From 2d8d815bca187f1f9e6893ed0f79d360ef05ed11 Mon Sep 17 00:00:00 2001 From: robertSt7 <104770750+robertSt7@users.noreply.github.com> Date: Wed, 21 Feb 2024 14:39:41 +0100 Subject: [PATCH] [Bug][Data loss]: if passing an invalid asset.id, fullpath to object mutation GraphQL query, the assets are silently discarded (#825) * Fix: throw error message * Fix: throw error message * Apply suggestion by covering all the relational types and improve exception message * Update ManyToOneRelation.php * Apply php-cs-fixer changes --------- Co-authored-by: jiajia Co-authored-by: kingjia90 --- .../AdvancedManyToManyObjectRelation.php | 8 ++++++++ .../AdvancedManyToManyRelation.php | 8 ++++++++ .../ManyToManyObjectRelation.php | 8 ++++++++ .../DataObjectInputProcessor/ManyToManyRelation.php | 8 ++++++++ .../DataObjectInputProcessor/ManyToOneRelation.php | 11 +++++++++++ 5 files changed, 43 insertions(+) diff --git a/src/GraphQL/DataObjectInputProcessor/AdvancedManyToManyObjectRelation.php b/src/GraphQL/DataObjectInputProcessor/AdvancedManyToManyObjectRelation.php index accf7abc..b64091e4 100644 --- a/src/GraphQL/DataObjectInputProcessor/AdvancedManyToManyObjectRelation.php +++ b/src/GraphQL/DataObjectInputProcessor/AdvancedManyToManyObjectRelation.php @@ -21,6 +21,7 @@ use Pimcore\Model\DataObject\Concrete; use Pimcore\Model\DataObject\Data\ObjectMetadata; use Pimcore\Model\DataObject\Fieldcollection\Data\AbstractData; +use Pimcore\Model\Exception\NotFoundException; class AdvancedManyToManyObjectRelation extends Base { @@ -58,6 +59,13 @@ public function process($object, $newValue, $args, $context, ResolveInfo $info) $item->setData($data); } $result[] = $item; + } else { + throw new NotFoundException( + sprintf('Element with id %s or fullpath %s not found', + $newValueItemValue['id'], + $newValueItemValue['fullpath'] + ) + ); } } } diff --git a/src/GraphQL/DataObjectInputProcessor/AdvancedManyToManyRelation.php b/src/GraphQL/DataObjectInputProcessor/AdvancedManyToManyRelation.php index fbc35d28..ee0752ea 100644 --- a/src/GraphQL/DataObjectInputProcessor/AdvancedManyToManyRelation.php +++ b/src/GraphQL/DataObjectInputProcessor/AdvancedManyToManyRelation.php @@ -21,6 +21,7 @@ use Pimcore\Model\DataObject\Concrete; use Pimcore\Model\DataObject\Data\ElementMetadata; use Pimcore\Model\DataObject\Fieldcollection\Data\AbstractData; +use Pimcore\Model\Exception\NotFoundException; class AdvancedManyToManyRelation extends Base { @@ -57,6 +58,13 @@ public function process($object, $newValue, $args, $context, ResolveInfo $info) $item->setData($data); } $result[] = $item; + } else { + throw new NotFoundException( + sprintf('Element with id %s or fullpath %s not found', + $newValueItemValue['id'], + $newValueItemValue['fullpath'] + ) + ); } } } diff --git a/src/GraphQL/DataObjectInputProcessor/ManyToManyObjectRelation.php b/src/GraphQL/DataObjectInputProcessor/ManyToManyObjectRelation.php index 3d3b3dc6..a441bda6 100644 --- a/src/GraphQL/DataObjectInputProcessor/ManyToManyObjectRelation.php +++ b/src/GraphQL/DataObjectInputProcessor/ManyToManyObjectRelation.php @@ -21,6 +21,7 @@ use Pimcore\Bundle\DataHubBundle\GraphQL\Traits\ElementIdentificationTrait; use Pimcore\Model\DataObject\Concrete; use Pimcore\Model\DataObject\Fieldcollection\Data\AbstractData; +use Pimcore\Model\Exception\NotFoundException; class ManyToManyObjectRelation extends Base { @@ -50,6 +51,13 @@ public function process($object, $newValue, $args, $context, ResolveInfo $info) if ($element) { $result[] = $element; + } else { + throw new NotFoundException( + sprintf('Element with id %s or fullpath %s not found', + $newValueItemValue['id'], + $newValueItemValue['fullpath'] + ) + ); } } } diff --git a/src/GraphQL/DataObjectInputProcessor/ManyToManyRelation.php b/src/GraphQL/DataObjectInputProcessor/ManyToManyRelation.php index 2826ba76..0f5e39f6 100644 --- a/src/GraphQL/DataObjectInputProcessor/ManyToManyRelation.php +++ b/src/GraphQL/DataObjectInputProcessor/ManyToManyRelation.php @@ -20,6 +20,7 @@ use Pimcore\Bundle\DataHubBundle\GraphQL\Traits\ElementIdentificationTrait; use Pimcore\Model\DataObject\Concrete; use Pimcore\Model\DataObject\Fieldcollection\Data\AbstractData; +use Pimcore\Model\Exception\NotFoundException; class ManyToManyRelation extends Base { @@ -45,6 +46,13 @@ public function process($object, $newValue, $args, $context, ResolveInfo $info) if ($element) { $result[] = $element; + } else { + throw new NotFoundException( + sprintf('Element with id %s or fullpath %s not found', + $newValueItemValue['id'], + $newValueItemValue['fullpath'] + ) + ); } } } diff --git a/src/GraphQL/DataObjectInputProcessor/ManyToOneRelation.php b/src/GraphQL/DataObjectInputProcessor/ManyToOneRelation.php index a722cdbb..aba68702 100644 --- a/src/GraphQL/DataObjectInputProcessor/ManyToOneRelation.php +++ b/src/GraphQL/DataObjectInputProcessor/ManyToOneRelation.php @@ -20,6 +20,7 @@ use Pimcore\Bundle\DataHubBundle\GraphQL\Traits\ElementIdentificationTrait; use Pimcore\Model\DataObject\Concrete; use Pimcore\Model\DataObject\Fieldcollection\Data\AbstractData; +use Pimcore\Model\Exception\NotFoundException; class ManyToOneRelation extends Base { @@ -40,8 +41,18 @@ public function process($object, $newValue, $args, $context, ResolveInfo $info): $me = $this; Service::setValue($object, $attribute, function ($container, $setter) use ($newValue) { $element = null; + if (is_array($newValue)) { $element = $this->getElementByTypeAndIdOrPath($newValue); + + if (!$element) { + throw new NotFoundException( + sprintf('Element with id %s or fullpath %s not found', + $newValue['id'], + $newValue['fullpath'] + ) + ); + } } return $container->$setter($element);