Add unit tests for product service#95
Conversation
- Defined Product dataclass model in core/models - Implemented InMemoryProductRepository with save, find, list, delete - Added ProductService with create, read, update, delete and input validation - Added product_handler HTTP adapter with correct HTTP status codes - Wired up URL routes for /products/ and /products/<id>/ - Tested all endpoints via Postman including validation failure cases
…gine - Added docker-compose.yml to run MongoDB in a container - Defined ProductDocument MongoEngine model in adapters/repositories - Implemented MongoProductRepository with domain model mapper - Connected Django settings to MongoDB via mongoengine.connect - Swapped InMemoryProductRepository for MongoProductRepository in handler - Verified data persistence across server restarts via Compass
…lidation - Added ProductCategory domain model, MongoEngine document and repository - Added ProductCategoryService with full CRUD and validation - Updated ProductDocument with ReferenceField to ProductCategoryDocument - Added find_by_category to MongoProductRepository - Added assign/remove category endpoints on products - Made brand a required field with validation - Added bulk CSV product creation endpoint POST /products/bulk/ - Added migration script to backfill brand on existing products
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 4 potential issues.
Bugbot Autofix is ON, but it could not run because the branch was deleted or merged before autofix could start.
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit c83f775. Configure here.
| db='interneers_lab_2026_mongodb', | ||
| host='localhost', | ||
| port=27017 | ||
| ) |
There was a problem hiding this comment.
mongoengine.connect ignores configured auth credentials
High Severity
The mongoengine.connect() call hardcodes host='localhost' and port=27017 without any authentication, while the MongoClient on lines 85–87 properly uses MONGO_USER, MONGO_PASS, MONGO_HOST, and MONGO_PORT from environment variables with auth. Since mongoengine is the ORM layer used by all repository code, this connection will fail against the Docker MongoDB instance which requires authentication (MONGO_INITDB_ROOT_USERNAME/MONGO_INITDB_ROOT_PASSWORD in docker-compose.yaml). The CLIENT MongoClient variable is also unused anywhere in the codebase.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit c83f775. Configure here.
| if product_id in self._store: | ||
| del self._store[product_id] | ||
| return True | ||
| return False No newline at end of file |
There was a problem hiding this comment.
InMemoryProductRepository missing find_by_category method
Low Severity
InMemoryProductRepository doesn't implement find_by_category, which ProductService.get_products_by_category calls on the repository. While the in-memory repo is currently commented out in the handler in favor of MongoProductRepository, it's still imported and would raise an AttributeError if swapped back in as intended by the dependency injection pattern.
Reviewed by Cursor Bugbot for commit c83f775. Configure here.
| # Wire up once (in real apps this is done via dependency injection) | ||
| # repository = InMemoryProductRepository() | ||
| repository = MongoProductRepository() | ||
| service = ProductService(repository) |
There was a problem hiding this comment.
Handler omits category_repository, silently skipping category validation
High Severity
ProductService(repository) is instantiated without a category_repository, so self.category_repository is None. This causes the if category_id and self.category_repository: guard in create_product and the if self.category_repository: guard in assign_category to silently skip all category existence checks. The product_category_assign endpoint accepts any arbitrary category_id without validation, allowing products to reference nonexistent categories.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit c83f775. Configure here.
| if product.category_id: | ||
| category_doc = ProductCategoryDocument.objects( | ||
| id=ObjectId(product.category_id) | ||
| ).first() |
There was a problem hiding this comment.
Unsafe ObjectId conversion crashes on invalid category IDs
Medium Severity
MongoProductRepository.save calls ObjectId(product.category_id) directly without exception handling. If category_id is not a valid ObjectId string, this raises an unhandled InvalidId exception. The safe _to_object_id helper exists in the same class and is used elsewhere (e.g., find_by_category), but is not used here. Combined with the missing category validation in the handler, user-supplied invalid category IDs reach this code and cause a 500 error.
Reviewed by Cursor Bugbot for commit c83f775. Configure here.
1 participant
Note
Cursor Bugbot is generating a summary for commit c83f775. Configure here.