added robustness to user services. added tests

2009-05-15 22:27:36 +00:00 · 2009-05-15 22:27:36 +00:00 · 1617e3004f
commit 1617e3004f
parent 5f60eddaa7
2 changed files with 486 additions and 0 deletions
--- a/lib/WebGUI/Operation/User.pm
+++ b/lib/WebGUI/Operation/User.pm
@ -381,6 +381,14 @@ sub www_ajaxCreateUser {
            message     => "",
        } );
    }
+    # User must not already exist
+    if ( $session->db->quickScalar( "SELECT * FROM users WHERE username=?", [$userParam{username}] ) ) {
+        return createServiceResponse( $outputFormat, {
+            error       => "WebGUI::Error::InvalidParam",
+            param       => "username",
+            message     => "",
+        } );
+    }

    ### Create user
    my $user    = WebGUI::User->create( $session );
@ -454,6 +462,13 @@ sub www_ajaxDeleteUser {
            message     => 'Cannot delete system user',
        } );
    }
+    elsif ( !WebGUI::User->validUserId( $session, $userId ) ) {
+        return createServiceResponse( $outputFormat, {
+            error       => 'WebGUI::Error::InvalidParam',
+            param       => 'userId',
+            message     => '',
+        } );
+    }

    ### Delete user
    my $user    = WebGUI::User->new( $session, $userId );
@ -520,6 +535,14 @@ sub www_ajaxUpdateUser {
            message     => "",
        } );
    }
+    # User must exist
+    if ( !WebGUI::User->validUserId( $session, $userParam{userId} ) ) {
+        return createServiceResponse( $outputFormat, {
+            error       => "WebGUI::Error::InvalidParam",
+            param       => "userId",
+            message     => "",
+        } );
+    }

    ### Update user
    my $user    = WebGUI::User->new( $session, delete $userParam{userId} );