From 216d34a03e53819a864c78708aa4721b38a7bb28 Mon Sep 17 00:00:00 2001
From: Cristian Turlica <cristian.turlica@ness.com>
Date: Wed, 25 Jan 2017 09:04:42 +0000
Subject: [PATCH] REPO-1800: Create group with an id that contains "/" does not
 return an error    - added validation

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@134748 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 source/java/org/alfresco/rest/api/impl/GroupsImpl.java   | 5 +++++
 .../org/alfresco/rest/api/tests/GroupsTest.java          | 9 +++++++++
 2 files changed, 14 insertions(+)

diff --git a/source/java/org/alfresco/rest/api/impl/GroupsImpl.java b/source/java/org/alfresco/rest/api/impl/GroupsImpl.java
index 7d3c5fcace..bec89c6ae5 100644
--- a/source/java/org/alfresco/rest/api/impl/GroupsImpl.java
+++ b/source/java/org/alfresco/rest/api/impl/GroupsImpl.java
@@ -701,6 +701,11 @@ public class GroupsImpl implements Groups
                 throw new InvalidArgumentException("groupId is null or empty");
             }
 
+            if (group.getId().indexOf('/') != -1)
+            {
+                throw new IllegalArgumentException("groupId contains characters that are not permitted.");
+            }
+
             if (groupAuthorityExists(group.getId()))
             {
                 throw new ConstraintViolatedException("Group '" + group.getId() + "' already exists.");
diff --git a/source/test-java/org/alfresco/rest/api/tests/GroupsTest.java b/source/test-java/org/alfresco/rest/api/tests/GroupsTest.java
index f4f5e96299..612f1645ce 100644
--- a/source/test-java/org/alfresco/rest/api/tests/GroupsTest.java
+++ b/source/test-java/org/alfresco/rest/api/tests/GroupsTest.java
@@ -881,6 +881,15 @@ public class GroupsTest extends AbstractSingleNetworkSiteTest
             groupsProxy.createGroup(group, null, HttpServletResponse.SC_BAD_REQUEST);
         }
 
+        // Create group with an id that contains "/" should return an error.
+        {
+            setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
+
+            Group group = new Group();
+            group.setId("/test/");
+            groupsProxy.createGroup(group, null, HttpServletResponse.SC_BAD_REQUEST);
+        }
+
         // Id clashes with an existing group.
         {
             setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);