From c00ac6ebe116c4673b122b01293c5d512e93ee31 Mon Sep 17 00:00:00 2001
From: Corina Olariu <corina.olariu.ext@knecon.com>
Date: Thu, 1 Feb 2024 15:17:34 +0200
Subject: [PATCH] RED-7143 - Error 500 generated when entering very long text
 in editable fields of a file - validate the value length

Signed-off-by: Corina Olariu <corina.olariu.ext@knecon.com>
---
 .../api/impl/controller/FileAttributesController.java    | 3 ++-
 .../persistence/FileStatusPersistenceService.java        | 9 +++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/FileAttributesController.java b/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/FileAttributesController.java
index c9ea7be57..317648c87 100644
--- a/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/FileAttributesController.java
+++ b/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/FileAttributesController.java
@@ -78,7 +78,7 @@ public class FileAttributesController implements FileAttributesResource {
 
     @Override
     @PreAuthorize("hasAuthority('" + WRITE_FILE_ATTRIBUTES_CONFIG + "')")
-    public FileAttributeConfig addOrUpdateFileAttribute(@PathVariable(DOSSIER_TEMPLATE_ID) String dossierTemplateId,@Valid @RequestBody FileAttributeConfig fileAttribute) {
+    public FileAttributeConfig addOrUpdateFileAttribute(@PathVariable(DOSSIER_TEMPLATE_ID) String dossierTemplateId, @Valid @RequestBody FileAttributeConfig fileAttribute) {
 
         var result = fileAttributeConfigPersistenceService.addOrUpdateFileAttribute(dossierTemplateId, MagicConverter.convert(fileAttribute, FileAttributeConfigEntity.class));
         auditPersistenceService.audit(AuditRequest.builder()
@@ -146,6 +146,7 @@ public class FileAttributesController implements FileAttributesResource {
     @PreAuthorize("hasAuthority('" + WRITE_FILE_ATTRIBUTES + "')")
     public void setFileAttributes(@PathVariable(DOSSIER_ID_PARAM) String dossierId, @PathVariable(FILE_ID) String fileId, @RequestBody FileAttributes fileAttributes) {
 
+        accessControlService.checkDossierExistenceAndAccessPermissionsToDossier(dossierId);
         var file = fileStatusService.getStatus(fileId);
 
         if (file.getWorkflowStatus().equals(WorkflowStatus.APPROVED)) {
diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/FileStatusPersistenceService.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/FileStatusPersistenceService.java
index b0a7888fa..633a8bfd2 100644
--- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/FileStatusPersistenceService.java
+++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/FileStatusPersistenceService.java
@@ -34,6 +34,7 @@ import lombok.extern.slf4j.Slf4j;
 @RequiredArgsConstructor
 public class FileStatusPersistenceService {
 
+    private final static int MAX_STATUS_NAME_LENGTH = 4000;
     private final FileRepository fileRepository;
     private final FileAttributesRepository fileAttributesRepository;
     private final FileAttributeConfigPersistenceService fileAttributeConfigPersistenceService;
@@ -286,11 +287,19 @@ public class FileStatusPersistenceService {
                     .map(FileAttributeConfigEntity::getId)
                     .orElseThrow(() -> new BadRequestException("Invalid File Attribute Id")));
             fa.setFileAttributeId(id);
+            validateFileAttributeLength(entry.getValue());
             fa.setValue(StringUtils.isBlank(entry.getValue()) ? null : entry.getValue());
             return fa;
         }).collect(Collectors.toList());
     }
 
+    private void validateFileAttributeLength(String fileAttributesValue) {
+
+        if (!StringUtils.isBlank(fileAttributesValue) && fileAttributesValue.length() > MAX_STATUS_NAME_LENGTH) {
+            throw new BadRequestException(String.format("The name is too long (%s), max length %s", fileAttributesValue.length(), MAX_STATUS_NAME_LENGTH));
+        }
+    }
+
 
     @Transactional(value = Transactional.TxType.REQUIRES_NEW)
     public void addFileAttributes(String dossierId, String fileId, Set<FileAttribute> fileAttributes) {
-- 
2.47.2