rushilwiz/tjdests
1
0
Fork 0
mirror of https://github.com/etnguyen03/tjdests.git synced 2025-04-20 17:50:16 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(destinations): don't 500 on non-integer college id

Browse Source
This commit is contained in:
Ethan Nguyen 2021-04-23 22:37:30 -04:00
parent 8709c6fa5f
commit b9c8517b82
No known key found for this signature in database
GPG Key ID: B4CA5339AF911920
2 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tjdests/apps/destinations/tests.py
View File

@ -134,6 +134,21 @@ class DestinationsTest(TJDestsTestCase):
self.assertIn(user, response.context["object_list"]) self.assertIn(user, response.context["object_list"])
self.assertNotIn(user2, response.context["object_list"]) self.assertNotIn(user2, response.context["object_list"])
# Non alphanumeric should 404
response = self.client.get(
reverse("destinations:students"), data={"college": str(college.id) + "f"}
)
self.assertEqual(404, response.status_code)
# Non existent should 404
# sanity check
assert College.objects.filter(id=college.id + 5).count() == 0
response = self.client.get(
reverse("destinations:students"), data={"college": college.id + 5}
)
self.assertEqual(404, response.status_code)
response = self.client.get( response = self.client.get(
reverse("destinations:students"), data={"college": college2.id} reverse("destinations:students"), data={"college": college2.id}
) )

10
tjdests/apps/destinations/views.py
View File

@ -1,6 +1,9 @@
from typing import Optional
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied
from django.db.models import Count, Q, QuerySet from django.db.models import Count, Q, QuerySet
from django.http import Http404
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from django.views.generic import ListView from django.views.generic import ListView
@ -26,8 +29,11 @@ class StudentDestinationListView(
queryset = queryset.filter(is_senior=True).order_by("last_name", "first_name") queryset = queryset.filter(is_senior=True).order_by("last_name", "first_name")
college_id = self.request.GET.get("college", None) college_id: Optional[str] = self.request.GET.get("college", None)
if college_id is not None: if college_id is not None:
if not college_id.isdigit():
raise Http404()
get_object_or_404(College, id=college_id) get_object_or_404(College, id=college_id)
queryset = queryset.filter(decision__college__id=college_id) queryset = queryset.filter(decision__college__id=college_id)
@ -46,7 +52,7 @@ class StudentDestinationListView(
): # pylint: disable=unused-argument ): # pylint: disable=unused-argument
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)
college_id = self.request.GET.get("college", None) college_id: Optional[str] = self.request.GET.get("college", None)
if college_id is not None: if college_id is not None:
context["college"] = get_object_or_404(College, id=college_id) context["college"] = get_object_or_404(College, id=college_id)