Explorer should allow starting from '/'

adamretter · adamretter · commit c44dc560c2df · 2020-08-23T13:41:17.000+02:00
diff --git a/src/main/xar-resources/api.xqm b/src/main/xar-resources/api.xqm
@@ -76,23 +76,29 @@ declare
     %rest:produces("application/json")
     %output:method("json")
 function api:explorer($uri) {
-    api:with-valid-uri-ex($uri, function($uri) {
+    if (count($uri) eq 1 and ($uri[1] = ("/", "/db") or fn:starts-with($uri[1], "/db/")))
+    then
         if (sm:has-access($uri, "r-x"))
         then
-            [
-                (),
+            api:cors-allow(
                 exp:describe($uri)
-            ]
+            )
         else
-        [
+            api:cors-allow(
+                map {
+                    "code": $hsc:forbidden,
+                    "reason": "User: " || (sm:id()//sm:username)[1] || " is not permitted to access: " || $uri
+                },
+                ()
+            )
+    else
+        api:cors-allow(
             map {
-                "code": $hsc:forbidden,
-                "reason": "User: " || (sm:id()//sm:username)[1] || " is not permitted to access: " || $uri
+                "code": $hsc:bad-request,
+                "reason": "URI must start / or /db"
             },
             ()
-        ]
-
-    })
+        )
 };
 
 declare
diff --git a/src/test/java/com/fusiondb/studio/api/ExplorerIT.java b/src/test/java/com/fusiondb/studio/api/ExplorerIT.java
@@ -22,13 +22,22 @@
 import static com.fusiondb.studio.api.API.getApiBaseUri;
 import static io.restassured.RestAssured.when;
 import static io.restassured.module.jsv.JsonSchemaValidator.matchesJsonSchemaInClasspath;
-import static org.apache.http.HttpStatus.SC_FORBIDDEN;
-import static org.apache.http.HttpStatus.SC_OK;
+import static org.apache.http.HttpStatus.*;
 
 public class ExplorerIT {
 
     @Test
     public void root() {
+        when().
+                get(getApiBaseUri() + "/explorer?uri=/").
+        then().
+                statusCode(SC_OK).
+        assertThat().
+                body(matchesJsonSchemaInClasspath("explorer-schema.json"));
+    }
+
+    @Test
+    public void db() {
         when().
                 get(getApiBaseUri() + "/explorer?uri=/db").
         then().
@@ -37,6 +46,14 @@ public void root() {
                 body(matchesJsonSchemaInClasspath("explorer-schema.json"));
     }
 
+    @Test
+    public void invalidUri() {
+        when().
+                get(getApiBaseUri() + "/explorer?uri=/invalid").
+        then().
+                statusCode(SC_BAD_REQUEST);
+    }
+
     /**
      * Attempt to access a non-public Collection as guest user.
      */
