Open
Description
API Issue Report
Title
POST /api/v1/settings/attributes – lookup_type accepts empty or invalid values without validation
Description
While creating an attribute using the /api/v1/settings/attributes endpoint, the lookup_type field accepts any value, including an empty string or invalid data. This behavior leads to inconsistent data being stored and breaks the expected validation logic.
Preconditions
- Endpoint:
POST /api/v1/settings/attributes - Field under concern:
lookup_type - Payload allows empty or invalid values (e.g.,
"lookup_type": ""or"lookup_type": "xyz")
Steps to Reproduce
-
Send a POST request like:
curl -X POST 'http://<host>/api/v1/settings/attributes' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>' \ -H 'Content-Type: application/json' \ -H 'X-CSRF-TOKEN: <token>' \ -d '{ "code": "sdf", "name": "dsq", "type": "select", "lookup_type": "", "entity_type": "persons", "sort_order": "1", "is_required": "1", "is_unique": "1", "quick_add": "1", "is_user_defined": "1", "option_type": "options" }'
-
Observe that the API still responds with:
{ "message": "Attribute created successfully.", ... }
Expected Result
- API should reject invalid or empty values for
lookup_type. - Response should include a validation error like:
with status code
{ "errors": { "lookup_type": ["The lookup type field is required and must contain a valid value."] } }422 Unprocessable Entity.
Actual Result
- Attribute is created successfully even with empty
lookup_type. - HTTP status:
200 OK - No validation error triggered.
Metadata
Metadata
Assignees
Labels
No labels