .setParam(PARAM_PROJECT_ID, branch.uuid())
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_db_key() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    GroupDto group = db.users().insertGroup(db.getDefaultOrganization());
+    db.users().insertProjectPermissionOnGroup(group, ISSUE_ADMIN, project);
+    loginAsAdmin(db.getDefaultOrganization());
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project key '%s' not found", branch.getDbKey()));
+
+    newRequest()
+      .setParam(PARAM_PERMISSION, ISSUE_ADMIN)
+      .setParam(PARAM_PROJECT_KEY, branch.getDbKey())
+      .execute();
+  }
+
 }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java
index d6b8f5cc19b..b85f53f480c 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveGroupActionTest.java
@@ -32,6 +32,7 @@ import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.web.UserRole.ADMIN;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
@@ -425,6 +426,44 @@ public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupActio
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    GroupDto group = db.users().insertGroup(organization);
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project key '%s' not found", branch.getDbKey()));
+
+    newRequest()
+      .setParam(PARAM_ORGANIZATION, organization.getKey())
+      .setParam(PARAM_PROJECT_KEY, branch.getDbKey())
+      .setParam(PARAM_GROUP_NAME, group.getName())
+      .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    GroupDto group = db.users().insertGroup(organization);
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project id '%s' not found", branch.uuid()));
+
+    newRequest()
+      .setParam(PARAM_ORGANIZATION, organization.getKey())
+      .setParam(PARAM_PROJECT_ID, branch.uuid())
+      .setParam(PARAM_GROUP_NAME, group.getName())
+      .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+      .execute();
+  }
+
   private void unsafeInsertProjectPermissionOnAnyone(String perm, ComponentDto project) {
     GroupPermissionDto dto = new GroupPermissionDto()
       .setOrganizationUuid(project.getOrganizationUuid())
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java
index 520f6ee247d..6b5e582198f 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/RemoveUserActionTest.java
@@ -31,6 +31,7 @@ import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.exceptions.ServerException;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.web.UserRole.ADMIN;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
@@ -48,6 +49,7 @@ import static org.sonar.db.component.ComponentTesting.newView;
 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
 import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
@@ -341,4 +343,40 @@ public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction>
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project key '%s' not found", branch.getDbKey()));
+
+    newRequest()
+      .setParam(PARAM_ORGANIZATION, organization.getKey())
+      .setParam(PARAM_PROJECT_KEY, branch.getDbKey())
+      .setParam(PARAM_USER_LOGIN, user.getLogin())
+      .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project id '%s' not found", branch.uuid()));
+
+    newRequest()
+      .setParam(PARAM_ORGANIZATION, organization.getKey())
+      .setParam(PARAM_PROJECT_ID, branch.uuid())
+      .setParam(PARAM_USER_LOGIN, user.getLogin())
+      .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+      .execute();
+  }
+
 }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java
index c60004c1900..1de62c3a35f 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchProjectPermissionsActionTest.java
@@ -31,10 +31,12 @@ import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.user.GroupDto;
 import org.sonar.db.user.UserDto;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.exceptions.UnauthorizedException;
 import org.sonar.server.i18n.I18nRule;
 import org.sonarqube.ws.WsPermissions;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.server.ws.WebService.Param.PAGE;
 import static org.sonar.api.server.ws.WebService.Param.PAGE_SIZE;
@@ -45,6 +47,7 @@ import static org.sonar.db.component.ComponentTesting.newView;
 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
 import static org.sonar.test.JsonAssert.assertJson;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_QUALIFIER;
 
 public class SearchProjectPermissionsActionTest extends BasePermissionWsTest<SearchProjectPermissionsAction> {
@@ -283,6 +286,20 @@ public class SearchProjectPermissionsActionTest extends BasePermissionWsTest<Sea
       .isSimilarTo(getClass().getResource("SearchProjectPermissionsActionTest/display_all_project_permissions.json"));
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project key '%s' not found", branch.getDbKey()));
+
+    newRequest()
+      .setParam(PARAM_PROJECT_KEY, branch.getDbKey())
+      .execute();
+  }
+
   private ComponentDto insertView() {
     return db.components().insertComponent(newView(db.getDefaultOrganization())
       .setUuid("752d8bfd-420c-4a83-a4e5-8ab19b13c8fc")
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java
index d66cc49bdd5..3227f86cf66 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/UsersActionTest.java
@@ -25,11 +25,14 @@ import org.sonar.api.server.ws.WebService.SelectionMode;
 import org.sonar.api.web.UserRole;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.ComponentTesting;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.user.UserDto;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.exceptions.UnauthorizedException;
 
