Let Pydantic validate bulk responses delete data

1 files changed, 8 insertions, 4 deletions

diff --git a/backend/routes/forms/responses.py b/backend/routes/forms/responses.py
index baab856..f3c4cd7 100644
--- a/backend/routes/forms/responses.py
+++ b/backend/routes/forms/responses.py
@@ -1,6 +1,7 @@
 """
 Returns all form responses by form ID.
 """
+from pydantic import BaseModel
 from spectree import Response
 from starlette.authentication import requires
 from starlette.requests import Request
@@ -11,6 +12,10 @@ from backend.route import Route
 from backend.validation import api, ErrorMessage, OkayResponse
 
 
+class ResponseIdList(BaseModel):
+    ids: list[str]
+
+
 class Responses(Route):
     """
     Returns all form responses by form ID.
@@ -41,6 +46,7 @@ class Responses(Route):
 
     @requires(["authenticated", "admin"])
     @api.validate(
+        json=ResponseIdList,
         resp=Response(
             HTTP_200=OkayResponse,
             HTTP_404=ErrorMessage,
@@ -56,12 +62,10 @@ class Responses(Route):
             return JSONResponse({"error": "not_found"}, status_code=404)
 
         data = await request.json()
-
-        if "ids" not in data:
-            return JSONResponse({"error": "ids_not_provided"}, status_code=400)
+        response_ids = ResponseIdList(**data)
 
         # Convert IDs to set to remove duplicates
-        ids = set(data["ids"])
+        ids = set(response_ids.ids)
 
         cursor = request.state.db.responses.find(
             {"_id": {"$in": list(ids)}}  # Convert here back to list, may throw error.