SONAR-11012 Private organization are not shown

to not member unless there is a public project
author: Eric Hartmann <hartmann.eric@gmail.com> 2018-07-10 11:38:47 +0200
committer: SonarTech <sonartech@sonarsource.com> 2018-07-11 20:21:23 +0200
commit: 8b864fda418e5d8ba1a9385559ca8340203d680e (patch)
tree: e7379e699aa8647743eccbd28f01a9c7dc02bf36 /server/sonar-server
parent: c05f7c7de9d840249ba684209667fd4a8014f367 (diff)
download: sonarqube-8b864fda418e5d8ba1a9385559ca8340203d680e.tar.gz
sonarqube-8b864fda418e5d8ba1a9385559ca8340203d680e.zip
2 files changed, 59 insertions, 2 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java
index 574b0a9585e..5e55a2a3de2 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/ui/ws/OrganizationAction.java
@@ -20,6 +20,7 @@
 package org.sonar.server.ui.ws;
 
 import java.util.List;
+import org.sonar.api.resources.Qualifiers;
 import org.sonar.api.server.ws.Change;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
@@ -28,6 +29,7 @@ import org.sonar.api.utils.text.JsonWriter;
 import org.sonar.api.web.page.Page;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
+import org.sonar.db.component.ComponentQuery;
 import org.sonar.db.organization.OrganizationDto;
 import org.sonar.server.organization.BillingValidations;
 import org.sonar.server.organization.BillingValidationsProxy;
@@ -36,6 +38,7 @@ import org.sonar.server.project.Visibility;
 import org.sonar.server.ui.PageRepository;
 import org.sonar.server.user.UserSession;
 
+import static org.sonar.db.organization.OrganizationDto.Subscription.PAID;
 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
 import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
 import static org.sonar.server.ws.KeyExamples.KEY_ORG_EXAMPLE_001;
@@ -84,6 +87,17 @@ public class OrganizationAction implements NavigationWsAction {
       OrganizationDto organization = checkFoundWithOptional(
         dbClient.organizationDao().selectByKey(dbSession, organizationKey),
         "No organization with key '%s'", organizationKey);
+      if (organization.getSubscription() == PAID) {
+        // If the organization is PAID without any public project then
+        // the organization is only visible to members
+        ComponentQuery query = ComponentQuery.builder()
+          .setQualifiers(Qualifiers.PROJECT)
+          .setPrivate(false)
+          .build();
+        if (dbClient.componentDao().countByQuery(dbSession, organization.getUuid(), query) == 0) {
+          userSession.checkMembership(organization);
+        }
+      }
       boolean newProjectPrivate = dbClient.organizationDao().getNewProjectPrivate(dbSession, organization);
 
       JsonWriter json = response.newJsonWriter();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java
index e34cec9cdb5..80e68c5b350 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/ui/ws/OrganizationActionTest.java
@@ -34,6 +34,7 @@ import org.sonar.core.platform.PluginRepository;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbTester;
 import org.sonar.db.organization.OrganizationDto;
+import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.organization.BillingValidations;
 import org.sonar.server.organization.BillingValidationsProxy;
 import org.sonar.server.organization.DefaultOrganizationProvider;
@@ -209,14 +210,56 @@ public class OrganizationActionTest {
 
   @Test
   public void return_subscription_flag() {
+    OrganizationDto freeOrganization = db.organizations().insert(o -> o.setSubscription(FREE));
+    assertJson(executeRequest(freeOrganization).getInput()).isSimilarTo("{\"organization\": {\"subscription\": \"FREE\"}}");
+
+    OrganizationDto sonarQubeOrganization = db.organizations().insert(o -> o.setSubscription(SONARQUBE));
+    assertJson(executeRequest(sonarQubeOrganization).getInput()).isSimilarTo("{\"organization\": {\"subscription\": \"SONARQUBE\"}}");
+
     OrganizationDto paidOrganization = db.organizations().insert(o -> o.setSubscription(PAID));
+
+    userSession.logIn()
+      .addMembership(paidOrganization);
+
     assertJson(executeRequest(paidOrganization).getInput()).isSimilarTo("{\"organization\": {\"subscription\": \"PAID\"}}");
+  }
 
+  @Test
+  public void do_not_throws_FE_when_not_member_on_free_organization() {
     OrganizationDto freeOrganization = db.organizations().insert(o -> o.setSubscription(FREE));
-    assertJson(executeRequest(freeOrganization).getInput()).isSimilarTo("{\"organization\": {\"subscription\": \"FREE\"}}");
+    executeRequest(freeOrganization).getInput();
+  }
 
+  @Test
+  public void do_not_throws_FE_when_not_member_on_sonarqube_organization() {
     OrganizationDto sonarQubeOrganization = db.organizations().insert(o -> o.setSubscription(SONARQUBE));
-    assertJson(executeRequest(sonarQubeOrganization).getInput()).isSimilarTo("{\"organization\": {\"subscription\": \"SONARQUBE\"}}");
+    executeRequest(sonarQubeOrganization).getInput();
+  }
+
+  @Test
+  public void throws_FE_when_not_member_on_private_organization() {
+    OrganizationDto paidOrganization = db.organizations().insert(o -> o.setSubscription(PAID));
+
+    expectedException.expect(ForbiddenException.class);
+    expectedException.expectMessage("You're not member of organization");
+    assertJson(executeRequest(paidOrganization).getInput()).isSimilarTo("{\"organization\": {\"subscription\": \"PAID\"}}");
+  }
+
+  @Test
+  public void do_no_throws_FE_when_not_member_on_private_organization_with_public_project() {
+    OrganizationDto paidOrganization = db.organizations().insert(o -> o.setSubscription(PAID));
+    db.components().insertPublicProject(paidOrganization);
+
+    assertJson(executeRequest(paidOrganization).getInput()).isSimilarTo("{\"organization\": {\"subscription\": \"PAID\"}}");
+  }
+
+  @Test
+  public void return_information_when_member_of_the_organization() {
+    OrganizationDto paidOrganization = db.organizations().insert(o -> o.setSubscription(PAID));
+    userSession.logIn()
+      .addMembership(paidOrganization);
+
+    executeRequest(paidOrganization).getInput();
   }
 
   @Test
author	Eric Hartmann <hartmann.eric@gmail.com>	2018-07-10 11:38:47 +0200
committer	SonarTech <sonartech@sonarsource.com>	2018-07-11 20:21:23 +0200
commit	8b864fda418e5d8ba1a9385559ca8340203d680e (patch)
tree	e7379e699aa8647743eccbd28f01a9c7dc02bf36 /server/sonar-server
parent	c05f7c7de9d840249ba684209667fd4a8014f367 (diff)
download	sonarqube-8b864fda418e5d8ba1a9385559ca8340203d680e.tar.gz sonarqube-8b864fda418e5d8ba1a9385559ca8340203d680e.zip