Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

lockdown transactions (bug 826813)

  • Loading branch information...
commit 6883e0ba0fb7d1a11f107c0d47e26cf93e04942b 1 parent d4f4de5
@andymckay andymckay authored
View
18 lib/transactions/forms.py
@@ -0,0 +1,18 @@
+from django import forms
+
+from django_paranoia.forms import ParanoidForm
+
+from .constants import STATUSES
+
+
+class UpdateForm(ParanoidForm):
+ notes = forms.CharField(required=False)
+ status = forms.ChoiceField(choices=[(v, v) for v in STATUSES.values()],
+ required=False)
+
+ def clean(self):
+ keys = set(self.data.keys()).difference(set(self.fields.keys()))
+ if keys:
+ raise forms.ValidationError('Cannot alter fields: %s' %
+ ', '.join(keys))
+ return self.cleaned_data
View
9 lib/transactions/resources.py
@@ -7,6 +7,8 @@
from lib.transactions.models import Transaction
from solitude.base import ModelResource
+from .forms import UpdateForm
+
class TransactionResource(ModelResource):
seller_product = fields.ToOneField(
@@ -30,6 +32,13 @@ class Meta(ModelResource.Meta):
'provider': 'exact'
}
+ def update_in_place(self, request, original_data, new_data):
+ form = UpdateForm(new_data)
+ if form.is_valid():
+ return (super(TransactionResource, self)
+ .update_in_place(request, original_data, new_data))
+ raise self.form_errors(form)
+
def override_urls(self):
return [
url(r"^(?P<resource_name>transaction)/(?P<uuid>.*)/$",
View
7 lib/transactions/tests/test_api.py
@@ -57,6 +57,11 @@ def test_provider(self):
def test_patch(self):
res = self.client.patch(self.detail_url,
data={'status': constants.STATUS_COMPLETED})
- eq_(res.status_code, 202)
+ eq_(res.status_code, 202, res.content)
eq_(Transaction.objects.get(pk=self.trans.pk).status,
constants.STATUS_COMPLETED)
+
+ def test_patch_naughty(self):
+ res = self.client.patch(self.detail_url, data={'uuid': 5})
+ eq_(res.status_code, 400)
+ eq_(json.loads(res.content)['__all__'], ['Cannot alter fields: uuid'])
View
2  requirements/prod.txt
@@ -12,7 +12,7 @@ django-aesfield==0.1
django-celery==2.2.4
django-multidb-router==0.5
django-nose==1.1
-django-paranoia==0.1.6
+django-paranoia==0.1.7
django-picklefield==0.2.1
django-raven-metlog==0.1
django-sha2==0.4
Please sign in to comment.
Something went wrong with that request. Please try again.