From 75c6283fb08b37d455db54a59bc51e66e5e7d479 Mon Sep 17 00:00:00 2001 From: Alan Davis Date: Wed, 11 Jan 2017 10:34:03 +0000 Subject: [PATCH] Merged 5.2.0 (5.2.0) to HEAD (5.2) 133843 rmunteanu: REPO-1746: Merge fixes for 5.2 GA issues to 5.2.0 branch Merged 5.2.N (5.2.1) to 5.2.0 (5.2.0) 133423 jvonka: REPPO-1579: V1 REST API - create person fix - expect 403 instead of 409, if a non-admin tries to create a person that already exists - REPO-892 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@134182 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../org/alfresco/rest/api/impl/PeopleImpl.java | 8 +++++++- .../org/alfresco/rest/api/tests/TestPeople.java | 16 ++++++++++++---- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/source/java/org/alfresco/rest/api/impl/PeopleImpl.java b/source/java/org/alfresco/rest/api/impl/PeopleImpl.java index 411b978acc..4e9b3ba592 100644 --- a/source/java/org/alfresco/rest/api/impl/PeopleImpl.java +++ b/source/java/org/alfresco/rest/api/impl/PeopleImpl.java @@ -428,7 +428,13 @@ public class PeopleImpl implements People { validateCreatePersonData(person); - // TODO: check, is this transaction safe? + if (! isAdminAuthority()) + { + // note: do an explict check for admin here (since personExists does not throw 403 unlike createPerson, + // hence next block would cause 409 to be returned) + throw new PermissionDeniedException(); + } + // Unfortunately PersonService.createPerson(...) only throws an AlfrescoRuntimeException // rather than a more specific exception and does not use a message ID either, so there's // no sensible way to know that it was thrown due to the user already existing - hence this check here. diff --git a/source/test-java/org/alfresco/rest/api/tests/TestPeople.java b/source/test-java/org/alfresco/rest/api/tests/TestPeople.java index 4a1eca19d9..f17f3c7138 100644 --- a/source/test-java/org/alfresco/rest/api/tests/TestPeople.java +++ b/source/test-java/org/alfresco/rest/api/tests/TestPeople.java @@ -430,17 +430,25 @@ public class TestPeople extends EnterpriseTestApi // -ve: person already exists { - publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin")); + String username = "myUserName03@"+account1.getId(); + String password = "secret"; + Person person = new Person(); - person.setUserName("myUserName03@"+account1.getId()); + person.setUserName(username); person.setFirstName("Alison"); person.setEmail("alison.smythe@example.com"); person.setEnabled(true); - person.setPassword("secret"); + person.setPassword(password); + + publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin")); people.create(person); - // Attempt to create the person a second time. + // Attempt to create the person a second time - as admin expect 409 people.create(person, 409); + + publicApiClient.setRequestContext(new RequestContext(account1.getId(), username, password)); + // Attempt to create the person a second time - as non-admin expect 403 + people.create(person, 403); } }