git.ipfire.org Git - thirdparty/patchwork.git/commit

author	Stephen Finucane <stephen@that.guru>
	Fri, 20 Aug 2021 21:57:51 +0000 (22:57 +0100)
committer	Daniel Axtens <dja@axtens.net>
	Mon, 23 Aug 2021 02:24:07 +0000 (12:24 +1000)
commit	fecf7c86c2c5b570f6bcec66cbc034b7d72f5320
tree	a0c1557a7ee44e5f968fe5e76ba77c909cc85f96	tree \| snapshot
parent	77793ad6ebc8469a7af9b3be05b4f7e21c389b57	commit \| diff

urls: Add missing path converters for REST APIs

Almost all of the API endpoints expect numerical resource IDs, with
'/projects' being the sole exception. However, we were not actually
enforcing this anywhere. Instead, we were relying on the custom
'get_object_or_404' implementation used by 'GenericAPIView.retrieve' via
'GenericAPIView.get_object'. Unfortunately we weren't using this
everywhere, most notably in our handler for 'GET /patches/{id}/checks'.
The end result was a HTTP 500 due to a ValueError.

Resolve this by adding the path converters for all REST API paths in
'patchwork.urls', along with tests to prevent regressions going forward.
We also switch to the DRF variant of 'get_object_or_404' in some places
to provide additional protection.

Signed-off-by: Stephen Finucane <stephen@that.guru>
Cc: Daniel Axtens <dja@axtens.net>
[dja: s/TypeError/ValueError/; dropped an unrelated change]
Signed-off-by: Daniel Axtens <dja@axtens.net>

patchwork/api/check.py		diff \| blob \| blame \| history
patchwork/tests/api/test_bundle.py		diff \| blob \| blame \| history
patchwork/tests/api/test_comment.py		diff \| blob \| blame \| history
patchwork/tests/api/test_cover.py		diff \| blob \| blame \| history
patchwork/tests/api/test_patch.py		diff \| blob \| blame \| history
patchwork/tests/api/test_person.py		diff \| blob \| blame \| history
patchwork/tests/api/test_project.py		diff \| blob \| blame \| history
patchwork/tests/api/test_series.py		diff \| blob \| blame \| history
patchwork/tests/api/test_user.py		diff \| blob \| blame \| history
patchwork/urls.py		diff \| blob \| blame \| history