From 9721d538bb811837fe3c7f4fb2792e5f94825df5 Mon Sep 17 00:00:00 2001
From: John OHara <johara@redhat.com>
Date: Thu, 5 Oct 2023 14:32:23 +0100
Subject: [PATCH] Do not restrict roles from querying test views - fixes #709

---
 .../io/hyperfoil/tools/horreum/svc/UIServiceImpl.java  | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/horreum-backend/src/main/java/io/hyperfoil/tools/horreum/svc/UIServiceImpl.java b/horreum-backend/src/main/java/io/hyperfoil/tools/horreum/svc/UIServiceImpl.java
index 69026c502..0865d186f 100644
--- a/horreum-backend/src/main/java/io/hyperfoil/tools/horreum/svc/UIServiceImpl.java
+++ b/horreum-backend/src/main/java/io/hyperfoil/tools/horreum/svc/UIServiceImpl.java
@@ -6,6 +6,7 @@
 import io.hyperfoil.tools.horreum.entity.data.ViewDAO;
 import io.hyperfoil.tools.horreum.mapper.ViewMapper;
 import io.hyperfoil.tools.horreum.server.WithRoles;
+import jakarta.annotation.security.PermitAll;
 import jakarta.annotation.security.RolesAllowed;
 import jakarta.inject.Inject;
 import jakarta.persistence.EntityManager;
@@ -84,13 +85,20 @@ public void deleteView(int testId, int viewId) {
     }
 
     @Override
-    @RolesAllowed({Roles.ADMIN, Roles.TESTER})
+    @PermitAll
     @WithRoles
     @Transactional
     public List<View> getViews(int testId) {
         if (testId <= 0) {
             throw ServiceException.badRequest("Missing test id");
         }
+
+        TestDAO test = TestDAO.findById(testId);
+
+        if (test == null ){
+            throw ServiceException.badRequest("Test not found with id: ".concat(Integer.toString(testId)));
+        }
+
         return ViewDAO.<ViewDAO>find("test.id", testId)
                 .stream().map(ViewMapper::from).collect(Collectors.toList());
     }