diff --git a/remote-api/src/main/java/org/alfresco/rest/api/impl/rules/ActionParameterConverter.java b/remote-api/src/main/java/org/alfresco/rest/api/impl/rules/ActionParameterConverter.java index 1c3cf11eb2..d849bb7e24 100644 --- a/remote-api/src/main/java/org/alfresco/rest/api/impl/rules/ActionParameterConverter.java +++ b/remote-api/src/main/java/org/alfresco/rest/api/impl/rules/ActionParameterConverter.java @@ -34,6 +34,7 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Objects; import org.alfresco.rest.api.Nodes; import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException; @@ -51,6 +52,7 @@ import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.QName; +import org.apache.logging.log4j.util.Strings; import org.json.JSONArray; import org.json.JSONException; import org.springframework.beans.factory.NoSuchBeanDefinitionException; @@ -58,6 +60,8 @@ import org.springframework.beans.factory.NoSuchBeanDefinitionException; @Experimental public class ActionParameterConverter { + static final String ACTION_PARAMETER_SHOULD_NOT_HAVE_EMPTY_OR_NULL_VALUE = + "Action parameter should not have empty or null value"; private final DictionaryService dictionaryService; private final ActionService actionService; private final NamespaceService namespaceService; @@ -93,6 +97,9 @@ public class ActionParameterConverter for (Map.Entry param : params.entrySet()) { + if (Objects.toString(param.getValue(), Strings.EMPTY).isEmpty()) { + throw new InvalidArgumentException(ACTION_PARAMETER_SHOULD_NOT_HAVE_EMPTY_OR_NULL_VALUE, new String[] {param.getKey()}); + } final ParameterDefinition paramDef = definition.getParameterDefintion(param.getKey()); if (paramDef == null && !definition.getAdhocPropertiesAllowed()) { @@ -159,16 +166,17 @@ public class ActionParameterConverter } else { - if (typeQName.equals(DataTypeDefinition.QNAME) && typeQName.toString().contains(":")) + final String stringValue = Objects.toString(propertyValue, Strings.EMPTY); + if (typeQName.isMatch(DataTypeDefinition.QNAME) && typeQName.toString().contains(":")) { - value = QName.createQName(propertyValue.toString(), namespaceService); + value = QName.createQName(stringValue, namespaceService); } else if (typeQName.isMatch(DataTypeDefinition.NODE_REF)) { - NodeRef nodeRef = nodes.validateOrLookupNode(propertyValue.toString(), null); + NodeRef nodeRef = nodes.validateOrLookupNode(stringValue, null); if (permissionService.hasReadPermission(nodeRef) != ALLOWED) { - throw new EntityNotFoundException(propertyValue.toString()); + throw new EntityNotFoundException(stringValue); } value = nodeRef; } diff --git a/remote-api/src/test/java/org/alfresco/rest/api/impl/rules/ActionParameterConverterTest.java b/remote-api/src/test/java/org/alfresco/rest/api/impl/rules/ActionParameterConverterTest.java index 5bd9e7254b..98d24839e8 100644 --- a/remote-api/src/test/java/org/alfresco/rest/api/impl/rules/ActionParameterConverterTest.java +++ b/remote-api/src/test/java/org/alfresco/rest/api/impl/rules/ActionParameterConverterTest.java @@ -44,6 +44,7 @@ import java.io.Serializable; import java.util.List; import java.util.Map; +import com.fasterxml.jackson.core.JsonProcessingException; import org.alfresco.repo.action.executer.AddFeaturesActionExecuter; import org.alfresco.repo.action.executer.CheckInActionExecuter; import org.alfresco.repo.action.executer.CheckOutActionExecuter; @@ -56,6 +57,7 @@ import org.alfresco.repo.action.executer.SetPropertyValueActionExecuter; import org.alfresco.repo.action.executer.SimpleWorkflowActionExecuter; import org.alfresco.rest.api.Nodes; import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException; +import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException; import org.alfresco.rest.framework.core.exceptions.NotFoundException; import org.alfresco.service.Experimental; import org.alfresco.service.cmr.action.ActionDefinition; @@ -67,6 +69,7 @@ import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.QName; +import org.apache.logging.log4j.util.Strings; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -609,6 +612,28 @@ public class ActionParameterConverterTest assertThatExceptionOfType(EntityNotFoundException.class).isThrownBy(() -> objectUnderTest.getConvertedParams(params, name)); } + @Test + public void testNullParamValue() + { + final String name = CheckOutActionExecuter.NAME; + final String destinationFolderKey = CheckOutActionExecuter.PARAM_DESTINATION_FOLDER; + final String assocNameKey = CheckOutActionExecuter.PARAM_ASSOC_QNAME; + final String assocTypeKey = CheckOutActionExecuter.PARAM_ASSOC_TYPE_QNAME; + final Map params = + Map.of(destinationFolderKey, Strings.EMPTY, assocNameKey, Strings.EMPTY, assocTypeKey, Strings.EMPTY); + + given(actionService.getActionDefinition(name)).willReturn(actionDefinition); + + //when + assertThrows(InvalidArgumentException.class, () ->objectUnderTest.getConvertedParams(params, name)); + + then(actionService).should().getActionDefinition(name); + then(actionService).shouldHaveNoMoreInteractions(); + then(actionDefinition).shouldHaveNoInteractions(); + then(dictionaryService).shouldHaveNoInteractions(); + then(namespaceService).shouldHaveNoInteractions(); + } + @Test public void testInvalidActionDefinitionConversion() { final String invalidName = "dummy-definition";