inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged API-STRIKES-BACK (5.2.0) to HEAD (5.2)

Browse Source 
125609 jvonka: RA-952: If relative path cannot be resolved due to a permissionn error, return 404 (rather than 403)
   - when listing children or getting node info


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@127557 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jamal Kaabi-Mofrad
2016-06-02 21:26:40 +00:00
parent d29575ff1b
commit 058d52387f
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
source/java/org/alfresco/rest/api/impl/NodesImpl.java
View File

@@ -685,6 +685,11 @@ public class NodesImpl implements Nodes
// convert checked exception
throw new NotFoundException("The entity with relativePath: " + path + " was not found.");
}
catch (AccessDeniedException ade)
{
// return 404 instead of 403 (as per security review - uuid vs path)
throw new NotFoundException("The entity with relativePath: " + path + " was not found.");
}
return fileInfo.getNodeRef();
}

8
source/test-java/org/alfresco/rest/api/tests/NodeApiTest.java
View File

@@ -529,9 +529,9 @@ public class NodeApiTest extends AbstractBaseApiTest
params = Collections.singletonMap(Nodes.PARAM_RELATIVE_PATH, "User Homes/" + user1 + "/unknown");
getAll(rootChildrenUrl, user1, paging, params, 404);
// -ve test - try to list children using relative path to node for which user does not have read permission
// -ve test - try to list children using relative path to node for which user does not have read permission (expect 404 instead of 403)
params = Collections.singletonMap(Nodes.PARAM_RELATIVE_PATH, "User Homes/" + user2);
getAll(rootChildrenUrl, user1, paging, params, 403);
getAll(rootChildrenUrl, user1, paging, params, 404);
// -ve test - try to list children using relative path to node that is of wrong type (ie. not a folder/container)
params = Collections.singletonMap(Nodes.PARAM_RELATIVE_PATH, folder1 + "/" + contentF1);
@@ -749,9 +749,9 @@ public class NodeApiTest extends AbstractBaseApiTest
params = Collections.singletonMap(Nodes.PARAM_RELATIVE_PATH, folderA+"/unknown");
getSingle(NodesEntityResource.class, user1, Nodes.PATH_MY, params, 404);
// -ve test - try to get node info using relative path to node for which user does not have read permission
// -ve test - try to get node info using relative path to node for which user does not have read permission (expect 404 instead of 403)
params = Collections.singletonMap(Nodes.PARAM_RELATIVE_PATH, "User Homes/"+user2);
getSingle(NodesEntityResource.class, user1, Nodes.PATH_ROOT, params, 403);
getSingle(NodesEntityResource.class, user1, Nodes.PATH_ROOT, params, 404);
// -ve test - attempt to get node info for non-folder node with relative path should return 400
params = Collections.singletonMap(Nodes.PARAM_RELATIVE_PATH, "/unknown");