+import static java.lang.String.format;
 import static org.apache.commons.lang.StringUtils.countMatches;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.server.ws.WebService.Param.PAGE;
@@ -45,9 +48,11 @@ import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
 import static org.sonar.db.permission.OrganizationPermission.SCAN;
 import static org.sonar.db.user.UserTesting.newUserDto;
 import static org.sonar.test.JsonAssert.assertJson;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_ID;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PROJECT_KEY;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_USER_LOGIN;
 
 public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
 
@@ -347,6 +352,46 @@ public class UsersActionTest extends BasePermissionWsTest<UsersAction> {
     newRequest().setParam(TEXT_QUERY, "ab").execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    UserDto user = db.users().insertUser(newUserDto());
+    ComponentDto project = db.components().insertMainBranch(organization);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project key '%s' not found", branch.getDbKey()));
+
+    newRequest()
+      .setParam(PARAM_ORGANIZATION, organization.getKey())
+      .setParam(PARAM_PROJECT_KEY, branch.getDbKey())
+      .setParam(PARAM_USER_LOGIN, user.getLogin())
+      .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    UserDto user = db.users().insertUser(newUserDto());
+    ComponentDto project = db.components().insertMainBranch(organization);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    db.users().insertProjectPermissionOnUser(user, ISSUE_ADMIN, project);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project id '%s' not found", branch.uuid()));
+
+    newRequest()
+      .setParam(PARAM_ORGANIZATION, organization.getKey())
+      .setParam(PARAM_PROJECT_ID, branch.uuid())
+      .setParam(PARAM_USER_LOGIN, user.getLogin())
+      .setParam(PARAM_PERMISSION, SYSTEM_ADMIN)
+      .execute();
+  }
+
   private void insertUsersHavingGlobalPermissions() {
     UserDto user1 = db.users().insertUser(newUserDto("login-1", "name-1", "email-1"));
     db.organizations().addMember(db.getDefaultOrganization(), user1);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/BulkUpdateKeyActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/BulkUpdateKeyActionTest.java
index 5d470c0cbe2..1e0e6b4c4e4 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/BulkUpdateKeyActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/BulkUpdateKeyActionTest.java
@@ -28,6 +28,7 @@ import org.junit.rules.ExpectedException;
 import org.sonar.api.config.internal.MapSettings;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
@@ -246,6 +247,34 @@ public class BulkUpdateKeyActionTest {
     callDryRunByUuid(project.uuid(), FROM, TO);
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component key '%s' not found", branch.getDbKey()));
+
+    callByKey(branch.getDbKey(), FROM, TO);
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component id '%s' not found", branch.uuid()));
+
+    ws.newRequest()
+      .setParam(PARAM_PROJECT_ID, branch.uuid())
+      .setParam(PARAM_FROM, "my_")
+      .setParam(PARAM_TO, "my_new_")
+      .execute();
+  }
+
   @Test
   public void api_definition() {
     WebService.Action definition = ws.getDef();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/DeleteActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/DeleteActionTest.java
index 73442dcf0c5..cb60ebc8f0f 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/DeleteActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/DeleteActionTest.java
@@ -34,6 +34,7 @@ import org.sonar.db.component.ComponentDto;
 import org.sonar.server.component.ComponentCleanerService;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.exceptions.UnauthorizedException;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsTester;
@@ -145,6 +146,30 @@ public class DeleteActionTest {
     call(newRequest().setParam(PARAM_PROJECT_ID, project.uuid()));
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    userSessionRule.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component key '%s' not found", branch.getDbKey()));
+
+    call(newRequest().setParam(PARAM_PROJECT, branch.getDbKey()));
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    userSessionRule.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component id '%s' not found", branch.uuid()));
+
+    call(newRequest().setParam(PARAM_PROJECT_ID, branch.uuid()));
+  }
+
   private WsTester.TestRequest newRequest() {
     return ws.newPostRequest(CONTROLLER, ACTION);
   }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/GhostsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/GhostsActionTest.java
index 47c73884037..951b76a0f1a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/GhostsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/GhostsActionTest.java
@@ -190,6 +190,30 @@ public class GhostsActionTest {
       .contains("ghost-key-1");
   }
 
