fix: Throw 400 when requesting explorer entities with bad node-type-f…

…ield id
roadiz · May 27, 2024 · 883bc71 · 883bc71
1 parent 4fe292f
commit 883bc71
Showing 1 changed file with 17 additions and 7 deletions.
diff --git a/lib/Rozier/src/AjaxControllers/AjaxEntitiesExplorerController.php b/lib/Rozier/src/AjaxControllers/AjaxEntitiesExplorerController.php
@@ -18,7 +18,7 @@
 use Symfony\Component\Config\Definition\Processor;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\Routing\Exception\InvalidParameterException;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Yaml\Yaml;
 use Themes\Rozier\Explorer\ConfigurableExplorerItem;
@@ -46,7 +46,7 @@ protected function getFieldConfiguration(NodeTypeField $nodeTypeField): array
             $nodeTypeField->getType() !== AbstractField::MANY_TO_MANY_T &&
             $nodeTypeField->getType() !== AbstractField::MANY_TO_ONE_T
         ) {
-            throw new InvalidParameterException('nodeTypeField is not a valid entity join.');
+            throw new BadRequestHttpException('nodeTypeField is not a valid entity join.');
         }
 
         $configs = [
@@ -63,11 +63,16 @@ public function indexAction(Request $request): JsonResponse
         $this->denyAccessUnlessGranted('ROLE_BACKEND_USER');
 
         if (!$request->query->has('nodeTypeFieldId')) {
-            throw new InvalidParameterException('nodeTypeFieldId parameter is missing.');
+            throw new BadRequestHttpException('nodeTypeFieldId parameter is missing.');
         }
 
-        /** @var NodeTypeField $nodeTypeField */
+        /** @var NodeTypeField|null $nodeTypeField */
         $nodeTypeField = $this->em()->find(NodeTypeField::class, $request->query->get('nodeTypeFieldId'));
+
+        if (null === $nodeTypeField) {
+            throw new BadRequestHttpException('nodeTypeField does not exist.');
+        }
+
         $configuration = $this->getFieldConfiguration($nodeTypeField);
         /** @var class-string<PersistableInterface> $className */
         $className = $configuration['classname'];
@@ -112,20 +117,25 @@ public function indexAction(Request $request): JsonResponse
     public function listAction(Request $request): JsonResponse
     {
         if (!$request->query->has('nodeTypeFieldId')) {
-            throw new InvalidParameterException('nodeTypeFieldId parameter is missing.');
+            throw new BadRequestHttpException('nodeTypeFieldId parameter is missing.');
         }
 
         if (!$request->query->has('ids')) {
-            throw new InvalidParameterException('Ids should be provided within an array');
+            throw new BadRequestHttpException('Ids should be provided within an array');
         }
 
         $this->denyAccessUnlessGranted('ROLE_BACKEND_USER');
 
         /** @var EntityManager $em */
         $em = $this->em();
 
-        /** @var NodeTypeField $nodeTypeField */
+        /** @var NodeTypeField|null $nodeTypeField */
         $nodeTypeField = $this->em()->find(NodeTypeField::class, $request->query->get('nodeTypeFieldId'));
+
+        if (null === $nodeTypeField) {
+            throw new BadRequestHttpException('nodeTypeField does not exist.');
+        }
+
         $configuration = $this->getFieldConfiguration($nodeTypeField);
         /** @var class-string<PersistableInterface> $className */
         $className = $configuration['classname'];