darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-02 09:26:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

Verify that attribute exists on *History model when versioning objects

Browse Source 
When createing a history instance of the updated object `create_history`
sets attributes using `setattr`. Since SQLAlchemy model instances are
Python objects they don't prevent new attributes being created by setattr,
which means that if history models are missing some of the columns the
attributes will still be assigned, but their values will not be persisted
by SQLAlchemy since database columns for them do not exist.

To avoid this, we check that the attribute is defined on the `history_cls`
and raise an error if it isn't.
This commit is contained in:
Alexey Bezhan
2017-11-21 14:37:26 +00:00
parent a812ae1e6f
commit 559639eb63
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/history_meta.py
View File

@@ -219,6 +219,8 @@ def create_history(obj, history_cls=None):
data['created_at'] = obj.created_at
for key, value in data.items():
if not hasattr(history_cls, key):
raise AttributeError("{} has no attribute '{}'".format(history_cls.__name__, key))
setattr(history, key, value)
return history