From 99111273e5f4b1e5b5f021590b8b0bf6cd71e224 Mon Sep 17 00:00:00 2001 From: Marcel Date: Mon, 8 Jun 2026 21:13:35 +0200 Subject: [PATCH] refactor(document): rename getSummaryById to findSummaryByIdInternal to signal scope-check bypass The method intentionally skips permission checks and tag-colour resolution. Renaming it to findSummaryByIdInternal makes the internal-only contract visible at every call site, closing the latent CWE-284 risk flagged in the PR review. Co-Authored-By: Claude Sonnet 4.6 --- .../org/raddatz/familienarchiv/document/DocumentService.java | 2 +- .../geschichte/journeyitem/JourneyItemService.java | 2 +- .../geschichte/journeyitem/JourneyItemServiceTest.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/src/main/java/org/raddatz/familienarchiv/document/DocumentService.java b/backend/src/main/java/org/raddatz/familienarchiv/document/DocumentService.java index dc4d70e4..66a56a22 100644 --- a/backend/src/main/java/org/raddatz/familienarchiv/document/DocumentService.java +++ b/backend/src/main/java/org/raddatz/familienarchiv/document/DocumentService.java @@ -1012,7 +1012,7 @@ public class DocumentService { * under the current single-tenant model where all authenticated users share * the same document scope. Called within a caller-provided transaction. */ - public Document getSummaryById(UUID id) { + public Document findSummaryByIdInternal(UUID id) { return documentRepository.findById(id) .orElseThrow(() -> DomainException.notFound(ErrorCode.DOCUMENT_NOT_FOUND, "Document not found: " + id)); } diff --git a/backend/src/main/java/org/raddatz/familienarchiv/geschichte/journeyitem/JourneyItemService.java b/backend/src/main/java/org/raddatz/familienarchiv/geschichte/journeyitem/JourneyItemService.java index 82d18816..f12a4593 100644 --- a/backend/src/main/java/org/raddatz/familienarchiv/geschichte/journeyitem/JourneyItemService.java +++ b/backend/src/main/java/org/raddatz/familienarchiv/geschichte/journeyitem/JourneyItemService.java @@ -70,7 +70,7 @@ public class JourneyItemService { Document doc = null; if (dto.getDocumentId() != null) { - doc = documentService.getSummaryById(dto.getDocumentId()); + doc = documentService.findSummaryByIdInternal(dto.getDocumentId()); } int nextPosition = journeyItemRepository.findMaxPositionByGeschichteId(geschichteId) diff --git a/backend/src/test/java/org/raddatz/familienarchiv/geschichte/journeyitem/JourneyItemServiceTest.java b/backend/src/test/java/org/raddatz/familienarchiv/geschichte/journeyitem/JourneyItemServiceTest.java index d7b31be7..91a51c93 100644 --- a/backend/src/test/java/org/raddatz/familienarchiv/geschichte/journeyitem/JourneyItemServiceTest.java +++ b/backend/src/test/java/org/raddatz/familienarchiv/geschichte/journeyitem/JourneyItemServiceTest.java @@ -240,7 +240,7 @@ class JourneyItemServiceTest { Geschichte journey = journey(geschichteId); when(geschichteQueryService.findById(geschichteId)).thenReturn(Optional.of(journey)); when(journeyItemRepository.countByGeschichteId(geschichteId)).thenReturn(0L); - when(documentService.getSummaryById(docId)) + when(documentService.findSummaryByIdInternal(docId)) .thenThrow(DomainException.notFound(ErrorCode.DOCUMENT_NOT_FOUND, "not found")); JourneyItemCreateDTO dto = new JourneyItemCreateDTO();