SONAR-23142 Fix SSF

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/AddCommentAction.java

@@ -100,7 +100,7 @@ public void handle(Request request, Response response) {
       DefaultIssue defaultIssue = issueDto.toDefaultIssue();
       issueFieldsSetter.addComment(defaultIssue, wsRequest.getText(), context);
       SearchResponseData preloadedSearchResponseData = issueUpdater.saveIssueAndPreloadSearchResponseData(dbSession, defaultIssue, context);
-      responseWriter.write(defaultIssue.key(), preloadedSearchResponseData, request, response);
+      responseWriter.write(defaultIssue.key(), preloadedSearchResponseData, request, response, true);
     }
   }
 

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/AssignAction.java

@@ -97,7 +97,7 @@ public void handle(Request request, Response response) throws Exception {
     String assignee = getAssignee(request);
     String key = request.mandatoryParam(PARAM_ISSUE);
     SearchResponseData preloadedResponseData = assign(key, assignee);
-    responseWriter.write(key, preloadedResponseData, request, response);
+    responseWriter.write(key, preloadedResponseData, request, response, true);
   }
 
   private SearchResponseData assign(String issueKey, @Nullable String login) {

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/DeleteCommentAction.java

@@ -83,7 +83,7 @@ public void handle(Request request, Response response) {
       CommentData commentData = loadCommentData(dbSession, request);
       deleteComment(dbSession, commentData);
       IssueDto issueDto = commentData.getIssueDto();
-      responseWriter.write(issueDto.getKey(), new SearchResponseData(issueDto), request, response);
+      responseWriter.write(issueDto.getKey(), new SearchResponseData(issueDto), request, response, true);
     }
   }
 

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/DoTransitionAction.java

@@ -109,7 +109,7 @@ public void handle(Request request, Response response) {
     try (DbSession dbSession = dbClient.openSession(false)) {
       IssueDto issueDto = issueFinder.getByKey(dbSession, issue);
       SearchResponseData preloadedSearchResponseData = doTransition(dbSession, issueDto, request.mandatoryParam(PARAM_TRANSITION));
-      responseWriter.write(issue, preloadedSearchResponseData, request, response);
+      responseWriter.write(issue, preloadedSearchResponseData, request, response, true);
     }
   }
 

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/EditCommentAction.java

@@ -93,7 +93,7 @@ public void handle(Request request, Response response) {
       CommentData commentData = loadCommentData(dbSession, toWsRequest(request));
       updateComment(dbSession, commentData);
       IssueDto issueDto = commentData.getIssueDto();
-      responseWriter.write(issueDto.getKey(), new SearchResponseData(issueDto), request, response);
+      responseWriter.write(issueDto.getKey(), new SearchResponseData(issueDto), request, response, true);
     }
   }
 

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/OperationResponseWriter.java

@@ -37,11 +37,11 @@ public OperationResponseWriter(SearchResponseLoader loader, SearchResponseFormat
     this.format = format;
   }
 
-  public void write(String issueKey, SearchResponseData preloadedResponseData, Request request, Response response) {
+  public void write(String issueKey, SearchResponseData preloadedResponseData, Request request, Response response, boolean showAuthor) {
     SearchResponseLoader.Collector collector = new SearchResponseLoader.Collector(singletonList(issueKey));
     SearchResponseData data = loader.load(preloadedResponseData, collector, ALL_ADDITIONAL_FIELDS,null);
 
-    Issues.Operation responseBody = format.formatOperation(data);
+    Issues.Operation responseBody = format.formatOperation(data, showAuthor);
 
     WsUtils.writeProtobuf(responseBody, request, response);
   }

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/SearchAction.java

@@ -451,14 +451,14 @@ private SearchWsResponse doHandle(SearchRequest request) {
 
     // FIXME allow long in Paging
     Paging paging = forPageIndex(options.getPage()).withPageSize(options.getLimit()).andTotal((int) getTotalHits(result).value);
-    return searchResponseFormat.formatSearch(additionalFields, data, paging, facets);
+    return searchResponseFormat.formatSearch(additionalFields, data, paging, facets, userSession.isLoggedIn());
   }
 
   private static TotalHits getTotalHits(SearchResponse response) {
     return ofNullable(response.getHits().getTotalHits()).orElseThrow(() -> new IllegalStateException("Could not get total hits of search results"));
   }
 
-  private static SearchOptions createSearchOptionsFromRequest(SearchRequest request) {
+  private SearchOptions createSearchOptionsFromRequest(SearchRequest request) {
     SearchOptions options = new SearchOptions();
     options.setPage(request.getPage(), request.getPageSize());
 
