Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Don't allow bad filter values to cause 404 or 500 errors.

  • Loading branch information...
commit decff4035841e68acec2373158bf96906094c63d 1 parent 39bd775
@carljm carljm authored
Showing with 13 additions and 5 deletions.
  1. +11 −3 ccui/core/filters.py
  2. +2 −2 tests/core/test_filters.py
View
14 ccui/core/filters.py
@@ -90,12 +90,18 @@ def get_options(self):
return self.options
+ @property
+ def valid_values(self):
+ value_options = set([str(k) for k, v in self.get_options()])
+ return [v for v in self.values if v in value_options]
+
+
def filters(self):
"""
Return tuple of (fieldname, values) to filter the API query on.
"""
- return (self.name, self.values)
+ return (self.name, self.valid_values)
@property
@@ -104,13 +110,15 @@ def include(self):
True if this filter has data and should be included.
"""
- return bool(self.values)
+ return bool(self.valid_values)
def __iter__(self):
for o in self.get_options():
yield FilterOption(
- value=o[0], label=o[1], selected=(str(o[0]) in self.values))
+ value=o[0],
+ label=o[1],
+ selected=(str(o[0]) in self.values))
def __len__(self):
View
4 tests/core/test_filters.py
@@ -70,14 +70,14 @@ def test_field_iteration(self):
def test_filter(self):
f = self.filter_class(
- self.GET(status=["draft", "active"]),
+ self.GET(status=["1", "2"]),
self.auth,
("status", self.status_field_filter))
list_obj = Mock()
f.filter(list_obj)
- list_obj.filter.assert_called_with(status=["draft", "active"])
+ list_obj.filter.assert_called_with(status=["1", "2"])
def test_empty_filter(self):
Please sign in to comment.
Something went wrong with that request. Please try again.