From 21273e377861173b821019e5e9c5d71220f2f7bc Mon Sep 17 00:00:00 2001 From: Iglocska Date: Fri, 15 Apr 2016 15:11:36 +0200 Subject: [PATCH] Fixed a check for the upload sample API to check if the target event actually exists --- app/Controller/EventsController.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index c1774e646..c4fbd536a 100755 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -3146,13 +3146,17 @@ class EventsController extends AppController { if (empty($data['files'])) throw new BadRequestException('No samples received, or samples not in the correct format. Please refer to the API documentation on the automation page.'); if (isset($event_id)) $data['event_id'] = $event_id; + if (isset($data['event_id'])) { + $this->Event->id = $data['event_id']; + if(!$this->Event->exists()) throw new NotFoundException('Event not found'); + } // check if the user has permission to create attributes for an event, if the event ID has been passed // If not, create an event if (isset($data['event_id']) && !empty($data['event_id']) && is_numeric($data['event_id'])) { - $conditions = array(); + $conditions = array('Event.id' => $data['event_id']); if (!$this->_isSiteAdmin()) { - $conditions = array('Event.orgc_id' => $this->Auth->user('org_id')); + $conditions[] = array('Event.orgc_id' => $this->Auth->user('org_id')); if (!$this->userRole['perm_modify_org']) $conditions[] = array('Event.user_id' => $this->Auth->user('id')); } $event = $this->Event->find('first', array( @@ -3160,7 +3164,7 @@ class EventsController extends AppController { 'conditions' => $conditions, 'fields' => array('id'), )); - if (empty($event)) throw new MethodNotFoundException('Event not found.'); + if (empty($event)) throw new NotFoundException('Event not found.'); $this->Event->id = $data['event_id']; $this->Event->saveField('published', 0); } else {