Merge pull request #3454 from ingef/fix/entity-preview-validation

adds validation for entity preview requests
ingef · May 29, 2024 · d802618 · d802618
2 parents 3b3daee + d4f6f39
commit d802618
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 2 deletions.
diff --git a/backend/src/main/java/com/bakdata/conquery/apiv1/QueryProcessor.java b/backend/src/main/java/com/bakdata/conquery/apiv1/QueryProcessor.java
@@ -56,6 +56,7 @@
 import com.bakdata.conquery.models.datasets.SecondaryIdDescription;
 import com.bakdata.conquery.models.datasets.concepts.Connector;
 import com.bakdata.conquery.models.error.ConqueryError;
+import com.bakdata.conquery.models.exceptions.ValidatorHelper;
 import com.bakdata.conquery.models.execution.ExecutionState;
 import com.bakdata.conquery.models.execution.ManagedExecution;
 import com.bakdata.conquery.models.i18n.I18n;
@@ -84,6 +85,7 @@
 import com.google.common.collect.MutableClassToInstanceMap;
 import jakarta.inject.Inject;
 import jakarta.servlet.http.HttpServletRequest;
+import jakarta.validation.Validator;
 import jakarta.ws.rs.BadRequestException;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.UriBuilder;
@@ -102,6 +104,8 @@ public class QueryProcessor {
 	private MetaStorage storage;
 	@Inject
 	private ConqueryConfig config;
+	@Inject
+	private Validator validator;
 
 
 
@@ -339,6 +343,9 @@ public FullExecutionStatus getSingleEntityExport(Subject subject, UriBuilder uri
 		final EntityPreviewForm form =
 				EntityPreviewForm.create(entity, idKind, dateRange, sources, previewConfig.getSelects(), previewConfig.getTimeStratifiedSelects(), datasetRegistry);
 
+		// Validate our own form because we provide it directly to the processor, which does not validate.
+		ValidatorHelper.failOnError(log, validator.validate(form));
+
 		// TODO make sure that subqueries are also system
 		// TODO do not persist system queries
 		final EntityPreviewExecution execution = (EntityPreviewExecution) postQuery(dataset, form, subject, true);

diff --git a/backend/src/main/java/com/bakdata/conquery/apiv1/query/concept/specific/CQConcept.java b/backend/src/main/java/com/bakdata/conquery/apiv1/query/concept/specific/CQConcept.java
@@ -99,6 +99,7 @@ public static CQConcept forSelect(Select select) {
 			table.setConnector(((Connector) select.getHolder()));
 
 			table.setSelects(List.of(select));
+			table.setConcept(cqConcept);
 		}
 		else {
 			cqConcept.setTables(((Concept<?>) select.getHolder())

diff --git a/backend/src/main/java/com/bakdata/conquery/models/query/preview/EntityPreviewForm.java b/backend/src/main/java/com/bakdata/conquery/models/query/preview/EntityPreviewForm.java
@@ -40,6 +40,7 @@
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.collect.ClassToInstanceMap;
+import jakarta.validation.Valid;
 import lombok.Getter;
 import lombok.NonNull;
 import lombok.RequiredArgsConstructor;
@@ -68,7 +69,9 @@ public class EntityPreviewForm extends Form implements InternalForm {
 	public static final String VALUES_QUERY_NAME = "VALUES";
 
 
+	@Valid
 	private final AbsoluteFormQuery infoCardQuery;
+	@Valid
 	private final TableExportQuery valuesQuery;
 
 

diff --git a/backend/src/main/java/com/bakdata/conquery/resources/api/DatasetQueryResource.java b/backend/src/main/java/com/bakdata/conquery/resources/api/DatasetQueryResource.java
@@ -57,7 +57,7 @@ public class DatasetQueryResource {
 
 	@POST
 	@Path("/entity")
-	public FullExecutionStatus getEntityData(@Auth Subject subject, EntityPreviewRequest query, @Context HttpServletRequest request) {
+	public FullExecutionStatus getEntityData(@Auth Subject subject, @Valid EntityPreviewRequest query, @Context HttpServletRequest request) {
 		subject.authorize(dataset, Ability.READ);
 		subject.authorize(dataset, Ability.PRESERVE_ID);
 

diff --git a/backend/src/main/java/com/bakdata/conquery/resources/api/EntityPreviewRequest.java b/backend/src/main/java/com/bakdata/conquery/resources/api/EntityPreviewRequest.java
@@ -7,6 +7,7 @@
 import com.bakdata.conquery.models.common.Range;
 import com.bakdata.conquery.models.datasets.concepts.Connector;
 import com.fasterxml.jackson.annotation.JsonCreator;
+import jakarta.validation.constraints.NotEmpty;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 
@@ -17,6 +18,7 @@ public class EntityPreviewRequest {
 	private final String entityId;
 	private final Range<LocalDate> time;
 	@NsIdRefCollection
+	@NotEmpty
 	private final List<Connector> sources;
 
 	//TODO uncomment, when frontend is adapted to support this

diff --git a/backend/src/test/java/com/bakdata/conquery/api/StoredQueriesProcessorTest.java b/backend/src/test/java/com/bakdata/conquery/api/StoredQueriesProcessorTest.java
@@ -49,17 +49,21 @@
 import com.bakdata.conquery.util.NonPersistentStoreFactory;
 import com.google.common.collect.ImmutableList;
 import io.dropwizard.core.setup.Environment;
+import io.dropwizard.jersey.validation.Validators;
+import jakarta.validation.Validator;
 import jakarta.ws.rs.core.UriBuilder;
 import lombok.SneakyThrows;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 
 public class StoredQueriesProcessorTest {
+
+	private static final Validator VALIDATOR = Validators.newValidator();
 	private static final MetaStorage STORAGE = new NonPersistentStoreFactory().createMetaStorage();
 
 	public static final ConqueryConfig CONFIG = new ConqueryConfig();
 	private static final DatasetRegistry<DistributedNamespace> datasetRegistry = new DatasetRegistry<>(0, CONFIG, null, null, null);
-	private static final QueryProcessor processor = new QueryProcessor(datasetRegistry, STORAGE, CONFIG);
+	private static final QueryProcessor processor = new QueryProcessor(datasetRegistry, STORAGE, CONFIG, VALIDATOR);
 
 	private static final Dataset DATASET_0 = new Dataset() {{
 		setName("dataset0");