Features: 1) Add detailed error responses with exception messages for Order.DoesNotExist and ValueError in order-related actions; 2) Improve create_promocode_on_user_referring with stricter type check for user attributes;

Fixes: 1) Move `get_object()` call into `try` block to prevent unhandled exceptions during order retrieval; Extra: 1) Minor code reformatting for improved readability.
2025-10-16 09:58:13 +03:00 · 2025-10-16 09:58:13 +03:00 · 0bfc4c2984
commit 0bfc4c2984
parent 8889429a02
2 changed files with 21 additions and 12 deletions
--- a/core/signals.py
+++ b/core/signals.py
@ -53,7 +53,7 @@ def create_wishlist_on_user_creation_signal(instance: User, created: bool, **kwa
@receiver(post_save, sender=User)
 def create_promocode_on_user_referring(instance: User, created: bool, **kwargs: dict[Any, Any]) -> None:
    try:
-        if not instance.attributes:
+        if type(instance.attributes) is not dict:
            instance.attributes = {}
            instance.save()

--- a/core/viewsets.py
+++ b/core/viewsets.py
@ -716,8 +716,8 @@ class OrderViewSet(EvibesViewSet):
    def add_order_product(self, request: Request, *args, **kwargs) -> Response:
        serializer = AddOrderProductSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)
-        order = self.get_object()
        try:
+            order = self.get_object()
            if not (request.user.has_perm("core.add_orderproduct") or request.user == order.user):
                raise PermissionDenied(permission_denied_message)

@ -726,15 +726,17 @@ class OrderViewSet(EvibesViewSet):
                attributes=format_attributes(serializer.validated_data.get("attributes")),
            )
            return Response(status=status.HTTP_200_OK, data=OrderDetailSerializer(order).data)
-        except Order.DoesNotExist:
-            return Response(status=status.HTTP_404_NOT_FOUND)
+        except Order.DoesNotExist as dne:
+            return Response(status=status.HTTP_404_NOT_FOUND, data={"detail": str(dne)})
+        except ValueError as ve:
+            return Response(status=status.HTTP_400_BAD_REQUEST, data={"detail": str(ve)})

    @action(detail=True, methods=["post"], url_path="remove_order_product")
    def remove_order_product(self, request: Request, *args, **kwargs) -> Response:
        serializer = RemoveOrderProductSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)
-        order = self.get_object()
        try:
+            order = self.get_object()
            if not (request.user.has_perm("core.delete_orderproduct") or request.user == order.user):
                raise PermissionDenied(permission_denied_message)

@ -743,8 +745,10 @@ class OrderViewSet(EvibesViewSet):
                attributes=format_attributes(serializer.validated_data.get("attributes")),
            )
            return Response(status=status.HTTP_200_OK, data=OrderDetailSerializer(order).data)
-        except Order.DoesNotExist:
-            return Response(status=status.HTTP_404_NOT_FOUND)
+        except Order.DoesNotExist as dne:
+            return Response(status=status.HTTP_404_NOT_FOUND, data={"detail": str(dne)})
+        except ValueError as ve:
+            return Response(status=status.HTTP_400_BAD_REQUEST, data={"detail": str(ve)})

    @action(detail=True, methods=["post"], url_path="bulk_add_order_products")
    def bulk_add_order_products(self, request: Request, *args, **kwargs) -> Response:
@ -760,15 +764,18 @@ class OrderViewSet(EvibesViewSet):
                products=serializer.validated_data.get("products"),
            )
            return Response(status=status.HTTP_200_OK, data=OrderDetailSerializer(order).data)
-        except Order.DoesNotExist:
-            return Response(status=status.HTTP_404_NOT_FOUND)
+        except Order.DoesNotExist as dne:
+            return Response(status=status.HTTP_404_NOT_FOUND, data={"detail": str(dne)})
+        except ValueError as ve:
+            return Response(status=status.HTTP_400_BAD_REQUEST, data={"detail": str(ve)})
+

    @action(detail=True, methods=["post"], url_path="bulk_remove_order_products")
    def bulk_remove_order_products(self, request: Request, *args, **kwargs) -> Response:
        serializer = BulkRemoveOrderProductsSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)
-        order = self.get_object()
        try:
+            order = self.get_object()
            if not (request.user.has_perm("core.delete_orderproduct") or request.user == order.user):
                raise PermissionDenied(permission_denied_message)

@ -776,8 +783,10 @@ class OrderViewSet(EvibesViewSet):
                products=serializer.validated_data.get("products"),
            )
            return Response(status=status.HTTP_200_OK, data=OrderDetailSerializer(order).data)
-        except Order.DoesNotExist:
-            return Response(status=status.HTTP_404_NOT_FOUND)
+        except Order.DoesNotExist as dne:
+            return Response(status=status.HTTP_404_NOT_FOUND, data={"detail": str(dne)})
+        except ValueError as ve:
+            return Response(status=status.HTTP_400_BAD_REQUEST, data={"detail": str(ve)})


 # noinspection PyUnusedLocal