[
https://issues.apache.org/jira/browse/SYNCOPE-707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò updated SYNCOPE-707:
-------------------------------------------
Description:
When I try to delete a configuration I get always a valid response also when
the configuration key doesn't exist (while I was expecting a NotFound error).
Reading the code I found below difference from (1) ConfigurationLogic and, for
instance, (2) SchemaLogic classes:
(1)
@PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_DELETE + "')")
public void delete(final String schema) {
confDAO.delete(schema);
}
(2)
@PreAuthorize("hasRole('" + Entitlement.SCHEMA_DELETE + "')")
public void delete(final SchemaType schemaType, final String schemaName) {
if (!doesSchemaExist(schemaType, schemaName)) {
throw new NotFoundException(schemaType + "/" + schemaName);
}
switch (schemaType) {
case VIRTUAL:
virSchemaDAO.delete(schemaName);
break;
case DERIVED:
derSchemaDAO.delete(schemaName);
break;
case PLAIN:
default:
plainSchemaDAO.delete(schemaName);
}
}
As you can read the second class has a control on schema existence, the first
one hasn't.
We have to add the same check on the ConfigurationLogic class.
Relevant mail thread: http://markmail.org/message/3ufidttokvw2km5k
was:
When I try to delete a configuration I get always a valid response also when
the configuration key doesn't exist (while I was expecting a NotFound error).
Reading the code I found below difference from (1) ConfigurationLogic and, for
instance, (2) SchemaLogic classes:
(1)
@PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_DELETE + "')")
public void delete(final String schema) {
confDAO.delete(schema);
}
(2)
@PreAuthorize("hasRole('" + Entitlement.SCHEMA_DELETE + "')")
public void delete(final SchemaType schemaType, final String schemaName) {
if (!doesSchemaExist(schemaType, schemaName)) {
throw new NotFoundException(schemaType + "/" + schemaName);
}
switch (schemaType) {
case VIRTUAL:
virSchemaDAO.delete(schemaName);
break;
case DERIVED:
derSchemaDAO.delete(schemaName);
break;
case PLAIN:
default:
plainSchemaDAO.delete(schemaName);
}
}
As you can read the second class has a control on schema existence, the first
one hasn't.
We have to add the same check on the ConfigurationLogic class.
> ConfigurationLogin doesn't check the existence of key during deletion.
> ----------------------------------------------------------------------
>
> Key: SYNCOPE-707
> URL: https://issues.apache.org/jira/browse/SYNCOPE-707
> Project: Syncope
> Issue Type: Bug
> Affects Versions: 1.2.5, 2.0.0
> Reporter: Massimiliano Perrone
> Assignee: Massimiliano Perrone
> Priority: Minor
> Fix For: 1.2.6, 2.0.0
>
>
> When I try to delete a configuration I get always a valid response also when
> the configuration key doesn't exist (while I was expecting a NotFound error).
> Reading the code I found below difference from (1) ConfigurationLogic and,
> for instance, (2) SchemaLogic classes:
> (1)
> @PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_DELETE + "')")
> public void delete(final String schema) {
> confDAO.delete(schema);
> }
> (2)
> @PreAuthorize("hasRole('" + Entitlement.SCHEMA_DELETE + "')")
> public void delete(final SchemaType schemaType, final String schemaName) {
> if (!doesSchemaExist(schemaType, schemaName)) {
> throw new NotFoundException(schemaType + "/" + schemaName);
> }
> switch (schemaType) {
> case VIRTUAL:
> virSchemaDAO.delete(schemaName);
> break;
> case DERIVED:
> derSchemaDAO.delete(schemaName);
> break;
> case PLAIN:
> default:
> plainSchemaDAO.delete(schemaName);
> }
> }
> As you can read the second class has a control on schema existence, the first
> one hasn't.
> We have to add the same check on the ConfigurationLogic class.
> Relevant mail thread: http://markmail.org/message/3ufidttokvw2km5k
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
