From 3e9763372368530f846eaf5c81371f4c2485aca4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Sat, 11 Jul 2020 22:50:21 +0200
Subject: [PATCH] dashboard: raise on missing parameters in auto-tile (#45053)

---
 combo/apps/dashboard/views.py | 8 +++++---
 tests/test_dashboard.py       | 6 ++++++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/combo/apps/dashboard/views.py b/combo/apps/dashboard/views.py
index 7d24e7dc..460693fe 100644
--- a/combo/apps/dashboard/views.py
+++ b/combo/apps/dashboard/views.py
@@ -21,7 +21,7 @@ from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import PermissionDenied
 from django.urls import reverse
 from django.db.models import Max, Min
-from django.http import Http404, HttpResponse, HttpResponseRedirect
+from django.http import Http404, HttpResponse, HttpResponseBadRequest, HttpResponseRedirect
 from django.utils.encoding import force_text
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import View
@@ -116,11 +116,13 @@ def dashboard_auto_tile(request, *args, **kwargs):
             page_id=dashboard.page_id, placeholder='_auto_tile')
 
     # only keep parameters that are actually defined for this cell type.
-    cell_form_keys = [x['varname'] for x in settings.JSON_CELL_TYPES[cell.key].get('form') or {}]
     cell.parameters = {}
     request_body = json.loads(force_text(request.body))
-    for key in cell_form_keys:
+    for field in settings.JSON_CELL_TYPES[cell.key].get('form') or []:
+        key = field['varname']
         cell.parameters[key] = request_body.get(key)
+        if cell.parameters[key] is None and field.get('required', True):
+            return HttpResponseBadRequest('missing key: %s' % key)
 
     # save cell so it can be reused later, for example to be added to
     # dashboard, or to be used as reference in another page, etc.
diff --git a/tests/test_dashboard.py b/tests/test_dashboard.py
index da4e8578..e963287c 100644
--- a/tests/test_dashboard.py
+++ b/tests/test_dashboard.py
@@ -209,6 +209,12 @@ def test_auto_tile(app, site):
                     content_type='application/json')
             assert resp.text.strip() == '/var1=one/var2=/'
 
+            # with missing data
+            resp = app.post(reverse('combo-dashboard-auto-tile', kwargs={'key': 'test-config-json-cell'}),
+                    params=json.dumps({'var2': 'two'}),
+                    content_type='application/json', status=400)
+
+
 def test_clean_autotiles(app, site):
     appconfig = apps.get_app_config('dashboard')
     appconfig.clean_autotiles()