0001-api-raise-bad-request-on-unknown-filter-59224.patch
tests/api/test_formdata.py | ||
---|---|---|
766 | 766 |
get_app(pub).get(sign_uri('/api/forms/test/list?filter=all&limit=plop', user=local_user), status=400) |
767 | 767 | |
768 | 768 | |
769 |
def test_api_list_formdata_unknown_filter(pub, local_user): |
|
770 |
pub.role_class.wipe() |
|
771 |
role = pub.role_class(name='test') |
|
772 |
role.store() |
|
773 | ||
774 |
local_user.roles = [role.id] |
|
775 |
local_user.store() |
|
776 | ||
777 |
FormDef.wipe() |
|
778 |
formdef = FormDef() |
|
779 |
formdef.name = 'test' |
|
780 |
formdef.workflow_roles = {'_receiver': role.id} |
|
781 |
formdef.fields = [] |
|
782 |
formdef.store() |
|
783 | ||
784 |
data_class = formdef.data_class() |
|
785 |
data_class.wipe() |
|
786 |
for i in range(10): |
|
787 |
formdata = data_class() |
|
788 |
formdata.just_created() |
|
789 |
formdata.jump_status('new') |
|
790 |
formdata.store() |
|
791 | ||
792 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list', user=local_user)) |
|
793 |
assert len(resp.json) == 10 |
|
794 | ||
795 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter-foobar=42', user=local_user), status=400) |
|
796 |
assert resp.json['err_desc'] == 'Unknown field "foobar"' |
|
797 | ||
798 |
resp = get_app(pub).get( |
|
799 |
sign_uri('/api/forms/test/list?filter-foobar=42&filter-baz=35', user=local_user), status=400 |
|
800 |
) |
|
801 |
assert resp.json['err_desc'] == 'Unknown fields "baz", "foobar"' |
|
802 | ||
803 | ||
769 | 804 |
def test_api_list_formdata_date_filter(pub, local_user): |
770 | 805 |
if not pub.is_using_postgresql(): |
771 | 806 |
pytest.skip('this requires SQL') |
wcs/backoffice/management.py | ||
---|---|---|
1663 | 1663 |
else: |
1664 | 1664 |
request_form = {} |
1665 | 1665 | |
1666 |
fake_fields_ids = [f.id for f in fake_fields] |
|
1667 |
filters_in_request = { |
|
1668 |
k.replace('filter-', '') |
|
1669 |
for k in filters_dict |
|
1670 |
if k.startswith('filter-') and not k.endswith('-value') |
|
1671 |
} |
|
1672 |
filters_in_request = { |
|
1673 |
f |
|
1674 |
for f in filters_in_request |
|
1675 |
if f not in fake_fields_ids + ['status', 'user-uuid', 'submission-agent-uuid'] |
|
1676 |
} |
|
1677 |
known_filters = set() |
|
1678 | ||
1666 | 1679 |
for filter_field in fake_fields + list(self.get_formdef_fields()): |
1667 | 1680 |
if filter_field.type not in self.get_filterable_field_types(): |
1668 | 1681 |
continue |
... | ... | |
1728 | 1741 |
# if there's a filter-%(id)s, it is used to enable the actual |
1729 | 1742 |
# filter, and the value will be found in filter-%s-value. |
1730 | 1743 |
filter_field_key = 'filter-%s-value' % filter_field.contextual_id |
1744 |
known_filters.add(filter_field.contextual_id) |
|
1745 |
else: |
|
1746 |
known_filters.add(filter_field.contextual_varname) |
|
1731 | 1747 | |
1732 | 1748 |
if not filter_field_key: |
1733 | 1749 |
# if there's not known filter key, skip. |
... | ... | |
1808 | 1824 |
elif filter_field.type == 'date': |
1809 | 1825 |
criterias.append(Equal('f%s' % filter_field.id, filter_field_value)) |
1810 | 1826 | |
1827 |
unknown_filters = sorted(filters_in_request - known_filters) |
|
1828 |
if unknown_filters: |
|
1829 |
if len(unknown_filters) == 1: |
|
1830 |
raise RequestError('Unknown field "%s"' % unknown_filters[0]) |
|
1831 |
else: |
|
1832 |
raise RequestError('Unknown fields "%s"' % '", "'.join(f for f in unknown_filters)) |
|
1833 | ||
1811 | 1834 |
return criterias |
1812 | 1835 | |
1813 | 1836 |
def listing_top_actions(self): |
1814 |
- |