REPO-1943: RestAPI: Deleting a non-existent group member does not return 404.

- Added verification for group membership existence.

src/main/java/org/alfresco/rest/api/impl/GroupsImpl.java

@@ -58,6 +58,7 @@ import org.alfresco.rest.api.model.GroupMember;
 import org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException;
 import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
 import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
+import org.alfresco.rest.framework.core.exceptions.NotFoundException;
 import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
 import org.alfresco.rest.framework.core.exceptions.UnsupportedResourceOperationException;
 import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo;
@@ -809,7 +810,15 @@ public class GroupsImpl implements Groups
         }
 
         validateGroupMemberId(groupMemberId);
-        // TODO: Verify if groupMemberId is member of groupId
+
+        // Verify if groupMemberId is member of groupId
+        AuthorityType authorityType = AuthorityType.getAuthorityType(groupMemberId);
+        Set<String> containedAuthorities = authorityService.getContainedAuthorities(authorityType, groupId, true);
+        if (!containedAuthorities.contains(groupMemberId))
+        {
+            throw new NotFoundException(groupMemberId + " is not member of " + groupId);
+        }
+
         authorityService.removeAuthority(groupId, groupMemberId);
     }
 

src/test/java/org/alfresco/rest/api/tests/GroupsTest.java

@@ -25,6 +25,23 @@
  */
 package org.alfresco.rest.api.tests;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+
+import javax.servlet.http.HttpServletResponse;
+
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.rest.AbstractSingleNetworkSiteTest;
 import org.alfresco.rest.api.tests.client.PublicApiClient;
@@ -47,11 +64,6 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-import javax.servlet.http.HttpServletResponse;
-import java.util.*;
-
-import static org.junit.Assert.*;
-
 /**
  * V1 REST API tests for managing Groups
  *
@@ -1780,6 +1792,12 @@ public class GroupsTest extends AbstractSingleNetworkSiteTest
                 groupsProxy.deleteGroupMembership(GROUP_EVERYONE, groupMemberA.getId(), HttpServletResponse.SC_CONFLICT);
             }
 
+            // Removing a group that is not a member (REPO-1943)
+            {
+                setRequestContext(user1);
+                groupsProxy.deleteGroupMembership(groupB.getId(), personMember.getId(), HttpServletResponse.SC_NOT_FOUND);
+            }
+
             // Authentication failed
             {
                 setRequestContext(networkOne.getId(), GUID.generate(), "password");
@@ -1788,8 +1806,10 @@ public class GroupsTest extends AbstractSingleNetworkSiteTest
 
             // User does not have permission to delete a group membership
             {
+                setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD);
+                groupsProxy.createGroupMember(groupA.getId(), personMember, HttpServletResponse.SC_CREATED);
                 setRequestContext(user1);
-                groupsProxy.deleteGroupMembership(groupA.getId(), groupMemberA.getId(), HttpServletResponse.SC_FORBIDDEN);
+                groupsProxy.deleteGroupMembership(groupA.getId(), personMember.getId(), HttpServletResponse.SC_FORBIDDEN);
             }
         }
         finally