Prevent aliases from being deleted if they are in use

jaredhendrickson13 · jaredhendrickson13 · commit caf853037610 · 2020-12-26T15:06:48.000-07:00
diff --git a/pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc b/pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc
@@ -1530,13 +1530,19 @@ function get($id, $data=[], $all=false) {
             "status" => "bad request",
             "code" => 400,
             "return" => $id,
-            "message" => "Alias details cannot contain more items than alias addresses"
+            "message" => "Firewall alias details cannot contain more items than alias addresses"
         ],
         4107 => [
             "status" => "bad request",
             "code" => 400,
             "return" => $id,
-            "message" => "Alias type cannot be changed while in use"
+            "message" => "Firewall alias type cannot be changed while in use"
+        ],
+        4108 => [
+            "status" => "bad request",
+            "code" => 400,
+            "return" => $id,
+            "message" => "Firewall alias cannot be deleted while in use"
         ],
 
         //5000-5999 reserved for /users API calls
diff --git a/pfSense-pkg-API/files/etc/inc/api/models/APIFirewallAliasDelete.inc b/pfSense-pkg-API/files/etc/inc/api/models/APIFirewallAliasDelete.inc
@@ -40,8 +40,13 @@ class APIFirewallAliasDelete extends APIModel {
             foreach ($this->config["aliases"]["alias"] as $id=>$alias) {
                 # First check if the ID matches the index value or the alias name
                 if ($this->initial_data["id"] === $id or $this->initial_data["id"] === $alias["name"]) {
-                    $this->id = $id;
-                    $this->validated_data = $alias;
+                    # Only allow deletion if the firewall alias is not in use.
+                    if (!APITools\alias_in_use($alias["name"])) {
+                        $this->id = $id;
+                        $this->validated_data = $alias;
+                    } else {
+                        $this->errors[] = APIResponse\get(4108);
+                    }
                     break;
                 }
             }
diff --git a/tests/test_api_v1_firewall_alias.py b/tests/test_api_v1_firewall_alias.py
@@ -45,7 +45,7 @@ class APIUnitTestFirewallAlias(unit_test_framework.APIUnitTest):
         {
             "id": "RFC1918",
             "name": "UPDATED_RFC1918",
-            "type": "port",
+            "type": "network",
             "descr": "Updated Unit Test",
             "address": ["10.0.0.0/32", "172.16.0.0/32", "192.168.0.0/32"],
             "detail": ["New Class A", "New Class B", "New Class C"]
diff --git a/tests/test_api_v1_firewall_rule.py b/tests/test_api_v1_firewall_rule.py
@@ -38,9 +38,9 @@ class APIUnitTestFirewallRule(unit_test_framework.APIUnitTest):
             "ipprotocol": "inet",
             "protocol": "tcp/udp",
             "src": "172.16.77.125",
-            "srcport": "any",
+            "srcport": "HTTP",
             "dst": "127.0.0.1",
-            "dstport": "8443",
+            "dstport": "HTTP",
             "descr": "Updated Unit test",
             "top": True
         }

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ class APIUnitTestFirewallAlias(unit_test_framework.APIUnitTest):`
`45`	`45`	`{`
`46`	`46`	`"id": "RFC1918",`
`47`	`47`	`"name": "UPDATED_RFC1918",`
`48`		`- "type": "port",`
	`48`	`+ "type": "network",`
`49`	`49`	`"descr": "Updated Unit Test",`
`50`	`50`	`"address": ["10.0.0.0/32", "172.16.0.0/32", "192.168.0.0/32"],`
`51`	`51`	`"detail": ["New Class A", "New Class B", "New Class C"]`