From 7255de9d3eedf9b76c923092fc26adcb5b241852 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Tue, 11 May 2021 20:33:05 +0200 Subject: [PATCH] api: raise bad request when ?full=on is given to global forms API (#53944) --- tests/api/test_formdata.py | 1 + wcs/api.py | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/api/test_formdata.py b/tests/api/test_formdata.py index 99813e161..a83686a39 100644 --- a/tests/api/test_formdata.py +++ b/tests/api/test_formdata.py @@ -1200,6 +1200,7 @@ def test_api_global_listing(pub, local_user, user, auth): # check error handling get_url('/api/forms/?status=done&limit=plop', status=400) get_url('/api/forms/?status=done&offset=plop', status=400) + get_url('/api/forms/?full=on', status=400) # check when there are missing statuses for formdata in data_class.select(): diff --git a/wcs/api.py b/wcs/api.py index 66cba1db6..d7e4b1bbe 100644 --- a/wcs/api.py +++ b/wcs/api.py @@ -25,7 +25,7 @@ from django.http import HttpResponse, HttpResponseBadRequest, JsonResponse from django.utils.encoding import force_text from quixote import get_publisher, get_request, get_response, get_session from quixote.directory import Directory -from quixote.errors import MethodNotAllowedError +from quixote.errors import MethodNotAllowedError, RequestError import wcs.qommon.storage as st from wcs.admin.settings import UserFieldsFormDef @@ -388,6 +388,9 @@ class ApiFormsDirectory(Directory): self.check_access() get_request()._user = get_user_from_api_query_string() or get_request().user + if get_request().form.get('full') == 'on': + raise RequestError('no such parameter "full"') + if FormDef.count() == 0: # early return, this avoids running a query against a missing SQL view. get_response().set_content_type('application/json')