@@ -468,7 +468,11 @@ private static SearchOptions createSearchOptionsFromRequest(SearchRequest reques
       return options;
     }
 
-    options.addFacets(facets);
+    List<String> requestedFacets = new ArrayList<>(facets);
+    if (!userSession.isLoggedIn()) {
+      requestedFacets.remove(PARAM_AUTHOR);
+    }
+    options.addFacets(requestedFacets);
     return options;
   }
 

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/SearchResponseFormat.java

@@ -90,19 +90,21 @@ public class SearchResponseFormat {
   private final TextRangeResponseFormatter textRangeFormatter;
   private final UserResponseFormatter userFormatter;
 
-  public SearchResponseFormat(Durations durations, Languages languages, TextRangeResponseFormatter textRangeFormatter, UserResponseFormatter userFormatter) {
+  public SearchResponseFormat(Durations durations, Languages languages, TextRangeResponseFormatter textRangeFormatter,
+    UserResponseFormatter userFormatter) {
     this.durations = durations;
     this.languages = languages;
     this.textRangeFormatter = textRangeFormatter;
     this.userFormatter = userFormatter;
   }
 
-  SearchWsResponse formatSearch(Set<SearchAdditionalField> fields, SearchResponseData data, Paging paging, Facets facets) {
+  SearchWsResponse formatSearch(Set<SearchAdditionalField> fields, SearchResponseData data, Paging paging, Facets facets,
+    boolean showAuthor) {
     SearchWsResponse.Builder response = SearchWsResponse.newBuilder();
 
     formatPaging(paging, response);
     ofNullable(data.getEffortTotal()).ifPresent(response::setEffortTotal);
-    response.addAllIssues(createIssues(fields, data));
+    response.addAllIssues(createIssues(fields, data, showAuthor));
     response.addAllComponents(formatComponents(data));
     formatFacets(data, facets, response);
     if (fields.contains(SearchAdditionalField.RULES)) {
@@ -117,12 +119,12 @@ SearchWsResponse formatSearch(Set<SearchAdditionalField> fields, SearchResponseD
     return response.build();
   }
 
-  Operation formatOperation(SearchResponseData data) {
+  Operation formatOperation(SearchResponseData data, boolean showAuthor) {
     Operation.Builder response = Operation.newBuilder();
 
     if (data.getIssues().size() == 1) {
       IssueDto dto = data.getIssues().get(0);
-      response.setIssue(createIssue(ALL_ADDITIONAL_FIELDS, data, dto));
+      response.setIssue(createIssue(ALL_ADDITIONAL_FIELDS, data, dto, showAuthor));
     }
     response.addAllComponents(formatComponents(data));
     response.addAllRules(formatRules(data).getRulesList());
@@ -144,20 +146,20 @@ private static Common.Paging.Builder formatPaging(Paging paging) {
       .setTotal(paging.total());
   }
 
-  private List<Issues.Issue> createIssues(Collection<SearchAdditionalField> fields, SearchResponseData data) {
+  private List<Issues.Issue> createIssues(Collection<SearchAdditionalField> fields, SearchResponseData data, boolean showAuthor) {
     return data.getIssues().stream()
-      .map(dto -> createIssue(fields, data, dto))
+      .map(dto -> createIssue(fields, data, dto, showAuthor))
       .toList();
   }
 
-  private Issue createIssue(Collection<SearchAdditionalField> fields, SearchResponseData data, IssueDto dto) {
+  private Issue createIssue(Collection<SearchAdditionalField> fields, SearchResponseData data, IssueDto dto, boolean showAuthor) {
     Issue.Builder issueBuilder = Issue.newBuilder();
-    addMandatoryFieldsToIssueBuilder(issueBuilder, dto, data);
+    addMandatoryFieldsToIssueBuilder(issueBuilder, dto, data, showAuthor);
     addAdditionalFieldsToIssueBuilder(fields, data, dto, issueBuilder);
     return issueBuilder.build();
   }
 
-  private void addMandatoryFieldsToIssueBuilder(Issue.Builder issueBuilder, IssueDto dto, SearchResponseData data) {
+  private void addMandatoryFieldsToIssueBuilder(Issue.Builder issueBuilder, IssueDto dto, SearchResponseData data, boolean showAuthor) {
     issueBuilder.setKey(dto.getKey());
     issueBuilder.setType(Common.RuleType.forNumber(dto.getType()));
 
