fix: issue 1469 error in filters (#1541)

duynguyenhoang · Duy Nguyen · dpgaspar · web-flow · commit 9065a9ffe32b · 2021-02-17T14:03:15.000Z
Co-authored-by: Duy Nguyen &lt;duy.nguyenhoang@global-fashion-group.com&gt;
Co-authored-by: Daniel Vaz Gaspar &lt;danielvazgaspar@gmail.com&gt;
diff --git a/examples/extendsecurity/__init__.py b/examples/extendsecurity/__init__.py
diff --git a/flask_appbuilder/models/filters.py b/flask_appbuilder/models/filters.py
@@ -175,7 +175,10 @@ def _add_filter(self, filter_instance, value):
     def add_filter_index(
         self, column_name: str, filter_instance_index: int, value: Any
     ):
-        self._add_filter(self._all_filters[column_name][filter_instance_index], value)
+        if column_name in self._all_filters.keys():
+            self._add_filter(
+                self._all_filters[column_name][filter_instance_index], value
+            )
 
     def rest_add_filters(self, data: List[Dict]) -> None:
         """
diff --git a/flask_appbuilder/models/sqla/filters.py b/flask_appbuilder/models/sqla/filters.py
@@ -146,6 +146,7 @@ class FilterNotEqual(BaseFilter):
     def apply(self, query, value):
         query, field = get_field_setup_query(query, self.model, self.column_name)
         value = set_value_to_type(self.datamodel, self.column_name, value)
+
         return query.filter(field != value)
 
 
@@ -156,6 +157,10 @@ class FilterGreater(BaseFilter):
     def apply(self, query, value):
         query, field = get_field_setup_query(query, self.model, self.column_name)
         value = set_value_to_type(self.datamodel, self.column_name, value)
+
+        if value is None:
+            return query
+
         return query.filter(field > value)
 
 
@@ -166,6 +171,10 @@ class FilterSmaller(BaseFilter):
     def apply(self, query, value):
         query, field = get_field_setup_query(query, self.model, self.column_name)
         value = set_value_to_type(self.datamodel, self.column_name, value)
+
+        if value is None:
+            return query
+
         return query.filter(field < value)
 
 
@@ -193,15 +202,33 @@ class FilterRelationManyToManyEqual(FilterRelation):
     name = lazy_gettext("Relation as Many")
     arg_name = "rel_m_m"
 
+    def apply_item(self, query, field, value_item):
+        """
+        Get object by column_name and value_item, then apply filter if object exists
+        Query with new filter applied
+        """
+        rel_obj = self.datamodel.get_related_obj(self.column_name, value_item)
+
+        if rel_obj:
+            return query.filter(field.contains(rel_obj))
+        else:
+            log.error(
+                "Related object for column: %s, value: %s return Null",
+                self.column_name,
+                value_item,
+            )
+
+        return query
+
     def apply(self, query, value):
         query, field = get_field_setup_query(query, self.model, self.column_name)
+
         if isinstance(value, list):
             for value_item in value:
-                rel_obj = self.datamodel.get_related_obj(self.column_name, value_item)
-                query = query.filter(field.contains(rel_obj))
+                query = self.apply_item(query, field, value_item)
             return query
-        rel_obj = self.datamodel.get_related_obj(self.column_name, value)
-        return query.filter(field.contains(rel_obj))
+
+        return self.apply_item(query, field, value)
 
 
 class FilterEqualFunction(BaseFilter):
diff --git a/flask_appbuilder/tests/test_mvc.py b/flask_appbuilder/tests/test_mvc.py
@@ -126,6 +126,44 @@ def get_registered_view_endpoints(self, view_name) -> Set:
         }
 
 
+class ListFilterTestCase(BaseMVCTestCase):
+    def test_list_filter_in_valid_object(self):
+        """
+        MVC: Test Filter with related object not found
+        """
+        with self.app.test_client() as c:
+            self.browser_login(c, USERNAME_ADMIN, PASSWORD_ADMIN)
+
+            # Roles doesn't exists
+            rv = c.get("/users/list/?_flt_0_roles=-1")
+            self.assertEqual(rv.status_code, 200)
+
+    def test_list_filter_unknow_column(self):
+        """
+        MVC: Test Filter with unknown field
+        """
+        with self.app.test_client() as c:
+            self.browser_login(c, USERNAME_ADMIN, PASSWORD_ADMIN)
+            # UNKNOWN_COLUMN is not a valid column
+            rv = c.get("/users/list/?_flt_0_UNKNOWN_COLUMN=-1")
+            self.assertEqual(rv.status_code, 200)
+
+    def test_list_filter_invalid_value_format(self):
+        """
+        MVC: Test Filter with invalid value of date filter
+        """
+        with self.app.test_client() as c:
+            self.browser_login(c, USERNAME_ADMIN, PASSWORD_ADMIN)
+
+            #  Greater than wrong value
+            rv = c.get("/users/list/?_flt_1_created_on=wrongvalue")
+            self.assertEqual(rv.status_code, 200)
+
+            #  Smaller than wrong value
+            rv = c.get("/users/list/?_flt_2_created_on=wrongvalue")
+            self.assertEqual(rv.status_code, 200)
+
+
 class MVCCSRFTestCase(BaseMVCTestCase):
     def setUp(self):
 
