Skip to content
This repository has been archived by the owner on Jan 28, 2021. It is now read-only.

Commit

Permalink
a method for rejecting characters in a dataset name
Browse files Browse the repository at this point in the history
  • Loading branch information
@vegitron
vegitron committed May 29, 2015
1 parent 4eca5de commit d438216
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 0 deletions.
34 changes: 34 additions & 0 deletions sqlshare_rest/test/api/file_upload.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,3 +239,37 @@ def test_name_chars(self):
self.assertEquals(response11.status_code, 201)
current_list = get_initial_filter_list()
self.assertEquals(len(current_list), 0)

def test_rejected_characters(self):
owner = "upload_user_ds_crazy_name2"
self.remove_users.append(owner)
auth_headers = self.get_auth_header_for_username(owner)

FileUpload.objects.all().delete()
data = "a,b,c\n1,2,3"

init_url = reverse("sqlshare_view_file_upload_init")
response1 = self.client.post(init_url, data=data, content_type="text/plain", **auth_headers)
self.assertEquals(response1.status_code, 201)
body = response1.content.decode("utf-8")

upload_id = int(body)

parser_url = reverse("sqlshare_view_file_parser", kwargs={ "id":upload_id })
response2 = self.client.get(parser_url, **auth_headers)
self.assertEquals(response2.status_code, 200)

parser_data = json.loads(response2.content.decode("utf-8"))
self.assertEquals(parser_data["parser"]["delimiter"], ",")

# Finalize the upload - turn it into a dataset
finalize_url = reverse("sqlshare_view_upload_finalize", kwargs={ "id": upload_id })

finalize_data = json.dumps({ "dataset_name": "bad-char1%",
"description": "Just a test description"
})

response9 = self.client.post(finalize_url, data=finalize_data, content_type="application/json", **auth_headers)
self.assertEquals(response9.status_code, 400)
self.assertEquals(response9.content.decode("utf-8"), "% not allowed in dataset name")

14 changes: 14 additions & 0 deletions sqlshare_rest/views/file_upload.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
from sqlshare_rest.util.db import get_backend
from sqlshare_rest.views import get_oauth_user, get403, get404
import json
import re


@csrf_exempt
Expand Down Expand Up @@ -68,6 +69,10 @@ def finalize(request, id):
if request.META["REQUEST_METHOD"] == "POST":
values = json.loads(request.body.decode("utf-8"))
dataset_name = values["dataset_name"]

bad_name_response = dataset_name_invalid_check(dataset_name)
if bad_name_response:
return bad_name_response
description = values.get("description", "")
is_public = values.get("is_public", False)
upload.dataset_name = dataset_name
Expand All @@ -86,3 +91,12 @@ def finalize(request, id):
else:
response.status_code = 202
return response


def dataset_name_invalid_check(name):
if re.match(".*%.*", name):
response = HttpResponse("% not allowed in dataset name")
response.status_code = 400
return response

return

0 comments on commit d438216

Please sign in to comment.