@@ -176,6 +178,7 @@ private void addMandatoryFieldsToIssueBuilder(Issue.Builder issueBuilder, IssueD
       issueBuilder.setSeverity(Common.Severity.valueOf(dto.getSeverity()));
     }
     ofNullable(data.getUserByUuid(dto.getAssigneeUuid())).ifPresent(assignee -> issueBuilder.setAssignee(assignee.getLogin()));
+
     ofNullable(emptyToNull(dto.getResolution())).ifPresent(issueBuilder::setResolution);
     issueBuilder.setStatus(dto.getStatus());
     issueBuilder.setMessage(nullToEmpty(dto.getMessage()));
@@ -191,7 +194,9 @@ private void addMandatoryFieldsToIssueBuilder(Issue.Builder issueBuilder, IssueD
     ofNullable(emptyToNull(dto.getChecksum())).ifPresent(issueBuilder::setHash);
     completeIssueLocations(dto, issueBuilder, data);
 
-    issueBuilder.setAuthor(nullToEmpty(dto.getAuthorLogin()));
+    if (showAuthor) {
+      issueBuilder.setAuthor(nullToEmpty(dto.getAuthorLogin()));
+    }
     ofNullable(dto.getIssueCreationDate()).map(DateUtils::formatDateTime).ifPresent(issueBuilder::setCreationDate);
     ofNullable(dto.getIssueUpdateDate()).map(DateUtils::formatDateTime).ifPresent(issueBuilder::setUpdateDate);
     ofNullable(dto.getIssueCloseDate()).map(DateUtils::formatDateTime).ifPresent(issueBuilder::setCloseDate);
@@ -202,7 +207,8 @@ private void addMandatoryFieldsToIssueBuilder(Issue.Builder issueBuilder, IssueD
     issueBuilder.setScope(UNIT_TEST_FILE.equals(component.qualifier()) ? IssueScope.TEST.name() : IssueScope.MAIN.name());
   }
 
-  private static void addAdditionalFieldsToIssueBuilder(Collection<SearchAdditionalField> fields, SearchResponseData data, IssueDto dto, Issue.Builder issueBuilder) {
+  private static void addAdditionalFieldsToIssueBuilder(Collection<SearchAdditionalField> fields, SearchResponseData data, IssueDto dto,
+    Issue.Builder issueBuilder) {
     if (fields.contains(ACTIONS)) {
       issueBuilder.setActions(createIssueActions(data, dto));
     }

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/SetSeverityAction.java

@@ -103,7 +103,7 @@ public void handle(Request request, Response response) throws Exception {
     String severity = request.mandatoryParam(PARAM_SEVERITY);
     try (DbSession session = dbClient.openSession(false)) {
       SearchResponseData preloadedSearchResponseData = setType(session, issueKey, severity);
-      responseWriter.write(issueKey, preloadedSearchResponseData, request, response);
+      responseWriter.write(issueKey, preloadedSearchResponseData, request, response, true);
     }
   }
 

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/SetTagsAction.java

@@ -95,7 +95,7 @@ public void handle(Request request, Response response) throws Exception {
     String key = request.mandatoryParam(PARAM_ISSUE);
     List<String> tags = MoreObjects.firstNonNull(request.paramAsStrings(PARAM_TAGS), Collections.emptyList());
     SearchResponseData preloadedSearchResponseData = setTags(key, tags);
-    responseWriter.write(key, preloadedSearchResponseData, request, response);
+    responseWriter.write(key, preloadedSearchResponseData, request, response, true);
   }
 
   private SearchResponseData setTags(String issueKey, List<String> tags) {

server/sonar-webserver-webapi/src/main/java/org/sonar/server/issue/ws/SetTypeAction.java

@@ -107,7 +107,7 @@ public void handle(Request request, Response response) throws Exception {
     RuleType ruleType = RuleType.valueOf(request.mandatoryParam(PARAM_TYPE));
     try (DbSession session = dbClient.openSession(false)) {
       SearchResponseData preloadedSearchResponseData = setType(session, issueKey, ruleType);
-      responseWriter.write(issueKey, preloadedSearchResponseData, request, response);
+      responseWriter.write(issueKey, preloadedSearchResponseData, request, response, true);
     }
   }
 

server/sonar-webserver-webapi/src/main/java/org/sonar/server/source/ws/IssueSnippetsAction.java

