From 5e53506d7357b7b7eb0d22d6b50bf4eb6a652325 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Wed, 2 Nov 2016 17:01:24 +0100 Subject: [PATCH] SONAR-8260 fix conflict between project and org parameters --- .../server/permission/ws/AddUserAction.java | 5 ++++- .../server/permission/ws/AddUserActionTest.java | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java index 08325de06da..42ab1e18073 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/permission/ws/AddUserAction.java @@ -33,6 +33,7 @@ import org.sonar.server.permission.UserId; import org.sonar.server.permission.UserPermissionChange; import org.sonar.server.user.UserSession; +import static com.google.common.base.Preconditions.checkArgument; import static java.util.Arrays.asList; import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin; import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createOrganizationParameter; @@ -80,7 +81,9 @@ public class AddUserAction implements PermissionsWsAction { try (DbSession dbSession = dbClient.openSession(false)) { UserId user = support.findUser(dbSession, request.mandatoryParam(PARAM_USER_LOGIN)); Optional projectId = support.findProject(dbSession, request); - OrganizationDto org = support.findOrganization(dbSession, request.param(PARAM_ORGANIZATION_KEY)); + String organizationKey = request.param(PARAM_ORGANIZATION_KEY); + checkArgument(!projectId.isPresent() || organizationKey == null, "Organization must not be set when project is set."); + OrganizationDto org = support.findOrganization(dbSession, organizationKey); checkProjectAdmin(userSession, org.getUuid(), projectId); diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java index 4a135b3b6f9..ead2f1cf17d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/AddUserActionTest.java @@ -318,6 +318,22 @@ public class AddUserActionTest extends BasePermissionWsTest { db.rootFlag().verify(rootByGroupPermissionUser, true); } + @Test + public void organization_parameter_must_not_be_set_on_project_permissions() { + ComponentDto project = db.components().insertProject(); + loginAsAdminOnDefaultOrganization(); + + expectedException.expect(IllegalArgumentException.class); + expectedException.expectMessage("Organization must not be set when project is set."); + + newRequest() + .setParam(PARAM_USER_LOGIN, user.getLogin()) + .setParam(PARAM_PROJECT_KEY, project.getKey()) + .setParam(PARAM_ORGANIZATION_KEY, "an_org") + .setParam(PARAM_PERMISSION, ISSUE_ADMIN) + .execute(); + } + private void executeRequest(UserDto userDto, String permission) throws Exception { executeRequest(userDto, permission, null); } -- 2.39.5