diff --git a/wtnt/admin/team/views.py b/wtnt/admin/team/views.py index e16b030..774fa1e 100644 --- a/wtnt/admin/team/views.py +++ b/wtnt/admin/team/views.py @@ -1,9 +1,10 @@ from rest_framework import status from rest_framework.response import Response from rest_framework.views import APIView -from core.permissions import IsAdminUser from django.contrib.auth import get_user_model +import core.exception.request as exception +from core.permissions import IsAdminUser from .service import AdminTeamService User = get_user_model() @@ -19,12 +20,26 @@ def get(self, request): return Response(data, status=status.HTTP_200_OK) def patch(self, request, *args, **kwargs): + required_field = ["ids"] + if len(request.data) != len(required_field): + raise exception.InvalidRequestError() + for field in required_field: + if field not in request.data: + raise exception.InvalidRequestError() + admin_service = AdminTeamService(request) data = admin_service.approve_teams() return Response(data, status=status.HTTP_202_ACCEPTED) def delete(self, request, *args, **kwargs): + required_field = ["ids"] + if len(request.data) != len(required_field): + raise exception.InvalidRequestError() + for field in required_field: + if field not in request.data: + raise exception.InvalidRequestError() + admin_service = AdminTeamService(request) data = admin_service.reject_teams(status=False) @@ -39,6 +54,13 @@ def get(self, request): return admin_service.get_approved_teams() def delete(self, request, *args, **kwargs): + required_field = ["ids"] + if len(request.data) != len(required_field): + raise exception.InvalidRequestError() + for field in required_field: + if field not in request.data: + raise exception.InvalidRequestError() + admin_service = AdminTeamService(request) data = admin_service.reject_teams(status=True) diff --git a/wtnt/admin/user/views.py b/wtnt/admin/user/views.py index c2fa31c..506fcc9 100644 --- a/wtnt/admin/user/views.py +++ b/wtnt/admin/user/views.py @@ -1,9 +1,10 @@ from rest_framework import status from rest_framework.response import Response from rest_framework.views import APIView -from core.permissions import IsAdminUser from django.contrib.auth import get_user_model +import core.exception.request as exception +from core.permissions import IsAdminUser from .service import AdminUserService User = get_user_model() @@ -19,12 +20,26 @@ def get(self, request): return Response(data, status=status.HTTP_200_OK) def patch(self, request, *args, **kwargs): + required_field = ["ids"] + if len(request.data) != len(required_field): + raise exception.InvalidRequestError() + for field in required_field: + if field not in request.data: + raise exception.InvalidRequestError() + admin_service = AdminUserService(request) data = admin_service.approve_users() return Response(data, status=status.HTTP_202_ACCEPTED) def delete(self, request, *args, **kwargs): + required_field = ["ids"] + if len(request.data) != len(required_field): + raise exception.InvalidRequestError() + for field in required_field: + if field not in request.data: + raise exception.InvalidRequestError() + admin_service = AdminUserService(request) data = admin_service.reject_users(status=False) @@ -39,6 +54,13 @@ def get(self, request): return admin_service.get_approved_users() def delete(self, request, *args, **kwargs): + required_field = ["ids"] + if len(request.data) != len(required_field): + raise exception.InvalidRequestError() + for field in required_field: + if field not in request.data: + raise exception.InvalidRequestError() + admin_service = AdminUserService(request) data = admin_service.reject_users(status=True)