Add tags in issues and attach screenshots in issues (OWASP-BLT#2637)

Sarthak5598 · Aug 13, 2024 · 1f78a68 · 1f78a68
1 parent 5c69420
commit 1f78a68
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 3 deletions.
diff --git a/blt/urls.py b/blt/urls.py
@@ -135,7 +135,9 @@
 
 urlpatterns = [
     path(
-        "api/companies/", CompanyViewSet.as_view({"get": "list", "post": "create"}), name="company"
+        "api/v1/companies/",
+        CompanyViewSet.as_view({"get": "list", "post": "create"}),
+        name="company",
     ),
     path("invite-friend/", website.views.invite_friend, name="invite_friend"),
     path("referral/", website.views.referral_signup, name="referral_signup"),

diff --git a/website/api/views.py b/website/api/views.py
@@ -1,3 +1,4 @@
+import json
 import uuid
 from datetime import datetime
 
@@ -178,6 +179,9 @@ def get_issue_info(self, request, issue):
             is_upvoted = request.user.userprofile.issue_upvoted.filter(id=issue.id).exists()
             is_flagged = request.user.userprofile.issue_flaged.filter(id=issue.id).exists()
 
+        tag_serializer = TagSerializer(issue.tags.all(), many=True)
+        tags = tag_serializer.data
+
         return {
             **IssueSerializer(issue).data,
             "closed_by": issue.closed_by.username if issue.closed_by else None,
@@ -186,6 +190,7 @@ def get_issue_info(self, request, issue):
             "screenshots": screenshots,
             "upvotes": issue.upvoted.count(),
             "upvotted": is_upvoted,
+            "tags": tags,
         }
 
     def list(self, request, *args, **kwargs):
@@ -202,6 +207,26 @@ def retrieve(self, request, pk, *args, **kwargs):
         return Response(self.get_issue_info(request, Issue.objects.filter(id=pk).first()))
 
     def create(self, request, *args, **kwargs):
+        request.data._mutable = True
+
+        # Since the tags field is json encoded we need to decode it
+        tags = None
+        try:
+            if "tags" in request.data:
+                tags_json = request.data.get("tags")
+                if isinstance(tags_json, list):
+                    tags_json = tags_json[0]
+                tags = json.loads(tags_json)
+
+                if isinstance(tags, list) and any(isinstance(i, list) for i in tags):
+                    tags = [item for sublist in tags for item in sublist]
+
+                del request.data["tags"]
+        except (ValueError, MultiValueDictKeyError) as e:
+            return Response({"error": "Invalid tags format."}, status=status.HTTP_400_BAD_REQUEST)
+        finally:
+            request.data._mutable = False
+
         screenshot_count = len(self.request.FILES.getlist("screenshots"))
         if screenshot_count == 0:
             return Response(
@@ -213,14 +238,19 @@ def create(self, request, *args, **kwargs):
         data = super().create(request, *args, **kwargs).data
         issue = Issue.objects.filter(id=data["id"]).first()
 
+        if tags:
+            issue.tags.add(*tags)
+
         for screenshot in self.request.FILES.getlist("screenshots"):
             if image_validator(screenshot):
                 filename = screenshot.name
                 screenshot.name = (
                     f"{filename[:10]}{str(uuid.uuid4())[:40]}.{filename.split('.')[-1]}"
                 )
-                default_storage.save(f"screenshots/{screenshot.name}", screenshot)
-                IssueScreenshot.objects.create(image=f"screenshots/{screenshot.name}")
+                file_path = default_storage.save(f"screenshots/{screenshot.name}", screenshot)
+
+                # Create the IssueScreenshot object and associate it with the issue
+                IssueScreenshot.objects.create(image=file_path, issue=issue)
             else:
                 return Response({"error": "Invalid image"}, status=status.HTTP_400_BAD_REQUEST)
 

diff --git a/website/serializers.py b/website/serializers.py
@@ -9,6 +9,7 @@
     Hunt,
     HuntPrize,
     Issue,
+    IssueScreenshot,
     Points,
     Project,
     Tag,
@@ -76,12 +77,19 @@ class Meta:
         fields = "__all__"
 
 
+class IssueScreenshotSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = IssueScreenshot
+        fields = "__all__"
+
+
 class IssueSerializer(serializers.ModelSerializer):
     """
     Serializer for Issue Model
     """
 
     user = UserSerializer(read_only=True)
+    screenshots = IssueScreenshotSerializer(many=True, required=False)
 
     class Meta:
         model = Issue