Cutlery/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-08-11 09:14:02 -04:00
Code Issues Packages Projects Releases Wiki Activity

Validate page bounds

Browse Source
This commit is contained in:
shamoon 2025-08-02 09:23:04 -04:00
parent d9e9478d68
commit 92b9c69806
2 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/documents/serialisers.py
View File

@ -1524,7 +1524,7 @@ class BulkEditSerializer(
else: else:
parameters["archive_fallback"] = False parameters["archive_fallback"] = False
def _validate_parameters_edit_pdf(self, parameters): def _validate_parameters_edit_pdf(self, parameters, document_id):
if "operations" not in parameters: if "operations" not in parameters:
raise serializers.ValidationError("operations not specified") raise serializers.ValidationError("operations not specified")
if not isinstance(parameters["operations"], list): if not isinstance(parameters["operations"], list):
@ -1556,6 +1556,15 @@ class BulkEditSerializer(
"update_document only allowed with a single output document", "update_document only allowed with a single output document",
) )
doc = Document.objects.get(id=document_id)
# doc existence is already validated
if doc.page_count:
for op in parameters["operations"]:
if op["page"] < 1 or op["page"] > doc.page_count:
raise serializers.ValidationError(
f"Page {op['page']} is out of bounds for document with {doc.page_count} pages.",
)
def validate(self, attrs): def validate(self, attrs):
method = attrs["method"] method = attrs["method"]
parameters = attrs["parameters"] parameters = attrs["parameters"]
@ -1595,7 +1604,7 @@ class BulkEditSerializer(
raise serializers.ValidationError( raise serializers.ValidationError(
"Edit PDF method only supports one document", "Edit PDF method only supports one document",
) )
self._validate_parameters_edit_pdf(parameters) self._validate_parameters_edit_pdf(parameters, attrs["documents"][0])
return attrs return attrs

27
src/documents/tests/test_api_bulk_edit.py
View File

@ -41,6 +41,7 @@ class TestBulkEditAPI(DirectoriesMixin, APITestCase):
title="B", title="B",
correspondent=self.c1, correspondent=self.c1,
document_type=self.dt1, document_type=self.dt1,
page_count=5,
) )
self.doc3 = Document.objects.create( self.doc3 = Document.objects.create(
checksum="C", checksum="C",
@ -1555,6 +1556,32 @@ class TestBulkEditAPI(DirectoriesMixin, APITestCase):
response.content, response.content,
) )
@mock.patch("documents.serialisers.bulk_edit.edit_pdf")
def test_edit_pdf_page_out_of_bounds(self, m):
"""
GIVEN:
- API data for editing PDF is called
- The page number is out of bounds
WHEN:
- API is called
THEN:
- The API fails with a correct error code
"""
self.setup_mock(m, "edit_pdf")
response = self.client.post(
"/api/documents/bulk_edit/",
json.dumps(
{
"documents": [self.doc2.id],
"method": "edit_pdf",
"parameters": {"operations": [{"page": 99}]},
},
),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertIn(b"out of bounds", response.content)
@override_settings(AUDIT_LOG_ENABLED=True) @override_settings(AUDIT_LOG_ENABLED=True)
def test_bulk_edit_audit_log_enabled_simple_field(self): def test_bulk_edit_audit_log_enabled_simple_field(self):
""" """