Validate repository roles

scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryRoleDto.java

@@ -6,6 +6,7 @@ import de.otto.edison.hal.Links;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
+import org.hibernate.validator.constraints.NotEmpty;
 
 import java.util.Collection;
 
@@ -13,7 +14,9 @@ import java.util.Collection;
 @Setter
 @NoArgsConstructor
 public class RepositoryRoleDto extends HalRepresentation {
+  @NotEmpty
   private String name;
+  @NoBlankStrings @NotEmpty
   private Collection<String> verbs;
 
   RepositoryRoleDto(Links links, Embedded embedded) {

scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryRoleRootResourceTest.java

@@ -225,6 +225,48 @@ public class RepositoryRoleRootResourceTest {
       );
   }
 
+  @Test
+  public void shouldFailForEmptyName() throws URISyntaxException {
+    MockHttpRequest request = MockHttpRequest
+      .post("/" + RepositoryRoleRootResource.REPOSITORY_ROLES_PATH_V2)
+      .contentType(VndMediaType.REPOSITORY_ROLE)
+      .content(content("{'name': '', 'verbs': ['write', 'push']}"));
+    MockHttpResponse response = new MockHttpResponse();
+
+    dispatcher.invoke(request, response);
+
+    assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_BAD_REQUEST);
+    verify(repositoryRoleManager, never()).create(any());
+  }
+
+  @Test
+  public void shouldFailForMissingVerbs() throws URISyntaxException {
+    MockHttpRequest request = MockHttpRequest
+      .post("/" + RepositoryRoleRootResource.REPOSITORY_ROLES_PATH_V2)
+      .contentType(VndMediaType.REPOSITORY_ROLE)
+      .content(content("{'name': 'ok', 'verbs': []}"));
+    MockHttpResponse response = new MockHttpResponse();
+
+    dispatcher.invoke(request, response);
+
+    assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_BAD_REQUEST);
+    verify(repositoryRoleManager, never()).create(any());
+  }
+
+  @Test
+  public void shouldFailForEmptyVerb() throws URISyntaxException {
+    MockHttpRequest request = MockHttpRequest
+      .post("/" + RepositoryRoleRootResource.REPOSITORY_ROLES_PATH_V2)
+      .contentType(VndMediaType.REPOSITORY_ROLE)
+      .content(content("{'name': 'ok', 'verbs': ['', 'push']}"));
+    MockHttpResponse response = new MockHttpResponse();
+
+    dispatcher.invoke(request, response);
+
+    assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_BAD_REQUEST);
+    verify(repositoryRoleManager, never()).create(any());
+  }
+
   @Test
   @SubjectAware(username = "dent")
   public void shouldNotGetCreateLinkWithoutPermission() throws URISyntaxException, UnsupportedEncodingException {