diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/FeedRepository.java b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/FeedRepository.java index f667e98a78d..99c6af8b58c 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/FeedRepository.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/FeedRepository.java @@ -280,6 +280,7 @@ public class FeedRepository { private Thread createThread(ThreadContext threadContext) { Thread thread = threadContext.getThread(); if (thread.getType() == ThreadType.Task) { + validateAssignee(thread); thread.getTask().withId(getNextTaskId()); } else if (thread.getType() == ThreadType.Announcement) { // Validate start and end time for announcement @@ -756,6 +757,30 @@ public class FeedRepository { } } + private void validateAssignee(Thread thread) { + if (thread != null && ThreadType.Task.equals(thread.getType())) { + List assignees = thread.getTask().getAssignees(); + + // Assignees can only be user or teams + assignees.forEach( + assignee -> { + if (!assignee.getType().equals(Entity.USER) && !assignee.getType().equals(Entity.TEAM)) { + throw new IllegalArgumentException("Assignees can only be user or teams"); + } + }); + + for (EntityReference ref : assignees) { + EntityRepository repository = Entity.getEntityRepository(ref.getType()); + if (ref.getType().equals(USER)) { + User user = (User) repository.get(null, ref.getId(), repository.getFields("id")); + if (Boolean.TRUE.equals(user.getIsBot())) { + throw new IllegalArgumentException("Assignees can not be bot"); + } + } + } + } + } + private void restorePatchAttributes(Thread original, Thread updated) { // Patch can't make changes to following fields. Ignore the changes updated.withId(original.getId()).withAbout(original.getAbout()).withType(original.getType());