From 2334d16fbf819fb900bb545458ad879ad93236c2 Mon Sep 17 00:00:00 2001
From: Julien Lancelot <julien.lancelot@sonarsource.com>
Date: Fri, 6 Jan 2017 09:43:31 +0100
Subject: [PATCH] SONAR-7300 Remove rails code about api/properties

---
 .../authentication/JwtCsrfVerifier.java       |   5 +-
 .../authentication/JwtCsrfVerifierTest.java   |   1 -
 .../controllers/api/properties_controller.rb  | 167 ------------------
 .../src/main/webapp/WEB-INF/config/routes.rb  |   2 -
 4 files changed, 1 insertion(+), 174 deletions(-)
 delete mode 100644 server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/properties_controller.rb

diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtCsrfVerifier.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtCsrfVerifier.java
index cb37531d522..4a156d9799e 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtCsrfVerifier.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtCsrfVerifier.java
@@ -42,10 +42,7 @@ public class JwtCsrfVerifier {
 
   private static final Set<String> UPDATE_METHODS = ImmutableSet.of("POST", "PUT", "DELETE");
   private static final String API_URL = "/api";
-  private static final Set<String> RAILS_UPDATE_API_URLS = ImmutableSet.of(
-    "/api/projects/create",
-    "/api/properties/create",
-    "/api/user_properties");
+  private static final Set<String> RAILS_UPDATE_API_URLS = ImmutableSet.of("/api/projects/create", "/api/user_properties");
 
   public String generateState(HttpServletRequest request, HttpServletResponse response, int timeoutInSeconds) {
     // Create a state token to prevent request forgery.
diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtCsrfVerifierTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtCsrfVerifierTest.java
index d80d27a4f9e..2d62f24942a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtCsrfVerifierTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtCsrfVerifierTest.java
@@ -149,7 +149,6 @@ public class JwtCsrfVerifierTest {
   @Test
   public void ignore_rails_ws_requests() throws Exception {
     executeVerifyStateDoesNotFailOnRequest("/api/projects/create?key=ABCD", "POST");
-    executeVerifyStateDoesNotFailOnRequest("/api/properties/create?key=ABCD", "POST");
     executeVerifyStateDoesNotFailOnRequest("/api/user_properties", "POST");
   }
 
