diff --git a/source/java/org/alfresco/rest/api/impl/PeopleImpl.java b/source/java/org/alfresco/rest/api/impl/PeopleImpl.java index dbe6a6969b..7652b1623a 100644 --- a/source/java/org/alfresco/rest/api/impl/PeopleImpl.java +++ b/source/java/org/alfresco/rest/api/impl/PeopleImpl.java @@ -50,11 +50,7 @@ import org.alfresco.service.cmr.repository.ContentService; import org.alfresco.service.cmr.repository.ContentWriter; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; -import org.alfresco.service.cmr.security.AuthenticationService; -import org.alfresco.service.cmr.security.AuthorityService; -import org.alfresco.service.cmr.security.MutableAuthenticationService; -import org.alfresco.service.cmr.security.NoSuchPersonException; -import org.alfresco.service.cmr.security.PersonService; +import org.alfresco.service.cmr.security.*; import org.alfresco.service.cmr.site.SiteService; import org.alfresco.service.cmr.thumbnail.ThumbnailService; import org.alfresco.service.cmr.usage.ContentUsageService; @@ -87,7 +83,12 @@ public class PeopleImpl implements People private static final List EXCLUDED_ASPECTS = Arrays.asList(); private static final List EXCLUDED_PROPS = Arrays.asList(); private static final int USERNAME_MAXLENGTH = 100; - protected Nodes nodes; + private static final String[] RESERVED_AUTHORITY_PREFIXES = + { + PermissionService.GROUP_PREFIX, + PermissionService.ROLE_PREFIX + }; + protected Nodes nodes; protected Sites sites; protected SiteService siteService; @@ -512,12 +513,14 @@ public class PeopleImpl implements People private void validateCreatePersonData(Person person) { - validateUsername(person.getUserName()); - validateNamespaces(person.getAspectNames(), person.getProperties()); + // Mandatory field checks first checkRequiredField("id", person.getUserName()); checkRequiredField("firstName", person.getFirstName()); checkRequiredField("email", person.getEmail()); checkRequiredField("password", person.getPassword()); + + validateUsername(person.getUserName()); + validateNamespaces(person.getAspectNames(), person.getProperties()); } private void validateUsername(String username) @@ -531,6 +534,14 @@ public class PeopleImpl implements People { throw new IllegalArgumentException("Username contains characters that are not permitted."); } + + for (String prefix : RESERVED_AUTHORITY_PREFIXES) + { + if (username.toUpperCase().startsWith(prefix)) + { + throw new IllegalArgumentException("Username cannot start with the reserved prefix '"+prefix+"'."); + } + } } private void validateNamespaces(List aspectNames, Map properties) diff --git a/source/test-java/org/alfresco/rest/api/tests/TestPeople.java b/source/test-java/org/alfresco/rest/api/tests/TestPeople.java index bbf2efc397..310f3555c8 100644 --- a/source/test-java/org/alfresco/rest/api/tests/TestPeople.java +++ b/source/test-java/org/alfresco/rest/api/tests/TestPeople.java @@ -300,6 +300,19 @@ public class TestPeople extends EnterpriseTestApi person.setUserName("myUser/Name@" + account1.getId()); people.create(person, 400); + // check for reserved authority prefixes + person.setUserName("GROUP_EVERYONE"); + people.create(person, 400); + + person.setUserName("GROUP_mygroup"); + people.create(person, 400); + + person.setUserName("ROLE_ANYTHING"); + people.create(person, 400); + + // lower case + person.setUserName("role_whatever"); + people.create(person, 400); } @Test @@ -456,10 +469,14 @@ public class TestPeople extends EnterpriseTestApi // -ve: not enough fields! { - // Create a person with no fields set. + // Create a person with no fields other than user ID set. Person person = new Person(); person.setUserName("joe.bloggs.2@"+account1.getId()); people.create(person, 400); + + // Missing ID + person.setUserName(null); + people.create(person, 400); } }