From 82ad56812eee68d2726be21ebb5b3559eb84cd29 Mon Sep 17 00:00:00 2001 From: Max Metz Date: Thu, 12 Sep 2024 10:18:41 +0200 Subject: [PATCH 1/2] correcting an issue in the DELETE methods for SHIPS and TIMES, where the ID may have been provided as a null value or was incorrectly converted (string instead of integer) --- src/server/BreCal/api/ships.py | 9 ++++++--- src/server/BreCal/validators/input_validation_ship.py | 4 ++-- src/server/BreCal/validators/input_validation_times.py | 6 ++++-- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/server/BreCal/api/ships.py b/src/server/BreCal/api/ships.py index 9e92ffa..157f223 100644 --- a/src/server/BreCal/api/ships.py +++ b/src/server/BreCal/api/ships.py @@ -91,16 +91,19 @@ def DeleteShip(): # read the user data from the JWT token (set when login is performed) user_data = check_jwt() - ship_id = request.args.get("id") if 'id' in request.args: options = {} options["id"] = request.args.get("id") else: - return create_dynamic_exception_response(ex=ex, status_code=400, message="no id provided") + return create_dynamic_exception_response(ex=None, status_code=400, message="no id provided") # validate the request data & user permissions - InputValidationShip.evaluate_delete_data(user_data, ship_id) + ship_id = request.args.get("id") + if ship_id is None: + return create_dynamic_exception_response(ex=None, status_code=400, message="no id provided") + + InputValidationShip.evaluate_delete_data(user_data, int(ship_id)) return impl.ships.DeleteShip(options) except ValidationError as ex: diff --git a/src/server/BreCal/validators/input_validation_ship.py b/src/server/BreCal/validators/input_validation_ship.py index 4b9ad23..25362c7 100644 --- a/src/server/BreCal/validators/input_validation_ship.py +++ b/src/server/BreCal/validators/input_validation_ship.py @@ -123,7 +123,7 @@ class InputValidationShip(): return @staticmethod - def check_if_entry_is_already_deleted(ship_id:int): + def check_if_entry_is_already_deleted(ship_id:typing.Optional[int]): """ When calling a delete request for ships, the dataset may not be deleted already. This method makes sure, that the request contains and ID, has a matching entry in the database, and the @@ -134,7 +134,7 @@ class InputValidationShip(): response, status_code, header = GetShips(token=None) ships = json.loads(response) - existing_database_entries = [ship for ship in ships if ship.get("id")==ship_id] + existing_database_entries = [ship for ship in ships if ship.get("id")==int(ship_id)] if len(existing_database_entries)==0: raise ValidationError({"id":f"Could not find a ship with the specified ID. Selected: {ship_id}"}) diff --git a/src/server/BreCal/validators/input_validation_times.py b/src/server/BreCal/validators/input_validation_times.py index 28e450f..6dd1234 100644 --- a/src/server/BreCal/validators/input_validation_times.py +++ b/src/server/BreCal/validators/input_validation_times.py @@ -108,8 +108,10 @@ class InputValidationTimes(): return @staticmethod - def evaluate_delete_data(user_data:dict, times_id:int): - # #TODO_determine: is times_id always an int or does the request.args call provide a string? + def evaluate_delete_data(user_data:dict, times_id:typing.Optional[int]): + # 0.) an ID reference must be provided and will be converted to int + if times_id is None: + raise ValidationError({"id":"no times id provided"}) times_id = int(times_id) if not isinstance(times_id, int) else times_id # 1.) The dataset entry may not be deleted already From aaea8441f66cde8172a8549796da51b40ccce897 Mon Sep 17 00:00:00 2001 From: Max Metz Date: Thu, 12 Sep 2024 10:22:27 +0200 Subject: [PATCH 2/2] shifting the ship-id check into the validation object --- src/server/BreCal/api/ships.py | 5 +---- src/server/BreCal/validators/input_validation_ship.py | 9 +++++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/src/server/BreCal/api/ships.py b/src/server/BreCal/api/ships.py index 157f223..482474b 100644 --- a/src/server/BreCal/api/ships.py +++ b/src/server/BreCal/api/ships.py @@ -100,10 +100,7 @@ def DeleteShip(): # validate the request data & user permissions ship_id = request.args.get("id") - if ship_id is None: - return create_dynamic_exception_response(ex=None, status_code=400, message="no id provided") - - InputValidationShip.evaluate_delete_data(user_data, int(ship_id)) + InputValidationShip.evaluate_delete_data(user_data, ship_id) return impl.ships.DeleteShip(options) except ValidationError as ex: diff --git a/src/server/BreCal/validators/input_validation_ship.py b/src/server/BreCal/validators/input_validation_ship.py index 25362c7..80c6261 100644 --- a/src/server/BreCal/validators/input_validation_ship.py +++ b/src/server/BreCal/validators/input_validation_ship.py @@ -60,7 +60,11 @@ class InputValidationShip(): return @staticmethod - def evaluate_delete_data(user_data:dict, ship_id:int): + def evaluate_delete_data(user_data:dict, ship_id:typing.Optional[int]): + if ship_id is None: + raise ValidationError({"id":f"The ship id must be provided."}) + ship_id = int(ship_id) + # 1.) Only users of type BSMD are allowed to PUT InputValidationShip.check_user_is_bsmd_type(user_data) @@ -129,9 +133,6 @@ class InputValidationShip(): makes sure, that the request contains and ID, has a matching entry in the database, and the database entry may not have a deletion state already. """ - if ship_id is None: - raise ValidationError({"id":f"The ship id must be provided."}) - response, status_code, header = GetShips(token=None) ships = json.loads(response) existing_database_entries = [ship for ship in ships if ship.get("id")==int(ship_id)]