SONAR-9448 Sanitize api/qualityprofiles/deactivate_rules

3 files changed, 27 insertions, 24 deletions

diff --git a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeactivateRulesAction.java b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeactivateRulesAction.java
index 1dfda65b8c6..243f8e7d196 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeactivateRulesAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/DeactivateRulesAction.java
@@ -19,7 +19,6 @@
  */
 package org.sonar.server.qualityprofile.ws;
 
-import org.sonar.api.server.ServerSide;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
@@ -31,16 +30,15 @@ import org.sonar.server.qualityprofile.RuleActivator;
 import org.sonar.server.rule.ws.RuleQueryFactory;
 import org.sonar.server.user.UserSession;
 
+import static org.sonar.core.util.Uuids.UUID_EXAMPLE_04;
+import static org.sonar.server.qualityprofile.ws.BulkChangeWsResponse.writeResponse;
 import static org.sonar.server.rule.ws.SearchAction.defineRuleSearchParameters;
+import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_DEACTIVATE_RULES;
+import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_TARGET_PROFILE;
 
-@ServerSide
 public class DeactivateRulesAction implements QProfileWsAction {
-
-  public static final String PROFILE_KEY = "profile_key";
   public static final String SEVERITY = "activation_severity";
 
-  public static final String DEACTIVATE_RULES_ACTION = "deactivate_rules";
-
   private final RuleQueryFactory ruleQueryFactory;
   private final UserSession userSession;
   private final RuleActivator ruleActivator;
@@ -57,23 +55,25 @@ public class DeactivateRulesAction implements QProfileWsAction {
 
   public void define(WebService.NewController controller) {
     WebService.NewAction deactivate = controller
-      .createAction(DEACTIVATE_RULES_ACTION)
-      .setDescription("Bulk deactivate rules on Quality profiles")
+      .createAction(ACTION_DEACTIVATE_RULES)
+      .setDescription("Bulk deactivate rules on Quality profiles.<br>" +
+        "Requires to be logged in and the 'Administer Quality Profiles' permission.")
       .setPost(true)
       .setSince("4.4")
       .setHandler(this);
 
     defineRuleSearchParameters(deactivate);
 
-    deactivate.createParam(PROFILE_KEY)
-      .setDescription("Quality Profile Key. To retrieve a profile key for a given language please see <code>api/qualityprofiles/search</code>")
+    deactivate.createParam(PARAM_TARGET_PROFILE)
+      .setDescription("Quality Profile key on which the rule deactivation is done. To retrieve a profile key please see <code>api/qualityprofiles/search</code>")
+      .setDeprecatedKey("profile_key", "6.5")
       .setRequired(true)
-      .setExampleValue("java:MyProfile");
+      .setExampleValue(UUID_EXAMPLE_04);
   }
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    String qualityProfileKey = request.mandatoryParam(PROFILE_KEY);
+    String qualityProfileKey = request.mandatoryParam(PARAM_TARGET_PROFILE);
     userSession.checkLoggedIn();
     BulkChangeResult result;
     try (DbSession dbSession = dbClient.openSession(false)) {
@@ -82,6 +82,6 @@ public class DeactivateRulesAction implements QProfileWsAction {
       wsSupport.checkNotBuiltInt(profile);
       result = ruleActivator.bulkDeactivate(dbSession, ruleQueryFactory.createRuleQuery(dbSession, request), profile);
     }
-    BulkChangeWsResponse.writeResponse(result, response);
+    writeResponse(result, response);
   }
 }
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeactivateRulesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeactivateRulesActionTest.java
index f53472a4ddb..7936fb0387a 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeactivateRulesActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/DeactivateRulesActionTest.java
@@ -43,6 +43,7 @@ import static org.apache.commons.lang.RandomStringUtils.randomAlphanumeric;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.sonar.server.platform.db.migration.def.VarcharColumnDef.UUID_SIZE;
+import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_TARGET_PROFILE;
 
 public class DeactivateRulesActionTest {
 
@@ -86,20 +87,22 @@ public class DeactivateRulesActionTest {
       "active_severities",
       "s",
       "repositories",
-      "profile_key",
+      "targetProfile",
       "statuses",
       "rule_key",
       "available_since",
       "activation",
       "severities",
       "organization");
+    WebService.Param targetProfile = definition.param("targetProfile");
+    assertThat(targetProfile.deprecatedKey()).isEqualTo("profile_key");
   }
 
   @Test
   public void should_fail_if_not_logged_in() {
     TestRequest request = wsActionTester.newRequest()
       .setMethod("POST")
-      .setParam("profile_key", randomAlphanumeric(UUID_SIZE));
+      .setParam(PARAM_TARGET_PROFILE, randomAlphanumeric(UUID_SIZE));
 
     thrown.expect(UnauthorizedException.class);
     request.execute();
@@ -111,7 +114,7 @@ public class DeactivateRulesActionTest {
     QProfileDto qualityProfile = dbTester.qualityProfiles().insert(defaultOrganization, p -> p.setIsBuiltIn(true));
     TestRequest request = wsActionTester.newRequest()
       .setMethod("POST")
-      .setParam("profile_key", qualityProfile.getKee());
+      .setParam(PARAM_TARGET_PROFILE, qualityProfile.getKee());
 
     thrown.expect(BadRequestException.class);
 
@@ -124,7 +127,7 @@ public class DeactivateRulesActionTest {
     QProfileDto qualityProfile = dbTester.qualityProfiles().insert(organization);
     TestRequest request = wsActionTester.newRequest()
       .setMethod("POST")
-      .setParam("profile_key", qualityProfile.getKee());
+      .setParam(PARAM_TARGET_PROFILE, qualityProfile.getKee());
 
     thrown.expect(ForbiddenException.class);
     request.execute();
diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsMediumTest.java
index aafab74035f..624c04de5fb 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsMediumTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/QProfilesWsMediumTest.java
@@ -52,7 +52,6 @@ import org.sonar.server.rule.index.RuleQuery;
 import org.sonar.server.tester.ServerTester;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.ws.WsTester;
-import org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ActivateActionParameters;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.Assert.fail;
@@ -60,6 +59,7 @@ import static org.sonar.server.qualityprofile.ws.QProfilesWs.API_ENDPOINT;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_ACTIVATE_RULE;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_ACTIVATE_RULES;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_DEACTIVATE_RULE;
+import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_DEACTIVATE_RULES;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROFILE;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_RESET;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_RULE;
@@ -145,8 +145,8 @@ public class QProfilesWsMediumTest {
     assertThat(dbClient.activeRuleDao().selectByProfileUuid(dbSession, profile.getKee())).hasSize(4);
 
     // 1. Deactivate Rule
-    WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.DEACTIVATE_RULES_ACTION);
-    request.setParam(ActivateActionParameters.PARAM_PROFILE_KEY, profile.getKee());
+    WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, ACTION_DEACTIVATE_RULES);
+    request.setParam(PARAM_TARGET_PROFILE, profile.getKee());
     WsTester.Result result = request.execute();
     dbSession.clearCache();
 
@@ -171,8 +171,8 @@ public class QProfilesWsMediumTest {
     assertThat(dbClient.activeRuleDao().selectByProfileUuid(dbSession, profile.getKee())).hasSize(2);
 
     // 1. Deactivate Rule
-    WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.DEACTIVATE_RULES_ACTION);
-    request.setParam(ActivateActionParameters.PARAM_PROFILE_KEY, profile.getKee());
+    WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, ACTION_DEACTIVATE_RULES);
+    request.setParam(PARAM_TARGET_PROFILE, profile.getKee());
     WsTester.Result result = request.execute();
     dbSession.clearCache();
 
@@ -195,8 +195,8 @@ public class QProfilesWsMediumTest {
     assertThat(dbClient.activeRuleDao().selectByProfileUuid(dbSession, profile.getKee())).hasSize(2);
 
     // 1. Deactivate Rule
-    WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, DeactivateRulesAction.DEACTIVATE_RULES_ACTION);
-    request.setParam(ActivateActionParameters.PARAM_PROFILE_KEY, profile.getKee());
+    WsTester.TestRequest request = ws.newPostRequest(QProfilesWs.API_ENDPOINT, ACTION_DEACTIVATE_RULES);
+    request.setParam(PARAM_TARGET_PROFILE, profile.getKee());
     request.setParam(Param.TEXT_QUERY, "hello");
     WsTester.Result result = request.execute();
     dbSession.clearCache();