0032835: REST API errors when attempting to add or delete issue relationships - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0032835	mantisbt	api rest	public	2023-08-18 08:54	2023-10-31 16:32

Reporter	dregad	Assigned To	dregad
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	2.11.0
Target Version	2.25.8	Fixed in Version	2.26.0

Summary	0032835: REST API errors when attempting to add or delete issue relationships
Description	The API endpoint incorrectly returns HTTP 200 status code with an HTML body, when attempting to delete a non-existing relationship, depending on $g_display_errors settings: PHP Warning `DELETE http://example.com/mantis/api/rest/issues/1/relationships/999999` Warning: Attempt to read property "src_bug_id" on null in .../core/relationship_api.php on line 598 an existing relationship not linked to the given (existing) issue `DELETE http://example.com/mantis/api/rest/issues/1/relationships/2` Fatal error: 1802 in .../core/relationship_api.php on line 629 Partial stack trace `37 0.0597 1703056 Command->execute( ) .../issues_rest.php:378 38 0.0597 1703432 IssueRelationshipDeleteCommand->validate( ) .../Command.php:136 39 0.0609 1708800 relationship_get_linked_bug_id( $p_relationship_id = 2, $p_bug_id = 1 ) .../IssueRelationshipDeleteCommand.php:86 40 0.0610 1709400 trigger_error( $message = 1802, $error_level = 256 ) .../relationship_api.php:629` add a relationship with an invalid type id (e.g. `-1`) `POST http://localhost/mantis/api/rest/issues/1/relationships { "issue": {"id": 2}, "type": {"id": -1} }` Warning: Undefined array key -1 in .../core/relationship_api.php on line 235 It appears that these problems are present since the original implementation (see 0023868)
Tags	No tags attached.

MantisBT: master 9d4a140f 2023-08-18 11:18 dregad Details Diff	relationship_get() throw Exception if not found Until now, when the given $p_relationship_id did not exist, the function would just return null. This caused REST API DELETE /{id}/relationships/{relationship_id} endpoint to return HTTP 200 despite actually failing due to a PHP Warning: Attempt to read property "src_bug_id" on null in ./core/relationship_api.php on line 598 relationship_get() now throws a ClientException instead, and API returns a 404. Fixes 0032835		Affected Issues 0032835
	mod - core/relationship_api.php		Diff File
MantisBT: master 60667b21 2023-08-18 11:28 dregad Details Diff	Throw Exception instead of calling trigger_error() Ensures expected failure behavior from REST API when attempting to delete an existing relationship not linked to the given (existing) issue. Fixes 0032835		Affected Issues 0032835
	mod - core/relationship_api.php		Diff File
MantisBT: master 957ef4ff 2023-08-18 19:20 dregad Details Diff	Exception if relationship type id does not exist IssueRelationshipAddCommand checks for invalid relationship name in the payload, but lacks the same check when using a relationship id. This lets the API create invalid relationships that can't be deleted and cause errors when viewing the related Issues in the GUI. Also changed the error code used for invalid rel type, to make it consistent with invalid rel name. Fixes 0032835		Affected Issues 0032835
	mod - core/commands/IssueRelationshipAddCommand.php		Diff File
	mod - core/relationship_api.php		Diff File
MantisBT: master 0adab695 2023-08-18 19:28 dregad Details Diff	Add PHPUnit test for REST Issue Relationships Fixes 0032835		Affected Issues 0032835
	add - tests/rest/RestIssueRelationshipsTest.php		Diff File