Do not restrict roles from querying test views - fixes #709

Hyperfoil · Oct 5, 2023 · 9721d53 · 9721d53
1 parent e18c46b
commit 9721d53
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/horreum-backend/src/main/java/io/hyperfoil/tools/horreum/svc/UIServiceImpl.java b/horreum-backend/src/main/java/io/hyperfoil/tools/horreum/svc/UIServiceImpl.java
@@ -6,6 +6,7 @@
 import io.hyperfoil.tools.horreum.entity.data.ViewDAO;
 import io.hyperfoil.tools.horreum.mapper.ViewMapper;
 import io.hyperfoil.tools.horreum.server.WithRoles;
+import jakarta.annotation.security.PermitAll;
 import jakarta.annotation.security.RolesAllowed;
 import jakarta.inject.Inject;
 import jakarta.persistence.EntityManager;
@@ -84,13 +85,20 @@ public void deleteView(int testId, int viewId) {
     }
 
     @Override
-    @RolesAllowed({Roles.ADMIN, Roles.TESTER})
+    @PermitAll
     @WithRoles
     @Transactional
     public List<View> getViews(int testId) {
         if (testId <= 0) {
             throw ServiceException.badRequest("Missing test id");
         }
+
+        TestDAO test = TestDAO.findById(testId);
+
+        if (test == null ){
+            throw ServiceException.badRequest("Test not found with id: ".concat(Integer.toString(testId)));
+        }
+
         return ViewDAO.<ViewDAO>find("test.id", testId)
                 .stream().map(ViewMapper::from).collect(Collectors.toList());
     }