Skip to content
This repository has been archived by the owner on Jan 22, 2025. It is now read-only.

Ignore bad filters on fetches to endpoints #360

Merged
merged 6 commits into from
May 18, 2024
Merged

Ignore bad filters on fetches to endpoints #360

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a65d4c2
test
JibrilExe May 14, 2024
e0c0fa8
submissions now ignore bad filters
JibrilExe May 14, 2024
ce6eedc
small oopsies
JibrilExe May 14, 2024
92b222f
getatribute(Model, key, None), i forgot the None
JibrilExe May 14, 2024
99dcc0f
table__columns
JibrilExe May 16, 2024
7fc08c5
Merge branch 'development' into backend/fix/samecodesforfilters
JibrilExe May 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions backend/project/endpoints/courses/courses.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ def get(self, uid=None):
# Apply filters dynamically if they are provided
for param, value in filter_params.items():
if value:
attribute = getattr(Course, param, None)
if attribute:
if param in Course.__table__.columns:
attribute = getattr(Course, param)
base_query = base_query.filter(attribute == value)

# Define the role-specific queries
Expand Down
3 changes: 2 additions & 1 deletion backend/project/endpoints/projects/projects.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,8 @@ def get(self, uid=None):
filters = dict(request.args)
conditions = []
for key, value in filters.items():
conditions.append(getattr(Project, key) == value)
if key in Project.__table__.columns:
conditions.append(getattr(Project, key) == value)

# Get the projects
projects = Project.query
Expand Down
8 changes: 2 additions & 6 deletions backend/project/endpoints/submissions/submissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,6 @@ def get(self, uid=None) -> dict[str, any]:
}
filters = dict(request.args)
try:
invalid_parameters = set(filters.keys()) - {"uid", "project_id"}
if invalid_parameters:
data["message"] = f"Invalid query parameter(s) {invalid_parameters}"
return data, 400

# Check the uid query parameter
user_id = filters.get("uid")
if user_id and not isinstance(user_id, str):
Expand All @@ -73,7 +68,8 @@ def get(self, uid=None) -> dict[str, any]:
# Filter the courses based on the query parameters
conditions = []
for key, value in filters.items():
conditions.append(getattr(Submission, key) == value)
if key in Submission.__table__.columns:
conditions.append(getattr(Submission, key) == value)

# Get the submissions
submissions = Submission.query
Expand Down
2 changes: 1 addition & 1 deletion backend/tests/endpoints/submissions_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ def test_get_submission_wrong_parameter(self, client: FlaskClient):
"/submissions?parameter=0",
headers = {"X-CSRF-TOKEN":get_csrf_from_login(client, "teacher")}
)
assert response.status_code == 400
assert response.status_code == 200



Expand Down