# HG changeset patch # User Filip de Waard # Date 1294083946 -3600 # Node ID 61391ad037ee6db45900827671f852fa4cf828d7 # Parent bb68eaba4d3d67cd13e4a8c7269665ffb4ab5a29 improved basic validation of entry create diff -r bb68eaba4d3d67cd13e4a8c7269665ffb4ab5a29 -r 61391ad037ee6db45900827671f852fa4cf828d7 vix/controllers/entries.py --- a/vix/controllers/entries.py Sat Jan 01 04:13:14 2011 +0100 +++ b/vix/controllers/entries.py Mon Jan 03 20:45:46 2011 +0100 @@ -83,10 +83,20 @@ abort(403, 'Insufficient privileges to perform action.') if not 'title' in json or len(json['title']) == 0: - abort(400, 'Title required for feed creation') + abort(400, 'Title required for entry creation') - slug_suggestion = request.headers.get('Slug') + if ('content' not in json or not hasattr(json['content'], 'keys') + or 'content' not in json['content'] + or 'type' not in json['content']): + abort(400, 'Valid content value required') + if 'authors' in json: + for author in json['authors']: + if not hasattr(author, 'keys') or not 'name' in author: + abort(400, 'Valid authors value required') + else: + abort(400, 'Valid authors value required.') + draft = False if not 'draft' in json else json['draft'] entry = model.Entry(feeds=json['feeds'], @@ -101,6 +111,8 @@ categories=json.get('categories') ) + slug_suggestion = request.headers.get('Slug') + entry.create(model.db, slug_suggestion=slug_suggestion, authority=config['tag_uri_authority']) diff -r bb68eaba4d3d67cd13e4a8c7269665ffb4ab5a29 -r 61391ad037ee6db45900827671f852fa4cf828d7 vix/tests/functional/test_entries.py --- a/vix/tests/functional/test_entries.py Sat Jan 01 04:13:14 2011 +0100 +++ b/vix/tests/functional/test_entries.py Mon Jan 03 20:45:46 2011 +0100 @@ -227,3 +227,59 @@ status=201) self.assertEquals(response.json['draft'], True) + + #try adding an entry with an empty title value + new_entry['title'] = '' + response = self.app.post(url('create_entry'), + content_type='application/json', + params=json.dumps(new_entry), + headers=headers, + status=400) + + new_entry['title'] = 'Foo' + + #try adding an entry with an empty content value + del new_entry['content'] + response = self.app.post(url('create_entry'), + content_type='application/json', + params=json.dumps(new_entry), + headers=headers, + status=400) + + #make sure the required content arguments are enforced + new_entry['content'] = {} + response = self.app.post(url('create_entry'), + content_type='application/json', + params=json.dumps(new_entry), + headers=headers, + status=400) + + #see that only passing type instead of 'content' and 'type' + #raises a HTTP 400 status + new_entry['content'] = {'type': 'foo'} + response = self.app.post(url('create_entry'), + content_type='application/json', + params=json.dumps(new_entry), + headers=headers, + status=400) + + new_entry['content'] = {'type': 'foo', 'content': 'bar'} + + #call without 'authors' + del new_entry['authors'] + response = self.app.post(url('create_entry'), + content_type='application/json', + params=json.dumps(new_entry), + headers=headers, + status=400) + + #make sure the 'name' value is required + new_entry['authors'] = [{'foo': 'bar'}] + response = self.app.post(url('create_entry'), + content_type='application/json', + params=json.dumps(new_entry), + headers=headers, + status=400) + + #TODO: Add format validation for all values (e.g. check if + #values like 'rights' are basestrings, check categories)