Merge pull request #143 from open-zaak/feature/query-parameter-valida…

…tion

Feature/query parameter validation

src/openzaak/components/authorizations/api/viewsets.py

@@ -8,6 +8,7 @@
 from vng_api_common.authorizations.models import Applicatie
 from vng_api_common.authorizations.serializers import ApplicatieSerializer
 from vng_api_common.notifications.viewsets import NotificationViewSetMixin
+from vng_api_common.viewsets import CheckQueryParamsMixin
 
 from openzaak.utils.permissions import AuthRequired
 
@@ -19,7 +20,9 @@
 logger = logging.getLogger(__name__)
 
 
-class ApplicatieViewSet(NotificationViewSetMixin, viewsets.ModelViewSet):
+class ApplicatieViewSet(
+    CheckQueryParamsMixin, NotificationViewSetMixin, viewsets.ModelViewSet
+):
     """
     Uitlezen en configureren van autorisaties voor applicaties.
 

src/openzaak/components/authorizations/tests/test_authorizations_api.py

@@ -287,15 +287,15 @@ def setUpTestData(cls):
     def test_filter_client_id_hit(self):
         url = get_operation_url("applicatie_list")
 
-        response = self.client.get(url, {"client_ids": "id2"})
+        response = self.client.get(url, {"clientIds": "id2"})
 
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.data["count"], 1)
 
     def test_filter_client_id_miss(self):
         url = get_operation_url("applicatie_list")
 
-        response = self.client.get(url, {"client_ids": "id3"})
+        response = self.client.get(url, {"clientIds": "id3"})
 
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.data["count"], 0)
@@ -312,6 +312,17 @@ def test_fetch_via_client_id(self):
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.data["url"], f"http://testserver{reverse(app)}")
 
+    def test_validate_unknown_query_params(self):
+        ApplicatieFactory.create_batch(2)
+        url = reverse(Applicatie)
+
+        response = self.client.get(url, {"someparam": "somevalue"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "nonFieldErrors")
+        self.assertEqual(error["code"], "unknown-parameters")
+
 
 class UpdateAuthorizationsTests(JWTAuthMixin, APITestCase):
     scopes = [str(SCOPE_AUTORISATIES_BIJWERKEN)]

src/openzaak/components/besluiten/api/viewsets.py

@@ -24,6 +24,7 @@
 
 
 class BesluitViewSet(
+    CheckQueryParamsMixin,
     NotificationViewSetMixin,
     AuditTrailViewsetMixin,
     ListFilterByAuthorizationsMixin,

src/openzaak/components/besluiten/tests/test_filters.py

@@ -2,14 +2,16 @@
 
 from rest_framework import status
 from rest_framework.test import APITestCase
+from vng_api_common.tests import get_validation_errors, reverse
 
 from openzaak.components.catalogi.tests.factories import BesluitTypeFactory
 from openzaak.components.catalogi.tests.utils import (
     get_operation_url as get_catalogus_operation_url,
 )
 from openzaak.utils.tests import JWTAuthMixin
 
-from .factories import BesluitFactory
+from ..models import Besluit, BesluitInformatieObject
+from .factories import BesluitFactory, BesluitInformatieObjectFactory
 from .utils import get_operation_url
 
 
@@ -32,3 +34,33 @@ def test_filter_besluittype(self):
 
         self.assertEqual(response.status_code, status.HTTP_200_OK, response.data)
         self.assertEqual(response.data["count"], 3)
+
+
+class BesluitAPIFilterTests(JWTAuthMixin, APITestCase):
+    heeft_alle_autorisaties = True
+
+    def test_validate_unknown_query_params(self):
+        BesluitFactory.create_batch(2)
+        url = reverse(Besluit)
+
+        response = self.client.get(url, {"someparam": "somevalue"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "nonFieldErrors")
+        self.assertEqual(error["code"], "unknown-parameters")
+
+
+class BesluitInformatieObjectAPIFilterTests(JWTAuthMixin, APITestCase):
+    heeft_alle_autorisaties = True
+
+    def test_validate_unknown_query_params(self):
+        BesluitInformatieObjectFactory.create_batch(2)
+        url = reverse(BesluitInformatieObject)
+
+        response = self.client.get(url, {"someparam": "somevalue"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "nonFieldErrors")
+        self.assertEqual(error["code"], "unknown-parameters")

src/openzaak/components/catalogi/api/viewsets/besluittype.py

@@ -1,5 +1,6 @@
 from rest_framework import mixins, viewsets
 from rest_framework.pagination import PageNumberPagination
+from vng_api_common.viewsets import CheckQueryParamsMixin
 
 from openzaak.utils.permissions import AuthRequired
 
@@ -11,6 +12,7 @@
 
 
 class BesluitTypeViewSet(
+    CheckQueryParamsMixin,
     ConceptMixin,
     M2MConceptCreateMixin,
     mixins.CreateModelMixin,

src/openzaak/components/catalogi/api/viewsets/catalogus.py

@@ -1,5 +1,6 @@
 from rest_framework import mixins, viewsets
 from rest_framework.pagination import PageNumberPagination
+from vng_api_common.viewsets import CheckQueryParamsMixin
 
 from openzaak.utils.permissions import AuthRequired
 
@@ -9,7 +10,9 @@
 from ..serializers import CatalogusSerializer
 
 
-class CatalogusViewSet(mixins.CreateModelMixin, viewsets.ReadOnlyModelViewSet):
+class CatalogusViewSet(
+    CheckQueryParamsMixin, mixins.CreateModelMixin, viewsets.ReadOnlyModelViewSet
+):
     """
     Opvragen en bewerken van CATALOGUSsen.
 

src/openzaak/components/catalogi/api/viewsets/eigenschap.py

@@ -1,5 +1,6 @@
 from rest_framework import mixins, viewsets
 from rest_framework.pagination import PageNumberPagination
+from vng_api_common.viewsets import CheckQueryParamsMixin
 
 from openzaak.components.catalogi.models import Eigenschap
 from openzaak.utils.permissions import AuthRequired
@@ -11,6 +12,7 @@
 
 
 class EigenschapViewSet(
+    CheckQueryParamsMixin,
     ZaakTypeConceptMixin,
     mixins.CreateModelMixin,
     mixins.DestroyModelMixin,

src/openzaak/components/catalogi/api/viewsets/informatieobjecttype.py

@@ -1,5 +1,6 @@
 from rest_framework import mixins, viewsets
 from rest_framework.pagination import PageNumberPagination
+from vng_api_common.viewsets import CheckQueryParamsMixin
 
 from openzaak.utils.permissions import AuthRequired
 
@@ -11,6 +12,7 @@
 
 
 class InformatieObjectTypeViewSet(
+    CheckQueryParamsMixin,
     ConceptMixin,
     mixins.CreateModelMixin,
     mixins.DestroyModelMixin,

src/openzaak/components/catalogi/api/viewsets/relatieklassen.py

@@ -3,6 +3,7 @@
 from rest_framework import mixins, viewsets
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.pagination import PageNumberPagination
+from vng_api_common.viewsets import CheckQueryParamsMixin
 
 from openzaak.utils.permissions import AuthRequired
 
@@ -14,6 +15,7 @@
 
 
 class ZaakTypeInformatieObjectTypeViewSet(
+    CheckQueryParamsMixin,
     ConceptFilterMixin,
     ConceptDestroyMixin,
     mixins.CreateModelMixin,

src/openzaak/components/catalogi/api/viewsets/resultaattype.py

@@ -1,5 +1,6 @@
 from rest_framework import mixins, viewsets
 from rest_framework.pagination import PageNumberPagination
+from vng_api_common.viewsets import CheckQueryParamsMixin
 
 from openzaak.utils.permissions import AuthRequired
 
@@ -11,6 +12,7 @@
 
 
 class ResultaatTypeViewSet(
+    CheckQueryParamsMixin,
     ZaakTypeConceptMixin,
     mixins.CreateModelMixin,
     mixins.DestroyModelMixin,

src/openzaak/components/catalogi/api/viewsets/statustype.py

@@ -1,5 +1,6 @@
 from rest_framework import mixins, viewsets
 from rest_framework.pagination import PageNumberPagination
+from vng_api_common.viewsets import CheckQueryParamsMixin
 
 from openzaak.utils.permissions import AuthRequired
 
@@ -11,6 +12,7 @@
 
 
 class StatusTypeViewSet(
+    CheckQueryParamsMixin,
     ZaakTypeConceptMixin,
     mixins.CreateModelMixin,
     mixins.DestroyModelMixin,

src/openzaak/components/catalogi/api/viewsets/zaaktype.py

@@ -1,5 +1,6 @@
 from rest_framework import mixins, viewsets
 from rest_framework.pagination import PageNumberPagination
+from vng_api_common.viewsets import CheckQueryParamsMixin
 
 from openzaak.utils.permissions import AuthRequired
 
@@ -11,6 +12,7 @@
 
 
 class ZaakTypeViewSet(
+    CheckQueryParamsMixin,
     ConceptMixin,
     M2MConceptCreateMixin,
     mixins.CreateModelMixin,

src/openzaak/components/catalogi/tests/test_besluittype.py

@@ -1,5 +1,5 @@
 from rest_framework import status
-from vng_api_common.tests import get_validation_errors, reverse
+from vng_api_common.tests import get_operation_url, get_validation_errors, reverse
 
 from ..models import BesluitType
 from .base import APITestCase
@@ -406,6 +406,17 @@ def test_filter_informatieobjecttypes(self):
         self.assertEqual(len(data), 1)
         self.assertEqual(data[0]["url"], f"http://testserver{besluittype1_url}")
 
