SONAR-10040 add length validation to Groups ws

4 files changed, 10 insertions, 52 deletions

diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java
index 554adff2c4d..f7117ec4fd3 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/CreateAction.java
@@ -31,6 +31,7 @@ import org.sonar.db.user.GroupDto;
 import org.sonar.server.user.UserSession;
 import org.sonarqube.ws.WsUserGroups;
 
+import static java.lang.String.format;
 import static org.sonar.api.user.UserGroupValidation.GROUP_NAME_MAX_LENGTH;
 import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
 import static org.sonar.server.usergroups.ws.GroupWsSupport.DESCRIPTION_MAX_LENGTH;
@@ -69,13 +70,15 @@ public class CreateAction implements UserGroupsWsAction {
       .setInternal(true);
 
     action.createParam(PARAM_GROUP_NAME)
-      .setDescription(String.format("Name for the new group. A group name cannot be larger than %d characters and must be unique. " +
+      .setRequired(true)
+      .setMaximumLength(GROUP_NAME_MAX_LENGTH)
+      .setDescription(format("Name for the new group. A group name cannot be larger than %d characters and must be unique. " +
         "The value 'anyone' (whatever the case) is reserved and cannot be used.", GROUP_NAME_MAX_LENGTH))
-      .setExampleValue("sonar-users")
-      .setRequired(true);
+      .setExampleValue("sonar-users");
 
     action.createParam(PARAM_GROUP_DESCRIPTION)
-      .setDescription(String.format("Description for the new group. A group description cannot be larger than %d characters.", DESCRIPTION_MAX_LENGTH))
+      .setMaximumLength(DESCRIPTION_MAX_LENGTH)
+      .setDescription(format("Description for the new group. A group description cannot be larger than %d characters.", DESCRIPTION_MAX_LENGTH))
       .setExampleValue("Default group for new users");
   }
 
@@ -92,7 +95,6 @@ public class CreateAction implements UserGroupsWsAction {
 
       // validations
       UserGroupValidation.validateGroupName(group.getName());
-      support.validateDescription(group.getDescription());
       support.checkNameDoesNotExist(dbSession, group.getOrganizationUuid(), group.getName());
 
       dbClient.groupDao().insert(dbSession, group);
diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/GroupWsSupport.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/GroupWsSupport.java
index 2e3be4be00f..bc5b4df8b88 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/GroupWsSupport.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/GroupWsSupport.java
@@ -20,11 +20,9 @@
 package org.sonar.server.usergroups.ws;
 
 import java.util.Optional;
-import javax.annotation.CheckForNull;
 import javax.annotation.Nullable;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.WebService;
-import org.sonar.api.user.UserGroupValidation;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.organization.OrganizationDto;
@@ -132,18 +130,6 @@ public class GroupWsSupport {
     return org.get();
   }
 
-  /**
-   * Similar to {@link UserGroupValidation#validateGroupName(String)} but kept internal. No need to publish
-   * this method in public API.
-   * @return the same description
-   */
-  @CheckForNull
-  String validateDescription(@Nullable String description) {
-    checkArgument(description == null || description.length() <= DESCRIPTION_MAX_LENGTH,
-      "Description cannot be longer than %s characters", DESCRIPTION_MAX_LENGTH);
-    return description;
-  }
-
   void checkNameDoesNotExist(DbSession dbSession, String organizationUuid, String name) {
     // There is no database constraint on column groups.name
     // because MySQL cannot create a unique index
diff --git a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java
index f8f73fe0396..86b54687277 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/usergroups/ws/UpdateAction.java
@@ -75,11 +75,13 @@ public class UpdateAction implements UserGroupsWsAction {
       .setRequired(true);
 
     action.createParam(PARAM_GROUP_NAME)
+      .setMaximumLength(GROUP_NAME_MAX_LENGTH)
       .setDescription(format("New optional name for the group. A group name cannot be larger than %d characters and must be unique. " +
         "Value 'anyone' (whatever the case) is reserved and cannot be used. If value is empty or not defined, then name is not changed.", GROUP_NAME_MAX_LENGTH))
       .setExampleValue("my-group");
 
     action.createParam(PARAM_GROUP_DESCRIPTION)
+      .setMaximumLength(DESCRIPTION_MAX_LENGTH)
       .setDescription(format("New optional description for the group. A group description cannot be larger than %d characters. " +
         "If value is not defined, then description is not changed.", DESCRIPTION_MAX_LENGTH))
       .setExampleValue("Default group for new users");
@@ -108,7 +110,7 @@ public class UpdateAction implements UserGroupsWsAction {
       String description = request.param(PARAM_GROUP_DESCRIPTION);
       if (description != null) {
         changed = true;
-        group.setDescription(support.validateDescription(description));
+        group.setDescription(description);
       }
 
       if (changed) {
diff --git a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java
index 07877e8cfd8..9c7b9c5303d 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/usergroups/ws/UpdateActionTest.java
@@ -19,7 +19,6 @@
  */
 package org.sonar.server.usergroups.ws;
 
-import org.apache.commons.lang.StringUtils;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
@@ -187,21 +186,6 @@ public class UpdateActionTest {
   }
 
   @Test
-  public void fail_if_name_is_too_long() throws Exception {
-    insertDefaultGroupOnDefaultOrganization();
-    GroupDto group = db.users().insertGroup();
-    loginAsAdminOnDefaultOrganization();
-
-    expectedException.expect(IllegalArgumentException.class);
-    expectedException.expectMessage("Group name cannot be longer than 255 characters");
-
-    newRequest()
-      .setParam("id", group.getId().toString())
-      .setParam("name", StringUtils.repeat("a", 255 + 1))
-      .execute();
-  }
-
-  @Test
   public void fail_if_new_name_is_anyone() throws Exception {
     insertDefaultGroupOnDefaultOrganization();
     GroupDto group = db.users().insertGroup();
@@ -235,22 +219,6 @@ public class UpdateActionTest {
   }
 
   @Test
-  public void fail_if_description_is_too_long() throws Exception {
-    insertDefaultGroupOnDefaultOrganization();
-    GroupDto group = db.users().insertGroup();
-    loginAsAdminOnDefaultOrganization();
-
-    expectedException.expect(IllegalArgumentException.class);
-    expectedException.expectMessage("Description cannot be longer than 200 characters");
-
-    newRequest()
-      .setParam("id", group.getId().toString())
-      .setParam("name", "long-group-description-is-looooooooooooong")
-      .setParam("description", StringUtils.repeat("a", 201))
-      .execute();
-  }
-
-  @Test
   public void fail_if_unknown_group_id() throws Exception {
     loginAsAdminOnDefaultOrganization();