admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FCLT#55358 Valideert nu de door API gegeven data aan de hand van het model, voordat er mee gewerkt wordt

Browse Source 
svn path=/Website/trunk/; revision=40125
This commit is contained in:
Koen Reefman
2018-12-05 14:45:08 +00:00
parent ebbd3d715b
commit ec5b69c157
2 changed files with 80 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
APPL/API2/api2.inc
View File

@@ -132,6 +132,78 @@ api2 = {
return jsondata;
},
// Throws an API error (400) if jsondata does not match the defined model (types)
validateJSON: function _validateJSON(jsondata, model)
{
for (fld in jsondata[model.record_name])
{
if (!(fld in model.fields))
api2.error(400, L("lcl_api2_fld_undefined").format(fld));
var type = model.fields[fld].typ;
var data = jsondata[model.record_name][fld];
if (data == null || data == "" || typeof data == "undefined")
continue;
// Values can be provided "as is" or as a {id, name}-tuple
if (typeof data == "object" && "id" in data)
data = data.id;
var valid = false;
try {
switch (type)
{
case "key":
case "number":
if (!isNaN(parseInt(data, 10)))
valid = true;
break;
case "currency":
case "float":
if (!isNaN(parseFloat(data)))
valid = true;
break;
case "check":
case "check0":
if (data == "on" || data == "off" || !isNaN(parseInt(data, 10)))
valid = true;
break;
case "date":
case "datetime":
case "time":
if (!isNaN((new Date(data)).getTime()))
valid = true;
break;
case "processingtime":
if (typeof data == "object" && "duration" in data && "unit" in data)
{
if (data.duration == null || data.duration == "")
continue;
if (!isNaN(parseFloat(data.duration)) && inArray(data.unit, ["D", "U"]))
valid = true;
}
break;
case "sql":
case "html":
case "memo":
case "varchar":
valid = true;
break;
default:
api2.error(400, L("lcl_api2_unknown_type").format(type, fld));
break;
}
}
catch (e) {
valid = false;
}
if (!valid)
api2.error(400, L("lcl_api2_wrong_type").format(fld, type));
}
},
// Verwerk filtervelden die in de url zijn meegegeven
sqlfilter: function _sqlfilter(params, model)
{
@@ -979,7 +1051,7 @@ api2 = {
var incdata = jsondata[incname]; // Array zoals via API aangeleverd
for (var j=0; j<incdata.length; j++)
{
var inckey = incdata[j][incmodel.keyfield || "id"]; // Die kan er zijn. custom_field werkt via keyfield
var inckey = incdata[j][incmodel.keyfield || "id"]; // Die kan er zijn. custom_fields werkt via keyfield
if (incmodel.keyfield || !(inckey > 0) || params.isNew)
{
delete incdata[j]["id"]; // voor als je bij isNew toch keys had meegegeven
@@ -1593,7 +1665,7 @@ function generic_REST_GET(model, gparams)
if (field.sql)
orderbys.push(field.sql);
else
orderbys.push(field._foreignname || field.dbs);
orderbys.push( field._foreignname || field.dbs);
}
}

6
APPL/API2/api2_rest.inc
View File

@@ -251,6 +251,12 @@ api2_rest = {
{
api2.error(400, "No '{0}' found in input".format(model.record_name));
}
else
{
// Validate the data and data types according to the model
// Throws api2.error if data is not found in model or given data is incompatible with its datatype
api2.validateJSON(jsondata, model);
}
}
}