Open
Description
API Issue Report
Title
POST /api/v1/settings/attributes – entity_type accepts empty or invalid values without validation
Description
The /api/v1/settings/attributes endpoint allows the creation of an attribute even when the required field entity_type is passed as an empty string or an invalid value. This results in inconsistent records being saved in the system.
Preconditions
- Endpoint:
POST /api/v1/settings/attributes - Required Field:
entity_type - Issue: API accepts
""(empty) or invalid values for this field
Steps to Reproduce
-
Send a POST request with an invalid or empty
entity_type:curl -X POST 'http://<host>/api/v1/settings/attributes' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <token>' \ -H 'Content-Type: application/json' \ -H 'X-CSRF-TOKEN: <token>' \ -d '{ "code": "sdsdaff", "name": "dsq", "type": "select", "lookup_type": "safd", "entity_type": "", "sort_order": "1", "validation": "", "is_required": "1", "is_unique": "1", "quick_add": "1", "is_user_defined": "1", "option_type": "options" }'
-
Observe the response:
{ "message": "Attribute created successfully.", ... }
Expected Result
- The API should return a
422 Unprocessable Entitystatus. - A validation error should be shown:
{ "errors": { "entity_type": ["The entity type field is required and must contain a valid value."] } }
Actual Result
- Attribute gets created successfully even with empty or invalid
entity_type. - HTTP Status:
200 OK - No validation error is triggered.
Metadata
Metadata
Assignees
Labels
No labels