2026-05-08 15:56:54 +02:00
2 changed files with 14 additions and 1 deletions
--- a/backend/src/main/java/org/raddatz/familienarchiv/person/PersonController.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/person/PersonController.java
@@ -40,7 +40,8 @@ public class PersonController {
            @RequestParam(required = false, defaultValue = "0") int size,
            @RequestParam(required = false) String sort) {
        if ("documentCount".equals(sort) && size > 0 && q == null) {
-            return ResponseEntity.ok(personService.findTopByDocumentCount(size));
+            int safeSize = Math.min(size, 50);
+            return ResponseEntity.ok(personService.findTopByDocumentCount(safeSize));
        }
        return ResponseEntity.ok(personService.findAll(q));
    }
--- a/backend/src/test/java/org/raddatz/familienarchiv/person/PersonControllerTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/person/PersonControllerTest.java
@@ -92,6 +92,18 @@ class PersonControllerTest {
                .andExpect(jsonPath("$[0].firstName").value("Käthe"));
    }

+    @Test
+    @WithMockUser(authorities = "READ_ALL")
+    void getPersons_capsTopByDocumentCount_atFifty() throws Exception {
+        ArgumentCaptor<Integer> sizeCaptor = ArgumentCaptor.forClass(Integer.class);
+        when(personService.findTopByDocumentCount(sizeCaptor.capture())).thenReturn(Collections.emptyList());
+
+        mockMvc.perform(get("/api/persons").param("sort", "documentCount").param("size", "999"))
+                .andExpect(status().isOk());
+
+        assertThat(sizeCaptor.getValue()).isEqualTo(50);
+    }
+
    private PersonSummaryDTO mockPersonSummary(String firstName, String lastName) {
        return new PersonSummaryDTO() {
            public java.util.UUID getId() { return UUID.randomUUID(); }