SONAR-12922 add edit hotspot comment ws

9 files changed, 417 insertions, 1 deletions

diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/AddCommentAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/AddCommentAction.java
index 4a2be100abc..df698cfbcb2 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/AddCommentAction.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/AddCommentAction.java
@@ -35,6 +35,7 @@ import org.sonar.server.issue.ws.IssueUpdater;
 public class AddCommentAction implements HotspotsWsAction {
   private static final String PARAM_HOTSPOT_KEY = "hotspot";
   private static final String PARAM_COMMENT = "comment";
+  private static final Integer MAXIMUM_COMMENT_LENGTH = 1000;
 
   private final DbClient dbClient;
   private final HotspotWsSupport hotspotWsSupport;
@@ -66,6 +67,7 @@ public class AddCommentAction implements HotspotsWsAction {
       .setRequired(true);
     action.createParam(PARAM_COMMENT)
       .setDescription("Comment text.")
+      .setMaximumLength(MAXIMUM_COMMENT_LENGTH)
       .setExampleValue("This is safe because user input is validated by the calling code")
       .setRequired(true);
   }
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/EditCommentAction.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/EditCommentAction.java
new file mode 100644
index 00000000000..06c6023e7fe
--- /dev/null
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/EditCommentAction.java
@@ -0,0 +1,133 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.hotspot.ws;
+
+import java.util.Date;
+import java.util.Objects;
+import java.util.Optional;
+import org.sonar.api.server.ws.Request;
+import org.sonar.api.server.ws.Response;
+import org.sonar.api.server.ws.WebService;
+import org.sonar.api.utils.DateUtils;
+import org.sonar.api.utils.System2;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbSession;
+import org.sonar.db.issue.IssueChangeDto;
+import org.sonar.db.user.UserDto;
+import org.sonar.markdown.Markdown;
+import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.user.UserSession;
+import org.sonarqube.ws.Common.Comment;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static java.lang.String.format;
+import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01;
+import static org.sonar.server.ws.WsUtils.writeProtobuf;
+
+public class EditCommentAction implements HotspotsWsAction {
+  private static final String PARAM_COMMENT = "comment";
+  private static final String PARAM_TEXT = "text";
+  private static final Integer MAXIMUM_COMMENT_LENGTH = 1000;
+
+  private final DbClient dbClient;
+  private final HotspotWsSupport hotspotWsSupport;
+  private final UserSession userSession;
+  private final System2 system2;
+
+  public EditCommentAction(DbClient dbClient, HotspotWsSupport hotspotWsSupport, UserSession userSession, System2 system2) {
+    this.dbClient = dbClient;
+    this.hotspotWsSupport = hotspotWsSupport;
+    this.userSession = userSession;
+    this.system2 = system2;
+  }
+
+  @Override
+  public void define(WebService.NewController controller) {
+    WebService.NewAction action = controller.createAction("edit_comment")
+      .setDescription("Edit a comment.<br/>" +
+        "Requires authentication and the following permission: 'Browse' on the project of the specified hotspot.")
