From b5156cb77f4bac6b67f2e40103fcbf6926181c5e Mon Sep 17 00:00:00 2001
From: Mirco Nasuti <mirco.nasuti@chuv.ch>
Date: Thu, 3 Nov 2016 10:59:54 +0100
Subject: [PATCH] Check model/article existence when trying to get one from
 slug

---
 src/main/java/eu/hbp/mip/controllers/ArticlesApi.java | 7 +++++++
 src/main/java/eu/hbp/mip/controllers/ModelsApi.java   | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/src/main/java/eu/hbp/mip/controllers/ArticlesApi.java b/src/main/java/eu/hbp/mip/controllers/ArticlesApi.java
index 024b49b07..23c160638 100644
--- a/src/main/java/eu/hbp/mip/controllers/ArticlesApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ArticlesApi.java
@@ -148,6 +148,13 @@ public class ArticlesApi {
         User user = securityConfiguration.getUser();
         Article article;
         article = articleRepository.findOne(slug);
+
+        if(article == null)
+        {
+            LOGGER.warn("Cannot find article : " + slug);
+            return ResponseEntity.badRequest().body(null);
+        }
+
         if (!"published".equals(article.getStatus()) && !article.getCreatedBy().getUsername().equals(user.getUsername()))
         {
             return new ResponseEntity<>(HttpStatus.FORBIDDEN);
diff --git a/src/main/java/eu/hbp/mip/controllers/ModelsApi.java b/src/main/java/eu/hbp/mip/controllers/ModelsApi.java
index 03bae52c1..57609b5bb 100644
--- a/src/main/java/eu/hbp/mip/controllers/ModelsApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ModelsApi.java
@@ -208,6 +208,13 @@ public class ModelsApi {
         User user = securityConfiguration.getUser();
 
         Model model = modelRepository.findOne(slug);
+
+        if(model == null)
+        {
+            LOGGER.warn("Cannot find model : " + slug);
+            return ResponseEntity.badRequest().body(null);
+        }
+
         if (!model.getValid() && !model.getCreatedBy().getUsername().equals(user.getUsername()))
         {
             return new ResponseEntity<>(HttpStatus.FORBIDDEN);
-- 
GitLab