SONAR-8151 support anyoneCanCreate in /api/organizations/create

server/sonar-server/src/main/java/org/sonar/server/organization/ws/CreateAction.java

@@ -21,9 +21,11 @@ package org.sonar.server.organization.ws;
 
 import javax.annotation.CheckForNull;
 import javax.annotation.Nullable;
+import org.sonar.api.config.Settings;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
+import org.sonar.core.config.CorePropertyDefinitions;
 import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.core.util.UuidFactory;
 import org.sonar.db.DbClient;
@@ -46,12 +48,14 @@ import static org.sonar.server.ws.WsUtils.writeProtobuf;
 public class CreateAction implements OrganizationsAction {
   private static final String ACTION = "create";
 
+  private final Settings settings;
   private final UserSession userSession;
   private final DbClient dbClient;
   private final UuidFactory uuidFactory;
   private final OrganizationsWsSupport wsSupport;
 
-  public CreateAction(UserSession userSession, DbClient dbClient, UuidFactory uuidFactory, OrganizationsWsSupport wsSupport) {
+  public CreateAction(Settings settings, UserSession userSession, DbClient dbClient, UuidFactory uuidFactory, OrganizationsWsSupport wsSupport) {
+    this.settings = settings;
     this.userSession = userSession;
     this.dbClient = dbClient;
     this.uuidFactory = uuidFactory;
@@ -62,7 +66,8 @@ public class CreateAction implements OrganizationsAction {
   public void define(WebService.NewController context) {
     WebService.NewAction action = context.createAction(ACTION)
       .setPost(true)
-      .setDescription("Create an organization.<br /> Requires 'Administer System' permission.")
+      .setDescription("Create an organization.<br />" +
+        "Requires 'Administer System' permission unless any logged in user is allowed to create an organization (see appropriate setting).")
       .setResponseExample(getClass().getResource("example-create.json"))
       .setInternal(true)
       .setSince("6.2")
@@ -81,7 +86,11 @@ public class CreateAction implements OrganizationsAction {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
+    if (settings.getBoolean(CorePropertyDefinitions.ORGANIZATIONS_ANYONE_CAN_CREATE)) {
+      userSession.checkLoggedIn();
+    } else {
+      userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
+    }
 
     String name = wsSupport.getAndCheckName(request);
     String requestKey = getAndCheckKey(request);

server/sonar-server/src/test/java/org/sonar/server/organization/ws/CreateActionTest.java

@@ -26,6 +26,8 @@ import org.apache.commons.io.IOUtils;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
+import org.sonar.api.config.MapSettings;
+import org.sonar.api.config.Settings;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.api.utils.System2;
 import org.sonar.core.permission.GlobalPermissions;
@@ -34,6 +36,7 @@ import org.sonar.core.util.Uuids;
 import org.sonar.db.DbTester;
 import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.UnauthorizedException;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.TestRequest;
 import org.sonar.server.ws.WsActionTester;
@@ -44,6 +47,7 @@ import org.sonarqube.ws.Organizations.Organization;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
+import static org.sonar.core.config.CorePropertyDefinitions.ORGANIZATIONS_ANYONE_CAN_CREATE;
 import static org.sonar.server.organization.ws.OrganizationsWsTestSupport.STRING_257_CHARS_LONG;
 import static org.sonar.server.organization.ws.OrganizationsWsTestSupport.STRING_65_CHARS_LONG;
 import static org.sonar.test.JsonAssert.assertJson;
@@ -61,8 +65,10 @@ public class CreateActionTest {
   @Rule
   public ExpectedException expectedException = ExpectedException.none();
 
+  private Settings settings = new MapSettings()
+    .setProperty(ORGANIZATIONS_ANYONE_CAN_CREATE, false);
   private UuidFactory uuidFactory = mock(UuidFactory.class);
-  private CreateAction underTest = new CreateAction(userSession, dbTester.getDbClient(), uuidFactory, new OrganizationsWsSupport());
+  private CreateAction underTest = new CreateAction(settings, userSession, dbTester.getDbClient(), uuidFactory, new OrganizationsWsSupport());
   private WsActionTester wsTester = new WsActionTester(underTest);
 
