diff --git a/source/java/org/alfresco/rest/api/impl/GroupsImpl.java b/source/java/org/alfresco/rest/api/impl/GroupsImpl.java index fec271aaae..7d3c5fcace 100644 --- a/source/java/org/alfresco/rest/api/impl/GroupsImpl.java +++ b/source/java/org/alfresco/rest/api/impl/GroupsImpl.java @@ -528,6 +528,11 @@ public class GroupsImpl implements Groups public void delete(String groupId, Parameters parameters) { + if (!isGroupAuthority(groupId)) + { + throw new InvalidArgumentException("Invalid group id: " + groupId); + } + // Get cascade param - default false (if not provided). boolean cascade = Boolean.valueOf(parameters.getParameter(PARAM_CASCADE)); @@ -741,4 +746,10 @@ public class GroupsImpl implements Groups return (name != null && authorityService.authorityExists(name)); } + + private boolean isGroupAuthority(String authorityName) + { + AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName); + return AuthorityType.GROUP.equals(authorityType) || AuthorityType.EVERYONE.equals(authorityType); + } } diff --git a/source/test-java/org/alfresco/rest/api/tests/GroupsTest.java b/source/test-java/org/alfresco/rest/api/tests/GroupsTest.java index b59b02dbaa..f4f5e96299 100644 --- a/source/test-java/org/alfresco/rest/api/tests/GroupsTest.java +++ b/source/test-java/org/alfresco/rest/api/tests/GroupsTest.java @@ -1011,7 +1011,14 @@ public class GroupsTest extends AbstractSingleNetworkSiteTest { setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD); - groupsProxy.deleteGroup("admin", false, HttpServletResponse.SC_CONFLICT); + groupsProxy.deleteGroup("GROUP_EVERYONE", false, HttpServletResponse.SC_CONFLICT); + } + + // Trying to delete a person. + { + setRequestContext(networkOne.getId(), networkAdmin, DEFAULT_ADMIN_PWD); + + groupsProxy.deleteGroup(user1, false, HttpServletResponse.SC_BAD_REQUEST); } {