api: check limit/offset parameters are valid (#28773)
This commit is contained in:
parent
c668d16268
commit
5b4dbc5ae8
|
@ -1498,6 +1498,10 @@ def test_api_list_formdata(pub, local_user):
|
|||
resp_partial_ids.extend([x.get('id') for x in resp.json])
|
||||
assert resp_all_ids == resp_partial_ids
|
||||
|
||||
# check error handling
|
||||
get_app(pub).get(sign_uri('/api/forms/test/list?filter=all&offset=plop', user=local_user), status=400)
|
||||
get_app(pub).get(sign_uri('/api/forms/test/list?filter=all&limit=plop', user=local_user), status=400)
|
||||
|
||||
def test_api_anonymized_formdata(pub, local_user, admin_user):
|
||||
Role.wipe()
|
||||
role = Role(name='test')
|
||||
|
@ -1793,6 +1797,18 @@ def test_api_global_listing(pub, local_user):
|
|||
resp = get_app(pub).get(sign_uri('/api/forms/?status=done', user=local_user))
|
||||
assert len(resp.json['data']) == 20
|
||||
|
||||
# check limit/offset
|
||||
resp = get_app(pub).get(sign_uri('/api/forms/?status=done&limit=5', user=local_user))
|
||||
assert len(resp.json['data']) == 5
|
||||
resp = get_app(pub).get(sign_uri('/api/forms/?status=done&offset=5&limit=5', user=local_user))
|
||||
assert len(resp.json['data']) == 5
|
||||
resp = get_app(pub).get(sign_uri('/api/forms/?status=done&offset=18&limit=5', user=local_user))
|
||||
assert len(resp.json['data']) == 2
|
||||
|
||||
# check error handling
|
||||
get_app(pub).get(sign_uri('/api/forms/?status=done&limit=plop', user=local_user), status=400)
|
||||
get_app(pub).get(sign_uri('/api/forms/?status=done&offset=plop', user=local_user), status=400)
|
||||
|
||||
def test_api_global_listing_ignored_roles(pub, local_user):
|
||||
test_api_global_listing(pub, local_user)
|
||||
|
||||
|
|
14
wcs/api.py
14
wcs/api.py
|
@ -26,7 +26,7 @@ from qommon import _
|
|||
from qommon import misc
|
||||
from qommon.evalutils import make_datetime
|
||||
from qommon.errors import (AccessForbiddenError, QueryError, TraversalError,
|
||||
UnknownNameIdAccessForbiddenError)
|
||||
UnknownNameIdAccessForbiddenError, RequestError)
|
||||
from qommon.form import ComputedExpressionWidget, ConditionWidget
|
||||
|
||||
from wcs.categories import Category
|
||||
|
@ -211,9 +211,15 @@ class ApiFormsDirectory(Directory):
|
|||
roles_criterias = criterias
|
||||
criterias = management_directory.get_global_listing_criterias(ignore_user_roles=True)
|
||||
|
||||
limit = int(get_request().form.get('limit',
|
||||
get_publisher().get_site_option('default-page-size') or 20))
|
||||
offset = int(get_request().form.get('offset', 0))
|
||||
try:
|
||||
limit = int(get_request().form.get('limit',
|
||||
get_publisher().get_site_option('default-page-size') or 20))
|
||||
except ValueError:
|
||||
raise RequestError('invalid limit parameter')
|
||||
try:
|
||||
offset = int(get_request().form.get('offset', 0))
|
||||
except ValueError:
|
||||
raise RequestError('invalid offset parameter')
|
||||
order_by = get_request().form.get('order_by',
|
||||
get_publisher().get_site_option('default-sort-order') or '-receipt_time')
|
||||
|
||||
|
|
|
@ -1610,10 +1610,16 @@ class FormPage(Directory):
|
|||
query = get_request().form.get('q') if not anonymise else None
|
||||
offset = None
|
||||
if 'offset' in get_request().form:
|
||||
offset = int(get_request().form['offset'])
|
||||
try:
|
||||
offset = int(get_request().form['offset'])
|
||||
except ValueError:
|
||||
raise errors.RequestError('invalid offset parameter')
|
||||
limit = None
|
||||
if 'limit' in get_request().form:
|
||||
limit = int(get_request().form['limit'])
|
||||
try:
|
||||
limit = int(get_request().form['limit'])
|
||||
except ValueError:
|
||||
raise errors.RequestError('invalid limit parameter')
|
||||
items, total_count = FormDefUI(self.formdef).get_listing_items(
|
||||
selected_filter, user=user, query=query, criterias=criterias,
|
||||
order_by=order_by, anonymise=anonymise, offset=offset, limit=limit)
|
||||
|
|
Loading…
Reference in New Issue