On 13/10/2015 12:50, Massimiliano Perrone wrote:
Hi all,
I found this "strange" behavior working with ConfigurationService class.
When I try to delete a configuration I get always a valid response
also when the configuration key doesn't exist (while I was expecting a
NotFound error).
Reading the code I found below difference from (1) ConfigurationLogic
and, for instance, (2) SchemaLogic classes:
(1)
@PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_DELETE + "')")
public void delete(final String schema) {
confDAO.delete(schema);
}
(2)
@PreAuthorize("hasRole('" + Entitlement.SCHEMA_DELETE + "')")
public void delete(final SchemaType schemaType, final String
schemaName) {
if (!doesSchemaExist(schemaType, schemaName)) {
throw new NotFoundException(schemaType + "/" + schemaName);
}
switch (schemaType) {
case VIRTUAL:
virSchemaDAO.delete(schemaName);
break;
case DERIVED:
derSchemaDAO.delete(schemaName);
break;
case PLAIN:
default:
plainSchemaDAO.delete(schemaName);
}
}
As you can read the second class has a control on schema existence,
the first one hasn't.
It is the right behavior?
Nice catch: please open an issue - and possibly provide a fix as well if
you can; essentially, the method above should become similar to [1] or [2].
Regards.
[1]
https://github.com/apache/syncope/blob/master/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java#L88-L100
[2]
https://github.com/apache/syncope/blob/master/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java#L85-L96
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