@@ -145,7 +145,7 @@ private void writeSnippet(DbSession dbSession, JsonWriter writer, ComponentDto f
     componentViewerJsonWriter.writeComponentWithoutFav(writer, fileDto, dbSession, branch, pullRequest);
     componentViewerJsonWriter.writeMeasures(writer, fileDto, dbSession);
     writer.endObject();
-    linesJsonWriter.writeSource(lineSources, writer, periodDateSupplier);
+    linesJsonWriter.writeSource(lineSources, writer, periodDateSupplier, userSession.isLoggedIn());
 
     writer.endObject();
   }

server/sonar-webserver-webapi/src/main/java/org/sonar/server/source/ws/LinesAction.java

@@ -150,7 +150,7 @@ public void handle(Request request, Response response) {
         "No source found for file '%s' (uuid: %s)", file.getKey(), file.uuid());
       try (JsonWriter json = response.newJsonWriter()) {
         json.beginObject();
-        linesJsonWriter.writeSource(lines, json, periodDateSupplier);
+        linesJsonWriter.writeSource(lines, json, periodDateSupplier, userSession.isLoggedIn());
         json.endObject();
       }
     }

server/sonar-webserver-webapi/src/main/java/org/sonar/server/source/ws/LinesJsonWriter.java

@@ -34,7 +34,8 @@ public LinesJsonWriter(HtmlSourceDecorator htmlSourceDecorator) {
     this.htmlSourceDecorator = htmlSourceDecorator;
   }
 
-  public void writeSource(Iterable<DbFileSources.Line> lines, JsonWriter json, Supplier<Optional<Long>> periodDateSupplier) {
+  public void writeSource(Iterable<DbFileSources.Line> lines, JsonWriter json, Supplier<Optional<Long>> periodDateSupplier,
+    boolean showAuthor) {
     Long periodDate = null;
 
     json.name("sources").beginArray();
@@ -43,7 +44,9 @@ public void writeSource(Iterable<DbFileSources.Line> lines, JsonWriter json, Sup
         .prop("line", line.getLine())
         .prop("code", htmlSourceDecorator.getDecoratedSourceAsHtml(line.getSource(), line.getHighlighting(), line.getSymbols()))
         .prop("scmRevision", line.getScmRevision());
-      json.prop("scmAuthor", line.getScmAuthor());
+      if (showAuthor) {
+        json.prop("scmAuthor", line.getScmAuthor());
+      }
       if (line.hasScmDate()) {
         json.prop("scmDate", DateUtils.formatDateTime(new Date(line.getScmDate())));
       }

server/sonar-webserver-webapi/src/main/java/org/sonar/server/source/ws/ScmAction.java

@@ -104,7 +104,8 @@ public void handle(Request request, Response response) {
     try (DbSession dbSession = dbClient.openSession(false)) {
       ComponentDto file = componentFinder.getByKey(dbSession, fileKey);
       userSession.checkComponentPermission(UserRole.CODEVIEWER, file);
-      Iterable<DbFileSources.Line> sourceLines = checkFoundWithOptional(sourceService.getLines(dbSession, file.uuid(), from, to), "File '%s' has no sources", fileKey);
+      Iterable<DbFileSources.Line> sourceLines = checkFoundWithOptional(sourceService.getLines(dbSession, file.uuid(), from, to), "File " +
+        "'%s' has no sources", fileKey);
       try (JsonWriter json = response.newJsonWriter()) {
         json.beginObject();
         writeSource(sourceLines, commitsByLine, json);
@@ -113,16 +114,16 @@ public void handle(Request request, Response response) {
     }
   }
 
-  private static void writeSource(Iterable<DbFileSources.Line> lines, boolean showCommitsByLine, JsonWriter json) {
+  private void writeSource(Iterable<DbFileSources.Line> lines, boolean showCommitsByLine, JsonWriter json) {
     json.name("scm").beginArray();
 
     DbFileSources.Line previousLine = null;
     boolean started = false;
     for (DbFileSources.Line lineDoc : lines) {
       if (hasScm(lineDoc) && (!started || showCommitsByLine || !isSameCommit(previousLine, lineDoc))) {
         json.beginArray()
-          .value(lineDoc.getLine())
-          .value(lineDoc.getScmAuthor());
+          .value(lineDoc.getLine());
+        json.value(userSession.isLoggedIn() ? lineDoc.getScmAuthor() : "");
         json.value(lineDoc.hasScmDate() ? DateUtils.formatDateTime(new Date(lineDoc.getScmDate())) : null);
         json.value(lineDoc.getScmRevision());
         json.endArray();

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/AddCommentActionTest.java

@@ -113,7 +113,7 @@ public void add_comment() {
 
     call(issueDto.getKey(), "please fix it");
 
