Webservice: Add error message to add_group_sub_user if user or group ID not defined - refs BT#20460

main/inc/lib/usergroup.lib.php

@@ -3395,4 +3395,33 @@ class UserGroup extends Model
 
         return Database::store_result($result, 'ASSOC');
     }
+
+    /**
+     * Check the given ID matches an existing group
+     * @param int $groupId
+     * @return bool
+     */
+    public function groupExists(int $groupId) {
+        $sql = "SELECT id FROM ".$this->table. " WHERE id = ".$groupId;
+        $result = Database::query($sql);
+        if (Database::num_rows($result) === 1) {
+            return true;
+        }
+
+        return false;
+    }
+    /**
+     * Check the given ID matches an existing user
+     * @param int $userId
+     * @return bool
+     */
+    public function userExists(int $userId) {
+        $sql = "SELECT id FROM ".$this->table_user. " WHERE id = ".$userId;
+        $result = Database::query($sql);
+        if (Database::num_rows($result) === 1) {
+            return true;
+        }
+
+        return false;
+    }
 }

main/inc/lib/webservices/Rest.php

@@ -4087,6 +4087,10 @@ class Rest extends WebService
     {
         $userGroup = new UserGroup();
 
+        if (!$userGroup->groupExists($groupId) or !$userGroup->userExists($userId)) {
+            throw new Exception('user_id or group_id does not exist');
+        }
+
         return [$userGroup->add_user_to_group($userId, $groupId, $relationType)];
     }
 

main/webservices/api/v2.php

@@ -914,6 +914,12 @@ try {
         case Rest::ADD_GROUP_SUB_USER:
             $groupId = (int) $_POST['group_id'];
             $userId = (int) $_POST['user_id'];
+            if (empty($userId)) {
+                throw new Exception('user_id not provided');
+            }
+            if (empty($groupId)) {
+                throw new Exception('group_id not provided');
+            }
             $role = 2;
             if (isset($_POST['role'])) {
                 $role = (int) $_POST['role'];