inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

REPO-1813: 500 Response Code when creating a person without id

Browse Source 
Now returns 400. Also fixed to return 400 when user id starts with GROUP_ or ROLE_

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@134714 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Matt Ward
2017-01-23 11:39:01 +00:00
parent 688a068f2a
commit 6a0be6cd7a
2 changed files with 37 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
source/java/org/alfresco/rest/api/impl/PeopleImpl.java
View File

@@ -50,11 +50,7 @@ import org.alfresco.service.cmr.repository.ContentService;
import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.security.*;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.cmr.thumbnail.ThumbnailService;
import org.alfresco.service.cmr.usage.ContentUsageService;
@@ -87,7 +83,12 @@ public class PeopleImpl implements People
private static final List<QName> EXCLUDED_ASPECTS = Arrays.asList();
private static final List<QName> EXCLUDED_PROPS = Arrays.asList();
private static final int USERNAME_MAXLENGTH = 100;
protected Nodes nodes;
private static final String[] RESERVED_AUTHORITY_PREFIXES =
{
PermissionService.GROUP_PREFIX,
PermissionService.ROLE_PREFIX
};
protected Nodes nodes;
protected Sites sites;
protected SiteService siteService;
@@ -512,12 +513,14 @@ public class PeopleImpl implements People
private void validateCreatePersonData(Person person)
{
validateUsername(person.getUserName());
validateNamespaces(person.getAspectNames(), person.getProperties());
// Mandatory field checks first
checkRequiredField("id", person.getUserName());
checkRequiredField("firstName", person.getFirstName());
checkRequiredField("email", person.getEmail());
checkRequiredField("password", person.getPassword());
validateUsername(person.getUserName());
validateNamespaces(person.getAspectNames(), person.getProperties());
}
private void validateUsername(String username)
@@ -531,6 +534,14 @@ public class PeopleImpl implements People
{
throw new IllegalArgumentException("Username contains characters that are not permitted.");
}
for (String prefix : RESERVED_AUTHORITY_PREFIXES)
{
if (username.toUpperCase().startsWith(prefix))
{
throw new IllegalArgumentException("Username cannot start with the reserved prefix '"+prefix+"'.");
}
}
}
private void validateNamespaces(List<String> aspectNames, Map<String, Object> properties)