------------------------------------------------------------ revno: 11744 committer: Morten Olav Hansen <[email protected]> branch nick: dhis2 timestamp: Thu 2013-08-22 13:51:15 +0200 message: only allow filter with a minimum of 3 characters in /api/currentUser/reicpients?filter=XYZ added: dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/exception/FilterTooShortException.java modified: dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/CurrentUserController.java
-- lp:dhis2 https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk Your team DHIS 2 developers is subscribed to branch lp:dhis2. To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== added file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/exception/FilterTooShortException.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/exception/FilterTooShortException.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/exception/FilterTooShortException.java 2013-08-22 11:51:15 +0000 @@ -0,0 +1,39 @@ +package org.hisp.dhis.api.controller.exception; + +/* + * Copyright (c) 2004-2013, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * @author Morten Olav Hansen <[email protected]> + */ +public class FilterTooShortException extends Exception +{ + public FilterTooShortException() + { + super( "Required String parameter 'filter' must be at least 3 characters in length." ); + } +} === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/CurrentUserController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/CurrentUserController.java 2013-08-21 11:44:03 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/CurrentUserController.java 2013-08-22 11:51:15 +0000 @@ -28,6 +28,7 @@ */ import org.apache.commons.collections.CollectionUtils; +import org.hisp.dhis.api.controller.exception.FilterTooShortException; import org.hisp.dhis.api.controller.exception.NotAuthenticatedException; import org.hisp.dhis.api.utils.ContextUtils; import org.hisp.dhis.api.utils.ContextUtils.CacheStrategy; @@ -239,7 +240,7 @@ @RequestMapping( value = "/recipients", produces = { "application/json", "text/*" } ) public void recipientsJson( HttpServletResponse response, - @RequestParam( value = "filter" ) String filter ) throws IOException, NotAuthenticatedException + @RequestParam( value = "filter" ) String filter ) throws IOException, NotAuthenticatedException, FilterTooShortException { User currentUser = currentUserService.getCurrentUser(); @@ -250,6 +251,11 @@ throw new NotAuthenticatedException(); } + if ( 3 > filter.length() ) + { + throw new FilterTooShortException(); + } + Recipients recipients = new Recipients(); recipients.setOrganisationUnits( new HashSet<OrganisationUnit>( organisationUnitService.getOrganisationUnitsBetweenByName( filter, 0, MAX_OBJECTS ) ) );
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : [email protected] Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