-    verify(responseWriter).write(eq(issueDto.getKey()), preloadedSearchResponseDataCaptor.capture(), any(Request.class), any(Response.class));
+    verify(responseWriter).write(eq(issueDto.getKey()), preloadedSearchResponseDataCaptor.capture(), any(Request.class), any(Response.class), eq(true));
     verifyContentOfPreloadedSearchResponseData(issueDto);
 
     IssueChangeDto issueComment = dbClient.issueChangeDao().selectByTypeAndIssueKeys(dbTester.getSession(), singletonList(issueDto.getKey()), TYPE_COMMENT).get(0);

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/DeleteCommentActionTest.java

@@ -75,7 +75,7 @@ public void delete_comment() {
 
     call(commentDto.getKey());
 
-    verify(responseWriter).write(eq(issueDto.getKey()), preloadedSearchResponseDataCaptor.capture(), any(Request.class), any(Response.class));
+    verify(responseWriter).write(eq(issueDto.getKey()), preloadedSearchResponseDataCaptor.capture(), any(Request.class), any(Response.class), eq(true));
     assertThat(dbClient.issueChangeDao().selectCommentByKey(dbTester.getSession(), commentDto.getKey())).isNotPresent();
     verifyContentOfPreloadedSearchResponseData(issueDto);
   }

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/DoTransitionActionTest.java

@@ -125,7 +125,7 @@ public void do_transition() {
 
     call(issue.getKey(), "confirm");
 
-    verify(responseWriter).write(eq(issue.getKey()), preloadedSearchResponseDataCaptor.capture(), any(Request.class), any(Response.class));
+    verify(responseWriter).write(eq(issue.getKey()), preloadedSearchResponseDataCaptor.capture(), any(Request.class), any(Response.class), eq(true));
     verifyContentOfPreloadedSearchResponseData(issue);
     verify(issueChangeEventService).distributeIssueChangeEvent(any(), any(), any(), any(), any(), any());
     IssueDto issueReloaded = db.getDbClient().issueDao().selectByKey(db.getSession(), issue.getKey()).get();

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/EditCommentActionTest.java

@@ -86,7 +86,7 @@ public void edit_comment() {
 
     call(commentDto.getKey(), "please have a look");
 
-    verify(responseWriter).write(eq(issueDto.getKey()), preloadedSearchResponseDataCaptor.capture(), any(Request.class), any(Response.class));
+    verify(responseWriter).write(eq(issueDto.getKey()), preloadedSearchResponseDataCaptor.capture(), any(Request.class), any(Response.class), eq(true));
 
     verifyContentOfPreloadedSearchResponseData(issueDto);
     IssueChangeDto issueComment = dbClient.issueChangeDao().selectCommentByKey(dbTester.getSession(), commentDto.getKey()).get();

server/sonar-webserver-webapi/src/test/java/org/sonar/server/issue/ws/SearchActionTest.java

@@ -916,6 +916,7 @@ public void filter_by_assigned_to_me_when_not_authenticate() {
 
   @Test
   public void search_by_author() {
+    userSession.logIn();
     ComponentDto project = db.components().insertPublicProject();
     ComponentDto file = db.components().insertComponent(newFileDto(project, null));
     RuleDto rule = db.rules().insertIssueRule();
@@ -946,6 +947,27 @@ public void search_by_author() {
       .isEmpty();
   }
 
+  @Test
+  public void hide_author_if_not_logged_in() {
+    ComponentDto project = db.components().insertPublicProject();
+    ComponentDto file = db.components().insertComponent(newFileDto(project));
+    RuleDto rule = db.rules().insertIssueRule();
+    db.issues().insertIssue(rule, project, file, i -> i.setAuthorLogin("leia"));
+    db.issues().insertIssue(rule, project, file, i -> i.setAuthorLogin("luke"));
+    db.issues().insertIssue(rule, project, file, i -> i.setAuthorLogin("han, solo"));
+    indexPermissionsAndIssues();
+
+    SearchWsResponse response = ws.newRequest()
+      .setMultiParam("author", asList("leia", "han, solo"))
+      .setParam(FACETS, "author")
+      .executeProtobuf(SearchWsResponse.class);
+
+    assertThat(response.getIssuesList())
+      .extracting(Issue::getAuthor)
+      .containsExactlyInAnyOrder("", "");
+   assertThat(response.getFacets().getFacetsList()).isEmpty();
+  }
+
   @Test
   public void filter_by_test_scope() {
     ComponentDto project = db.components().insertPublicProject("PROJECT_ID", c -> c.setKey("PROJECT_KEY"));