From edd47c68c6a08bd756d96213c38e896a0a257bd1 Mon Sep 17 00:00:00 2001
From: Roberto Sánchez <roberto.sanchez@curisit.net>
Date: Mon, 13 Jan 2014 18:12:51 +0000
Subject: [PATCH] #394 feature - Several fixes related with form management

---
 securis/src/main/java/net/curisit/securis/services/OrganizationResource.java |   17 +++++++++++++++--
 1 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/securis/src/main/java/net/curisit/securis/services/OrganizationResource.java b/securis/src/main/java/net/curisit/securis/services/OrganizationResource.java
index b8b8cc3..a7cbbcf 100644
--- a/securis/src/main/java/net/curisit/securis/services/OrganizationResource.java
+++ b/securis/src/main/java/net/curisit/securis/services/OrganizationResource.java
@@ -96,6 +96,15 @@
 		return Response.ok(lt).build();
 	}
 
+	private boolean isCyclicalRelationship(int currentId, Organization parent) {
+		while (parent != null) {
+			if (parent.getId() == currentId)
+				return true;
+			parent = parent.getParentOrganization();
+		}
+		return false;
+	}
+
 	@POST
 	@Path("/")
 	@Consumes(MediaType.APPLICATION_JSON)
@@ -157,6 +166,10 @@
 				log.error("Organization parent with id {} not found in DB", org.getParentOrgId());
 				return Response.status(Status.NOT_FOUND).header(SecurisErrorHandler.HEADER_ERROR_MESSAGE, "Organization's parent not found with ID: " + org.getParentOrgId()).build();
 			}
+			if (isCyclicalRelationship(currentOrg.getId(), parentOrg)) {
+				log.error("Organization parent generate a cyclical relationship, parent id {}, current id: {}", org.getParentOrgId(), currentOrg.getId());
+				return Response.status(Status.FORBIDDEN).header(SecurisErrorHandler.HEADER_ERROR_MESSAGE, "Cyclical relationships are not allowed, please change the parent organization, current Parent: " + parentOrg.getName()).build();
+			}
 		}
 
 		List<User> users = null;
@@ -165,8 +178,8 @@
 			users = new ArrayList<>();
 			for (String username : usersIds) {
 				User user = em.find(User.class, username);
-				if (parentOrg == null) {
-					log.error("Organization user with id {} not found in DB", username);
+				if (user == null) {
+					log.error("Organization user with id '{}' not found in DB", username);
 					return Response.status(Status.NOT_FOUND).header(SecurisErrorHandler.HEADER_ERROR_MESSAGE, "Organization's user not found with ID: " + username).build();
 				}
 				users.add(user);

--
Gitblit v1.3.2