Closes #2635: Make owner-is-null=owner-is-null not valid, allow use case "owner-is-null=true"

Author: CRoberto1926

rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/util/QueryParamsValidator.java

@@ -1,15 +1,14 @@
 package pro.taskana.common.rest.util;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.Arrays;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import javax.servlet.http.HttpServletRequest;
-import pro.taskana.common.api.exceptions.InvalidArgumentException;
 
 public class QueryParamsValidator {
 
@@ -35,21 +34,57 @@ public static void validateParams(HttpServletRequest request, Class<?>... filter
     if (!providedParams.isEmpty()) {
       throw new IllegalArgumentException("Unknown request parameters found: " + providedParams);
     }
-    checkExactParam(request, "owner-is-null");
   }
 
-  public static void checkExactParam(HttpServletRequest request, String queryParameter) {
-    String queryString = request.getQueryString();
-    boolean containParam = queryString != null && queryString.contains(queryParameter);
-    if (containParam) {
-      Pattern pattern = Pattern.compile("\\b" + queryParameter + "(&|$)");
-      Matcher matcher = pattern.matcher(queryString);
-
-      boolean hasExactParam = matcher.find();
-      if (!hasExactParam) {
-        throw new InvalidArgumentException(
-            "It is prohibited to use the param " + queryParameter + " with values.");
-      }
+  public static boolean hasQueryParameterValues(HttpServletRequest request, String queryParameter) {
+
+    Map<String, String[]> queryParametersMap = request.getParameterMap();
+
+    if (queryParametersMap.isEmpty()) {
+      return false;
+    }
+
+    String[] queryParameterValues = queryParametersMap.get(queryParameter);
+
+    if (queryParameterValues == null) {
+      return false;
     }
+
+    boolean hasQueryParameterNotEmptyValues =
+        Arrays.stream(queryParameterValues).anyMatch(value -> !value.isBlank());
+
+    /* Workaround to manage the case "query-param=".
+    It should be safe enough to use because we have checked all other possibilities before. */
+    boolean hasQueryParameterEmptyValues = request.getQueryString().contains(queryParameter + "=");
+
+    return hasQueryParameterNotEmptyValues || hasQueryParameterEmptyValues;
+  }
+
+  public static boolean hasQueryParameterValuesOrIsNotTrue(
+      HttpServletRequest request, String queryParameter) {
+
+    Map<String, String[]> queryParametersMap = request.getParameterMap();
+
+    if (queryParametersMap.isEmpty()) {
+      return false;
+    }
+
+    String[] queryParameterValues = queryParametersMap.get(queryParameter);
+
+    if (queryParameterValues == null) {
+      return false;
+    }
+
+    boolean hasQueryParameterProhibitedValues =
+        Arrays.stream(queryParameterValues)
+            .anyMatch(value -> !value.isBlank() && !Boolean.parseBoolean(value));
+
+    /* Workaround to manage the case "query-param=".
+    It should be safe enough to use because we have checked all other possibilities before. */
+    boolean hasQueryParameterEmptyValues =
+        Arrays.stream(queryParameterValues).allMatch(String::isBlank)
+            && request.getQueryString().contains(queryParameter + "=");
+
+    return hasQueryParameterProhibitedValues || hasQueryParameterEmptyValues;
   }
 }

rest/taskana-rest-spring/src/main/java/pro/taskana/task/rest/TaskController.java

@@ -118,11 +118,12 @@ public ResponseEntity<TaskRepresentationModel> createTask(
           NotAuthorizedOnWorkbasketException {
 
     if (!taskRepresentationModel.getAttachments().stream()
-            .filter(att -> Objects.nonNull(att.getTaskId()))
-            .filter(att -> !att.getTaskId().equals(taskRepresentationModel.getTaskId()))
-            .collect(Collectors.toList()).isEmpty()) {
+        .filter(att -> Objects.nonNull(att.getTaskId()))
+        .filter(att -> !att.getTaskId().equals(taskRepresentationModel.getTaskId()))
+        .collect(Collectors.toList())
+        .isEmpty()) {
       throw new InvalidArgumentException(
-              "An attachments' taskId must be empty or equal to the id of the task it belongs to");
+          "An attachments' taskId must be empty or equal to the id of the task it belongs to");
     }
 
     Task fromResource = taskRepresentationModelAssembler.toEntityModel(taskRepresentationModel);
@@ -148,6 +149,7 @@ public ResponseEntity<TaskRepresentationModel> createTask(
    * @param sortParameter the sort parameters
    * @param pagingParameter the paging parameters
    * @return the Tasks with the given filter, sort and paging options.
+   * @throws InvalidArgumentException if the query parameter "owner-is-null" has values
    */
   @GetMapping(path = RestEndpoints.URL_TASKS)
   @Transactional(readOnly = true, rollbackFor = Exception.class)
@@ -167,6 +169,12 @@ public ResponseEntity<TaskSummaryPagedRepresentationModel> getTasks(
         TaskQueryGroupByParameter.class,
         QuerySortParameter.class,
         QueryPagingParameter.class);
+
+    if (QueryParamsValidator.hasQueryParameterValuesOrIsNotTrue(request, "owner-is-null")) {
+      throw new InvalidArgumentException(
+          "It is prohibited to use the param owner-is-null with values.");
+    }
+
     TaskQuery query = taskService.createTaskQuery();
 
     filterParameter.apply(query);
@@ -653,11 +661,12 @@ public ResponseEntity<TaskRepresentationModel> updateTask(
     }
 
     if (!taskRepresentationModel.getAttachments().stream()
-            .filter(att -> Objects.nonNull(att.getTaskId()))
-            .filter(att -> !att.getTaskId().equals(taskRepresentationModel.getTaskId()))
-            .collect(Collectors.toList()).isEmpty()) {
+        .filter(att -> Objects.nonNull(att.getTaskId()))
+        .filter(att -> !att.getTaskId().equals(taskRepresentationModel.getTaskId()))
+        .collect(Collectors.toList())
+        .isEmpty()) {
       throw new InvalidArgumentException(
-              "An attachments' taskId must be empty or equal to the id of the task it belongs to");
+          "An attachments' taskId must be empty or equal to the id of the task it belongs to");
     }
 
     Task task = taskRepresentationModelAssembler.toEntityModel(taskRepresentationModel);