api: raise bad request when ?full=on is given to global forms API (#53944)
This commit is contained in:
parent
a80a9e4f5e
commit
7255de9d3e
|
@ -1200,6 +1200,7 @@ def test_api_global_listing(pub, local_user, user, auth):
|
|||
# check error handling
|
||||
get_url('/api/forms/?status=done&limit=plop', status=400)
|
||||
get_url('/api/forms/?status=done&offset=plop', status=400)
|
||||
get_url('/api/forms/?full=on', status=400)
|
||||
|
||||
# check when there are missing statuses
|
||||
for formdata in data_class.select():
|
||||
|
|
|
@ -25,7 +25,7 @@ from django.http import HttpResponse, HttpResponseBadRequest, JsonResponse
|
|||
from django.utils.encoding import force_text
|
||||
from quixote import get_publisher, get_request, get_response, get_session
|
||||
from quixote.directory import Directory
|
||||
from quixote.errors import MethodNotAllowedError
|
||||
from quixote.errors import MethodNotAllowedError, RequestError
|
||||
|
||||
import wcs.qommon.storage as st
|
||||
from wcs.admin.settings import UserFieldsFormDef
|
||||
|
@ -388,6 +388,9 @@ class ApiFormsDirectory(Directory):
|
|||
self.check_access()
|
||||
get_request()._user = get_user_from_api_query_string() or get_request().user
|
||||
|
||||
if get_request().form.get('full') == 'on':
|
||||
raise RequestError('no such parameter "full"')
|
||||
|
||||
if FormDef.count() == 0:
|
||||
# early return, this avoids running a query against a missing SQL view.
|
||||
get_response().set_content_type('application/json')
|
||||
|
|
Loading…
Reference in New Issue