Skip to content

Commit a8dcf4d

Browse files
svenvandescheurSilviaAmAm
authored andcommitted
🚑 #495 - fix: use POST body for selection items API call to prevent excessive URL length
1 parent a3dd14f commit a8dcf4d

File tree

5 files changed

+17
-18
lines changed

5 files changed

+17
-18
lines changed

backend/src/openarchiefbeheer/selection/api/drf_spectacular/hooks.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,10 @@ def update_schema_for_dynamic_keys(
1717
openapi_response_schema = force_instance(SCHEMA_RESPONSE)
1818

1919
# TODO: Try if a OpenApiSerializerExtension can be used to do this?
20-
result["paths"]["/api/v1/selections/{key}/"]["get"]["responses"]["200"]["content"][
20+
result["paths"]["/api/v1/selections/{key}/"]["post"]["responses"]["200"]["content"][
2121
"application/json"
2222
]["schema"] = openapi_response_schema.response
23-
result["paths"]["/api/v1/selections/{key}/"]["get"]["responses"]["200"]["content"][
23+
result["paths"]["/api/v1/selections/{key}/"]["post"]["responses"]["200"]["content"][
2424
"application/json"
2525
]["examples"] = build_examples_list(openapi_response_schema.examples)
2626

backend/src/openarchiefbeheer/selection/api/views.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ def _get_selection_representation(self, queryset=None):
5050
# DRF spectacular post processing hooks.
5151
responses={200: SelectionItemDataReadSerializer(many=True)},
5252
)
53-
def get(self, request, *args, **kwargs):
53+
def post(self, request, *args, **kwargs):
5454
queryset = self.filter_queryset(self.get_queryset())
5555

5656
return Response(self._get_selection_representation(queryset))

backend/src/openarchiefbeheer/selection/tests/test_endpoints.py

+5-5
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ def test_get_zaak_selection(self):
4040

4141
self.client.force_login(self.user)
4242

43-
response = self.client.get(reverse("api:selections", args=[key]))
43+
response = self.client.post(reverse("api:selections", args=[key]))
4444

4545
self.assertEqual(response.status_code, status.HTTP_200_OK)
4646

@@ -230,7 +230,7 @@ def test_get_filtered_zaak_selection(self):
230230
endpoint.args["annotated"] = True
231231
endpoint.args["test"] = "tralala"
232232

233-
response = self.client.get(endpoint.url)
233+
response = self.client.post(endpoint.url)
234234

235235
self.assertEqual(response.status_code, status.HTTP_200_OK)
236236

@@ -263,7 +263,7 @@ def test_get_selection_item(self):
263263
self.client.force_login(self.user)
264264
endpoint = furl(reverse("api:selections", args=[key]))
265265
endpoint.args["items"] = "http://zaken.nl/api/v1/zaken/111-111-111"
266-
response = self.client.get(endpoint.url)
266+
response = self.client.post(endpoint.url)
267267

268268
self.assertEqual(response.status_code, status.HTTP_200_OK)
269269

@@ -303,7 +303,7 @@ def test_filter_items(self):
303303
endpoint.args["items"] = (
304304
"http://zaken.nl/api/v1/zaken/111-111-111,http://zaken.nl/api/v1/zaken/222-222-222"
305305
)
306-
response = self.client.get(endpoint.url)
306+
response = self.client.post(endpoint.url)
307307

308308
self.assertEqual(response.status_code, status.HTTP_200_OK)
309309

@@ -477,7 +477,7 @@ def test_urls_not_camelised(self):
477477

478478
self.client.force_login(self.user)
479479

480-
response = self.client.get(reverse("api:selections", args=[key]))
480+
response = self.client.post(reverse("api:selections", args=[key]))
481481

