It is possible to create an empty AT content bypassing the validation #1386
Comments
gbastien
added a commit
that referenced
this issue
Apr 27, 2022
gbastien
added a commit
to IMIO/plonemeeting.restapi
that referenced
this issue
Apr 27, 2022
…ializeFromJson.__call__` from `plone.restapi` until issue plone/plone.restapi#1386 is fixed. See #PM-3869
|
Thank you for review and merge, I will wait for a release 7.x.x (but it is not urgent) before closing this issue |
|
https://pypi.org/project/plone.restapi/7.8.0/ this version solves the issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @stevepiercy @jensens
we still use version 7.x to create AT content on some applications and we encounter a bug: it is possible to create an empty content without required fields by just giving the "portal_type".
This is because in https://github.com/plone/plone.restapi/blob/7.x.x/src/plone/restapi/deserializer/atcontent.py#L55
In DeserializeFromJson, validation is only done if a field was modified, this is not the case and it fails.
Changing
if modified:byif create or modified:fix the problem.I will propose a PR for this.
Thank you,
Gauthier
The text was updated successfully, but these errors were encountered: