From e2ec1f33b7e0f11dffae173027e0c014af4dea6b Mon Sep 17 00:00:00 2001
From: virgilchiriac <virgil.chiriac@dataport.de>
Date: Mon, 23 Oct 2023 17:49:55 +0200
Subject: [PATCH] restrict returned response type

---
 .../board/controller/board-submission.controller.ts      | 9 +++++++--
 .../dto/element/any-content-element.response.ts          | 6 ++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/apps/server/src/modules/board/controller/board-submission.controller.ts b/apps/server/src/modules/board/controller/board-submission.controller.ts
index 1d68ef54d43..1dd46440f21 100644
--- a/apps/server/src/modules/board/controller/board-submission.controller.ts
+++ b/apps/server/src/modules/board/controller/board-submission.controller.ts
@@ -8,6 +8,7 @@ import {
 	Param,
 	Patch,
 	Post,
+	UnprocessableEntityException,
 } from '@nestjs/common';
 import { ApiExtraModels, ApiOperation, ApiResponse, ApiTags, getSchemaPath } from '@nestjs/swagger';
 import { ApiValidationError } from '@shared/common';
@@ -17,9 +18,10 @@ import { CardUc } from '../uc';
 import { ElementUc } from '../uc/element.uc';
 import { SubmissionItemUc } from '../uc/submission-item.uc';
 import {
-	AnyContentElementResponse,
 	CreateContentElementBodyParams,
 	FileElementResponse,
+	isFileElementResponse,
+	isRichTextElementResponse,
 	RichTextElementResponse,
 	SubmissionContainerUrlParams,
 	SubmissionItemUrlParams,
@@ -91,10 +93,13 @@ export class BoardSubmissionController {
 		@Param() urlParams: SubmissionItemUrlParams,
 		@Body() bodyParams: CreateContentElementBodyParams,
 		@CurrentUser() currentUser: ICurrentUser
-	): Promise<AnyContentElementResponse> {
+	): Promise<FileElementResponse | RichTextElementResponse> {
 		const { type } = bodyParams;
 		const element = await this.submissionItemUc.createElement(currentUser.userId, urlParams.submissionItemId, type);
 		const response = ContentElementResponseFactory.mapToResponse(element);
+		if (!isFileElementResponse(response) && !isRichTextElementResponse(response)) {
+			throw new UnprocessableEntityException();
+		}
 
 		return response;
 	}
diff --git a/apps/server/src/modules/board/controller/dto/element/any-content-element.response.ts b/apps/server/src/modules/board/controller/dto/element/any-content-element.response.ts
index 18415d172fa..84681de7691 100644
--- a/apps/server/src/modules/board/controller/dto/element/any-content-element.response.ts
+++ b/apps/server/src/modules/board/controller/dto/element/any-content-element.response.ts
@@ -10,3 +10,9 @@ export type AnyContentElementResponse =
 	| RichTextElementResponse
 	| SubmissionContainerElementResponse
 	| ExternalToolElementResponse;
+
+export const isFileElementResponse = (element: AnyContentElementResponse): element is FileElementResponse =>
+	element instanceof FileElementResponse;
+
+export const isRichTextElementResponse = (element: AnyContentElementResponse): element is RichTextElementResponse =>
+	element instanceof RichTextElementResponse;