From 45b73e4683cce35de79117c5b4a6919556d9644f Mon Sep 17 00:00:00 2001
From: Fabian Mastenbroek <mail.fabianm@gmail.com>
Date: Fri, 2 Jul 2021 14:26:23 +0200
Subject: api: Add stricter validation of input/output data

This change adds stricter validation of data that enters and leaves the
database. As a result, we clearly separate the database model from the
data model that the REST API exports.
---
 opendc-web/opendc-web-api/opendc/api/scenarios.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'opendc-web/opendc-web-api/opendc/api/scenarios.py')

diff --git a/opendc-web/opendc-web-api/opendc/api/scenarios.py b/opendc-web/opendc-web-api/opendc/api/scenarios.py
index b566950a..234bdec1 100644
--- a/opendc-web/opendc-web-api/opendc/api/scenarios.py
+++ b/opendc-web/opendc-web-api/opendc/api/scenarios.py
@@ -38,7 +38,7 @@ class Scenario(Resource):
         scenario = ScenarioModel.from_id(scenario_id)
         scenario.check_exists()
         scenario.check_user_access(current_user['sub'], False)
-        data = scenario.obj
+        data = ScenarioSchema().dump(scenario.obj)
         return {'data': data}
 
     def put(self, scenario_id):
@@ -54,7 +54,7 @@ class Scenario(Resource):
         scenario.set_property('name', result['scenario']['name'])
 
         scenario.update()
-        data = scenario.obj
+        data = ScenarioSchema().dump(scenario.obj)
         return {'data': data}
 
     def delete(self, scenario_id):
@@ -72,7 +72,8 @@ class Scenario(Resource):
         portfolio.update()
 
         old_object = scenario.delete()
-        return {'data': old_object}
+        data = ScenarioSchema().dump(old_object)
+        return {'data': data}
 
     class PutSchema(Schema):
         """
-- 
cgit v1.2.3