add input validation to positions api
This commit is contained in:
parent
e7772d2564
commit
08c4bf2e36
|
@ -4,7 +4,7 @@ from zope import component
|
|||
|
||||
from ceod.transactions.members import UpdateMemberPositionsTransaction
|
||||
from .utils import authz_restrict_to_syscom, requires_authentication_no_realm, create_streaming_response
|
||||
from ceo_common.interfaces import ILDAPService
|
||||
from ceo_common.interfaces import ILDAPService, IConfig
|
||||
|
||||
bp = Blueprint('positions', __name__)
|
||||
|
||||
|
@ -13,10 +13,8 @@ bp = Blueprint('positions', __name__)
|
|||
def get_positions(auth_user: str):
|
||||
ldap_srv = component.getUtility(ILDAPService)
|
||||
|
||||
users = ldap_srv.get_users_with_positions()
|
||||
|
||||
positions = {}
|
||||
for user in users:
|
||||
for user in ldap_srv.get_users_with_positions():
|
||||
for position in user.positions:
|
||||
positions[position] = user.uid
|
||||
|
||||
|
@ -25,8 +23,23 @@ def get_positions(auth_user: str):
|
|||
@bp.route('/', methods=['POST'])
|
||||
@authz_restrict_to_syscom
|
||||
def update_positions():
|
||||
cfg = component.getUtility(IConfig)
|
||||
body = request.get_json(force=True)
|
||||
# TODO verify json
|
||||
|
||||
required = cfg.get('auxiliary positions_required')
|
||||
available = cfg.get('auxiliary positions_available')
|
||||
|
||||
for position in body.keys():
|
||||
if position not in available:
|
||||
return {
|
||||
'error': f'unknown position: {position}'
|
||||
}, 404
|
||||
|
||||
for position in required:
|
||||
if position not in body:
|
||||
return {
|
||||
'error': f'missing required position: {position}'
|
||||
}, 400
|
||||
|
||||
txn = UpdateMemberPositionsTransaction(body)
|
||||
return create_streaming_response(txn)
|
||||
|
|
|
@ -52,3 +52,7 @@ office = cdrom,audio,video,www
|
|||
[auxiliary mailing lists]
|
||||
syscom = syscom,syscom-alerts
|
||||
exec = exec
|
||||
|
||||
[auxiliary positions]
|
||||
required = president,vice-president,sysadmin
|
||||
available = president,vice-president,treasurer,secretary,sysadmin,cro,librarian,imapd,webmaster,offsck
|
||||
|
|
Loading…
Reference in New Issue