From 3761772117e64a7201159cee4a070a8317d0f401 Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Fri, 14 Dec 2018 12:20:25 +0100
Subject: [PATCH] mesh identifier cannot be set to something invalid

---
 .../api/projects/ProjectRestImpl.java         | 23 ++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java b/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java
index b0d4cee6b5..97bd15c2f0 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java
@@ -28,6 +28,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.MultiValueMap;
 
+import lcsb.mapviewer.annotation.services.MeSHParser;
+import lcsb.mapviewer.annotation.services.annotators.AnnotatorException;
 import lcsb.mapviewer.api.BaseRestImpl;
 import lcsb.mapviewer.api.ObjectExistsException;
 import lcsb.mapviewer.api.ObjectNotFoundException;
@@ -111,6 +113,9 @@ public class ProjectRestImpl extends BaseRestImpl {
   @Autowired
   private IProjectService projectService;
 
+  @Autowired
+  private MeSHParser meshParser;
+
   @Autowired
   private ProjectDao projectDao;
 
@@ -549,8 +554,19 @@ public class ProjectRestImpl extends BaseRestImpl {
         MiriamData organism = updateMiriamData(project.getOrganism(), value);
         project.setOrganism(organism);
       } else if (fieldName.equalsIgnoreCase("disease")) {
-        MiriamData disease = updateMiriamData(project.getDisease(), value);
-        project.setDisease(disease);
+        try {
+          MiriamData sourceData = updateMiriamData(null, value);
+          if (meshParser.isValidMeshId(sourceData)) {
+            MiriamData disease = updateMiriamData(project.getDisease(), value);
+            project.setDisease(disease);
+          } else if (sourceData.getResource().isEmpty()) {
+            project.setDisease(null);
+          } else {
+            throw new QueryException("invalid mesh identifier: " + value);
+          }
+        } catch (AnnotatorException e) {
+          throw new QueryException("invalid miriamdData: " + value, e);
+        }
       } else if (fieldName.equalsIgnoreCase("mapCanvasType")) {
         MapCanvasType mapCanvasType;
         try {
@@ -740,7 +756,8 @@ public class ProjectRestImpl extends BaseRestImpl {
   public Map<String, Object> removeProject(String token, String projectId, String path)
       throws SecurityException, QueryException {
     Project project = getProjectService().getProjectByProjectId(projectId, token);
-    if (getConfigurationService().getConfigurationValue(ConfigurationElementType.DEFAULT_MAP).equals(project.getProjectId())) {
+    if (getConfigurationService().getConfigurationValue(ConfigurationElementType.DEFAULT_MAP)
+        .equals(project.getProjectId())) {
       throw new OperationNotAllowedException("You cannot remove default map");
     }
     getProjectService().removeProject(project, path, true, token);
-- 
GitLab