Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-xhq8-8c5v-w8ff
* Fix improper ID type validation

* Fix failing test cases

- `ProductVariantBulkCreate` mutation was not able to determine whether Product type ID was passed
- `ShippingPriceTranslate` mutation uses a QuerySet with ID type ShippingMethodType
  • Loading branch information
NyanKiyoshi committed Oct 3, 2022
1 parent 5e23b57 commit 96e04c0
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion saleor/graphql/account/mutations/account.py
Expand Up @@ -388,7 +388,7 @@ class Meta:

@classmethod
def perform_mutation(cls, _root, info, **data):
address = cls.get_node_or_error(info, data.get("id"), Address)
address = cls.get_node_or_error(info, data.get("id"), only_type=Address)
user = info.context.user

if not user.addresses.filter(pk=address.pk).exists():
Expand Down
2 changes: 1 addition & 1 deletion saleor/graphql/account/mutations/base.py
Expand Up @@ -369,7 +369,7 @@ def perform_mutation(cls, _root, info, **data):
raise PermissionDenied()

node_id = data.get("id")
instance = cls.get_node_or_error(info, node_id, Address)
instance = cls.get_node_or_error(info, node_id, only_type=Address)
if instance:
cls.clean_instance(info, instance)

Expand Down
2 changes: 1 addition & 1 deletion saleor/graphql/menu/mutations.py
Expand Up @@ -514,7 +514,7 @@ class Meta:
def perform_mutation(cls, _root, info, navigation_type, menu=None):
site = load_site(info.context)
if menu is not None:
menu = cls.get_node_or_error(info, menu, field="menu")
menu = cls.get_node_or_error(info, menu, field="menu", only_type=Menu)

if navigation_type == NavigationType.MAIN:
site.settings.top_menu = menu
Expand Down
2 changes: 1 addition & 1 deletion saleor/graphql/product/bulk_mutations/products.py
Expand Up @@ -547,7 +547,7 @@ def create_variant_stocks(cls, variant, cleaned_input):
@classmethod
@traced_atomic_transaction()
def perform_mutation(cls, _root, info, **data):
product = cls.get_node_or_error(info, data["product_id"], models.Product)
product = cls.get_node_or_error(info, data["product_id"], only_type="Product")
errors = defaultdict(list)

cleaned_inputs = cls.clean_variants(info, data["variants"], product, errors)
Expand Down

0 comments on commit 96e04c0

Please sign in to comment.