mirror
/
datasette
kopia lustrzana https://github.com/simonw/datasette
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Return 400 errors for ?_sort errors, closes #1950

pull/1823/merge
Simon Willison 2022-12-13 14:23:07 -08:00
rodzic d4b98d3924
commit f84acae98e
2 zmienionych plików z 35 dodań i 3 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

8
datasette/views/table.py
Wyświetl plik

@ -387,17 +387,19 @@ class TableView(DataView):
sort_desc = table_metadata.get("sort_desc") sort_desc = table_metadata.get("sort_desc")
if sort and sort_desc: if sort and sort_desc:
raise DatasetteError("Cannot use _sort and _sort_desc at the same time") raise DatasetteError(
"Cannot use _sort and _sort_desc at the same time", status=400
)
if sort: if sort:
if sort not in sortable_columns: if sort not in sortable_columns:
raise DatasetteError(f"Cannot sort table by {sort}") raise DatasetteError(f"Cannot sort table by {sort}", status=400)
order_by = escape_sqlite(sort) order_by = escape_sqlite(sort)
if sort_desc: if sort_desc:
if sort_desc not in sortable_columns: if sort_desc not in sortable_columns:
raise DatasetteError(f"Cannot sort table by {sort_desc}") raise DatasetteError(f"Cannot sort table by {sort_desc}", status=400)
order_by = f"{escape_sqlite(sort_desc)} desc" order_by = f"{escape_sqlite(sort_desc)} desc"

30
tests/test_table_html.py
Wyświetl plik

@ -891,6 +891,36 @@ def test_custom_table_include():
) == str(Soup(response.text, "html.parser").select_one("div.custom-table-row")) ) == str(Soup(response.text, "html.parser").select_one("div.custom-table-row"))
@pytest.mark.parametrize("json", (True, False))
@pytest.mark.parametrize(
"params,error",
(
("?_sort=bad", "Cannot sort table by bad"),
("?_sort_desc=bad", "Cannot sort table by bad"),
(
"?_sort=state&_sort_desc=state",
"Cannot use _sort and _sort_desc at the same time",
),
),
)
def test_sort_errors(app_client, json, params, error):
path = "/fixtures/facetable{}{}".format(
".json" if json else "",
params,
)
response = app_client.get(path)
assert response.status == 400
if json:
assert response.json == {
"ok": False,
"error": error,
"status": 400,
"title": None,
}
else:
assert error in response.text
def test_metadata_sort(app_client): def test_metadata_sort(app_client):
response = app_client.get("/fixtures/facet_cities") response = app_client.get("/fixtures/facet_cities")
assert response.status == 200 assert response.status == 200