Address review: tighten _require_io_setting docstring, add lookup_value=None test

Author: JSv4

config/graphql/base.py

@@ -23,21 +23,9 @@
 
 
 def _require_io_setting(mutation_cls: type, name: str) -> Any:
-    """Return ``cls.IOSettings.<name>``; raise if it is missing or ``None``.
-
-    ``IOSettings`` is config-by-subclassing — concrete ``DRFMutation`` /
-    ``DRFDeletion`` subclasses are expected to override ``model``,
-    ``serializer`` and ``graphene_model``. Without this guard, a subclass
-    that forgets one of those surfaces as a late ``AttributeError`` /
-    ``TypeError`` inside ``mutate()``, which gets swallowed by the broad
-    ``except Exception`` and reported to the user as a generic
-    "internal error". Failing fast with a clear message here makes the
-    misconfiguration obvious at mutation-invocation time.
-    """
+    """Raise ``NotImplementedError`` if ``cls.IOSettings.<name>`` is missing or ``None``."""
     io_settings = getattr(mutation_cls, "IOSettings", None)
-    value = (
-        getattr(io_settings, name, None) if io_settings is not None else None
-    )
+    value = getattr(io_settings, name, None) if io_settings is not None else None
     if value is None:
         raise NotImplementedError(
             f"{mutation_cls.__name__}.IOSettings.{name} must be set by the "
@@ -222,8 +210,7 @@ def mutate(cls, root, info, *args, **kwargs):
                         raw_value = kwargs[pk_field]
                         if isinstance(raw_value, list):
                             kwargs[pk_field] = [
-                                from_global_id(global_id)[1]
-                                for global_id in raw_value
+                                from_global_id(global_id)[1] for global_id in raw_value
                             ]
                         else:
                             logger.info(f"pk field is: {raw_value}")

opencontractserver/tests/test_security_hardening.py

@@ -1208,14 +1208,12 @@ def test_validation_error_list_format(self):
 
 
 # ---------------------------------------------------------------------------
-# DRFMutation / DRFDeletion IOSettings misconfiguration guard (issue #1360)
+# DRFMutation / DRFDeletion IOSettings misconfiguration guard
 # ---------------------------------------------------------------------------
 
 
 class TestIOSettingsRequiredFieldsGuard(TestCase):
-    """Subclasses that forget to configure IOSettings should fail with a
-    clear ``NotImplementedError`` rather than a late ``AttributeError`` /
-    ``TypeError`` that pretends to be a generic "internal error"."""
+    """Misconfigured IOSettings must raise ``NotImplementedError`` at mutation time."""
 
     def test_require_io_setting_raises_when_io_settings_missing(self):
         from config.graphql.base import _require_io_setting
@@ -1229,8 +1227,7 @@ class MisconfiguredMutation:
         self.assertIn("model", str(ctx.exception))
 
     def test_require_io_setting_raises_when_attribute_none(self):
-        """Mirrors the inherited ``IOSettings`` on ``DRFMutation`` where
-        ``model``/``serializer``/``graphene_model`` default to ``None``."""
+        """Each of model/serializer/graphene_model must independently fail when ``None``."""
         from config.graphql.base import _require_io_setting
 
         class MisconfiguredMutation:
@@ -1255,13 +1252,28 @@ class IOSettings:
         self.assertIs(_require_io_setting(ConfiguredMutation, "model"), Corpus)
 
     def test_base_iosettings_defaults_are_none_on_mutation(self):
-        """Regression guard: the base ``DRFMutation.IOSettings`` exposes
-        ``model`` / ``graphene_model`` / ``serializer`` as ``None`` so the
-        runtime guard can detect a missing override. ``DRFDeletion`` now
-        declares ``model`` the same way (previously not declared at all)."""
+        """Base ``IOSettings`` must default to ``None`` so the runtime guard can fire."""
         from config.graphql.base import DRFDeletion, DRFMutation
 
         self.assertIsNone(DRFMutation.IOSettings.model)
         self.assertIsNone(DRFMutation.IOSettings.serializer)
         self.assertIsNone(DRFMutation.IOSettings.graphene_model)
         self.assertIsNone(DRFDeletion.IOSettings.model)
+
+    def test_drf_deletion_mutate_raises_when_lookup_value_missing(self):
+        """``DRFDeletion.mutate`` must raise ``ValueError`` when the lookup arg is omitted."""
+        from unittest.mock import MagicMock
+
+        from config.graphql.base import DRFDeletion
+
+        class _DeleteCorpus(DRFDeletion):
+            class IOSettings(DRFDeletion.IOSettings):
+                model = Corpus
+                lookup_field = "id"
+
+        info = MagicMock()
+        info.context.user = MagicMock(is_authenticated=True)
+
+        with self.assertRaises(ValueError) as ctx:
+            _DeleteCorpus.mutate(None, info)
+        self.assertIn("id", str(ctx.exception))