SONAR-7874 api/user_groups/search requires now to be logged

author: Julien Lancelot <julien.lancelot@sonarsource.com> 2016-07-18 15:26:19 +0200
committer: Julien Lancelot <julien.lancelot@sonarsource.com> 2016-07-18 15:59:50 +0200
commit: 2f0e138b24b5c1ba69faa69f545a58571f2cfca2 (patch)
tree: 40776f5af135d443f3d58d6f9f8f3a80e218bc68
parent: c6ef2669cbcbb427e7d9582c2d3b6da70a7d0bf2 (diff)
download: sonarqube-2f0e138b24b5c1ba69faa69f545a58571f2cfca2.tar.gz
sonarqube-2f0e138b24b5c1ba69faa69f545a58571f2cfca2.zip
3 files changed, 41 insertions, 8 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java
index 1519c60cf7c..8c2df2adf86 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/SearchAction.java
@@ -38,6 +38,7 @@ import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.user.GroupDto;
 import org.sonar.server.es.SearchOptions;
+import org.sonar.server.user.UserSession;
 
 import static org.sonar.server.es.SearchOptions.MAX_LIMIT;
 
@@ -49,16 +50,19 @@ public class SearchAction implements UserGroupsWsAction {
   private static final String FIELD_MEMBERS_COUNT = "membersCount";
   private static final List<String> ALL_FIELDS = Arrays.asList(FIELD_NAME, FIELD_DESCRIPTION, FIELD_MEMBERS_COUNT);
 
-  private DbClient dbClient;
+  private final DbClient dbClient;
+  private final UserSession userSession;
 
-  public SearchAction(DbClient dbClient) {
+  public SearchAction(DbClient dbClient, UserSession userSession) {
     this.dbClient = dbClient;
+    this.userSession = userSession;
   }
 
   @Override
   public void define(NewController context) {
     context.createAction("search")
-      .setDescription("Search for user groups")
+      .setDescription("Search for user groups <br>." +
+        "Require to be logged.")
       .setHandler(this)
       .setResponseExample(getClass().getResource("example-search.json"))
       .setSince("5.2")
@@ -69,6 +73,7 @@ public class SearchAction implements UserGroupsWsAction {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
+    userSession.checkLoggedIn();
     int page = request.mandatoryParamAsInt(Param.PAGE);
     int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE);
     SearchOptions options = new SearchOptions()
diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java
index 605db91747d..b8c65d582db 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/SearchActionTest.java
@@ -23,15 +23,17 @@ import org.apache.commons.lang.StringUtils;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.sonar.api.server.ws.WebService.Param;
 import org.sonar.api.utils.System2;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.DbTester;
 import org.sonar.db.user.GroupDao;
-import org.sonar.db.user.GroupMembershipDao;
 import org.sonar.db.user.UserGroupDao;
 import org.sonar.db.user.UserGroupDto;
+import org.sonar.server.exceptions.UnauthorizedException;
+import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsTester;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -42,10 +44,16 @@ public class SearchActionTest {
 
   @Rule
   public DbTester db = DbTester.create(System2.INSTANCE);
+
+  @Rule
+  public UserSessionRule userSession = UserSessionRule.standalone();
+
+  @Rule
+  public ExpectedException expectedException = ExpectedException.none();
+
   private WsTester ws;
 
   private GroupDao groupDao;
-  private GroupMembershipDao groupMembershipDao;
   private UserGroupDao userGroupDao;
   private DbSession dbSession;
 
@@ -53,21 +61,22 @@ public class SearchActionTest {
   public void setUp() {
     DbClient dbClient = db.getDbClient();
     groupDao = dbClient.groupDao();
-    groupMembershipDao = dbClient.groupMembershipDao();
     userGroupDao = dbClient.userGroupDao();
 
-    ws = new WsTester(new UserGroupsWs(new SearchAction(dbClient)));
+    ws = new WsTester(new UserGroupsWs(new SearchAction(dbClient, userSession)));
 
     dbSession = dbClient.openSession(false);
   }
 
   @Test
   public void search_empty() throws Exception {
+    loginAsSimpleUser();
     newRequest().execute().assertJson(getClass(), "empty.json");
   }
 
   @Test
   public void search_without_parameters() throws Exception {
+    loginAsSimpleUser();
     insertGroups("users", "admins", "customer1", "customer2", "customer3");
     dbSession.commit();
 
@@ -76,6 +85,7 @@ public class SearchActionTest {
 
   @Test
   public void search_with_members() throws Exception {
+    loginAsSimpleUser();
     insertGroups("users", "admins", "customer1", "customer2", "customer3");
     insertMembers("users", 5);
     insertMembers("admins", 1);
@@ -87,6 +97,7 @@ public class SearchActionTest {
 
   @Test
   public void search_with_query() throws Exception {
+    loginAsSimpleUser();
     insertGroups("users", "admins", "customer%_%/1", "customer%_%/2", "customer%_%/3");
     dbSession.commit();
 
@@ -95,6 +106,7 @@ public class SearchActionTest {
 
   @Test
   public void search_with_paging() throws Exception {
+    loginAsSimpleUser();
     insertGroups("users", "admins", "customer1", "customer2", "customer3");
     dbSession.commit();
 
@@ -108,6 +120,7 @@ public class SearchActionTest {
 
   @Test
   public void search_with_fields() throws Exception {
+    loginAsSimpleUser();
     insertGroups("sonar-users");
     dbSession.commit();
 
@@ -142,6 +155,14 @@ public class SearchActionTest {
       .contains("membersCount");
   }
 
+  @Test
+  public void fail_when_not_logged() throws Exception {
+    userSession.anonymous();
+
+    expectedException.expect(UnauthorizedException.class);
+    newRequest().execute();
+  }
+
   private WsTester.TestRequest newRequest() {
     return ws.newGetRequest("api/user_groups", "search");
   }
@@ -160,4 +181,9 @@ public class SearchActionTest {
       userGroupDao.insert(dbSession, new UserGroupDto().setGroupId(groupId).setUserId((long) i + 1));
     }
   }
+
+  private void loginAsSimpleUser() {
+    userSession.login("user");
+  }
+
 }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java
index ba1a32bacd7..2e8b7a6755e 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UserGroupsWsTest.java
@@ -32,14 +32,16 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 
 public class UserGroupsWsTest {
+
   @Rule
   public UserSessionRule userSessionRule = UserSessionRule.standalone();
+
   WebService.Controller controller;
 
   @Before
   public void setUp() {
     WsTester tester = new WsTester(new UserGroupsWs(
-      new SearchAction(mock(DbClient.class)),
+      new SearchAction(mock(DbClient.class), mock(UserSession.class)),
       new CreateAction(mock(DbClient.class), mock(UserSession.class), mock(UserGroupUpdater.class))));
     controller = tester.controller("api/user_groups");
   }
author	Julien Lancelot <julien.lancelot@sonarsource.com>	2016-07-18 15:26:19 +0200
committer	Julien Lancelot <julien.lancelot@sonarsource.com>	2016-07-18 15:59:50 +0200
commit	2f0e138b24b5c1ba69faa69f545a58571f2cfca2 (patch)
tree	40776f5af135d443f3d58d6f9f8f3a80e218bc68
parent	c6ef2669cbcbb427e7d9582c2d3b6da70a7d0bf2 (diff)
download	sonarqube-2f0e138b24b5c1ba69faa69f545a58571f2cfca2.tar.gz sonarqube-2f0e138b24b5c1ba69faa69f545a58571f2cfca2.zip