From: Julien Lancelot Date: Mon, 18 Jul 2016 13:11:53 +0000 (+0200) Subject: SONAR-7874 api/users/search is only returning login and name when accessed anonymously X-Git-Tag: 6.0-RC1~8^2~4 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=c6ef2669cbcbb427e7d9582c2d3b6da70a7d0bf2;p=sonarqube.git SONAR-7874 api/users/search is only returning login and name when accessed anonymously --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java index 4aae003f5ef..33f8535a7e3 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java @@ -58,7 +58,9 @@ public class SearchAction implements UsersWsAction { @Override public void define(WebService.NewController controller) { WebService.NewAction action = controller.createAction("search") - .setDescription("Get a list of active users. Administer System permission is required to show the 'groups' field.") + .setDescription("Get a list of active users.
" + + "Administer System permission is required to show the 'groups' field.
" + + "When accessed anonymously, only logins and names are returned.") .setSince("3.6") .setHandler(this) .setResponseExample(getClass().getResource("search-example.json")); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java index f77a2fb985f..990d4db28ff 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UserJsonWriter.java @@ -69,14 +69,16 @@ public class UserJsonWriter { json.beginObject(); json.prop(FIELD_LOGIN, user.getLogin()); writeIfNeeded(json, user.getName(), FIELD_NAME, fields); - writeIfNeeded(json, user.getEmail(), FIELD_EMAIL, fields); - writeIfNeeded(json, user.isActive(), FIELD_ACTIVE, fields); - writeIfNeeded(json, user.isLocal(), FIELD_LOCAL, fields); - writeIfNeeded(json, user.getExternalIdentity(), FIELD_EXTERNAL_IDENTITY, fields); - writeIfNeeded(json, user.getExternalIdentityProvider(), FIELD_EXTERNAL_PROVIDER, fields); - writeGroupsIfNeeded(json, groups, fields); - writeScmAccountsIfNeeded(json, fields, user); - writeTokensCount(json, tokensCount); + if (userSession.isLoggedIn()) { + writeIfNeeded(json, user.getEmail(), FIELD_EMAIL, fields); + writeIfNeeded(json, user.isActive(), FIELD_ACTIVE, fields); + writeIfNeeded(json, user.isLocal(), FIELD_LOCAL, fields); + writeIfNeeded(json, user.getExternalIdentity(), FIELD_EXTERNAL_IDENTITY, fields); + writeIfNeeded(json, user.getExternalIdentityProvider(), FIELD_EXTERNAL_PROVIDER, fields); + writeGroupsIfNeeded(json, groups, fields); + writeScmAccountsIfNeeded(json, fields, user); + writeTokensCount(json, tokensCount); + } json.endObject(); } diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java index ee48a84a72e..81a2fd5c22e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java @@ -37,11 +37,13 @@ import org.sonar.db.user.GroupDto; import org.sonar.db.user.UserDbTester; import org.sonar.db.user.UserDto; import org.sonar.db.user.UserGroupDto; +import org.sonar.db.user.UserTesting; import org.sonar.server.es.EsTester; import org.sonar.server.tester.UserSessionRule; import org.sonar.server.user.index.UserDoc; import org.sonar.server.user.index.UserIndex; import org.sonar.server.user.index.UserIndexDefinition; +import org.sonar.server.user.index.UserIndexer; import org.sonar.server.ws.WsTester; import static com.google.common.collect.Lists.newArrayList; @@ -57,23 +59,25 @@ public class SearchActionTest { @ClassRule public static final EsTester esTester = new EsTester().addDefinitions(new UserIndexDefinition(new Settings())); + @Rule public UserSessionRule userSession = UserSessionRule.standalone(); + @Rule public DbTester db = DbTester.create(System2.INSTANCE); + UserDbTester userDb = new UserDbTester(db); GroupDbTester groupDb = new GroupDbTester(db); DbClient dbClient = db.getDbClient(); - final DbSession dbSession = db.getSession(); + DbSession dbSession = db.getSession(); - WsTester ws; - UserIndex index; + UserIndex index = new UserIndex(esTester.client()); + UserIndexer userIndexer = (UserIndexer) new UserIndexer(dbClient, esTester.client()).setEnabled(true); + WsTester ws = new WsTester(new UsersWs(new SearchAction(index, dbClient, new UserJsonWriter(userSession)))); @Before