0001-api-raise-bad-request-on-unknown-filter-59224.patch
| tests/api/test_formdata.py | ||
|---|---|---|
| 766 | 766 |
get_app(pub).get(sign_uri('/api/forms/test/list?filter=all&limit=plop', user=local_user), status=400)
|
| 767 | 767 | |
| 768 | 768 | |
| 769 |
def test_api_list_formdata_unknown_filter(pub, local_user): |
|
| 770 |
pub.role_class.wipe() |
|
| 771 |
role = pub.role_class(name='test') |
|
| 772 |
role.store() |
|
| 773 | ||
| 774 |
local_user.roles = [role.id] |
|
| 775 |
local_user.store() |
|
| 776 | ||
| 777 |
FormDef.wipe() |
|
| 778 |
formdef = FormDef() |
|
| 779 |
formdef.name = 'test' |
|
| 780 |
formdef.workflow_roles = {'_receiver': role.id}
|
|
| 781 |
formdef.fields = [] |
|
| 782 |
formdef.store() |
|
| 783 | ||
| 784 |
data_class = formdef.data_class() |
|
| 785 |
data_class.wipe() |
|
| 786 |
for i in range(10): |
|
| 787 |
formdata = data_class() |
|
| 788 |
formdata.just_created() |
|
| 789 |
formdata.jump_status('new')
|
|
| 790 |
formdata.store() |
|
| 791 | ||
| 792 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list', user=local_user))
|
|
| 793 |
assert len(resp.json) == 10 |
|
| 794 | ||
| 795 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter-foobar=42', user=local_user), status=400)
|
|
| 796 |
assert resp.json['err_desc'] == 'Invalid filter "foobar"' |
|
| 797 | ||
| 798 |
resp = get_app(pub).get( |
|
| 799 |
sign_uri('/api/forms/test/list?filter-foobar=42&filter-baz=35', user=local_user), status=400
|
|
| 800 |
) |
|
| 801 |
assert resp.json['err_desc'] == 'Invalid filters "baz", "foobar"' |
|
| 802 | ||
| 803 | ||
| 769 | 804 |
def test_api_list_formdata_date_filter(pub, local_user): |
| 770 | 805 |
if not pub.is_using_postgresql(): |
| 771 | 806 |
pytest.skip('this requires SQL')
|
| wcs/backoffice/management.py | ||
|---|---|---|
| 1663 | 1663 |
else: |
| 1664 | 1664 |
request_form = {}
|
| 1665 | 1665 | |
| 1666 |
fake_fields_ids = [f.id for f in fake_fields] |
|
| 1667 |
filters_in_request = {
|
|
| 1668 |
k.replace('filter-', '')
|
|
| 1669 |
for k in filters_dict |
|
| 1670 |
if k.startswith('filter-') and not k.endswith('-value')
|
|
| 1671 |
} |
|
| 1672 |
filters_in_request = {
|
|
| 1673 |
f |
|
| 1674 |
for f in filters_in_request |
|
| 1675 |
if f not in fake_fields_ids + ['status', 'user-uuid', 'submission-agent-uuid'] |
|
| 1676 |
} |
|
| 1677 |
known_filters = set() |
|
| 1678 | ||
| 1666 | 1679 |
for filter_field in fake_fields + list(self.get_formdef_fields()): |
| 1667 | 1680 |
if filter_field.type not in self.get_filterable_field_types(): |
| 1668 | 1681 |
continue |
| ... | ... | |
| 1728 | 1741 |
# if there's a filter-%(id)s, it is used to enable the actual |
| 1729 | 1742 |
# filter, and the value will be found in filter-%s-value. |
| 1730 | 1743 |
filter_field_key = 'filter-%s-value' % filter_field.contextual_id |
| 1744 |
known_filters.add(filter_field.contextual_id) |
|
| 1745 |
else: |
|
| 1746 |
known_filters.add(filter_field.contextual_varname) |
|
| 1731 | 1747 | |
| 1732 | 1748 |
if not filter_field_key: |
| 1733 | 1749 |
# if there's not known filter key, skip. |
| ... | ... | |
| 1808 | 1824 |
elif filter_field.type == 'date': |
| 1809 | 1825 |
criterias.append(Equal('f%s' % filter_field.id, filter_field_value))
|
| 1810 | 1826 | |
| 1827 |
unknown_filters = sorted(filters_in_request - known_filters) |
|
| 1828 |
if unknown_filters: |
|
| 1829 |
error_message = ( |
|
| 1830 |
ngettext( |
|
| 1831 |
'Invalid filter "%(filters)s"', |
|
| 1832 |
'Invalid filters "%(filters)s"', |
|
| 1833 |
len(unknown_filters), |
|
| 1834 |
) |
|
| 1835 |
% {'filters': '", "'.join(f for f in unknown_filters)}
|
|
| 1836 |
) |
|
| 1837 |
raise RequestError(error_message) |
|
| 1838 | ||
| 1811 | 1839 |
return criterias |
| 1812 | 1840 | |
| 1813 | 1841 |
def listing_top_actions(self): |
| 1814 |
- |
|