Merge pull request #227 from taigaio/issue/2098-search_error

HTTP 404 for calls to search api with a wront project_id
2015-02-02 16:33:47 +01:00 · 2015-02-02 16:33:47 +01:00 · dcb98e7c23
parent c2416dd622 d4a40ad8d3
commit dcb98e7c23
2 changed files with 13 additions and 7 deletions
--- a/taiga/searches/api.py
+++ b/taiga/searches/api.py
@ -20,6 +20,7 @@ from rest_framework.response import Response
 from rest_framework import viewsets

 from taiga.base import exceptions as excp
+from taiga.base.api.utils import get_object_or_404
 from taiga.projects.userstories.serializers import UserStorySerializer
 from taiga.projects.tasks.serializers import TaskSerializer
 from taiga.projects.issues.serializers import IssueSerializer
@ -31,15 +32,10 @@ from . import services

 class SearchViewSet(viewsets.ViewSet):
    def list(self, request, **kwargs):
-        project_model = apps.get_model("projects", "Project")
-
        text = request.QUERY_PARAMS.get('text', "")
        project_id = request.QUERY_PARAMS.get('project', None)

-        try:
-            project = self._get_project(project_id)
-        except (project_model.DoesNotExist, TypeError):
-            raise excp.PermissionDenied({"detail": "Wrong project id"})
+        project = self._get_project(project_id)

        result = {}
        if user_has_perm(request.user, "view_us", project):
@ -56,7 +52,7 @@ class SearchViewSet(viewsets.ViewSet):

    def _get_project(self, project_id):
        project_model = apps.get_model("projects", "Project")
-        return project_model.objects.get(pk=project_id)
+        return get_object_or_404(project_model, pk=project_id)

    def _search_user_stories(self, project, text):
        queryset = services.search_user_stories(project, text)
--- a/tests/integration/test_searches.py
+++ b/tests/integration/test_searches.py
@ -130,3 +130,13 @@ def test_search_text_query_in_my_project(client, searches_initial_data):
    assert len(response.data["tasks"]) == 1
    assert len(response.data["issues"]) == 0
    assert len(response.data["wikipages"]) == 0
+
+
+def test_search_text_query_with_an_invalid_project_id(client, searches_initial_data):
+    data = searches_initial_data
+
+    client.login(data.member1.user)
+
+    response = client.get(reverse("search-list"), {"project": "new", "text": "future"})
+    assert response.status_code == 404
+