Projet

Général

Profil

0001-api-raise-bad-request-on-unknown-filter-59224.patch

Lauréline Guérin, 11 janvier 2022 14:32

Télécharger (3,96 ko)

Voir les différences:

Subject: [PATCH 1/2] api: raise bad request on unknown filter (#59224)

 tests/api/test_formdata.py   | 35 +++++++++++++++++++++++++++++++++++
 wcs/backoffice/management.py | 23 +++++++++++++++++++++++
 2 files changed, 58 insertions(+)
tests/api/test_formdata.py
766 766
    get_app(pub).get(sign_uri('/api/forms/test/list?filter=all&limit=plop', user=local_user), status=400)
767 767

  
768 768

  
769
def test_api_list_formdata_unknown_filter(pub, local_user):
770
    pub.role_class.wipe()
771
    role = pub.role_class(name='test')
772
    role.store()
773

  
774
    local_user.roles = [role.id]
775
    local_user.store()
776

  
777
    FormDef.wipe()
778
    formdef = FormDef()
779
    formdef.name = 'test'
780
    formdef.workflow_roles = {'_receiver': role.id}
781
    formdef.fields = []
782
    formdef.store()
783

  
784
    data_class = formdef.data_class()
785
    data_class.wipe()
786
    for i in range(10):
787
        formdata = data_class()
788
        formdata.just_created()
789
        formdata.jump_status('new')
790
        formdata.store()
791

  
792
    resp = get_app(pub).get(sign_uri('/api/forms/test/list', user=local_user))
793
    assert len(resp.json) == 10
794

  
795
    resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter-foobar=42', user=local_user), status=400)
796
    assert resp.json['err_desc'] == 'Unknown field "foobar"'
797

  
798
    resp = get_app(pub).get(
799
        sign_uri('/api/forms/test/list?filter-foobar=42&filter-baz=35', user=local_user), status=400
800
    )
801
    assert resp.json['err_desc'] == 'Unknown fields "baz", "foobar"'
802

  
803

  
769 804
def test_api_list_formdata_date_filter(pub, local_user):
770 805
    if not pub.is_using_postgresql():
771 806
        pytest.skip('this requires SQL')
wcs/backoffice/management.py
1663 1663
        else:
1664 1664
            request_form = {}
1665 1665

  
1666
        fake_fields_ids = [f.id for f in fake_fields]
1667
        filters_in_request = {
1668
            k.replace('filter-', '')
1669
            for k in filters_dict
1670
            if k.startswith('filter-') and not k.endswith('-value')
1671
        }
1672
        filters_in_request = {
1673
            f
1674
            for f in filters_in_request
1675
            if f not in fake_fields_ids + ['status', 'user-uuid', 'submission-agent-uuid']
1676
        }
1677
        known_filters = set()
1678

  
1666 1679
        for filter_field in fake_fields + list(self.get_formdef_fields()):
1667 1680
            if filter_field.type not in self.get_filterable_field_types():
1668 1681
                continue
......
1728 1741
                # if there's a filter-%(id)s, it is used to enable the actual
1729 1742
                # filter, and the value will be found in filter-%s-value.
1730 1743
                filter_field_key = 'filter-%s-value' % filter_field.contextual_id
1744
                known_filters.add(filter_field.contextual_id)
1745
            else:
1746
                known_filters.add(filter_field.contextual_varname)
1731 1747

  
1732 1748
            if not filter_field_key:
1733 1749
                # if there's not known filter key, skip.
......
1808 1824
            elif filter_field.type == 'date':
1809 1825
                criterias.append(Equal('f%s' % filter_field.id, filter_field_value))
1810 1826

  
1827
        unknown_filters = sorted(filters_in_request - known_filters)
1828
        if unknown_filters:
1829
            if len(unknown_filters) == 1:
1830
                raise RequestError('Unknown field "%s"' % unknown_filters[0])
1831
            else:
1832
                raise RequestError('Unknown fields "%s"' % '", "'.join(f for f in unknown_filters))
1833

  
1811 1834
        return criterias
1812 1835

  
1813 1836
    def listing_top_actions(self):
1814
-