add some additional api validation so that we ensure the caller passes in an...

add some additional api validation so that we ensure the caller passes in an `id` param if they specify a filter mode of :database of :table

add some additional api validation so that we ensure the caller passes in an...
8811b41e · Allen Gilliland · 76c88c1f · 8811b41e · 8811b41e
Commit 8811b41e authored 9 years ago by Allen Gilliland
--- a/src/metabase/api/card.clj
+++ b/src/metabase/api/card.clj
@@ -34,6 +34,8 @@
  [f id]
  {f CardFilterOption
   id Integer}
+  (when (contains? #{:database :table} f)
+    (checkp (integer? id) "id" (format "id is required parameter when filter mode is '%s'" (name f))))
  (-> (case (or f :all) ; default value for `f` is `:all`
        :all      (sel :many Card (k/order :name :ASC) (k/where (or {:creator_id *current-user-id*}
                                                                    {:public_perms [> common/perms-none]})))

--- a/test/metabase/api/card_test.clj
+++ b/test/metabase/api/card_test.clj
@@ -2,6 +2,7 @@
  "Tests for /api/card endpoints."
  (:require [expectations :refer :all]
            [metabase.db :refer :all]
+            [metabase.http-client :refer :all]
            (metabase.models [card :refer [Card]]
                             [common :as common]
                             [database :refer [Database]])
@@ -53,6 +54,10 @@
           (card-returned? 2 id1)
           (card-returned? 2 id2)])))))

+;; Make sure `id` is required when `f` is :database
+(expect {:errors {:id "id is required parameter when filter mode is 'database'"}}
+  ((user->client :crowberto) :get 400 "card" :f :database))
+
 ;; Filter cards by table
 (expect [true
         false
@@ -80,6 +85,10 @@
       (card-returned? 2 id1)
       (card-returned? 2 id2)]))))

+;; Make sure `id` is required when `f` is :table
+(expect {:errors {:id "id is required parameter when filter mode is 'table'"}}
+  ((user->client :crowberto) :get 400 "card" :f :table))
+
 ;; Check that only the creator of a private Card can see it
 (expect [true
         false]