diff --git a/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/DossierAttributesController.java b/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/DossierAttributesController.java index 501048fb8..6e0428ac8 100644 --- a/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/DossierAttributesController.java +++ b/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/DossierAttributesController.java @@ -16,6 +16,7 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; +import com.iqser.red.service.persistence.management.v1.processor.service.persistence.DossierPersistenceService; import com.knecon.fforesight.keycloakcommons.security.KeycloakSecurity; import com.iqser.red.service.persistence.management.v1.processor.entity.dossier.DossierAttributeConfigEntity; import com.iqser.red.service.persistence.management.v1.processor.service.AccessControlService; @@ -37,6 +38,7 @@ import lombok.RequiredArgsConstructor; @RequiredArgsConstructor public class DossierAttributesController implements DossierAttributesResource { + private final DossierPersistenceService dossierPersistenceService; private final DossierAttributeConfigPersistenceService dossierAttributeConfigPersistenceService; private final AuditPersistenceService auditPersistenceService; private final DossierAttributesManagementService dossierAttributesManagementService; @@ -150,6 +152,9 @@ public class DossierAttributesController implements DossierAttributesResource { @PreAuthorize("hasAuthority('" + READ_DOSSIER_ATTRIBUTES + "')") public DossierAttributes getDossierAttributes(String dossierId) { + //check if dossier exists before verifying permissions + dossierPersistenceService.findByDossierId(dossierId); + List result = Collections.emptyList(); if (accessControlService.hasUserViewPermissionsForDossier(dossierId)) { result = dossierAttributesManagementService.getDossierAttributes(dossierId);