+  @Test
+  public void does_not_return_branches() {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto ghostProject = db.components().insertMainBranch(organization);
+    db.components().insertSnapshot(ghostProject, dto -> dto.setStatus("U"));
+    ComponentDto ghostBranchProject = db.components().insertProjectBranch(ghostProject);
+    userSessionRule.logIn().addPermission(ADMINISTER, organization);
+
+    TestResponse result = underTest.newRequest()
+      .setParam("organization", organization.getKey())
+      .execute();
+
+    assertJson(result.getInput()).isSimilarTo("{" +
+      "  \"projects\": [" +
+      "    {" +
+      "      \"uuid\": \"" + ghostProject.uuid() + "\"," +
+      "      \"key\": \"" + ghostProject.getDbKey() + "\"," +
+      "      \"name\": \"" + ghostProject.name() + "\"," +
+      "      \"visibility\": \"private\"" +
+      "    }" +
+      "  ]" +
+      "}");
+  }
+
   @Test
   public void ghost_projects_base_on_json_example() throws Exception {
     OrganizationDto organization = db.organizations().insert();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/IndexActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/IndexActionTest.java
index d8b706ee836..444c11a5972 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/IndexActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/IndexActionTest.java
@@ -190,6 +190,32 @@ public class IndexActionTest {
       "]");
   }
 
+  @Test
+  public void does_not_return_branches_when_searching_all_components() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    userSession.setRoot();
+
+    String result = call(null, null, null);
+
+    assertJson(result).isSimilarTo("[" +
+      "  {" +
+      "  \"id\":" + project.getId() + "," +
+      "  }" +
+      "]");
+  }
+
+  @Test
+  public void does_not_return_branches_when_searching_by_key() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    userSession.setRoot();
+
+    String result = call(branch.getDbKey(), null, null);
+
+    assertJson(result).isSimilarTo("[]");
+  }
+
   @Test
   public void test_example() {
     insertProjectsAuthorizedForUser(
diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java
index 799bd1ef68a..9f122fe9feb 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchActionTest.java
@@ -233,6 +233,17 @@ public class SearchActionTest {
       .doesNotContain(recentProject.getKey());
   }
 
+  @Test
+  public void does_not_return_branches_when_searching_by_key() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    userSession.addPermission(ADMINISTER, db.getDefaultOrganization());
+
+    SearchWsResponse response = call(SearchWsRequest.builder().build());
+
+    assertThat(response.getComponentsList()).extracting(Component::getKey).containsOnly(project.getDbKey());
+  }
+
   @Test
   public void result_is_paginated() throws IOException {
     userSession.addPermission(ADMINISTER, db.getDefaultOrganization());
diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchMyProjectsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchMyProjectsActionTest.java
index 41317815d34..8c4df109c8d 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchMyProjectsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/SearchMyProjectsActionTest.java
@@ -173,7 +173,7 @@ public class SearchMyProjectsActionTest {
   }
 
   @Test
-  public void do_not_return_views() {
+  public void does_not_return_views() {
     OrganizationDto organizationDto = db.organizations().insert();
     ComponentDto jdk7 = insertJdk7(organizationDto);
     ComponentDto view = insertView(organizationDto);
@@ -187,6 +187,19 @@ public class SearchMyProjectsActionTest {
     assertThat(result.getProjects(0).getId()).isEqualTo(jdk7.uuid());
   }
 
+  @Test
+  public void does_not_return_branches() {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    db.users().insertProjectPermissionOnUser(user, UserRole.ADMIN, project);
+
+    SearchMyProjectsWsResponse result = call_ws();
+
+    assertThat(result.getProjectsList())
+      .extracting(Project::getKey)
+      .containsExactlyInAnyOrder(project.getDbKey());
+  }
+
   @Test
   public void admin_via_groups() {
     OrganizationDto org = db.organizations().insert();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateKeyActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateKeyActionTest.java
index cf0536445cb..975a4a61aba 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateKeyActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateKeyActionTest.java
@@ -113,6 +113,28 @@ public class UpdateKeyActionTest {
     callByUuid("UNKNOWN_UUID", ANOTHER_KEY);
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component key '%s' not found", branch.getDbKey()));
+
+    callByKey(branch.getDbKey(), ANOTHER_KEY);
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component id '%s' not found", branch.uuid()));
+
+    callByUuid(branch.uuid(), ANOTHER_KEY);
+  }
+
   @Test
   public void api_definition() {
     WebService.Action definition = ws.getDef();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java
index da79a2b05e1..ff7f4bd875a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/project/ws/UpdateVisibilityActionTest.java
@@ -490,6 +490,20 @@ public class UpdateVisibilityActionTest {
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    ComponentDto project = dbTester.components().insertMainBranch();
+    userSessionRule.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = dbTester.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component key '%s' not found", branch.getDbKey()));
+
+    request.setParam(PARAM_PROJECT, branch.getDbKey())
+      .setParam(PARAM_VISIBILITY, PUBLIC)
+      .execute();
+  }
+
   private void unsafeGiveAllPermissionsToRootComponent(ComponentDto component, UserDto user, GroupDto group, OrganizationDto organization) {
     Arrays.stream(OrganizationPermission.values())
       .forEach(organizationPermission -> {
diff --git a/server/sonar-server/src/test/java/org/sonar/server/projectbranch/ws/ListActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/projectbranch/ws/ListActionTest.java
index dc0cfcb32b0..5193cd898d9 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/projectbranch/ws/ListActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/projectbranch/ws/ListActionTest.java
@@ -23,6 +23,7 @@ import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
+import org.sonar.api.resources.ResourceTypes;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.api.utils.System2;
 import org.sonar.api.web.UserRole;
@@ -30,8 +31,11 @@ import org.sonar.db.DbTester;
 import org.sonar.db.component.BranchType;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.ComponentTesting;
+import org.sonar.db.component.ResourceTypesRule;
 import org.sonar.db.component.SnapshotDto;
 import org.sonar.db.metric.MetricDto;
+import org.sonar.db.organization.OrganizationDto;
+import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsActionTester;
@@ -41,12 +45,14 @@ import org.sonarqube.ws.WsBranches;
 import org.sonarqube.ws.WsBranches.Branch;
 import org.sonarqube.ws.WsBranches.ListWsResponse;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.tuple;
 import static org.sonar.api.measures.CoreMetrics.ALERT_STATUS_KEY;
 import static org.sonar.api.measures.CoreMetrics.BUGS_KEY;
 import static org.sonar.api.measures.CoreMetrics.CODE_SMELLS_KEY;
 import static org.sonar.api.measures.CoreMetrics.VULNERABILITIES_KEY;
+import static org.sonar.api.resources.Qualifiers.PROJECT;
 import static org.sonar.test.JsonAssert.assertJson;
 import static org.sonarqube.ws.WsBranches.Branch.Status;
 