+      .setSince("8.2")
+      .setHandler(this)
+      .setPost(true)
+      .setInternal(true)
+      .setResponseExample(getClass().getResource("edit-comment-example.json"));
+
+    action.createParam(PARAM_COMMENT)
+      .setDescription("Comment key")
+      .setRequired(true)
+      .setExampleValue(UUID_EXAMPLE_01);
+    action.createParam(PARAM_TEXT)
+      .setDescription("Comment text")
+      .setMaximumLength(MAXIMUM_COMMENT_LENGTH)
+      .setRequired(true)
+      .setExampleValue("Safe because it doesn't apply to the context");
+  }
+
+  @Override
+  public void handle(Request request, Response response) throws Exception {
+    hotspotWsSupport.checkLoggedIn();
+
+    String commentKey = request.mandatoryParam(PARAM_COMMENT);
+    String text = request.mandatoryParam(PARAM_TEXT);
+
+    try (DbSession dbSession = dbClient.openSession(false)) {
+      IssueChangeDto hotspotComment = getHotspotComment(commentKey, dbSession);
+      validate(dbSession, hotspotComment);
+      editComment(dbSession, hotspotComment, text);
+      Comment commentData = prepareResponse(dbSession, hotspotComment);
+      writeProtobuf(commentData, request, response);
+    }
+  }
+
+  private IssueChangeDto getHotspotComment(String commentKey, DbSession dbSession) {
+    return dbClient.issueChangeDao().selectCommentByKey(dbSession, commentKey)
+      .orElseThrow(() -> new NotFoundException(format("Comment with key '%s' does not exist", commentKey)));
+  }
+
+  private void validate(DbSession dbSession, IssueChangeDto issueChangeDto) {
+    hotspotWsSupport.loadAndCheckProject(dbSession, issueChangeDto.getIssueKey());
+    checkArgument(Objects.equals(issueChangeDto.getUserUuid(), userSession.getUuid()), "You can only edit your own comments");
+  }
+
+  private void editComment(DbSession dbSession, IssueChangeDto hotspotComment, String text) {
+    hotspotComment.setUpdatedAt(system2.now());
+    hotspotComment.setChangeData(text);
+    dbClient.issueChangeDao().update(dbSession, hotspotComment);
+    dbSession.commit();
+  }
+
+  private Comment prepareResponse(DbSession dbSession, IssueChangeDto hotspotComment) {
+    Comment.Builder commentBuilder = Comment.newBuilder();
+    commentBuilder.clear()
+      .setKey(hotspotComment.getKey())
+      .setUpdatable(true)
+      .setCreatedAt(DateUtils.formatDateTime(new Date(hotspotComment.getIssueChangeCreationDate())));
+    getUserByUuid(dbSession, hotspotComment.getUserUuid()).ifPresent(user -> commentBuilder.setLogin(user.getLogin()));
+    String markdown = hotspotComment.getChangeData();
+    commentBuilder
+      .setHtmlText(Markdown.convertToHtml(markdown))
+      .setMarkdown(markdown);
+    return commentBuilder.build();
+  }
+
+  private Optional<UserDto> getUserByUuid(DbSession dbSession, String userUuid) {
+    return Optional.ofNullable(dbClient.userDao().selectByUuid(dbSession, userUuid));
+  }
+}
diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/HotspotsWsModule.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/HotspotsWsModule.java
index 1979b02e076..a1d0024d93f 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/HotspotsWsModule.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/hotspot/ws/HotspotsWsModule.java
@@ -33,6 +33,7 @@ public class HotspotsWsModule extends Module {
       ChangeStatusAction.class,
       AddCommentAction.class,
       DeleteCommentAction.class,
+      EditCommentAction.class,
       HotspotsWs.class);
   }
 }
diff --git a/server/sonar-webserver-webapi/src/main/resources/org/sonar/server/hotspot/ws/edit-comment-example.json b/server/sonar-webserver-webapi/src/main/resources/org/sonar/server/hotspot/ws/edit-comment-example.json
new file mode 100644
index 00000000000..e3f3d00d49f
--- /dev/null
+++ b/server/sonar-webserver-webapi/src/main/resources/org/sonar/server/hotspot/ws/edit-comment-example.json
@@ -0,0 +1,8 @@
+{
+  "key": "AXA-7jPwFopJOMlkuOJl",
