plone.restapi icon indicating copy to clipboard operation
plone.restapi copied to clipboard

Published 20 hours ago verified publisher icon plone

It is possible to create an empty AT content bypassing the validation

Open gbastien opened this issue 2 years ago • 1 comments

Hi @stevepiercy @jensens we still use version 7.x to create AT content on some applications and we encounter a bug: it is possible to create an empty content without required fields by just giving the "portal_type". This is because in https://github.com/plone/plone.restapi/blob/7.x.x/src/plone/restapi/deserializer/atcontent.py#L55 In DeserializeFromJson, validation is only done if a field was modified, this is not the case and it fails. Changing if modified: by if create or modified: fix the problem. I will propose a PR for this. Thank you, Gauthier

gbastien avatar Apr 27 '22 15:04 gbastien

Thank you for review and merge, I will wait for a release 7.x.x (but it is not urgent) before closing this issue

gbastien avatar May 06 '22 07:05 gbastien

https://pypi.org/project/plone.restapi/7.8.0/ this version solves the issue

gbastien avatar Oct 15 '22 09:10 gbastien