From 4d29332cb6299f2659d08147eae7b90f53137a36 Mon Sep 17 00:00:00 2001
From: Tuna Aksoy <tuna.aksoy@alfresco.com>
Date: Wed, 27 May 2015 15:59:48 +0000
Subject: [PATCH] RM-2268 (If the currentPage attribute value is changed to a
 invalid one in the URL the Security Clearance page is not displayed in error)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@104905 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../UserSecurityClearanceGet.java             | 25 +++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/classification/UserSecurityClearanceGet.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/classification/UserSecurityClearanceGet.java
index 89cf2602cb..e21c153aab 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/classification/UserSecurityClearanceGet.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/classification/UserSecurityClearanceGet.java
@@ -57,6 +57,7 @@ public class UserSecurityClearanceGet extends AbstractRmWebScript
     private static final String ITEMS = "items";
     private static final String DATA = "data";
     private static final String NAME_FILTER = "nameFilter";
+    private static final String PAGE_NUMBER = "page";
 
     /** Security clearance service */
     private SecurityClearanceService securityClearanceService;
@@ -92,11 +93,19 @@ public class UserSecurityClearanceGet extends AbstractRmWebScript
         setSortProps(userQueryParams, req);
 
         PagingResults<SecurityClearance> usersSecurityClearance = getSecurityClearanceService().getUsersSecurityClearance(userQueryParams);
+
+        int total = getTotal(usersSecurityClearance).intValue();
+        int maxItems = userQueryParams.getMaxItems();
+        if (getPageNumber(req) > Math.ceil((double) total / (double) maxItems))
+        {
+            throw new WebScriptException("The requested page is not valid");
+        }
+
         List<SecurityClearance> securityClearanceItems = getSecurityClearanceItems(usersSecurityClearance);
 
         Map<String, Object> securityClearanceData = new HashMap<>();
-        securityClearanceData.put(TOTAL, getTotal(usersSecurityClearance));
-        securityClearanceData.put(MAX_ITEMS, userQueryParams.getMaxItems());
+        securityClearanceData.put(TOTAL, total);
+        securityClearanceData.put(MAX_ITEMS, maxItems);
         securityClearanceData.put(SKIP_COUNT, userQueryParams.getSkipCount());
         securityClearanceData.put(ITEM_COUNT, securityClearanceItems.size());
         securityClearanceData.put(ITEMS, securityClearanceItems);
@@ -145,6 +154,18 @@ public class UserSecurityClearanceGet extends AbstractRmWebScript
         return req.getParameter(NAME_FILTER);
     }
 
+    /**
+     * Gets the page number from the webscript request
+     *
+     * @param req {@link WebScriptRequest} The webscript request
+     * @return <code>int</code> The page number
+     */
+    private int getPageNumber(WebScriptRequest req)
+    {
+        String pageNumber = req.getParameter(PAGE_NUMBER);
+        return isNotBlank(pageNumber) ? parseInt(pageNumber) : 1;
+    }
+
     /**
      * Helper method to set the max index for the request query object
      *