+  "login": "KK0Odk5YEWrylVRK5l2wWwYkVDY43I",
+  "htmlText": "new comment",
+  "markdown": "new comment",
+  "updatable": true,
+  "createdAt": "2019-01-01T15:22:43+0100"
+}
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/AddCommentActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/AddCommentActionTest.java
index 195d04ba75b..185ce575fe7 100644
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/AddCommentActionTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/AddCommentActionTest.java
@@ -86,6 +86,8 @@ public class AddCommentActionTest {
   @Test
   public void ws_is_internal() {
     assertThat(actionTester.getDef().isInternal()).isTrue();
+    assertThat(actionTester.getDef().isPost()).isTrue();
+    assertThat(actionTester.getDef().param("comment").maximumLength()).isEqualTo(1000);
   }
 
   @Test
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/EditCommentActionTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/EditCommentActionTest.java
new file mode 100644
index 00000000000..c4cd190fb92
--- /dev/null
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/EditCommentActionTest.java
@@ -0,0 +1,192 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.server.hotspot.ws;
+
+import java.util.Optional;
+import org.junit.Rule;
+import org.junit.Test;
+import org.sonar.api.server.ws.WebService.Param;
+import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
+import org.sonar.db.DbClient;
+import org.sonar.db.DbTester;
+import org.sonar.db.component.ComponentDto;
+import org.sonar.db.issue.IssueChangeDto;
+import org.sonar.db.issue.IssueDto;
+import org.sonar.db.user.UserDto;
+import org.sonar.server.exceptions.NotFoundException;
+import org.sonar.server.exceptions.UnauthorizedException;
+import org.sonar.server.tester.UserSessionRule;
+import org.sonar.server.ws.TestRequest;
+import org.sonar.server.ws.TestResponse;
+import org.sonar.server.ws.WsActionTester;
+import org.sonarqube.ws.Common;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.mock;
+
+public class EditCommentActionTest {
+
+  @Rule
+  public DbTester dbTester = DbTester.create(System2.INSTANCE);
+
+  @Rule
+  public UserSessionRule userSessionRule = UserSessionRule.standalone();
+
+  private DbClient dbClient = dbTester.getDbClient();
+  private System2 system2 = mock(System2.class);
+  private HotspotWsSupport hotspotWsSupport = new HotspotWsSupport(dbClient, userSessionRule, system2);
+
+  private EditCommentAction underTest = new EditCommentAction(dbClient, hotspotWsSupport, userSessionRule, system2);
+  private WsActionTester actionTester = new WsActionTester(underTest);
+
+  @Test
+  public void verify_ws_def() {
+    assertThat(actionTester.getDef().isInternal()).isTrue();
+    assertThat(actionTester.getDef().isPost()).isTrue();
+
+    Param commentKeyParam = actionTester.getDef().param("comment");
+    assertThat(commentKeyParam).isNotNull();
+    assertThat(commentKeyParam.isRequired()).isTrue();
+
+    Param textParam = actionTester.getDef().param("text");
+    assertThat(textParam).isNotNull();
+    assertThat(textParam.isRequired()).isTrue();
+    assertThat(textParam.maximumLength()).isEqualTo(1000);
+  }
+
+  @Test
+  public void edit_comment_from_hotspot_private_project() {
+    UserDto userEditingOwnComment = dbTester.users().insertUser();
+
+    ComponentDto project = dbTester.components().insertPrivateProject();
+
+    IssueDto hotspot = dbTester.issues().insertHotspot(h -> h.setProject(project));
+    IssueChangeDto comment = dbTester.issues().insertComment(hotspot, userEditingOwnComment, "Some comment");
+
+    assertThat(getHotspotCommentByKey(comment.getKey()))
+      .isNotEmpty();
+
+    userSessionRule.logIn(userEditingOwnComment);
+    userSessionRule.addProjectPermission(UserRole.USER, project);
+
+    TestRequest request = newRequest(comment.getKey(), "new comment");
+
+    Common.Comment modifiedComment = request.executeProtobuf(Common.Comment.class);