+    def test_validate_unknown_query_params(self):
+        BesluitTypeFactory.create_batch(2)
+        url = reverse(BesluitType)
+
+        response = self.client.get(url, {"someparam": "somevalue"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "nonFieldErrors")
+        self.assertEqual(error["code"], "unknown-parameters")
+
 
 class BesluitTypePaginationTestCase(APITestCase):
     maxDiff = None

src/openzaak/components/catalogi/tests/test_catalogus.py

@@ -1,5 +1,5 @@
 from rest_framework import status
-from vng_api_common.tests import reverse
+from vng_api_common.tests import get_validation_errors, reverse
 
 from ..models import Catalogus
 from .base import APITestCase
@@ -111,6 +111,17 @@ def test_filter_rsin_in(self):
         self.assertEqual(len(data), 1)
         self.assertEqual(data[0]["url"], f"http://testserver{reverse(catalogus1)}")
 
+    def test_validate_unknown_query_params(self):
+        CatalogusFactory.create_batch(2)
+        url = reverse(Catalogus)
+
+        response = self.client.get(url, {"someparam": "somevalue"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "nonFieldErrors")
+        self.assertEqual(error["code"], "unknown-parameters")
+
 
 class CatalogusPaginationTestCase(APITestCase):
     maxDiff = None

src/openzaak/components/catalogi/tests/test_eigenschap.py

@@ -1,5 +1,5 @@
 from rest_framework import status
-from vng_api_common.tests import TypeCheckMixin, reverse
+from vng_api_common.tests import TypeCheckMixin, get_validation_errors, reverse
 
 from ..constants import FormaatChoices
 from ..models import Eigenschap
@@ -262,6 +262,17 @@ def test_filter_eigenschap_status_definitief(self):
         self.assertEqual(len(data), 1)
         self.assertEqual(data[0]["url"], f"http://testserver{eigenschap2_url}")
 
+    def test_validate_unknown_query_params(self):
+        EigenschapFactory.create_batch(2)
+        url = reverse(Eigenschap)
+
+        response = self.client.get(url, {"someparam": "somevalue"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "nonFieldErrors")
+        self.assertEqual(error["code"], "unknown-parameters")
+
 
 class EigenschapPaginationTestCase(APITestCase):
     maxDiff = None

src/openzaak/components/catalogi/tests/test_informatieobjecttype.py

@@ -1,9 +1,8 @@
 from unittest import skip
 
-from django.urls import reverse
-
 from rest_framework import status
 from vng_api_common.constants import VertrouwelijkheidsAanduiding
+from vng_api_common.tests import get_validation_errors, reverse
 
 from ..models import InformatieObjectType
 from .base import APITestCase
@@ -226,6 +225,17 @@ def test_filter_informatieobjecttype_status_definitief(self):
             data[0]["url"], f"http://testserver{informatieobjecttype2_url}"
         )
 
+    def test_validate_unknown_query_params(self):
+        InformatieObjectTypeFactory.create_batch(2)
+        url = reverse(InformatieObjectType)
+
+        response = self.client.get(url, {"someparam": "somevalue"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "nonFieldErrors")
+        self.assertEqual(error["code"], "unknown-parameters")
+
 
 class InformatieObjectTypePaginationTestCase(APITestCase):
     maxDiff = None

src/openzaak/components/catalogi/tests/test_relatieklassen.py

@@ -1,7 +1,7 @@
 from unittest import skip
 
 from rest_framework import status
-from vng_api_common.tests import reverse, reverse_lazy
+from vng_api_common.tests import get_validation_errors, reverse, reverse_lazy
 
 from ..constants import RichtingChoices
 from ..models import ZaakInformatieobjectType
@@ -273,6 +273,17 @@ def test_filter_ziot_status_definitief(self):
         self.assertEqual(len(data), 1)
         self.assertEqual(data[0]["url"], f"http://testserver{ziot4_url}")
 
+    def test_validate_unknown_query_params(self):
+        ZaakInformatieobjectTypeFactory.create_batch(2)
+        url = reverse(ZaakInformatieobjectType)
+
+        response = self.client.get(url, {"someparam": "somevalue"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "nonFieldErrors")
+        self.assertEqual(error["code"], "unknown-parameters")
+
 
 class ZaakInformatieobjectTypePaginationTestCase(APITestCase):
     maxDiff = None

src/openzaak/components/catalogi/tests/test_resultaattype.py

@@ -386,6 +386,17 @@ def test_filter_resultaattype_status_definitief(self):
         self.assertEqual(len(data), 1)
         self.assertEqual(data[0]["url"], f"http://testserver{resultaattype2_url}")
 
+    def test_validate_unknown_query_params(self):
+        ResultaatTypeFactory.create_batch(2)
+        url = reverse(ResultaatType)
+
+        response = self.client.get(url, {"someparam": "somevalue"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "nonFieldErrors")
+        self.assertEqual(error["code"], "unknown-parameters")
+
 
 class ResultaatTypePaginationTestCase(APITestCase):
     maxDiff = None