From 5ee8161e1c3fcefa0cc54144d31184ca31750452 Mon Sep 17 00:00:00 2001
From: Yannick Warnier <ywarnier@beeznest.org>
Date: Tue, 26 Sep 2023 01:00:52 +0200
Subject: [PATCH] Webservice: Add error message to add_group_sub_user if user
 or group ID not defined - refs BT#20460

---
 main/inc/lib/usergroup.lib.php    | 29 +++++++++++++++++++++++++++++
 main/inc/lib/webservices/Rest.php |  4 ++++
 main/webservices/api/v2.php       |  6 ++++++
 3 files changed, 39 insertions(+)

diff --git a/main/inc/lib/usergroup.lib.php b/main/inc/lib/usergroup.lib.php
index 38122404d5..1e6be30c3d 100755
--- a/main/inc/lib/usergroup.lib.php
+++ b/main/inc/lib/usergroup.lib.php
@@ -3395,4 +3395,33 @@ class UserGroup extends Model
 
         return Database::store_result($result, 'ASSOC');
     }
+
+    /**
+     * Check the given ID matches an existing group
+     * @param int $groupId
+     * @return bool
+     */
+    public function groupExists(int $groupId) {
+        $sql = "SELECT id FROM ".$this->table. " WHERE id = ".$groupId;
+        $result = Database::query($sql);
+        if (Database::num_rows($result) === 1) {
+            return true;
+        }
+
+        return false;
+    }
+    /**
+     * Check the given ID matches an existing user
+     * @param int $userId
+     * @return bool
+     */
+    public function userExists(int $userId) {
+        $sql = "SELECT id FROM ".$this->table_user. " WHERE id = ".$userId;
+        $result = Database::query($sql);
+        if (Database::num_rows($result) === 1) {
+            return true;
+        }
+
+        return false;
+    }
 }
diff --git a/main/inc/lib/webservices/Rest.php b/main/inc/lib/webservices/Rest.php
index 31b75c8659..616a65fbf3 100644
--- a/main/inc/lib/webservices/Rest.php
+++ b/main/inc/lib/webservices/Rest.php
@@ -4087,6 +4087,10 @@ class Rest extends WebService
     {
         $userGroup = new UserGroup();
 
+        if (!$userGroup->groupExists($groupId) or !$userGroup->userExists($userId)) {
+            throw new Exception('user_id or group_id does not exist');
+        }
+
         return [$userGroup->add_user_to_group($userId, $groupId, $relationType)];
     }
 
diff --git a/main/webservices/api/v2.php b/main/webservices/api/v2.php
index dcd13d47a7..2e6232a17a 100644
--- a/main/webservices/api/v2.php
+++ b/main/webservices/api/v2.php
@@ -914,6 +914,12 @@ try {
         case Rest::ADD_GROUP_SUB_USER:
             $groupId = (int) $_POST['group_id'];
             $userId = (int) $_POST['user_id'];
+            if (empty($userId)) {
+                throw new Exception('user_id not provided');
+            }
+            if (empty($groupId)) {
+                throw new Exception('group_id not provided');
+            }
             $role = 2;
             if (isset($_POST['role'])) {
                 $role = (int) $_POST['role'];