Skip to content

Commit e47c1d2

Browse files
authored
Merge pull request DependencyTrack#2584 from nscuro/issue-2583
Fix invalid query filter assembly
2 parents 48adb8b + ca74c26 commit e47c1d2

File tree

2 files changed

+34
-2
lines changed

2 files changed

+34
-2
lines changed

src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -849,7 +849,7 @@ private void preprocessACLs(final Query<Project> query, final String inputFilter
849849
sb.append(" || ");
850850
}
851851
}
852-
if (inputFilter != null) {
852+
if (inputFilter != null && !inputFilter.isBlank()) {
853853
query.setFilter(inputFilter + " && (" + sb.toString() + ")");
854854
} else {
855855
query.setFilter(sb.toString());

src/test/java/org/dependencytrack/resources/v1/ProjectResourceTest.java

+33-1
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
import alpine.server.filters.ApiFilter;
2424
import alpine.server.filters.AuthenticationFilter;
2525
import org.dependencytrack.ResourceTest;
26+
import org.dependencytrack.model.ConfigPropertyConstants;
2627
import org.dependencytrack.model.Project;
2728
import org.dependencytrack.model.Tag;
2829
import org.glassfish.jersey.client.HttpUrlConnectorProvider;
@@ -40,7 +41,6 @@
4041
import javax.ws.rs.client.Entity;
4142
import javax.ws.rs.core.MediaType;
4243
import javax.ws.rs.core.Response;
43-
4444
import java.util.ArrayList;
4545
import java.util.List;
4646
import java.util.UUID;
@@ -81,6 +81,38 @@ public void getProjectsDefaultRequestTest() {
8181
Assert.assertEquals("999", json.getJsonObject(0).getString("version"));
8282
}
8383

84+
@Test // https://github.com/DependencyTrack/dependency-track/issues/2583
85+
public void getProjectsWithAclEnabledTest() {
86+
// Enable portfolio access control.
87+
qm.createConfigProperty(
88+
ConfigPropertyConstants.ACCESS_MANAGEMENT_ACL_ENABLED.getGroupName(),
89+
ConfigPropertyConstants.ACCESS_MANAGEMENT_ACL_ENABLED.getPropertyName(),
90+
"true",
91+
ConfigPropertyConstants.ACCESS_MANAGEMENT_ACL_ENABLED.getPropertyType(),
92+
null
93+
);
94+
95+
// Create project and give access to current principal's team.
96+
final Project accessProject = qm.createProject("acme-app-a", null, "1.0.0", null, null, null, true, false);
97+
accessProject.setAccessTeams(List.of(team));
98+
qm.persist(accessProject);
99+
100+
// Create a second project that the current principal has no access to.
101+
qm.createProject("acme-app-b", null, "2.0.0", null, null, null, true, false);
102+
103+
final Response response = target(V1_PROJECT)
104+
.request()
105+
.header(X_API_KEY, apiKey)
106+
.get(Response.class);
107+
Assert.assertEquals(200, response.getStatus(), 0);
108+
Assert.assertEquals("1", response.getHeaderString(TOTAL_COUNT_HEADER));
109+
JsonArray json = parseJsonArray(response);
110+
Assert.assertNotNull(json);
111+
Assert.assertEquals(1, json.size());
112+
Assert.assertEquals("acme-app-a", json.getJsonObject(0).getString("name"));
113+
Assert.assertEquals("1.0.0", json.getJsonObject(0).getString("version"));
114+
}
115+
84116
@Test
85117
public void getProjectsByNameRequestTest() {
86118
for (int i=0; i<1000; i++) {

0 commit comments

Comments
 (0)