0001-api-check-limit-offset-parameters-are-valid-28773.patch
tests/test_api.py | ||
---|---|---|
1550 | 1550 |
resp_partial_ids.extend([x.get('id') for x in resp.json]) |
1551 | 1551 |
assert resp_all_ids == resp_partial_ids |
1552 | 1552 | |
1553 |
# check error handling |
|
1554 |
get_app(pub).get(sign_uri('/api/forms/test/list?filter=all&offset=plop', user=local_user), status=400) |
|
1555 |
get_app(pub).get(sign_uri('/api/forms/test/list?filter=all&limit=plop', user=local_user), status=400) |
|
1556 | ||
1553 | 1557 |
def test_api_anonymized_formdata(pub, local_user, admin_user): |
1554 | 1558 |
Role.wipe() |
1555 | 1559 |
role = Role(name='test') |
... | ... | |
1845 | 1849 |
resp = get_app(pub).get(sign_uri('/api/forms/?status=done', user=local_user)) |
1846 | 1850 |
assert len(resp.json['data']) == 20 |
1847 | 1851 | |
1852 |
# check limit/offset |
|
1853 |
resp = get_app(pub).get(sign_uri('/api/forms/?status=done&limit=5', user=local_user)) |
|
1854 |
assert len(resp.json['data']) == 5 |
|
1855 |
resp = get_app(pub).get(sign_uri('/api/forms/?status=done&offset=5&limit=5', user=local_user)) |
|
1856 |
assert len(resp.json['data']) == 5 |
|
1857 |
resp = get_app(pub).get(sign_uri('/api/forms/?status=done&offset=18&limit=5', user=local_user)) |
|
1858 |
assert len(resp.json['data']) == 2 |
|
1859 | ||
1860 |
# check error handling |
|
1861 |
get_app(pub).get(sign_uri('/api/forms/?status=done&limit=plop', user=local_user), status=400) |
|
1862 |
get_app(pub).get(sign_uri('/api/forms/?status=done&offset=plop', user=local_user), status=400) |
|
1863 | ||
1848 | 1864 |
def test_api_global_listing_ignored_roles(pub, local_user): |
1849 | 1865 |
test_api_global_listing(pub, local_user) |
1850 | 1866 |
wcs/api.py | ||
---|---|---|
28 | 28 |
from qommon import misc |
29 | 29 |
from qommon.evalutils import make_datetime |
30 | 30 |
from qommon.errors import (AccessForbiddenError, QueryError, TraversalError, |
31 |
UnknownNameIdAccessForbiddenError) |
|
31 |
UnknownNameIdAccessForbiddenError, RequestError)
|
|
32 | 32 |
from qommon.form import ComputedExpressionWidget, ConditionWidget |
33 | 33 | |
34 | 34 |
from wcs.categories import Category |
... | ... | |
213 | 213 |
roles_criterias = criterias |
214 | 214 |
criterias = management_directory.get_global_listing_criterias(ignore_user_roles=True) |
215 | 215 | |
216 |
limit = int(get_request().form.get('limit', |
|
217 |
get_publisher().get_site_option('default-page-size') or 20)) |
|
218 |
offset = int(get_request().form.get('offset', 0)) |
|
216 |
try: |
|
217 |
limit = int(get_request().form.get('limit', |
|
218 |
get_publisher().get_site_option('default-page-size') or 20)) |
|
219 |
except ValueError: |
|
220 |
raise RequestError('invalid limit parameter') |
|
221 |
try: |
|
222 |
offset = int(get_request().form.get('offset', 0)) |
|
223 |
except ValueError: |
|
224 |
raise RequestError('invalid offset parameter') |
|
219 | 225 |
order_by = get_request().form.get('order_by', |
220 | 226 |
get_publisher().get_site_option('default-sort-order') or '-receipt_time') |
221 | 227 |
wcs/backoffice/management.py | ||
---|---|---|
1610 | 1610 |
query = get_request().form.get('q') if not anonymise else None |
1611 | 1611 |
offset = None |
1612 | 1612 |
if 'offset' in get_request().form: |
1613 |
offset = int(get_request().form['offset']) |
|
1613 |
try: |
|
1614 |
offset = int(get_request().form['offset']) |
|
1615 |
except ValueError: |
|
1616 |
raise errors.RequestError('invalid offset parameter') |
|
1614 | 1617 |
limit = None |
1615 | 1618 |
if 'limit' in get_request().form: |
1616 |
limit = int(get_request().form['limit']) |
|
1619 |
try: |
|
1620 |
limit = int(get_request().form['limit']) |
|
1621 |
except ValueError: |
|
1622 |
raise errors.RequestError('invalid limit parameter') |
|
1617 | 1623 |
items, total_count = FormDefUI(self.formdef).get_listing_items( |
1618 | 1624 |
selected_filter, user=user, query=query, criterias=criterias, |
1619 | 1625 |
order_by=order_by, anonymise=anonymise, offset=offset, limit=limit) |
1620 |
- |