+    assertThat(modifiedComment.getKey()).isEqualTo(comment.getKey());
+    assertThat(modifiedComment.getMarkdown()).isEqualTo("new comment");
+    assertThat(modifiedComment.getHtmlText()).isEqualTo("new comment");
+    assertThat(modifiedComment.getLogin()).isEqualTo(userEditingOwnComment.getLogin());
+  }
+
+  @Test
+  public void edit_comment_from_hotspot_public_project() {
+    UserDto userEditingComment = dbTester.users().insertUser();
+
+    ComponentDto project = dbTester.components().insertPublicProject();
+
+    IssueDto hotspot = dbTester.issues().insertHotspot(h -> h.setProject(project));
+    IssueChangeDto comment = dbTester.issues().insertComment(hotspot, userEditingComment, "Some comment");
+
+    userSessionRule.logIn(userEditingComment);
+    userSessionRule.registerComponents(project);
+
+    TestRequest request = newRequest(comment.getKey(), "new comment");
+
+    Common.Comment modifiedComment = request.executeProtobuf(Common.Comment.class);
+    assertThat(modifiedComment.getKey()).isEqualTo(comment.getKey());
+    assertThat(modifiedComment.getMarkdown()).isEqualTo("new comment");
+    assertThat(modifiedComment.getHtmlText()).isEqualTo("new comment");
+    assertThat(modifiedComment.getLogin()).isEqualTo(userEditingComment.getLogin());
+  }
+
+  @Test
+  public void fails_with_UnauthorizedException_if_user_is_anonymous() {
+    userSessionRule.anonymous();
+
+    TestRequest request = actionTester.newRequest();
+
+    assertThatThrownBy(request::execute)
+      .isInstanceOf(UnauthorizedException.class)
+      .hasMessage("Authentication is required");
+  }
+
+  @Test
+  public void fails_if_comment_with_provided_key_does_not_exist() {
+    userSessionRule.logIn();
+
+    TestRequest request = newRequest("not-existing-comment-key", "some new comment");
+
+    assertThatThrownBy(request::execute)
+      .isInstanceOf(NotFoundException.class)
+      .hasMessage("Comment with key 'not-existing-comment-key' does not exist");
+  }
+
+  @Test
+  public void fails_if_trying_to_edit_comment_of_another_user_in_private_project() {
+    UserDto userTryingToDelete = dbTester.users().insertUser();
+    UserDto userWithHotspotComment = dbTester.users().insertUser();
+
+    ComponentDto project = dbTester.components().insertPrivateProject();
+
+    IssueDto hotspot = dbTester.issues().insertHotspot(h -> h.setProject(project));
+    IssueChangeDto comment = dbTester.issues().insertComment(hotspot, userWithHotspotComment, "Some comment");
+
+    userSessionRule.logIn(userTryingToDelete);
+    userSessionRule.addProjectPermission(UserRole.USER, project);
+
+    TestRequest request = newRequest(comment.getKey(), "new comment");
+
+    assertThatThrownBy(request::execute)
+      .isInstanceOf(IllegalArgumentException.class)
+      .hasMessage("You can only edit your own comments");
+  }
+
+  @Test
+  public void fails_if_trying_to_delete_comment_of_another_user_in_public_project() {
+    UserDto userTryingToEdit = dbTester.users().insertUser();
+    UserDto userWithHotspotComment = dbTester.users().insertUser();
+
+    ComponentDto project = dbTester.components().insertPublicProject();
+
+    IssueDto hotspot = dbTester.issues().insertHotspot(h -> h.setProject(project));
+    IssueChangeDto comment = dbTester.issues().insertComment(hotspot, userWithHotspotComment, "Some comment");
+
+    userSessionRule.logIn(userTryingToEdit)
+      .registerComponents(project);
+
+    TestRequest request = newRequest(comment.getKey(), "new comment");
+
+    assertThatThrownBy(request::execute)
+      .isInstanceOf(IllegalArgumentException.class)
+      .hasMessage("You can only edit your own comments");
+  }
+
+  private TestRequest newRequest(String commentKey, String text) {
+    return actionTester.newRequest()
+      .setParam("comment", commentKey)
+      .setParam("text", text);
+  }
+
+  private Optional<IssueChangeDto> getHotspotCommentByKey(String commentKey) {
