SONAR-9448 Sanitize api/qualityprofiles/add_project

8 files changed, 51 insertions, 30 deletions

diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/AddProjectAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/AddProjectAction.java
index d0aef49c54e..a36847023f8 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/AddProjectAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/AddProjectAction.java
@@ -34,9 +34,11 @@ import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.user.UserSession;
 
+import static org.sonar.core.util.Uuids.UUID_EXAMPLE_08;
+import static org.sonar.server.component.ComponentFinder.ParamNames.PROJECT_UUID_AND_KEY;
 import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_ADD_PROJECT;
-import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT_KEY;
+import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT_UUID;
 
 public class AddProjectAction implements QProfileWsAction {
@@ -59,24 +61,28 @@ public class AddProjectAction implements QProfileWsAction {
   public void define(WebService.NewController controller) {
     NewAction action = controller.createAction(ACTION_ADD_PROJECT)
       .setSince("5.2")
-      .setDescription("Associate a project with a quality profile.")
+      .setDescription("Associate a project with a quality profile.<br> " +
+        "Requires to be logged in and the 'Administer Quality Profiles' permission.")
       .setPost(true)
       .setHandler(this);
 
     QProfileReference.defineParams(action, languages);
-    QProfileWsSupport.createOrganizationParam(action).setSince("6.4");
+    QProfileWsSupport.createOrganizationParam(action)
+      .setSince("6.4");
 
-    action.createParam(PARAM_PROJECT_UUID)
-      .setDescription("A project UUID. Either this parameter, or projectKey must be set.")
-      .setExampleValue("69e57151-be0d-4157-adff-c06741d88879");
-    action.createParam(PARAM_PROJECT_KEY)
-      .setDescription("A project key. Either this parameter, or projectUuid must be set.")
+    action.createParam(PARAM_PROJECT)
+      .setDescription("Project key")
+      .setDeprecatedKey("projectKey", "6.5")
       .setExampleValue(KEY_PROJECT_EXAMPLE_001);
+
+    action.createParam(PARAM_PROJECT_UUID)
+      .setDescription("Project ID. Either this parameter or '%s' must be set.", PARAM_PROJECT)
+      .setDeprecatedSince("6.5")
+      .setExampleValue(UUID_EXAMPLE_08);
   }
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    // fail fast if not logged in
     userSession.checkLoggedIn();
 
     try (DbSession dbSession = dbClient.openSession(false)) {
@@ -84,7 +90,7 @@ public class AddProjectAction implements QProfileWsAction {
       QProfileDto profile = wsSupport.getProfile(dbSession, QProfileReference.from(request));
 
       if (!profile.getOrganizationUuid().equals(project.getOrganizationUuid())) {
-        throw new IllegalArgumentException("Project and Quality profile must have same organization");
+        throw new IllegalArgumentException("Project and quality profile must have the same organization");
       }
 
       QProfileDto currentProfile = dbClient.qualityProfileDao().selectAssociatedToProjectAndLanguage(dbSession, project, profile.getLanguage());
@@ -102,9 +108,9 @@ public class AddProjectAction implements QProfileWsAction {
   }
 
   private ComponentDto loadProject(DbSession dbSession, Request request) {
-    String projectKey = request.param(PARAM_PROJECT_KEY);
+    String projectKey = request.param(PARAM_PROJECT);
     String projectUuid = request.param(PARAM_PROJECT_UUID);
-    ComponentDto project = componentFinder.getByUuidOrKey(dbSession, projectUuid, projectKey, ComponentFinder.ParamNames.PROJECT_UUID_AND_KEY);
+    ComponentDto project = componentFinder.getByUuidOrKey(dbSession, projectUuid, projectKey, PROJECT_UUID_AND_KEY);
     checkAdministrator(project);
     return project;
   }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileReference.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileReference.java
index f13794632bc..9d6d1f4fcee 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileReference.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/QProfileReference.java
@@ -26,16 +26,16 @@ import org.sonar.api.resources.Language;
 import org.sonar.api.resources.Languages;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.WebService;
-import org.sonar.core.util.Uuids;
 import org.sonar.core.util.stream.MoreCollectors;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkState;
 import static java.util.Objects.requireNonNull;
 import static org.apache.commons.lang.StringUtils.isEmpty;
+import static org.sonar.core.util.Uuids.UUID_EXAMPLE_01;
 import static org.sonarqube.ws.client.component.ComponentsWsParameters.PARAM_ORGANIZATION;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_LANGUAGE;
-import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE_KEY;
+import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE_NAME;
 
 /**
@@ -150,7 +150,7 @@ public class QProfileReference {
   }
 
   public static QProfileReference from(Request request) {
-    String key = request.param(PARAM_PROFILE_KEY);
+    String key = request.param(PARAM_PROFILE);
     String organizationKey = request.param(PARAM_ORGANIZATION);
     String lang = request.param(PARAM_LANGUAGE);
     String name = request.param(PARAM_PROFILE_NAME);
@@ -175,14 +175,19 @@ public class QProfileReference {
   }
 
   public static void defineParams(WebService.NewAction action, Languages languages) {
-    action.createParam(PARAM_PROFILE_KEY)
-      .setDescription("A quality profile key. Either this parameter, or a combination of profileName + language must be set.")
-      .setExampleValue(Uuids.UUID_EXAMPLE_01);
+    action.createParam(PARAM_PROFILE)
+      .setDescription("Quality profile key")
+      .setDeprecatedKey("profileKey", "6.5")
+      .setExampleValue(UUID_EXAMPLE_01);
+
     action.createParam(PARAM_PROFILE_NAME)
-      .setDescription("A quality profile name. If this parameter is set, profileKey must not be set and language must be set to disambiguate.")
+      .setDescription("Quality profile name. If this parameter is set, '%s' must not be set and '%s' must be set to disambiguate.", PARAM_PROFILE, PARAM_LANGUAGE)
+      .setDeprecatedSince("6.5")
       .setExampleValue("Sonar way");
+
     action.createParam(PARAM_LANGUAGE)
-      .setDescription("A quality profile language. If this parameter is set, profileKey must not be set and profileName must be set to disambiguate.")
+      .setDescription("Quality profile language. If this parameter is set, '%s' must not be set and '%s' must be set to disambiguate.", PARAM_PROFILE, PARAM_LANGUAGE)
+      .setDeprecatedSince("6.5")
       .setPossibleValues(Arrays.stream(languages.all()).map(Language::getKey).collect(MoreCollectors.toSet()));
   }
 }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java
index 842f92cda66..d18e9bdaa16 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/AddProjectActionTest.java
@@ -70,10 +70,20 @@ public class AddProjectActionTest {
     assertThat(definition.isPost()).isTrue();
 
     // parameters
-    assertThat(definition.params()).extracting(WebService.Param::key).containsOnly("profileKey", "profileName", "projectKey", "language", "projectUuid", "organization");
+    assertThat(definition.params()).extracting(WebService.Param::key)
+      .containsExactlyInAnyOrder("profile", "profileName", "project", "language", "projectUuid", "organization");
+    WebService.Param profile = definition.param("profile");
+    assertThat(profile.deprecatedKey()).isEqualTo("profileKey");
+    WebService.Param profileName = definition.param("profileName");
+    assertThat(profileName.deprecatedSince()).isEqualTo("6.5");
     WebService.Param languageParam = definition.param("language");
     assertThat(languageParam.possibleValues()).containsOnly(LANGUAGE_1, LANGUAGE_2);
     assertThat(languageParam.exampleValue()).isNull();
+    assertThat(languageParam.deprecatedSince()).isEqualTo("6.5");
+    WebService.Param project = definition.param("project");
+    assertThat(project.deprecatedKey()).isEqualTo("projectKey");
+    WebService.Param projectUuid = definition.param("projectUuid");
+    assertThat(projectUuid.deprecatedSince()).isEqualTo("6.5");
     WebService.Param organizationParam = definition.param("organization");
     assertThat(organizationParam.since()).isEqualTo("6.4");
     assertThat(organizationParam.isInternal()).isTrue();
@@ -113,7 +123,7 @@ public class AddProjectActionTest {
     QProfileDto profileInOrg2 = db.qualityProfiles().insert(org2, p -> p.setLanguage(LANGUAGE_1));
 
     expectedException.expect(IllegalArgumentException.class);
-    expectedException.expectMessage("Project and Quality profile must have same organization");
+    expectedException.expectMessage("Project and quality profile must have the same organization");
 
     call(org2, project, profileInOrg2);
 
@@ -248,7 +258,7 @@ public class AddProjectActionTest {
   private TestResponse call(ComponentDto project, QProfileDto qualityProfile) {
     TestRequest request = tester.newRequest()
       .setParam("projectUuid", project.uuid())
-      .setParam("profileKey", qualityProfile.getKee());
+      .setParam("profile", qualityProfile.getKee());
     return request.execute();
   }
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/BackupActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/BackupActionTest.java
index e7a7f0b9a95..e34f3644aee 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/BackupActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/BackupActionTest.java
@@ -69,7 +69,7 @@ public class BackupActionTest {
     // parameters
     assertThat(definition.params()).hasSize(4);
     assertThat(definition.param("language")).isNotNull();
-    assertThat(definition.param("profileKey")).isNotNull();
+    assertThat(definition.param("profile")).isNotNull();
     assertThat(definition.param("profileName")).isNotNull();
     WebService.Param orgParam = definition.param("organization");
     assertThat(orgParam).isNotNull();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java
index ef74435972e..43681e40dcb 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/ChangeParentActionTest.java
@@ -148,7 +148,7 @@ public class ChangeParentActionTest {
     assertThat(changeParent).isNotNull();
     assertThat(changeParent.isPost()).isTrue();
     assertThat(changeParent.params()).extracting("key").containsExactlyInAnyOrder(
-      "organization", "profileKey", "profileName", "language", "parentKey", "parentName");
+      "organization", "profile", "profileName", "language", "parentKey", "parentName");
     assertThat(changeParent.param("organization").since()).isEqualTo("6.4");
   }
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfileReferenceTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfileReferenceTest.java
index aaab8950800..18b8aa9e2af 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfileReferenceTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfileReferenceTest.java
@@ -101,7 +101,7 @@ public class QProfileReferenceTest {
   @Test
   public void from_reads_request_parameters_and_creates_reference_by_key() {
     SimpleGetRequest req = new SimpleGetRequest();
-    req.setParam("profileKey", "foo");
+    req.setParam("profile", "foo");
 
     QProfileReference ref = QProfileReference.from(req);
     assertThat(ref.getKey()).isEqualTo("foo");
@@ -165,7 +165,7 @@ public class QProfileReferenceTest {
     WebService.Action action = wsTester.controller("api/qualityprofiles").action("do");
     assertThat(action.param("language")).isNotNull();
     assertThat(action.param("language").possibleValues()).containsOnly("java", "js");
-    assertThat(action.param("profileKey")).isNotNull();
+    assertThat(action.param("profile")).isNotNull();
     assertThat(action.param("profileName")).isNotNull();
   }
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsTest.java
index b5766f98172..8414f13a89c 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsTest.java
@@ -171,7 +171,7 @@ public class QProfilesWsTest {
     assertThat(delete).isNotNull();
     assertThat(delete.isPost()).isTrue();
     assertThat(delete.params()).hasSize(4).extracting("key").containsOnly(
-      "organization", "profileKey", "language", "profileName");
+      "organization", "profile", "language", "profileName");
   }
 
   @Test
@@ -189,7 +189,7 @@ public class QProfilesWsTest {
     assertThat(inheritance).isNotNull();
     assertThat(inheritance.isPost()).isFalse();
     assertThat(inheritance.params()).hasSize(4).extracting("key").containsExactlyInAnyOrder(
-      "organization", "profileKey", "language", "profileName");
+      "organization", "profile", "language", "profileName");
     assertThat(inheritance.responseExampleAsString()).isNotEmpty();
   }
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java
index 0c0aba001a8..a17b31e4459 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java
@@ -71,7 +71,7 @@ public class RemoveProjectActionTest {
     assertThat(definition.isPost()).isTrue();
 
     // parameters
-    assertThat(definition.params()).extracting(WebService.Param::key).containsOnly("profileKey", "profileName", "projectKey", "language", "projectUuid", "organization");
+    assertThat(definition.params()).extracting(WebService.Param::key).containsOnly("profile", "profileName", "projectKey", "language", "projectUuid", "organization");
     WebService.Param languageParam = definition.param("language");
     assertThat(languageParam.possibleValues()).containsOnly(LANGUAGE_1, LANGUAGE_2);
     assertThat(languageParam.exampleValue()).isNull();