From cd36887df639f4860d44e3edb3fd6adf16fe5bac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Wed, 6 Mar 2019 10:21:29 +0100
Subject: [PATCH] api: return an error when number of requested places is <= 0
 (#31047)

---
 chrono/api/views.py |  6 ++++++
 tests/test_api.py   | 10 ++++++++++
 2 files changed, 16 insertions(+)

diff --git a/chrono/api/views.py b/chrono/api/views.py
index 7ba507db..60ca4a1a 100644
--- a/chrono/api/views.py
+++ b/chrono/api/views.py
@@ -370,6 +370,12 @@ class Fillslots(APIView):
         else:
             places_count = 1
 
+        if places_count <= 0:
+            return Response({
+                'err': 1,
+                'reason': 'count cannot be less than or equal to zero'
+            }, status=status.HTTP_400_BAD_REQUEST)
+
         extra_data = {}
         for k, v in request.data.items():
             if k not in serializer.validated_data:
diff --git a/tests/test_api.py b/tests/test_api.py
index e910df48..3779dea0 100644
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -926,6 +926,16 @@ def test_multiple_booking_api(app, some_data, user):
     assert resp.json['err'] == 1
     assert resp.json['reason'] == "invalid value for count (NaN)"
 
+    app.authorization = ('Basic', ('john.doe', 'password'))
+    resp = app.post('/api/agenda/%s/fillslot/%s/?count=0' % (agenda.slug, event.id), status=400)
+    assert resp.json['err'] == 1
+    assert resp.json['reason'] == "count cannot be less than or equal to zero"
+
+    app.authorization = ('Basic', ('john.doe', 'password'))
+    resp = app.post('/api/agenda/%s/fillslot/%s/?count=-3' % (agenda.slug, event.id), status=400)
+    assert resp.json['err'] == 1
+    assert resp.json['reason'] == "count cannot be less than or equal to zero"
+
     resp = app.post('/api/agenda/%s/fillslot/%s/?count=3' % (agenda.slug, event.id))
     Booking.objects.get(id=resp.json['booking_id'])
     assert resp.json['datetime'] == localtime(event.start_datetime).isoformat()