[ 
https://issues.apache.org/jira/browse/FINERACT-2673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhishek Chaudhary closed FINERACT-2673.
----------------------------------------
    Resolution: Fixed

> GET /audits/{auditId} returns HTTP 500 instead of 404 when the audit entry 
> does not exist
> -----------------------------------------------------------------------------------------
>
>                 Key: FINERACT-2673
>                 URL: https://issues.apache.org/jira/browse/FINERACT-2673
>             Project: Apache Fineract
>          Issue Type: Bug
>          Components: System
>    Affects Versions: 1.14.0
>            Reporter: Abhishek Chaudhary
>            Priority: Blocker
>
> *Observed behavior*
> {noformat}
> GET /fineract-provider/api/v1/audits/{auditId}
> {noformat}
> with a nonexistent {{auditId}} returns HTTP 500 with an unhandled 
> {{EmptyResultDataAccessException}}. The same happens for an audit entry that 
> exists but is outside the caller's office hierarchy, because the lookup SQL 
> is hierarchy-scoped.
> *Root cause*
> {{AuditReadPlatformServiceImpl.retrieveAuditEntry()}} executes 
> {{jdbcTemplate.queryForObject("... where aud.id = ?")}} with no empty-result 
> handling.
> {{JdbcTemplate.queryForObject()}} throws {{EmptyResultDataAccessException}} 
> when no rows match. Since there is no exception mapper for it, the exception 
> falls through {{DefaultExceptionMapper}} and is returned as HTTP 500. This is 
> the same defect class as FINERACT-2671.
> *Expected behavior*
> HTTP 404 with the standard platform error payload by catching 
> {{EmptyResultDataAccessException}} and throwing a domain-specific not-found 
> exception extending {{AbstractPlatformResourceNotFoundException}}.
> The hierarchy-scoped case should also return HTTP 404 (rather than HTTP 403) 
> so the API does not disclose whether an audit ID exists outside the caller's 
> office hierarchy.
> *Steps to reproduce*
> # Call:
> {noformat}
> GET /fineract-provider/api/v1/audits/999999
> {noformat}
> Current: HTTP 500
> Expected: HTTP 404
> *Proposed fix*
> * Introduce {{AuditEntryNotFoundException}} extending 
> {{AbstractPlatformResourceNotFoundException}}.
> * Catch {{EmptyResultDataAccessException}} in 
> {{AuditReadPlatformServiceImpl.retrieveAuditEntry()}} and rethrow 
> {{AuditEntryNotFoundException}}.
> * Add integration tests covering:
> ** Non-existent audit ID → HTTP 404.
> ** Audit entry outside the caller's office hierarchy → HTTP 404.
> I found this while reviewing read-platform services for the FINERACT-2671 
> defect class and would like to work on it. Please assign it to me.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to