fix: Add server checks for ticket price

mrsaicharan1 · mrsaicharan1 · commit aa0359bb5842 · 2019-08-05T15:12:50.000+05:30
diff --git a/app/api/tickets.py b/app/api/tickets.py
@@ -20,6 +20,13 @@
 from app.api.helpers.exceptions import ConflictException, MethodNotAllowed, UnprocessableEntity
 from app.api.helpers.db import get_count
 
+
+def validate_ticket_price(ticket_type, price):
+    if ticket_type != 'free' and int(price) <= 0:
+        raise UnprocessableEntity(
+            {'price': price}, "Price of a paid/donation ticket must be greater than zero")
+
+
 class TicketListPost(ResourceList):
     """
     Create and List Tickets
@@ -59,6 +66,7 @@ def before_create_object(self, data, view_kwargs):
             if not event.is_payment_enabled():
                 raise UnprocessableEntity(
                     {'event_id': data['event']}, "Event having paid ticket must have a payment method")
+        validate_ticket_price(data.get('type'), data.get('price'))
 
     schema = TicketSchema
     methods = ['POST', ]
@@ -181,6 +189,8 @@ def before_update_object(self, ticket, data, view_kwargs):
             if not event.is_payment_enabled():
                 raise UnprocessableEntity(
                     {'event_id': ticket.event.id}, "Event having paid ticket must have a payment method")
+        if data.get('price') and data.get('type'):
+            validate_ticket_price(data.get('type'), data.get('price'))
 
     decorators = (api.has_permission('is_coorganizer', fetch='event_id',
                   fetch_as="event_id", model=Ticket, methods="PATCH,DELETE"),)
