fix: Add server checks for ticket price

mrsaicharan1 · mrsaicharan1 · commit a21bb4b98ea2 · 2019-08-15T10:15:19.000+05:30
diff --git a/app/api/tickets.py b/app/api/tickets.py
@@ -20,6 +20,15 @@
 from app.api.helpers.exceptions import ConflictException, MethodNotAllowed, UnprocessableEntity
 from app.api.helpers.db import get_count
 
+
+def validate_ticket_price(data):
+    if not data.get('price') or not data.get('type'):
+        raise UnprocessableEntity({}, "Type/price of ticket is missing")
+    if data.get('type') != 'free' and int(data.get('price')) <= 0:
+        raise UnprocessableEntity(
+            {'price': data.get('price')}, "Price of a paid/donation ticket must be greater than zero")
+
+
 class TicketListPost(ResourceList):
     """
     Create and List Tickets
@@ -59,6 +68,7 @@ def before_create_object(self, data, view_kwargs):
             if not event.is_payment_enabled():
                 raise UnprocessableEntity(
                     {'event_id': data['event']}, "Event having paid ticket must have a payment method")
+        validate_ticket_price(data)
 
     schema = TicketSchema
     methods = ['POST', ]
@@ -181,7 +191,8 @@ def before_update_object(self, ticket, data, view_kwargs):
             if not event.is_payment_enabled():
                 raise UnprocessableEntity(
                     {'event_id': ticket.event.id}, "Event having paid ticket must have a payment method")
-
+        if data:
+            validate_ticket_price(data)
     decorators = (api.has_permission('is_coorganizer', fetch='event_id',
                   fetch_as="event_id", model=Ticket, methods="PATCH,DELETE"),)
     schema = TicketSchema
