SONAR-2412 improve checks

2 files changed, 10 insertions, 11 deletions

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/projects_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/projects_controller.rb
index df88dda1cd3..fc93e0f224c 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/projects_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/projects_controller.rb
@@ -56,16 +56,15 @@ class Api::ProjectsController < Api::ApiController
   # curl -X DELETE  http://localhost:9000/api/projects/<key> -v -u admin:admin
   #
   def destroy
-    begin
-      if params[:id].present?
-        project = Project.by_key(params[:id])
-        Project.delete_project(project)
-      end
-      render_success("Project deleted")
-    rescue Exception => e
-      logger.error("Fails to execute #{request.url} : #{e.message}")
-      render_error(e.message, 500)
-    end
+    bad_request("Missing project key") unless params[:id].present?
+     
+    project = Project.by_key(params[:id])
+    bad_request("Not valid project") unless project
+    access_denied unless is_admin?(project)
+    bad_request("Not valid project") unless project.project?
+      
+    Project.delete_project(project)
+    render_success("Project deleted")
   end
   
   private
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/project_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/project_controller.rb
index 29fc5cab8f7..4ecfd32f937 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/project_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/project_controller.rb
@@ -40,7 +40,7 @@ class ProjectController < ApplicationController
   def delete
     if params[:id]
       @project = Project.by_key(params[:id])
-      if @project && is_admin?(@project)
+      if @project && @project.project? && is_admin?(@project)
         Project.delete_project(@project)
       end
     end