From 3b7739076898d0ae2ac3ad756eca9a68aca67ca8 Mon Sep 17 00:00:00 2001 From: Zach Hoffman Date: Tue, 3 Sep 2024 14:37:57 -0600 Subject: [PATCH] Improve PUT /deliveryservice_request_comments id (#8071) --- CHANGELOG.md | 1 + .../deliveryservice/request/comment/comments.go | 17 +++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1bbafd751c..cbbdb68c1e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). ##[8.0.2] - 2024-09-27 - [#8081](https://github.com/apache/trafficcontrol/pull/8081) *GH Actions* Updates the versions used for actions/artifact-download and actions/artifact-upload. +- [#8071](https://github.com/apache/trafficcontrol/pull/8071) *Traffic Ops* Improve validation for the `id` field of the `PUT /deliveryservice_request_comments` endpoint. - [#8056](https://github.com/apache/trafficcontrol/pull/8056) Remove the `version` key from compose files and use `docker compose` instead of `docker-compose`. ## [8.0.1] - 2024-03-19 diff --git a/traffic_ops/traffic_ops_golang/deliveryservice/request/comment/comments.go b/traffic_ops/traffic_ops_golang/deliveryservice/request/comment/comments.go index 68a46c1c00..46cae5ae60 100644 --- a/traffic_ops/traffic_ops_golang/deliveryservice/request/comment/comments.go +++ b/traffic_ops/traffic_ops_golang/deliveryservice/request/comment/comments.go @@ -264,6 +264,7 @@ func Get(w http.ResponseWriter, r *http.Request) { // Validate is used to ensure that the DeliveryServiceRequestCommentV5 struct passed in to the function is valid. func Validate(dsrc tc.DeliveryServiceRequestCommentV5) error { errs := validation.Errors{ + "id": validation.Validate(dsrc.ID, validation.NotNil), "deliveryServiceRequestId": validation.Validate(dsrc.DeliveryServiceRequestID, validation.NotNil), "value": validation.Validate(dsrc.Value, validation.NotNil), } @@ -286,6 +287,13 @@ func Update(w http.ResponseWriter, r *http.Request) { api.HandleErr(w, r, tx, http.StatusBadRequest, err, nil) return } + idParam := inf.Params["id"] + id, parseErr := strconv.Atoi(idParam) + if parseErr != nil { + api.HandleErr(w, r, inf.Tx.Tx, http.StatusBadRequest, errors.New("id must be an integer"), nil) + return + } + deliveryServiceRequestComment.ID = id if err := Validate(deliveryServiceRequestComment); err != nil { api.HandleErr(w, r, tx, http.StatusBadRequest, err, nil) @@ -293,7 +301,7 @@ func Update(w http.ResponseWriter, r *http.Request) { } var current tc.DeliveryServiceRequestCommentV5 - err := inf.Tx.QueryRowx(selectQuery() + `WHERE dsrc.id=` + inf.Params["id"]).StructScan(¤t) + err := inf.Tx.QueryRowx(selectQuery() + `WHERE dsrc.id=` + strconv.Itoa(deliveryServiceRequestComment.ID)).StructScan(¤t) if err != nil { api.HandleErr(w, r, tx, http.StatusInternalServerError, nil, errors.New("scanning deliveryservice_request_comment: "+err.Error())) return @@ -305,13 +313,6 @@ func Update(w http.ResponseWriter, r *http.Request) { return } deliveryServiceRequestComment.AuthorID = current.AuthorID - idParam := inf.Params["id"] - id, parseErr := strconv.Atoi(idParam) - if parseErr != nil { - api.HandleErr(w, r, inf.Tx.Tx, http.StatusBadRequest, errors.New("id must be an integer"), nil) - return - } - deliveryServiceRequestComment.ID = id userErr, sysErr, sc := api.CheckIfUnModified(r.Header, inf.Tx, id, "deliveryservice_request_comment") if userErr != nil || sysErr != nil { api.HandleErr(w, r, tx, sc, userErr, sysErr)