Added parameter validation -- applications shouldn't be able to request permissions that don't exist.
diff --git a/service/src/main/java/io/mifos/identity/rest/ApplicationRestController.java b/service/src/main/java/io/mifos/identity/rest/ApplicationRestController.java
index 9eb9680..8c83a9c 100644
--- a/service/src/main/java/io/mifos/identity/rest/ApplicationRestController.java
+++ b/service/src/main/java/io/mifos/identity/rest/ApplicationRestController.java
@@ -28,6 +28,7 @@
import io.mifos.identity.internal.command.DeleteApplicationPermissionCommand;
import io.mifos.identity.internal.command.SetApplicationSignatureCommand;
import io.mifos.identity.internal.service.ApplicationService;
+import io.mifos.identity.internal.service.PermittableGroupService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
@@ -45,13 +46,16 @@
@RequestMapping("/applications")
public class ApplicationRestController {
private final ApplicationService service;
+ private final PermittableGroupService permittableGroupService;
private final CommandGateway commandGateway;
@Autowired
public ApplicationRestController(
final ApplicationService service,
+ final PermittableGroupService permittableGroupService,
final CommandGateway commandGateway) {
this.service = service;
+ this.permittableGroupService = permittableGroupService;
this.commandGateway = commandGateway;
}
@@ -114,6 +118,7 @@
createApplicationPermission(@PathVariable("applicationidentifier") @Nonnull String applicationIdentifier,
@RequestBody @Valid Permission permission) {
checkApplicationIdentifier(applicationIdentifier);
+ checkPermittableGroupIdentifier(permission.getPermittableEndpointGroupIdentifier());
commandGateway.process(new CreateApplicationPermissionCommand(applicationIdentifier, permission));
return ResponseEntity.accepted().build();
}
@@ -168,4 +173,9 @@
throw ServiceException.notFound("Application permission '"
+ applicationIdentifier + "." + permittableEndpointGroupIdentifier + "' doesn't exist.");
}
+
+ private void checkPermittableGroupIdentifier(final String permittableEndpointGroupIdentifier) {
+ permittableGroupService.findByIdentifier(permittableEndpointGroupIdentifier)
+ .orElseThrow(() -> ServiceException.notFound("Permittable group {0} doesn't exist.", permittableEndpointGroupIdentifier));
+ }
}
\ No newline at end of file