lingo: detect more errors in remove payload (#40708)
This commit is contained in:
parent
e458263be2
commit
95d761ebcf
|
@ -243,6 +243,16 @@ class RemoveBasketItemApiView(View):
|
|||
if not 'basket_item_id' in request_body:
|
||||
return HttpResponseBadRequest('missing basket_item_id parameter')
|
||||
|
||||
try:
|
||||
item = BasketItem.objects.get(id=request_body.get('basket_item_id'))
|
||||
except BasketItem.DoesNotExist:
|
||||
return HttpResponseBadRequest('unknown basket item')
|
||||
except ValueError:
|
||||
return HttpResponseBadRequest('invalid basket_item_id')
|
||||
|
||||
if item.cancellation_date:
|
||||
return HttpResponseBadRequest('basket item already cancelled')
|
||||
|
||||
try:
|
||||
if request.GET.get('NameId'):
|
||||
user = get_user_from_name_id(request.GET.get('NameId'), raise_on_missing=True)
|
||||
|
@ -255,11 +265,8 @@ class RemoveBasketItemApiView(View):
|
|||
except User.DoesNotExist:
|
||||
return HttpResponseBadRequest('unknown user')
|
||||
|
||||
try:
|
||||
item = BasketItem.objects.get(id=request_body.get('basket_item_id'),
|
||||
user=user, cancellation_date__isnull=True)
|
||||
except BasketItem.DoesNotExist:
|
||||
return HttpResponseBadRequest('unknown basket item')
|
||||
if item.user != user:
|
||||
return HttpResponseBadRequest('user does not own the basket item')
|
||||
|
||||
notify_origin = bool(request_body.get('notify', 'false') == 'true')
|
||||
item.notify_cancellation(notify_origin=notify_origin)
|
||||
|
|
|
@ -545,6 +545,12 @@ def test_cancel_basket_item(app, key, regie, user):
|
|||
resp = app.post_json(url, params=data, status=400)
|
||||
assert 'missing basket_item_id parameter' in resp.text
|
||||
|
||||
url = '%s?email=%s&orig=wcs' % (reverse('api-remove-basket-item'), user_email)
|
||||
url = sign_url(url, key)
|
||||
data = {'basket_item_id': 'eggs', 'notify': 'true'}
|
||||
resp = app.post_json(url, params=data, status=400)
|
||||
assert 'invalid basket_item_id' in resp.text
|
||||
|
||||
url = '%s?email=%s&orig=wcs' % (reverse('api-remove-basket-item'), user_email)
|
||||
url = sign_url(url, key)
|
||||
data = {'basket_item_id': 0, 'notify': 'true'}
|
||||
|
@ -563,6 +569,14 @@ def test_cancel_basket_item(app, key, regie, user):
|
|||
resp = app.post_json(url, params=data, status=400)
|
||||
assert 'unknown user' in resp.text
|
||||
|
||||
other_user_email = 'bar@example.net'
|
||||
User.objects.get_or_create(email=other_user_email)
|
||||
url = '%s?email=%s&orig=wcs' % (reverse('api-remove-basket-item'), other_user_email)
|
||||
url = sign_url(url, key)
|
||||
data = {'basket_item_id': basket_item_id, 'notify': 'true'}
|
||||
resp = app.post_json(url, params=data, status=400)
|
||||
assert 'user does not own the basket item' in resp.text
|
||||
|
||||
with mock.patch('combo.utils.requests_wrapper.RequestsSession.request') as request:
|
||||
url = '%s?email=%s&orig=wcs' % (reverse('api-remove-basket-item'), user_email)
|
||||
url = sign_url(url, key)
|
||||
|
@ -581,6 +595,12 @@ def test_cancel_basket_item(app, key, regie, user):
|
|||
assert not BasketItem.objects.filter(amount=42, cancellation_date__isnull=True).exists()
|
||||
assert not BasketItem.objects.filter(amount=21, cancellation_date__isnull=True).exists()
|
||||
|
||||
url = '%s?email=%s&orig=wcs' % (reverse('api-remove-basket-item'), user_email)
|
||||
url = sign_url(url, key)
|
||||
data = {'basket_item_id': basket_item_id}
|
||||
resp = app.post_json(url, params=data, status=400)
|
||||
assert 'basket item already cancelled' in resp.text
|
||||
|
||||
|
||||
def test_cancel_basket_item_from_cell(app, key, regie, user):
|
||||
page = Page(title='xxx', slug='test_basket_cell', template_name='standard')
|
||||
|
|
Loading…
Reference in New Issue