Add validation for xml on exclude requests

At the moment we only check if the xml is present or is well formed. The schema validation is planned for the future. Fix #8756.
openSUSE · Nov 22, 2019 · 0276e5b · 0276e5b
1 parent 9099b84
commit 0276e5b
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 23 deletions.
diff --git a/src/api/app/controllers/staging/excluded_requests_controller.rb b/src/api/app/controllers/staging/excluded_requests_controller.rb
@@ -1,7 +1,8 @@
 class Staging::ExcludedRequestsController < Staging::StagingController
-  before_action :require_login, except: [:index]
+  before_action :require_login, except: :index
   before_action :set_project
-  before_action :set_staging_workflow, :set_requests_xml_hash
+  before_action :set_staging_workflow
+  before_action :set_xml_hash, except: :index
 
   def index
     @request_exclusions = @staging_workflow.request_exclusions
@@ -10,7 +11,7 @@ def index
   def create
     authorize @staging_workflow, policy_class: Staging::RequestExclusionPolicy
 
-    result = ::Staging::RequestExcluder.new(requests_xml_hash: @requests_xml_hash, staging_workflow: @staging_workflow).create
+    result = ::Staging::RequestExcluder.new(requests_xml_hash: @parsed_xml, staging_workflow: @staging_workflow).create
 
     if result.valid?
       render_ok
@@ -26,7 +27,7 @@ def create
   def destroy
     authorize @staging_workflow, policy_class: Staging::RequestExclusionPolicy
 
-    result = ::Staging::RequestExcluder.new(requests_xml_hash: @requests_xml_hash, staging_workflow: @staging_workflow).destroy
+    result = ::Staging::RequestExcluder.new(requests_xml_hash: @parsed_xml, staging_workflow: @staging_workflow).destroy
 
     if result.valid?
       render_ok
@@ -38,10 +39,4 @@ def destroy
       )
     end
   end
-
-  private
-
-  def set_requests_xml_hash
-    @requests_xml_hash = (Xmlhash.parse(request.body.read) || {}).with_indifferent_access
-  end
 end
diff --git a/src/api/app/controllers/staging/staged_requests_controller.rb b/src/api/app/controllers/staging/staged_requests_controller.rb
@@ -65,19 +65,6 @@ def set_request_numbers
     )
   end
 
-  def set_xml_hash
-    request_body = request.body.read
-    @parsed_xml = Xmlhash.parse(request_body).with_indifferent_access if request_body.present?
-    return if @parsed_xml
-
-    error_options = if request_body.present?
-                      { status: 400, errorcode: 'invalid_xml_format', message: 'XML format is not valid' }
-                    else
-                      { status: 400, errorcode: 'invalid_request', message: 'Empty body' }
-                    end
-    render_error(error_options)
-  end
-
   def set_staging_project
     @staging_project = @staging_workflow.staging_projects.find_by(name: params[:staging_project_name])
     return if @staging_project

diff --git a/src/api/app/controllers/staging/staging_controller.rb b/src/api/app/controllers/staging/staging_controller.rb
@@ -22,5 +22,18 @@ def set_staging_workflow
         message: "Project #{@project} doesn't have an asociated Staging Workflow"
       )
     end
+
+    def set_xml_hash
+      request_body = request.body.read
+      @parsed_xml = (Xmlhash.parse(request_body) || {}).with_indifferent_access if request_body.present?
+      return if @parsed_xml.present?
+
+      error_options = if request_body.present?
+                        { status: 400, errorcode: 'invalid_xml_format', message: 'XML format is not valid' }
+                      else
+                        { status: 400, errorcode: 'invalid_request', message: 'Empty body' }
+                      end
+      render_error(error_options)
+    end
   end
 end