fix: [API] adding objects now has better validation errors

- instead of silently dropping attributes in certain cases
2019-11-15 14:11:24 +01:00 · 2019-11-15 14:11:24 +01:00 · e4c82eb9ff
parent 4f9e3ec6d3
commit e4c82eb9ff
2 changed files with 10 additions and 2 deletions
--- a/app/Controller/ObjectsController.php
+++ b/app/Controller/ObjectsController.php
@ -198,6 +198,7 @@ class ObjectsController extends AppController
            $this->MispObject->Event->insertLock($this->Auth->user(), $eventId);
        }
        $error = false;
+        $template = false;
        if (!empty($templateId) || !$this->_isRest()) {
            $templates = $this->MispObject->ObjectTemplate->find('all', array(
                'conditions' => array('ObjectTemplate.id' => $templateId),
@ -247,10 +248,14 @@ class ObjectsController extends AppController
                foreach ($object['Attribute'] as $k => $attribute) {
                    unset($object['Attribute'][$k]['id']);
                    $object['Attribute'][$k]['event_id'] = $eventId;
-                    $this->MispObject->Event->Attribute->set($attribute);
+                    $this->MispObject->Event->Attribute->set($object['Attribute'][$k]);
                    if (!$this->MispObject->Event->Attribute->validates()) {
                        if ($this->MispObject->Event->Attribute->validationErrors['value'][0] !== 'Composite type found but the value not in the composite (value1|value2) format.') {
-                            $error = 'Could not save object as at least one attribute has failed validation (' . $attribute['object_relation'] . '). ' . json_encode($this->MispObject->Event->Attribute->validationErrors);
+                            $error = sprintf(
+                                'Could not save object as at least one attribute has failed validation (%s). %s',
+                                isset($attribute['object_relation']) ? $attribute['object_relation'] : 'No object_relation',
+                                json_encode($this->MispObject->Event->Attribute->validationErrors)
+                            );
                        }
                    }
                }
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@ -813,9 +813,11 @@ class Attribute extends AppModel
    {
        parent::beforeValidate();
        if (!isset($this->data['Attribute']['type'])) {
+            $this->validationErrors['type'] = ['No type set.'];
            return false;
        }
        if (is_array($this->data['Attribute']['value'])) {
+            $this->validationErrors['type'] = ['Value is an array.'];
            return false;
        }
        App::uses('ComplexTypeTool', 'Tools');
@ -823,6 +825,7 @@ class Attribute extends AppModel
        $this->data['Attribute']['value'] = $this->complexTypeTool->refangValue($this->data['Attribute']['value'], $this->data['Attribute']['type']);

        if (!empty($this->data['Attribute']['object_id']) && empty($this->data['Attribute']['object_relation'])) {
+            $this->validationErrors['type'] = ['Object attribute sent, but no object_relation set.'];
            return false;
        }
        // remove leading and trailing blanks