Environment
- OS: Barstool v2.0
- Time Elapsed: 3 hours
- Thirst Level: Critical
Steps to Reproduce
- Walk into the Virtual Bar.
- Send a
POST request to /orders/ containing an order_item for a drink that is technically marked as in_stock: false.
- Wait indefinitely for the bartender to pour the drink.
- Check your tab by fetching your
Patron record.
Expected Behavior
The bartender should politely inform me that the keg is tapped out (e.g., return a 400 Bad Request or an in_stock error message) so I can order something else.
Actual Behavior
The bartender takes my order in silence, stares blankly into the void, never pours the drink, AND charges my tab! My balance increased, but my physical glass is tragically empty. I've been sitting here for three hours. Please help.
🕵️♂️ Technical Root Cause
Jokes aside, I took a look at the source code while waiting for my drink, and I found the actual issue. In bartender/serializers.py, the OrderSerializer's create() and update() methods do not validate whether the requested drinks are actually in stock.
def create(self, validated_data):
order_items = validated_data.pop('order_items', [])
order = Order.objects.create(**validated_data)
for order_item in order_items:
# BUG: No check here if order_item['drink'].in_stock is True!
# The bartender happily takes orders and charges for out-of-stock items.
OrderItem.objects.create(order=order, **order_item)
return orderProposed Fix:
Add a validation step in OrderSerializer.validate() to check if all requested drink items have in_stock == True. If not, raise a serializers.ValidationError("We are out of stock!").
I'd submit a PR, but I'm too parched. 🍻
Environment
Steps to Reproduce
POSTrequest to/orders/containing anorder_itemfor adrinkthat is technically marked asin_stock: false.Patronrecord.Expected Behavior
The bartender should politely inform me that the keg is tapped out (e.g., return a
400 Bad Requestor anin_stockerror message) so I can order something else.Actual Behavior
The bartender takes my order in silence, stares blankly into the void, never pours the drink, AND charges my tab! My
balanceincreased, but my physical glass is tragically empty. I've been sitting here for three hours. Please help.🕵️♂️ Technical Root Cause
Jokes aside, I took a look at the source code while waiting for my drink, and I found the actual issue. In
bartender/serializers.py, theOrderSerializer'screate()andupdate()methods do not validate whether the requested drinks are actually in stock.Proposed Fix:
Add a validation step in
OrderSerializer.validate()to check if all requesteddrinkitems havein_stock == True. If not, raise aserializers.ValidationError("We are out of stock!").I'd submit a PR, but I'm too parched. 🍻