[FENIX-39] check criteria's subqueries authorized keys

18e1cc55 · Mounir Nayab · Hicham Barhoumi · 26447150 · 18e1cc55
Commit 18e1cc55 authored 4 years ago by Mounir Nayab Committed by Hicham Barhoumi 4 years ago
--- a/commons/commons-api/src/main/java/fr/gouv/vitamui/commons/api/utils/CriteriaUtils.java
+++ b/commons/commons-api/src/main/java/fr/gouv/vitamui/commons/api/utils/CriteriaUtils.java
@@ -131,6 +131,7 @@ public final class CriteriaUtils {
                throw new ForbiddenException("Criterion with key : " + criterion.getKey() + " is not allowed");
            }
        });
+        criteriaDto.getSubQueries().forEach(queryDto -> checkContainsAuthorizedKeys(queryDto, allowedKeys));
    }

    public static QueryDto fromJson(final String criteriaJson) {