encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2024-12-01 14:04:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

importing regex constant to remove invalid parameters.

Browse Source
This commit is contained in:
vimarshc 2017-05-13 04:54:22 +05:30
parent ed70f5636a
commit b2d6149301
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rest_framework/filters.py
View File

@ -11,6 +11,7 @@ from functools import reduce
from django.core.exceptions import ImproperlyConfigured from django.core.exceptions import ImproperlyConfigured
from django.db import models from django.db import models
from django.db.models.constants import LOOKUP_SEP from django.db.models.constants import LOOKUP_SEP
from django.db.models.sql.constants import ORDER_PATTERN
from django.template import loader from django.template import loader
from django.utils import six from django.utils import six
from django.utils.encoding import force_text from django.utils.encoding import force_text
@ -268,7 +269,7 @@ class OrderingFilter(BaseFilterBackend):
def remove_invalid_fields(self, queryset, fields, view, request): def remove_invalid_fields(self, queryset, fields, view, request):
valid_fields = [item[0] for item in self.get_valid_fields(queryset, view, {'request': request})] valid_fields = [item[0] for item in self.get_valid_fields(queryset, view, {'request': request})]
return [term for term in fields if term.lstrip('-') in valid_fields] return [term for term in fields if term.lstrip('-') in valid_fields and ORDER_PATTERN.match(term)]
def filter_queryset(self, request, queryset, view): def filter_queryset(self, request, queryset, view):
ordering = self.get_ordering(request, queryset, view) ordering = self.get_ordering(request, queryset, view)

4
tests/test_filters.py
View File

@ -773,13 +773,14 @@ class OrderingFilterTests(TestCase):
ordering_fields = ('text',) ordering_fields = ('text',)
view = OrderingListView.as_view() view = OrderingListView.as_view()
request = factory.get('/', {'ordering':'--text'}) request = factory.get('/', {'ordering': '--text'})
response = view(request) response = view(request)
assert response.data == [ assert response.data == [
{'id': 3, 'title': 'xwv', 'text': 'cde'}, {'id': 3, 'title': 'xwv', 'text': 'cde'},
{'id': 2, 'title': 'yxw', 'text': 'bcd'}, {'id': 2, 'title': 'yxw', 'text': 'bcd'},
{'id': 1, 'title': 'zyx', 'text': 'abc'}, {'id': 1, 'title': 'zyx', 'text': 'abc'},
] ]
def test_incorrectfield_ordering(self): def test_incorrectfield_ordering(self):
class OrderingListView(generics.ListAPIView): class OrderingListView(generics.ListAPIView):
queryset = OrderingFilterModel.objects.all() queryset = OrderingFilterModel.objects.all()
@ -899,6 +900,7 @@ class OrderingFilterTests(TestCase):
queryset = OrderingFilterModel.objects.all() queryset = OrderingFilterModel.objects.all()
filter_backends = (filters.OrderingFilter,) filter_backends = (filters.OrderingFilter,)
ordering = ('title',) ordering = ('title',)
# note: no ordering_fields and serializer_class specified # note: no ordering_fields and serializer_class specified
def get_serializer_class(self): def get_serializer_class(self):