Merged 5.2.N (5.2.1) to HEAD (5.2)

131408 mward: REPO-1348/REPO-1349: implemented checks to guard against invalid fields
   Explicitly rejects fields: id, guid and role


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@132257 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/rest/api/sites/SiteEntityResource.java

@@ -133,10 +133,28 @@ public class SiteEntityResource implements EntityResourceAction.Read<Site>,
     @WebApiDescription(title="Update site", description="Update the Share site")
     public Site update(String siteId, Site site, Parameters parameters)
     {
+        // Until REPO-110 is solved, we need to explicitly test for the presence of fields
+        // on the Site object that aren't valid SiteUpdate fields. Once REPO-110 is solved,
+        // the update method will take a SiteUpdate as a parameter rather than a Site
+        // and only the correct fields will be exposed. Any attempt to access illegal fields
+        // should then result in the framework returning a 400 automatically.
+        if (site.getId() != null)
+        {
+            throw new InvalidArgumentException("Site update does not support field: id");
+        }
+        if (site.getGuid() != null)
+        {
+            throw new InvalidArgumentException("Site update does not support field: guid");
+        }
+        if (site.getRole() != null)
+        {
+            throw new InvalidArgumentException("Site update does not support field: role");
+        }
+
+        // Bind valid fields to a SiteUpdate instance.
         final String title = site.getTitle();
         final String description = site.getDescription();
         final SiteVisibility visibility = site.getVisibility();
-
         SiteUpdate update = new SiteUpdate(title, description, visibility);
 
         return sites.updateSite(siteId, update, parameters);