public void setUp() { esTester.truncateIndices(); - index = new UserIndex(esTester.client()); - ws = new WsTester(new UsersWs(new SearchAction(index, dbClient, new UserJsonWriter(userSession)))); } @Test @@ -99,7 +103,7 @@ public class SearchActionTest { } dbClient.userTokenDao().insert(dbSession, newUserToken().setLogin(fmallet.getLogin())); db.commit(); - esTester.putDocuments(UserIndexDefinition.INDEX, UserIndexDefinition.TYPE_USER, toUserDoc(fmallet), toUserDoc(simon)); + userIndexer.index(); loginAsAdmin(); String response = ws.newGetRequest("api/users", "search").execute().outputAsString(); @@ -109,11 +113,13 @@ public class SearchActionTest { @Test public void search_empty() throws Exception { + loginAsSimpleUser(); ws.newGetRequest("api/users", "search").execute().assertJson(getClass(), "empty.json"); } @Test public void search_without_parameters() throws Exception { + loginAsSimpleUser(); injectUsers(5); ws.newGetRequest("api/users", "search").execute().assertJson(getClass(), "five_users.json"); @@ -121,6 +127,7 @@ public class SearchActionTest { @Test public void search_with_query() throws Exception { + loginAsSimpleUser(); injectUsers(5); UserDto user = userDb.insertUser( newUserDto("user-%_%-login", "user-name", "user@mail.com") @@ -140,6 +147,7 @@ public class SearchActionTest { @Test public void search_with_paging() throws Exception { + loginAsSimpleUser(); injectUsers(10); ws.newGetRequest("api/users", "search").setParam(Param.PAGE_SIZE, "5").execute().assertJson(getClass(), "page_one.json"); @@ -148,6 +156,7 @@ public class SearchActionTest { @Test public void search_with_fields() throws Exception { + loginAsSimpleUser(); injectUsers(1); assertThat(ws.newGetRequest("api/users", "search").execute().outputAsString()) @@ -197,6 +206,7 @@ public class SearchActionTest { @Test public void search_with_groups() throws Exception { + loginAsAdmin(); List users = injectUsers(1); GroupDto group1 = dbClient.groupDao().insert(dbSession, new GroupDto().setName("sonar-users")); @@ -205,14 +215,31 @@ public class SearchActionTest { dbClient.userGroupDao().insert(dbSession, new UserGroupDto().setGroupId(group2.getId()).setUserId(users.get(0).getId())); dbSession.commit(); - loginAsAdmin(); ws.newGetRequest("api/users", "search").execute().assertJson(getClass(), "user_with_groups.json"); } + @Test + public void only_return_login_and_name_when_not_logged() throws Exception { + userSession.anonymous(); + + dbClient.userDao().insert(dbSession, UserTesting.newUserDto("john", "John", "john@email.com")); + dbSession.commit(); + userIndexer.index(); + + ws.newGetRequest("api/users", "search").execute().assertJson( + "{" + + " \"users\": [" + + " {" + + " \"login\": \"john\"," + + " \"name\": \"John\"" + + " }" + + " ]" + + "}"); + } + private List injectUsers(int numberOfUsers) throws Exception { List userDtos = Lists.newArrayList(); long createdAt = System.currentTimeMillis(); - UserDoc[] users = new UserDoc[numberOfUsers]; for (int index = 0; index < numberOfUsers; index++) { String email = String.format("user-%d@mail.com", index); String login = String.format("user-%d", index); @@ -232,8 +259,6 @@ public class SearchActionTest { .setUpdatedAt(createdAt)); userDtos.add(userDto); - users[index] = toUserDoc(userDto); - for (int tokenIndex = 0; tokenIndex < index; tokenIndex++) { dbClient.userTokenDao().insert(dbSession, newUserToken() .setLogin(login) @@ -241,22 +266,16 @@ public class SearchActionTest { } } dbSession.commit(); - esTester.putDocuments(UserIndexDefinition.INDEX, UserIndexDefinition.TYPE_USER, users); + userIndexer.index(); return userDtos; } - private static UserDoc toUserDoc(UserDto dto) { - return new UserDoc() - .setActive(dto.isActive()) - .setCreatedAt(dto.getCreatedAt()) - .setEmail(dto.getEmail()) - .setLogin(dto.getLogin()) - .setName(dto.getName()) - .setScmAccounts(dto.getScmAccountsAsList()) - .setUpdatedAt(dto.getUpdatedAt()); - } - private void loginAsAdmin() { userSession.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN); } + + private void loginAsSimpleUser() { + userSession.login("user"); + } + }