@@ -61,12 +67,14 @@ public class ListActionTest {
   @Rule
   public UserSessionRule userSession = UserSessionRule.standalone();
 
+  private ResourceTypes resourceTypes = new ResourceTypesRule().setRootQualifiers(PROJECT);
+
   private MetricDto qualityGateStatus;
   private MetricDto bugs;
   private MetricDto vulnerabilities;
   private MetricDto codeSmells;
 
-  public WsActionTester tester = new WsActionTester(new ListAction(db.getDbClient(), userSession));
+  public WsActionTester tester = new WsActionTester(new ListAction(db.getDbClient(), userSession, new ComponentFinder(db.getDbClient(), resourceTypes)));
 
   @Before
   public void setUp() throws Exception {
@@ -111,7 +119,7 @@ public class ListActionTest {
   @Test
   public void fail_if_project_does_not_exist() {
     expectedException.expect(NotFoundException.class);
-    expectedException.expectMessage("Project key 'foo' not found");
+    expectedException.expectMessage("Component key 'foo' not found");
 
     tester.newRequest()
       .setParam("project", "foo")
@@ -229,6 +237,21 @@ public class ListActionTest {
         tuple(true, 1, true, 2, true, 3));
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    tester.newRequest()
+      .setParam("project", branch.getDbKey())
+      .execute();
+  }
+
   @Test
   public void test_example() {
     ComponentDto project = db.components().insertPrivateProject(p -> p.setDbKey("sonarqube"));
diff --git a/server/sonar-server/src/test/java/org/sonar/server/projectbranch/ws/ShowActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/projectbranch/ws/ShowActionTest.java
index 0625c0dfe93..1dd53096a25 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/projectbranch/ws/ShowActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/projectbranch/ws/ShowActionTest.java
@@ -33,6 +33,7 @@ import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.ResourceTypesRule;
 import org.sonar.db.component.SnapshotDto;
 import org.sonar.db.metric.MetricDto;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.tester.UserSessionRule;
@@ -236,6 +237,22 @@ public class ShowActionTest {
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(String.format("Component '%s' on branch '%s' not found", branch.getDbKey(), branch.getBranch()));
+
+    ws.newRequest()
+      .setParam("component", branch.getDbKey())
+      .setParam("branch", branch.getBranch())
+      .execute();
+  }
+
   @Test
   public void test_example() {
     ComponentDto project = db.components().insertPrivateProject(p -> p.setDbKey("sonarqube"));
diff --git a/server/sonar-server/src/test/java/org/sonar/server/projectlink/ws/CreateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/projectlink/ws/CreateActionTest.java
index 6ae5c751c55..6b4bd5f8f2d 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/projectlink/ws/CreateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/projectlink/ws/CreateActionTest.java
@@ -45,6 +45,7 @@ import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.WsActionTester;
 import org.sonarqube.ws.WsProjectLinks;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01;
 import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
@@ -230,6 +231,40 @@ public class CreateActionTest {
     failIfNotAProject(view, subview);
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam(PARAM_PROJECT_KEY, branch.getDbKey())
+      .setParam(PARAM_NAME, "Custom")
+      .setParam(PARAM_URL, "http://example.org")
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_db_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project id '%s' not found", branch.uuid()));
+
+    ws.newRequest()
+      .setParam(PARAM_PROJECT_ID, branch.uuid())
+      .setParam(PARAM_NAME, "Custom")
+      .setParam(PARAM_URL, "http://example.org")
+      .execute();
+  }
+
   private void failIfNotAProject(ComponentDto root, ComponentDto component) {
     userSession.logIn().addProjectPermission(UserRole.ADMIN, root);
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/projectlink/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/projectlink/ws/SearchActionTest.java
index b8e2eca57eb..79975ce4b5a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/projectlink/ws/SearchActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/projectlink/ws/SearchActionTest.java
@@ -34,6 +34,7 @@ import org.sonar.db.component.ComponentDbTester;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.ComponentLinkDto;
 import org.sonar.db.component.ComponentTesting;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.BadRequestException;
@@ -45,6 +46,7 @@ import org.sonar.server.ws.WsActionTester;
 import org.sonarqube.ws.WsProjectLinks.Link;
 import org.sonarqube.ws.WsProjectLinks.SearchWsResponse;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.tuple;
 import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01;
@@ -265,6 +267,36 @@ public class SearchActionTest {
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam(PARAM_PROJECT_KEY, branch.getDbKey())
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_db_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Project id '%s' not found", branch.uuid()));
+
+    ws.newRequest()
+      .setParam(PARAM_PROJECT_ID, branch.uuid())
+      .execute();
+  }
+
   private ComponentDto insertProject(String projectKey, String projectUuid) {
     return componentDb.insertComponent(newPrivateProjectDto(db.organizations().insert(), projectUuid).setDbKey(projectKey));
   }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/projecttag/ws/SetActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/projecttag/ws/SetActionTest.java
index 642f18fda23..88b426c096d 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/projecttag/ws/SetActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/projecttag/ws/SetActionTest.java
@@ -31,15 +31,18 @@ import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.es.TestProjectIndexers;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 
+import static java.lang.String.format;
