Week 5 testing and automation#88
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 5 potential issues.
Bugbot Autofix is ON, but it could not run because the branch was deleted or merged before autofix could start.
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 7631ef5. Configure here.
| incoming_data = request.data | ||
|
|
||
| updated_product = product_service.update_product(product_id, incoming_data) | ||
| if "error" in updated_product: |
There was a problem hiding this comment.
Null check order causes crash on missing product
High Severity
When update_product can't find the product, the service returns None (from the repository). The view then evaluates if "error" in updated_product before checking for None. The in operator on None raises a TypeError, so any update request targeting a non-existent product will crash with a 500 error instead of returning a 404.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 7631ef5. Configure here.
| def category_products_controller(request, category_id): | ||
| if request.method == 'GET': | ||
| products = product_service.get_products_by_category(category_id=category_id) | ||
| products_json = json.loads(products.to_json()) |
There was a problem hiding this comment.
Missing null check crashes category products endpoint
High Severity
product_service.get_products_by_category() returns None when the category doesn't exist. The view immediately calls products.to_json() on the result without a null check, causing an AttributeError crash. Requesting products for any non-existent category ID will produce a 500 error instead of a meaningful response.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 7631ef5. Configure here.
| def validate_name(self,value): | ||
| if len(value)<3: | ||
| raise serializers.ValidationError("Product name must be at least 3 characters long.") | ||
| return value No newline at end of file |
There was a problem hiding this comment.
Validator method misplaced inside Meta inner class
Medium Severity
The validate_name method is defined inside the Meta inner class instead of on the ProductSerializer class itself. Django REST Framework only discovers validate_<field> methods as field-level validators when they are direct methods of the serializer. Placed inside Meta, this validation will silently never run.
Reviewed by Cursor Bugbot for commit 7631ef5. Configure here.
| quantity = IntField(required=True, min_value=0) | ||
|
|
||
|
|
||
| category = ReferenceField(ProductCategory, reverse_delete_rule=4) |
There was a problem hiding this comment.
Wrong delete rule constant for single ReferenceField
Medium Severity
reverse_delete_rule=4 corresponds to PULL, which is designed exclusively for ListField(ReferenceField(...)) — it uses MongoDB's $pull array operator. On a single ReferenceField, this operation silently does nothing when a ProductCategory is deleted, leaving dangling references in Product documents. The likely intended value was DENY (3) or NULLIFY (1). Using the named constant (e.g., mongoengine.DENY) instead of a magic number would also prevent this kind of mistake.
Reviewed by Cursor Bugbot for commit 7631ef5. Configure here.
| if request.method == 'GET': | ||
| products = product_service.get_products_by_category(category_id=category_id) | ||
| products_json = json.loads(products.to_json()) | ||
| print(category_id) |
There was a problem hiding this comment.
Debug print statement left in production view
Low Severity
A print(category_id) debugging statement is left in category_products_controller. This will write to stdout on every request to the category-products endpoint, polluting server logs with debug output.
Reviewed by Cursor Bugbot for commit 7631ef5. Configure here.
1 participant
Note
Medium Risk
Introduces a new REST API backed by MongoDB (via
mongoengine) and changes Django’s default DB to an in-memory SQLite URI, which can affect runtime behavior and test/dev stability. Also adds startup seeding and data-migration scripts that modify persisted product data.Overview
Adds a new
productsDjango app and wires it into the project (rest_framework+productsinINSTALLED_APPS,/api/routing viaproducts.urls).Implements MongoDB-backed
Product/ProductCategorymodels (viamongoengine) with repository/service layers and REST endpoints for listing/creating products and categories, filtering products, updating products, listing products by category, and bulk CSV upload.Updates settings to use an in-memory SQLite default DB and to connect to MongoDB at startup, and adds automation/tests: unit tests for the service layer, an integration test hitting
/api/products/, arun_tests.shcoverage runner, plus standalone scripts to backfill missingbrand/categoryvalues in existing product records.Reviewed by Cursor Bugbot for commit 7631ef5. Configure here.