From 2f0e138b24b5c1ba69faa69f545a58571f2cfca2 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Mon, 18 Jul 2016 15:26:19 +0200 Subject: [PATCH] SONAR-7874 api/user_groups/search requires now to be logged --- .../server/usergroups/ws/SearchAction.java | 11 ++++-- .../usergroups/ws/SearchActionTest.java | 34 ++++++++++++++++--- .../usergroups/ws/UserGroupsWsTest.java | 4 ++- 3 files changed, 41 insertions(+), 8 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java index 1519c60cf7c..8c2df2adf86 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java @@ -38,6 +38,7 @@ import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.user.GroupDto; import org.sonar.server.es.SearchOptions; +import org.sonar.server.user.UserSession; import static org.sonar.server.es.SearchOptions.MAX_LIMIT; @@ -49,16 +50,19 @@ public class SearchAction implements UserGroupsWsAction { private static final String FIELD_MEMBERS_COUNT = "membersCount"; private static final List ALL_FIELDS = Arrays.asList(FIELD_NAME, FIELD_DESCRIPTION, FIELD_MEMBERS_COUNT); - private DbClient dbClient; + private final DbClient dbClient; + private final UserSession userSession; - public SearchAction(DbClient dbClient) { + public SearchAction(DbClient dbClient, UserSession userSession) { this.dbClient = dbClient; + this.userSession = userSession; } @Override public void define(NewController context) { context.createAction("search") - .setDescription("Search for user groups") + .setDescription("Search for user groups
." + + "Require to be logged.") .setHandler(this) .setResponseExample(getClass().getResource("example-search.json")) .setSince("5.2") @@ -69,6 +73,7 @@ public class SearchAction implements UserGroupsWsAction { @Override public void handle(Request request, Response response) throws Exception { + userSession.checkLoggedIn(); int page = request.mandatoryParamAsInt(Param.PAGE); int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE); SearchOptions options = new SearchOptions() diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java index 605db91747d..b8c65d582db 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java @@ -23,15 +23,17 @@ import org.apache.commons.lang.StringUtils; import org.junit.Before; import org.junit.Rule; import org.junit.Test; +import org.junit.rules.ExpectedException; import org.sonar.api.server.ws.WebService.Param; import org.sonar.api.utils.System2; import org.sonar.db.DbClient; import org.sonar.db.DbSession; import org.sonar.db.DbTester; import org.sonar.db.user.GroupDao; -import org.sonar.db.user.GroupMembershipDao; import org.sonar.db.user.UserGroupDao; import org.sonar.db.user.UserGroupDto; +import org.sonar.server.exceptions.UnauthorizedException; +import org.sonar.server.tester.UserSessionRule; import org.sonar.server.ws.WsTester; import static org.assertj.core.api.Assertions.assertThat; @@ -42,10 +44,16 @@ public class SearchActionTest { @Rule public DbTester db = DbTester.create(System2.INSTANCE); + + @Rule + public UserSessionRule userSession = UserSessionRule.standalone(); + + @Rule + public ExpectedException expectedException = ExpectedException.none(); + private WsTester ws; private GroupDao groupDao; - private GroupMembershipDao groupMembershipDao; private UserGroupDao userGroupDao; private DbSession dbSession; @@ -53,21 +61,22 @@ public class SearchActionTest { public void setUp() { DbClient dbClient = db.getDbClient(); groupDao = dbClient.groupDao(); - groupMembershipDao = dbClient.groupMembershipDao(); userGroupDao = dbClient.userGroupDao(); - ws = new WsTester(new UserGroupsWs(new SearchAction(dbClient))); + ws = new WsTester(new UserGroupsWs(new SearchAction(dbClient, userSession))); dbSession = dbClient.openSession(false); } @Test public void search_empty() throws Exception { + loginAsSimpleUser(); newRequest().execute().assertJson(getClass(), "empty.json"); } @Test public void search_without_parameters() throws Exception { + loginAsSimpleUser(); insertGroups("users", "admins", "customer1", "customer2", "customer3"); dbSession.commit(); @@ -76,6 +85,7 @@ public class SearchActionTest { @Test public void search_with_members() throws Exception { + loginAsSimpleUser(); insertGroups("users", "admins", "customer1", "customer2", "customer3"); insertMembers("users", 5); insertMembers("admins", 1); @@ -87,6 +97,7 @@ public class SearchActionTest { @Test public void search_with_query() throws Exception { + loginAsSimpleUser(); insertGroups("users", "admins", "customer%_%/1", "customer%_%/2", "customer%_%/3"); dbSession.commit(); @@ -95,6 +106,7 @@ public class SearchActionTest { @Test public void search_with_paging() throws Exception { + loginAsSimpleUser(); insertGroups("users", "admins", "customer1", "customer2", "customer3"); dbSession.commit(); @@ -108,6 +120,7 @@ public class SearchActionTest { @Test public void search_with_fields() throws Exception { + loginAsSimpleUser(); insertGroups("sonar-users"); dbSession.commit(); @@ -142,6 +155,14 @@ public class SearchActionTest { .contains("membersCount"); } + @Test + public void fail_when_not_logged() throws Exception { + userSession.anonymous(); + + expectedException.expect(UnauthorizedException.class); + newRequest().execute(); + } + private WsTester.TestRequest newRequest() { return ws.newGetRequest("api/user_groups", "search"); } @@ -160,4 +181,9 @@ public class SearchActionTest { userGroupDao.insert(dbSession, new UserGroupDto().setGroupId(groupId).setUserId((long) i + 1)); } } + + private void loginAsSimpleUser() { + userSession.login("user"); + } + } diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java index ba1a32bacd7..2e8b7a6755e 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java @@ -32,14 +32,16 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; public class UserGroupsWsTest { + @Rule public UserSessionRule userSessionRule = UserSessionRule.standalone(); + WebService.Controller controller; @Before public void setUp() { WsTester tester = new WsTester(new UserGroupsWs( - new SearchAction(mock(DbClient.class)), + new SearchAction(mock(DbClient.class), mock(UserSession.class)), new CreateAction(mock(DbClient.class), mock(UserSession.class), mock(UserGroupUpdater.class)))); controller = tester.controller("api/user_groups"); } -- 2.39.5