From e4e335b7e178439849c353d9934b894fdc3827b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Pfeuffer?= Date: Mon, 6 May 2019 15:12:58 +0200 Subject: [PATCH] Validate repository roles --- .../api/v2/resources/RepositoryRoleDto.java | 3 ++ .../RepositoryRoleRootResourceTest.java | 42 +++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryRoleDto.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryRoleDto.java index 9bd64b4ce8..50867b4f92 100644 --- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryRoleDto.java +++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryRoleDto.java @@ -6,6 +6,7 @@ import de.otto.edison.hal.Links; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; +import org.hibernate.validator.constraints.NotEmpty; import java.util.Collection; @@ -13,7 +14,9 @@ import java.util.Collection; @Setter @NoArgsConstructor public class RepositoryRoleDto extends HalRepresentation { + @NotEmpty private String name; + @NoBlankStrings @NotEmpty private Collection verbs; RepositoryRoleDto(Links links, Embedded embedded) { diff --git a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryRoleRootResourceTest.java b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryRoleRootResourceTest.java index 057658877e..0323df27e4 100644 --- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryRoleRootResourceTest.java +++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryRoleRootResourceTest.java @@ -225,6 +225,48 @@ public class RepositoryRoleRootResourceTest { ); } + @Test + public void shouldFailForEmptyName() throws URISyntaxException { + MockHttpRequest request = MockHttpRequest + .post("/" + RepositoryRoleRootResource.REPOSITORY_ROLES_PATH_V2) + .contentType(VndMediaType.REPOSITORY_ROLE) + .content(content("{'name': '', 'verbs': ['write', 'push']}")); + MockHttpResponse response = new MockHttpResponse(); + + dispatcher.invoke(request, response); + + assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_BAD_REQUEST); + verify(repositoryRoleManager, never()).create(any()); + } + + @Test + public void shouldFailForMissingVerbs() throws URISyntaxException { + MockHttpRequest request = MockHttpRequest + .post("/" + RepositoryRoleRootResource.REPOSITORY_ROLES_PATH_V2) + .contentType(VndMediaType.REPOSITORY_ROLE) + .content(content("{'name': 'ok', 'verbs': []}")); + MockHttpResponse response = new MockHttpResponse(); + + dispatcher.invoke(request, response); + + assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_BAD_REQUEST); + verify(repositoryRoleManager, never()).create(any()); + } + + @Test + public void shouldFailForEmptyVerb() throws URISyntaxException { + MockHttpRequest request = MockHttpRequest + .post("/" + RepositoryRoleRootResource.REPOSITORY_ROLES_PATH_V2) + .contentType(VndMediaType.REPOSITORY_ROLE) + .content(content("{'name': 'ok', 'verbs': ['', 'push']}")); + MockHttpResponse response = new MockHttpResponse(); + + dispatcher.invoke(request, response); + + assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_BAD_REQUEST); + verify(repositoryRoleManager, never()).create(any()); + } + @Test @SubjectAware(username = "dent") public void shouldNotGetCreateLinkWithoutPermission() throws URISyntaxException, UnsupportedEncodingException {