aboutsummaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java5
-rw-r--r--server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java16
2 files changed, 21 insertions, 0 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java
index 2b454da4f4d..6e939c99bfa 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/organization/ws/SearchAction.java
@@ -88,6 +88,11 @@ public class SearchAction implements OrganizationsWsAction {
@Override
public void handle(Request request, Response response) throws Exception {
+ boolean isMember = request.mandatoryParamAsBoolean(PARAM_MEMBER);
+ if (isMember){
+ userSession.checkLoggedIn();
+ }
+
try (DbSession dbSession = dbClient.openSession(false)) {
OrganizationQuery dbQuery = buildDbQuery(request);
int total = dbClient.organizationDao().countByQuery(dbSession, dbQuery);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java
index 945b3159ee1..4294078260c 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/organization/ws/SearchActionTest.java
@@ -34,6 +34,7 @@ import org.sonar.db.DbTester;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
+import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.organization.OrganizationValidationImpl;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.TestRequest;
@@ -290,6 +291,21 @@ public class SearchActionTest {
.doesNotContain(organizationWithoutMember.getKey());
}
+ @Test
+ public void fail_if_member_is_set_to_true_but_user_is_not_authenticated(){
+ UserDto user = db.users().insertUser();
+ OrganizationDto organization = db.organizations().insert();
+ db.organizations().addMember(organization, user);
+
+ userSession.anonymous();
+
+ expectedException.expect(UnauthorizedException.class);
+ expectedException.expectMessage("Authentication is required");
+
+ call(ws.newRequest().setParam(PARAM_MEMBER, String.valueOf(true)));
+ }
+
+
private List<Organization> executeRequestAndReturnList(@Nullable Integer page, @Nullable Integer pageSize, String... keys) {
return call(page, pageSize, keys).getOrganizationsList();
}