fix: Add server checks for ticket price

mrsaicharan1 · mrsaicharan1 · commit 1a75ee170589 · 2019-08-15T17:47:28.000+05:30
diff --git a/app/api/tickets.py b/app/api/tickets.py
@@ -20,6 +20,13 @@
 from app.api.helpers.exceptions import ConflictException, MethodNotAllowed, UnprocessableEntity
 from app.api.helpers.db import get_count
 
+
+def validate_ticket_price(data):
+    if data.get('type') != 'free' and int(data.get('price')) <= 0:
+        raise UnprocessableEntity(
+            {'price': data.get('price')}, "Price of a paid/donation ticket must be greater than zero")
+
+
 class TicketListPost(ResourceList):
     """
     Create and List Tickets
@@ -59,6 +66,10 @@ def before_create_object(self, data, view_kwargs):
             if not event.is_payment_enabled():
                 raise UnprocessableEntity(
                     {'event_id': data['event']}, "Event having paid ticket must have a payment method")
+        if data.get('price') and data.get('type'):
+            validate_ticket_price(data)
+        else:
+            raise UnprocessableEntity({}, "Type/price of ticket is missing")
 
     schema = TicketSchema
     methods = ['POST', ]
@@ -182,6 +193,7 @@ def before_update_object(self, ticket, data, view_kwargs):
                 raise UnprocessableEntity(
                     {'event_id': ticket.event.id}, "Event having paid ticket must have a payment method")
 
+        validate_ticket_price(data)
     decorators = (api.has_permission('is_coorganizer', fetch='event_id',
                   fetch_as="event_id", model=Ticket, methods="PATCH,DELETE"),)
     schema = TicketSchema
