SONAR-7839 Return Anyone group even if it has no permission

2 files changed, 42 insertions, 2 deletions

diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java
index a15f79ea141..8b809248748 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/GroupsActionTest.java
@@ -171,7 +171,7 @@ public class GroupsActionTest {
   }
 
   @Test
-  public void return_only_for_groups_with_permission_when_no_search_query() {
+  public void return_also_groups_without_permission_when_search_query() {
     userSession.login().setGlobalPermissions(SYSTEM_ADMIN);
 
     ComponentDto project = componentDb.insertComponent(newProjectDto("project-uuid"));
@@ -196,7 +196,7 @@ public class GroupsActionTest {
   }
 
   @Test
-  public void return_also_for_groups_without_permission_when_search_query() {
+  public void return_only_groups_with_permission_when_no_search_query() {
     userSession.login().setGlobalPermissions(SYSTEM_ADMIN);
 
     ComponentDto project = componentDb.insertComponent(newProjectDto("project-uuid"));
@@ -218,6 +218,25 @@ public class GroupsActionTest {
   }
 
   @Test
+  public void return_anyone_group_when_search_query_and_no_param_permission() {
+    userSession.login().setGlobalPermissions(SYSTEM_ADMIN);
+
+    ComponentDto project = componentDb.insertComponent(newProjectDto("project-uuid"));
+    GroupDto group = insertGroup(new GroupDto().setName("group-with-permission"));
+    insertGroupRole(new GroupRoleDto()
+      .setGroupId(group.getId())
+      .setRole(ISSUE_ADMIN)
+      .setResourceId(project.getId()));
+
+    String result = ws.newRequest()
+      .setParam(PARAM_PROJECT_ID, "project-uuid")
+      .setParam(TEXT_QUERY, "nyo")
+      .execute().getInput();
+
+    assertThat(result).contains("Anyone");
+  }
+
+  @Test
   public void search_groups_on_views() {
     ComponentDto view = componentDb.insertComponent(newView("view-uuid").setKey("view-key"));
     GroupDto group = insertGroup(new GroupDto().setName("project-group-name"));
diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateGroupsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateGroupsActionTest.java
index 40db57eb694..4998a9a70b8 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateGroupsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateGroupsActionTest.java
@@ -285,6 +285,27 @@ public class TemplateGroupsActionTest {
   }
 
   @Test
+  public void search_with_text_query_return_anyone_group_even_when_no_permission_set() throws IOException {
+    logAsSysAdminUser();
+
+    PermissionTemplateDto template = dbClient.permissionTemplateDao().insert(dbSession, newPermissionTemplateDto().setUuid("template-uuid-1"));
+    GroupDto group = insertGroup(new GroupDto().setName("group"));
+    addGroupToTemplate(newPermissionTemplateGroup(USER, template.getId(), group.getId()));
+    commit();
+
+    InputStream responseStream = ws.newRequest()
+      .setMediaType(PROTOBUF)
+      .setParam(PARAM_TEMPLATE_ID, template.getUuid())
+      .setParam(TEXT_QUERY, "nyo")
+      .execute()
+      .getInputStream();
+    WsGroupsResponse response = WsGroupsResponse.parseFrom(responseStream);
+
+    assertThat(response.getGroupsList()).extracting("name").containsExactly("Anyone");
+    assertThat(response.getGroups(0).getPermissionsList()).isEmpty();
+  }
+
+  @Test
   public void fail_if_not_logged_in() {
     userSession.anonymous();