Fixed some api bugs

- Disallowed buying more than 30 items at once
 - Disallowed transacting 0 euros to account
This commit is contained in:
seba 2011-10-15 04:06:01 +02:00
parent 23b2164e23
commit f1bbfbb20c
1 changed files with 11 additions and 2 deletions

View File

@ -92,6 +92,10 @@ class BuyableItemHandler(BaseHandler):
amount = getInt(request.data, 'amount', 1) amount = getInt(request.data, 'amount', 1)
if amount < 1: if amount < 1:
return rc.BAD_REQUEST return rc.BAD_REQUEST
if amount > 30:
ret = rc.BAD_REQUEST
ret.write("\nYou are trying to buy more than 30 items at once. This is not permitted. If you think it should, mail the admins / fix this in the handlers.py\n");
return ret
if (not item.hasDeposit() and deposit != self.BUY_ITEM) or \ if (not item.hasDeposit() and deposit != self.BUY_ITEM) or \
deposit not in (self.BUY_ITEM, self.BUY_DEPOSIT, self.BUY_ITEM_AND_DEPOSIT): deposit not in (self.BUY_ITEM, self.BUY_DEPOSIT, self.BUY_ITEM_AND_DEPOSIT):
return rc.BAD_REQUEST return rc.BAD_REQUEST
@ -145,6 +149,11 @@ class BuyableItemHandler(BaseHandler):
ret.write("\nThe items/deposists parameter have to be a list.\n") ret.write("\nThe items/deposists parameter have to be a list.\n")
return ret return ret
if len(itemList) > 30:
ret = rc.BAD_REQUEST
ret.write("\nYou are trying to buy more than 30 items at once. This is not permitted. If you think it should, mail the admins / fix this in the handlers.py\n");
return ret
if len(itemList) == 0: if len(itemList) == 0:
ret = rc.BAD_REQUEST ret = rc.BAD_REQUEST
ret.write("\nYour request contains no items/deposits.\n") ret.write("\nYour request contains no items/deposits.\n")
@ -251,9 +260,9 @@ class TransactionTransactHandler(BaseHandler):
amount = getDecimal(request.POST, 'amount', Decimal(0)) amount = getDecimal(request.POST, 'amount', Decimal(0))
tTypeId = getInt(request.POST, 'type', -1) tTypeId = getInt(request.POST, 'type', -1)
if amount <= 0: if amount < Decimal("0.01"):
ret = rc.BAD_REQUEST ret = rc.BAD_REQUEST
rc.write("\nA negative amount is not supported right now (there has not been put enough thought into the 'lending money' process\n") ret.write("\nA negative amount (or zeroed) is not supported right now (there has not been put enough thought into the 'lending money' process\n")
return ret return ret
tType = None tType = None
try: try: