Merge pull request #133 from open-zaak/issue/filtering-on-non-existen…

…t-gives-400 Issue/filtering on non existent gives 400
open-zaak · Oct 30, 2019 · a4b9fa6 · a4b9fa6
2 parents 6063568 + 66b4b41
commit a4b9fa6
Show file tree

Hide file tree

Showing 22 changed files with 578 additions and 57 deletions.
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -61,4 +61,4 @@ unidecode==1.0.22         # via vng-api-common
 uritemplate==3.0.0        # via coreapi, drf-yasg
 urllib3==1.24.3           # via requests
 uwsgi==2.0.18
-vng-api-common==1.0.22
+vng-api-common==1.0.27
diff --git a/requirements/ci.txt b/requirements/ci.txt
@@ -68,4 +68,4 @@ unidecode==1.0.22
 uritemplate==3.0.0
 urllib3==1.24.3
 uwsgi==2.0.18
-vng-api-common==1.0.22
+vng-api-common==1.0.27
diff --git a/requirements/dev.txt b/requirements/dev.txt
@@ -95,7 +95,7 @@ unidecode==1.0.22
 uritemplate==3.0.0
 urllib3==1.24.3
 uwsgi==2.0.18
-vng-api-common==1.0.22
+vng-api-common==1.0.27
 
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools==41.4.0        # via sphinx
diff --git a/src/openzaak/components/besluiten/tests/test_besluit_create.py b/src/openzaak/components/besluiten/tests/test_besluit_create.py
@@ -125,12 +125,14 @@ def test_opvragen_informatieobjecten_besluit(self):
 
         base_uri = get_operation_url("besluitinformatieobject_list")
 
-        url1 = f"{base_uri}?besluit={besluit1_uri}"
-        response1 = self.client.get(url1)
+        response1 = self.client.get(
+            base_uri, {"besluit": f"http://testserver.com{besluit1_uri}"}
+        )
         self.assertEqual(len(response1.data), 3)
 
-        url2 = f"{base_uri}?besluit={besluit2_uri}"
-        response2 = self.client.get(url2)
+        response2 = self.client.get(
+            base_uri, {"besluit": f"http://testserver.com{besluit2_uri}"}
+        )
         self.assertEqual(len(response2.data), 2)
 
     def test_besluit_create_fail_besluittype_max_length(self):

diff --git a/src/openzaak/components/besluiten/tests/test_besluitinformatieobjecten.py b/src/openzaak/components/besluiten/tests/test_besluitinformatieobjecten.py
@@ -95,7 +95,7 @@ def test_filter(self):
         bio_list_url = reverse("besluitinformatieobject-list")
 
         response = self.client.get(
-            bio_list_url, {"besluit": f"http://testserver{besluit_url}"}
+            bio_list_url, {"besluit": f"http://testserver.com{besluit_url}"}
         )
 
         self.assertEqual(response.status_code, 200)

diff --git a/src/openzaak/components/besluiten/tests/test_filters.py b/src/openzaak/components/besluiten/tests/test_filters.py
@@ -50,6 +50,25 @@ def test_validate_unknown_query_params(self):
         error = get_validation_errors(response, "nonFieldErrors")
         self.assertEqual(error["code"], "unknown-parameters")
 
+    def test_filter_by_invalid_url(self):
+        response = self.client.get(reverse(Besluit), {"besluittype": "bla"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "besluittype")
+        self.assertEqual(error["code"], "invalid")
+
+    def test_filter_by_valid_url_object_does_not_exist(self):
+        BesluitFactory.create(besluittype__concept=False)
+        response = self.client.get(
+            reverse(Besluit), {"besluittype": "https://google.com"}
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(
+            response.data, {"count": 0, "next": None, "previous": None, "results": []}
+        )
+
 
 class BesluitInformatieObjectAPIFilterTests(JWTAuthMixin, APITestCase):
     heeft_alle_autorisaties = True
@@ -64,3 +83,20 @@ def test_validate_unknown_query_params(self):
 
         error = get_validation_errors(response, "nonFieldErrors")
         self.assertEqual(error["code"], "unknown-parameters")
+
+    def test_filter_by_invalid_url(self):
+        response = self.client.get(reverse(BesluitInformatieObject), {"besluit": "bla"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "besluit")
+        self.assertEqual(error["code"], "invalid")
+
+    def test_filter_by_valid_url_object_does_not_exist(self):
+        BesluitInformatieObjectFactory.create()
+        response = self.client.get(
+            reverse(BesluitInformatieObject), {"besluit": "https://google.com"}
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data, [])
diff --git a/src/openzaak/components/catalogi/api/filters.py b/src/openzaak/components/catalogi/api/filters.py
@@ -1,3 +1,7 @@
+from urllib.parse import urlparse
+
+from django.core.exceptions import ObjectDoesNotExist
+from django.core.validators import URLValidator
 from django.utils.translation import ugettext_lazy as _
 
 from django_filters import rest_framework as filters
@@ -34,7 +38,12 @@ def status_filter(queryset, name, value):
 
 
 def m2m_filter(queryset, name, value):
-    object = get_resource_for_path(value)
+    parsed = urlparse(value)
+    path = parsed.path
+    try:
+        object = get_resource_for_path(path)
+    except ObjectDoesNotExist:
+        return queryset.none()
     return queryset.filter(**{name: object})
 
 
@@ -135,6 +144,7 @@ class BesluitTypeFilter(FilterSet):
         help_text=_(
             "ZAAKTYPE met ZAAKen die relevant kunnen zijn voor dit BESLUITTYPE"
         ),
+        validators=[URLValidator()],
     )
     informatieobjecttypen = filters.CharFilter(
         field_name="informatieobjecttypen",
@@ -143,6 +153,7 @@ class BesluitTypeFilter(FilterSet):
             "Het INFORMATIEOBJECTTYPE van informatieobjecten waarin besluiten van dit "
             "BESLUITTYPE worden vastgelegd."
         ),
+        validators=[URLValidator()],
     )
     status = filters.CharFilter(
         field_name="concept", method=status_filter, help_text=STATUS_HELP_TEXT

diff --git a/src/openzaak/components/catalogi/tests/test_besluittype.py b/src/openzaak/components/catalogi/tests/test_besluittype.py
@@ -724,7 +724,7 @@ def test_filter_zaaktypes(self):
         besluittype1 = BesluitTypeFactory.create(concept=False)
         besluittype2 = BesluitTypeFactory.create(concept=False)
         zaaktype1 = besluittype1.zaaktypes.get()
-        zaaktype1_url = reverse(zaaktype1)
+        zaaktype1_url = f"http://testserver.com{reverse(zaaktype1)}"
         besluittype_list_url = reverse("besluittype-list")
         besluittype1_url = reverse(besluittype1)
 
@@ -744,7 +744,7 @@ def test_filter_informatieobjecttypen(self):
         besluittype1.informatieobjecttypen.add(iot1)
         besluittype_list_url = reverse("besluittype-list")
         besluittype1_url = reverse(besluittype1)
-        iot1_url = reverse(iot1)
+        iot1_url = f"http://testserver.com{reverse(iot1)}"
 
         response = self.client.get(
             besluittype_list_url, {"informatieobjecttypen": iot1_url}

