inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

REPO-1943: RestAPI: Deleting a non-existent group member does not return 404.

Browse Source 
- Added verification for group membership existence.
This commit is contained in:
Raluca Munteanu
2017-10-17 10:48:18 +03:00
parent 701b8a8b0c
commit 3c3afb10c7
2 changed files with 36 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/main/java/org/alfresco/rest/api/impl/GroupsImpl.java
View File

@@ -58,6 +58,7 @@ import org.alfresco.rest.api.model.GroupMember;
import org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException;
import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
import org.alfresco.rest.framework.core.exceptions.NotFoundException;
import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
import org.alfresco.rest.framework.core.exceptions.UnsupportedResourceOperationException;
import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo;
@@ -809,7 +810,15 @@ public class GroupsImpl implements Groups
}
validateGroupMemberId(groupMemberId);
// TODO: Verify if groupMemberId is member of groupId
// Verify if groupMemberId is member of groupId
AuthorityType authorityType = AuthorityType.getAuthorityType(groupMemberId);
Set<String> containedAuthorities = authorityService.getContainedAuthorities(authorityType, groupId, true);
if (!containedAuthorities.contains(groupMemberId))
{
throw new NotFoundException(groupMemberId + " is not member of " + groupId);
}
authorityService.removeAuthority(groupId, groupMemberId);
}

32
src/test/java/org/alfresco/rest/api/tests/GroupsTest.java
View File

@@ -25,6 +25,23 @@
*/
package org.alfresco.rest.api.tests;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.rest.AbstractSingleNetworkSiteTest;
import org.alfresco.rest.api.tests.client.PublicApiClient;
@@ -47,11 +64,6 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import javax.servlet.http.HttpServletResponse;
import java.util.*;
import static org.junit.Assert.*;
/**
* V1 REST API tests for managing Groups
*
@@ -1780,6 +1792,12 @@ public class GroupsTest extends AbstractSingleNetworkSiteTest
groupsProxy.deleteGroupMembership(GROUP_EVERYONE, groupMemberA.getId(), HttpServletResponse.SC_CONFLICT);
}
// Removing a group that is not a member (REPO-1943)
{
setRequestContext(user1);
groupsProxy.deleteGroupMembership(groupB.getId(), personMember.getId(), HttpServletResponse.SC_NOT_FOUND);
}
// Authentication failed
{
setRequestContext(networkOne.getId(), GUID.generate(), "password");
@@ -1788,8 +1806,10 @@ public class GroupsTest extends AbstractSingleNetworkSiteTest
// User does not have permission to delete a group membership
{
setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
groupsProxy.createGroupMember(groupA.getId(), personMember, HttpServletResponse.SC_CREATED);
setRequestContext(user1);
groupsProxy.deleteGroupMembership(groupA.getId(), groupMemberA.getId(), HttpServletResponse.SC_FORBIDDEN);
groupsProxy.deleteGroupMembership(groupA.getId(), personMember.getId(), HttpServletResponse.SC_FORBIDDEN);
}
}
finally