Fixed Column not found: 1054 Unknown column '0' in 'field list' [sc-20004] #12599
Conversation
|
|
Should we maybe instead initiate a validator to make sure that the ids in the groups array exist in the groups table? It's a bit more code, but would probably be better overall. |
|
I tried with the validator, but to be honest it doesn't change much... I even needed a try/catch to enclose the validator because if I made a PATCH request to the user endpoint with a injected value in the groups column like this: The validator still crash. I think this is the best way... since if the array is well formed, and the group passed doesn't exist, the API just ignores the group. |
|
What's the error you're seeing when the validator crashes? |
|
|
|
Can we try looping through the array that gets passed and validate on each of the group_ids there, to make sure they exist in the It's weird that it's showing as: instead of but we should maybe be able to decode that array and make sure the next level down is a set of ids that exist in the departments table. |
There was a problem hiding this comment.
I'd like to see if we can come up with slightly tighter validation here. Whatever the format that the groups payload should be in, we:
- Shouldn't accept anything NOT in that format
- Should validate that the groups actually exist, otherwise we could end up with bad data
|
Converting this to draft so I don't accidentally merge it ;) |
|
This looks great - thanks for the extra effort on this to make it even better <3 |
Description
The API call to Users with method PATCH accepts arrays for the
groupsparameter. But if the array is weirdly formed the users making the call got an error 500. I found hard to validate that the array is properly formed, since this is in the API and a client could pass whatever value they want... so I use a Try/Catch block to the method causing this error, that way the system doesn't crash and returns the exception as an API error.Fixes [sc-20004]
Type of change
How Has This Been Tested?
Test Configuration: