Fixed some api bugs

- Disallowed buying more than 30 items at once
 - Disallowed transacting 0 euros to account

k4ever/api2/handlers.py

@@ -92,6 +92,10 @@ class BuyableItemHandler(BaseHandler):
 		amount = getInt(request.data, 'amount', 1)
 		if amount < 1:
 			return rc.BAD_REQUEST
+		if amount > 30:
+			ret = rc.BAD_REQUEST
+			ret.write("\nYou are trying to buy more than 30 items at once. This is not permitted. If you think it should, mail the admins / fix this in the handlers.py\n");
+			return ret
 		if (not item.hasDeposit() and deposit != self.BUY_ITEM) or \
 				deposit not in (self.BUY_ITEM, self.BUY_DEPOSIT, self.BUY_ITEM_AND_DEPOSIT):
 			return rc.BAD_REQUEST
@@ -145,6 +149,11 @@ class BuyableItemHandler(BaseHandler):
 			ret.write("\nThe items/deposists parameter have to be a list.\n")
 			return ret
 		
+		if len(itemList) > 30:
+			ret = rc.BAD_REQUEST
+			ret.write("\nYou are trying to buy more than 30 items at once. This is not permitted. If you think it should, mail the admins / fix this in the handlers.py\n");
+			return ret
+		
 		if len(itemList) == 0:
 			ret = rc.BAD_REQUEST
 			ret.write("\nYour request contains no items/deposits.\n")
@@ -251,9 +260,9 @@ class TransactionTransactHandler(BaseHandler):
 		amount = getDecimal(request.POST, 'amount', Decimal(0))
 		tTypeId  = getInt(request.POST, 'type', -1)
 		
-		if amount <= 0:
+		if amount < Decimal("0.01"):
 			ret = rc.BAD_REQUEST
-			rc.write("\nA negative amount is not supported right now (there has not been put enough thought into the 'lending money' process\n")
+			ret.write("\nA negative amount (or zeroed) is not supported right now (there has not been put enough thought into the 'lending money' process\n")
 			return ret
 		tType = None
 		try: