diff --git a/backend/authentication/admin.py b/backend/authentication/admin.py index d6b56780..746de982 100644 --- a/backend/authentication/admin.py +++ b/backend/authentication/admin.py @@ -76,9 +76,9 @@ class Meta: fields = "__all__" -class UserAdmin(BaseUserAdmin): +class UserAdmin(BaseUserAdmin[UserModel]): # The forms to add and change user instances. - form = UserChangeForm # type: ignore + form = UserChangeForm add_form = UserCreationForm # The fields to be used in displaying the User model. diff --git a/backend/communities/groups/views.py b/backend/communities/groups/views.py index f415da4d..4d5a0a7e 100644 --- a/backend/communities/groups/views.py +++ b/backend/communities/groups/views.py @@ -29,15 +29,24 @@ def create(self, request: Request) -> Response: return Response(data, status=status.HTTP_201_CREATED) def retrieve(self, request: Request, *args: str, **kwargs: int) -> Response: - if group := self.queryset.get(id=kwargs["pk"]): + try: + pk = str(kwargs["pk"]) + group = self.queryset.get(id=pk) serializer = self.get_serializer(group) return Response(serializer.data, status=status.HTTP_200_OK) - return Response({"error": "Group not found"}, status.HTTP_404_NOT_FOUND) + except group.DoesNotExist: + return Response({"error": "Group not found"}, status.HTTP_404_NOT_FOUND) def update(self, request: Request, pk: str | None = None) -> Response: - group = self.queryset.filter(id=pk).first() + if pk is not None: + group = self.queryset.filter(id=pk).first() + + else: + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + ) if group is None: return Response({"error": "Group not found"}, status.HTTP_404_NOT_FOUND) @@ -55,7 +64,14 @@ def update(self, request: Request, pk: str | None = None) -> Response: return Response(serializer.data, status.HTTP_200_OK) def partial_update(self, request: Request, *args: str, **kwargs: int) -> Response: - group = self.queryset.filter(id=kwargs["pk"]).first() + pk = str(kwargs["pk"]) + if pk is not None: + group = self.queryset.filter(id=pk).first() + + else: + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + ) if group is None: return Response( @@ -75,7 +91,14 @@ def partial_update(self, request: Request, *args: str, **kwargs: int) -> Respons return Response(serializer.data, status=status.HTTP_200_OK) def destroy(self, request: Request, *args: str, **kwargs: int) -> Response: - group = self.queryset.filter(id=kwargs["pk"]).first() + pk = str(kwargs["pk"]) + if pk is not None: + group = self.queryset.filter(id=pk).first() + + else: + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + ) if group is None: return Response( diff --git a/backend/communities/organizations/views.py b/backend/communities/organizations/views.py index a133675e..5d8f531f 100644 --- a/backend/communities/organizations/views.py +++ b/backend/communities/organizations/views.py @@ -32,15 +32,28 @@ def create(self, request: Request) -> Response: return Response(data, status=status.HTTP_201_CREATED) def retrieve(self, request: Request, pk: str | None = None) -> Response: - if org := self.queryset.filter(id=pk).first(): - serializer = self.get_serializer(org) + if pk is not None: + if org := self.queryset.filter(id=pk).first(): + serializer = self.get_serializer(org) - return Response(serializer.data, status=status.HTTP_200_OK) + return Response(serializer.data, status=status.HTTP_200_OK) + + else: + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + ) return Response({"error": "Organization not found"}, status.HTTP_404_NOT_FOUND) def update(self, request: Request, pk: str | None = None) -> Response: - org = self.queryset.filter(id=pk).first() + if pk is not None: + org = self.queryset.filter(id=pk).first() + + else: + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + ) + if org is None: return Response( {"error": "Organization not found"}, status.HTTP_404_NOT_FOUND @@ -59,7 +72,14 @@ def update(self, request: Request, pk: str | None = None) -> Response: return Response(serializer.data, status.HTTP_200_OK) def partial_update(self, request: Request, pk: str | None = None) -> Response: - org = self.queryset.filter(id=pk).first() + if pk is not None: + org = self.queryset.filter(id=pk).first() + + else: + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + ) + if org is None: return Response( {"error": "Organization not found"}, status.HTTP_404_NOT_FOUND @@ -78,7 +98,14 @@ def partial_update(self, request: Request, pk: str | None = None) -> Response: return Response(serializer.data, status.HTTP_200_OK) def destroy(self, request: Request, pk: str | None = None) -> Response: - org = self.queryset.filter(id=pk).first() + if pk is not None: + org = self.queryset.filter(id=pk).first() + + else: + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + ) + if org is None: return Response( {"error": "Organization not found"}, status.HTTP_404_NOT_FOUND diff --git a/backend/content/serializers.py b/backend/content/serializers.py index e0a43c16..e47d72d7 100644 --- a/backend/content/serializers.py +++ b/backend/content/serializers.py @@ -44,19 +44,27 @@ def validate(self, data: Dict[str, Union[str, int]]) -> Dict[str, Union[str, int image_extensions = [".jpg", ".jpeg", ".png"] img_format = "" - try: - with PilImage.open(data["file_location"]) as img: - img.verify() - img_format = img.format.lower() - except Exception as e: + file_location = data["file_location"] + if isinstance(file_location, str): + try: + with PilImage.open(file_location) as img: + img.verify() + img_format = img.format.lower() + + except Exception as e: + raise serializers.ValidationError( + _("The image is not valid."), code="corrupted_file" + ) from e + + if img_format not in image_extensions: + raise serializers.ValidationError( + _("The image must be in jpg, jpeg or png format."), + code="invalid_extension", + ) + + else: raise serializers.ValidationError( - _("The image is not valid."), code="corrupted_file" - ) from e - - if img_format not in image_extensions: - raise serializers.ValidationError( - _("The image must be in jpg, jpeg or png format."), - code="invalid_extension", + _("The file location must be a string."), code="invalid_file_location" ) return data diff --git a/backend/content/views.py b/backend/content/views.py index f37f6e06..a273ba7a 100644 --- a/backend/content/views.py +++ b/backend/content/views.py @@ -38,7 +38,13 @@ def create(self, request: Request) -> Response: def retrieve(self, request: Request, pk: str | None = None) -> Response: queryset = self.get_queryset() - item = queryset.filter(id=pk).first() + if pk is not None: + item = queryset.filter(id=pk).first() + + else: + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + ) serializer = self.get_serializer(item) @@ -123,11 +129,25 @@ def create(self, request: Request) -> Response: def retrieve(self, request: Request, pk: str | None = None) -> Response: if request.user.is_authenticated: - query = self.queryset.filter( - Q(is_private=False) | Q(is_private=True, created_by=request.user), id=pk - ) + if pk is not None: + query = self.queryset.filter( + Q(is_private=False) | Q(is_private=True, created_by=request.user), + id=pk, + ) + + else: + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + ) + else: - query = self.queryset.filter(Q(is_private=False), id=pk) + if pk is not None: + query = self.queryset.filter(Q(is_private=False), id=pk) + + else: + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + ) serializer = self.get_serializer(query) @@ -211,7 +231,14 @@ def create(self, request: Request) -> Response: def retrieve(self, request: Request, pk: str | None = None) -> Response: queryset = self.get_queryset() - item = queryset.filter(id=pk).first() + if pk is not None: + item = queryset.filter(id=pk).first() + + else: + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + ) + serializer = self.get_serializer(item) return Response(serializer.data, status=status.HTTP_200_OK) diff --git a/backend/events/views.py b/backend/events/views.py index 414a63fc..49d6f508 100644 --- a/backend/events/views.py +++ b/backend/events/views.py @@ -28,58 +28,87 @@ def create(self, request: Request, *args: str, **kwargs: int) -> Response: return Response(data, status=status.HTTP_201_CREATED) def