Commits

Apostolis Bessas committed 13ec622

Forbid changing the source language and the i18n_type of a resource through the API.

Comments (0)

Files changed (2)

transifex/resources/api.py

         'slug', 'name', 'accept_translations', 'source_language',
         'i18n_type', 'content', 'category',
     )
+    written_fields = (
+        'slug', 'name', 'accept_translations', 'content', 'category',
+    )
+
     apiv1_fields = ('slug', 'name', 'created', 'available_languages', 'i18n_type',
                     'source_language', 'project_slug')
     exclude = ()
     def _create(self, request, project_slug, data):
         # Check for unavailable fields
         try:
-            self._check_fields(data.iterkeys())
+            self._check_fields(data.iterkeys(), self.allowed_fields)
         except AttributeError, e:
             msg = "Field '%s' is not allowed." % e.message
             logger.warning(msg)
         if not data:            # Check for {} as well
             return BAD_REQUEST("Empty request")
         try:
-            self._check_fields(data.iterkeys())
+            self._check_fields(data.iterkeys(), self.written_fields)
         except AttributeError, e:
             return BAD_REQUEST("Field '%s' is not allowed." % e.message)
 
             return rc.INTERNAL_ERROR
         return rc.DELETED
 
-    def _check_fields(self, fields):
+    def _check_fields(self, fields, allowed_fields):
         for field in fields:
-            if not field in self.allowed_fields:
+            if not field in allowed_fields:
                 raise AttributeError(field)
 
     def _get_content(self, request, data):

transifex/resources/tests/api/__init__.py

             }),
             content_type='application/json'
         )
-        self.assertEquals(res.status_code, 200)
+        self.assertEquals(res.status_code, 400)
         res = self.client['registered'].put(
             url,
             data=simplejson.dumps({
             }),
             content_type='application/json'
         )
-        self.assertEquals(res.status_code, 200)
+        self.assertEquals(res.status_code, 400)
         res = self.client['registered'].put(
             url,
             data=simplejson.dumps({
-                    'source_language': "el",
                     'foo': 'foo',
             }),
             content_type='application/json'