@@ -319,7 +319,11 @@ else if (method.startsWith("delete")){
319319 * support CRUD operations. This is a protected method that extending
320320 * classes can override to apply custom filters or add constraints when
321321 * retrieving objects from the database. This method is called whenever an
322- * HTTP GET, POST, or DELETE request is made for a Model.
322+ * HTTP GET, POST, or DELETE request is made for a Model. It is perfectly
323+ * acceptable to throw exceptions when overriding this method. When
324+ * throwing exceptions, an IllegalArgumentException will return a HTTP 400
325+ * error to the client and a SecurityException will return a 403 error. All
326+ * other exceptions will return a 500 error.
323327 * @param op Operation that is requesting the Recordset. Options include
324328 * "list, "get", "save", and "delete".
325329 * @param c The Model (Java class) associated with the request.
@@ -646,7 +650,7 @@ private ServiceResponse save(Class c, ServiceRequest request, Database database)
646650
647651
648652
649- //Reparse json
653+ //Reparse json (json may have changed in getRecordset)
650654 json = request .getJson ();
651655 id = json .get ("id" ).toLong ();
652656 isNew = id ==null ;
@@ -701,15 +705,21 @@ private ServiceResponse delete(Class c, ServiceRequest request, Database databas
701705 try (Connection conn = database .getConnection ()){
702706
703707 //Apply filter
704- Long id = null ;
708+ Long id = request . getID () ;
705709 try (Recordset rs = getRecordset (request , "delete" , c ,
706710 "select id from " + getTableName (c .newInstance ()) +
707- " where id=" + request .getID (), conn )){
708- if (!rs .EOF ) id = rs .getValue (0 ).toLong ();
711+ " where id=" + id , conn )){
712+ if (rs .EOF ) id = null ;
713+ else id = rs .getValue ("id" ).toLong ();
709714 }
710715 if (id ==null ) return new ServiceResponse (404 );
711716
712717
718+ //Reparse request to get ID (id may have changed in getRecordset)
719+ Long newID = request .getParameter ("id" ).toLong ();
720+ if (newID !=null ) id = newID ;
721+
722+
713723 //Create new instance of the class
714724 Object obj = newInstance (c , id );
715725
@@ -890,7 +900,9 @@ private String getWhere(ServiceRequest request, HashMap<String, Object> tablesAn
890900 String v = item .getValue ().toString ();
891901
892902 if (v !=null && stringFields .contains (fieldName )){
893- v = "'" + v .replace ("'" ,"''" ) + "'" ;
903+ if (!(v .startsWith ("'" ) && v .endsWith ("'" ))){
904+ v = "'" + v .replace ("'" ,"''" ) + "'" ;
905+ }
894906 }
895907
896908 arr .add ("(" + tableName + "." + columnName + " " + op + " " + v + ")" );
@@ -922,6 +934,9 @@ private ServiceResponse getServiceResponse(Exception e){
922934 else if (e instanceof SecurityException ){
923935 return new ServiceResponse (403 , "Not Authorized" );
924936 }
937+ else if (e instanceof IllegalArgumentException ){
938+ return new ServiceResponse (400 , e .getMessage ());
939+ }
925940 else {
926941 return new ServiceResponse (e );
927942 }
0 commit comments