482482
self.assertEqual(response.status_code, status.HTTP_200_OK)
483483

frontend/src/lib/api/zaakSelection.ts

+4-5
Original file line numberDiff line numberDiff line change
@@ -35,15 +35,14 @@ export async function getSelectionItems<DetailType = unknown>(
3535
selectedOnly = true,
3636
signal?: AbortSignal,
3737
) {
38-
const zaakUrls = zaken.map((zaak) => _getZaakUrl(zaak));
39-
const params = new URLSearchParams({ items: zaakUrls.join(",") });
38+
const items = zaken.map((zaak) => _getZaakUrl(zaak));
39+
const params = new URLSearchParams();
4040
selectedOnly && params.set("selected", "true");
41-
4241
const response = await request(
43-
"GET",
42+
"POST",
4443
`/selections/${key}/`,
4544
params,
46-
undefined,
45+
{ items },
4746
undefined,
4847
signal,
4948
);

frontend/src/pages/destructionlist/review/DestructionListReview.stories.tsx

+5-5
Original file line numberDiff line numberDiff line change
@@ -80,19 +80,19 @@ const meta: Meta<typeof DestructionListReviewPage> = {
8080
},
8181
{
8282
url: "http://localhost:8000/api/v1/selections/destruction-list-review-00000000-0000-0000-0000-000000000000-changes_requested/?items=http%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F87691e74-1b0b-491a-aa63-0a396bbb1e3e%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F3038cc8e-003b-411c-b6ef-7dc5ddc5a3ee%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F78b6dd10-261b-4a40-99e2-1eea3e38bc99%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F64bec25d-5752-48a9-b2f9-6c27085a469f%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F409a291a-9cf0-4c40-9f31-25e9452a8e79%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F1188687c-392b-439e-9d5f-4d17bac822bf%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F5d816422-7f1c-42b4-9a4c-715d2e07aca3%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F2e803c71-49c4-4dc0-bfd1-42f2a3da99f9%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2Fbd6cdd85-d578-47fa-9ddb-846354088a47%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F2ca5f28c-397b-4cc6-ac76-4ef6cab19f59",
83-
method: "GET",
83+
method: "POST",
8484
status: 200,
8585
response: {},
8686
},
8787
{
88-
url: "http://localhost:8000/api/v1/selections/storybook-storage-key/?items=http%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F87691e74-1b0b-491a-aa63-0a396bbb1e3e%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F3038cc8e-003b-411c-b6ef-7dc5ddc5a3ee%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F78b6dd10-261b-4a40-99e2-1eea3e38bc99%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F64bec25d-5752-48a9-b2f9-6c27085a469f%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F409a291a-9cf0-4c40-9f31-25e9452a8e79%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F1188687c-392b-439e-9d5f-4d17bac822bf%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F5d816422-7f1c-42b4-9a4c-715d2e07aca3%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F2e803c71-49c4-4dc0-bfd1-42f2a3da99f9%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2Fbd6cdd85-d578-47fa-9ddb-846354088a47%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F2ca5f28c-397b-4cc6-ac76-4ef6cab19f59",
89-
method: "GET",
88+
url: "http://localhost:8000/api/v1/selections/storybook-storage-key/",
89+
method: "POST",
9090
status: 200,
9191
response: {},
9292
},
9393
{
94-
url: "http://localhost:8000/api/v1/selections/storybook-storage-key/?items=http%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F87691e74-1b0b-491a-aa63-0a396bbb1e3e%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F3038cc8e-003b-411c-b6ef-7dc5ddc5a3ee%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F78b6dd10-261b-4a40-99e2-1eea3e38bc99%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F64bec25d-5752-48a9-b2f9-6c27085a469f%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F409a291a-9cf0-4c40-9f31-25e9452a8e79%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F1188687c-392b-439e-9d5f-4d17bac822bf%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F5d816422-7f1c-42b4-9a4c-715d2e07aca3%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F2e803c71-49c4-4dc0-bfd1-42f2a3da99f9%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2Fbd6cdd85-d578-47fa-9ddb-846354088a47%2Chttp%3A%2F%2Flocalhost%3A8000%2Fzaken%2Fapi%2Fv1%2Fzaken%2F2ca5f28c-397b-4cc6-ac76-4ef6cab19f59&selected=true",
95-
method: "GET",
94+
url: "http://localhost:8000/api/v1/selections/storybook-storage-key/",
95+
method: "POST",
9696
status: 200,
9797
response: {},
9898
},

0 commit comments

Comments
 (0)