From 04581b66b6012ace3291df2d217e382bb58f6815 Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Mon, 20 Nov 2023 07:02:14 +0100
Subject: [PATCH] return 404 when events doesn't exist

---
 core/inventory/api_v1.py           | 38 ++++++++++++++++++------------
 core/inventory/tests/test_items.py |  5 ++++
 2 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/core/inventory/api_v1.py b/core/inventory/api_v1.py
index 6e67df0..cc9d291 100644
--- a/core/inventory/api_v1.py
+++ b/core/inventory/api_v1.py
@@ -96,27 +96,33 @@ class ItemSerializer(serializers.ModelSerializer):
 @permission_classes([])
 @authentication_classes([])
 def search_items(request, event_slug, query):
-    event = Event.objects.get(slug=event_slug)
-    query_tokens = query.split(' ')
-    q = Item.objects.filter(event=event)
-    for token in query_tokens:
-        if token:
-            q = q.filter(description__icontains=token)
-    return Response(ItemSerializer(q, many=True).data)
+    try:
+        event = Event.objects.get(slug=event_slug)
+        query_tokens = query.split(' ')
+        q = Item.objects.filter(event=event)
+        for token in query_tokens:
+            if token:
+                q = q.filter(description__icontains=token)
+        return Response(ItemSerializer(q, many=True).data)
+    except Event.DoesNotExist:
+        return Response(status=404)
 
 
 @api_view(['GET', 'POST'])
 @permission_classes([])
 @authentication_classes([])
 def item(request, event_slug):
-    event = Event.objects.get(slug=event_slug)
-    if request.method == 'GET':
-        return Response(ItemSerializer(Item.objects.filter(event=event), many=True).data)
-    elif request.method == 'POST':
-        validated_data = ItemSerializer(data=request.data)
-        if validated_data.is_valid():
-            validated_data.save(event=event)
-            return Response(validated_data.data, status=201)
+    try:
+        event = Event.objects.get(slug=event_slug)
+        if request.method == 'GET':
+            return Response(ItemSerializer(Item.objects.filter(event=event), many=True).data)
+        elif request.method == 'POST':
+            validated_data = ItemSerializer(data=request.data)
+            if validated_data.is_valid():
+                validated_data.save(event=event)
+                return Response(validated_data.data, status=201)
+    except Event.DoesNotExist:
+        return Response(status=404)
 
 
 @api_view(['GET', 'PUT', 'DELETE'])
@@ -138,6 +144,8 @@ def item_by_id(request, event_slug, id):
             return Response(status=204)
     except Item.DoesNotExist:
         return Response(status=404)
+    except Event.DoesNotExist:
+        return Response(status=404)
 
 
 router = routers.SimpleRouter()
diff --git a/core/inventory/tests/test_items.py b/core/inventory/tests/test_items.py
index 4234a3c..80d9828 100644
--- a/core/inventory/tests/test_items.py
+++ b/core/inventory/tests/test_items.py
@@ -91,3 +91,8 @@ class ItemTestCase(TestCase):
         self.assertEqual(response.status_code, 200)
         self.assertEqual(len(response.json()), 1)
         self.assertEqual(response.json()[0]['itemCount'], 2)
+
+    def test_item_nonexistent(self):
+        response = client.get(f'/api/1/NOEVENT/item/')
+        self.assertEqual(response.status_code, 404)
+