   @Test
@@ -70,7 +76,8 @@ public class CreateActionTest {
     WebService.Action action = wsTester.getDef();
     assertThat(action.key()).isEqualTo("create");
     assertThat(action.isPost()).isTrue();
-    assertThat(action.description()).isEqualTo("Create an organization.<br /> Requires 'Administer System' permission.");
+    assertThat(action.description()).isEqualTo("Create an organization.<br />" +
+        "Requires 'Administer System' permission unless any logged in user is allowed to create an organization (see appropriate setting).");
     assertThat(action.isInternal()).isTrue();
     assertThat(action.since()).isEqualTo("6.2");
     assertThat(action.handler()).isEqualTo(underTest);
@@ -109,13 +116,40 @@ public class CreateActionTest {
   }
 
   @Test
-  public void request_fails_if_user_does_not_have_SYSTEM_ADMIN_permission() {
+  public void request_fails_if_user_does_not_have_SYSTEM_ADMIN_permission_and_logged_in_user_can_not_create_organizations() {
     expectedException.expect(ForbiddenException.class);
     expectedException.expectMessage("Insufficient privileges");
 
     executeRequest("name");
   }
 
+  @Test
+  public void request_succeeds_if_user_has_SYSTEM_ADMIN_permission_and_logged_in_user_can_not_create_organizations() {
+    giveUserSystemAdminPermission();
+    mockForSuccessfulInsert(SOME_UUID, SOME_DATE);
+
+    verifyResponseAndDb(executeRequest("foo"), SOME_UUID, "foo", "foo", SOME_DATE);
+  }
+
+  @Test
+  public void request_fails_if_user_is_not_logged_in_and_logged_in_user_can_create_organizations() {
+    settings.setProperty(ORGANIZATIONS_ANYONE_CAN_CREATE, true);
+
+    expectedException.expect(UnauthorizedException.class);
+    expectedException.expectMessage("Authentication is required");
+
+    executeRequest("name");
+  }
+
+  @Test
+  public void request_succeeds_if_user_is_logged_in_and_logged_in_user_can_create_organizations() {
+    settings.setProperty(ORGANIZATIONS_ANYONE_CAN_CREATE, true);
+    userSession.login();
+    mockForSuccessfulInsert(SOME_UUID, SOME_DATE);
+
+    verifyResponseAndDb(executeRequest("foo"), SOME_UUID, "foo", "foo", SOME_DATE);
+  }
+
   @Test
   public void request_fails_if_name_param_is_missing() {
     giveUserSystemAdminPermission();

sonar-core/src/main/java/org/sonar/core/config/CorePropertyDefinitions.java

@@ -48,8 +48,7 @@ public class CorePropertyDefinitions {
   private static final String TIMEMACHINE_DEFAULT_PERIOD_5 = "";
 
   private static final String CATEGORY_ORGANIZATIONS = "organizations";
-  private static final String ORGANIZATIONS_ANYONE_CAN_CREATE = "sonar.organizations.anyoneCanCreate";
-  private static final boolean ORGANIZATIONS_ANYONE_CAN_CREATE_DEFAULT_VALUE = false;
+  public static final String ORGANIZATIONS_ANYONE_CAN_CREATE = "sonar.organizations.anyoneCanCreate";
 
   private CorePropertyDefinitions() {
     // only static stuff
@@ -290,7 +289,7 @@ public class CorePropertyDefinitions {
       // ORGANIZATIONS
       PropertyDefinition.builder(ORGANIZATIONS_ANYONE_CAN_CREATE)
         .name("Allow any authenticated user to create organizations")
-        .defaultValue(Boolean.toString(ORGANIZATIONS_ANYONE_CAN_CREATE_DEFAULT_VALUE))
+        .defaultValue(Boolean.toString(false))
         .category(CATEGORY_ORGANIZATIONS)
         .type(PropertyType.BOOLEAN)
         .build()));