diff --git a/backend/src/main/java/com/bakdata/conquery/apiv1/QueryProcessor.java b/backend/src/main/java/com/bakdata/conquery/apiv1/QueryProcessor.java index 0fe06ff30a..52f3294e08 100644 --- a/backend/src/main/java/com/bakdata/conquery/apiv1/QueryProcessor.java +++ b/backend/src/main/java/com/bakdata/conquery/apiv1/QueryProcessor.java @@ -56,6 +56,7 @@ import com.bakdata.conquery.models.datasets.SecondaryIdDescription; import com.bakdata.conquery.models.datasets.concepts.Connector; import com.bakdata.conquery.models.error.ConqueryError; +import com.bakdata.conquery.models.exceptions.ValidatorHelper; import com.bakdata.conquery.models.execution.ExecutionState; import com.bakdata.conquery.models.execution.ManagedExecution; import com.bakdata.conquery.models.i18n.I18n; @@ -84,6 +85,7 @@ import com.google.common.collect.MutableClassToInstanceMap; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; +import jakarta.validation.Validator; import jakarta.ws.rs.BadRequestException; import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.UriBuilder; @@ -102,6 +104,8 @@ public class QueryProcessor { private MetaStorage storage; @Inject private ConqueryConfig config; + @Inject + private Validator validator; @@ -339,6 +343,9 @@ public FullExecutionStatus getSingleEntityExport(Subject subject, UriBuilder uri final EntityPreviewForm form = EntityPreviewForm.create(entity, idKind, dateRange, sources, previewConfig.getSelects(), previewConfig.getTimeStratifiedSelects(), datasetRegistry); + // Validate our own form because we provide it directly to the processor, which does not validate. + ValidatorHelper.failOnError(log, validator.validate(form)); + // TODO make sure that subqueries are also system // TODO do not persist system queries final EntityPreviewExecution execution = (EntityPreviewExecution) postQuery(dataset, form, subject, true); diff --git a/backend/src/main/java/com/bakdata/conquery/models/query/preview/EntityPreviewForm.java b/backend/src/main/java/com/bakdata/conquery/models/query/preview/EntityPreviewForm.java index 9182dc9ab0..3ac2552767 100644 --- a/backend/src/main/java/com/bakdata/conquery/models/query/preview/EntityPreviewForm.java +++ b/backend/src/main/java/com/bakdata/conquery/models/query/preview/EntityPreviewForm.java @@ -40,6 +40,7 @@ import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.databind.JsonNode; import com.google.common.collect.ClassToInstanceMap; +import jakarta.validation.Valid; import lombok.Getter; import lombok.NonNull; import lombok.RequiredArgsConstructor; @@ -68,7 +69,9 @@ public class EntityPreviewForm extends Form implements InternalForm { public static final String VALUES_QUERY_NAME = "VALUES"; + @Valid private final AbsoluteFormQuery infoCardQuery; + @Valid private final TableExportQuery valuesQuery; diff --git a/backend/src/main/java/com/bakdata/conquery/resources/api/DatasetQueryResource.java b/backend/src/main/java/com/bakdata/conquery/resources/api/DatasetQueryResource.java index 37e3100c12..8cbb750205 100644 --- a/backend/src/main/java/com/bakdata/conquery/resources/api/DatasetQueryResource.java +++ b/backend/src/main/java/com/bakdata/conquery/resources/api/DatasetQueryResource.java @@ -57,7 +57,7 @@ public class DatasetQueryResource { @POST @Path("/entity") - public FullExecutionStatus getEntityData(@Auth Subject subject, EntityPreviewRequest query, @Context HttpServletRequest request) { + public FullExecutionStatus getEntityData(@Auth Subject subject, @Valid EntityPreviewRequest query, @Context HttpServletRequest request) { subject.authorize(dataset, Ability.READ); subject.authorize(dataset, Ability.PRESERVE_ID); diff --git a/backend/src/main/java/com/bakdata/conquery/resources/api/EntityPreviewRequest.java b/backend/src/main/java/com/bakdata/conquery/resources/api/EntityPreviewRequest.java index 40eeff13fa..f7b9b5f40f 100644 --- a/backend/src/main/java/com/bakdata/conquery/resources/api/EntityPreviewRequest.java +++ b/backend/src/main/java/com/bakdata/conquery/resources/api/EntityPreviewRequest.java @@ -7,6 +7,7 @@ import com.bakdata.conquery.models.common.Range; import com.bakdata.conquery.models.datasets.concepts.Connector; import com.fasterxml.jackson.annotation.JsonCreator; +import jakarta.validation.constraints.NotEmpty; import lombok.AllArgsConstructor; import lombok.Data; @@ -17,6 +18,7 @@ public class EntityPreviewRequest { private final String entityId; private final Range time; @NsIdRefCollection + @NotEmpty private final List sources; //TODO uncomment, when frontend is adapted to support this