Skip to content

Commit 96e04c0

Browse files
authored
Merge pull request from GHSA-xhq8-8c5v-w8ff
* Fix improper ID type validation * Fix failing test cases - `ProductVariantBulkCreate` mutation was not able to determine whether Product type ID was passed - `ShippingPriceTranslate` mutation uses a QuerySet with ID type ShippingMethodType
1 parent 5e23b57 commit 96e04c0

File tree

4 files changed

+4
-4
lines changed

4 files changed

+4
-4
lines changed

Diff for: saleor/graphql/account/mutations/account.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -388,7 +388,7 @@ class Meta:
388388

389389
@classmethod
390390
def perform_mutation(cls, _root, info, **data):
391-
address = cls.get_node_or_error(info, data.get("id"), Address)
391+
address = cls.get_node_or_error(info, data.get("id"), only_type=Address)
392392
user = info.context.user
393393

394394
if not user.addresses.filter(pk=address.pk).exists():

Diff for: saleor/graphql/account/mutations/base.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -369,7 +369,7 @@ def perform_mutation(cls, _root, info, **data):
369369
raise PermissionDenied()
370370

371371
node_id = data.get("id")
372-
instance = cls.get_node_or_error(info, node_id, Address)
372+
instance = cls.get_node_or_error(info, node_id, only_type=Address)
373373
if instance:
374374
cls.clean_instance(info, instance)
375375

Diff for: saleor/graphql/menu/mutations.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -514,7 +514,7 @@ class Meta:
514514
def perform_mutation(cls, _root, info, navigation_type, menu=None):
515515
site = load_site(info.context)
516516
if menu is not None:
517-
menu = cls.get_node_or_error(info, menu, field="menu")
517+
menu = cls.get_node_or_error(info, menu, field="menu", only_type=Menu)
518518

519519
if navigation_type == NavigationType.MAIN:
520520
site.settings.top_menu = menu

Diff for: saleor/graphql/product/bulk_mutations/products.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -547,7 +547,7 @@ def create_variant_stocks(cls, variant, cleaned_input):
547547
@classmethod
548548
@traced_atomic_transaction()
549549
def perform_mutation(cls, _root, info, **data):
550-
product = cls.get_node_or_error(info, data["product_id"], models.Product)
550+
product = cls.get_node_or_error(info, data["product_id"], only_type="Product")
551551
errors = defaultdict(list)
552552

553553
cleaned_inputs = cls.clean_variants(info, data["variants"], product, errors)

0 commit comments

Comments
 (0)