D3173.diff
View Options

	diff --git a/swh/deposit/api/private/deposit_list.py b/swh/deposit/api/private/deposit_list.py
	--- a/swh/deposit/api/private/deposit_list.py
	+++ b/swh/deposit/api/private/deposit_list.py
	@@ -1,4 +1,4 @@
	-# Copyright (C) 2018-2019 The Software Heritage developers
	+# Copyright (C) 2018-2020 The Software Heritage developers
	# See the AUTHORS file at the top-level directory of this distribution
	# License: GNU General Public License version 3, or any later version
	# See top-level LICENSE file for more information
	@@ -45,6 +45,22 @@

	"""

	- queryset = Deposit.objects.all().order_by("id")
	serializer_class = DepositSerializer
	pagination_class = DefaultPagination
	+
	+ def get_queryset(self):
	+ params = self.request.query_params
	+ exclude_like = params.get("exclude")
	+ if exclude_like:
	+ # sql injection: A priori, nothing to worry about, django does it for
	+ # queryset
	+ # https://docs.djangoproject.com/en/3.0/topics/security/#sql-injection-protection # noqa
	+ # https://docs.djangoproject.com/en/2.2/topics/security/#sql-injection-protection # noqa
	+ deposits = (
	+ Deposit.objects.all()
	+ .exclude(external_id__startswith=exclude_like)
	+ .order_by("id")
	+ )
	+ else:
	+ deposits = Deposit.objects.all().order_by("id")
	+ return deposits
	diff --git a/swh/deposit/tests/api/test_deposit_list.py b/swh/deposit/tests/api/test_deposit_list.py
	--- a/swh/deposit/tests/api/test_deposit_list.py
	+++ b/swh/deposit/tests/api/test_deposit_list.py
	@@ -1,4 +1,4 @@
	-# Copyright (C) 2017-2019 The Software Heritage developers
	+# Copyright (C) 2017-2020 The Software Heritage developers
	# See the AUTHORS file at the top-level directory of this distribution
	# License: GNU General Public License version 3, or any later version
	# See top-level LICENSE file for more information
	@@ -13,25 +13,24 @@
	DEPOSIT_STATUS_DEPOSITED,
	)

	+STATUS_DETAIL = {
	+ "url": {
	+ "summary": "At least one compatible url field. Failed",
	+ "fields": ["testurl"],
	+ },
	+ "metadata": [{"summary": "Mandatory fields missing", "fields": ["9", 10, 1.212],},],
	+ "archive": [
	+ {"summary": "Invalid archive", "fields": ["3"],},
	+ {"summary": "Unsupported archive", "fields": [2],},
	+ ],
	+}
	+

	def test_deposit_list(partial_deposit, deposited_deposit, authenticated_client):
	- """Deposit list api should return the deposits
	+ """Deposit list api should return all deposits in a paginated way

	"""
	- status_detail = {
	- "url": {
	- "summary": "At least one compatible url field. Failed",
	- "fields": ["testurl"],
	- },
	- "metadata": [
	- {"summary": "Mandatory fields missing", "fields": ["9", 10, 1.212],},
	- ],
	- "archive": [
	- {"summary": "Invalid archive", "fields": ["3"],},
	- {"summary": "Unsupported archive", "fields": [2],},
	- ],
	- }
	- partial_deposit.status_detail = status_detail
	+ partial_deposit.status_detail = STATUS_DETAIL
	partial_deposit.save()

	deposit_id = partial_deposit.id
	@@ -47,14 +46,14 @@
	assert response.status_code == status.HTTP_200_OK
	data = response.json()
	assert data["count"] == 2 # 2 deposits
	- expected_next = "%s?page=2&page_size=1" % main_url
	+ expected_next = f"{main_url}?page=2&page_size=1"
	assert data["next"].endswith(expected_next) is True
	assert data["previous"] is None
	assert len(data["results"]) == 1 # page of size 1
	deposit = data["results"][0]
	assert deposit["id"] == deposit_id
	assert deposit["status"] == DEPOSIT_STATUS_PARTIAL
	- expected_status_detail = convert_status_detail(status_detail)
	+ expected_status_detail = convert_status_detail(STATUS_DETAIL)
	assert deposit["status_detail"] == expected_status_detail

	# then 2nd page
	@@ -66,10 +65,36 @@
	assert data2["count"] == 2 # still 2 deposits
	assert data2["next"] is None

	- expected_previous = "%s?page_size=1" % main_url
	+ expected_previous = f"{main_url}?page_size=1"
	assert data2["previous"].endswith(expected_previous) is True
	assert len(data2["results"]) == 1 # page of size 1

	deposit2 = data2["results"][0]
	assert deposit2["id"] == deposit_id2
	assert deposit2["status"] == DEPOSIT_STATUS_DEPOSITED
	+
	+
	+def test_deposit_list_exclude(partial_deposit, deposited_deposit, authenticated_client):
	+ """Exclusion pattern on external_id should be respected
	+
	+ """
	+ partial_deposit.status_detail = STATUS_DETAIL
	+ partial_deposit.save()
	+
	+ main_url = reverse(PRIVATE_LIST_DEPOSITS)
	+
	+ # Testing exclusion pattern
	+ exclude_pattern = "external-id"
	+ assert partial_deposit.external_id.startswith(exclude_pattern)
	+ assert deposited_deposit.external_id.startswith(exclude_pattern)
	+ url = f"{main_url}?page_size=1&exclude=external-id"
	+ response = authenticated_client.get(url)
	+ assert response.status_code == status.HTTP_200_OK
	+ data = response.json()
	+ assert data["count"] == 0
	+
	+ url = "%s?page_size=1&exclude=dummy" % main_url # that won't exclude anything
	+ response = authenticated_client.get(url)
	+ assert response.status_code == status.HTTP_200_OK
	+ data = response.json()
	+ assert data["count"] == 2

File Metadata

Mime Type: text/plain
Expires: Nov 5 2024, 6:51 PM (11 w, 17 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 3219435

D3173.diff
No OneTemporary
Actions

D3173.diff
View Options

File Metadata

Event Timeline

D3173.diffNo OneTemporaryActions

D3173.diffView Options

File Metadata

Event Timeline

D3173.diff
No OneTemporary
Actions

D3173.diff
View Options