From fe82c967b8b9d187bc4f8515601e99b7ebe14085 Mon Sep 17 00:00:00 2001
From: Konstantin Schaper <konstantin.schaper@cloudogu.com>
Date: Fri, 30 Sep 2022 10:27:41 +0200
Subject: [PATCH] Fix creating a repository permission without a name breaking
 the repository (#2126)

If a POST request is submitted to the rest api for repostory permissions, the regex validator ignores the name field if it is null, which leads to an internal server error and breaks any further attempts to interact with that repository. An additional not-null constraint resolves this problem.
---
 .../repository_permission_without_name.yaml       |  2 ++
 .../api/v2/resources/RepositoryPermissionDto.java |  2 ++
 .../RepositoryPermissionRootResourceTest.java     | 15 +++++++++++++++
 3 files changed, 19 insertions(+)
 create mode 100644 gradle/changelog/repository_permission_without_name.yaml

diff --git a/gradle/changelog/repository_permission_without_name.yaml b/gradle/changelog/repository_permission_without_name.yaml
new file mode 100644
index 0000000000..fae2f6e73d
--- /dev/null
+++ b/gradle/changelog/repository_permission_without_name.yaml
@@ -0,0 +1,2 @@
+- type: fixed
+  description: Creating a repository permission without a name breaks the repository ([#2126](https://github.com/scm-manager/scm-manager/pull/2126))
diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryPermissionDto.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryPermissionDto.java
index 05c23f0d73..75dc0f11f9 100644
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryPermissionDto.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryPermissionDto.java
@@ -33,6 +33,7 @@ import lombok.ToString;
 import javax.validation.constraints.NotEmpty;
 import sonia.scm.util.ValidationUtil;
 
+import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
 
 import java.util.Collection;
@@ -43,6 +44,7 @@ public class RepositoryPermissionDto extends HalRepresentation implements Update
 
   public static final String GROUP_PREFIX = "@";
 
+  @NotNull
   @Pattern(regexp = ValidationUtil.REGEX_NAME)
   private String name;
 
diff --git a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryPermissionRootResourceTest.java b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryPermissionRootResourceTest.java
index d929bd4ebf..ec2f35402a 100644
--- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryPermissionRootResourceTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryPermissionRootResourceTest.java
@@ -275,6 +275,21 @@ public class RepositoryPermissionRootResourceTest extends RepositoryTestBase {
     assertEquals(400, response.getStatus());
   }
 
+  @Test
+  public void shouldGet400OnCreatingNewPermissionWithoutName() throws URISyntaxException {
+    createUserWithRepository("user");
+    String permissionJson = "{ \"verbs\": [\"*\"] }";
+    MockHttpRequest request = MockHttpRequest
+      .post("/" + RepositoryRootResource.REPOSITORIES_PATH_V2 + PATH_OF_ALL_PERMISSIONS)
+      .content(permissionJson.getBytes())
+      .contentType(VndMediaType.REPOSITORY_PERMISSION);
+    MockHttpResponse response = new MockHttpResponse();
+
+    dispatcher.invoke(request, response);
+
+    assertEquals(400, response.getStatus());
+  }
+
   @Test
   public void shouldGetCreatedPermissions() throws URISyntaxException {
     createUserWithRepositoryAndPermissions(TEST_PERMISSIONS, PERMISSION_WRITE);