From 660e181627b103554e67ac6de833609595fe59f4 Mon Sep 17 00:00:00 2001 From: Bavisetti Narayan Date: Tue, 22 Aug 2023 18:12:39 +0530 Subject: [PATCH 1/2] fix: asset key validation --- apiserver/plane/api/views/asset.py | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/apiserver/plane/api/views/asset.py b/apiserver/plane/api/views/asset.py index 0b935a4d369..a14eae2d1e5 100644 --- a/apiserver/plane/api/views/asset.py +++ b/apiserver/plane/api/views/asset.py @@ -18,10 +18,22 @@ class FileAssetEndpoint(BaseAPIView): """ def get(self, request, workspace_id, asset_key): - asset_key = str(workspace_id) + "/" + asset_key - files = FileAsset.objects.filter(asset=asset_key) - serializer = FileAssetSerializer(files, context={"request": request}, many=True) - return Response(serializer.data) + try: + asset_key = str(workspace_id) + "/" + asset_key + files = FileAsset.objects.filter(asset=asset_key) + serializer = FileAssetSerializer(files, context={"request": request}, many=True) + if files.exists(): + serializer = FileAssetSerializer(files, context={"request": request}, many=True) + return Response({"data": serializer.data, "status": True}, status=status.HTTP_200_OK) + else: + return Response({"error": "Asset key does not exist", "status": False}, status=status.HTTP_200_OK) + except Exception as e: + capture_exception(e) + return Response( + {"error": "Something went wrong please try again later"}, + status=status.HTTP_400_BAD_REQUEST, + ) + def post(self, request, slug): try: From 53c7388d3b9e119a935522a22532d82185d7b2cc Mon Sep 17 00:00:00 2001 From: Bavisetti Narayan Date: Tue, 22 Aug 2023 18:31:35 +0530 Subject: [PATCH 2/2] chore: asset key validation in user assets --- apiserver/plane/api/views/asset.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/apiserver/plane/api/views/asset.py b/apiserver/plane/api/views/asset.py index a14eae2d1e5..d9b6e502d1d 100644 --- a/apiserver/plane/api/views/asset.py +++ b/apiserver/plane/api/views/asset.py @@ -21,7 +21,6 @@ def get(self, request, workspace_id, asset_key): try: asset_key = str(workspace_id) + "/" + asset_key files = FileAsset.objects.filter(asset=asset_key) - serializer = FileAssetSerializer(files, context={"request": request}, many=True) if files.exists(): serializer = FileAssetSerializer(files, context={"request": request}, many=True) return Response({"data": serializer.data, "status": True}, status=status.HTTP_200_OK) @@ -80,11 +79,16 @@ class UserAssetsEndpoint(BaseAPIView): def get(self, request, asset_key): try: files = FileAsset.objects.filter(asset=asset_key, created_by=request.user) - serializer = FileAssetSerializer(files, context={"request": request}) - return Response(serializer.data) - except FileAsset.DoesNotExist: + if files.exists(): + serializer = FileAssetSerializer(files, context={"request": request}) + return Response({"data": serializer.data, "status": True}, status=status.HTTP_200_OK) + else: + return Response({"error": "Asset key does not exist", "status": False}, status=status.HTTP_200_OK) + except Exception as e: + capture_exception(e) return Response( - {"error": "File Asset does not exist"}, status=status.HTTP_404_NOT_FOUND + {"error": "Something went wrong please try again later"}, + status=status.HTTP_400_BAD_REQUEST, ) def post(self, request):