 import static java.net.HttpURLConnection.HTTP_NO_CONTENT;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.core.util.Protobuf.setNullable;
@@ -172,6 +175,19 @@ public class SetActionTest {
     call(file.getDbKey(), "secret");
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.USER, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    call(branch.getDbKey(), "secret");
+  }
+
   @Test
   public void definition() {
     WebService.Action definition = ws.getDef();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java
index e56b4deeeb0..753cd1531b2 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/DeselectActionTest.java
@@ -30,6 +30,7 @@ import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.property.PropertyDto;
 import org.sonar.db.qualitygate.QualityGateDto;
 import org.sonar.server.component.ComponentFinder;
@@ -40,6 +41,7 @@ import org.sonar.server.qualitygate.QualityGates;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsActionTester;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;
@@ -179,6 +181,34 @@ public class DeselectActionTest {
     callByKey(gateId, project.getDbKey());
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    String gateId = String.valueOf(gate.getId());
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    callByKey(gateId, branch.getDbKey());
+  }
+
+  @Test
+  public void fail_when_using_branch_id() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    String gateId = String.valueOf(gate.getId());
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    callByUuid(gateId, branch.uuid());
+  }
+
   private QualityGateDto insertQualityGate() {
     QualityGateDto gate = new QualityGateDto().setName("Custom");
     dbClient.qualityGateDao().insert(dbSession, gate);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/GetByProjectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/GetByProjectActionTest.java
index f11cc408962..6a26415520f 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/GetByProjectActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/GetByProjectActionTest.java
@@ -44,6 +44,7 @@ import org.sonar.server.ws.WsActionTester;
 import org.sonarqube.ws.WsQualityGates;
 import org.sonarqube.ws.WsQualityGates.GetByProjectWsResponse;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.test.JsonAssert.assertJson;
 import static org.sonarqube.ws.client.qualitygate.QualityGatesWsParameters.PARAM_PROJECT_ID;
@@ -190,6 +191,32 @@ public class GetByProjectActionTest {
     call("uuid", "key");
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    call(null, branch.getDbKey());
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    call(branch.uuid(), null);
+  }
+
   private GetByProjectWsResponse callByUuid(String projectUuid) {
     return call(projectUuid, null);
   }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java
index 6652fac3949..13305eb54db 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java
@@ -35,6 +35,7 @@ import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.ComponentTesting;
 import org.sonar.db.component.SnapshotDto;
 import org.sonar.db.metric.MetricDto;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.ForbiddenException;
@@ -44,6 +45,7 @@ import org.sonar.server.ws.WsActionTester;
 import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse;
 import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse.Status;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.db.component.SnapshotTesting.newAnalysis;
 import static org.sonar.db.measure.MeasureTesting.newMeasureDto;
@@ -234,6 +236,38 @@ public class ProjectStatusActionTest {
     ws.newRequest().execute().getInput();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    SnapshotDto snapshot = db.components().insertSnapshot(branch);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam(PARAM_PROJECT_KEY, branch.getDbKey())
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    SnapshotDto snapshot = db.components().insertSnapshot(branch);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    ws.newRequest()
+      .setParam("projectId", branch.uuid())
+      .execute();
+  }
+
   private ProjectStatusWsResponse call(String taskId) {
     return ws.newRequest()
       .setParam("analysisId", taskId)
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java
index c3fd89633d1..f6530f7616a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/SelectActionTest.java
@@ -29,6 +29,7 @@ import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.qualitygate.QualityGateDto;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.component.TestComponentFinder;
@@ -37,6 +38,7 @@ import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsActionTester;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_GATES;
 import static org.sonar.server.qualitygate.QualityGates.SONAR_QUALITYGATE_PROPERTY;
@@ -168,6 +170,34 @@ public class SelectActionTest {
     callByKey(gateId, project.getDbKey());
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    String gateId = String.valueOf(gate.getId());
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    callByKey(gateId, branch.getDbKey());
+  }
+
+  @Test
+  public void fail_when_using_branch_id() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    String gateId = String.valueOf(gate.getId());
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    callByUuid(gateId, branch.uuid());
+  }
+
   private QualityGateDto insertQualityGate() {
     QualityGateDto gate = new QualityGateDto().setName("Custom");
     dbClient.qualityGateDao().insert(dbSession, gate);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java
index d18e9bdaa16..25f7cb780b6 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java
@@ -30,8 +30,8 @@ import org.sonar.db.DbClient;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.organization.OrganizationDto;
-import org.sonar.server.component.TestComponentFinder;
 import org.sonar.db.qualityprofile.QProfileDto;
+import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.exceptions.UnauthorizedException;
@@ -42,6 +42,7 @@ import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;
 
