SONAR-11220 Nb tokens is returned only for logged user or System Administrators (#885)

author: Benoit <43733395+benoit-sns@users.noreply.github.com> 2018-10-29 10:43:07 +0000
committer: sonartech <sonartech@sonarsource.com> 2018-10-30 12:42:03 +0100
commit: 39db83f50fc00ad01b2ed898bf6a8b39b51f4c9c (patch)
tree: 2fbef65945aa849c5e284fa6a7f8d7db06fcf0a3
parent: 7a421e5ba7a6a9fedcb89e110632f249df17895b (diff)
download: sonarqube-39db83f50fc00ad01b2ed898bf6a8b39b51f4c9c.tar.gz
sonarqube-39db83f50fc00ad01b2ed898bf6a8b39b51f4c9c.zip
2 files changed, 33 insertions, 7 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java
index bfb1d3ad9e0..d4af058fba3 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/SearchAction.java
@@ -92,6 +92,7 @@ public class SearchAction implements UsersWsAction {
     WebService.NewAction action = controller.createAction("search")
       .setDescription("Get a list of active users. <br/>" +
         "Administer System permission is required to show the 'groups' field.<br/>" +
+        "Field 'tokensCount' is only accessible to System Administrator and logged in user.<br/>" +
         "When accessed anonymously, only logins and names are returned.")
       .setSince("3.6")
       .setChangelog(
@@ -152,7 +153,7 @@ public class SearchAction implements UsersWsAction {
       setIfNeeded(FIELD_ACTIVE, fields, user.isActive(), userBuilder::setActive);
       setIfNeeded(FIELD_LOCAL, fields, user.isLocal(), userBuilder::setLocal);
       setIfNeeded(FIELD_EXTERNAL_PROVIDER, fields, user.getExternalIdentityProvider(), userBuilder::setExternalProvider);
-      setIfNeeded(FIELD_TOKENS_COUNT, fields, tokensCount, userBuilder::setTokensCount);
+      setIfNeeded(isNeeded(FIELD_TOKENS_COUNT, fields) && user.getLogin().equals(userSession.getLogin()), tokensCount, userBuilder::setTokensCount);
       setIfNeeded(isNeeded(FIELD_SCM_ACCOUNTS, fields) && !user.getScmAccountsAsList().isEmpty(), user.getScmAccountsAsList(),
         scm -> userBuilder.setScmAccounts(ScmAccounts.newBuilder().addAllScmAccounts(scm)));
     }
@@ -161,6 +162,7 @@ public class SearchAction implements UsersWsAction {
       setIfNeeded(isNeeded(FIELD_GROUPS, fields) && !groups.isEmpty(), groups,
         g -> userBuilder.setGroups(Groups.newBuilder().addAllGroups(g)));
       setIfNeeded(FIELD_EXTERNAL_IDENTITY, fields, user.getExternalLogin(), userBuilder::setExternalIdentity);
+      setIfNeeded(FIELD_TOKENS_COUNT, fields, tokensCount, userBuilder::setTokensCount);
     }
     return userBuilder.build();
   }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java
index 6def2160c4c..3d4db8c9073 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/SearchActionTest.java
@@ -133,19 +133,43 @@ public class SearchActionTest {
   }
 
   @Test
-  public void return_tokens_count() {
+  public void return_tokens_count_for_logged_user() {
     UserDto user = db.users().insertUser();
     db.users().insertToken(user);
     db.users().insertToken(user);
     userIndexer.indexOnStartup(null);
+
     userSession.logIn();
+    assertThat(ws.newRequest()
+        .executeProtobuf(SearchWsResponse.class).getUsersList())
+        .extracting(User::getLogin, User::hasTokensCount)
+        .containsExactlyInAnyOrder(tuple(user.getLogin(), false));
 
-    SearchWsResponse response = ws.newRequest()
-      .executeProtobuf(SearchWsResponse.class);
+    userSession.logIn(user);
+    assertThat(ws.newRequest()
+        .executeProtobuf(SearchWsResponse.class).getUsersList())
+        .extracting(User::getLogin, User::getTokensCount)
+        .containsExactlyInAnyOrder(tuple(user.getLogin(), 2));
+  }
 
-    assertThat(response.getUsersList())
-      .extracting(User::getLogin, User::getTokensCount)
-      .containsExactlyInAnyOrder(tuple(user.getLogin(), 2));
+  @Test
+  public void return_tokens_count_when_system_administer() {
+    UserDto user = db.users().insertUser();
+    db.users().insertToken(user);
+    db.users().insertToken(user);
+    userIndexer.indexOnStartup(null);
+
+    userSession.logIn().setSystemAdministrator();
+    assertThat(ws.newRequest()
+      .executeProtobuf(SearchWsResponse.class).getUsersList())
+        .extracting(User::getLogin, User::getTokensCount)
+        .containsExactlyInAnyOrder(tuple(user.getLogin(), 2));
+
+    userSession.logIn();
+    assertThat(ws.newRequest()
+        .executeProtobuf(SearchWsResponse.class).getUsersList())
+        .extracting(User::getLogin, User::hasTokensCount)
+        .containsExactlyInAnyOrder(tuple(user.getLogin(), false));
   }
 
   @Test
author	Benoit <43733395+benoit-sns@users.noreply.github.com>	2018-10-29 10:43:07 +0000
committer	sonartech <sonartech@sonarsource.com>	2018-10-30 12:42:03 +0100
commit	39db83f50fc00ad01b2ed898bf6a8b39b51f4c9c (patch)
tree	2fbef65945aa849c5e284fa6a7f8d7db06fcf0a3
parent	7a421e5ba7a6a9fedcb89e110632f249df17895b (diff)
download	sonarqube-39db83f50fc00ad01b2ed898bf6a8b39b51f4c9c.tar.gz sonarqube-39db83f50fc00ad01b2ed898bf6a8b39b51f4c9c.zip