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/properties_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/properties_controller.rb
deleted file mode 100644
index 7e3e2020987..00000000000
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/properties_controller.rb
+++ /dev/null
@@ -1,167 +0,0 @@
-#
-# SonarQube, open source software quality management tool.
-# Copyright (C) 2008-2016 SonarSource
-# mailto:contact AT sonarsource DOT com
-#
-# SonarQube is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 3 of the License, or (at your option) any later version.
-#
-# SonarQube is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-class Api::PropertiesController < Api::ApiController
-
-  before_filter :admin_required, :only => [:create, :update, :destroy]
-
-  # GET /api/properties/index?[resource=<resource id or key>]
-  # Does NOT manage default values.
-  def index
-    keys=Set.new
-    properties=[]
-
-    # project properties
-    if params[:resource]
-      resource=Project.by_key(params[:resource])
-      if resource
-        # bottom-up projects
-        projects=[resource].concat(resource.ancestor_projects)
-        projects.each do |project|
-          Property.find(:all, :conditions => ['resource_id=? and user_id is null', project.id]).each do |prop|
-            properties<<prop if keys.add? prop.key
-          end
-        end
-      end
-    end
-
-    # global properties
-    Property.find(:all, :conditions => 'resource_id is null and user_id is null').each do |prop|
-      properties<<prop if keys.add? prop.key
-    end
-
-    # Add default properties for properties that are not overloaded
-    java_facade.getSettings().getDefinitions().getAll().each do |prop_def|
-      key = prop_def.key()
-      if keys.add?(key)
-        default_prop = get_default_property(key)
-        properties<<default_prop if default_prop
-      end
-    end
-
-    # apply security
-    properties = properties.select{|prop| allowed?(prop.key)}
-
-    respond_to do |format|
-      format.json { render :json => jsonp(to_json(properties)) }
-      format.xml { render :xml => to_xml(properties) }
-    end
-  end
-
-  # GET /api/properties/<key>[?resource=<resource>]
-  def show
-    key = params[:id]
-    resource_id_or_key = params[:resource]
-    if resource_id_or_key
-      resource = Project.by_key(resource_id_or_key)
-      not_found('resource not found') unless resource
-      prop = Property.by_key(key, resource.id)
-    else
-      prop = Property.by_key(key)
-    end
-
-    # Try to get default value if property is null
-    prop ||= get_default_property(key)
-
-    unless prop
-      # for backward-compatibility with versions <= 2.14 : keep status 200
-      message = "Property not found: #{key}"
-      return respond_to do |format|
-        format.json { render :json => error_to_json(404, message), :status => 200 }
-        format.xml { render :xml => error_to_xml(404, message), :status => 200 }
-        format.text { render :text => message, :status => 200 }
-      end
-    end
-    access_denied unless allowed?(key)
-    respond_to do |format|
-      format.json { render :json => jsonp(to_json([prop])) }
-      format.xml { render :xml => to_xml([prop]) }
-    end
-  end
-
-  # curl -u admin:admin -v -X POST http://localhost:9000/api/properties/foo?value=bar[&resource=<resource>]
-  def create
-    update
-  end
-
-  # curl -u admin:admin -v -X PUT http://localhost:9000/api/properties/foo?value=bar[&resource=<resource>]
-  def update
-    key = params[:id]
-    bad_request('missing key') unless key.present?
-    value = params[:value] || request.raw_post
-    resource_id_or_key = params[:resource]
-    if resource_id_or_key
-      resource = Project.by_key(resource_id_or_key)
-      not_found('resource not found') unless resource
-      resource_id_or_key = resource.id
-    end
-    prop=Property.set(key, value, resource_id_or_key)
-    if prop.nil?
-      render_success('property created') # Cleared
-    elsif prop.valid?
-      render_success('property created')
-    else
-      render_bad_request(prop.validation_error_message)
-    end
-  end
-
-  # curl -u admin:admin -v -X DELETE http://localhost:9000/api/properties/foo[?resource=<resource>]
-  def destroy
-    key = params[:id]
-    bad_request('missing key') unless key.present?
-    resource_id_or_key = params[:resource]
-    if resource_id_or_key
-      resource = Project.by_key(resource_id_or_key)
-      if resource
-        resource_id_or_key = resource.id
-      else
-        # TODO should we ignore this error ?
-        not_found('resource not found')
-      end
-    end
-    Api::Utils.java_facade.saveProperty(key, resource_id_or_key.nil? ? nil : resource_id_or_key.to_i, nil, nil)
-    render_success('property deleted')
-  end
-
-  private
-
-  def to_json(properties)
-    properties.collect { |property| property.to_hash_json }
-  end
-
-  def to_xml(properties)
-    xml = Builder::XmlMarkup.new(:indent => 0)
-    xml.instruct!
-    xml.properties do
-      properties.each do |property|
-        property.to_xml(xml)
-      end
-    end
-  end
-
-  def allowed?(property_key)
-    !property_key.end_with?('.secured') || is_admin? || (property_key.include?(".license") && logged_in?)
-  end
-
-  def get_default_property(key)
-    value = java_facade.getSettings().getString(key).to_s
-    Property.new({:prop_key => key, :text_value => value}) if java_facade.getSettings().hasDefaultValue(key)
-  end
-
-end
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/config/routes.rb b/server/sonar-web/src/main/webapp/WEB-INF/config/routes.rb
index fdb9431c329..2b557f53438 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/config/routes.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/config/routes.rb
@@ -9,8 +9,6 @@ ActionController::Routing::Routes.draw do |map|
 
   map.connect 'api/resoures', :controller => 'api/resources', :action => 'index'
 
-  map.resources 'properties', :path_prefix => 'api', :controller => 'api/properties', :requirements => { :id => /.*/ }
-
   # page plugins
   map.connect 'plugins/configuration/:page', :controller => 'plugins/configuration', :action => 'index', :requirements => { :page => /.*/ }
   map.connect 'plugins/home/:page', :controller => 'plugins/home', :action => 'index', :requirements => { :page => /.*/ }
-- 
2.39.5