server/posts: fix handling bad post ID

2016-06-06 22:25:50 +02:00 · 2016-06-06 22:25:50 +02:00 · ded89fee5f
commit ded89fee5f
parent 053d1889e0
3 changed files with 15 additions and 3 deletions
--- a/server/szurubooru/func/posts.py
+++ b/server/szurubooru/func/posts.py
@ -12,6 +12,7 @@ EMPTY_PIXEL = \
 class PostNotFoundError(errors.NotFoundError): pass
 class PostAlreadyFeaturedError(errors.ValidationError): pass
 class PostAlreadyUploadedError(errors.ValidationError): pass
+class InvalidPostIdError(errors.ValidationError): pass
 class InvalidPostSafetyError(errors.ValidationError): pass
 class InvalidPostSourceError(errors.ValidationError): pass
 class InvalidPostContentError(errors.ValidationError): pass
@ -121,6 +122,10 @@ def get_post_count():
    return db.session.query(sqlalchemy.func.count(db.Post.post_id)).one()[0]

 def try_get_post_by_id(post_id):
+    try:
+        post_id = int(post_id)
+    except ValueError:
+        raise InvalidPostIdError('Invalid post ID: %r.' % post_id)
    return db.session \
        .query(db.Post) \
        .filter(db.Post.post_id == post_id) \
--- a/server/szurubooru/tests/api/test_post_deleting.py
+++ b/server/szurubooru/tests/api/test_post_deleting.py
@ -35,7 +35,7 @@ def test_trying_to_delete_non_existing(test_ctx):
    with pytest.raises(posts.PostNotFoundError):
        test_ctx.api.delete(
            test_ctx.context_factory(
-                user=test_ctx.user_factory(rank=db.User.RANK_REGULAR)), 'bad')
+                user=test_ctx.user_factory(rank=db.User.RANK_REGULAR)), '999')

 def test_trying_to_delete_without_privileges(test_ctx):
    db.session.add(test_ctx.post_factory(id=1))
--- a/server/szurubooru/tests/api/test_post_retrieving.py
+++ b/server/szurubooru/tests/api/test_post_retrieving.py
@ -83,16 +83,23 @@ def test_retrieving_single(test_ctx):
    assert 'snapshots' in result
    assert 'comments' in result

+def test_trying_to_retrieve_invalid_id(test_ctx):
+    with pytest.raises(posts.InvalidPostIdError):
+        test_ctx.detail_api.get(
+            test_ctx.context_factory(
+                user=test_ctx.user_factory(rank=db.User.RANK_REGULAR)),
+            '-')
+
 def test_trying_to_retrieve_single_non_existing(test_ctx):
    with pytest.raises(posts.PostNotFoundError):
        test_ctx.detail_api.get(
            test_ctx.context_factory(
                user=test_ctx.user_factory(rank=db.User.RANK_REGULAR)),
-            '-')
+            '999')

 def test_trying_to_retrieve_single_without_privileges(test_ctx):
    with pytest.raises(errors.AuthError):
        test_ctx.detail_api.get(
            test_ctx.context_factory(
                user=test_ctx.user_factory(rank=db.User.RANK_ANONYMOUS)),
-            '-')
+            '999')