@@ -241,6 +242,40 @@ public class AddProjectActionTest {
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    QProfileDto profile = db.qualityProfiles().insert(organization);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    tester.newRequest()
+      .setParam("project", branch.getDbKey())
+      .setParam("profileKey", profile.getKee())
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    QProfileDto profile = db.qualityProfiles().insert(organization);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    tester.newRequest()
+      .setParam("projectUuid", branch.uuid())
+      .setParam("profileKey", profile.getKee())
+      .execute();
+  }
+
   private void assertProjectIsAssociatedToProfile(ComponentDto project, QProfileDto profile) {
     QProfileDto loaded = dbClient.qualityProfileDao().selectAssociatedToProjectAndLanguage(db.getSession(), project, profile.getLanguage());
     assertThat(loaded.getKee()).isEqualTo(profile.getKee());
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java
index 28ed1dac1cf..b08b83cc2b7 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java
@@ -31,6 +31,7 @@ import org.sonar.db.DbClient;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.ResourceTypesRule;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.qualityprofile.QProfileDto;
 import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
@@ -43,6 +44,7 @@ import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER_QUALITY_PROFILES;
 
@@ -185,6 +187,40 @@ public class RemoveProjectActionTest {
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    QProfileDto profile = db.qualityProfiles().insert(organization);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam("project", branch.getDbKey())
+      .setParam("profileKey", profile.getKee())
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    QProfileDto profile = db.qualityProfiles().insert(organization);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    ws.newRequest()
+      .setParam("projectUuid", branch.uuid())
+      .setParam("profileKey", profile.getKee())
+      .execute();
+  }
+
   private void assertProjectIsAssociatedToProfile(ComponentDto project, QProfileDto profile) {
     QProfileDto loaded = dbClient.qualityProfileDao().selectAssociatedToProjectAndLanguage(db.getSession(), project, profile.getLanguage());
     assertThat(loaded.getKee()).isEqualTo(profile.getKee());
diff --git a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ResetActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ResetActionTest.java
index db109a79337..97816ea47c9 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ResetActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ResetActionTest.java
@@ -29,12 +29,14 @@ import org.sonar.api.config.PropertyDefinition;
 import org.sonar.api.config.PropertyDefinitions;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDbTester;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.ComponentTesting;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.property.PropertyDbTester;
 import org.sonar.db.property.PropertyQuery;
 import org.sonar.db.user.UserDto;
@@ -43,6 +45,7 @@ import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.i18n.I18nRule;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.TestRequest;
@@ -50,6 +53,7 @@ import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 import org.sonarqube.ws.MediaTypes;
 
+import static java.lang.String.format;
 import static java.net.HttpURLConnection.HTTP_NO_CONTENT;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.resources.Qualifiers.PROJECT;
@@ -338,6 +342,23 @@ public class ResetActionTest {
     failForPropertyWithoutDefinitionOnUnsupportedComponent(view, projectCopy);
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    definitions.addComponent(PropertyDefinition.builder("foo").onQualifiers(PROJECT).build());
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam("keys", "foo")
+      .setParam("component", branch.getDbKey())
+      .execute();
+  }
+
   private void succeedForPropertyWithoutDefinitionAndValidComponent(ComponentDto root, ComponentDto module) {
     logInAsProjectAdmin(root);
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/SetActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/SetActionTest.java
index de69c621425..cb7bb364de7 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/SetActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/SetActionTest.java
@@ -43,6 +43,7 @@ import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
 import org.sonar.db.component.ComponentTesting;
+import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.property.PropertyDbTester;
 import org.sonar.db.property.PropertyDto;
 import org.sonar.db.property.PropertyQuery;
@@ -51,6 +52,7 @@ import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.i18n.I18nRule;
 import org.sonar.server.platform.SettingsChangeNotifier;
 import org.sonar.server.tester.UserSessionRule;
@@ -59,6 +61,7 @@ import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 
 import static com.google.common.collect.Lists.newArrayList;
+import static java.lang.String.format;
 import static java.util.Collections.singletonList;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.groups.Tuple.tuple;
@@ -898,6 +901,19 @@ public class SetActionTest {
       GSON.toJson(ImmutableMap.of("firstField", "firstValue"))), project.getDbKey());
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    callForProjectSettingByKey("my.key", "My Value", branch.getDbKey());
+  }
+
   @Test
   public void definition() {
     WebService.Action definition = ws.getDef();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java
index 172ee8f59d3..1624a068e85 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/setting/ws/ValuesActionTest.java
@@ -33,6 +33,7 @@ import org.sonar.api.config.PropertyDefinitions;
 import org.sonar.api.config.PropertyFieldDefinition;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDbTester;
@@ -42,6 +43,7 @@ import org.sonar.db.organization.OrganizationDto;
 import org.sonar.db.property.PropertyDbTester;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.organization.DefaultOrganizationProvider;
 import org.sonar.server.organization.TestDefaultOrganizationProvider;
 import org.sonar.server.tester.UserSessionRule;
@@ -51,6 +53,7 @@ import org.sonar.test.JsonAssert;
 import org.sonarqube.ws.Settings;
 import org.sonarqube.ws.Settings.ValuesWsResponse;
 
+import static java.lang.String.format;
 import static java.util.Arrays.asList;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.groups.Tuple.tuple;
@@ -778,6 +781,22 @@ public class ValuesActionTest {
     JsonAssert.assertJson(ws.getDef().responseExampleAsString()).isSimilarTo(result);
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    OrganizationDto organization = db.organizations().insert();
+    ComponentDto project = db.components().insertMainBranch(organization);
+    userSession.logIn().addProjectPermission(UserRole.ADMIN, project);
+    ComponentDto branch = db.components().insertProjectBranch(project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    ws.newRequest()
+      .setParam("keys", "foo")
+      .setParam("component", branch.getDbKey())
+      .execute();
+  }
+
   @Test
   public void test_ws_definition() {
     WebService.Action action = ws.getDef();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/source/ws/HashActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/source/ws/HashActionTest.java
index eb6e254cf62..b5cd121ddd4 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/source/ws/HashActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/source/ws/HashActionTest.java
@@ -22,17 +22,20 @@ package org.sonar.server.source.ws;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.mockito.runners.MockitoJUnitRunner;
 import org.sonar.api.utils.System2;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbTester;
+import org.sonar.db.component.ComponentDto;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsTester;
 
+import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.Assert.fail;
 
@@ -43,6 +46,8 @@ public class HashActionTest {
   final static String COMPONENT_KEY = "Action.java";
   final static String PROJECT_UUID = "ABCD";
 
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
   @Rule
   public DbTester db = DbTester.create(System2.INSTANCE);
   @Rule
@@ -95,6 +100,20 @@ public class HashActionTest {
     }
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    loginAndRegisterComponent(project.uuid());
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    tester.newGetRequest("api/sources", "hash")
+      .setParam("key", branch.getDbKey())
+      .execute();
+  }
+
   @Test(expected = ForbiddenException.class)
   public void fail_on_missing_permission() throws Exception {
     db.prepareDbUnit(getClass(), "shared.xml");
diff --git a/server/sonar-server/src/test/java/org/sonar/server/source/ws/IndexActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/source/ws/IndexActionTest.java
index 725ba85a3dd..18d18927cfc 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/source/ws/IndexActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/source/ws/IndexActionTest.java
@@ -37,6 +37,7 @@ import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.TestResponse;
 import org.sonar.server.ws.WsActionTester;
 
+import static java.lang.String.format;
 import static org.sonar.api.web.UserRole.CODEVIEWER;
 import static org.sonar.api.web.UserRole.USER;
 import static org.sonar.db.component.ComponentTesting.newFileDto;
@@ -116,6 +117,20 @@ public class IndexActionTest {
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    userSession.addProjectPermission(USER, project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    tester.newRequest()
+      .setParam("resource", branch.getDbKey())
+      .execute();
+  }
+
   private static DbFileSources.Data newData(String... lines) throws IOException {
     DbFileSources.Data.Builder dataBuilder = DbFileSources.Data.newBuilder();
     for (int i = 1; i <= lines.length; i++) {
diff --git a/server/sonar-server/src/test/java/org/sonar/server/source/ws/LinesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/source/ws/LinesActionTest.java
index 11defa2926f..9cebc9d452a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/source/ws/LinesActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/source/ws/LinesActionTest.java
@@ -43,6 +43,7 @@ import org.sonar.server.source.index.FileSourceTesting;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsTester;
 
+import static java.lang.String.format;
 import static org.mockito.Matchers.anyString;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -292,6 +293,34 @@ public class LinesActionTest {
       .execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    userSession.addProjectPermission(UserRole.USER, project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    wsTester.newGetRequest("api/sources", "lines")
+      .setParam("key", branch.getDbKey())
+      .execute();
+  }
+
+  @Test
+  public void fail_when_using_branch_uuid() throws Exception {
+    ComponentDto project = db.components().insertMainBranch();
+    ComponentDto branch = db.components().insertProjectBranch(project);
+    userSession.addProjectPermission(UserRole.USER, project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component id '%s' not found", branch.uuid()));
+
+    wsTester.newGetRequest("api/sources", "lines")
+      .setParam("uuid", branch.uuid())
+      .execute();
+  }
+
   private void insertFileWithData(DbFileSources.Data fileData) throws IOException {
     insertFile();
     db.getDbClient().fileSourceDao().insert(db.getSession(), new FileSourceDto()
diff --git a/server/sonar-server/src/test/java/org/sonar/server/source/ws/ScmActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/source/ws/ScmActionTest.java
index 1f6d926376a..fa25f532647 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/source/ws/ScmActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/source/ws/ScmActionTest.java
@@ -23,6 +23,7 @@ import java.util.Date;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.sonar.api.utils.DateUtils;
 import org.sonar.api.utils.System2;
 import org.sonar.api.web.UserRole;
@@ -35,11 +36,14 @@ import org.sonar.db.protobuf.DbFileSources;
 import org.sonar.db.source.FileSourceDto;
 import org.sonar.server.component.TestComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.NotFoundException;
 import org.sonar.server.source.HtmlSourceDecorator;
 import org.sonar.server.source.SourceService;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsTester;
 
+import static java.lang.String.format;
+
 public class ScmActionTest {
 
   private static final String FILE_KEY = "FILE_KEY";
@@ -48,7 +52,8 @@ public class ScmActionTest {
 
   @Rule
   public DbTester dbTester = DbTester.create(System2.INSTANCE);
-
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
   @Rule
   public UserSessionRule userSessionRule = UserSessionRule.standalone();
 
@@ -187,6 +192,20 @@ public class ScmActionTest {
     request.execute();
   }
 
+  @Test
+  public void fail_when_using_branch_db_key() throws Exception {
+    ComponentDto project = dbTester.components().insertMainBranch();
+    ComponentDto branch = dbTester.components().insertProjectBranch(project);
+    userSessionRule.addProjectPermission(UserRole.CODEVIEWER, project);
+
+    expectedException.expect(NotFoundException.class);
+    expectedException.expectMessage(format("Component key '%s' not found", branch.getDbKey()));
+
+    tester.newGetRequest("api/sources", "scm")
+      .setParam("key", branch.getDbKey())
+      .execute();
+  }
+
   private DbFileSources.Line newSourceLine(String author, String revision, Date date, int line) {
     return DbFileSources.Line.newBuilder()
       .setScmAuthor(author)