-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed Column not found: 1054 Unknown column '0' in 'field list' [sc-20004] #12599
Fixed Column not found: 1054 Unknown column '0' in 'field list' [sc-20004] #12599
Conversation
|
Should we maybe instead initiate a validator to make sure that the ids in the groups array exist in the groups table? It's a bit more code, but would probably be better overall. |
I tried with the validator, but to be honest it doesn't change much... I even needed a try/catch to enclose the validator because if I made a PATCH request to the user endpoint with a injected value in the groups column like this:
The validator still crash. I think this is the best way... since if the array is well formed, and the group passed doesn't exist, the API just ignores the group. |
What's the error you're seeing when the validator crashes? |
Can we try looping through the array that gets passed and validate on each of the group_ids there, to make sure they exist in the It's weird that it's showing as:
instead of
but we should maybe be able to decode that array and make sure the next level down is a set of ids that exist in the departments table. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to see if we can come up with slightly tighter validation here. Whatever the format that the groups payload should be in, we:
- Shouldn't accept anything NOT in that format
- Should validate that the groups actually exist, otherwise we could end up with bad data
Converting this to draft so I don't accidentally merge it ;) |
This looks great - thanks for the extra effort on this to make it even better <3 |
Description
The API call to Users with method PATCH accepts arrays for the
groups
parameter. But if the array is weirdly formed the users making the call got an error 500. I found hard to validate that the array is properly formed, since this is in the API and a client could pass whatever value they want... so I use a Try/Catch block to the method causing this error, that way the system doesn't crash and returns the exception as an API error.Fixes [sc-20004]
Type of change
How Has This Been Tested?
Test Configuration: