mirrors/recipes
1
0
Fork 0
mirror of https://github.com/TandoorRecipes/recipes.git synced 2026-01-03 13:19:16 -05:00
Code Issues Packages Projects Releases Wiki Activity

test shoppingFood API

Browse Source
This commit is contained in:
smilerz
2021-12-15 07:24:12 -06:00
parent 1364f75f21
commit ee4ab41c1c
5 changed files with 123 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cookbook/views/api.py
View File

@@ -413,7 +413,10 @@ class FoodViewSet(viewsets.ModelViewSet, TreeMixin):
pagination_class = DefaultPagination
@decorators.action(detail=True, methods=['PUT'], serializer_class=FoodShoppingUpdateSerializer,)
# TODO DRF only allows one action in a decorator action without overriding get_operation_id_base() this should be PUT and DELETE probably
def shopping(self, request, pk):
if self.request.space.demo:
raise PermissionDenied(detail='Not available in demo', code=None)
obj = self.get_object()
shared_users = list(self.request.user.get_shopping_share())
shared_users.append(request.user)
@@ -652,12 +655,16 @@ class RecipeViewSet(viewsets.ModelViewSet):
return Response(serializer.data)
return Response(serializer.errors, 400)
# TODO: refactor API to use post/put/delete or leave as put and change VUE to use list_recipe after creating
# DRF only allows one action in a decorator action without overriding get_operation_id_base()
@decorators.action(
detail=True,
methods=['PUT'],
serializer_class=RecipeShoppingUpdateSerializer,
)
def shopping(self, request, pk):
if self.request.space.demo:
raise PermissionDenied(detail='Not available in demo', code=None)
obj = self.get_object()
ingredients = request.data.get('ingredients', None)
servings = request.data.get('servings', None)

4
cookbook/views/views.py
View File

@@ -254,13 +254,13 @@ def latest_shopping_list(request):
@group_required('user')
def shopping_list(request, pk=None):
def shopping_list(request, pk=None): # TODO deprecate
html_list = request.GET.getlist('r')
recipes = []
for r in html_list:
r = r.replace('[', '').replace(']', '')
if re.match(r'^([0-9])+,([0-9])+[.]*([0-9])*$', r):
if re.match(r'^([0-9])+,([0-9])+[.]*([0-9])*$', r): # vulnerable to DoS
rid, multiplier = r.split(',')
if recipe := Recipe.objects.filter(pk=int(rid), space=request.space).first():
recipes.append({'recipe': recipe.id, 'multiplier': multiplier})