+    return dbClient.issueChangeDao().selectCommentByKey(dbTester.getSession(), commentKey);
+  }
+}
diff --git a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/HotspotsWsModuleTest.java b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/HotspotsWsModuleTest.java
index 099aecbd6a2..a3278771037 100644
--- a/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/HotspotsWsModuleTest.java
+++ b/server/sonar-webserver-webapi/src/test/java/org/sonar/server/hotspot/ws/HotspotsWsModuleTest.java
@@ -30,7 +30,7 @@ public class HotspotsWsModuleTest {
   public void verify_count_of_added_components() {
     ComponentContainer container = new ComponentContainer();
     new HotspotsWsModule().configure(container);
-    assertThat(container.size()).isEqualTo(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER + 9);
+    assertThat(container.size()).isEqualTo(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER + 10);
   }
 
 }
diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/client/hotspots/EditCommentRequest.java b/sonar-ws/src/main/java/org/sonarqube/ws/client/hotspots/EditCommentRequest.java
new file mode 100644
index 00000000000..f52fcb56951
--- /dev/null
+++ b/sonar-ws/src/main/java/org/sonarqube/ws/client/hotspots/EditCommentRequest.java
@@ -0,0 +1,61 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarqube.ws.client.hotspots;
+
+import javax.annotation.Generated;
+
+/**
+ * This is part of the internal API.
+ * This is a POST request.
+ * @see <a href="https://next.sonarqube.com/sonarqube/web_api/api/hotspots/edit_comment">Further information about this action online (including a response example)</a>
+ * @since 8.2
+ */
+@Generated("sonar-ws-generator")
+public class EditCommentRequest {
+
+  private String comment;
+  private String text;
+
+  /**
+   * This is a mandatory parameter.
+   * Example value: "AU-Tpxb--iU5OvuD2FLy"
+   */
+  public EditCommentRequest setComment(String comment) {
+    this.comment = comment;
+    return this;
+  }
+
+  public String getComment() {
+    return comment;
+  }
+
+  /**
+   * This is a mandatory parameter.
+   * Example value: "Safe because it doesn't apply to the context"
+   */
+  public EditCommentRequest setText(String text) {
+    this.text = text;
+    return this;
+  }
+
+  public String getText() {
+    return text;
+  }
+}
diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/client/hotspots/HotspotsService.java b/sonar-ws/src/main/java/org/sonarqube/ws/client/hotspots/HotspotsService.java
index 4b37ba48a43..709876ac0a1 100644
--- a/sonar-ws/src/main/java/org/sonarqube/ws/client/hotspots/HotspotsService.java
+++ b/sonar-ws/src/main/java/org/sonarqube/ws/client/hotspots/HotspotsService.java
@@ -21,6 +21,7 @@ package org.sonarqube.ws.client.hotspots;
 
 import java.util.stream.Collectors;
 import javax.annotation.Generated;
+import org.sonarqube.ws.Common;
 import org.sonarqube.ws.Hotspots;
 import org.sonarqube.ws.MediaTypes;
 import org.sonarqube.ws.client.BaseService;
@@ -90,6 +91,22 @@ public class HotspotsService extends BaseService {
    *
    * This is part of the internal API.
    * This is a POST request.
+   * @see <a href="https://next.sonarqube.com/sonarqube/web_api/api/hotspots/edit_comment">Further information about this action online (including a response example)</a>
+   * @since 8.2
+   */
+  public Common.Comment editComment(EditCommentRequest request) {
+    return call(
+      new PostRequest(path("edit_comment"))
+        .setParam("comment", request.getComment())
+        .setParam("text", request.getText())
+        .setMediaType(MediaTypes.JSON),
+      Common.Comment.parser());
+  }
+
+  /**
+   *
+   * This is part of the internal API.
+   * This is a POST request.
    * @see <a href="https://next.sonarqube.com/sonarqube/web_api/api/hotspots/delete_comment">Further information about this action online (including a response example)</a>
    * @since 8.2
    */