retrieve(self, request: Request, *args: str, **kwargs: int) -> Response: - if event := self.queryset.get(id=kwargs["pk"]): + try: + pk = str(kwargs["pk"]) + event = self.queryset.get(id=pk) serializer = self.get_serializer(event) return Response(serializer.data, status=status.HTTP_200_OK) - return Response({"error": "Event not found"}, status.HTTP_404_NOT_FOUND) + except event.DoesNotExist: + return Response({"error": "Event not found"}, status.HTTP_404_NOT_FOUND) def update(self, request: Request, *args: str, **kwargs: int) -> Response: - event = self.queryset.filter(id=kwargs["pk"]).first() - if event is None: - return Response({"error": "Event not found"}, status.HTTP_404_NOT_FOUND) + try: + pk = str(kwargs["pk"]) + event = self.queryset.filter(id=pk).first() + if event is None: + return Response( + {"error": "Event not found"}, status=status.HTTP_404_NOT_FOUND + ) + + if request.user != event.created_by: + return Response( + {"error": "You are not authorized to update this event"}, + status=status.HTTP_401_UNAUTHORIZED, + ) + + serializer = self.get_serializer(event, data=request.data, partial=True) + serializer.is_valid(raise_exception=True) + serializer.save() - if request.user != event.created_by: + return Response(serializer.data, status=status.HTTP_200_OK) + + except (Event.DoesNotExist, ValueError): return Response( - {"error": "You are not authorized to update this event"}, - status.HTTP_401_UNAUTHORIZED, + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST ) - serializer = self.get_serializer(event, data=request.data, partial=True) - serializer.is_valid(raise_exception=True) - serializer.save() + def partial_update(self, request: Request, *args: str, **kwargs: int) -> Response: + try: + pk = str(kwargs["pk"]) + event = self.queryset.filter(id=pk).first() - return Response(serializer.data, status.HTTP_200_OK) + if event is None: + return Response({"error": "Event not found"}, status.HTTP_404_NOT_FOUND) - def partial_update(self, request: Request, *args: str, **kwargs: int) -> Response: - event = self.queryset.filter(id=kwargs["pk"]).first() - if event is None: - return Response({"error": "Event not found"}, status.HTTP_404_NOT_FOUND) + if request.user != event.created_by: + return Response( + {"error": "You are not authorized to update this event"}, + status.HTTP_401_UNAUTHORIZED, + ) + + serializer = self.get_serializer(event, data=request.data, partial=True) + serializer.is_valid(raise_exception=True) + serializer.save() - if request.user != event.created_by: + return Response(serializer.data, status.HTTP_200_OK) + + except (Event.DoesNotExist, ValueError): return Response( - {"error": "You are not authorized to update this event"}, - status.HTTP_401_UNAUTHORIZED, + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST ) - serializer = self.get_serializer(event, data=request.data, partial=True) - serializer.is_valid(raise_exception=True) - serializer.save() + def destroy(self, request: Request, *args: str, **kwargs: int) -> Response: + try: + pk = str(kwargs["pk"]) + event = self.queryset.filter(id=pk).first() - return Response(serializer.data, status.HTTP_200_OK) + if event is None: + return Response({"error": "Event not found"}, status.HTTP_404_NOT_FOUND) - def destroy(self, request: Request, *args: str, **kwargs: int) -> Response: - event = self.queryset.filter(id=kwargs["pk"]).first() - if event is None: - return Response({"error": "Event not found"}, status.HTTP_404_NOT_FOUND) + if request.user != event.created_by: + return Response( + {"error": "You are not authorized to delete this event"}, + status.HTTP_401_UNAUTHORIZED, + ) - if request.user != event.created_by: + event.delete() return Response( - {"error": "You are not authorized to delete this event"}, - status.HTTP_401_UNAUTHORIZED, + {"message": "Event deleted successfully."}, status.HTTP_200_OK ) - event.delete() - - return Response({"message": "Event deleted successfully."}, status.HTTP_200_OK) + except (Event.DoesNotExist, ValueError): + return Response( + {"error": "Invalid ID."}, status=status.HTTP_400_BAD_REQUEST + )