From 97cccedb73ea50566cd63e97366108cb5c3f100a Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Thu, 25 Jul 2019 19:45:45 +0200
Subject: [PATCH] modelId should be numeric
---
.../main/java/lcsb/mapviewer/api/BaseRestImpl.java | 10 +++++++---
.../mapviewer/api/projects/ProjectController.java | 2 +-
.../mapviewer/api/projects/ProjectRestImpl.java | 4 ++--
.../api/projects/models/ModelController.java | 5 +++--
.../api/projects/models/ModelRestImpl.java | 13 ++++++++-----
.../models/parameters/ParametersRestImpl.java | 4 ++--
.../api/projects/models/units/UnitsRestImpl.java | 2 +-
7 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/BaseRestImpl.java b/rest-api/src/main/java/lcsb/mapviewer/api/BaseRestImpl.java
index b7be8ff5af..bc9c4366ab 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/BaseRestImpl.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/BaseRestImpl.java
@@ -8,6 +8,7 @@ import javax.xml.transform.*;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
+import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@@ -160,10 +161,9 @@ public abstract class BaseRestImpl {
* @param modelId
* list of model identifiers separated by "," or '*' when all models
* should be returned
- * @throws ObjectNotFoundException
- * thrown when data for given identifiers doesn't exist
+ * @throws QueryException
*/
- protected List<Model> getModels(String projectId, String modelId) throws ObjectNotFoundException {
+ protected List<Model> getModels(String projectId, String modelId) throws QueryException {
Model model = modelService.getLastModelByProjectId(projectId);
if (model == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
@@ -172,6 +172,10 @@ public abstract class BaseRestImpl {
if (!modelId.equals("*")) {
for (String str : modelId.split(",")) {
+ if (!StringUtils.isNumeric(str)) {
+ throw new QueryException("Invalid modelId: " + modelId);
+ }
+
Model submodel = model.getSubmodelById(Integer.valueOf(str));
if (submodel == null) {
throw new ObjectNotFoundException("Model with given id doesn't exist");
diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectController.java b/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectController.java
index 02801a3c10..081f60fa2f 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectController.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectController.java
@@ -114,7 +114,7 @@ public class ProjectController extends BaseController {
@PreAuthorize("hasAnyAuthority('IS_ADMIN', 'READ_PROJECT:' + #projectId)")
@GetMapping(value = "/{projectId}/statistics")
- public Object getStatistics(@PathVariable(value = "projectId") String projectId) throws ObjectNotFoundException {
+ public Object getStatistics(@PathVariable(value = "projectId") String projectId) throws QueryException {
return projectController.getStatistics(projectId);
}
diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java b/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java
index 00139e1e0f..63814e80e0 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java
@@ -195,7 +195,7 @@ public class ProjectRestImpl extends BaseRestImpl {
return project.getInputData();
}
- public Map<String, Object> getStatistics(String projectId) throws ObjectNotFoundException {
+ public Map<String, Object> getStatistics(String projectId) throws QueryException {
Map<String, Object> result = new TreeMap<>();
Map<MiriamType, Integer> elementAnnotations = new TreeMap<>();
@@ -624,7 +624,7 @@ public class ProjectRestImpl extends BaseRestImpl {
return null;
}
- public List<Map<String, Object>> getSubmapConnections(String projectId) throws ObjectNotFoundException {
+ public List<Map<String, Object>> getSubmapConnections(String projectId) throws QueryException {
List<Map<String, Object>> result = new ArrayList<>();
List<Model> models = getModels(projectId, "*");
List<Element> elements = new ArrayList<>();
diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelController.java b/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelController.java
index dabceafea3..de89361e93 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelController.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelController.java
@@ -4,6 +4,7 @@ import java.io.IOException;
import java.util.List;
import java.util.Map;
+import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
@@ -37,7 +38,7 @@ public class ModelController extends BaseController {
@PreAuthorize("hasAnyAuthority('IS_ADMIN', 'READ_PROJECT:' + #projectId)")
@GetMapping(value = "/")
public List<Map<String, Object>> getModels(@PathVariable(value = "projectId") String projectId)
- throws ObjectNotFoundException {
+ throws QueryException {
return modelController.getModels(projectId);
}
@@ -45,7 +46,7 @@ public class ModelController extends BaseController {
@GetMapping(value = "/{modelId:.+}")
public Object getModel(
@PathVariable(value = "modelId") String modelId,
- @PathVariable(value = "projectId") String projectId) throws ObjectNotFoundException {
+ @PathVariable(value = "projectId") String projectId) throws QueryException {
if (modelId.equals("*")) {
return modelController.getModels(projectId);
} else {
diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelRestImpl.java b/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelRestImpl.java
index 15c1affd90..da7ac0174e 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelRestImpl.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelRestImpl.java
@@ -1,12 +1,12 @@
package lcsb.mapviewer.api.projects.models;
-import java.awt.*;
+import java.awt.Color;
import java.awt.geom.*;
import java.io.*;
import java.util.*;
-import java.util.List;
import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
@@ -59,7 +59,7 @@ public class ModelRestImpl extends BaseRestImpl {
this.layoutService = layoutService;
}
- public List<Map<String, Object>> getModels(String projectId) throws ObjectNotFoundException {
+ public List<Map<String, Object>> getModels(String projectId) throws QueryException {
Project project = getProjectService().getProjectByProjectId(projectId);
if (project == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
@@ -67,7 +67,10 @@ public class ModelRestImpl extends BaseRestImpl {
return createData(project);
}
- public Map<String, Object> getModel(String projectId, String modelId) {
+ public Map<String, Object> getModel(String projectId, String modelId) throws QueryException {
+ if (!StringUtils.isNumeric(modelId)) {
+ throw new QueryException("Invalid modelId: " + modelId);
+ }
Model model = getModelService().getLastModelByProjectId(projectId);
Model submodel = model.getSubmodelById(modelId);
if (submodel == null) {
@@ -95,7 +98,7 @@ public class ModelRestImpl extends BaseRestImpl {
}
}
- private List<Map<String, Object>> createData(Project project) {
+ private List<Map<String, Object>> createData(Project project) throws QueryException {
List<Map<String, Object>> result = new ArrayList<>();
Model model = getModelService().getLastModelByProjectId(project.getProjectId());
if (model != null) {
diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/parameters/ParametersRestImpl.java b/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/parameters/ParametersRestImpl.java
index 62ef329cc8..3e2c3fc1ba 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/parameters/ParametersRestImpl.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/parameters/ParametersRestImpl.java
@@ -36,7 +36,7 @@ public class ParametersRestImpl extends BaseRestImpl {
}
private Set<SbmlParameter> getParametersFromProject(String projectId, String modelId)
- throws ObjectNotFoundException {
+ throws QueryException {
List<Model> models = getModels(projectId, modelId);
Set<SbmlParameter> parameters = new LinkedHashSet<>();
@@ -52,7 +52,7 @@ public class ParametersRestImpl extends BaseRestImpl {
}
private Set<SbmlParameter> getGlobalParametersFromProject(String projectId, String modelId)
- throws ObjectNotFoundException {
+ throws QueryException {
List<Model> models = getModels(projectId, modelId);
Set<SbmlParameter> parameters = new LinkedHashSet<>();
diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/units/UnitsRestImpl.java b/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/units/UnitsRestImpl.java
index b276f87957..692ba97912 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/units/UnitsRestImpl.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/units/UnitsRestImpl.java
@@ -59,7 +59,7 @@ public class UnitsRestImpl extends BaseRestImpl {
return result;
}
- public List<Map<String, Object>> getUnits(String projectId, String modelId) throws ObjectNotFoundException {
+ public List<Map<String, Object>> getUnits(String projectId, String modelId) throws QueryException {
List<Map<String, Object>> result = new ArrayList<>();
List<Model> models = getModels(projectId, modelId);
for (Model model : models) {
--
GitLab