SONAR-9448 Sanitize api/qualityprofiles/remove_project

server/sonar-server/src/main/java/org/sonar/server/component/ComponentFinder.java

@@ -146,6 +146,7 @@ public OrganizationDto getOrganization(DbSession dbSession, ComponentDto compone
   public enum ParamNames {
     PROJECT_ID_AND_KEY("projectId", "projectKey"),
     PROJECT_UUID_AND_KEY("projectUuid", "projectKey"),
+    PROJECT_UUID_AND_PROJECT("projectUuid", "project"),
     UUID_AND_KEY("uuid", "key"),
     ID_AND_KEY("id", "key"),
     COMPONENT_ID_AND_KEY("componentId", "componentKey"),

server/sonar-server/src/main/java/org/sonar/server/qualityprofile/ws/RemoveProjectAction.java

@@ -34,9 +34,10 @@
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.user.UserSession;
 
+import static org.sonar.core.util.Uuids.UUID_EXAMPLE_09;
 import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.ACTION_REMOVE_PROJECT;
-import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT_KEY;
+import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT;
 import static org.sonarqube.ws.client.qualityprofile.QualityProfileWsParameters.PARAM_PROJECT_UUID;
 
 public class RemoveProjectAction implements QProfileWsAction {
@@ -59,31 +60,34 @@ public RemoveProjectAction(DbClient dbClient, UserSession userSession, Languages
   public void define(WebService.NewController controller) {
     NewAction action = controller.createAction(ACTION_REMOVE_PROJECT)
       .setSince("5.2")
-      .setDescription("Remove a project's association with a quality profile.")
+      .setDescription("Remove a project's association with a quality profile.<br> " +
+        "Requires to be logged in and the 'Administer Quality Profiles' permission.")
       .setPost(true)
       .setHandler(this);
     QProfileReference.defineParams(action, languages);
     QProfileWsSupport.createOrganizationParam(action).setSince("6.4");
 
-    action.createParam(PARAM_PROJECT_UUID)
-      .setDescription("A project UUID. Either this parameter, or projectKey must be set.")
-      .setExampleValue("69e57151-be0d-4157-adff-c06741d88879");
-    action.createParam(PARAM_PROJECT_KEY)
-      .setDescription("A project key. Either this parameter, or projectUuid must be set.")
+    action.createParam(PARAM_PROJECT)
+      .setDescription("Project key")
+      .setDeprecatedKey("projectKey", "6.5")
       .setExampleValue(KEY_PROJECT_EXAMPLE_001);
+
+    action.createParam(PARAM_PROJECT_UUID)
+      .setDescription("Project ID. Either this parameter, or '%s' must be set.", PARAM_PROJECT)
+      .setDeprecatedSince("6.5")
+      .setExampleValue(UUID_EXAMPLE_09);
   }
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    // fail fast if not logged in
     userSession.checkLoggedIn();
 
     try (DbSession dbSession = dbClient.openSession(false)) {
       ComponentDto project = loadProject(dbSession, request);
       QProfileDto profile = wsSupport.getProfile(dbSession, QProfileReference.from(request));
 
       if (!profile.getOrganizationUuid().equals(project.getOrganizationUuid())) {
-        throw new IllegalArgumentException("Project and Quality profile must have same organization");
+        throw new IllegalArgumentException("Project and Quality profile must have the same organization");
       }
 
       dbClient.qualityProfileDao().deleteProjectProfileAssociation(dbSession, project, profile);
@@ -94,9 +98,9 @@ public void handle(Request request, Response response) throws Exception {
   }
 
   private ComponentDto loadProject(DbSession dbSession, Request request) {
-    String projectKey = request.param(PARAM_PROJECT_KEY);
+    String projectKey = request.param(PARAM_PROJECT);
     String projectUuid = request.param(PARAM_PROJECT_UUID);
-    ComponentDto project = componentFinder.getByUuidOrKey(dbSession, projectUuid, projectKey, ComponentFinder.ParamNames.PROJECT_UUID_AND_KEY);
+    ComponentDto project = componentFinder.getByUuidOrKey(dbSession, projectUuid, projectKey, ComponentFinder.ParamNames.PROJECT_UUID_AND_PROJECT);
     checkAdministrator(project);
     return project;
   }

server/sonar-server/src/test/java/org/sonar/server/qualityprofile/ws/RemoveProjectActionTest.java

@@ -60,24 +60,35 @@ public class RemoveProjectActionTest {
   private DbClient dbClient = db.getDbClient();
   private Languages languages = LanguageTesting.newLanguages(LANGUAGE_1, LANGUAGE_2);
   private QProfileWsSupport wsSupport = new QProfileWsSupport(dbClient, userSession, TestDefaultOrganizationProvider.from(db));
+
   private RemoveProjectAction underTest = new RemoveProjectAction(dbClient, userSession, languages,
       new ComponentFinder(dbClient, new ResourceTypesRule().setRootQualifiers(Qualifiers.PROJECT)), wsSupport);
-  private WsActionTester tester = new WsActionTester(underTest);
+  private WsActionTester ws = new WsActionTester(underTest);
 
   @Test
-  public void test_definition() {
-    WebService.Action definition = tester.getDef();
+  public void definition() {
+    WebService.Action definition = ws.getDef();
+
     assertThat(definition.since()).isEqualTo("5.2");
     assertThat(definition.isPost()).isTrue();
+    assertThat(definition.key()).isEqualTo("remove_project");
 
-    // parameters
-    assertThat(definition.params()).extracting(WebService.Param::key).containsOnly("profile", "profileName", "projectKey", "language", "projectUuid", "organization");
+    assertThat(definition.params()).extracting(WebService.Param::key).containsOnly("profile", "profileName", "project", "language", "projectUuid", "organization");
     WebService.Param languageParam = definition.param("language");
     assertThat(languageParam.possibleValues()).containsOnly(LANGUAGE_1, LANGUAGE_2);
     assertThat(languageParam.exampleValue()).isNull();
+    assertThat(languageParam.deprecatedSince()).isEqualTo("6.5");
     WebService.Param organizationParam = definition.param("organization");
     assertThat(organizationParam.since()).isEqualTo("6.4");
     assertThat(organizationParam.isInternal()).isTrue();
+    WebService.Param profile = definition.param("profile");
+    assertThat(profile.deprecatedKey()).isEqualTo("profileKey");
+    WebService.Param profileName = definition.param("profileName");
+    assertThat(profileName.deprecatedSince()).isEqualTo("6.5");
+    WebService.Param project = definition.param("project");
+    assertThat(project.deprecatedKey()).isEqualTo("projectKey");
+    WebService.Param projectUuid = definition.param("projectUuid");
+    assertThat(projectUuid.deprecatedSince()).isEqualTo("6.5");
   }
 
   @Test
@@ -154,7 +165,7 @@ public void throw_NotFoundException_if_project_does_not_exist() {
     expectedException.expect(NotFoundException.class);
     expectedException.expectMessage("Component id 'unknown' not found");
 
-    tester.newRequest()
+    ws.newRequest()
       .setParam("projectUuid", "unknown")
       .setParam("profileKey", profile.getKee())
       .execute();
@@ -168,7 +179,7 @@ public void throw_NotFoundException_if_profile_does_not_exist() {
     expectedException.expect(NotFoundException.class);
     expectedException.expectMessage("Quality Profile with key 'unknown' does not exist");
 
-    tester.newRequest()
+    ws.newRequest()
       .setParam("projectUuid", project.uuid())
       .setParam("profileKey", "unknown")
       .execute();
@@ -189,7 +200,7 @@ private void logInAsProfileAdmin() {
   }
 
   private TestResponse call(ComponentDto project, QProfileDto qualityProfile) {
-    TestRequest request = tester.newRequest()
+    TestRequest request = ws.newRequest()
       .setParam("projectUuid", project.uuid())
       .setParam("profileKey", qualityProfile.getKee());
     return request.execute();