diff --git a/k4ever/api2/handlers.py b/k4ever/api2/handlers.py index 9f64a33..cfc5c71 100644 --- a/k4ever/api2/handlers.py +++ b/k4ever/api2/handlers.py @@ -92,6 +92,10 @@ class BuyableItemHandler(BaseHandler): amount = getInt(request.data, 'amount', 1) if amount < 1: return rc.BAD_REQUEST + if amount > 30: + ret = rc.BAD_REQUEST + ret.write("\nYou are trying to buy more than 30 items at once. This is not permitted. If you think it should, mail the admins / fix this in the handlers.py\n"); + return ret if (not item.hasDeposit() and deposit != self.BUY_ITEM) or \ deposit not in (self.BUY_ITEM, self.BUY_DEPOSIT, self.BUY_ITEM_AND_DEPOSIT): return rc.BAD_REQUEST @@ -145,6 +149,11 @@ class BuyableItemHandler(BaseHandler): ret.write("\nThe items/deposists parameter have to be a list.\n") return ret + if len(itemList) > 30: + ret = rc.BAD_REQUEST + ret.write("\nYou are trying to buy more than 30 items at once. This is not permitted. If you think it should, mail the admins / fix this in the handlers.py\n"); + return ret + if len(itemList) == 0: ret = rc.BAD_REQUEST ret.write("\nYour request contains no items/deposits.\n") @@ -251,9 +260,9 @@ class TransactionTransactHandler(BaseHandler): amount = getDecimal(request.POST, 'amount', Decimal(0)) tTypeId = getInt(request.POST, 'type', -1) - if amount <= 0: + if amount < Decimal("0.01"): ret = rc.BAD_REQUEST - rc.write("\nA negative amount is not supported right now (there has not been put enough thought into the 'lending money' process\n") + ret.write("\nA negative amount (or zeroed) is not supported right now (there has not been put enough thought into the 'lending money' process\n") return ret tType = None try: