From c4b6df350a88f5844445bd63edcef263a5c1dd86 Mon Sep 17 00:00:00 2001
From: Jin Hai <haijin.chn@gmail.com>
Date: Mon, 2 Dec 2024 17:15:19 +0800
Subject: [PATCH] More dataset test cases (#3802)

### What problem does this PR solve?

1. Test not allowed fields of dataset

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
- [x] Other (please describe): Test cases

Signed-off-by: jinhai <haijin.chn@gmail.com>
---
 api/apps/kb_app.py                            |  3 +-
 api/utils/api_utils.py                        | 12 ++++++
 .../test/test_frontend_api/test_dataset.py    | 37 ++++++++++++++++++-
 3 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/api/apps/kb_app.py b/api/apps/kb_app.py
index c8086aa42..e180b5cb5 100644
--- a/api/apps/kb_app.py
+++ b/api/apps/kb_app.py
@@ -21,7 +21,7 @@ from api.db.services.document_service import DocumentService
 from api.db.services.file2document_service import File2DocumentService
 from api.db.services.file_service import FileService
 from api.db.services.user_service import TenantService, UserTenantService
-from api.utils.api_utils import server_error_response, get_data_error_result, validate_request
+from api.utils.api_utils import server_error_response, get_data_error_result, validate_request, not_allowed_parameters
 from api.utils import get_uuid
 from api.db import StatusEnum, FileSource
 from api.db.services.knowledgebase_service import KnowledgebaseService
@@ -70,6 +70,7 @@ def create():
 @manager.route('/update', methods=['post'])
 @login_required
 @validate_request("kb_id", "name", "description", "permission", "parser_id")
+@not_allowed_parameters("id", "tenant_id", "created_by", "create_time", "update_time", "create_date", "update_date", "created_by")
 def update():
     req = request.json
     req["name"] = req["name"].strip()
diff --git a/api/utils/api_utils.py b/api/utils/api_utils.py
index 895df97dd..e20b85d29 100644
--- a/api/utils/api_utils.py
+++ b/api/utils/api_utils.py
@@ -174,6 +174,18 @@ def validate_request(*args, **kwargs):
 
     return wrapper
 
+def not_allowed_parameters(*params):
+    def decorator(f):
+        def wrapper(*args, **kwargs):
+            input_arguments = flask_request.json or flask_request.form.to_dict()
+            for param in params:
+                if param in input_arguments:
+                    return get_json_result(
+                        code=settings.RetCode.ARGUMENT_ERROR, message=f"Parameter {param} isn't allowed")
+            return f(*args, **kwargs)
+        return wrapper
+    return decorator
+
 
 def is_localhost(ip):
     return ip in {'127.0.0.1', '::1', '[::1]', 'localhost'}
diff --git a/sdk/python/test/test_frontend_api/test_dataset.py b/sdk/python/test/test_frontend_api/test_dataset.py
index d4e69c7aa..8de822829 100644
--- a/sdk/python/test/test_frontend_api/test_dataset.py
+++ b/sdk/python/test/test_frontend_api/test_dataset.py
@@ -103,7 +103,7 @@ def test_invalid_name_dataset(get_auth):
     print(res)
 
 
-def test_update_different_params_dataset(get_auth):
+def test_update_different_params_dataset_success(get_auth):
     # create dataset
     res = create_dataset(get_auth, "test_create_dataset")
     assert res.get("code") == 0, f"{res.get('message')}"
@@ -124,7 +124,8 @@ def test_update_different_params_dataset(get_auth):
     print(f"found {len(dataset_list)} datasets")
     dataset_id = dataset_list[0]
 
-    json_req = {"kb_id": dataset_id, "name": "test_update_dataset", "description": "test", "permission": "me", "parser_id": "presentation"}
+    json_req = {"kb_id": dataset_id, "name": "test_update_dataset", "description": "test", "permission": "me", "parser_id": "presentation",
+                "language": "spanish"}
     res = update_dataset(get_auth, json_req)
     assert res.get("code") == 0, f"{res.get('message')}"
 
@@ -134,4 +135,36 @@ def test_update_different_params_dataset(get_auth):
         assert res.get("code") == 0, f"{res.get('message')}"
     print(f"{len(dataset_list)} datasets are deleted")
 
+
 # update dataset with different parameters
+def test_update_different_params_dataset_fail(get_auth):
+    # create dataset
+    res = create_dataset(get_auth, "test_create_dataset")
+    assert res.get("code") == 0, f"{res.get('message')}"
+
+    # list dataset
+    page_number = 1
+    dataset_list = []
+    while True:
+        res = list_dataset(get_auth, page_number)
+        data = res.get("data").get("kbs")
+        for item in data:
+            dataset_id = item.get("id")
+            dataset_list.append(dataset_id)
+        if len(dataset_list) < page_number * 150:
+            break
+        page_number += 1
+
+    print(f"found {len(dataset_list)} datasets")
+    dataset_id = dataset_list[0]
+
+    json_req = {"kb_id": dataset_id, "id": "xxx"}
+    res = update_dataset(get_auth, json_req)
+    assert res.get("code") == 101
+
+    # delete dataset
+    for dataset_id in dataset_list:
+        res = rm_dataset(get_auth, dataset_id)
+        assert res.get("code") == 0, f"{res.get('message')}"
+    print(f"{len(dataset_list)} datasets are deleted")
+