Mercurial > p > roundup > code
diff roundup/rest.py @ 8534:1f8492d68aca
bug: using 'null' value for attributes causes error.
In rest.py, filter out any attributes that are set to 'None'.
GET on an endpoint can return 'null' values when the attribute is
unset. E.G. for a user:
{
"address": "baddy@example.com",
"alternate_addresses": null,
"last_login": "2026-03-18.05:57:09",
"organisation": null,
"password": null,
"phone": null,
"queries": [],
"realname": "Fred Jones",
"roles": "User",
"timezone": null,
"username": "badeggs"
}
But this json can not be submitted to a PUT or POST endpoint. The
validators for passwords, strings, integers etc. don't expect a None
value.
This change handles attributes with "null" (None) values in json
objects by filtering them from the python object before processing.
The null value can't be used to unset an attribute via PUT or POST.
The 'remove' action using the PATCH verb can unset the value.
Also there appears to be some missing checks in the back_anydbm and
rdbms_common files for the password type. All the other types have a
check:
value is not None and not isinstance(.....)
but passwords only have the 'not isinstance(....)' part. Not sure why
this was the case. Looking at commit history didn't make me think it
was intentional.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 18 Mar 2026 17:24:14 -0400 |
| parents | 36be91f671d0 |
| children | 5800afdebded |
line wrap: on
line diff
--- a/roundup/rest.py Wed Mar 18 11:11:03 2026 -0400 +++ b/roundup/rest.py Wed Mar 18 17:24:14 2026 -0400 @@ -34,6 +34,7 @@ from roundup.exceptions import Reject, UsageError from roundup.i18n import _ from roundup.rate_limit import Gcra, RateLimit +from roundup.timer import timer logger = logging.getLogger('roundup.rest') @@ -2432,6 +2433,8 @@ "acceptable": ", ".join(sorted( self.__accepted_content_type.keys()))})) + @timer(name="rest_dispatch", tag="args[2]", + writer=logging.getLogger('roundup.timer').error) def dispatch(self, method, uri, input_payload): """format and process the request""" output = None @@ -2747,6 +2750,8 @@ __slots__ = ("json_dict", "value") + @timer(name="simultateFieldStorage", tag="args[1][:10]", + writer=logging.getLogger('roundup.timer').error) def __init__(self, json_string): '''Parse the json string into an internal dict. @@ -2765,7 +2770,8 @@ self.json_dict = json.loads(json_string, parse_constant=raise_error_on_constant) self.value = [self.FsValue(index, self.json_dict[index]) - for index in self.json_dict] + for index in self.json_dict if + self.json_dict[index] is not None] except (JSONDecodeError, ValueError) as e: raise ValueError(e.args[0] + ". JSON is: " + json_string)