inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

REPO-1579: V1 REST API - create person fix

Browse Source 
- expect 403 instead of 409, if a non-admin tries to create a person that already exists
- REPO-892

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@133423 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jan Vonka
2016-12-07 11:19:20 +00:00
parent 01406a1b04
commit dc5427d920
2 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
source/java/org/alfresco/rest/api/impl/PeopleImpl.java
View File

@@ -440,7 +440,13 @@ public class PeopleImpl implements People
{ {
validateCreatePersonData(person); validateCreatePersonData(person);
// TODO: check, is this transaction safe? if (! isAdminAuthority())
{
// note: do an explict check for admin here (since personExists does not throw 403 unlike createPerson,
// hence next block would cause 409 to be returned)
throw new PermissionDeniedException();
}
// Unfortunately PersonService.createPerson(...) only throws an AlfrescoRuntimeException // Unfortunately PersonService.createPerson(...) only throws an AlfrescoRuntimeException
// rather than a more specific exception and does not use a message ID either, so there's // rather than a more specific exception and does not use a message ID either, so there's
// no sensible way to know that it was thrown due to the user already existing - hence this check here. // no sensible way to know that it was thrown due to the user already existing - hence this check here.

16
source/test-java/org/alfresco/rest/api/tests/TestPeople.java
View File

@@ -468,17 +468,25 @@ public class TestPeople extends EnterpriseTestApi
// -ve: person already exists // -ve: person already exists
{ {
publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin")); String username = "myUserName03@"+account1.getId();
String password = "secret";
Person person = new Person(); Person person = new Person();
person.setUserName("myUserName03@"+account1.getId()); person.setUserName(username);
person.setFirstName("Alison"); person.setFirstName("Alison");
person.setEmail("alison.smythe@example.com"); person.setEmail("alison.smythe@example.com");
person.setEnabled(true); person.setEnabled(true);
person.setPassword("secret"); person.setPassword(password);
publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin"));
people.create(person); people.create(person);
// Attempt to create the person a second time. // Attempt to create the person a second time - as admin expect 409
people.create(person, 409); people.create(person, 409);
publicApiClient.setRequestContext(new RequestContext(account1.getId(), username, password));
// Attempt to create the person a second time - as non-admin expect 403
people.create(person, 403);
} }
} }