Added parameter validation -- applications shouldn't be able to request permissions that don't exist.

commit: 2948c70939c078277be2555ab4ba49eade2f5238 [log] [tgz]
author: myrle-krantz <mkrantz@mifos.org> Thu Jun 01 10:00:30 2017 +0200
committer: myrle-krantz <mkrantz@mifos.org> Thu Jun 01 10:00:30 2017 +0200
tree: d4e7903f25fa8efdbe8a90efb0a92d17a001040d
parent: 7d9d24d36b6712926dc7c1c523e1b723b1a1f81c [diff]
diff --git a/service/src/main/java/io/mifos/identity/rest/ApplicationRestController.java b/service/src/main/java/io/mifos/identity/rest/ApplicationRestController.java
index 9eb9680..8c83a9c 100644
--- a/service/src/main/java/io/mifos/identity/rest/ApplicationRestController.java
+++ b/service/src/main/java/io/mifos/identity/rest/ApplicationRestController.java

@@ -28,6 +28,7 @@
 import io.mifos.identity.internal.command.DeleteApplicationPermissionCommand;
 import io.mifos.identity.internal.command.SetApplicationSignatureCommand;
 import io.mifos.identity.internal.service.ApplicationService;
+import io.mifos.identity.internal.service.PermittableGroupService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -45,13 +46,16 @@
 @RequestMapping("/applications")
 public class ApplicationRestController {
   private final ApplicationService service;
+  private final PermittableGroupService permittableGroupService;
   private final CommandGateway commandGateway;
 
   @Autowired
   public ApplicationRestController(
           final ApplicationService service,
+          final PermittableGroupService permittableGroupService,
           final CommandGateway commandGateway) {
     this.service = service;
+    this.permittableGroupService = permittableGroupService;
     this.commandGateway = commandGateway;
   }
 
@@ -114,6 +118,7 @@
   createApplicationPermission(@PathVariable("applicationidentifier") @Nonnull String applicationIdentifier,
                               @RequestBody @Valid Permission permission) {
     checkApplicationIdentifier(applicationIdentifier);
+    checkPermittableGroupIdentifier(permission.getPermittableEndpointGroupIdentifier());
     commandGateway.process(new CreateApplicationPermissionCommand(applicationIdentifier, permission));
     return ResponseEntity.accepted().build();
   }
@@ -168,4 +173,9 @@
       throw ServiceException.notFound("Application permission '"
               + applicationIdentifier + "." + permittableEndpointGroupIdentifier + "' doesn't exist.");
   }
+
+  private void checkPermittableGroupIdentifier(final String permittableEndpointGroupIdentifier) {
+    permittableGroupService.findByIdentifier(permittableEndpointGroupIdentifier)
+            .orElseThrow(() -> ServiceException.notFound("Permittable group {0} doesn't exist.", permittableEndpointGroupIdentifier));
+  }
 }
\ No newline at end of file
commit	2948c70939c078277be2555ab4ba49eade2f5238	[log] [tgz]
author	myrle-krantz <mkrantz@mifos.org>	Thu Jun 01 10:00:30 2017 +0200
committer	myrle-krantz <mkrantz@mifos.org>	Thu Jun 01 10:00:30 2017 +0200
tree	d4e7903f25fa8efdbe8a90efb0a92d17a001040d
parent	7d9d24d36b6712926dc7c1c523e1b723b1a1f81c [diff]