Details
-
Bug
-
Resolution: Fixed
-
High
-
4.5.0, 4.4.1
-
Ibexa Experience
Description
Using PHP API
Ibexa\CorporateAccount\CompanyService::getCompany(int)
it's possible to load without errors a Content item which is not a Company. It crashes later on when trying to access Company-specific data.
The issue with that is that it's enough to load company using getCompany to be able to delete it via CompanyService::deleteCompany(Company).
This makes it high priority bug for REST as it's quite easy to input wrong ID using REST
DELETE /corporate/companies/{companyId} endpoint.
Actual behavior
It's possible to load and delete any Content using Corporate Account Companies PHP API.
Expected behavior
When trying to load (and thus also delete) a Content item which is not a Company, a PHP API InvalidArgumentException should be thrown.
Designs
Attachments
Issue Links
- discovered while testing
-
IBX-5069 Companies REST CRUD
- Closed