REPO-1654, REPO-1655: Update one permission field returns 500

- Changed status code and message in case one of the required permission fields is missing. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@133336 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-14 17:58:59 +00:00 · 2016-12-05 13:43:14 +00:00
parent c80a7674ce
commit bf47206dab
3 changed files with 56 additions and 7 deletions
--- a/source/java/org/alfresco/rest/api/impl/NodesImpl.java
+++ b/source/java/org/alfresco/rest/api/impl/NodesImpl.java
@@ -2244,10 +2244,19 @@ public class NodesImpl implements Nodes
                        accessStatus = AccessStatus.valueOf(nodePerm.getAccessStatus());
                    }

-                    if ((authorityId == null) || 
-                         ((! authorityId.equals(PermissionService.ALL_AUTHORITIES) && (! authorityService.authorityExists(authorityId)))))
+                    if (authorityId == null || authorityId.isEmpty())
                    {
-                        throw new InvalidArgumentException("Cannot set permissions on this node - unknown authority: "+authorityId);
+                        throw new InvalidArgumentException("Authority Id is expected.");
+                    }
+
+                    if (permName == null || permName.isEmpty())
+                    {
+                        throw new InvalidArgumentException("Permission name is expected.");
+                    }
+
+                    if (((!authorityId.equals(PermissionService.ALL_AUTHORITIES) && (!authorityService.authorityExists(authorityId)))))
+                    {
+                        throw new InvalidArgumentException("Cannot set permissions on this node - unknown authority: " + authorityId);
                    }

                    AccessPermission existing = null;
--- a/source/java/org/alfresco/rest/api/model/NodePermissions.java
+++ b/source/java/org/alfresco/rest/api/model/NodePermissions.java
@@ -154,16 +154,17 @@ public class NodePermissions

            NodePermission that = (NodePermission) o;

-            if (!authorityId.equals(that.authorityId))
+            if (authorityId != null ? !authorityId.equals(that.authorityId) : that.authorityId != null)
                return false;
-            return name.equals(that.name);
+            return name != null ? name.equals(that.name) : that.name == null;
+
        }

        @Override
        public int hashCode()
        {
-            int result = authorityId.hashCode();
-            result = 31 * result + name.hashCode();
+            int result = authorityId != null ? authorityId.hashCode() : 0;
+            result = 31 * result + (name != null ? name.hashCode() : 0);
            return result;
        }
    }
--- a/source/test-java/org/alfresco/rest/api/tests/NodeApiTest.java
+++ b/source/test-java/org/alfresco/rest/api/tests/NodeApiTest.java
@@ -4192,6 +4192,9 @@ public class NodeApiTest extends AbstractSingleNetworkSiteTest
            testUpdatePermissionInvalidAccessStatus();
            testUpdatePermissionAddDuplicate();

+            // required permission properties missing
+            testUpdatePermissionMissingFields();
+            
            // 'Permission Denied' tests
            testUpdatePermissionsPermissionDeniedUser();
            testUpdatePermissionsOnSpecialNodes();
@@ -4375,6 +4378,42 @@ public class NodeApiTest extends AbstractSingleNetworkSiteTest
        put(URL_NODES, dId, toJsonAsStringNonNull(dUpdate), null, 400);
    }

+    /**
+     * Tests updating permissions on a node without providing mandatory
+     * properties
+     * 
+     * @throws Exception
+     */
+    private void testUpdatePermissionMissingFields() throws Exception
+    {
+        // create folder with an empty document
+        String postUrl = createFolder();
+        String dId = createDocument(postUrl);
+
+        // update permissions
+        Document dUpdate = new Document();
+        // Add same permission with different access status
+        NodePermissions nodePermissions = new NodePermissions();
+        List<NodePermissions.NodePermission> locallySetPermissions = new ArrayList<>();
+        locallySetPermissions.add(new NodePermissions.NodePermission(null, PermissionService.CONSUMER, AccessStatus.ALLOWED.toString()));
+        nodePermissions.setLocallySet(locallySetPermissions);
+        dUpdate.setPermissions(nodePermissions);
+
+        // "Authority Id is expected."
+        put(URL_NODES, dId, toJsonAsStringNonNull(dUpdate), null, 400);
+        locallySetPermissions.clear();
+        locallySetPermissions.add(new NodePermissions.NodePermission("", PermissionService.CONSUMER, AccessStatus.ALLOWED.toString()));
+        put(URL_NODES, dId, toJsonAsStringNonNull(dUpdate), null, 400);
+
+        locallySetPermissions.clear();
+        locallySetPermissions.add(new NodePermissions.NodePermission(groupA, null, AccessStatus.ALLOWED.toString()));
+        // "Permission name is expected."
+        put(URL_NODES, dId, toJsonAsStringNonNull(dUpdate), null, 400);
+        locallySetPermissions.clear();
+        locallySetPermissions.add(new NodePermissions.NodePermission(groupA, "", AccessStatus.ALLOWED.toString()));
+        put(URL_NODES, dId, toJsonAsStringNonNull(dUpdate), null, 400);
+    }
+    
    /**
     * Tests updating permissions on a node that user doesn't have permission for
     *