fix: 【标签】标签绑定资源api需校验正确的uuid

2024-03-28 17:09:53 +08:00 · 2024-03-28 17:09:53 +08:00 · bca0863952
parent bf1a29fac2
commit bca0863952
1 changed files with 23 additions and 0 deletions
--- a/apps/labels/api.py
+++ b/apps/labels/api.py
@ -1,4 +1,7 @@
+from django.core.exceptions import ValidationError
 from django.shortcuts import get_object_or_404
+from django.utils.translation import gettext_lazy as _
+from rest_framework import status
 from rest_framework.decorators import action
 from rest_framework.response import Response

@ -79,6 +82,19 @@ class LabelContentTypeResourceViewSet(JMSModelViewSet):
            queryset = content_type.filter_queryset(queryset, keyword)
        return queryset

+    @staticmethod
+    def validate_res_ids(content_type: ContentType, res_ids: list):
+        model_cls = content_type.model_class()
+        pk_field = model_cls._meta.pk
+        pk_python_type = pk_field.to_python
+        invalid_ids = []
+        for _id in res_ids:
+            try:
+                pk_python_type(_id)
+            except ValidationError:
+                invalid_ids.append(_id)
+        return invalid_ids
+
    def put(self, request, *args, **kwargs):
        label_pk = self.kwargs.get('label')
        res_type = self.kwargs.get('res_type')
@ -86,6 +102,13 @@ class LabelContentTypeResourceViewSet(JMSModelViewSet):
        label = get_object_or_404(Label, pk=label_pk)
        res_ids = request.data.get('res_ids', [])

+        invalid_ids = self.validate_res_ids(content_type, res_ids)
+        if invalid_ids:
+            error = f'{_("Invalid data")}: {", ".join(invalid_ids)}'
+            return Response({
+                "code": 'invalid_data', "detail": error,
+            }, status=status.HTTP_400_BAD_REQUEST)
+
        LabeledResource.objects \
            .filter(res_type=content_type, label=label) \
            .exclude(res_id__in=res_ids).delete()