diff --git a/src/openzaak/components/catalogi/tests/test_filters.py b/src/openzaak/components/catalogi/tests/test_filters.py
@@ -0,0 +1,229 @@
+from rest_framework import status
+from rest_framework.test import APITestCase
+from vng_api_common.tests import get_validation_errors, reverse
+
+from openzaak.utils.tests import JWTAuthMixin
+
+from ..models import (
+    BesluitType,
+    Eigenschap,
+    InformatieObjectType,
+    ResultaatType,
+    RolType,
+    StatusType,
+    ZaakInformatieobjectType,
+    ZaakType,
+)
+from .factories import (
+    BesluitTypeFactory,
+    EigenschapFactory,
+    InformatieObjectTypeFactory,
+    ResultaatTypeFactory,
+    RolTypeFactory,
+    StatusTypeFactory,
+    ZaakInformatieobjectTypeFactory,
+    ZaakTypeFactory,
+)
+
+
+class BesluitTypeFilterTests(JWTAuthMixin, APITestCase):
+    heeft_alle_autorisaties = True
+
+    def test_filter_by_invalid_url(self):
+        for query_param in ["catalogus", "zaaktypes", "informatieobjecttypen"]:
+            with self.subTest(query_param=query_param):
+                response = self.client.get(reverse(BesluitType), {query_param: "bla"})
+
+                self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+                error = get_validation_errors(response, query_param)
+                self.assertEqual(error["code"], "invalid")
+
+    def test_filter_by_valid_url_object_does_not_exist(self):
+        besluittype = BesluitTypeFactory.create(concept=False)
+        besluittype.zaaktypes.clear()
+        besluittype.informatieobjecttypen.clear()
+        for query_param in ["catalogus", "zaaktypes", "informatieobjecttypen"]:
+            with self.subTest(query_param=query_param):
+                response = self.client.get(
+                    reverse(BesluitType), {query_param: "https://google.com"}
+                )
+
+                self.assertEqual(response.status_code, status.HTTP_200_OK)
+                self.assertEqual(
+                    response.data,
+                    {"count": 0, "next": None, "previous": None, "results": []},
+                )
+
+
+class EigenschapFilterTests(JWTAuthMixin, APITestCase):
+    heeft_alle_autorisaties = True
+
+    def test_filter_by_invalid_url(self):
+        response = self.client.get(reverse(Eigenschap), {"zaaktype": "bla"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "zaaktype")
+        self.assertEqual(error["code"], "invalid")
+
+    def test_filter_by_valid_url_object_does_not_exist(self):
+        EigenschapFactory.create(zaaktype__concept=False)
+        response = self.client.get(
+            reverse(Eigenschap), {"zaaktype": "https://google.com"}
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(
+            response.data, {"count": 0, "next": None, "previous": None, "results": []}
+        )
+
+
+class InformatieObjectTypeFilterTests(JWTAuthMixin, APITestCase):
+    heeft_alle_autorisaties = True
+
+    def test_filter_by_invalid_url(self):
+        response = self.client.get(reverse(InformatieObjectType), {"catalogus": "bla"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "catalogus")
+        self.assertEqual(error["code"], "invalid")
+
+    def test_filter_by_valid_url_object_does_not_exist(self):
+        informatieobjecttype = InformatieObjectTypeFactory.create(concept=False)
+        informatieobjecttype.zaaktypes.clear()
+
+        response = self.client.get(
+            reverse(InformatieObjectType), {"catalogus": "https://google.com"}
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(
+            response.data, {"count": 0, "next": None, "previous": None, "results": []}
+        )
+
+
+class ResultaatTypeFilterTests(JWTAuthMixin, APITestCase):
+    heeft_alle_autorisaties = True
+
+    def test_filter_by_invalid_url(self):
+        response = self.client.get(reverse(ResultaatType), {"zaaktype": "bla"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "zaaktype")
+        self.assertEqual(error["code"], "invalid")
+
+    def test_filter_by_valid_url_object_does_not_exist(self):
+        ResultaatTypeFactory.create(zaaktype__concept=False)
+        response = self.client.get(
+            reverse(ResultaatType), {"zaaktype": "https://google.com"}
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(
+            response.data, {"count": 0, "next": None, "previous": None, "results": []}
+        )
+
+
+class RolTypeFilterTests(JWTAuthMixin, APITestCase):
+    heeft_alle_autorisaties = True
+
+    def test_filter_by_invalid_url(self):
+        response = self.client.get(reverse(RolType), {"zaaktype": "bla"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "zaaktype")
+        self.assertEqual(error["code"], "invalid")
+
+    def test_filter_by_valid_url_object_does_not_exist(self):
+        RolTypeFactory.create(zaaktype__concept=False)
+        response = self.client.get(reverse(RolType), {"zaaktype": "https://google.com"})
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(
+            response.data, {"count": 0, "next": None, "previous": None, "results": []}
+        )
+
+
+class StatusTypeFilterTests(JWTAuthMixin, APITestCase):
+    heeft_alle_autorisaties = True
+
+    def test_filter_by_invalid_url(self):
+        response = self.client.get(reverse(StatusType), {"zaaktype": "bla"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "zaaktype")
+        self.assertEqual(error["code"], "invalid")
+
+    def test_filter_by_valid_url_object_does_not_exist(self):
+        StatusTypeFactory.create(zaaktype__concept=False)
+        response = self.client.get(
+            reverse(StatusType), {"zaaktype": "https://google.com"}
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(
+            response.data, {"count": 0, "next": None, "previous": None, "results": []}
+        )
+
+
+class ZaakInformatieobjectTypeFilterTests(JWTAuthMixin, APITestCase):
+    heeft_alle_autorisaties = True
+
+    def test_filter_by_invalid_url(self):
+        for query_param in ["zaaktype", "informatieobjecttype"]:
+            with self.subTest(query_param=query_param):
+                response = self.client.get(
+                    reverse(ZaakInformatieobjectType), {query_param: "bla"}
+                )
+
+                self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+                error = get_validation_errors(response, query_param)
+                self.assertEqual(error["code"], "invalid")
+
+    def test_filter_by_valid_url_object_does_not_exist(self):
+        ZaakInformatieobjectTypeFactory.create(
+            informatieobjecttype__concept=False, zaaktype__concept=False
+        )
+        for query_param in ["zaaktype", "informatieobjecttype"]:
+            with self.subTest(query_param=query_param):
+                response = self.client.get(
+                    reverse(ZaakInformatieobjectType),
+                    {query_param: "https://google.com"},
+                )
+
+                self.assertEqual(response.status_code, status.HTTP_200_OK)
+                self.assertEqual(
+                    response.data,
+                    {"count": 0, "next": None, "previous": None, "results": []},
+                )
+
+
+class ZaakTypeFilterTests(JWTAuthMixin, APITestCase):
+    heeft_alle_autorisaties = True
+
+    def test_filter_by_invalid_url(self):
+        response = self.client.get(reverse(ZaakType), {"catalogus": "bla"})
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        error = get_validation_errors(response, "catalogus")
+        self.assertEqual(error["code"], "invalid")
+
+    def test_filter_by_valid_url_object_does_not_exist(self):
+        zaaktype = ZaakTypeFactory.create(concept=False)
+        zaaktype.informatieobjecttypen.clear()
+
+        response = self.client.get(
+            reverse(ZaakType), {"catalogus": "https://google.com"}
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(
+            response.data, {"count": 0, "next": None, "previous": None, "results": []}
+        )