Skip to content

Commit

Permalink
Explicity Typecasting all 'data_version' query arguments into integer (
Browse files Browse the repository at this point in the history
…#339). r=bhearsum
  • Loading branch information
aksareen authored and bhearsum committed Jun 16, 2017
1 parent dac48b8 commit 85053d4
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 5 deletions.
1 change: 1 addition & 0 deletions auslib/web/admin/swagger/api.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ parameters:
in: query
description: data version of object.
type: integer
format: int32
minimum: 1
required: true

Expand Down
7 changes: 4 additions & 3 deletions auslib/web/admin/views/permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -134,9 +134,9 @@ def _delete(self, username, permission, changed_by, transaction):
# won't find data where it's expecting it. Instead, we have to tell it to look at
# the query string, which Flask puts in request.args.

old_data_version = int(connexion.request.args.get("data_version"))
dbo.permissions.delete(where={"username": username, "permission": permission},
changed_by=changed_by, old_data_version=connexion.request.args.get("data_version"),
transaction=transaction)
changed_by=changed_by, old_data_version=old_data_version, transaction=transaction)
return Response(status=200)
except ValueError as e:
self.log.warning("Bad input: %s", e.args)
Expand Down Expand Up @@ -243,6 +243,7 @@ def _delete(self, username, role, changed_by, transaction):
"username '%s'" % (role, username)})
# query argument i.e. data_version is also required.
# All input value validations already defined in swagger specification and carried out by connexion.
old_data_version = int(connexion.request.args.get("data_version"))
dbo.permissions.revokeRole(username, role, changed_by=changed_by,
old_data_version=connexion.request.args.get("data_version"), transaction=transaction)
old_data_version=old_data_version, transaction=transaction)
return Response(status=200)
3 changes: 2 additions & 1 deletion auslib/web/admin/views/releases.py
Original file line number Diff line number Diff line change
Expand Up @@ -307,8 +307,9 @@ def _delete(self, release, changed_by, transaction):
# query argument i.e. data_version is also required.
# All input value validations already defined in swagger specification and carried out by connexion.
try:
old_data_version = int(connexion.request.args.get("data_version"))
dbo.releases.delete(where={"name": release["name"]}, changed_by=changed_by,
old_data_version=connexion.request.args.get("data_version"),
old_data_version=old_data_version,
transaction=transaction)
except ReadOnlyError as e:
msg = "Couldn't delete release: %s" % e
Expand Down
3 changes: 2 additions & 1 deletion auslib/web/admin/views/rules.py
Original file line number Diff line number Diff line change
Expand Up @@ -152,8 +152,9 @@ def _delete(self, id_or_alias, transaction, changed_by):
# rule_id and data_version), we still want to create and validate the
# form to make sure that the CSRF token is checked.

old_data_version = int(connexion.request.args.get("data_version"))
dbo.rules.delete(where={"rule_id": id_or_alias}, changed_by=changed_by,
old_data_version=connexion.request.args.get("data_version"),
old_data_version=old_data_version,
transaction=transaction)

return Response(status=200)
Expand Down

0 comments on commit 85053d4

Please sign in to comment.