implement parameter validation

tobi-werner · tobi-werner · commit 487d54939d2f · 2020-07-14T16:08:42.000+02:00
diff --git a/frontend/urls.py b/frontend/urls.py
@@ -26,11 +26,11 @@
         ])),
         path('<int:course_id>/topic/<int:topic_id>/content/', include([
             re_path(r'add/(?P<type>' + '|'.join([key for key in CONTENT_TYPES.keys()]) + ')/$', views.content.AddContentView.as_view(), name='content-add'),
-            path('<int:content_id>', include([
-                path('/comment/<int:pk>/delete/', views.DeleteComment.as_view(), name='comment-delete'),
-                path('/comment/<int:pk>/edit/', views.EditComment.as_view(), name='comment-edit'),
-                path('/coursebook/add/', views.coursebook.add_to_coursebook, name='coursebook-add'),
-                path('/coursebook/remove/', views.coursebook.remove_from_coursebook, name='coursebook-remove'),
+            path('<int:content_id>/', include([
+                path('comment/<int:pk>/delete/', views.DeleteComment.as_view(), name='comment-delete'),
+                path('comment/<int:pk>/edit/', views.EditComment.as_view(), name='comment-edit'),
+                path('coursebook/add/', views.coursebook.add_to_coursebook, name='coursebook-add'),
+                path('coursebook/remove/', views.coursebook.remove_from_coursebook, name='coursebook-remove'),
             ])),
             path('<pk>/', views.ContentView.as_view(), name='content'),
             path('<pk>/read/', views.content.ContentReadingModeView.as_view(), name='content-reading-mode'),
diff --git a/frontend/views/coursebook.py b/frontend/views/coursebook.py
@@ -1,23 +1,24 @@
 from django.http import HttpResponseRedirect
+from django.shortcuts import get_object_or_404
 from django.urls import reverse
 from base.models import Course, Favorite, Topic, Content
 
 
 def add_to_coursebook(request, *args, **kwargs):
     user = request.user.profile
-    course = Course.objects.get(pk=kwargs['course_id'])
-    topic = Topic.objects.get(pk=kwargs['topic_id'])
-    content = Content.objects.get(pk=kwargs['content_id'])
+    course = get_object_or_404(Course, pk=kwargs['course_id'])
+    topic = get_object_or_404(Topic, pk=kwargs['topic_id'])
+    content = get_object_or_404(Content, pk=kwargs['content_id'])
 
     Favorite.objects.create(content=content, user=user, course=course)
     return HttpResponseRedirect(reverse('frontend:content', args=(course.id, topic.id, content.id,)))
 
 
 def remove_from_coursebook(request, *args, **kwargs):
     user = request.user.profile
-    course = Course.objects.get(pk=kwargs['course_id'])
-    topic = Topic.objects.get(pk=kwargs['topic_id'])
-    content = Content.objects.get(pk=kwargs['content_id'])
+    course = get_object_or_404(Course, pk=kwargs['course_id'])
+    topic = get_object_or_404(Topic, pk=kwargs['topic_id'])
+    content = get_object_or_404(Content, pk=kwargs['content_id'])
 
     Favorite.objects.filter(course=course, user=user, content=content).delete()
     return HttpResponseRedirect(reverse('frontend:content', args=(course.id, topic.id, content.id,)))
